urlscan.io logo urlscan.io
SecurityTrails logo

www.newsobserver.com Open in urlscan Pro
104.111.219.128  Public Scan

Go To Rescan Add Verdict Report
URL: https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
Submission: On February 25 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 118 IPs in 11 countries across 80 domains to perform 299 HTTP transactions. The main IP is 104.111.219.128, located in Frankfurt am Main, Germany and belongs to AKAMAI-AS, US. The main domain is www.newsobserver.com. The Cisco Umbrella rank of the primary domain is 80703.
TLS certificate: Issued by DigiCert SHA2 Secure Server CA on January 14th 2022. Valid for: a year.
This is the only time www.newsobserver.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
37 104.111.219.128 16625 (AKAMAI-AS)
4 2a00:1450:400... 15169 (GOOGLE)
4 2a03:2880:f02... 32934 (FACEBOOK)
4 2a00:1450:400... 15169 (GOOGLE)
2 34.206.8.217 14618 (AMAZON-AES)
1 15.188.95.229 16509 (AMAZON-02)
9 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 143.204.98.56 16509 (AMAZON-02)
3 3 54.154.165.122 16509 (AMAZON-02)
1 3 34.253.74.200 16509 (AMAZON-02)
7 9 142.250.185.130 15169 (GOOGLE)
9 17 151.101.194.49 54113 (FASTLY)
1 2 185.94.180.126 35220 (SPOTX-AMS)
3 13.36.218.177 16509 (AMAZON-02)
1 143.204.98.119 16509 (AMAZON-02)
1 2a02:2638::3 44788 (ASN-CRITE...)
2 2.18.234.21 16625 (AKAMAI-AS)
3 2.18.233.180 16625 (AKAMAI-AS)
1 143.204.98.115 16509 (AMAZON-02)
9 142.250.184.226 15169 (GOOGLE)
1 143.204.98.32 16509 (AMAZON-02)
5 143.204.95.188 16509 (AMAZON-02)
3 205.185.216.42 20446 (HIGHWINDS3)
2 143.204.98.124 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
1 199.232.194.217 54113 (FASTLY)
1 2606:4700:10:... 13335 (CLOUDFLAR...)
1 143.204.98.16 16509 (AMAZON-02)
1 2600:9000:215... 16509 (AMAZON-02)
1 2600:9000:215... 16509 (AMAZON-02)
2 151.101.65.194 54113 (FASTLY)
2 4 52.223.40.198 16509 (AMAZON-02)
1 18.204.184.124 14618 (AMAZON-AES)
2 34.120.133.55 15169 (GOOGLE)
1 3 151.101.2.137 54113 (FASTLY)
1 143.204.103.127 16509 (AMAZON-02)
1 2.18.234.163 16625 (AKAMAI-AS)
1 3 143.204.98.125 16509 (AMAZON-02)
3 104.111.234.92 16625 (AKAMAI-AS)
12 2a00:1450:400... 15169 (GOOGLE)
1 2 107.178.250.234 15169 (GOOGLE)
4 35.157.101.119 16509 (AMAZON-02)
1 143.204.98.54 16509 (AMAZON-02)
1 198.47.127.19 3257 (GTT-BACKB...)
2 4 185.33.220.240 29990 (ASN-APPNEX)
4 178.250.2.131 44788 (ASN-CRITE...)
2 184.31.84.150 16625 (AKAMAI-AS)
2 34.98.64.218 15169 (GOOGLE)
2 185.64.189.112 62713 (AS-PUBMATIC)
2 2602:803:c003... 26667 (RUBICONPR...)
2 3.123.205.63 16509 (AMAZON-02)
1 52.205.167.202 14618 (AMAZON-AES)
8 3.92.67.221 14618 (AMAZON-AES)
2 3.236.169.120 14618 (AMAZON-AES)
3 54.80.118.188 14618 (AMAZON-AES)
4 5 37.157.3.30 198622 (ADFORM)
1 178.250.0.163 44788 (ASN-CRITE...)
2 2 213.155.156.164 1299 (TWELVE99 ...)
4 185.64.190.80 62713 (AS-PUBMATIC)
3 4 185.29.132.245 30419 (MEDIAMATH...)
4 185.64.189.110 62713 (AS-PUBMATIC)
1 1 85.114.159.93 24961 (MYLOC-AS ...)
1 198.47.127.20 62713 (AS-PUBMATIC)
3 3 51.222.80.231 16276 (OVH)
2 2 34.254.143.3 16509 (AMAZON-02)
2 2 52.30.14.23 16509 (AMAZON-02)
1 2 2606:4700:10:... 13335 (CLOUDFLAR...)
1 159.122.14.34 36351 (SOFTLAYER)
5 178.250.2.83 44788 (ASN-CRITE...)
1 18.216.183.199 16509 (AMAZON-02)
11 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 52.20.78.240 14618 (AMAZON-AES)
1 2 2a02:2638::1c 44788 (ASN-CRITE...)
2 6 76.223.111.18 16509 (AMAZON-02)
2 2600:9000:215... 16509 (AMAZON-02)
1 8 2a00:1450:400... 15169 (GOOGLE)
1 108.128.26.6 16509 (AMAZON-02)
4 34.193.254.175 14618 (AMAZON-AES)
1 2620:116:800d... 16509 (AMAZON-02)
2 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
4 138.201.63.149 24940 (HETZNER-AS)
1 2 185.29.134.245 30419 (MEDIAMATH...)
1 2.18.233.201 16625 (AKAMAI-AS)
1 151.101.65.108 54113 (FASTLY)
3 185.33.221.52 29990 (ASN-APPNEX)
1 3.127.86.46 16509 (AMAZON-02)
2 143.204.98.59 16509 (AMAZON-02)
1 1 34.102.163.6 15169 (GOOGLE)
1 2620:1ec:21::14 8068 (MICROSOFT...)
1 1 2a05:d018:d29... 16509 (AMAZON-02)
1 2620:1ec:c11:... 8068 (MICROSOFT...)
1 2 209.54.180.3 16509 (AMAZON-02)
6 7 3.124.34.143 16509 (AMAZON-02)
1 1 50.31.142.31 23352 (SERVERCEN...)
1 3 52.215.248.120 16509 (AMAZON-02)
3 2600:9000:215... 16509 (AMAZON-02)
1 178.250.2.146 44788 (ASN-CRITE...)
1 2600:9000:215... 16509 (AMAZON-02)
1 4 144.76.104.53 24940 (HETZNER-AS)
1 2a00:1450:400... 15169 (GOOGLE)
1 1 2600:1f18:730... 14618 (AMAZON-AES)
1 3.224.47.34 14618 (AMAZON-AES)
2 2 52.215.92.65 16509 (AMAZON-02)
2 2 18.192.85.110 16509 (AMAZON-02)
1 1 141.226.228.48 200478 (TABOOLA-AS)
3 2a03:2880:f12... 32934 (FACEBOOK)
1 2620:116:800b... 14618 (AMAZON-AES)
1 2a00:1450:400... 15169 (GOOGLE)
3 44.240.106.223 16509 (AMAZON-02)
2 2a00:1450:400... 15169 (GOOGLE)
2 2 145.239.193.130 16276 (OVH)
1 88.198.250.30 24940 (HETZNER-AS)
1 2a0b:4d07:101::1 44239 (PROINITY ...)
2 46.236.13.147 12703 (PULSANT-AS)
1 2 142.250.185.166 15169 (GOOGLE)
1 54.76.176.197 16509 (AMAZON-02)
1 104.111.239.217 16625 (AKAMAI-AS)
1 2a00:1450:400... 15169 (GOOGLE)
1 143.204.98.117 16509 (AMAZON-02)
3 6 107.22.240.229 14618 (AMAZON-AES)
1 2600:9000:215... 16509 (AMAZON-02)
1 185.64.190.81 62713 (AS-PUBMATIC)
3 2600:1f18:444... 14618 (AMAZON-AES)
1 2 104.111.215.191 16625 (AKAMAI-AS)
1 2a04:4e42:400... 54113 (FASTLY)
2 54.72.0.164 16509 (AMAZON-02)
2 52.59.187.13 ()
299 118
37    104.111.219.128 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-219-128.deploy.static.akamaitechnologies.com
www.newsobserver.com
4    2a00:1450:4001:82b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
4    2a03:2880:f02d:12:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
connect.facebook.net
4    2a00:1450:4001:82b::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
2    34.206.8.217 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-206-8-217.compute-1.amazonaws.com
trinitymedia.ai
1    15.188.95.229 (Paris, France)

ASN16509 (AMAZON-02, US)
PTR: ec2-15-188-95-229.eu-west-3.compute.amazonaws.com
adobedc.demdex.net
9    2a00:1450:4001:803::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
1    2a00:1450:4001:811::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.gstatic.com
1    143.204.98.56 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-56.fra50.r.cloudfront.net
mcclatchy-newsobserver.zeustechnology.com
3    54.154.165.122 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-154-165-122.eu-west-1.compute.amazonaws.com
cm.everesttech.net
3    34.253.74.200 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-253-74-200.eu-west-1.compute.amazonaws.com
dpm.demdex.net
9    142.250.185.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f2.1e100.net
cm.g.doubleclick.net
17    151.101.194.49 (United States)

ASN54113 (FASTLY, US)
sync-tm.everesttech.net
lasteventf-tm.everesttech.net
2    185.94.180.126 (Amsterdam, Netherlands)

ASN35220 (SPOTX-AMS, US)
sync.search.spotxchange.com
3    13.36.218.177 (Paris, France)

ASN16509 (AMAZON-02, US)
PTR: ec2-13-36-218-177.eu-west-3.compute.amazonaws.com
edge.adobedc.net
1    143.204.98.119 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-119.fra50.r.cloudfront.net
check.analytics.rlcdn.com
1    2a02:2638::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
static.criteo.net
2    2.18.234.21 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com
js-sec.indexww.com
as-sec.casalemedia.com
3    2.18.233.180 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-233-180.deploy.static.akamaitechnologies.com
ads.pubmatic.com
1    143.204.98.115 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-115.fra50.r.cloudfront.net
ib.3lift.com
9    142.250.184.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f2.1e100.net
securepubads.g.doubleclick.net
1    143.204.98.32 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-32.fra50.r.cloudfront.net
sponsorship-lines.zeustechnology.com
5    143.204.95.188 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-95-188.fra50.r.cloudfront.net
c.amazon-adsystem.com
3    205.185.216.42 (United States)

ASN20446 (HIGHWINDS3, US)
PTR: map2.hwcdn.net
vd.trinitymedia.ai
2    143.204.98.124 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-124.fra50.r.cloudfront.net
mcclatchy-newsobserver.cdn.zephr.com
1    2a00:1450:4001:80e::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
imasdk.googleapis.com
1    199.232.194.217 (United States)

ASN54113 (FASTLY, US)
static.scroll.com
1    2606:4700:10::6814:b944 (United States)

ASN13335 (CLOUDFLARENET, US)
geolocation.onetrust.com
1    143.204.98.16 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-16.fra50.r.cloudfront.net
ats.rlcdn.com
1    2600:9000:2156:e400:11:b309:9100:21 (United States)

ASN16509 (AMAZON-02, US)
d15kdpgjg3unno.cloudfront.net
1    2600:9000:2156:5600:5:82fd:2500:21 (United States)

ASN16509 (AMAZON-02, US)
dyv1bugovvq1g.cloudfront.net
2    151.101.65.194 (United States)

ASN54113 (FASTLY, US)
confiant-integrations.global.ssl.fastly.net
4    52.223.40.198 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com
match.adsrvr.org
1    18.204.184.124 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-204-184-124.compute-1.amazonaws.com
idx.liadm.com
2    34.120.133.55 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 55.133.120.34.bc.googleusercontent.com
api.rlcdn.com
3    151.101.2.137 (United States)

ASN54113 (FASTLY, US)
cd.connatix.com
cds.connatix.com
1    143.204.103.127 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-103-127.fra50.r.cloudfront.net
cdn.parsely.com
1    2.18.234.163 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-163.deploy.static.akamaitechnologies.com
s.ntv.io
3    143.204.98.125 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-125.fra50.r.cloudfront.net
sb.scorecardresearch.com
3    104.111.234.92 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-234-92.deploy.static.akamaitechnologies.com
www.everestjs.net
12    2a00:1450:4001:80f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fundingchoicesmessages.google.com
2    107.178.250.234 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 234.250.178.107.bc.googleusercontent.com
js.matheranalytics.com
4    35.157.101.119 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-157-101-119.eu-central-1.compute.amazonaws.com
depart.trinitymedia.ai
1    143.204.98.54 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-54.fra50.r.cloudfront.net
geo.privacymanager.io
1    198.47.127.19 (United States)

ASN3257 (GTT-BACKBONE GTT, US)
image6.pubmatic.com
4    185.33.220.240 (Amsterdam, Netherlands)

ASN29990 (ASN-APPNEX, US)
PTR: 717.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
ib.adnxs.com
4    178.250.2.131 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
PTR: bidder.am5.vip.prod.criteo.com
bidder.criteo.com
2    184.31.84.150 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-31-84-150.deploy.static.akamaitechnologies.com
htlb.casalemedia.com
2    34.98.64.218 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 218.64.98.34.bc.googleusercontent.com
mcclatchy-d.openx.net
2    185.64.189.112 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)
hbopenbid.pubmatic.com
2    2602:803:c003:200::61 (Amsterdam, Netherlands)

ASN26667 (RUBICONPROJECT, US)
fastlane.rubiconproject.com
2    3.123.205.63 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-123-205-63.eu-central-1.compute.amazonaws.com
tlx.3lift.com
1    52.205.167.202 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-205-167-202.compute-1.amazonaws.com
p1.parsely.com
8    3.92.67.221 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-92-67-221.compute-1.amazonaws.com
jadserve.postrelease.com
2    3.236.169.120 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-236-169-120.compute-1.amazonaws.com
sqs.us-east-1.amazonaws.com
3    54.80.118.188 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-80-118-188.compute-1.amazonaws.com
www.i.matheranalytics.com
5    37.157.3.30 (Denmark)

ASN198622 (ADFORM, DK)
c1.adform.net
1    178.250.0.163 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
dis.criteo.com
2    213.155.156.164 (Sweden)

ASN1299 (TWELVE99 Twelve99, Telia Carrier, SE)
PTR: 213-155-156-164.teliacarrier-cust.com
d5p.de17a.com
4    185.64.190.80 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)
image2.pubmatic.com
4    185.29.132.245 (United Kingdom)

ASN30419 (MEDIAMATH-INC, US)
sync.mathtag.com
4    185.64.189.110 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)
simage2.pubmatic.com
1    85.114.159.93 (Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: dsp.adfarm1.adition.com
dsp.adfarm1.adition.com
1    198.47.127.20 (United States)

ASN62713 (AS-PUBMATIC, US)
image4.pubmatic.com
3    51.222.80.231 (Canada)

ASN16276 (OVH, FR)
PTR: pikafka-us-1.cloudy.ovh
pixel.onaudience.com
2    34.254.143.3 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-254-143-3.eu-west-1.compute.amazonaws.com
loada.exelator.com
2    52.30.14.23 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-30-14-23.eu-west-1.compute.amazonaws.com
sync.crwdcntrl.net
2    2606:4700:10::6816:1957 (United States)

ASN13335 (CLOUDFLARENET, US)
spl.zeotap.com
mwzeom.zeotap.com
1    159.122.14.34 (United States)

ASN36351 (SOFTLAYER, US)
PTR: 22.0e.7a9f.ip4.static.sl-reverse.com
um.simpli.fi
5    178.250.2.83 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
ssp-sync.criteo.com
1    18.216.183.199 (Columbus, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-216-183-199.us-east-2.compute.amazonaws.com
capi.connatix.com
11    2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com
adservice.google.com
1    2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.de
1    2a00:1450:4001:810::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
39160c3bf28948ecd89e7a37550c150f.safeframe.googlesyndication.com
1    52.20.78.240 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-20-78-240.compute-1.amazonaws.com
api.ipify.org
2    2a02:2638::1c (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
gum.criteo.com
6    76.223.111.18 (United States)

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com
eb2.3lift.com
2    2600:9000:2156:be00:8:8845:1500:93a1 (United States)

ASN16509 (AMAZON-02, US)
b-code.liadm.com
8    2a00:1450:4001:82f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
tpc.googlesyndication.com
1    108.128.26.6 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-108-128-26-6.eu-west-1.compute.amazonaws.com
secure-us.imrworldwide.com
4    34.193.254.175 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-193-254-175.compute-1.amazonaws.com
tags.srv.stackadapt.com
1    2620:116:800d:21:3175:5196:e3fd:8c1d (United States)

ASN16509 (AMAZON-02, US)
edge.quantserve.com
2    2a00:1450:4001:810::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
2    2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagservices.com
4    138.201.63.149 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.149.63.201.138.clients.your-server.de
hal9000.redintelligence.net
2    185.29.134.245 (United Kingdom)

ASN30419 (MEDIAMATH-INC, US)
tags.mathtag.com
1    2.18.233.201 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-233-201.deploy.static.akamaitechnologies.com
pixel.mathtag.com
1    151.101.65.108 (United States)

ASN54113 (FASTLY, US)
cdn.adnxs.com
3    185.33.221.52 (Amsterdam, Netherlands)

ASN29990 (ASN-APPNEX, US)
PTR: 725.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
ams1-ib.adnxs.com
1    3.127.86.46 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-127-86-46.eu-central-1.compute.amazonaws.com
protected-by.clarium.io
2    143.204.98.59 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-59.fra50.r.cloudfront.net
cdn.p-n.io
1    34.102.163.6 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 6.163.102.34.bc.googleusercontent.com
ad.mrtnsvr.com
1    2620:1ec:21::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
px.ads.linkedin.com
1    2a05:d018:d29:3601:48c:2850:f91f:4df0 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
pr-bh.ybp.yahoo.com
1    2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
c.bing.com
2    209.54.180.3 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
s.amazon-adsystem.com
7    3.124.34.143 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-124-34-143.eu-central-1.compute.amazonaws.com
x.bidswitch.net
1    50.31.142.31 (United States)

ASN23352 (SERVERCENTRAL, US)
PTR: chi.outbrain.com
b1sync.zemanta.com
3    52.215.248.120 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-215-248-120.eu-west-1.compute.amazonaws.com
pixel.everesttech.net
3    2600:9000:2156:7600:12:1bf:30c0:93a1 (United States)

ASN16509 (AMAZON-02, US)
cdn-prod.securiti.ai
1    178.250.2.146 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
mug.criteo.com
1    2600:9000:2156:e200:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)
rules.quantcount.com
4    144.76.104.53 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.53.104.76.144.clients.your-server.de
hal900022.redintelligence.net
1    2a00:1450:400c:c00::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
1    2600:1f18:730:b150:1533:8f19:3ef8:a567 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
rp.liadm.com
1    3.224.47.34 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-224-47-34.compute-1.amazonaws.com
rp4.liadm.com
2    52.215.92.65 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-215-92-65.eu-west-1.compute.amazonaws.com
match.prod.bidr.io
2    18.192.85.110 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-192-85-110.eu-central-1.compute.amazonaws.com
rtb.mfadsrvr.com
1    141.226.228.48 (Netherlands)

ASN200478 (TABOOLA-AS, IL)
sync.taboola.com
3    2a03:2880:f12d:83:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
www.facebook.com
1    2620:116:800b:21:f716:921a:893c:c3d8 (United States)

ASN14618 (AMAZON-AES, US)
pixel.quantserve.com
1    2a00:1450:4001:828::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
3    44.240.106.223 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-44-240-106-223.us-west-2.compute.amazonaws.com
app.securiti.ai
2    2a00:1450:4001:803::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.de
googleads.g.doubleclick.net
2    145.239.193.130 (France)

ASN16276 (OVH, FR)
pv.medialead.de
1    88.198.250.30 (Baienfurt, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.88-198-250-30.clients.your-server.de
pb.media01.eu
1    2a0b:4d07:101::1 (Switzerland)

ASN44239 (PROINITY PROINITY, CH)
adv.office-partner.de
2    46.236.13.147 (United Kingdom)

ASN12703 (PULSANT-AS, GB)
PTR: 46-236-13-147.servers.dedipower.net
track.webgains.com
2    142.250.185.166 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f6.1e100.net
5994599.fls.doubleclick.net
1    54.76.176.197 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-76-176-197.eu-west-1.compute.amazonaws.com
ad-server.eu
1    104.111.239.217 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-239-217.deploy.static.akamaitechnologies.com
www.awin1.com
1    2a00:1450:4001:808::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    143.204.98.117 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-117.fra50.r.cloudfront.net
analytics.webgains.io
6    107.22.240.229 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-107-22-240-229.compute-1.amazonaws.com
i.liadm.com
1    2600:9000:2156:e000:3:c7cf:1100:93a1 (United States)

ASN16509 (AMAZON-02, US)
sli.newsobserver.com
1    185.64.190.81 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)
simage4.pubmatic.com
3    2600:1f18:444a:4680:469d:1ee7:c700:42a5 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
i6.liadm.com
2    104.111.215.191 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-215-191.deploy.static.akamaitechnologies.com
x.dlx.addthis.com
1    2a04:4e42:400::300 (United States)

ASN54113 (FASTLY, US)
trc.taboola.com
2    54.72.0.164 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-72-0-164.eu-west-1.compute.amazonaws.com
api.webgains.io
2    52.59.187.13 (None, )

ASN- ()
k.p-n.io
Apex Domain
Subdomains		 Transfer
38 newsobserver.com
www.newsobserver.com — Cisco Umbrella Rank: 80703
sli.newsobserver.com — Cisco Umbrella Rank: 279892
1 MB
23 everesttech.net
cm.everesttech.net — Cisco Umbrella Rank: 881
sync-tm.everesttech.net — Cisco Umbrella Rank: 491
lasteventf-tm.everesttech.net — Cisco Umbrella Rank: 6067
pixel.everesttech.net — Cisco Umbrella Rank: 2907
7 KB
22 doubleclick.net
cm.g.doubleclick.net — Cisco Umbrella Rank: 175
securepubads.g.doubleclick.net — Cisco Umbrella Rank: 159
stats.g.doubleclick.net — Cisco Umbrella Rank: 67
5994599.fls.doubleclick.net — Cisco Umbrella Rank: 70120
googleads.g.doubleclick.net — Cisco Umbrella Rank: 37
179 KB
19 google.com
www.google.com — Cisco Umbrella Rank: 2
fundingchoicesmessages.google.com — Cisco Umbrella Rank: 2400
adservice.google.com — Cisco Umbrella Rank: 59
71 KB
17 googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 92
39160c3bf28948ecd89e7a37550c150f.safeframe.googlesyndication.com
tpc.googlesyndication.com — Cisco Umbrella Rank: 120
153 KB
16 pubmatic.com
ads.pubmatic.com — Cisco Umbrella Rank: 429
image6.pubmatic.com — Cisco Umbrella Rank: 582
hbopenbid.pubmatic.com — Cisco Umbrella Rank: 420
image2.pubmatic.com — Cisco Umbrella Rank: 752
simage2.pubmatic.com — Cisco Umbrella Rank: 552
image4.pubmatic.com — Cisco Umbrella Rank: 738
simage4.pubmatic.com — Cisco Umbrella Rank: 1024
33 KB
14 liadm.com
idx.liadm.com — Cisco Umbrella Rank: 5352
b-code.liadm.com — Cisco Umbrella Rank: 3234
rp.liadm.com — Cisco Umbrella Rank: 2586
rp4.liadm.com — Cisco Umbrella Rank: 11306
i.liadm.com — Cisco Umbrella Rank: 458
i6.liadm.com — Cisco Umbrella Rank: 1371
20 KB
13 criteo.com
bidder.criteo.com — Cisco Umbrella Rank: 736
dis.criteo.com — Cisco Umbrella Rank: 619
ssp-sync.criteo.com — Cisco Umbrella Rank: 1860
gum.criteo.com — Cisco Umbrella Rank: 355
mug.criteo.com — Cisco Umbrella Rank: 3197
11 KB
10 gstatic.com
fonts.gstatic.com
www.gstatic.com
393 KB
9 3lift.com
ib.3lift.com — Cisco Umbrella Rank: 1015
tlx.3lift.com — Cisco Umbrella Rank: 532
eb2.3lift.com — Cisco Umbrella Rank: 356
4 KB
9 trinitymedia.ai
trinitymedia.ai — Cisco Umbrella Rank: 15859
vd.trinitymedia.ai — Cisco Umbrella Rank: 20484
depart.trinitymedia.ai — Cisco Umbrella Rank: 18043
270 KB
8 redintelligence.net
hal9000.redintelligence.net — Cisco Umbrella Rank: 31122
hal900022.redintelligence.net — Cisco Umbrella Rank: 242383
58 KB
8 postrelease.com
jadserve.postrelease.com — Cisco Umbrella Rank: 900
6 KB
8 adnxs.com
ib.adnxs.com — Cisco Umbrella Rank: 210
cdn.adnxs.com — Cisco Umbrella Rank: 1304
ams1-ib.adnxs.com — Cisco Umbrella Rank: 6837
47 KB
7 bidswitch.net
x.bidswitch.net — Cisco Umbrella Rank: 265
3 KB
7 mathtag.com
sync.mathtag.com — Cisco Umbrella Rank: 387
tags.mathtag.com — Cisco Umbrella Rank: 2834
pixel.mathtag.com — Cisco Umbrella Rank: 1050
4 KB
7 amazon-adsystem.com
c.amazon-adsystem.com — Cisco Umbrella Rank: 263
s.amazon-adsystem.com — Cisco Umbrella Rank: 266
41 KB
6 securiti.ai
cdn-prod.securiti.ai — Cisco Umbrella Rank: 36294
app.securiti.ai — Cisco Umbrella Rank: 47638
68 KB
5 adform.net
c1.adform.net — Cisco Umbrella Rank: 529
2 KB
5 matheranalytics.com
js.matheranalytics.com — Cisco Umbrella Rank: 10579
www.i.matheranalytics.com — Cisco Umbrella Rank: 10878
42 KB
5 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 35
imasdk.googleapis.com — Cisco Umbrella Rank: 407
125 KB
4 p-n.io
cdn.p-n.io — Cisco Umbrella Rank: 4391
k.p-n.io
57 KB
4 stackadapt.com
tags.srv.stackadapt.com — Cisco Umbrella Rank: 3790
6 KB
4 connatix.com
cd.connatix.com — Cisco Umbrella Rank: 3152
cds.connatix.com — Cisco Umbrella Rank: 3185
capi.connatix.com — Cisco Umbrella Rank: 2720
257 KB
4 adsrvr.org
match.adsrvr.org — Cisco Umbrella Rank: 295
2 KB
4 rlcdn.com
check.analytics.rlcdn.com — Cisco Umbrella Rank: 3632
ats.rlcdn.com — Cisco Umbrella Rank: 1336
api.rlcdn.com — Cisco Umbrella Rank: 739
38 KB
4 demdex.net
adobedc.demdex.net — Cisco Umbrella Rank: 13088
dpm.demdex.net — Cisco Umbrella Rank: 187
4 KB
4 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 126
199 KB
3 webgains.io
analytics.webgains.io — Cisco Umbrella Rank: 19741
api.webgains.io — Cisco Umbrella Rank: 54493
51 KB
3 facebook.com
www.facebook.com — Cisco Umbrella Rank: 97
487 B
3 google.de
adservice.google.de — Cisco Umbrella Rank: 9027
www.google.de — Cisco Umbrella Rank: 6342
1 KB
3 onaudience.com
pixel.onaudience.com — Cisco Umbrella Rank: 1400
1 KB
3 casalemedia.com
htlb.casalemedia.com — Cisco Umbrella Rank: 427
as-sec.casalemedia.com — Cisco Umbrella Rank: 1146
1 KB
3 everestjs.net
www.everestjs.net — Cisco Umbrella Rank: 5560
32 KB
3 scorecardresearch.com
sb.scorecardresearch.com — Cisco Umbrella Rank: 129
2 KB
3 adobedc.net
edge.adobedc.net — Cisco Umbrella Rank: 9135
2 KB
2 addthis.com
x.dlx.addthis.com — Cisco Umbrella Rank: 982
1 KB
2 webgains.com
track.webgains.com — Cisco Umbrella Rank: 41085
5 KB
2 medialead.de
pv.medialead.de — Cisco Umbrella Rank: 46456
1 KB
2 taboola.com
sync.taboola.com — Cisco Umbrella Rank: 725
trc.taboola.com — Cisco Umbrella Rank: 571
467 B
2 mfadsrvr.com
rtb.mfadsrvr.com — Cisco Umbrella Rank: 740
1 KB
2 bidr.io
match.prod.bidr.io — Cisco Umbrella Rank: 444
1 KB
2 googletagservices.com
www.googletagservices.com — Cisco Umbrella Rank: 146
77 KB
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 31
20 KB
2 quantserve.com
edge.quantserve.com — Cisco Umbrella Rank: 10389
pixel.quantserve.com — Cisco Umbrella Rank: 374
10 KB
2 zeotap.com
spl.zeotap.com — Cisco Umbrella Rank: 1178
mwzeom.zeotap.com — Cisco Umbrella Rank: 1486
902 B
2 crwdcntrl.net
sync.crwdcntrl.net — Cisco Umbrella Rank: 662
848 B
2 exelator.com
loada.exelator.com — Cisco Umbrella Rank: 20824
2 KB
2 de17a.com
d5p.de17a.com — Cisco Umbrella Rank: 4441
637 B
2 amazonaws.com
sqs.us-east-1.amazonaws.com — Cisco Umbrella Rank: 4621
658 B
2 rubiconproject.com
fastlane.rubiconproject.com — Cisco Umbrella Rank: 436
2 KB
2 openx.net
mcclatchy-d.openx.net — Cisco Umbrella Rank: 38966
482 B
2 parsely.com
cdn.parsely.com — Cisco Umbrella Rank: 2498
p1.parsely.com — Cisco Umbrella Rank: 1996
24 KB
2 fastly.net
confiant-integrations.global.ssl.fastly.net — Cisco Umbrella Rank: 1485
90 KB
2 cloudfront.net
d15kdpgjg3unno.cloudfront.net
dyv1bugovvq1g.cloudfront.net
20 KB
2 zephr.com
mcclatchy-newsobserver.cdn.zephr.com — Cisco Umbrella Rank: 271170
998 B
2 spotxchange.com
sync.search.spotxchange.com — Cisco Umbrella Rank: 469
1 KB
2 zeustechnology.com
mcclatchy-newsobserver.zeustechnology.com — Cisco Umbrella Rank: 221081
sponsorship-lines.zeustechnology.com — Cisco Umbrella Rank: 38125
60 KB
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 50
33 KB
1 awin1.com
www.awin1.com — Cisco Umbrella Rank: 14416
702 B
1 ad-server.eu
ad-server.eu — Cisco Umbrella Rank: 70137
312 B
1 office-partner.de
adv.office-partner.de — Cisco Umbrella Rank: 192090
931 B
1 media01.eu
pb.media01.eu — Cisco Umbrella Rank: 65528
630 B
1 quantcount.com
rules.quantcount.com — Cisco Umbrella Rank: 770
1 KB
1 zemanta.com
b1sync.zemanta.com — Cisco Umbrella Rank: 523
301 B
1 bing.com
c.bing.com — Cisco Umbrella Rank: 212
593 B
1 yahoo.com
pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 419
1004 B
1 linkedin.com
px.ads.linkedin.com — Cisco Umbrella Rank: 439
922 B
1 mrtnsvr.com
ad.mrtnsvr.com — Cisco Umbrella Rank: 1554
248 B
1 clarium.io
protected-by.clarium.io — Cisco Umbrella Rank: 1750
345 B
1 imrworldwide.com
secure-us.imrworldwide.com — Cisco Umbrella Rank: 1391
369 B
1 ipify.org
api.ipify.org — Cisco Umbrella Rank: 3219
260 B
1 simpli.fi
um.simpli.fi — Cisco Umbrella Rank: 691
612 B
1 adition.com
dsp.adfarm1.adition.com — Cisco Umbrella Rank: 1393
501 B
1 privacymanager.io
geo.privacymanager.io — Cisco Umbrella Rank: 1451
594 B
1 ntv.io
s.ntv.io — Cisco Umbrella Rank: 3166
115 KB
1 onetrust.com
geolocation.onetrust.com — Cisco Umbrella Rank: 709
395 B
1 scroll.com
static.scroll.com — Cisco Umbrella Rank: 5303
7 KB
1 indexww.com
js-sec.indexww.com — Cisco Umbrella Rank: 618
13 KB
1 criteo.net
static.criteo.net — Cisco Umbrella Rank: 638
41 KB
299 80
Domain Requested by
37 www.newsobserver.com www.newsobserver.com
16 sync-tm.everesttech.net 9 redirects www.newsobserver.com
12 fundingchoicesmessages.google.com www.newsobserver.com
9 securepubads.g.doubleclick.net mcclatchy-newsobserver.zeustechnology.com
securepubads.g.doubleclick.net
www.newsobserver.com
www.googletagservices.com
9 cm.g.doubleclick.net 7 redirects eb2.3lift.com
9 fonts.gstatic.com fonts.googleapis.com
8 tpc.googlesyndication.com 1 redirects www.newsobserver.com
securepubads.g.doubleclick.net
tpc.googlesyndication.com
8 pagead2.googlesyndication.com www.newsobserver.com
securepubads.g.doubleclick.net
tpc.googlesyndication.com
www.googletagservices.com
8 jadserve.postrelease.com s.ntv.io
www.newsobserver.com
7 x.bidswitch.net 6 redirects eb2.3lift.com
6 i.liadm.com 3 redirects b-code.liadm.com
i.liadm.com
6 eb2.3lift.com 2 redirects ib.3lift.com
eb2.3lift.com
5 ssp-sync.criteo.com static.criteo.net
5 c1.adform.net 4 redirects ads.pubmatic.com
5 c.amazon-adsystem.com www.newsobserver.com
c.amazon-adsystem.com
4 hal900022.redintelligence.net 1 redirects www.newsobserver.com
hal900022.redintelligence.net
4 hal9000.redintelligence.net www.newsobserver.com
hal900022.redintelligence.net
4 tags.srv.stackadapt.com www.newsobserver.com
tags.srv.stackadapt.com
4 simage2.pubmatic.com ads.pubmatic.com
4 sync.mathtag.com 3 redirects www.newsobserver.com
4 image2.pubmatic.com ads.pubmatic.com
4 bidder.criteo.com static.criteo.net
4 ib.adnxs.com 2 redirects mcclatchy-newsobserver.zeustechnology.com
4 depart.trinitymedia.ai vd.trinitymedia.ai
4 match.adsrvr.org 2 redirects js-sec.indexww.com
eb2.3lift.com
4 www.google.com www.newsobserver.com
tpc.googlesyndication.com
4 connect.facebook.net www.newsobserver.com
connect.facebook.net
4 fonts.googleapis.com www.newsobserver.com
vd.trinitymedia.ai
hal900022.redintelligence.net
3 i6.liadm.com i.liadm.com
3 app.securiti.ai cdn-prod.securiti.ai
3 www.facebook.com
3 cdn-prod.securiti.ai www.newsobserver.com
cdn-prod.securiti.ai
3 pixel.everesttech.net 1 redirects
3 ams1-ib.adnxs.com www.newsobserver.com
cdn.adnxs.com
3 adservice.google.com securepubads.g.doubleclick.net
5994599.fls.doubleclick.net
3 pixel.onaudience.com 3 redirects
3 www.i.matheranalytics.com www.newsobserver.com
3 www.everestjs.net www.newsobserver.com
www.everestjs.net
3 sb.scorecardresearch.com 1 redirects www.newsobserver.com
3 vd.trinitymedia.ai trinitymedia.ai
3 ads.pubmatic.com mcclatchy-newsobserver.zeustechnology.com
ads.pubmatic.com
3 edge.adobedc.net www.newsobserver.com
3 dpm.demdex.net 1 redirects www.newsobserver.com
3 cm.everesttech.net 3 redirects
2 k.p-n.io cdn.p-n.io
2 api.webgains.io analytics.webgains.io
2 x.dlx.addthis.com 1 redirects i.liadm.com
2 5994599.fls.doubleclick.net 1 redirects www.newsobserver.com
2 track.webgains.com www.newsobserver.com
2 pv.medialead.de 2 redirects
2 rtb.mfadsrvr.com 2 redirects
2 match.prod.bidr.io 2 redirects
2 s.amazon-adsystem.com 1 redirects eb2.3lift.com
2 cdn.p-n.io www.newsobserver.com
cdn.p-n.io
2 tags.mathtag.com 1 redirects www.newsobserver.com
2 www.googletagservices.com www.newsobserver.com
2 www.google-analytics.com www.newsobserver.com
www.google-analytics.com
2 b-code.liadm.com www.newsobserver.com
b-code.liadm.com
2 gum.criteo.com 1 redirects static.criteo.net
2 adservice.google.de securepubads.g.doubleclick.net
2 sync.crwdcntrl.net 2 redirects
2 loada.exelator.com 2 redirects
2 d5p.de17a.com 2 redirects
2 sqs.us-east-1.amazonaws.com d15kdpgjg3unno.cloudfront.net
2 tlx.3lift.com mcclatchy-newsobserver.zeustechnology.com
2 fastlane.rubiconproject.com mcclatchy-newsobserver.zeustechnology.com
2 hbopenbid.pubmatic.com mcclatchy-newsobserver.zeustechnology.com
2 mcclatchy-d.openx.net mcclatchy-newsobserver.zeustechnology.com
2 htlb.casalemedia.com mcclatchy-newsobserver.zeustechnology.com
2 js.matheranalytics.com 1 redirects www.newsobserver.com
2 cds.connatix.com www.newsobserver.com
cd.connatix.com
2 api.rlcdn.com js-sec.indexww.com
mcclatchy-newsobserver.zeustechnology.com
2 confiant-integrations.global.ssl.fastly.net www.newsobserver.com
confiant-integrations.global.ssl.fastly.net
2 mcclatchy-newsobserver.cdn.zephr.com www.newsobserver.com
2 sync.search.spotxchange.com 1 redirects www.newsobserver.com
2 trinitymedia.ai www.newsobserver.com
vd.trinitymedia.ai
1 trc.taboola.com i.liadm.com
1 googleads.g.doubleclick.net pagead2.googlesyndication.com
1 simage4.pubmatic.com ads.pubmatic.com
1 sli.newsobserver.com
1 analytics.webgains.io www.newsobserver.com
1 www.googletagmanager.com adv.office-partner.de
1 www.awin1.com www.newsobserver.com
1 ad-server.eu www.newsobserver.com
1 adv.office-partner.de www.newsobserver.com
1 pb.media01.eu www.newsobserver.com
1 www.google.de
1 pixel.quantserve.com
1 sync.taboola.com 1 redirects
1 rp4.liadm.com
1 rp.liadm.com 1 redirects
1 stats.g.doubleclick.net www.google-analytics.com
1 rules.quantcount.com edge.quantserve.com
1 mug.criteo.com gum.criteo.com
1 b1sync.zemanta.com 1 redirects
1 c.bing.com eb2.3lift.com
1 pr-bh.ybp.yahoo.com 1 redirects
1 px.ads.linkedin.com eb2.3lift.com
1 ad.mrtnsvr.com 1 redirects
1 protected-by.clarium.io www.newsobserver.com
1 cdn.adnxs.com www.newsobserver.com
1 pixel.mathtag.com www.newsobserver.com
1 edge.quantserve.com www.newsobserver.com
1 secure-us.imrworldwide.com
1 api.ipify.org www.newsobserver.com
1 39160c3bf28948ecd89e7a37550c150f.safeframe.googlesyndication.com securepubads.g.doubleclick.net
1 capi.connatix.com cd.connatix.com
1 as-sec.casalemedia.com js-sec.indexww.com
1 um.simpli.fi ads.pubmatic.com
1 mwzeom.zeotap.com ads.pubmatic.com
1 spl.zeotap.com 1 redirects
1 image4.pubmatic.com ads.pubmatic.com
1 dsp.adfarm1.adition.com 1 redirects
1 dis.criteo.com ads.pubmatic.com
1 lasteventf-tm.everesttech.net www.everestjs.net
1 p1.parsely.com www.newsobserver.com
1 image6.pubmatic.com ads.pubmatic.com
1 geo.privacymanager.io ats.rlcdn.com
1 s.ntv.io www.newsobserver.com
1 cdn.parsely.com www.newsobserver.com
1 cd.connatix.com 1 redirects
1 idx.liadm.com js-sec.indexww.com
1 dyv1bugovvq1g.cloudfront.net www.newsobserver.com
1 d15kdpgjg3unno.cloudfront.net www.newsobserver.com
1 ats.rlcdn.com www.newsobserver.com
1 geolocation.onetrust.com www.newsobserver.com
1 static.scroll.com www.newsobserver.com
1 imasdk.googleapis.com www.newsobserver.com
1 sponsorship-lines.zeustechnology.com mcclatchy-newsobserver.zeustechnology.com
1 ib.3lift.com mcclatchy-newsobserver.zeustechnology.com
1 js-sec.indexww.com mcclatchy-newsobserver.zeustechnology.com
1 static.criteo.net mcclatchy-newsobserver.zeustechnology.com
1 check.analytics.rlcdn.com mcclatchy-newsobserver.zeustechnology.com
1 mcclatchy-newsobserver.zeustechnology.com www.newsobserver.com
1 www.gstatic.com www.google.com
1 adobedc.demdex.net www.newsobserver.com
299 136
Subject Issuer Validity Valid
www.mcclatchydc.com
DigiCert SHA2 Secure Server CA		 2022-01-14 -
2022-12-14		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2022-02-17 -
2022-05-12		 3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2021-12-05 -
2022-03-05		 3 months crt.sh
www.google.com
GTS CA 1C3		 2022-02-17 -
2022-05-12		 3 months crt.sh
trinitymedia.ai
Sectigo RSA Domain Validation Secure Server CA		 2021-12-13 -
2022-12-15		 a year crt.sh
adobedc.demdex.net
DigiCert TLS RSA SHA256 2020 CA1		 2021-10-19 -
2022-11-19		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2022-02-17 -
2022-05-12		 3 months crt.sh
*.zeustechnology.com
Amazon		 2021-05-15 -
2022-06-13		 a year crt.sh
edge.adobedc.net
DigiCert TLS RSA SHA256 2020 CA1		 2021-10-18 -
2022-11-18		 a year crt.sh
analytics.rlcdn.com
Amazon		 2021-08-26 -
2022-09-24		 a year crt.sh
*.criteo.net
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-02-02 -
2022-05-03		 3 months crt.sh
san.casalemedia.com
GeoTrust RSA CA 2018		 2021-12-12 -
2022-12-13		 a year crt.sh
*.pubmatic.com
DigiCert SHA2 Secure Server CA		 2022-02-04 -
2023-02-03		 a year crt.sh
*.3lift.com
Amazon		 2021-06-12 -
2022-07-11		 a year crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2022-02-17 -
2022-05-12		 3 months crt.sh
c.amazon-adsystem.com
Amazon		 2021-07-06 -
2022-06-27		 a year crt.sh
vd.trinitymedia.ai
Sectigo RSA Domain Validation Secure Server CA		 2021-12-13 -
2022-12-16		 a year crt.sh
*.cdn.zephr.com
Amazon		 2021-05-06 -
2022-06-04		 a year crt.sh
*.scroll.com
R3		 2021-12-28 -
2022-03-28		 3 months crt.sh
onetrust.com
Cloudflare Inc ECC CA-3		 2022-01-12 -
2023-01-12		 a year crt.sh
*.rlcdn.com
Sectigo RSA Domain Validation Secure Server CA		 2021-02-25 -
2022-03-28		 a year crt.sh
*.cloudfront.net
Amazon		 2022-02-01 -
2023-01-31		 a year crt.sh
*.freetls.fastly.net
GlobalSign Atlas R3 DV TLS CA 2020		 2021-04-27 -
2022-05-29		 a year crt.sh
*.adsrvr.org
GlobalSign GCC R3 DV TLS CA 2020		 2021-03-18 -
2022-04-19		 a year crt.sh
*.liadm.com
Amazon		 2021-10-31 -
2022-11-28		 a year crt.sh
*.parsely.com
Amazon		 2021-07-05 -
2022-08-03		 a year crt.sh
*.ntv.io
DigiCert SHA2 Secure Server CA		 2021-12-04 -
2022-12-06		 a year crt.sh
*.scorecardresearch.com
Amazon		 2022-01-29 -
2023-02-27		 a year crt.sh
www.everestjs.net
DigiCert TLS RSA SHA256 2020 CA1		 2021-09-02 -
2022-09-02		 a year crt.sh
*.google.com
GTS CA 1C3		 2022-02-17 -
2022-05-12		 3 months crt.sh
depart.trinitymedia.ai
Sectigo RSA Domain Validation Secure Server CA		 2021-12-13 -
2022-12-28		 a year crt.sh
*.privacymanager.io
Amazon		 2021-09-25 -
2022-10-24		 a year crt.sh
*.adnxs.com
GeoTrust ECC CA 2018		 2022-02-11 -
2023-03-14		 a year crt.sh
*.criteo.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-02-04 -
2022-05-03		 3 months crt.sh
*.openx.net
GeoTrust RSA CA 2018		 2021-07-08 -
2022-08-08		 a year crt.sh
*.rubiconproject.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-03-30 -
2022-04-04		 a year crt.sh
*.everesttech.net
GlobalSign Atlas R3 DV TLS CA 2022 Q1		 2022-02-03 -
2023-03-07		 a year crt.sh
*.postrelease.com
Amazon		 2021-12-28 -
2023-01-25		 a year crt.sh
queue.amazonaws.com
Amazon		 2021-10-15 -
2022-10-07		 a year crt.sh
www.i.matheranalytics.com
Amazon		 2022-01-13 -
2023-02-11		 a year crt.sh
track.adform.net
DigiCert TLS RSA SHA256 2020 CA1		 2021-09-06 -
2022-10-07		 a year crt.sh
*.simpli.fi
DigiCert TLS RSA SHA256 2020 CA1		 2021-10-27 -
2022-11-27		 a year crt.sh
*.connatix.com
Go Daddy Secure Certificate Authority - G2		 2021-08-20 -
2022-09-21		 a year crt.sh
*.google.de
GTS CA 1C3		 2022-02-17 -
2022-05-12		 3 months crt.sh
*.ipify.org
Sectigo RSA Domain Validation Secure Server CA		 2022-02-07 -
2023-03-10		 a year crt.sh
*.imrworldwide.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-01-04 -
2023-02-03		 a year crt.sh
*.srv.stackadapt.com
Amazon		 2021-11-09 -
2022-12-07		 a year crt.sh
*.quantserve.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-09-22 -
2022-09-21		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2022-02-17 -
2022-05-12		 3 months crt.sh
redintelligence.net
R3		 2022-01-27 -
2022-04-27		 3 months crt.sh
pixel.mathtag.com
DigiCert SHA2 Secure Server CA		 2021-06-29 -
2022-07-07		 a year crt.sh
*.mathtag.com
DigiCert SHA2 Secure Server CA		 2020-04-15 -
2022-04-22		 2 years crt.sh
cdn.adnxs.com
GlobalSign Organization Validated CA - SHA256 - G4		 2021-05-10 -
2022-06-11		 a year crt.sh
protected-by.clarium.io
Gandi Standard SSL CA 2		 2020-04-03 -
2022-04-26		 2 years crt.sh
pushlycdn.com
Amazon		 2022-02-14 -
2023-03-15		 a year crt.sh
www.linkedin.com
DigiCert SHA2 Secure Server CA		 2021-12-06 -
2022-06-06		 6 months crt.sh
www.bing.com
Microsoft RSA TLS CA 01		 2021-12-22 -
2022-06-22		 6 months crt.sh
*.bidswitch.net
Sectigo RSA Domain Validation Secure Server CA		 2020-04-23 -
2022-05-04		 2 years crt.sh
app.securiti.ai
Amazon		 2021-06-17 -
2022-07-16		 a year crt.sh
www.google.de
GTS CA 1C3		 2022-02-17 -
2022-05-12		 3 months crt.sh
*.tmogul.com
Amazon		 2021-07-16 -
2022-08-14		 a year crt.sh
*.media01.eu
RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1		 2021-05-27 -
2022-05-27		 a year crt.sh
adv.office-partner.de
R3		 2022-01-06 -
2022-04-06		 3 months crt.sh
*.webgains.com
Sectigo RSA Domain Validation Secure Server CA		 2021-05-20 -
2022-06-20		 a year crt.sh
*.doubleclick.net
GTS CA 1C3		 2022-02-17 -
2022-05-12		 3 months crt.sh
www.awin1.com
DigiCert SHA2 Secure Server CA		 2021-06-11 -
2022-06-16		 a year crt.sh
*.webgains.io
Amazon		 2022-02-10 -
2023-03-11		 a year crt.sh
sli.newsobserver.com
Amazon		 2021-08-03 -
2022-09-01		 a year crt.sh
*.taboola.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-11-28 -
2022-12-29		 a year crt.sh
*.p-n.io
Amazon		 2022-01-10 -
2023-02-06		 a year crt.sh

This page contains 44 frames:

Primary Page: https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
Frame ID: C9294BBF9FFCAAC853A0CF4748A4FE10
Requests: 156 HTTP requests in this frame

Frame: https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEGe7xzNK4Dbw1MDyy0FqoM4&google_cver=1?gdpr=0&gdpr_consent=
Frame ID: A7C036AE079167DF38AE83B7D1310F02
Requests: 1 HTTP requests in this frame

Frame: https://sync-tm.everesttech.net/ct/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_push%26google_sc%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&_test=YhlQagAI8ZeGZwBB
Frame ID: C8448565B97A098ABEF9087C9BC3C651
Requests: 1 HTTP requests in this frame

Frame: https://sync-tm.everesttech.net/ct/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D7941%26nid%3D2243%26put%3D%24%7BUSER_ID%7D%26expires%3D90&_test=YhlQagAI-GuqvQBH
Frame ID: F7F4B7DE1D8DF48A753998CAA0672BDD
Requests: 1 HTTP requests in this frame

Frame: https://sync-tm.everesttech.net/ct/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D&_test=YhlQagAI8dqGogBB
Frame ID: 7603B14C1DCB037A23FCF55394654CFA
Requests: 1 HTTP requests in this frame

Frame: https://sync-tm.everesttech.net/ct/upi/pid/UH6TUt9n?redir=https%3A%2F%2Fib.adnxs.com%2Fsetuid%3Fentity%3D158%26code%3D%24%7BTM_USER_ID%7D&_test=YhlQagAI-JiqwwBH
Frame ID: 37E11CEC6EEF9C79E440C3DE464A7B5B
Requests: 1 HTTP requests in this frame

Frame: https://sync-tm.everesttech.net/ct/upi/pid/ny75r2x0?redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537148856%26val%3D%24%7BTM_USER_ID%7D&_test=YhlQagAI8BKHYQBB
Frame ID: E476A8E108982DEA80AED5EB6164ED82
Requests: 1 HTTP requests in this frame

Frame: https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D&_test=YhlQagAI-Dqq3QBH
Frame ID: BC1BEF89D610A8C76986A5AB6B280EF1
Requests: 1 HTTP requests in this frame

Frame: https://sync.search.spotxchange.com/partner?adv_id=6409&uid=YhlQagAI-EGsGQBH&img=1&_test=YhlQagAI-EGsGQBH&__user_check__=1&sync_id=b4d798b4-9685-11ec-9563-1626150c0406
Frame ID: 77ACE1AF75228DABF743B6B096020C3A
Requests: 1 HTTP requests in this frame

Frame: https://sync-tm.everesttech.net/ct/upi/pid/r7ifn0SL?redir=https%3A%2F%2Fwww.facebook.com%2Ffr%2Fb.php%3Fp%3D1531105787105294%26e%3D%24%7BTM_USER_ID%7D%26t%3D2592000%26o%3D0&_test=YhlQagAI-C2sIABH
Frame ID: 03463B889CBFFD1334F4394FAD45A992
Requests: 1 HTTP requests in this frame

Frame: https://cds.connatix.com/p/151870/connatix.playspace.dc.js
Frame ID: A3B02AB6F4F0A50649A7AF7F7CE33C16
Requests: 2 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=159414&s=&predirect=&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&
Frame ID: 0EBE17BC7F9C70DD5EFD301137E42CB7
Requests: 12 HTTP requests in this frame

Frame: https://sb.scorecardresearch.com/beacon.js
Frame ID: ABD30FD38D63EB323D660BEA41EB2E64
Requests: 2 HTTP requests in this frame

Frame: https://www.everestjs.net/static/le/last-event-tag-latest.min.js
Frame ID: F0655ABF165D73F572FC784C693C1C62
Requests: 2 HTTP requests in this frame

Frame: https://js.matheranalytics.com/static/ltm/ma12095/all/7/ml.br.js
Frame ID: A494CD3103E922B081B432AB2C710878
Requests: 4 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css2?family=Work+Sans:wght@400;600&display=swap
Frame ID: B73B21BE177EF17457860EA739FFCA05
Requests: 2 HTTP requests in this frame

Frame: https://trinitymedia.ai/player/trinity-player.php?pageURL=https%3A%2F%2Fwww.newsobserver.com%2Fnews%2Fbusiness%2Farticle257921743.html&unitId=2900000552&userId=c3cd285a-ee86-4d7d-a658-4f3e0718328a&isLegacyBrowser=false&version=20220225_97f2884b268b4d0d886e31759457fc419a2ff7bb&useCFCDN=0&themeId=315
Frame ID: 73C08828D652021694B253C295F48C30
Requests: 9 HTTP requests in this frame

Frame: https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=5BEBE1D3-4BAF-44DC-B4D6-4F3B1B462FEE
Frame ID: F1E671D99F230E3B13823398D74CCF48
Requests: 1 HTTP requests in this frame

Frame: https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
Frame ID: D52274613487612DF84005CF71E1C505
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=7070764015484992801
Frame ID: D6D78C81AF66244411A4D6A432603499
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:b7ee6219-506a-4a00-b525-30b76c7dbba9&gdpr=0&gdpr_consent=
Frame ID: 9CB0280AB69014EAC49DCAA652705104
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7068769510638024856
Frame ID: 922590E93FF2D82CFC179AD81B0A1EE7
Requests: 1 HTTP requests in this frame

Frame: https://39160c3bf28948ecd89e7a37550c150f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: CEB4091F4E3BA501F04DD313C52B2EC6
Requests: 1 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=www.newsobserver.com
Frame ID: A6698DBB00314D7A4C9A4D5D9C145A49
Requests: 2 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync?&ld=1
Frame ID: 38969A08F628B8E978A79928C8DBBA38
Requests: 11 HTTP requests in this frame

Frame: https://www.everestjs.net/static/st.v3.js
Frame ID: D5C4C4F7F40144646E35D856E10F0346
Requests: 3 HTTP requests in this frame

Frame: https://connect.facebook.net/en_US/fbevents.js
Frame ID: 2CC3EDE8FC57AFD0B0F446F7C3CF3D8C
Requests: 5 HTTP requests in this frame

Frame: https://b-code.liadm.com/a-01ec.min.js
Frame ID: 78463B52B6773B0E7A6374C2296A0A7C
Requests: 4 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/simgad/14221371079760943072
Frame ID: C7EF67E92458CE97F1071908639217BE
Requests: 1 HTTP requests in this frame

Frame: https://secure-us.imrworldwide.com/cgi-bin/m?ci=us-203838h&cg=0&cc=1&si=https%3A//www.newsobserver.com/news/business/article257921743.html%3Futm_medium%3Demail%26amp&rp=&ts=compact&rnd=1645826154992
Frame ID: 189BBAEEC44097234CA8B346EE5A08BF
Requests: 1 HTTP requests in this frame

Frame: https://tags.srv.stackadapt.com/events.js
Frame ID: 90D7A7E703C0A14DDFC810737918A188
Requests: 4 HTTP requests in this frame

Frame: https://edge.quantserve.com/quant.js
Frame ID: 8B78E9F6DE2CCCFC3970BEB116F5462F
Requests: 3 HTTP requests in this frame

Frame: https://www.google-analytics.com/analytics.js
Frame ID: AD547671CC2BD6451ABAF321407B9BDA
Requests: 5 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvvJgBUmF_GEwAutBn-6s1Ml5qogFapUGxxqlXXIIJ-UggpGmjUB79ZoaXSuYR0EYEImVVxO2sWItHmx-5j-t3vOT1QD9YXZzl5qLuJQSBLN1SjDH-FTh9UEVng8tt3Pu4J_MJqdKJJowIyqTuzN4OByexC3WcWeaAoDDs0_OceellDjOPUcvozJyfdAMIlYaD9pbDolQTSQlPG7ySItDQ4frmmpqcJRffJBf8k6bACvlbc6HhK-_vQCzMEvcXOiUMy9xJdiXsdSpQp18OQCPgb3oEPF85WeQMVswEagwKEhpvES07L0c8uSTAlLV5KVQnorq0Z6-fnqas8ZIIppRUMM4QHbKjSBAFO6NJf&sig=Cg0ArKJSzBeiznSXM4pqEAE&uach_m=[UACH]&adurl=
Frame ID: E84FFF9612AA6907A7BF389128AF6D8D
Requests: 9 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstPsA06SpgdpteLmud3v39PXOxKKj6YnLtBonhvHpPLkgI-roTy4GlBG4i5Kt54Ly56OhbQDPJ6-bxR2vLeriAB9eDeiBuifAECpd6NSI5tCCtIqECZhr0_OThPPEVfP31yuGDktW5CrSULVSdKCQ5zh6NheeADscTVuGlFUG9gOJn1axelTf_wVoY_NJ13a8BdyNrJfYGTzldX8xO6g_ec1EtbBuZB45Jz_MbsIqhKVeY_C6TzdB6P9c2zKfJibVxb0SnrjOMH22kjfhSgbZbsLiUOf_H7bC46ISSUCh_znynQoae8n1gNdIn2fEtCExgvjHUVyEyfbxzygijE&sig=Cg0ArKJSzPRToye27p8OEAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: F973AFCBDCA2FE3DE21231EE387055F0
Requests: 20 HTTP requests in this frame

Frame: https://www.everestjs.net/static/pixel_details.html
Frame ID: EBD773F8072F1EBFFC6462264D9CD487
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: F4D4DD18D8ADB9B067CA78964268EEB4
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 8B197A8828CBD22FCBBE3C95056C0363
Requests: 2 HTTP requests in this frame

Frame: https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=96548700200570900951425011881022&actionid=981741&produktid=&dt_url=
Frame ID: 9423B829E8BC4B57DF82A31952E8ED45
Requests: 1 HTTP requests in this frame

Frame: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Frame ID: 027B64EFD999DEA91C17E65D32C71F40
Requests: 2 HTTP requests in this frame

Frame: https://5994599.fls.doubleclick.net/activityi;dc_pre=CMuRy5vsm_YCFU1EHQkdve8Icw;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=2586457850182.3286
Frame ID: 6BA00D3F8840237441E27A6E4D289382
Requests: 2 HTTP requests in this frame

Frame: https://hal900022.redintelligence.net/request_content.php?s=96548700200570900951425011881022&a=ae3657fa
Frame ID: 8E3651655E59F951946D2AFB38833C08
Requests: 8 HTTP requests in this frame

Frame: https://i.liadm.com/s/c/a-01ec?s=&cim=&ps=true&ls=true&duid=287830b26e9e--01fwse49xm2ypmpnw2wce6b8dv&ppid=0&euns=0&ci=0&version=sc-v0.2.0&nosync=false&monitorExternalSyncs=false&
Frame ID: 79C233810E8D698CC5242D8A207000F0
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220223/r20190131/zrt_lookup.html
Frame ID: A85C8C001617B72CE16C04FE048949E8
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

SingleStore could double employees in Raleigh in 2022 | Raleigh News & Observertwitteremailphone

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link rel="amphtml"
Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.openx\.net
Overall confidence: 100%
Detected patterns
  • adnxs\.com/[^"]*(?:prebid|/pb\.js)
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.pubmatic\.com
Overall confidence: 100%
Detected patterns
  • \.quantserve\.com/quant\.js
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.rubiconproject\.com
Overall confidence: 100%
Detected patterns
  • analytics\.webgains\.io
Overall confidence: 100%
Detected patterns
  • \.scorecardresearch\.com/beacon\.js|COMSCORE\.beacon
Overall confidence: 100%
Detected patterns
  • /recaptcha/api\.js

Page Statistics

299
Requests

86 %
HTTPS

29 %
IPv6

80
Domains

136
Subdomains

118
IPs

11
Countries

4198 kB
Transfer

11464 kB
Size

97
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 33
  • https://cm.everesttech.net/cm/dd?d_uuid=02038028050926991432813041325413651902 HTTP 302
  • https://dpm.demdex.net/ibs:dpid=411&dpuuid=YhlQagAAAK30BQQA
Request Chain 34
  • https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm&gdpr=0&gdpr_consent=&google_hm=MDIwMzgwMjgwNTA5MjY5OTE0MzI4MTMwNDEzMjU0MTM2NTE5MDI= HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm=&gdpr=0&gdpr_consent=&google_hm=MDIwMzgwMjgwNTA5MjY5OTE0MzI4MTMwNDEzMjU0MTM2NTE5MDI=&google_tc= HTTP 302
  • https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEGe7xzNK4Dbw1MDyy0FqoM4&google_cver=1?gdpr=0&gdpr_consent=
Request Chain 35
  • https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_push%26google_sc%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D HTTP 302
  • https://sync-tm.everesttech.net/ct/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_push%26google_sc%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&_test=YhlQagAI8ZeGZwBB
Request Chain 36
  • https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D7941%26nid%3D2243%26put%3D%24%7BUSER_ID%7D%26expires%3D90 HTTP 302
  • https://sync-tm.everesttech.net/ct/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D7941%26nid%3D2243%26put%3D%24%7BUSER_ID%7D%26expires%3D90&_test=YhlQagAI-GuqvQBH
Request Chain 37
  • https://sync-tm.everesttech.net/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D HTTP 302
  • https://sync-tm.everesttech.net/ct/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D&_test=YhlQagAI8dqGogBB
Request Chain 38
  • https://sync-tm.everesttech.net/upi/pid/UH6TUt9n?redir=https%3A%2F%2Fib.adnxs.com%2Fsetuid%3Fentity%3D158%26code%3D%24%7BTM_USER_ID%7D HTTP 302
  • https://sync-tm.everesttech.net/ct/upi/pid/UH6TUt9n?redir=https%3A%2F%2Fib.adnxs.com%2Fsetuid%3Fentity%3D158%26code%3D%24%7BTM_USER_ID%7D&_test=YhlQagAI-JiqwwBH
Request Chain 39
  • https://sync-tm.everesttech.net/upi/pid/ny75r2x0?redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537148856%26val%3D%24%7BTM_USER_ID%7D HTTP 302
  • https://sync-tm.everesttech.net/ct/upi/pid/ny75r2x0?redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537148856%26val%3D%24%7BTM_USER_ID%7D&_test=YhlQagAI8BKHYQBB
Request Chain 40
  • https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D HTTP 302
  • https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D&_test=YhlQagAI-Dqq3QBH
Request Chain 41
  • https://sync-tm.everesttech.net/upi/pid/h0r58thg?redir=https%3A%2F%2Fsync.search.spotxchange.com%2Fpartner%3Fadv_id%3D6409%26uid%3D%24%7BUSER_ID%7D%26img%3D1 HTTP 302
  • https://sync-tm.everesttech.net/ct/upi/pid/h0r58thg?redir=https%3A%2F%2Fsync.search.spotxchange.com%2Fpartner%3Fadv_id%3D6409%26uid%3D%24%7BUSER_ID%7D%26img%3D1&_test=YhlQagAI-EGsGQBH HTTP 302
  • https://sync.search.spotxchange.com/partner?adv_id=6409&uid=YhlQagAI-EGsGQBH&img=1&_test=YhlQagAI-EGsGQBH HTTP 302
  • https://sync.search.spotxchange.com/partner?adv_id=6409&uid=YhlQagAI-EGsGQBH&img=1&_test=YhlQagAI-EGsGQBH&__user_check__=1&sync_id=b4d798b4-9685-11ec-9563-1626150c0406
Request Chain 42
  • https://sync-tm.everesttech.net/upi/pid/r7ifn0SL?redir=https%3A%2F%2Fwww.facebook.com%2Ffr%2Fb.php%3Fp%3D1531105787105294%26e%3D%24%7BTM_USER_ID%7D%26t%3D2592000%26o%3D0 HTTP 302
  • https://sync-tm.everesttech.net/ct/upi/pid/r7ifn0SL?redir=https%3A%2F%2Fwww.facebook.com%2Ffr%2Fb.php%3Fp%3D1531105787105294%26e%3D%24%7BTM_USER_ID%7D%26t%3D2592000%26o%3D0&_test=YhlQagAI-C2sIABH
Request Chain 75
  • https://cd.connatix.com/connatix.playspace.js HTTP 302
  • https://cds.connatix.com/p/151870/connatix.playspace.dc.js
Request Chain 89
  • https://js.matheranalytics.com/s/ma12095/74930332/all/ml.js?cb=1587 HTTP 301
  • https://js.matheranalytics.com/static/ltm/ma12095/all/7/ml.br.js
Request Chain 106
  • https://sb.scorecardresearch.com/b?c1=2&c2=6035363&ns__t=1645826155213&ns_c=UTF-8&ns_if=1&cv=3.5&c8=SingleStore%20could%20double%20employees%20in%20Raleigh%20in%202022%20%7C%20Raleigh%20News%20%26%20Observer&c7=https%3A%2F%2Fwww.newsobserver.com%2Fnews%2Fbusiness%2Farticle257921743.html%3Futm_medium%3Demail%26amp&c9= HTTP 302
  • https://sb.scorecardresearch.com/b2?c1=2&c2=6035363&ns__t=1645826155213&ns_c=UTF-8&ns_if=1&cv=3.5&c8=SingleStore%20could%20double%20employees%20in%20Raleigh%20in%202022%20%7C%20Raleigh%20News%20%26%20Observer&c7=https%3A%2F%2Fwww.newsobserver.com%2Fnews%2Fbusiness%2Farticle257921743.html%3Futm_medium%3Demail%26amp&c9=
Request Chain 116
  • https://c1.adform.net/serving/cookie/match?party=14&cid=5BEBE1D3-4BAF-44DC-B4D6-4F3B1B462FEE HTTP 302
  • https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=5BEBE1D3-4BAF-44DC-B4D6-4F3B1B462FEE
Request Chain 118
  • https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID HTTP 302
  • https://d5p.de17a.com/getuid/pubmatic;c?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=7070764015484992801
Request Chain 119
  • https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA%3D%3D%26piggybackCookie%3Duid%3A%5BMM_UUID%5D HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:b7ee6219-506a-4a00-b525-30b76c7dbba9&gdpr=0&gdpr_consent=
Request Chain 120
  • https://dsp.adfarm1.adition.com/cookie/?ssp=9 HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7068769510638024856
Request Chain 121
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=W-vh00uvRNy01k87G0Yv7g%3D%3D HTTP 302
  • https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
Request Chain 122
  • https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D HTTP 302
  • https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=9e936219-506a-4300-b40d-5f858cd535a5
Request Chain 123
  • https://pixel.onaudience.com/?partner=214&mapped=5BEBE1D3-4BAF-44DC-B4D6-4F3B1B462FEE HTTP 302
  • https://loada.exelator.com/load/?p=1164&g=1&j=r&ru=https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D161%26icm%26cver%26mapped%3D%25%25UID%25%25 HTTP 302
  • https://loada.exelator.com/load/?p=1164&g=1&j=r&ru=https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D161%26icm%26cver%26mapped%3D%25%25UID%25%25&xl8blockcheck=1 HTTP 302
  • https://pixel.onaudience.com/?partner=161&icm&cver&mapped=9bf1f2452395c0f27a5db78401681a30 HTTP 302
  • https://sync.crwdcntrl.net/map/c=8587/tp=CLOD?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D HTTP 302
  • https://sync.crwdcntrl.net/map/ct=y/c=8587/tp=CLOD?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D HTTP 302
  • https://pixel.onaudience.com/?partner=104&icm&cver&mapped=7e5dbfe0e61625f33461614e2904ebcf HTTP 302
  • https://spl.zeotap.com/?zdid=1332&zcluid=f5e64495cc0dbd06 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=bb6e83e4-fbd8-416b-6315-b107db014794&reqId=f68f0154-97cf-4837-773c-25708787bbe8&zcluid=f5e64495cc0dbd06&zdid=1332 HTTP 302
  • https://mwzeom.zeotap.com/mw?google_gid=CAESEKljnf9-A4Plg1b7oeftSHI&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=bb6e83e4-fbd8-416b-6315-b107db014794&reqId=f68f0154-97cf-4837-773c-25708787bbe8&zcluid=f5e64495cc0dbd06&zdid=1332
Request Chain 124
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=NUJFQkUxRDMtNEJBRi00NERDLUI0RDYtNEYzQjFCNDYyRkVF&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Request Chain 125
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEJ-5OT2RloLRRqfdU3p2dKU&google_cver=1
Request Chain 127
  • https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
  • https://c1.adform.net/serving/cookie/match?CC=1&party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=2185369571982332337
Request Chain 128
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=78b4844b-aae7-4c34-9feb-c3730bce9346
Request Chain 129
  • https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent= HTTP 307
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA%3D%26piggybackCookie%3D%24UID%26gdpr%3D0%26gdpr_consent%3D HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=6288090308618684967&gdpr=0&gdpr_consent=
Request Chain 161
  • https://eb2.3lift.com/sync HTTP 302
  • https://eb2.3lift.com/sync?&ld=1
Request Chain 167
  • https://tpc.googlesyndication.com/pagead/imgad?id=CICAgKDnq7jUeBABGAEoATIIRCa0hO01vLpA1fzu7AU HTTP 301
  • https://tpc.googlesyndication.com/simgad/14221371079760943072
Request Chain 180
  • https://tags.mathtag.com/notify/img?exch=apn&s_exch=apn&id=5aW95q2jLzIzLyAvWmpjNU1qVTJPRGd0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzUxMDU5Nzk2Mjk1MzQ2MzM0OTQvNjYyMjM5NS80NTYyMzEyLzEzL0NoWG01UlNzZXg3anBqTm5xdzA4cWZHcnlrSHFCblNmdnJxWXdYLV9fREkvMS8xMy8wLzAvOTU2ODAzLzIzMjgzMDczMzMvMjE2NTM2LzY1MTg3MS8xLzAvMC9NREF3TURBd01EQXRNREF3TUMwd01EQXdMVEF3TURBdE1EQXdNREF3TURBd01EQXcvMC8wLzAvMC8wLzUxMDU5Nzk2Mjk1MzQ2MzM0OTQvenJoLzAvMjAwMi85NS85OTkvMzIyLzEzOC4xOTkuMzguMC8wLjAwMC8xNjQ1ODI2MTU1LzE2NDU4Mzg3NTUvMTMvNzU0My8/fCjpgBw7DXUZs6cRFByoeZuXX6E&nodeid=1622&group=zrh&auctionid=5105979629534633494&shardkey=5105979629534633494&sid=4562312&cid=6622395&bp=a_bbehaa&nfy_act=LD5wew&bfip=185.29.135.61&type=imp&client=c2s HTTP 302
  • https://sync.mathtag.com/sync/img?sync=auto&source=bidder&mt_lim=1&type=1,2
Request Chain 191
  • https://ad.mrtnsvr.com/sync/triplelift HTTP 302
  • https://eb2.3lift.com/xuidmid=7976&xuid=0y8xa1ufp&dongle=u6nf
Request Chain 193
  • https://eb2.3lift.com/sync/google/demand?sync=1&gdpr=1&gdpr_consent= HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MjYxNTIyMDEyMTA5OTA4OTg3NTE4OA%3D%3D
Request Chain 195
  • https://pr-bh.ybp.yahoo.com/sync/triplelift/2615220121099089875188?gdpr=1&gdpr_consent= HTTP 302
  • https://eb2.3lift.com/xuid?mid=2662&xuid=y-vTY68WlE2oQoRipyVKJSFmSJDoDA_eBSammNad6FGw--~A&dongle=0883
Request Chain 197
  • https://s.amazon-adsystem.com/x/757c0557066e95cfd4c7?gdpr=1&gdpr_consent=&uid=2615220121099089875188 HTTP 302
  • https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=2615220121099089875188&dcc=t
Request Chain 199
  • https://b1sync.zemanta.com/usersync/triplelift?gdpr=1&gdpr_consent= HTTP 302
  • https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=&gdpr=1
Request Chain 200
  • https://pixel.everesttech.net/7996/gr?ev_gb=0&url=https%3A%2F%2Fwww.everestjs.net%2Fstatic%2Fpixel_details.html%23google%3D__EFGCK__%26gsurfer%3D__EFGSURFER__%26imsId%3D__EFIMSORGID__%26optout%3D__EFOPTOUT__%26throttleCookie%3D__EFSYNC__%26time%3D__EFTIME__ HTTP 302
  • https://www.everestjs.net/static/pixel_details.html
Request Chain 205
  • https://gum.criteo.com/sid/json?origin=publishertag&domain=newsobserver.com&sn=ChromeSyncframe&so=0&topUrl=www.newsobserver.com&cw=1&lsw=1 HTTP 302
  • https://mug.criteo.com/sid?cpp=OB8uonxmaVVQenIrNmlVdUhwdHVacG9kendMQVo5ZGZMcXdlSEhUUk9rU2hQUlFZTGJPdnFFaXZJdGkrOHBwV0l1bHExelg1VWhBZDVqR3ZkUmpKekpiTzlKZ3JyU0FTL05KNVErbW5sQkVJTTNaTno5MzZCNlNsVFpqcE1kUldJRGRRSStVMXhkQXkrSU4xMjlXU0Zaa0JwcDU5bE5JT0w5bmdWN0RhWjVMc2d0UEFkRnlBVVl4bnVVdHNCSnBHYStrRlRlZC9LOVQ3MmtkNFNkK1NZSHZTOVlxb2dleGpuZ3Q2a1pqZzQyNnJVR3liSzdyK29LdGFJTkhrSGcyM2FaeFhmR3hLc3VrajcyTmJWeEFXRnRsYmV0UT09fA&cppv=2
Request Chain 220
  • https://hal900022.redintelligence.net/request.php?zone=j7ljeqx6jfhz&nw=20&renderingType=javascript&namespace=f7b9c5f8dd&subid=&uid=a20ecdda5af80927&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Aapn&envData=&gdpr=%5BBID_ATTR.gdpr_flag%5D&gdpr_consent=%5BBID_ATTR.gdpr_str%5D&ud=&redirectClick=http%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D5105979629534633494%26mt_id%3D6622395%26mt_adid%3D216536%26redirect%3D&documentReferer=https%3A%2F%2Fwww.newsobserver.com%2Fnews%2Fbusiness%2Farticle257921743.html%3Futm_medium%3Demail%26amp&ancestorOrigins=https%3A%2F%2Fwww.newsobserver.com&random=4957907411894&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
  • https://hal900022.redintelligence.net/request.php?zone=j7ljeqx6jfhz&nw=20&renderingType=javascript&namespace=f7b9c5f8dd&subid=&uid=a20ecdda5af80927&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Aapn&envData=&gdpr=%5BBID_ATTR.gdpr_flag%5D&gdpr_consent=%5BBID_ATTR.gdpr_str%5D&ud=&redirectClick=http%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D5105979629534633494%26mt_id%3D6622395%26mt_adid%3D216536%26redirect%3D&documentReferer=https%3A%2F%2Fwww.newsobserver.com%2Fnews%2Fbusiness%2Farticle257921743.html%3Futm_medium%3Demail%26amp&ancestorOrigins=https%3A%2F%2Fwww.newsobserver.com&random=4957907411894&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Request Chain 226
  • https://rp.liadm.com/j?dtstmp=1645826156645&aid=a-01ec&se=e30&duid=287830b26e9e--01fwse49xm2ypmpnw2wce6b8dv&tna=v2.3.0&pu=https%3A%2F%2Fwww.newsobserver.com%2Fnews%2Fbusiness%2Farticle257921743.html%3Futm_medium%3Demail%26amp&ext_IXWRAPPERLiveIntentIp=%7B%22t%22%3A1645826155398%2C%22d%22%3A%7B%22response%22%3A%22error%22%2C%22version%22%3A%221.1.1%22%2C%22data%22%3A%22response%20missing%20id%20and%2For%20keyID%22%7D%2C%22e%22%3A1645912555398%7D&wpn=lc-bundle&c=PHRpdGxlPkxpdmVDb25uZWN0IFBpeGVsPC90aXRsZT4 HTTP 302
  • https://rp4.liadm.com/j?dtstmp=1645826156645&aid=a-01ec&se=e30&duid=287830b26e9e--01fwse49xm2ypmpnw2wce6b8dv&tna=v2.3.0&pu=https%3A%2F%2Fwww.newsobserver.com%2Fnews%2Fbusiness%2Farticle257921743.html%3Futm_medium%3Demail%26amp&ext_ixwrapperliveintentip=%7B%22t%22%3A1645826155398%2C%22d%22%3A%7B%22response%22%3A%22error%22%2C%22version%22%3A%221.1.1%22%2C%22data%22%3A%22response%20missing%20id%20and%2For%20keyID%22%7D%2C%22e%22%3A1645912555398%7D&wpn=lc-bundle&c=PHRpdGxlPkxpdmVDb25uZWN0IFBpeGVsPC90aXRsZT4&i6=MmEwMjo2ZWEwOmM3MWI6MDoxMDEyOjM3YWI6OWE0NTpmZmU3
Request Chain 227
  • https://match.prod.bidr.io/cookie-sync/cri?r=https%3a%2f%2fssp-sync.criteo.com%2fuser-sync%2fmatch%3fp%3dIyhCxV9hQURSTW9kUk5VTFAwSzZhYWxwck4yeE9MQmRVOXFEJTJCS0RqN0dQeE9aeFElM0Q%26u%3d%24%7bUSER_ID%7d&gdpr=false&consent=&ccpa= HTTP 303
  • https://match.prod.bidr.io/cookie-sync/cri?r=https%3A%2F%2Fssp-sync.criteo.com%2Fuser-sync%2Fmatch%3Fp%3DIyhCxV9hQURSTW9kUk5VTFAwSzZhYWxwck4yeE9MQmRVOXFEJTJCS0RqN0dQeE9aeFElM0Q%26u%3D%24%7BUSER_ID%7D&gdpr=false&consent=&ccpa=&_bee_ppp=1 HTTP 303
  • https://ssp-sync.criteo.com/user-sync/match?p=IyhCxV9hQURSTW9kUk5VTFAwSzZhYWxwck4yeE9MQmRVOXFEJTJCS0RqN0dQeE9aeFElM0Q&u=AAFuv07EMqEAAHxEK4bs6A&gdpr=false
Request Chain 228
  • https://x.bidswitch.net/sync?ssp=criteo&custom_data=kyHP7l9KdSUyQjR2SmhYNHkyZlN2U3ZNV05XMVhybUIwQWd4dGVYSE5NJTJCQmlERXFPTSUzRA&gdpr=false&gdpr_consent=&us_privacy=&cr_user_id=k-lq7WSQYrPOr7SSR9r0kfUqVJBZu93nrDyAw1DA HTTP 302
  • https://x.bidswitch.net/ul_cb/sync?ssp=criteo&custom_data=kyHP7l9KdSUyQjR2SmhYNHkyZlN2U3ZNV05XMVhybUIwQWd4dGVYSE5NJTJCQmlERXFPTSUzRA&gdpr=false&gdpr_consent=&us_privacy=&cr_user_id=k-lq7WSQYrPOr7SSR9r0kfUqVJBZu93nrDyAw1DA HTTP 302
  • https://rtb.mfadsrvr.com/sync?ssp=bidswitch&bidswitch_ssp_id=criteo&bsw_user_id=a72f5e15-275d-4ac5-badb-c26004de2a3e HTTP 302
  • https://rtb.mfadsrvr.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=criteo&bsw_user_id=a72f5e15-275d-4ac5-badb-c26004de2a3e HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=250&expires=14&user_id=04c6b035-fef6-4bfb-9cc2-9181f4c4e87b&ssp=criteo HTTP 302
  • https://ssp-sync.criteo.com/user-sync/match?p=kyHP7l9KdSUyQjR2SmhYNHkyZlN2U3ZNV05XMVhybUIwQWd4dGVYSE5NJTJCQmlERXFPTSUzRA&u=a72f5e15-275d-4ac5-badb-c26004de2a3e
Request Chain 229
  • https://sync.taboola.com/sg/criteoscod/1/cm?redirect=https%3a%2f%2fssp-sync.criteo.com%2fuser-sync%2fmatch%3fp%3df2i28l9WdDlocFMlMkYlMkZwJTJGUnUzQXJoRXdmQm1KU0NKOHA4R2hWSlZXWUIlMkZLNyUyRkhDRSUzRA%26u%3d%3cTUID%3e&gdpr=false&consent=&ccpa= HTTP 302
  • https://ssp-sync.criteo.com/user-sync/match?p=f2i28l9WdDlocFMlMkYlMkZwJTJGUnUzQXJoRXdmQm1KU0NKOHA4R2hWSlZXWUIlMkZLNyUyRkhDRSUzRA&u=a8038f00-149d-4891-b51e-b2300493663a-tuct912d5ec
Request Chain 240
  • https://cm.everesttech.net/cm HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&url=/1x1&google_hm=WWhsUWFnQUktRUdzR1FCSA HTTP 302
  • https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1x1&google_gid=CAESEDi99AhdhB8uCppcaUTw4Q4&google_cver=1 HTTP 302
  • https://pixel.everesttech.net/1x1
Request Chain 247
  • https://pv.medialead.de/trck/epv/e99aace94e6e5873830a7df8deda4aa6?subid=96548700200570900951425011881022&t=htlp HTTP 302
  • https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=96548700200570900951425011881022&actionid=981741&produktid=&dt_url=
Request Chain 250
  • https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=2586457850182.3286 HTTP 302
  • https://5994599.fls.doubleclick.net/activityi;dc_pre=CMuRy5vsm_YCFU1EHQkdve8Icw;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=2586457850182.3286
Request Chain 252
  • https://pv.medialead.de/trck/eview/e99aace94e6e5873830a7df8deda4aa6?subid=96548700200570900951425011881022 HTTP 302
  • https://ad-server.eu/wm/pb/native.png
Request Chain 290
  • https://sync.mathtag.com/sync/img?mt_exid=36&redir=https%3A%2F%2Fi.liadm.com%2Fs%2Fe%2Fa-01ec%2F0%2Fe53e8d344b4c41cba3f833f208f5204c%3Fmpid%3D7156%26muid%3D%5BMM_UUID%5D&eaa3bd13-0944-445e-bbf7-f32202ef208a HTTP 302
  • https://i.liadm.com/s/e/a-01ec/0/e53e8d344b4c41cba3f833f208f5204c?mpid=7156&muid=9e936219-506a-4300-b40d-5f858cd535a5
Request Chain 291
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=liveintent&ttd_tpi=1 HTTP 302
  • https://i.liadm.com/s/35759?bidder_id=44489&bidder_uuid=78b4844b-aae7-4c34-9feb-c3730bce9346 HTTP 303
  • https://i6.liadm.com/s/35759?bidder_id=44489&bidder_uuid=78b4844b-aae7-4c34-9feb-c3730bce9346
Request Chain 292
  • https://dpm.demdex.net/ibs:dpid=127444&dpuuid=eaa3bd13-0944-445e-bbf7-f32202ef208a&redir=https%3A%2F%2Fi.liadm.com%2Fs%2Fe%2Fa-01ec%2F0%2Fe53e8d344b4c41cba3f833f208f5204c%3Fmpid%3D82775%26muid%3D%24%7BDD_UUID%7D HTTP 302
  • https://i.liadm.com/s/e/a-01ec/0/e53e8d344b4c41cba3f833f208f5204c?mpid=82775&muid=02038028050926991432813041325413651902
Request Chain 293
  • https://x.dlx.addthis.com/e/live_intent_sync?na_exid=eaa3bd13-0944-445e-bbf7-f32202ef208a HTTP 302
  • https://x.dlx.addthis.com/e/live_intent_sync?na_exid=eaa3bd13-0944-445e-bbf7-f32202ef208a&rd=Y
Request Chain 294
  • https://x.bidswitch.net/syncd?dsp_id=256&user_group=2&user_id=eaa3bd13-0944-445e-bbf7-f32202ef208a&redir=%2F%2Fi.liadm.com%2Fs%2F52176%3Fbidder_id%3D5298%26bidder_uuid%3D%24%7BBSW_UID%7D HTTP 302
  • https://i.liadm.com/s/52176?bidder_id=5298&bidder_uuid=a72f5e15-275d-4ac5-badb-c26004de2a3e HTTP 303
  • https://i6.liadm.com/s/52176?bidder_id=5298&bidder_uuid=a72f5e15-275d-4ac5-badb-c26004de2a3e
Request Chain 295
  • https://x.bidswitch.net/sync?ssp=liveintent&user_id=eaa3bd13-0944-445e-bbf7-f32202ef208a HTTP 302
  • https://c1.adform.net/serving/cookie/match/?party=24&bidswitch_ssp_id=liveintent HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=70&user_id=2185369571982332337&ssp=liveintent HTTP 302
  • https://i.liadm.com/s/52164?bidder_id=5298&licd=&bidder_uuid=a72f5e15-275d-4ac5-badb-c26004de2a3e HTTP 303
  • https://i6.liadm.com/s/52164?bidder_id=5298&licd=&bidder_uuid=a72f5e15-275d-4ac5-badb-c26004de2a3e

299 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request article257921743.html
www.newsobserver.com/news/business/ 		121 KB
24 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.219.128 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-219-128.deploy.static.akamaitechnologies.com
Software
MI /
Resource Hash
c2c42789a705be8af2bd9fa3437fd83abacd43834c1da2dcd1513d00fbe189c7

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

server
MI
content-type
text/html;charset=utf-8
x-proxy-forwarding-type
WhiteList
x-meter
s
access-control-allow-origin
*
access-control-allow-methods
GET,POST,OPTIONS
access-control-allow-headers
*
access-control-allow-credentials
false
access-control-max-age
86400
vary
Accept-Encoding
mi-cache
HIT
mi-cache-age
7440
x-mi-in-market
0
etag
W/"1dea2-M7G1rtcICubn8IzeAT31DDF9PMw"
x-varnish
469306353, 468425390 456740812
surrogate-control
varnish=ESI/2.1
mi-api
WPS
x-akamai-transformed
9 123148 0 pmb=mTOE,2
content-encoding
gzip
expires
Fri, 25 Feb 2022 21:55:54 GMT
cache-control
max-age=0, no-cache, no-store
pragma
no-cache
date
Fri, 25 Feb 2022 21:55:54 GMT
content-length
24179
newsobservercore.js
www.newsobserver.com/static/yozons-lib/ 		201 KB
59 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.newsobserver.com/static/yozons-lib/newsobservercore.js
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.219.128 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-219-128.deploy.static.akamaitechnologies.com
Software
MI /
Resource Hash
81abb2049251ad61c5569a04da793f36dce52b303689400d4fea58720eb959b5

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:55:54 GMT
content-encoding
gzip
vary
Accept-Encoding
x-mi-in-market
0
surrogate-control
varnish=ESI/2.1
mi-cache-age
184
content-length
60206
last-modified
Thu, 24 Feb 2022 16:30:03 GMT
server
MI
etag
W/"32273-5d8c6181978c0"
access-control-max-age
86400
access-control-allow-methods
GET,POST,OPTIONS
x-varnish
393588058, 788457191 799377713
access-control-allow-origin
*
cache-control
max-age=214
access-control-allow-credentials
false
mi-cache
HIT
content-type
application/javascript
access-control-allow-headers
*
vendor.bundle-e8bf89b42a8198ff411c.js
www.newsobserver.com/wps/build/webpack/ 		99 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.newsobserver.com/wps/build/webpack/vendor.bundle-e8bf89b42a8198ff411c.js
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.219.128 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-219-128.deploy.static.akamaitechnologies.com
Software
MI /
Resource Hash
798b67bb2ea3243fac61fc7df7e5585a5adc40887e278bdf62598ca5d7629903

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:55:54 GMT
content-encoding
gzip
vary
Accept-Encoding
x-mi-in-market
0
surrogate-control
varnish=ESI/2.1
mi-cache-age
207153
content-length
34371
last-modified
Fri, 11 Feb 2022 16:11:15 GMT
server
MI
x-proxy-forwarding-type
BlackList
etag
W/"18ca4-17ee98d8cb8"
access-control-max-age
86400
access-control-allow-methods
GET,POST,OPTIONS
x-varnish
387711434, 644325532 552803713
access-control-allow-origin
*
cache-control
max-age=252441
access-control-allow-credentials
false
mi-cache
HIT
content-type
application/javascript;charset=UTF-8
access-control-allow-headers
*
mi-header.bundle-c011bc64fa85525068ab.js
www.newsobserver.com/wps/build/webpack/ 		9 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.newsobserver.com/wps/build/webpack/mi-header.bundle-c011bc64fa85525068ab.js
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.219.128 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-219-128.deploy.static.akamaitechnologies.com
Software
MI /
Resource Hash
04b15f5300716033ee6827b33c186e46d88d6a253679504cf1a8e9c1a3d75391

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:55:54 GMT
content-encoding
gzip
vary
Accept-Encoding
x-mi-in-market
0
surrogate-control
varnish=ESI/2.1
mi-cache-age
112495
content-length
3215
last-modified
Fri, 11 Feb 2022 16:11:15 GMT
server
MI
x-proxy-forwarding-type
BlackList
etag
W/"2507-17ee98d8cb8"
access-control-max-age
86400
access-control-allow-methods
GET,POST,OPTIONS
x-varnish
390916381, 546885906 523950554
access-control-allow-origin
*
cache-control
max-age=252408
access-control-allow-credentials
false
mi-cache
HIT
content-type
application/javascript;charset=UTF-8
access-control-allow-headers
*
css
fonts.googleapis.com/ 		9 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Noto+Sans:400,700|Noto+Serif:400,700&display=swap&subset=latin-ext
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
c5229f002ac2e5386363995cd322db64b853c58d83c93a0f760677a8e8a29ed5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Fri, 25 Feb 2022 21:41:45 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Fri, 25 Feb 2022 21:55:54 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 25 Feb 2022 21:55:54 GMT
mi-styles.9ce23b04407b0766c12d.css
www.newsobserver.com/wps/build/webpack/css/ 		205 KB
44 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.newsobserver.com/wps/build/webpack/css/mi-styles.9ce23b04407b0766c12d.css
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.219.128 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-219-128.deploy.static.akamaitechnologies.com
Software
MI /
Resource Hash
1e6d94ef150d4115e6628cd2343020b53d8005f230b822a528e9dfbf4c4094e1

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:55:54 GMT
content-encoding
gzip
vary
Accept-Encoding
x-mi-in-market
0
surrogate-control
varnish=ESI/2.1
mi-cache-age
32
content-length
44295
last-modified
Fri, 11 Feb 2022 16:11:25 GMT
server
MI
x-proxy-forwarding-type
BlackList
etag
W/"33495-17ee98db3c8"
access-control-max-age
86400
access-control-allow-methods
GET,POST,OPTIONS
x-varnish
401349347, 100532349 95238123
access-control-allow-origin
*
cache-control
max-age=244260
access-control-allow-credentials
false
mi-cache
HIT
content-type
text/css;charset=UTF-8
access-control-allow-headers
*
guid.js
www.newsobserver.com/wps/source/scripts/libs/ 		1 KB
969 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.newsobserver.com/wps/source/scripts/libs/guid.js
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.219.128 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-219-128.deploy.static.akamaitechnologies.com
Software
MI /
Resource Hash
ac53400c04ca28a29467c3b6cf8f0be2f9d4333a518574fba32cc239195117db

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:55:54 GMT
content-encoding
gzip
vary
Accept-Encoding
x-mi-in-market
0
surrogate-control
varnish=ESI/2.1
mi-cache-age
399435
content-length
547
last-modified
Fri, 11 Feb 2022 16:09:29 GMT
server
MI
x-proxy-forwarding-type
BlackList
etag
W/"505-17ee98beea8"
access-control-max-age
86400
access-control-allow-methods
GET,POST,OPTIONS
x-varnish
376347621, 694399291 544997826
access-control-allow-origin
*
cache-control
max-age=147857
access-control-allow-credentials
false
mi-cache
HIT
content-type
application/javascript;charset=UTF-8
access-control-allow-headers
*
sdk.js
connect.facebook.net/en_US/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/sdk.js
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
6a33111079bea48d7f3a4f7a20904139b74ef65fe1e4061b542634c7bb3e38ba
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
e8alb4z0B1Dl8qRfadIjdQ==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
expires
Fri, 25 Feb 2022 22:12:04 GMT
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length
1687
x-fb-rlafr
0
x-fb-debug
Lw03HCypIGJZ0M6gh0wg05s8Xb830xpl9qa4Lu24Fs1OA1KMEzerJZldTnnISC3fnJPUMsIeDivmPhlvA5Gftw==
x-fb-trip-id
917726464
x-fb-content-md5
c562720f5765c1fb69e9797424233c5d
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
date
Fri, 25 Feb 2022 21:55:54 GMT
x-frame-options
DENY
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public,max-age=1200,stale-while-revalidate=3600
etag
"4af12a827d44f422aa458ccb6ebf3b96"
timing-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
api.js
www.google.com/recaptcha/ 		850 B
968 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api.js
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
eab92ff2ec845f28c66e026b42dfb3697fd12716c51491953894ff4dba8c6ca4
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:55:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=300
cross-origin-resource-policy
cross-origin
content-security-policy
frame-ancestors 'self'
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
555
x-xss-protection
1; mode=block
expires
Fri, 25 Feb 2022 21:55:54 GMT
6cc292ca
www.newsobserver.com/akam/11/ 		32 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.newsobserver.com/akam/11/6cc292ca
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.219.128 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-219-128.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
c7c09e9d407d0630fc345d492fab84c1fe0bb5cd684c84ee4e11663954bd3fa4

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 25 Feb 2022 21:55:54 GMT
content-encoding
gzip
last-modified
Thu, 02 May 2019 20:06:43 GMT
etag
"14ccb6302f2d78c47f76ef2cbeadb878d818ef2927388671af2c8fd6ea1056cc"
vary
Accept-Encoding
access-control-allow-methods
GET,POST,OPTIONS
content-type
application/javascript
access-control-allow-origin
*
access-control-max-age
86400
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
false
access-control-allow-headers
*
content-length
10421
expires
Fri, 25 Feb 2022 21:55:54 GMT
/
trinitymedia.ai/player/trinity/2900000552/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://trinitymedia.ai/player/trinity/2900000552/?pageURL=https%3A%2F%2Fwww.newsobserver.com%2Fnews%2Fbusiness%2Farticle257921743.html
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.206.8.217 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-206-8-217.compute-1.amazonaws.com
Software
Apache /
Resource Hash
2c884d249c5eec8f42cd3c97d51911016e9fff782af087fb51a1d6cfa21c7ee3

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:55:54 GMT
content-encoding
gzip
server
Apache
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
no-store
content-length
2114
mi-footer.bundle-ae46fa0f12e79ca3acaa.js
www.newsobserver.com/wps/build/webpack/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.newsobserver.com/wps/build/webpack/mi-footer.bundle-ae46fa0f12e79ca3acaa.js
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.219.128 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-219-128.deploy.static.akamaitechnologies.com
Software
MI /
Resource Hash
9b015e39eef1a91405fc98c50e6a16d48beabdac62c08e4b8218581464034cd5

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:55:54 GMT
content-encoding
gzip
vary
Accept-Encoding
x-mi-in-market
0
surrogate-control
varnish=ESI/2.1
mi-cache-age
137487
content-length
2938
last-modified
Fri, 11 Feb 2022 16:11:15 GMT
server
MI
x-proxy-forwarding-type
BlackList
etag
W/"20ff-17ee98d8cb8"
access-control-max-age
86400
access-control-allow-methods
GET,POST,OPTIONS
x-varnish
388366429, 630377525 548945378
access-control-allow-origin
*
cache-control
max-age=337322
access-control-allow-credentials
false
mi-cache
HIT
content-type
application/javascript;charset=UTF-8
access-control-allow-headers
*
vue.bundle-01d3e2dfe88c4b1b1131.js
www.newsobserver.com/wps/build/webpack/ 		107 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.newsobserver.com/wps/build/webpack/vue.bundle-01d3e2dfe88c4b1b1131.js
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.219.128 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-219-128.deploy.static.akamaitechnologies.com
Software
MI /
Resource Hash
ce3daa38c75b999bcc0583f073d663e0b1805b9447d0de99128c4ef3fdecdc59

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:55:54 GMT
content-encoding
gzip
vary
Accept-Encoding
x-mi-in-market
0
surrogate-control
varnish=ESI/2.1
mi-cache-age
333555
content-length
38913
last-modified
Fri, 11 Feb 2022 16:11:37 GMT
server
MI
x-proxy-forwarding-type
BlackList
etag
W/"1ad47-17ee98de2a8"
access-control-max-age
86400
access-control-allow-methods
GET,POST,OPTIONS
x-varnish
419351478, 705938625 618287448
access-control-allow-origin
*
cache-control
max-age=217642
access-control-allow-credentials
false
mi-cache
HIT
content-type
application/javascript;charset=UTF-8
access-control-allow-headers
*
videojs.bundle-12e5a4a723a706c9d583.js
www.newsobserver.com/wps/build/webpack/ 		455 KB
120 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.newsobserver.com/wps/build/webpack/videojs.bundle-12e5a4a723a706c9d583.js
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.219.128 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-219-128.deploy.static.akamaitechnologies.com
Software
MI /
Resource Hash
952d5990bfa8902cb04f15d02b1ee6bdd3805f640c6e25424a645a63521cc26a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:55:54 GMT
content-encoding
gzip
vary
Accept-Encoding
x-mi-in-market
0
surrogate-control
varnish=ESI/2.1
mi-cache-age
12162
content-length
121807
last-modified
Fri, 11 Feb 2022 16:11:37 GMT
server
MI
x-proxy-forwarding-type
BlackList
etag
W/"71b1f-17ee98de2a8"
access-control-max-age
86400
access-control-allow-methods
GET,POST,OPTIONS
x-varnish
396629446, 629410955 622865083
access-control-allow-origin
*
cache-control
max-age=253946
access-control-allow-credentials
false
mi-cache
HIT
content-type
application/javascript;charset=UTF-8
access-control-allow-headers
*
videoStory.bundle-28951736bd4be8aaae44.js
www.newsobserver.com/wps/build/webpack/ 		201 KB
60 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.newsobserver.com/wps/build/webpack/videoStory.bundle-28951736bd4be8aaae44.js
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.219.128 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-219-128.deploy.static.akamaitechnologies.com
Software
MI /
Resource Hash
dd0ca95fd9a9bdd98c00311638cd1f71f56a86550ad5a602c17992d0a30fd1b5

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:55:54 GMT
content-encoding
gzip
vary
Accept-Encoding
x-mi-in-market
0
surrogate-control
varnish=ESI/2.1
mi-cache-age
424207
content-length
60487
last-modified
Fri, 11 Feb 2022 16:11:37 GMT
server
MI
x-proxy-forwarding-type
BlackList
etag
W/"3253d-17ee98de2a8"
access-control-max-age
86400
access-control-allow-methods
GET,POST,OPTIONS
x-varnish
397014087, 681243174 523950551
access-control-allow-origin
*
cache-control
max-age=124302
access-control-allow-credentials
false
mi-cache
HIT
content-type
application/javascript;charset=UTF-8
access-control-allow-headers
*
galleryStoryPage.bundle-94f1410eeff04e2b829c.js
www.newsobserver.com/wps/build/webpack/ 		22 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.newsobserver.com/wps/build/webpack/galleryStoryPage.bundle-94f1410eeff04e2b829c.js
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.219.128 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-219-128.deploy.static.akamaitechnologies.com
Software
MI /
Resource Hash
c0941c831e1fa577700d13892de340682e12bec0c3dd0136232fd4d2ce067838

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:55:54 GMT
content-encoding
gzip
vary
Accept-Encoding
x-mi-in-market
0
surrogate-control
varnish=ESI/2.1
mi-cache-age
34777
content-length
6753
last-modified
Fri, 11 Feb 2022 16:11:37 GMT
server
MI
x-proxy-forwarding-type
BlackList
etag
W/"5656-17ee98de2a8"
access-control-max-age
86400
access-control-allow-methods
GET,POST,OPTIONS
x-varnish
390716899, 115591635 106338990
access-control-allow-origin
*
cache-control
max-age=313305
access-control-allow-credentials
false
mi-cache
HIT
content-type
application/javascript;charset=UTF-8
access-control-allow-headers
*
footer.bundle-1f06f5f8ac3bfe589066.js
www.newsobserver.com/wps/build/webpack/ 		10 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.newsobserver.com/wps/build/webpack/footer.bundle-1f06f5f8ac3bfe589066.js
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.219.128 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-219-128.deploy.static.akamaitechnologies.com
Software
MI /
Resource Hash
962633a9b2b7df607d091396cbe096cef615f8bd36ea627151254a5743c4e0c7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:55:54 GMT
content-encoding
gzip
vary
Accept-Encoding
x-mi-in-market
0
surrogate-control
varnish=ESI/2.1
mi-cache-age
361243
content-length
2570
last-modified
Fri, 11 Feb 2022 16:11:15 GMT
server
MI
x-proxy-forwarding-type
BlackList
etag
W/"284c-17ee98d8cb8"
access-control-max-age
86400
access-control-allow-methods
GET,POST,OPTIONS
x-varnish
390820622, 720118858 616424029
access-control-allow-origin
*
cache-control
max-age=266462
access-control-allow-credentials
false
mi-cache
HIT
content-type
application/javascript;charset=UTF-8
access-control-allow-headers
*
detail.aef409b0b49701d585d6.js
www.newsobserver.com/static/yozons-lib/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.newsobserver.com/static/yozons-lib/detail.aef409b0b49701d585d6.js
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/static/yozons-lib/newsobservercore.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.219.128 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-219-128.deploy.static.akamaitechnologies.com
Software
MI /
Resource Hash
59a6be8714d0d3d1412927d09cc691faa41beda4018e77d2ba67773580667f2e

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:55:54 GMT
content-encoding
gzip
vary
Accept-Encoding
x-mi-in-market
0
surrogate-control
varnish=ESI/2.1
mi-cache-age
292
content-length
1218
last-modified
Thu, 24 Feb 2022 16:30:01 GMT
server
MI
etag
W/"e59-5d8c617faf440"
access-control-max-age
86400
access-control-allow-methods
GET,POST,OPTIONS
x-varnish
398924676, 801177602 790384312
access-control-allow-origin
*
cache-control
max-age=499553
access-control-allow-credentials
false
mi-cache
HIT
content-type
application/javascript
access-control-allow-headers
*
netdale.d563c18f126650418ba7.js
www.newsobserver.com/static/yozons-lib/ 		68 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.newsobserver.com/static/yozons-lib/netdale.d563c18f126650418ba7.js
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/static/yozons-lib/newsobservercore.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.219.128 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-219-128.deploy.static.akamaitechnologies.com
Software
MI /
Resource Hash
4cff0edca41f1061d4de142e185cc820b1f2fd49122a3bddc1601fc56b19bc32

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:55:54 GMT
content-encoding
gzip
vary
Accept-Encoding
x-mi-in-market
0
surrogate-control
varnish=ESI/2.1
mi-cache-age
300
content-length
18916
last-modified
Thu, 24 Feb 2022 16:30:01 GMT
server
MI
etag
W/"10f67-5d8c617faf440"
access-control-max-age
86400
access-control-allow-methods
GET,POST,OPTIONS
x-varnish
784627718, 393697787 386300684
access-control-allow-origin
*
cache-control
max-age=499548
access-control-allow-credentials
false
mi-cache
HIT
content-type
application/javascript
access-control-allow-headers
*
pdp.gif
www.newsobserver.com/static/yozons-lib/ 		42 B
394 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.newsobserver.com/static/yozons-lib/pdp.gif?y=eyJkZXByIjoiZ2V0Q29uZmlnIn0=
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.219.128 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-219-128.deploy.static.akamaitechnologies.com
Software
MI /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:55:54 GMT
x-mi-in-market
0
surrogate-control
varnish=ESI/2.1
mi-cache-age
428876
content-length
42
last-modified
Tue, 15 Feb 2022 18:23:14 GMT
server
MI
etag
"2a-5d812a04d8880"
access-control-max-age
86400
access-control-allow-methods
GET,POST,OPTIONS
x-varnish
221228631, 777967203 646925333
access-control-allow-origin
*
cache-control
max-age=464639
access-control-allow-credentials
false
mi-cache
HIT
content-type
image/gif
access-control-allow-headers
*
pdp.gif
www.newsobserver.com/static/yozons-lib/ 		42 B
394 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.newsobserver.com/static/yozons-lib/pdp.gif?y=eyJkZXByIjoiY3JlYXRlVHJhbnNhY3Rpb25JZCJ9
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.219.128 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-219-128.deploy.static.akamaitechnologies.com
Software
MI /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:55:54 GMT
x-mi-in-market
0
surrogate-control
varnish=ESI/2.1
mi-cache-age
517271
content-length
42
last-modified
Tue, 15 Feb 2022 18:23:14 GMT
server
MI
etag
"2a-5d812a04d8880"
access-control-max-age
86400
access-control-allow-methods
GET,POST,OPTIONS
x-varnish
221228631, 820918788 646925333
access-control-allow-origin
*
cache-control
max-age=553098
access-control-allow-credentials
false
mi-cache
HIT
content-type
image/gif
access-control-allow-headers
*
acquire
adobedc.demdex.net/ee/v1/identity/ 		3 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://adobedc.demdex.net/ee/v1/identity/acquire?configId=97218b28-9528-481e-9a30-648529cfd9a3&requestId=34a6702d-aa9a-4bdf-a82a-f63f3da30f11
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/static/yozons-lib/newsobservercore.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.188.95.229 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-15-188-95-229.eu-west-3.compute.amazonaws.com
Software
jag /
Resource Hash
844b59780c272f04ea427fce32b01199f8eecebca60038857c7770fc698082ef
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.newsobserver.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type
text/plain; charset=UTF-8

Response headers

x-adobe-edge
IRL1;6
date
Fri, 25 Feb 2022 21:55:54 GMT
content-encoding
deflate
x-content-type-options
nosniff
server
jag
vary
Origin
content-type
application/json;charset=utf-8
access-control-allow-origin
https://www.newsobserver.com
access-control-expose-headers
Retry-After, X-Adobe-Edge, X-Request-ID
cache-control
no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials
true
x-konductor
22.2.3:8d46bad2
strict-transport-security
max-age=31536000; includeSubDomains
x-xss-protection
1; mode=block
x-request-id
34a6702d-aa9a-4bdf-a82a-f63f3da30f11
identityModulev3.min.js
www.newsobserver.com/wps/source/scripts/libs/ 		35 KB
11 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.newsobserver.com/wps/source/scripts/libs/identityModulev3.min.js
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/static/yozons-lib/newsobservercore.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.219.128 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-219-128.deploy.static.akamaitechnologies.com
Software
MI /
Resource Hash
2969aa16b763893fa2f600de842a23475f8c0f1d58ebbed3c4f7f1a63edbc0b5

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:55:54 GMT
content-encoding
gzip
vary
Accept-Encoding
x-mi-in-market
0
surrogate-control
varnish=ESI/2.1
mi-cache-age
486820
content-length
11142
last-modified
Fri, 11 Feb 2022 16:09:29 GMT
server
MI
x-proxy-forwarding-type
BlackList
etag
W/"8dbb-17ee98beea8"
access-control-max-age
86400
access-control-allow-methods
GET,POST,OPTIONS
x-varnish
410939227, 727709090 619655260
access-control-allow-origin
*
cache-control
max-age=370343
access-control-allow-credentials
false
mi-cache
HIT
content-type
application/javascript;charset=UTF-8
access-control-allow-headers
*
o-0NIpQlx3QUlC5A4PNjXhFVZNyB.woff2
fonts.gstatic.com/s/notosans/v25/ 		16 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/notosans/v25/o-0NIpQlx3QUlC5A4PNjXhFVZNyB.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Noto+Sans:400,700|Noto+Serif:400,700&display=swap&subset=latin-ext
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1f3dd8063edfcdb39f4a2163e59dbc73e16a688c59979a4103948fcbf060f385
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.newsobserver.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Wed, 23 Feb 2022 19:30:45 GMT
x-content-type-options
nosniff
age
181509
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
16168
x-xss-protection
0
last-modified
Wed, 26 Jan 2022 18:56:49 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 23 Feb 2023 19:30:45 GMT
ga6Law1J5X9T9RW6j9bNdOwzfReecQ.woff2
fonts.gstatic.com/s/notoserif/v20/ 		27 KB
27 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/notoserif/v20/ga6Law1J5X9T9RW6j9bNdOwzfReecQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Noto+Sans:400,700|Noto+Serif:400,700&display=swap&subset=latin-ext
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a0a9ce1553fa74dad4d8cf55b7df7d012a3acdec01cd39d682fce0e5b52e99f2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.newsobserver.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Tue, 22 Feb 2022 11:57:50 GMT
x-content-type-options
nosniff
age
295084
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
27456
x-xss-protection
0
last-modified
Wed, 26 Jan 2022 19:20:55 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Wed, 22 Feb 2023 11:57:50 GMT
o-0IIpQlx3QUlC5A4PNr5TRA.woff2
fonts.gstatic.com/s/notosans/v25/ 		16 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/notosans/v25/o-0IIpQlx3QUlC5A4PNr5TRA.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Noto+Sans:400,700|Noto+Serif:400,700&display=swap&subset=latin-ext
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
fa5d2912bec294d33c9dc4be4a00a9a5f4ac993049a935f4535ae687e3b08d0b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.newsobserver.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Wed, 23 Feb 2022 19:30:45 GMT
x-content-type-options
nosniff
age
181509
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
16088
x-xss-protection
0
last-modified
Wed, 26 Jan 2022 18:56:33 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 23 Feb 2023 19:30:45 GMT
fontawesome-webfont.woff2
www.newsobserver.com/wps/source/sass/main/fonts/font-awesome/fonts/ 		55 KB
56 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.newsobserver.com/wps/source/sass/main/fonts/font-awesome/fonts/fontawesome-webfont.woff2?v=4.6.3
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/wps/build/webpack/css/mi-styles.9ce23b04407b0766c12d.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.219.128 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-219-128.deploy.static.akamaitechnologies.com
Software
MI /
Resource Hash
41dd3e48dbef1ddbc59957d4e99ef7662c1702dd8b55d0900b02150f87af354a

Request headers

Referer
https://www.newsobserver.com/wps/build/webpack/css/mi-styles.9ce23b04407b0766c12d.css
Origin
https://www.newsobserver.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:55:54 GMT
x-mi-in-market
0
surrogate-control
varnish=ESI/2.1
mi-cache-age
2947
content-length
56780
last-modified
Fri, 11 Feb 2022 16:09:29 GMT
server
MI
x-proxy-forwarding-type
BlackList
etag
W/"ddcc-17ee98beea8"
access-control-max-age
86400
access-control-allow-methods
GET,POST,OPTIONS
x-varnish
384402997, 545046418 546265861
access-control-allow-origin
*
cache-control
max-age=180
access-control-allow-credentials
false
mi-cache
HIT
content-type
font/woff2;charset=ISO-8859-1
access-control-allow-headers
*
ga6Iaw1J5X9T9RW6j9bNfFcWaA.woff2
fonts.gstatic.com/s/notoserif/v20/ 		23 KB
24 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/notoserif/v20/ga6Iaw1J5X9T9RW6j9bNfFcWaA.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Noto+Sans:400,700|Noto+Serif:400,700&display=swap&subset=latin-ext
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
25475d82cc976fb2c71b15b3e416c22bf636dd247bbb268d312e7c076ec5b6e4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.newsobserver.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Wed, 23 Feb 2022 19:38:09 GMT
x-content-type-options
nosniff
age
181065
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
23948
x-xss-protection
0
last-modified
Wed, 26 Jan 2022 19:15:10 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 23 Feb 2023 19:38:09 GMT
logo.svg
www.newsobserver.com/wps/build/images/newsobserver/ 		4 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.newsobserver.com/wps/build/images/newsobserver/logo.svg
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.219.128 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-219-128.deploy.static.akamaitechnologies.com
Software
MI /
Resource Hash
3081cd5942a29f59f16b662f9487cdb95dc4473722804097a0d697bd72fb1693

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:55:54 GMT
content-encoding
gzip
vary
Accept-Encoding
x-mi-in-market
0
surrogate-control
varnish=ESI/2.1
mi-cache-age
36045
content-length
1605
last-modified
Fri, 11 Feb 2022 16:11:15 GMT
server
MI
x-proxy-forwarding-type
BlackList
etag
W/"10fe-17ee98d8cb8"
access-control-max-age
86400
access-control-allow-methods
GET,POST,OPTIONS
x-varnish
394069906, 185482714 156106995
access-control-allow-origin
*
cache-control
max-age=252423
access-control-allow-credentials
false
mi-cache
HIT
content-type
image/svg+xml;charset=ISO-8859-1
access-control-allow-headers
*
image007.jpg
www.newsobserver.com/latest-news/vdbqos/picture257927503/alternates/LANDSCAPE_1140/ 		56 KB
56 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.newsobserver.com/latest-news/vdbqos/picture257927503/alternates/LANDSCAPE_1140/image007.jpg
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.219.128 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-219-128.deploy.static.akamaitechnologies.com
Software
MI /
Resource Hash
01c359b552904d096aba5c7db32c6fcd6f8f0105f9cc8fc0740f50c85c036969

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:55:54 GMT
x-mi-in-market
0
surrogate-control
varnish=ESI/2.1
mi-cache-age
467
content-length
56965
last-modified
Tue, 01 Feb 2022 17:53:10 GMT
server
MI
x-proxy-forwarding-type
BlackList
etag
"73d560628b8b0fdc770e1bcd0a634e33"
access-control-max-age
86400
access-control-allow-methods
GET,POST,OPTIONS
x-varnish
566502917 564054725
access-control-allow-origin
*
cache-control
max-age=594640
access-control-allow-credentials
false
mi-cache
HIT
content-type
image/jpeg
access-control-allow-headers
*
sdk.js
connect.facebook.net/en_US/ 		295 KB
83 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/sdk.js?hash=78fd45e79a9b0249b41fed294b988a20
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
3ad44d75738d40d406e7439c3667f33fcaab42796537afd22296d0d5c308a5b8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://www.newsobserver.com/
Origin
https://www.newsobserver.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
eBa6yOvt7jdkHGE4f6q+qA==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
expires
Sat, 25 Feb 2023 20:48:55 GMT
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length
85138
x-fb-rlafr
0
x-fb-debug
dE5eMg8kLNN2oZISulzi7aobki4t+xZ9s9N2ZLWdXIFLyyZEEitoE6NDEytkzdfxQYtdzZSHatY8WED8G1WB9A==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
x-fb-content-md5
c819eb690d2c85e30ab56aa9c91e5488
cross-origin-opener-policy
same-origin-allow-popups
date
Fri, 25 Feb 2022 21:55:54 GMT
x-frame-options
DENY
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public,max-age=31536000,stale-while-revalidate=3600,immutable
etag
"10da365c6ff2214f28b3978cda91ac78"
timing-allow-origin
*
priority
u=3,i
access-control-expose-headers
X-FB-Content-MD5
recaptcha__de.js
www.gstatic.com/recaptcha/releases/1B_yv3CBEV10KtI2HJ6eEXhJ/ 		358 KB
142 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/1B_yv3CBEV10KtI2HJ6eEXhJ/recaptcha__de.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ee5d8f682805ed45d8c9ff24941a1ad286763bf61e23fde210d41e5016607106
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.newsobserver.com/
Origin
https://www.newsobserver.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 20:49:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
3991
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
144945
x-xss-protection
0
last-modified
Mon, 14 Feb 2022 05:01:42 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sat, 25 Feb 2023 20:49:23 GMT
main.js
mcclatchy-newsobserver.zeustechnology.com/ 		229 KB
59 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://mcclatchy-newsobserver.zeustechnology.com/main.js
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/static/yozons-lib/netdale.d563c18f126650418ba7.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-56.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
f987f79b0127a62cd1f023ffd464599511868be10fad2a07c8f827eda7ef6cb9

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-amz-version-id
HuCs6QvKJz2P7yyscOCA.UzlKIBYWrWJ
content-encoding
gzip
last-modified
Thu, 10 Feb 2022 16:57:05 GMT
server
AmazonS3
age
1218
etag
W/"0fe87638b61aada7f6c507d3297c1785"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 32c8da10203574baccb74b8f771a7ffa.cloudfront.net (CloudFront)
cache-control
max-age=600,s-maxage=3600
date
Fri, 25 Feb 2022 21:55:54 GMT
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
K88kHIfocPuZLw_9kPhhFHDbgvZGGpvtZCVM5cCZowJdDzM2BvlWhA==
pdp.gif
www.newsobserver.com/static/yozons-lib/ 		42 B
393 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.newsobserver.com/static/yozons-lib/pdp.gif?y=eyJpZCI6Im1pX2FzX25hb18wMTQ3MTYxODM2ODg3MzkxMTUyMjg3MDgxNzUyODk4NTkyMDAwOV8xXzBfMTY0NTgyNjE1NDY4NiIsImRlcHIiOiJnZXRDb25maWcifQ==
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.219.128 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-219-128.deploy.static.akamaitechnologies.com
Software
MI /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:55:55 GMT
x-mi-in-market
0
surrogate-control
varnish=ESI/2.1
mi-cache-age
569003
content-length
42
last-modified
Tue, 15 Feb 2022 18:23:14 GMT
server
MI
etag
"2a-5d812a04d8880"
access-control-max-age
86400
access-control-allow-methods
GET,POST,OPTIONS
x-varnish
221228631, 852002397 646925333
access-control-allow-origin
*
cache-control
max-age=604772
access-control-allow-credentials
false
mi-cache
HIT
content-type
image/gif
access-control-allow-headers
*
ibs:dpid=411&dpuuid=YhlQagAAAK30BQQA
dpm.demdex.net/
Redirect Chain
  • https://cm.everesttech.net/cm/dd?d_uuid=02038028050926991432813041325413651902
  • https://dpm.demdex.net/ibs:dpid=411&dpuuid=YhlQagAAAK30BQQA
42 B
945 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=411&dpuuid=YhlQagAAAK30BQQA
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
Protocol
HTTP/1.1
Server
34.253.74.200 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-253-74-200.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

DCS
dcs-prod-irl1-1-v028-00e80f1a0.edge-irl1.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
O695FF9RSPQ=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Type
image/gif
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location
https://dpm.demdex.net/ibs:dpid=411&dpuuid=YhlQagAAAK30BQQA
Date
Fri, 25 Feb 2022 21:55:54 GMT
Cache-Control
no-cache
Server
AMO-cookiemap/1.1
Connection
keep-alive
Content-Length
0
P3P
CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
ibs:dpid=771&dpuuid=CAESEGe7xzNK4Dbw1MDyy0FqoM4&google_cver=1
dpm.demdex.net/ Frame A7C0
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm&gdpr=0&gdpr_consent=&google_hm=MDIwMzgwMjgwNTA5MjY5OTE0MzI4MTMwNDEzMjU0MTM2NTE5MDI=
  • https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm=&gdpr=0&gdpr_consent=&google_hm=MDIwMzgwMjgwNTA5MjY5OTE0MzI4MTMwNDEzMjU0MTM2NTE5MDI=&google_tc=
  • https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEGe7xzNK4Dbw1MDyy0FqoM4&google_cver=1?gdpr=0&gdpr_consent=
42 B
945 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEGe7xzNK4Dbw1MDyy0FqoM4&google_cver=1?gdpr=0&gdpr_consent=
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
Protocol
HTTP/1.1
Server
34.253.74.200 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-253-74-200.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

DCS
dcs-prod-irl1-1-v028-06f56e816.edge-irl1.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
icaNEIunSyc=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Type
image/gif
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

pragma
no-cache
date
Fri, 25 Feb 2022 21:55:54 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEGe7xzNK4Dbw1MDyy0FqoM4&google_cver=1?gdpr=0&gdpr_consent=
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
314
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
5w3jqr4k
sync-tm.everesttech.net/ct/upi/pid/ Frame C844
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_push%26google_sc%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_...
  • https://sync-tm.everesttech.net/ct/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_push%26google_sc%26google_hm%3D%24%7BTM_USER_ID_BASE64E...
85 B
249 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync-tm.everesttech.net/ct/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_push%26google_sc%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&_test=YhlQagAI8ZeGZwBB
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
Protocol
H2
Server
151.101.194.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Jetty(9.4.35.v20201120) /
Resource Hash
acccc501aa6afa3cfac15e8ddccf1561deed2ed08c2f7d652abbdbe9aa71609a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 25 Feb 2022 21:55:54 GMT
via
1.1 varnish
server
Jetty(9.4.35.v20201120)
age
2736
x-served-by
cache-hhn4069-HHN
x-cache
HIT
content-type
image/png
cache-control
no-cache
accept-ranges
bytes
x-timer
S1645826155.943486,VS0,VE0
content-length
85
x-cache-hits
34578

Redirect headers

pragma
no-cache
date
Fri, 25 Feb 2022 21:55:54 GMT
via
1.1 varnish
server
Jetty(9.4.35.v20201120)
x-timer
S1645826155.773450,VS0,VE91
x-served-by
cache-hhn4069-HHN
x-cache
MISS
p3p
CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
location
https://sync-tm.everesttech.net/ct/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_push%26google_sc%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&_test=YhlQagAI8ZeGZwBB
cache-control
no-cache
accept-ranges
bytes
access-control-allow-origin
*
content-length
0
x-cache-hits
0
btu4jd3a
sync-tm.everesttech.net/ct/upi/pid/ Frame F7F4
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D7941%26nid%3D2243%26put%3D%24%7BUSER_ID%7D%26expires%3D90
  • https://sync-tm.everesttech.net/ct/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D7941%26nid%3D2243%26put%3D%24%7BUSER_ID%7D%26expires%3D90&_test=YhlQagAI-GuqvQBH
85 B
149 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync-tm.everesttech.net/ct/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D7941%26nid%3D2243%26put%3D%24%7BUSER_ID%7D%26expires%3D90&_test=YhlQagAI-GuqvQBH
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
Protocol
H2
Server
151.101.194.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Jetty(9.4.35.v20201120) /
Resource Hash
acccc501aa6afa3cfac15e8ddccf1561deed2ed08c2f7d652abbdbe9aa71609a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 25 Feb 2022 21:55:54 GMT
via
1.1 varnish
server
Jetty(9.4.35.v20201120)
age
2736
x-served-by
cache-hhn4069-HHN
x-cache
HIT
content-type
image/png
cache-control
no-cache
accept-ranges
bytes
x-timer
S1645826155.943878,VS0,VE0
content-length
85
x-cache-hits
34580

Redirect headers

pragma
no-cache
date
Fri, 25 Feb 2022 21:55:54 GMT
via
1.1 varnish
server
Jetty(9.4.35.v20201120)
x-timer
S1645826155.773529,VS0,VE89
x-served-by
cache-hhn4069-HHN
x-cache
MISS
p3p
CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
location
https://sync-tm.everesttech.net/ct/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D7941%26nid%3D2243%26put%3D%24%7BUSER_ID%7D%26expires%3D90&_test=YhlQagAI-GuqvQBH
cache-control
no-cache
accept-ranges
bytes
access-control-allow-origin
*
content-length
0
x-cache-hits
0
ZMAwryCI
sync-tm.everesttech.net/ct/upi/pid/ Frame 7603
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D
  • https://sync-tm.everesttech.net/ct/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D&_test=YhlQagAI8dqGogBB
85 B
166 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync-tm.everesttech.net/ct/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D&_test=YhlQagAI8dqGogBB
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
Protocol
H2
Server
151.101.194.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Jetty(9.4.35.v20201120) /
Resource Hash
acccc501aa6afa3cfac15e8ddccf1561deed2ed08c2f7d652abbdbe9aa71609a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 25 Feb 2022 21:55:54 GMT
via
1.1 varnish
server
Jetty(9.4.35.v20201120)
age
2736
x-served-by
cache-hhn4069-HHN
x-cache
HIT
content-type
image/png
cache-control
no-cache
accept-ranges
bytes
x-timer
S1645826155.943024,VS0,VE0
content-length
85
x-cache-hits
34576

Redirect headers

pragma
no-cache
date
Fri, 25 Feb 2022 21:55:54 GMT
via
1.1 varnish
server
Jetty(9.4.35.v20201120)
x-timer
S1645826155.773592,VS0,VE98
x-served-by
cache-hhn4069-HHN
x-cache
MISS
p3p
CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
location
https://sync-tm.everesttech.net/ct/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D&_test=YhlQagAI8dqGogBB
cache-control
no-cache
accept-ranges
bytes
access-control-allow-origin
*
content-length
0
x-cache-hits
0
UH6TUt9n
sync-tm.everesttech.net/ct/upi/pid/ Frame 37E1
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/UH6TUt9n?redir=https%3A%2F%2Fib.adnxs.com%2Fsetuid%3Fentity%3D158%26code%3D%24%7BTM_USER_ID%7D
  • https://sync-tm.everesttech.net/ct/upi/pid/UH6TUt9n?redir=https%3A%2F%2Fib.adnxs.com%2Fsetuid%3Fentity%3D158%26code%3D%24%7BTM_USER_ID%7D&_test=YhlQagAI-JiqwwBH
85 B
149 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync-tm.everesttech.net/ct/upi/pid/UH6TUt9n?redir=https%3A%2F%2Fib.adnxs.com%2Fsetuid%3Fentity%3D158%26code%3D%24%7BTM_USER_ID%7D&_test=YhlQagAI-JiqwwBH
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
Protocol
H2
Server
151.101.194.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Jetty(9.4.35.v20201120) /
Resource Hash
acccc501aa6afa3cfac15e8ddccf1561deed2ed08c2f7d652abbdbe9aa71609a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 25 Feb 2022 21:55:54 GMT
via
1.1 varnish
server
Jetty(9.4.35.v20201120)
age
2736
x-served-by
cache-hhn4069-HHN
x-cache
HIT
content-type
image/png
cache-control
no-cache
accept-ranges
bytes
x-timer
S1645826155.943635,VS0,VE0
content-length
85
x-cache-hits
34579

Redirect headers

pragma
no-cache
date
Fri, 25 Feb 2022 21:55:54 GMT
via
1.1 varnish
server
Jetty(9.4.35.v20201120)
x-timer
S1645826155.773649,VS0,VE89
x-served-by
cache-hhn4069-HHN
x-cache
MISS
p3p
CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
location
https://sync-tm.everesttech.net/ct/upi/pid/UH6TUt9n?redir=https%3A%2F%2Fib.adnxs.com%2Fsetuid%3Fentity%3D158%26code%3D%24%7BTM_USER_ID%7D&_test=YhlQagAI-JiqwwBH
cache-control
no-cache
accept-ranges
bytes
access-control-allow-origin
*
content-length
0
x-cache-hits
0
ny75r2x0
sync-tm.everesttech.net/ct/upi/pid/ Frame E476
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/ny75r2x0?redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537148856%26val%3D%24%7BTM_USER_ID%7D
  • https://sync-tm.everesttech.net/ct/upi/pid/ny75r2x0?redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537148856%26val%3D%24%7BTM_USER_ID%7D&_test=YhlQagAI8BKHYQBB
85 B
149 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync-tm.everesttech.net/ct/upi/pid/ny75r2x0?redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537148856%26val%3D%24%7BTM_USER_ID%7D&_test=YhlQagAI8BKHYQBB
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
Protocol
H2
Server
151.101.194.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Jetty(9.4.35.v20201120) /
Resource Hash
acccc501aa6afa3cfac15e8ddccf1561deed2ed08c2f7d652abbdbe9aa71609a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 25 Feb 2022 21:55:54 GMT
via
1.1 varnish
server
Jetty(9.4.35.v20201120)
age
2736
x-served-by
cache-hhn4069-HHN
x-cache
HIT
content-type
image/png
cache-control
no-cache
accept-ranges
bytes
x-timer
S1645826155.944418,VS0,VE0
content-length
85
x-cache-hits
34582

Redirect headers

pragma
no-cache
date
Fri, 25 Feb 2022 21:55:54 GMT
via
1.1 varnish
server
Jetty(9.4.35.v20201120)
x-timer
S1645826155.773699,VS0,VE127
x-served-by
cache-hhn4069-HHN
x-cache
MISS
p3p
CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
location
https://sync-tm.everesttech.net/ct/upi/pid/ny75r2x0?redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537148856%26val%3D%24%7BTM_USER_ID%7D&_test=YhlQagAI8BKHYQBB
cache-control
no-cache
accept-ranges
bytes
access-control-allow-origin
*
content-length
0
x-cache-hits
0
b9pj45k4
sync-tm.everesttech.net/ct/upi/pid/ Frame BC1B
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER...
  • https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BU...
85 B
149 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D&_test=YhlQagAI-Dqq3QBH
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
Protocol
H2
Server
151.101.194.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Jetty(9.4.35.v20201120) /
Resource Hash
acccc501aa6afa3cfac15e8ddccf1561deed2ed08c2f7d652abbdbe9aa71609a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 25 Feb 2022 21:55:54 GMT
via
1.1 varnish
server
Jetty(9.4.35.v20201120)
age
2736
x-served-by
cache-hhn4069-HHN
x-cache
HIT
content-type
image/png
cache-control
no-cache
accept-ranges
bytes
x-timer
S1645826155.943345,VS0,VE0
content-length
85
x-cache-hits
34577

Redirect headers

pragma
no-cache
date
Fri, 25 Feb 2022 21:55:54 GMT
via
1.1 varnish
server
Jetty(9.4.35.v20201120)
x-timer
S1645826155.773732,VS0,VE93
x-served-by
cache-hhn4069-HHN
x-cache
MISS
p3p
CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
location
https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D&_test=YhlQagAI-Dqq3QBH
cache-control
no-cache
accept-ranges
bytes
access-control-allow-origin
*
content-length
0
x-cache-hits
0
partner
sync.search.spotxchange.com/ Frame 77AC
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/h0r58thg?redir=https%3A%2F%2Fsync.search.spotxchange.com%2Fpartner%3Fadv_id%3D6409%26uid%3D%24%7BUSER_ID%7D%26img%3D1
  • https://sync-tm.everesttech.net/ct/upi/pid/h0r58thg?redir=https%3A%2F%2Fsync.search.spotxchange.com%2Fpartner%3Fadv_id%3D6409%26uid%3D%24%7BUSER_ID%7D%26img%3D1&_test=YhlQagAI-EGsGQBH
  • https://sync.search.spotxchange.com/partner?adv_id=6409&uid=YhlQagAI-EGsGQBH&img=1&_test=YhlQagAI-EGsGQBH
  • https://sync.search.spotxchange.com/partner?adv_id=6409&uid=YhlQagAI-EGsGQBH&img=1&_test=YhlQagAI-EGsGQBH&__user_check__=1&sync_id=b4d798b4-9685-11ec-9563-1626150c0406
43 B
548 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.search.spotxchange.com/partner?adv_id=6409&uid=YhlQagAI-EGsGQBH&img=1&_test=YhlQagAI-EGsGQBH&__user_check__=1&sync_id=b4d798b4-9685-11ec-9563-1626150c0406
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
Protocol
HTTP/1.1
Server
185.94.180.126 Amsterdam, Netherlands, ASN35220 (SPOTX-AMS, US),
Reverse DNS
Software
nginx /
Resource Hash
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Fri, 25 Feb 2022 21:55:55 GMT
Server
nginx
Access-Control-Allow-Methods
GET, POST, OPTIONS
Content-Type
image/gif
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials
false
X-fe
65
Connection
keep-alive
Content-Length
43

Redirect headers

Date
Fri, 25 Feb 2022 21:55:55 GMT
Server
nginx
Location
/partner?adv_id=6409&uid=YhlQagAI-EGsGQBH&img=1&_test=YhlQagAI-EGsGQBH&__user_check__=1&sync_id=b4d798b4-9685-11ec-9563-1626150c0406
Access-Control-Allow-Methods
GET, POST, OPTIONS
Content-Type
text/plain
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials
false
X-fe
137
Connection
keep-alive
Content-Length
0
r7ifn0SL
sync-tm.everesttech.net/ct/upi/pid/ Frame 0346
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/r7ifn0SL?redir=https%3A%2F%2Fwww.facebook.com%2Ffr%2Fb.php%3Fp%3D1531105787105294%26e%3D%24%7BTM_USER_ID%7D%26t%3D2592000%26o%3D0
  • https://sync-tm.everesttech.net/ct/upi/pid/r7ifn0SL?redir=https%3A%2F%2Fwww.facebook.com%2Ffr%2Fb.php%3Fp%3D1531105787105294%26e%3D%24%7BTM_USER_ID%7D%26t%3D2592000%26o%3D0&_test=YhlQagAI-C2sIABH
85 B
149 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync-tm.everesttech.net/ct/upi/pid/r7ifn0SL?redir=https%3A%2F%2Fwww.facebook.com%2Ffr%2Fb.php%3Fp%3D1531105787105294%26e%3D%24%7BTM_USER_ID%7D%26t%3D2592000%26o%3D0&_test=YhlQagAI-C2sIABH
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
Protocol
H2
Server
151.101.194.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Jetty(9.4.35.v20201120) /
Resource Hash
acccc501aa6afa3cfac15e8ddccf1561deed2ed08c2f7d652abbdbe9aa71609a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 25 Feb 2022 21:55:54 GMT
via
1.1 varnish
server
Jetty(9.4.35.v20201120)
age
2736
x-served-by
cache-hhn4069-HHN
x-cache
HIT
content-type
image/png
cache-control
no-cache
accept-ranges
bytes
x-timer
S1645826155.944289,VS0,VE0
content-length
85
x-cache-hits
34581

Redirect headers

pragma
no-cache
date
Fri, 25 Feb 2022 21:55:54 GMT
via
1.1 varnish
server
Jetty(9.4.35.v20201120)
x-timer
S1645826155.809403,VS0,VE93
x-served-by
cache-hhn4069-HHN
x-cache
MISS
p3p
CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
location
https://sync-tm.everesttech.net/ct/upi/pid/r7ifn0SL?redir=https%3A%2F%2Fwww.facebook.com%2Ffr%2Fb.php%3Fp%3D1531105787105294%26e%3D%24%7BTM_USER_ID%7D%26t%3D2592000%26o%3D0&_test=YhlQagAI-C2sIABH
cache-control
no-cache
accept-ranges
bytes
access-control-allow-origin
*
content-length
0
x-cache-hits
0
interact
edge.adobedc.net/ee/v1/ 		1 KB
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://edge.adobedc.net/ee/v1/interact?configId=97218b28-9528-481e-9a30-648529cfd9a3&requestId=8c4fcb14-c347-472d-802b-ce168345d065
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/static/yozons-lib/newsobservercore.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.36.218.177 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-36-218-177.eu-west-3.compute.amazonaws.com
Software
jag /
Resource Hash
7a5e636d7882bf1f785a7e507f8fc859c67fc2825fdd3a91bd0b1abf586a83a1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.newsobserver.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type
text/plain; charset=UTF-8

Response headers

x-adobe-edge
IRL1;6
date
Fri, 25 Feb 2022 21:55:54 GMT
content-encoding
deflate
x-content-type-options
nosniff
server
jag
vary
Origin
content-type
application/json;charset=utf-8
access-control-allow-origin
https://www.newsobserver.com
access-control-expose-headers
Retry-After, X-Adobe-Edge, X-Request-ID
cache-control
no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials
true
x-konductor
22.2.3:8d46bad2
strict-transport-security
max-age=31536000; includeSubDomains
x-xss-protection
1; mode=block
x-request-id
8c4fcb14-c347-472d-802b-ce168345d065
1405
check.analytics.rlcdn.com/check/ 		25 B
384 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://check.analytics.rlcdn.com/check/1405
Requested by
Host: mcclatchy-newsobserver.zeustechnology.com
URL: https://mcclatchy-newsobserver.zeustechnology.com/main.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.119 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-119.fra50.r.cloudfront.net
Software
/
Resource Hash
8a9ba7bbc88ec23d81a2d63845638a3b6603de473261872f301803cef84ef335

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:55:54 GMT
via
1.1 baaf38f0a0d54e4834bf934fa5189cea.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA50-C1
x-amzn-requestid
c6d83b25-6235-48a0-993a-a4d4f64edf68
x-cache
Miss from cloudfront
content-type
application/json
access-control-allow-origin
*
x-amzn-trace-id
Root=1-6219506a-155646ef495d7c591ce16ba6
x-amz-apigw-id
OHmAvFk2joEFvcw=
content-length
25
x-amz-cf-id
ah3lZcKa8GycMSibJ8Oz4Ic9ghDn_EcxTWxbge62qD_UB84ZkYoqFg==
publishertag.js
static.criteo.net/js/ld/ 		127 KB
41 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.criteo.net/js/ld/publishertag.js
Requested by
Host: mcclatchy-newsobserver.zeustechnology.com
URL: https://mcclatchy-newsobserver.zeustechnology.com/main.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
1edc83f7137848a661dbf5a61dbe4bb3b42fc7d064004560ea0269b45747e7d3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:55:54 GMT
content-encoding
gzip
last-modified
Mon, 31 Jan 2022 09:04:37 GMT
server
nginx
etag
W/"61f7a625-1fc09"
strict-transport-security
max-age=31536000; preload;
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=86400, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Sat, 26 Feb 2022 21:55:54 GMT
185522-243508426708752.js
js-sec.indexww.com/ht/p/ 		38 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js-sec.indexww.com/ht/p/185522-243508426708752.js
Requested by
Host: mcclatchy-newsobserver.zeustechnology.com
URL: https://mcclatchy-newsobserver.zeustechnology.com/main.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
d6f461281199dd975b4e6633b4d9607e40c0c54e21509c17b51cb3cbe39508da

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Fri, 25 Feb 2022 21:55:54 GMT
Content-Encoding
gzip
Last-Modified
Fri, 25 Feb 2022 21:11:12 GMT
Server
Apache
ETag
"760b40-9890-5d8de23757cab"
Vary
Accept-Encoding
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=1159
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
text/javascript
Content-Length
13164
Expires
Fri, 25 Feb 2022 22:15:13 GMT
userSync.js
ads.pubmatic.com/AdServer/js/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/userSync.js
Requested by
Host: mcclatchy-newsobserver.zeustechnology.com
URL: https://mcclatchy-newsobserver.zeustechnology.com/main.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-233-180.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
5a49ffdeec0e61058ab6cdd783275b84a2c27a7a26b95a644f7764a78b510a7a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:55:54 GMT
content-encoding
gzip
last-modified
Tue, 15 Jun 2021 06:08:14 GMT
server
Apache/2.2.15 (CentOS)
etag
"1300709-1af3-5c4c7cca9e573"
vary
Accept-Encoding
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
public, max-age=30136
accept-ranges
bytes
content-type
text/javascript
content-length
2267
expires
Sat, 26 Feb 2022 06:18:10 GMT
sync.js
ib.3lift.com/ 		275 B
574 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.3lift.com/sync.js
Requested by
Host: mcclatchy-newsobserver.zeustechnology.com
URL: https://mcclatchy-newsobserver.zeustechnology.com/main.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-115.fra50.r.cloudfront.net
Software
/
Resource Hash
c815be0139a92202ff8f262cc335f6ae103594bb1d92c1c479ed604adf384a16

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:46:52 GMT
via
1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
last-modified
Fri, 25 Feb 2022 21:46:52 GMT
age
542
x-cache
Hit from cloudfront
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=900
x-amz-cf-pop
FRA50-C1
content-length
275
x-amz-cf-id
Xvu_e-tM0fHUsoX-W1ojqMicKnwpvjqTN74EPPLaF57iQ-6_xrv9Wg==
gpt.js
securepubads.g.doubleclick.net/tag/js/ 		82 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: mcclatchy-newsobserver.zeustechnology.com
URL: https://mcclatchy-newsobserver.zeustechnology.com/main.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
sffe /
Resource Hash
0333a90b010263da8fbaddbe8a6415d40c8699ab5ff4e2bddfdbcc0c75b8cb24
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:55:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
27834
x-xss-protection
0
server
sffe
etag
"1143 / 617 of 1000 / last-modified: 1645790816"
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Fri, 25 Feb 2022 21:55:54 GMT
lineItems.json
sponsorship-lines.zeustechnology.com/mcclatchy/newsobserver/ 		144 B
608 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://sponsorship-lines.zeustechnology.com/mcclatchy/newsobserver/lineItems.json
Requested by
Host: mcclatchy-newsobserver.zeustechnology.com
URL: https://mcclatchy-newsobserver.zeustechnology.com/main.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.32 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-32.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
50b04fe8bef4a4c0f1c63c90f81e17274ececa52ea4180a96768a3016f4ec3e4

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-amz-version-id
eYijgemRGbA1EJonFg3zu2dow1rakb7A
via
1.1 055d899361491602a9ef1eb0cdc5e336.cloudfront.net (CloudFront)
etag
"edf144faf2c41f6ce972d9e3fa6d4f7e"
age
2635
x-cache
Hit from cloudfront
content-length
144
last-modified
Tue, 15 Feb 2022 05:00:14 GMT
server
AmazonS3
date
Fri, 25 Feb 2022 21:12:00 GMT
access-control-allow-methods
GET, POST, PUT
content-type
binary/octet-stream
access-control-allow-origin
*
cache-control
public, max-age=3600, immutable
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
x-amz-cf-id
_2LSqC9LVbWV59jaFv7vvvp_cRARevhQccmIskbVPCTlru5uura4bQ==
apstag.js
c.amazon-adsystem.com/aax2/ 		134 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/aax2/apstag.js
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/static/yozons-lib/netdale.d563c18f126650418ba7.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.95.188 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-95-188.fra50.r.cloudfront.net
Software
Server /
Resource Hash
784acd540b5fcfb87c47dfe12e5311084ce692366a2ac196fd5cc8eb28ff4c23

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-amz-version-id
HISltcT4EtRtqxCZ_leiYbAE6TJJFUPD
content-encoding
gzip
etag
c1da564f59b83b9805e8df92eca012f5
age
146
x-cache
Hit from cloudfront
server
Server
x-amz-rid
1VFTTNAKYC6EDX17E240
date
Fri, 25 Feb 2022 21:53:28 GMT
vary
Accept-Encoding
content-type
application/javascript
via
1.1 e38834cd8f7f79ef118dc9bba0861780.cloudfront.net (CloudFront)
cache-control
public, max-age=900
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
opSyy_oBQ7OjcvETI-eYbvtoNxlaTdulzamnu2LXEIgmp6ctgM715A==
trinity-injector-script.js
vd.trinitymedia.ai/trinity-player/tts-player/20220225_97f2884b268b4d0d886e31759457fc419a2ff7bb/ 		440 KB
62 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://vd.trinitymedia.ai/trinity-player/tts-player/20220225_97f2884b268b4d0d886e31759457fc419a2ff7bb/trinity-injector-script.js
Requested by
Host: trinitymedia.ai
URL: https://trinitymedia.ai/player/trinity/2900000552/?pageURL=https%3A%2F%2Fwww.newsobserver.com%2Fnews%2Fbusiness%2Farticle257921743.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
205.185.216.42 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
map2.hwcdn.net
Software
AmazonS3 /
Resource Hash
ebb56d62f90a98774650f0c32c831d0acaabc57d86ceb22d5ad23d88f536d424

Request headers

Referer
https://www.newsobserver.com/
Origin
https://www.newsobserver.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:55:54 GMT
content-encoding
gzip
last-modified
Fri, 25 Feb 2022 11:21:40 GMT
server
AmazonS3
x-amz-request-id
Q0JKBG35PG3KM575
etag
"fda6dca913e9d784e756f4ecbe154411"
x-hw
1645826154.dop013.am5.t,1645826154.cds210.am5.hn,1645826154.cds136.am5.c
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
content-length
63243
x-amz-id-2
ldyegwNLTBE9cvr0ZB9r295FCCmKAoj2GiwmQCqF26zw6CtUXp4mVUFnyZrhOf7DlxxXCTdrveY=
image004.jpg
www.newsobserver.com/latest-news/iuvuzc/picture257927458/alternates/FREE_1140/ 		86 KB
87 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.newsobserver.com/latest-news/iuvuzc/picture257927458/alternates/FREE_1140/image004.jpg
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.219.128 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-219-128.deploy.static.akamaitechnologies.com
Software
MI /
Resource Hash
fbcc47d748ec7901f0d7b52d664a969d953ba9e65831044cf25627b08487d835

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:55:54 GMT
x-mi-in-market
0
surrogate-control
varnish=ESI/2.1
mi-cache-age
81474
content-length
88283
last-modified
Tue, 01 Feb 2022 17:52:22 GMT
server
MI
x-proxy-forwarding-type
BlackList
etag
"6dcda56759bb4bc3a016f86e6b4848cd"
access-control-max-age
86400
access-control-allow-methods
GET,POST,OPTIONS
x-varnish
401517236, 841363548 796940395
access-control-allow-origin
*
cache-control
max-age=594641
access-control-allow-credentials
false
mi-cache
HIT
content-type
image/jpeg
access-control-allow-headers
*
Zach%20Eanes%20HED%20Shot.PNG
www.newsobserver.com/latest-news/xtylfb/picture257928388/alternates/FREE_480/ 		837 KB
839 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.newsobserver.com/latest-news/xtylfb/picture257928388/alternates/FREE_480/Zach%20Eanes%20HED%20Shot.PNG
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.219.128 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-219-128.deploy.static.akamaitechnologies.com
Software
MI /
Resource Hash
ebfcd6d197f4c04e167c1996a57dabe2134d94f9b20ffd3fa1a5d639bdf8f474

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:55:54 GMT
x-mi-in-market
0
surrogate-control
varnish=ESI/2.1
mi-cache-age
3248
content-length
857314
last-modified
Tue, 01 Feb 2022 18:08:11 GMT
server
MI
x-proxy-forwarding-type
BlackList
etag
"c5182f01305eb06701ece6295a75edd5"
access-control-max-age
86400
access-control-allow-methods
GET,POST,OPTIONS
x-varnish
243142299, 534019559 551490350
access-control-allow-origin
*
cache-control
max-age=277921
access-control-allow-credentials
false
mi-cache
HIT
content-type
image/png
access-control-allow-headers
*
favicon-32.png
www.newsobserver.com/wps/build/images/newsobserver/ 		736 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.newsobserver.com/wps/build/images/newsobserver/favicon-32.png
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.219.128 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-219-128.deploy.static.akamaitechnologies.com
Software
MI /
Resource Hash
14dd7082d18bcf4515bc4c7fe8ad898e0cc49b6e3b1c19b62b3988e4ac667a55

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:55:54 GMT
x-mi-in-market
0
surrogate-control
varnish=ESI/2.1
mi-cache-age
208508
content-length
736
last-modified
Fri, 11 Feb 2022 16:11:15 GMT
server
MI
x-proxy-forwarding-type
BlackList
etag
W/"2e0-17ee98d8cb8"
access-control-max-age
86400
access-control-allow-methods
GET,POST,OPTIONS
x-varnish
410535312, 651925450 558016490
access-control-allow-origin
*
cache-control
max-age=579343
access-control-allow-credentials
false
mi-cache
HIT
content-type
image/png;charset=ISO-8859-1
access-control-allow-headers
*
decision-engine
mcclatchy-newsobserver.cdn.zephr.com/zephr/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://mcclatchy-newsobserver.cdn.zephr.com/zephr/decision-engine
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.124 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-124.fra50.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
content-type
Origin
https://www.newsobserver.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

content-length
0
date
Fri, 25 Feb 2022 19:06:35 GMT
access-control-allow-origin
https://www.newsobserver.com
access-control-allow-methods
POST,PUT,PATCH,GET,DELETE,OPTIONS,HEAD
access-control-allow-headers
Accept,Origin,Keep-Alive,Content-Type,User-Agent,Referer,Accept-Language,Cookie,Authorization,Cache-Control,Expires,Access-Control-Request-Method,Access-Control-Request-Headers,Accept-Encoding
access-control-allow-credentials
true
x-cache
Hit from cloudfront
via
1.1 9c7c26f5beeb09381cea450ea3581b36.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
0w0dYdHOOALm8K0MZoCqiKIZdK0aAqikJqUiYUUOUfQj6LOMtRDeGA==
age
10159
ima3.js
imasdk.googleapis.com/js/sdkloader/ 		367 KB
122 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/sdkloader/ima3.js
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/wps/build/webpack/videoStory.bundle-28951736bd4be8aaae44.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4b9019b46768d884816f34f0572435e6b9060ff9d0ef785996285a9b7d97a715
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:55:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
124251
x-xss-protection
0
expires
Fri, 25 Feb 2022 21:55:54 GMT
truncated
/ 		9 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
63b693778274923011281f0c339ac4116f8a31b9d186d0657849380cd5bd34b7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		157 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
80d54533f80e8233621f965ae0a7713928bdb4d491ed0eb5e90434550f1894cb

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type
image/png
scroll.js
static.scroll.com/js/ 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.scroll.com/js/scroll.js
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/static/yozons-lib/newsobservercore.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.194.217 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
UploadServer /
Resource Hash
ee14cb5ce7f59fb3240804e38e3f3a91410e06e5b9db9a06896b13d43b35450d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:55:54 GMT
content-encoding
gzip
age
4456
x-guploader-uploadid
ADPycdsXfIBzO1HWUOsCYlczpEM9mEMWyswWXx8ULzmzf-oVP415HxjQq6ZQDjfSGlQeCwOwtGhWqzL3_axFhQVKxlaRJh8obw
x-cache
HIT
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
gzip
content-length
6179
x-served-by
cache-hhn4036-HHN
last-modified
Thu, 10 Feb 2022 20:41:36 GMT
server
UploadServer
x-timer
S1645826155.972528,VS0,VE0
etag
"f20f2951c04539ed9ce875f6a479938e"
vary
Origin
x-goog-hash
crc32c=rbs4SA==, md5=8g8pUcBFOe2c6HX2pHmTjg==
x-goog-generation
1644525696132501
via
1.1 varnish
expires
Sun, 20 Feb 2022 20:41:37 GMT
cache-control
public, max-age=0, s-maxage=86400
access-control-allow-credentials
true
x-goog-stored-content-length
6179
accept-ranges
bytes
content-type
application/javascript
x-scrolljs
3
x-cache-hits
1721
performance.f0e7fffe39429ece30ea.js
www.newsobserver.com/static/yozons-lib/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.newsobserver.com/static/yozons-lib/performance.f0e7fffe39429ece30ea.js
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/static/yozons-lib/newsobservercore.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.219.128 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-219-128.deploy.static.akamaitechnologies.com
Software
MI /
Resource Hash
ff899365624bdc28c5da8084b4568e93f9530847f746179a9a7ccbe7d7c60d75

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:55:54 GMT
content-encoding
gzip
vary
Accept-Encoding
x-mi-in-market
0
surrogate-control
varnish=ESI/2.1
mi-cache-age
301
content-length
2634
last-modified
Thu, 24 Feb 2022 16:30:01 GMT
server
MI
etag
W/"1e92-5d8c617faf440"
access-control-max-age
86400
access-control-allow-methods
GET,POST,OPTIONS
x-varnish
382431946, 796798371 790592842
access-control-allow-origin
*
cache-control
max-age=499562
access-control-allow-credentials
false
mi-cache
HIT
content-type
application/javascript
access-control-allow-headers
*
quarantine.710263a46064c5e57e4a.js
www.newsobserver.com/static/yozons-lib/ 		31 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.newsobserver.com/static/yozons-lib/quarantine.710263a46064c5e57e4a.js
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/static/yozons-lib/newsobservercore.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.219.128 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-219-128.deploy.static.akamaitechnologies.com
Software
MI /
Resource Hash
1d5a218c6676c6afa0caf376ceaa2c21a6c96a26849fb248b059ed73c8a7ffa6

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:55:54 GMT
content-encoding
gzip
vary
Accept-Encoding
x-mi-in-market
0
surrogate-control
varnish=ESI/2.1
mi-cache-age
301
content-length
11513
last-modified
Thu, 24 Feb 2022 16:30:01 GMT
server
MI
etag
W/"7a53-5d8c617faf440"
access-control-max-age
86400
access-control-allow-methods
GET,POST,OPTIONS
x-varnish
394864585 382431951
access-control-allow-origin
*
cache-control
max-age=499593
access-control-allow-credentials
false
mi-cache
HIT
content-type
application/javascript
access-control-allow-headers
*
geofeed
geolocation.onetrust.com/cookieconsentpub/v1/geo/location/ 		191 B
395 B 		Script
General
Check archive.org
Download Go to
Full URL
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location/geofeed
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/static/yozons-lib/newsobservercore.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:b944 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6df7cb882995fe8138913eefbd043496b18ff37efa17c5f412b86378b6f2699e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:55:54 GMT
content-encoding
gzip
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
strict-transport-security
max-age=31536000; includeSubDomains; preload
cf-ray
6e342e3c990d91d8-FRA
parsely.6e1ebd49dca2528fccd2.js
www.newsobserver.com/static/yozons-lib/ 		1 KB
931 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.newsobserver.com/static/yozons-lib/parsely.6e1ebd49dca2528fccd2.js
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/static/yozons-lib/newsobservercore.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.219.128 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-219-128.deploy.static.akamaitechnologies.com
Software
MI /
Resource Hash
4a6d54f7ddea9776c46bea423d9c42f41c7d54f879d0dea93d82ce2412813c37

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:55:54 GMT
content-encoding
gzip
vary
Accept-Encoding
x-mi-in-market
0
surrogate-control
varnish=ESI/2.1
mi-cache-age
291
content-length
557
last-modified
Thu, 24 Feb 2022 15:28:42 GMT
server
MI
etag
W/"462-5d8c53cb1de80"
access-control-max-age
86400
access-control-allow-methods
GET,POST,OPTIONS
x-varnish
396267295 397280452
access-control-allow-origin
*
cache-control
max-age=495828
access-control-allow-credentials
false
mi-cache
HIT
content-type
application/javascript
access-control-allow-headers
*
decision-engine
mcclatchy-newsobserver.cdn.zephr.com/zephr/ 		131 B
998 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mcclatchy-newsobserver.cdn.zephr.com/zephr/decision-engine
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/static/yozons-lib/newsobservercore.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.124 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-124.fra50.r.cloudfront.net
Software
/
Resource Hash
2c8e9c17c51ac13646a59b8c82f28ddbc7567ae6c99a102904383d8fb3408c13

Request headers

Accept
application/json
Referer
https://www.newsobserver.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type
application/json

Response headers

date
Fri, 25 Feb 2022 21:55:55 GMT
via
1.1 9c7c26f5beeb09381cea450ea3581b36.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA50-C1
x-cache
Miss from cloudfront
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://www.newsobserver.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Accept,Origin,Keep-Alive,Content-Type,User-Agent,Referer,Accept-Language,Cookie,Authorization,Cache-Control,Expires,Access-Control-Request-Method,Access-Control-Request-Headers,Accept-Encoding
content-length
131
x-amz-cf-id
fxb63f2kPlPnZmR5bg0pMcjK3jM-5ZvCcdWibYJ644zRde9HdrhZpA==
x-blaize-request
ffffffff9337c55d
ats.js
ats.rlcdn.com/ 		109 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ats.rlcdn.com/ats.js
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/static/yozons-lib/netdale.d563c18f126650418ba7.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.16 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-16.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
72c5d10e99c6620a2561415895a84064b5b5616c2b1914602263886be4cdc229

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-amz-version-id
28x_tDvW9kJ.rWgfbdZIcgxbFDdgh9p3
content-encoding
gzip
etag
W/"d7dfa2940a5d5ce3beedd8774c961dd7"
age
73087
x-amz-server-side-encryption
AES256
x-amz-meta-codebuild-buildarn
arn:aws:codebuild:eu-west-1:469675294282:build/ATSLibrary-prod:6fbe2bf4-0d3f-4234-a84e-c584de5ecb5e
x-cache
Hit from cloudfront
x-amz-meta-codebuild-content-md5
8c7650e47b7f894f6ae5a1fc4919cee6
last-modified
Thu, 16 Dec 2021 12:45:56 GMT
server
AmazonS3
date
Fri, 25 Feb 2022 01:37:52 GMT
vary
Accept-Encoding
x-amz-meta-codebuild-content-sha256
ae589a6335869a8948d0172dfafea0c42638763d87ea89591504c580a5c4f6c7
via
1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
cache-control
must-revalidate,public,max-age=86400
x-amz-cf-pop
FRA50-C1
content-type
application/x-javascript
x-amz-cf-id
2hnYoPVM4r6kqcV1tOeL650Z-YD6QIessDNY3daqL6JIYy7BcJtE8w==
oPS.js
d15kdpgjg3unno.cloudfront.net/ 		95 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d15kdpgjg3unno.cloudfront.net/oPS.js?cid=11
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/static/yozons-lib/newsobservercore.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:e400:11:b309:9100:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c306fb031803650f838048d2009bc4ef76218e790d8648ad2cd041d94c9bd14d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 20:17:31 GMT
content-encoding
gzip
last-modified
Fri, 25 Feb 2022 20:17:25 GMT
server
AmazonS3
age
5904
etag
W/"aefb59c54108c0b2556d5f41ca431dc0"
vary
Accept-Encoding
x-cache
Hit from cloudfront
x-amz-version-id
JhVxn.N_aNNwB6.Gsnd8dNJ5HEloF2V6
via
1.1 1f49a084ca923f375f74b42fa36ef428.cloudfront.net (CloudFront)
cache-control
max-age=84600
x-amz-cf-pop
FRA50-C1
content-type
application/javascript
x-amz-cf-id
wpoAJQHELQclxfY3ahFHqXnHGEnDzVb1hjgRgOeruqOz6mGPw2BFNQ==
article257921743.html.js
dyv1bugovvq1g.cloudfront.net/11/www.newsobserver.com/news/business/ 		575 B
587 B 		Script
General
Check archive.org
Download Go to
Full URL
https://dyv1bugovvq1g.cloudfront.net/11/www.newsobserver.com/news/business/article257921743.html.js
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/static/yozons-lib/newsobservercore.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:5600:5:82fd:2500:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
3a3a57333f53e4f4724ebff87ecef57190953d0aae200c71f31f487644878d7c

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:55:56 GMT
content-encoding
gzip
last-modified
Fri, 25 Feb 2022 19:57:41 GMT
server
AmazonS3
x-amz-cf-pop
FRA50-C1
etag
"19b5d2701caba7781a67effc37fff2bf"
x-cache
RefreshHit from cloudfront
content-type
application/json; charset=utf-8
via
1.1 a148356b14492df0e216c234ac2c2308.cloudfront.net (CloudFront)
cache-control
max-age=300
accept-ranges
bytes
content-length
215
x-amz-cf-id
0-3baAjJ302eSMiuGwPlbJTZ4TR1OaWcICYOZ-GJe5AzF2joRQK6Ag==
config.js
confiant-integrations.global.ssl.fastly.net/awMxVZLpNW6K6EG6WC5S8oR_a68/gpt_and_prebid/ 		123 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://confiant-integrations.global.ssl.fastly.net/awMxVZLpNW6K6EG6WC5S8oR_a68/gpt_and_prebid/config.js
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/static/yozons-lib/netdale.d563c18f126650418ba7.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.65.194 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
659dacde48b8fcbdc60b1a15f237a3f7c4ccac52ac4385a4cfc544d8036af72f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Fri, 25 Feb 2022 21:55:54 GMT
Content-Encoding
gzip
Age
3583
X-Cache
HIT
Connection
keep-alive
Content-Length
28107
x-amz-id-2
hR+D5UcEu/zdvHcyJoHqDCtX1CF9en5/jIzNIQbp0qQU9fPqMNwvKFG1sfeWYI0eppazI15FEVo=
X-Served-By
cache-hhn4073-HHN
Last-Modified
Fri, 25 Feb 2022 20:46:21 GMT
Server
AmazonS3
X-Timer
S1645826155.980547,VS0,VE0
ETag
"52541fb7aed6d53d6c261cf9d54c6d3b"
x-amz-request-id
61P414TRYD71624Q
Via
1.1 varnish
Cache-Control
public, max-age=900, stale-while-revalidate=3600
Accept-Ranges
bytes
Content-Type
text/javascript
X-Cache-Hits
20
sponsored.8fb7d3ca3744af598cac.js
www.newsobserver.com/static/yozons-lib/ 		1 KB
834 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.newsobserver.com/static/yozons-lib/sponsored.8fb7d3ca3744af598cac.js
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/static/yozons-lib/newsobservercore.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.219.128 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-219-128.deploy.static.akamaitechnologies.com
Software
MI /
Resource Hash
896d1670c2fcbfda967c13e2dabb6ffbafae8af429fa587e75dded97b8425f58

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:55:54 GMT
content-encoding
gzip
vary
Accept-Encoding
x-mi-in-market
0
surrogate-control
varnish=ESI/2.1
mi-cache-age
290
content-length
460
last-modified
Thu, 24 Feb 2022 15:28:42 GMT
server
MI
etag
W/"413-5d8c53cb1de80"
access-control-max-age
86400
access-control-allow-methods
GET,POST,OPTIONS
x-varnish
792412223 795841013
access-control-allow-origin
*
cache-control
max-age=495809
access-control-allow-credentials
false
mi-cache
HIT
content-type
application/javascript
access-control-allow-headers
*
rid
match.adsrvr.org/track/ 		109 B
548 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://match.adsrvr.org/track/rid?ttd_pid=casale&fmt=json&p=185522
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/185522-243508426708752.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
/
Resource Hash
4739f74db2cec124c36c4fb60c8b2240172678404c4e6fad50c51c31f627e9b2

Request headers

Referer
https://www.newsobserver.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Fri, 25 Feb 2022 21:55:55 GMT
x-aspnet-version
4.0.30319
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.newsobserver.com
cache-control
private
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
content-length
109
expires
Sun, 27 Mar 2022 21:55:54 GMT
any
idx.liadm.com/idex/ie/ 		54 B
592 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://idx.liadm.com/idex/ie/any
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/185522-243508426708752.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.204.184.124 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-204-184-124.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
10165ad8492adc91debb4a89bc266bef3b7bd63e999f706175e58a8d32fb0255
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.newsobserver.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

Date
Fri, 25 Feb 2022 21:55:55 GMT
Vary
Origin
Server
nginx/1.18.0
Request-Time
0
Content-Type
application/json
Access-Control-Allow-Origin
https://www.newsobserver.com
Connection
keep-alive
Access-Control-Allow-Credentials
true
Strict-Transport-Security
max-age=31536000; includeSubDomains
trace-id
7f4c60d8b05ef4ec
Content-Length
54
identity
api.rlcdn.com/api/ 		44 B
332 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.rlcdn.com/api/identity?pid=2&rt=envelope
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/185522-243508426708752.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.133.55 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
55.133.120.34.bc.googleusercontent.com
Software
/
Resource Hash
da45962a1fb4a049c9367ebe9b1b628f071d7a4c9997ee807c01d23f4866e19c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.newsobserver.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Fri, 25 Feb 2022 21:55:54 GMT
via
1.1 google
x-content-type-options
nosniff
access-control-allow-headers
Accept, Authorization, Content-Type, Cookie, Origin, X-Requested-With
access-control-allow-methods
GET, OPTIONS
content-type
text/plain; charset=utf-8
access-control-allow-origin
https://www.newsobserver.com
access-control-allow-credentials
true
alt-svc
clear
content-length
44
860f3181-58d8-466c-bb02-1aa4de56821b
https://www.newsobserver.com/ 		31 B
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://www.newsobserver.com/860f3181-58d8-466c-bb02-1aa4de56821b
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
7725538fe2f71147bffeba7452b434c826aef9009666cb4360c605d0b2a91d1d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Length
31
Content-Type
application/javascript
connatix.playspace.dc.js
cds.connatix.com/p/151870/ Frame A3B0
Redirect Chain
  • https://cd.connatix.com/connatix.playspace.js
  • https://cds.connatix.com/p/151870/connatix.playspace.dc.js
1007 KB
243 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cds.connatix.com/p/151870/connatix.playspace.dc.js
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
Protocol
H2
Server
151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
c0b73118990e8a933880c152b750065934be45922d40834f81057d22f5fc625e

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:55:55 GMT
content-encoding
br
last-modified
Fri, 25 Feb 2022 08:50:24 GMT
age
46788
etag
"35109ede7d6976f13beec96b0afc822c"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
access-control-max-age
86400
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
content-length
248251

Redirect headers

location
https://cds.connatix.com/p/151870/connatix.playspace.dc.js
date
Fri, 25 Feb 2022 21:55:55 GMT
cache-control
no-cache, no-store, must-revalidate, max-age=0
server
Kestrel
accept-ranges
bytes
content-length
0
interact
edge.adobedc.net/ee/v1/ 		243 B
256 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://edge.adobedc.net/ee/v1/interact?configId=97218b28-9528-481e-9a30-648529cfd9a3&requestId=e5452e38-5473-4364-a323-09f6481d757d
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/static/yozons-lib/newsobservercore.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.36.218.177 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-36-218-177.eu-west-3.compute.amazonaws.com
Software
jag /
Resource Hash
5792434943c87af4f700d107963412694121fa9f2bf0d33e3fd3a5a66c16b7d9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.newsobserver.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type
text/plain; charset=UTF-8

Response headers

x-adobe-edge
IRL1;6
date
Fri, 25 Feb 2022 21:55:54 GMT
content-encoding
deflate
x-content-type-options
nosniff
server
jag
vary
Origin
content-type
application/json;charset=utf-8
access-control-allow-origin
https://www.newsobserver.com
access-control-expose-headers
Retry-After, X-Adobe-Edge, X-Request-ID
cache-control
no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials
true
x-konductor
22.2.3:8d46bad2
strict-transport-security
max-age=31536000; includeSubDomains
x-xss-protection
1; mode=block
x-request-id
e5452e38-5473-4364-a323-09f6481d757d
interact
edge.adobedc.net/ee/v1/ 		178 B
220 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://edge.adobedc.net/ee/v1/interact?configId=97218b28-9528-481e-9a30-648529cfd9a3&requestId=cfc9d9f9-d9b4-4efb-929e-3dfa1a07a160
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/static/yozons-lib/newsobservercore.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.36.218.177 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-36-218-177.eu-west-3.compute.amazonaws.com
Software
jag /
Resource Hash
da3d46779f54718dbe874f7d3d7d35fa89a0c46a59d03e773ac9835b476b614e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.newsobserver.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type
text/plain; charset=UTF-8

Response headers

x-adobe-edge
IRL1;6
date
Fri, 25 Feb 2022 21:55:54 GMT
content-encoding
deflate
x-content-type-options
nosniff
server
jag
vary
Origin
content-type
application/json;charset=utf-8
access-control-allow-origin
https://www.newsobserver.com
access-control-expose-headers
Retry-After, X-Adobe-Edge, X-Request-ID
cache-control
no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials
true
x-konductor
22.2.3:8d46bad2
strict-transport-security
max-age=31536000; includeSubDomains
x-xss-protection
1; mode=block
x-request-id
cfc9d9f9-d9b4-4efb-929e-3dfa1a07a160
pubads_impl_2022022401.js
securepubads.g.doubleclick.net/gpt/ 		363 KB
121 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022401.js?cb=31065353
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
sffe /
Resource Hash
eb17a933f0977509c796b9055e3c140746326ecd3ec343dfa3614e8bdb1ac2f5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 20:47:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
4134
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
124299
x-xss-protection
0
last-modified
Thu, 24 Feb 2022 09:41:14 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Sat, 25 Feb 2023 20:47:00 GMT
ppub_config
securepubads.g.doubleclick.net/pagead/ 		254 B
164 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.newsobserver.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
cafe /
Resource Hash
1b0fbbf2a9213b3cc3e711de20c4775167a70b71b95922f69a51878d16ddbadf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 25 Feb 2022 21:55:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
139
x-xss-protection
0
expires
Fri, 25 Feb 2022 21:55:55 GMT
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 0EBE 		15 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=159414&s=&predirect=&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/userSync.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-233-180.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/

Response headers

last-modified
Tue, 01 Feb 2022 06:38:00 GMT
etag
"1300708-3de4-5d6ef246ef4cf"
server
Apache/2.2.15 (CentOS)
accept-ranges
bytes
content-encoding
gzip
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
5549
content-type
text/html; charset=UTF-8
cache-control
max-age=66127
expires
Sat, 26 Feb 2022 16:18:01 GMT
date
Fri, 25 Feb 2022 21:55:54 GMT
vary
Accept-Encoding
p.js
cdn.parsely.com/keys/newsobserver.com/ 		66 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.parsely.com/keys/newsobserver.com/p.js
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/static/yozons-lib/parsely.6e1ebd49dca2528fccd2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.103.127 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-103-127.fra50.r.cloudfront.net
Software
nginx /
Resource Hash
2ff8dc4161b9a017745c29cdc9594fdff3e16b981f87664a6c3868bf4424ef3f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
public
date
Fri, 25 Feb 2022 06:01:49 GMT
content-encoding
gzip
last-modified
Wed, 16 Feb 2022 18:59:58 GMT
server
nginx
age
57246
etag
W/"620d49ae-1070c"
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 a148356b14492df0e216c234ac2c2308.cloudfront.net (CloudFront)
cache-control
max-age=86400, public
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
XC25b3RrcEb3CikPsO0QIw4QD6jn4lbkvpawRHIKr1cDiGLnFov76A==
expires
Sat, 26 Feb 2022 06:01:49 GMT
config
c.amazon-adsystem.com/cdn/prod/ 		57 B
418 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fwww.newsobserver.com&pubid=10f892c4-b76d-4f37-b1fd-0ae5d74780b5
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.95.188 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-95-188.fra50.r.cloudfront.net
Software
Server /
Resource Hash
8ea9df9aa296a2eac3fe1a8b6972fecea49c7295f723cf9c93356ff9301a09ec

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 18:59:12 GMT
via
1.1 e38834cd8f7f79ef118dc9bba0861780.cloudfront.net (CloudFront)
server
Server
age
10602
x-cache
Hit from cloudfront
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://www.newsobserver.com
cache-control
max-age=21550, s-maxage=21600
access-control-allow-credentials
true
x-amz-cf-pop
FRA50-C1
content-length
57
x-amz-cf-id
50y8o1OKBrV-h6bKQzfbdP7yQI83EvgYveX20Vd0UIrL4nrVVrI0Rw==
aps_csm.js
c.amazon-adsystem.com/bao-csm/aps-comm/ 		6 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.95.188 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-95-188.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-amz-version-id
kI14R7urpxgHjeMWGWlNpVn0IgFose_t
content-encoding
gzip
etag
W/"a4d296427fc806b21335359e398c025c"
age
80697
x-cache
Hit from cloudfront
access-control-max-age
3000
access-control-allow-origin
*
last-modified
Sat, 19 Feb 2022 01:26:04 GMT
server
AmazonS3
date
Thu, 24 Feb 2022 23:30:59 GMT
vary
Origin
access-control-allow-methods
GET
content-type
application/javascript
via
1.1 fa5a3d5abd34c6fac657b045a4dcbdc4.cloudfront.net (CloudFront)
cache-control
public, max-age=86400
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
4PnMZx0zAI4fhL5RpUD8JWGgLTlKhW2zfehv3Ni4pNB0Dqc3T4eAfQ==
pdp.gif
www.newsobserver.com/static/yozons-lib/ 		42 B
385 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.newsobserver.com/static/yozons-lib/pdp.gif?k=eyJpZCI6Im1pX2FzX25hb18wMTQ3MTYxODM2ODg3MzkxMTUyMjg3MDgxNzUyODk4NTkyMDAwOV8xXzBfMTY0NTgyNjE1NDY4NiIsImRvbUludGVyYWN0aXZlIjoxMzcwLCJncHRSZXF1ZXN0ZWQiOjEyODYsInJlcXVlc3RTdGFydCI6ODksInpldXNSZXF1ZXN0ZWQiOjExNjJ9
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.219.128 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-219-128.deploy.static.akamaitechnologies.com
Software
MI /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:55:55 GMT
x-mi-in-market
0
surrogate-control
varnish=ESI/2.1
mi-cache-age
569003
content-length
42
last-modified
Tue, 15 Feb 2022 18:23:14 GMT
server
MI
etag
"2a-5d812a04d8880"
access-control-max-age
86400
access-control-allow-methods
GET,POST,OPTIONS
x-varnish
467377070 221228632
access-control-allow-origin
*
cache-control
max-age=604800
access-control-allow-credentials
false
mi-cache
HIT
content-type
image/gif
access-control-allow-headers
*
load.js
s.ntv.io/serve/ 		392 KB
115 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.ntv.io/serve/load.js
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/static/yozons-lib/newsobservercore.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.163 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-163.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
36a588822bfb9e3d351da79c492ed62f9d98275d59f611a50b0f37ae11731a34

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Fri, 25 Feb 2022 21:55:55 GMT
Content-Encoding
gzip
x-amz-request-id
Z0CM2CQ8ZKF580NM
x-amz-server-side-encryption
AES256
Transfer-Encoding
chunked
Connection
keep-alive, Transfer-Encoding
x-amz-id-2
xO0476HKDo2I2bzrkOt82TIHn1NDM5mgQ+gUqQ9cf8Psk5spTqpqXoQy57zz0TFOHhRx62B7mxo=
Last-Modified
Thu, 10 Feb 2022 22:27:22 GMT
Server
AmazonS3
ETag
"93a3fdf08b1a28e64ac925822f0cc789"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=3600
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
beacon.js
sb.scorecardresearch.com/ Frame ABD3 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sb.scorecardresearch.com/beacon.js
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.125 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-125.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 07:22:46 GMT
content-encoding
gzip
etag
W/"1827f116c73f319409b97f10b8a58ade"
last-modified
Fri, 26 Feb 2021 14:35:05 GMT
server
AmazonS3
age
52411
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 009e5e3e32afcd1d135a7234c9da5520.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
_Y2s1yaO1exPozf5Sng3QFtwVbctB6MbxWzlUMqJSjjUoh_fIVwykQ==
last-event-tag-latest.min.js
www.everestjs.net/static/le/ Frame F065 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.everestjs.net/static/le/last-event-tag-latest.min.js
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.234.92 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-234-92.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
abb45ae4b3a896ae99132c1786a9676218c119ea552d3fbb5ab6d40d9e05e43c

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-amz-version-id
null
Content-Encoding
gzip
Last-Modified
Wed, 16 Jun 2021 15:18:41 GMT
Server
AmazonS3
x-amz-request-id
DV8HDA71X115YJNZ
ETag
"d5991c18a0042eb33f92c6b5b44ffe8d"
Vary
Accept-Encoding
Content-Type
application/javascript
Date
Fri, 25 Feb 2022 21:55:55 GMT
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
2663
x-amz-id-2
KEgebjSBHBq0uKGiaF1iQQhu4GyeyGJ5z0S3hKMrl1o4INa6XktrjZX+gvfW9LqhxSSW5apjng8=
AGSKWxXAZrJRCvuYysT9c1RumEDbR5v3PFPRPP4qISzVM2SGrMWLHOoFS46a3aKEhVgJ8a8zdSI_hQzf81OBst2I
fundingchoicesmessages.google.com/f/ 		89 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/f/AGSKWxXAZrJRCvuYysT9c1RumEDbR5v3PFPRPP4qISzVM2SGrMWLHOoFS46a3aKEhVgJ8a8zdSI_hQzf81OBst2I
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
7635741e19ea05cd0621ffd2aaf56334b24e54c1f4833a5b22f2fc0a722555a8
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-4lyWUzZ8Q6rMCnGH9acGYw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-4lyWUzZ8Q6rMCnGH9acGYw' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 25 Feb 2022 21:55:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
ESF
cross-origin-opener-policy
same-origin; report-to="ContributorGlobalRouterHttp"
x-frame-options
SAMEORIGIN
report-to
{"group":"ContributorGlobalRouterHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ContributorGlobalRouterHttp/external"}]}
content-type
application/javascript; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-4lyWUzZ8Q6rMCnGH9acGYw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-4lyWUzZ8Q6rMCnGH9acGYw' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
expires
Mon, 01 Jan 1990 00:00:00 GMT
ml.br.js
js.matheranalytics.com/static/ltm/ma12095/all/7/ Frame A494
Redirect Chain
  • https://js.matheranalytics.com/s/ma12095/74930332/all/ml.js?cb=1587
  • https://js.matheranalytics.com/static/ltm/ma12095/all/7/ml.br.js
142 KB
42 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.matheranalytics.com/static/ltm/ma12095/all/7/ml.br.js
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
Protocol
H2
Server
107.178.250.234 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
234.250.178.107.bc.googleusercontent.com
Software
nginx /
Resource Hash
1cf9ae5c0529bf103cb71b4b7e875fc270c4094e3e6932897873e80fd30fb5ce

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 03:21:44 GMT
via
1.1 google
last-modified
Wed, 19 Jan 2022 18:40:40 GMT
server
nginx
age
66851
etag
"b59de942e92e749ccdf547752b011955"
vary
Accept-Encoding
x-cache
HIT Wed, 19 Jan 2022 18:49:12 GMT
content-type
application/x-javascript
cache-control
public,max-age=3600
content-encoding
br
alt-svc
clear
content-length
42296

Redirect headers

date
Fri, 25 Feb 2022 21:55:55 GMT
via
1.1 google
server
nginx
vary
Accept-Encoding
location
https://js.matheranalytics.com/static/ltm/ma12095/all/7/ml.br.js
cache-control
public, max-age=269200
alt-svc
clear
x-served-by
7-gc-euw1-10921
collect
depart.trinitymedia.ai/api/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://depart.trinitymedia.ai/api/collect?t=audio
Requested by
Host: vd.trinitymedia.ai
URL: https://vd.trinitymedia.ai/trinity-player/tts-player/20220225_97f2884b268b4d0d886e31759457fc419a2ff7bb/trinity-injector-script.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.157.101.119 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-157-101-119.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash

Request headers

Referer
https://www.newsobserver.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Fri, 25 Feb 2022 21:55:55 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
access-control-allow-headers
origin, content-type, accept, authorization
content-length
0
access-control-allow-methods
GET, POST, OPTIONS
css2
fonts.googleapis.com/ Frame B73B 		2 KB
465 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Work+Sans:wght@400;600&display=swap
Requested by
Host: vd.trinitymedia.ai
URL: https://vd.trinitymedia.ai/trinity-player/tts-player/20220225_97f2884b268b4d0d886e31759457fc419a2ff7bb/trinity-injector-script.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
7bc1c343272a50624781505b4fc29b239f9c4571f69db722259f05b515e540fd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Fri, 25 Feb 2022 20:25:56 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Fri, 25 Feb 2022 21:55:55 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 25 Feb 2022 21:55:55 GMT
trinity-player.php
trinitymedia.ai/player/ Frame 73C0 		10 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://trinitymedia.ai/player/trinity-player.php?pageURL=https%3A%2F%2Fwww.newsobserver.com%2Fnews%2Fbusiness%2Farticle257921743.html&unitId=2900000552&userId=c3cd285a-ee86-4d7d-a658-4f3e0718328a&isLegacyBrowser=false&version=20220225_97f2884b268b4d0d886e31759457fc419a2ff7bb&useCFCDN=0&themeId=315
Requested by
Host: vd.trinitymedia.ai
URL: https://vd.trinitymedia.ai/trinity-player/tts-player/20220225_97f2884b268b4d0d886e31759457fc419a2ff7bb/trinity-injector-script.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.206.8.217 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-206-8-217.compute-1.amazonaws.com
Software
Apache /
Resource Hash
de053e2b9ae468ad472f1f86cca21476d28bf67b95ac295d0b242be49680c70f

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/

Response headers

date
Fri, 25 Feb 2022 21:55:55 GMT
content-type
text/html; charset=UTF-8
content-length
4648
server
Apache
vary
Accept-Encoding
content-encoding
gzip
access-control-allow-origin
*
wrap.js
confiant-integrations.global.ssl.fastly.net/gptprebidnative/202202240953/ 		195 KB
62 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://confiant-integrations.global.ssl.fastly.net/gptprebidnative/202202240953/wrap.js
Requested by
Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/awMxVZLpNW6K6EG6WC5S8oR_a68/gpt_and_prebid/config.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.65.194 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6b2a50938c5bd46548ab8043aafa317b98df93e8425b8b2b18161af233994975

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Fri, 25 Feb 2022 21:55:55 GMT
Content-Encoding
gzip
Age
556
X-Cache
HIT
Connection
keep-alive
Content-Length
63150
x-amz-id-2
R6xIYL22jN/zeMvqTqwdc57lvpOPe1s2S+svYRX3D+5xneJvnDUToUpoy8+bzsfmnDt1I2H92UA=
X-Served-By
cache-hhn4073-HHN
Last-Modified
Thu, 24 Feb 2022 14:54:30 GMT
Server
AmazonS3
X-Timer
S1645826155.126960,VS0,VE0
ETag
"8bc5206a21bb8becf615a9a49d8c99c1"
x-amz-request-id
5V7TV45JMYKS9J6X
Via
1.1 varnish
Cache-Control
public, max-age=31536000
Accept-Ranges
bytes
Content-Type
application/javascript; charset=utf-8
X-Cache-Hits
1873
/
geo.privacymanager.io/ 		30 B
594 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://geo.privacymanager.io/
Requested by
Host: ats.rlcdn.com
URL: https://ats.rlcdn.com/ats.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.54 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-54.fra50.r.cloudfront.net
Software
/
Resource Hash
e257df7266563e157bb7df93fd09c6d13afb1c9554468b21c7378e09a94d3250

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 14:33:26 GMT
via
1.1 82514a5a8cf35fb3132b0b5ab9cb724c.cloudfront.net (CloudFront), 1.1 5317564e96c9dceb46123f6c5f149a02.cloudfront.net (CloudFront)
age
26549
x-amzn-requestid
fb5c18fb-d425-4ea2-92c8-6e111aaff3f5
access-control-allow-methods
DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
content-type
application/json
access-control-allow-origin
*
x-amzn-trace-id
Root=1-6218e8b6-07eb3ce840cde8742fb1bf26;Sampled=0
x-cache
Hit from cloudfront
x-amz-cf-pop
FRA56-P3, FRA50-C1
x-amz-apigw-id
OGlMfHQ7joEF-2g=
content-length
30
x-amz-cf-id
HKK2Nb1dxRIWkh6Bg816Uq4at3vNMfgxvyD-t10ItCAKb3WkDlkjFw==
access-control-allow-headers
Content-Type,Authorization,X-Amz-Date,X-Api-Key,X-Amz-Security-Token
PugMaster
image6.pubmatic.com/AdServer/ Frame 0EBE 		2 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=21244428&p=159414&s=0&a=0&ptask=ALL&np=0&fp=0&rp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=159414&s=&predirect=&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
198.47.127.19 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software
/
Resource Hash
f2269030e7ae16aaaa8aef896cb37a76bea291cd89c3ed8c9bd36f4c51ad8bed

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:55:54 GMT
content-type
text/html; charset=UTF-8
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
prebid
ib.adnxs.com/ut/v3/ 		13 KB
7 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: mcclatchy-newsobserver.zeustechnology.com
URL: https://mcclatchy-newsobserver.zeustechnology.com/main.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.220.240 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
717.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
5dfd3c25368057fb42b8f5d53c61585031546e2a671cf0e3eec33fdff1073851
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.newsobserver.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
content-type
text/plain;charset=UTF-8

Response headers

Date
Fri, 25 Feb 2022 21:55:55 GMT
Content-Encoding
gzip
Transfer-Encoding
chunked
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection
keep-alive
X-Proxy-Origin
138.199.38.133; 138.199.38.133; 717.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
X-XSS-Protection
0
Pragma
no-cache
AN-X-Request-Uuid
0d98cb70-0474-4aaa-b80c-65b110b63f55
Server
nginx/1.17.9
Vary
Accept-Encoding
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
https://www.newsobserver.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Expires
Sat, 15 Nov 2008 16:00:00 GMT
cdb
bidder.criteo.com/ 		459 B
531 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://bidder.criteo.com/cdb?ptv=119&profileId=184&cb=6678705018
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
bidder.am5.vip.prod.criteo.com
Software
Finatra /
Resource Hash
ac6de1839d1642937e40679f0415f1638166c8c203e315f6fb02e71cba74da24
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://www.newsobserver.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Fri, 25 Feb 2022 21:55:55 GMT
content-encoding
gzip
server
Finatra
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.newsobserver.com
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; preload;
timing-allow-origin
*
content-length
257
cygnus
htlb.casalemedia.com/ 		58 B
357 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://htlb.casalemedia.com/cygnus?ac=j&s=641209&v=7.2&sd=1&r=%7B%22id%22%3A%2280b4ea45-f451-4667-8cfc-ed0ffbd26a13%22%2C%22imp%22%3A%5B%7B%22id%22%3A%229d8c5602-301c-4dbb-b77f-db11c18abe1b%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A970%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22702992%22%7D%7D%2C%7B%22w%22%3A970%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22702992%22%7D%7D%2C%7B%22w%22%3A728%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22702992%22%7D%7D%5D%2C%22ext%22%3A%7B%22gpid%22%3A%227675%2Fzeus_top-banner%22%7D%7D%7D%2C%7B%22id%22%3A%22b1f20ed2-8e8f-4dd4-8e6b-d69c7f593622%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A970%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22702992%22%7D%7D%2C%7B%22w%22%3A970%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22702992%22%7D%7D%2C%7B%22w%22%3A728%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22702992%22%7D%7D%5D%2C%22ext%22%3A%7B%22gpid%22%3A%227675%2Fzeus_top-banner%22%7D%7D%7D%2C%7B%22id%22%3A%229a85b209-a90e-4af7-b35a-b996ec48dd12%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A970%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22702992%22%7D%7D%2C%7B%22w%22%3A970%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22702992%22%7D%7D%2C%7B%22w%22%3A728%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22702992%22%7D%7D%5D%2C%22ext%22%3A%7B%22gpid%22%3A%227675%2Fzeus_top-banner%22%7D%7D%7D%2C%7B%22id%22%3A%22b236e282-91e9-4cfa-b208-dd355c1e8853%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A300%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22702993%22%7D%7D%5D%2C%22ext%22%3A%7B%22gpid%22%3A%227675%2Fzeus_inline-story-1%22%7D%7D%7D%5D%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fwww.newsobserver.com%2Fnews%2Fbusiness%2Farticle257921743.html%3Futm_medium%3Demail%26amp%22%2C%22ref%22%3A%22%22%7D%2C%22user%22%3A%7B%22eids%22%3A%5B%7B%22source%22%3A%22adserver.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%2278b4844b-aae7-4c34-9feb-c3730bce9346%22%2C%22ext%22%3A%7B%22rtiPartner%22%3A%22TDID%22%7D%7D%2C%7B%22id%22%3A%22FALSE%22%2C%22ext%22%3A%7B%22rtiPartner%22%3A%22TDID_LOOKUP%22%7D%7D%2C%7B%22id%22%3A%222022-02-25T21%3A55%3A54%22%2C%22ext%22%3A%7B%22rtiPartner%22%3A%22TDID_CREATED_AT%22%7D%7D%5D%7D%2C%7B%7D%2C%7B%7D%5D%7D%7D
Requested by
Host: mcclatchy-newsobserver.zeustechnology.com
URL: https://mcclatchy-newsobserver.zeustechnology.com/main.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.31.84.150 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-31-84-150.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
138d6c1a7a6db96fca90ce8b6ce226d5ccfe1d4854e9b349d942d60bd20edad3

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 25 Feb 2022 21:55:55 GMT
x-ak-initial-geo
CC:[DE], RC:[HE], CN:[EU], CIP:[138.199.38.133], XFF:[]
server
Apache
content-type
application/json
access-control-allow-origin
https://www.newsobserver.com
x-cs-client-geo
12
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
58
x-ak-client-geo
12
expires
Fri, 25 Feb 2022 21:55:55 GMT
arj
mcclatchy-d.openx.net/w/1.0/ 		71 B
381 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mcclatchy-d.openx.net/w/1.0/arj?auid=545653694,545653698&aus=970x250,970x90,728x90|300x250&bc=hb_pb_wapo&be=1&ch=UTF-8&ju=https%3A%2F%2Fwww.newsobserver.com%2Fnews%2Fbusiness%2Farticle257921743.html%3Futm_medium%3Demail%26amp&res=1600x1200x24&tz=0&nocache=1645826155170
Requested by
Host: mcclatchy-newsobserver.zeustechnology.com
URL: https://mcclatchy-newsobserver.zeustechnology.com/main.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/17.1.0 /
Resource Hash
571d29030eddb0ad8e924f625d155f38e67271b228e59afba74ad2304369ee75

Request headers

Referer
https://www.newsobserver.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Fri, 25 Feb 2022 21:55:55 GMT
content-encoding
gzip
server
OXGW/17.1.0
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://www.newsobserver.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
application/json
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
77
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
translator
hbopenbid.pubmatic.com/ 		0
120 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=zeus_client
Requested by
Host: mcclatchy-newsobserver.zeustechnology.com
URL: https://mcclatchy-newsobserver.zeustechnology.com/main.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.newsobserver.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
content-type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
https://www.newsobserver.com
date
Fri, 25 Feb 2022 21:55:54 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
fastlane.json
fastlane.rubiconproject.com/a/api/ 		348 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=6291&site_id=80324&tk_flint=custom&slots=2&size_id=2%3B15&alt_size_ids=55%2C57%3B&zone_id=2124892%3B2124894&rp_floor=0.01
Requested by
Host: mcclatchy-newsobserver.zeustechnology.com
URL: https://mcclatchy-newsobserver.zeustechnology.com/main.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
2602:803:c003:200::61 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
babed12c9b205a623d41b3807e090cf86ac5be73b2451de8b62029e26becdb15

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 25 Feb 2022 21:55:55 GMT
Server
nginx/1.16.0
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://www.newsobserver.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
348
Expires
Wed, 17 Sep 1975 21:32:10 GMT
auction
tlx.3lift.com/header/ 		19 B
268 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tlx.3lift.com/header/auction?lib=zeus&v=1&referrer=www.newsobserver.com&debug=false
Requested by
Host: mcclatchy-newsobserver.zeustechnology.com
URL: https://mcclatchy-newsobserver.zeustechnology.com/main.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.123.205.63 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-123-205-63.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.newsobserver.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 25 Feb 2022 21:55:55 GMT
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.newsobserver.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
19
x-xss-protection
0
expires
Thu, 15 Oct 1992 20:10:00 GMT
bid
c.amazon-adsystem.com/e/dtb/ 		23 B
496 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.newsobserver.com%2Fnews%2Fbusiness%2Farticle257921743.html%3Futm_medium%3Demail%26amp&pid=IBayXJonKVS1o&cb=0&ws=1600x1200&v=7.73.0&t=1000&slots=%5B%7B%22sd%22%3A%22zeus_overlay%22%2C%22s%22%3A%5B%221x1%22%5D%2C%22sn%22%3A%22%2F7675%2FRAL.site_newsobserver%2FBusiness%22%7D%2C%7B%22sd%22%3A%22zeus_top-banner%22%2C%22s%22%3A%5B%22970x250%22%2C%22970x90%22%2C%22728x90%22%5D%2C%22sn%22%3A%22%2F7675%2FRAL.site_newsobserver%2FBusiness%22%7D%2C%7B%22sd%22%3A%22zeus_inline-story-1%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F7675%2FRAL.site_newsobserver%2FBusiness%22%7D%5D&pubid=10f892c4-b76d-4f37-b1fd-0ae5d74780b5&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.95.188 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-95-188.fra50.r.cloudfront.net
Software
Server /
Resource Hash
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:55:55 GMT
via
1.1 e38834cd8f7f79ef118dc9bba0861780.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
FRA50-C1
x-amz-rid
RW3Z16CZAWCABXFY3H9J
vary
Accept-Encoding,User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://www.newsobserver.com
access-control-allow-credentials
true
permissions-policy
interest-cohort=()
strict-transport-security
max-age=47474747; includeSubDomains; preload
timing-allow-origin
*
content-length
23
x-amz-cf-id
NLc4brGuG8NTKEzL2wahiUQV2n20qZnZy_2RP8k-SWTWPfYusVk6Ow==
QGYsz_wNahGAdqQ43Rh_fKDp.woff2
fonts.gstatic.com/s/worksans/v16/ Frame B73B 		47 KB
47 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/worksans/v16/QGYsz_wNahGAdqQ43Rh_fKDp.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Work+Sans:wght@400;600&display=swap
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
481b2fb6ea4f714f9b58e143ddb63f973e0fc1b14a4d8213517b4451644c9fae
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.newsobserver.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Wed, 23 Feb 2022 05:34:56 GMT
x-content-type-options
nosniff
age
231659
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
48480
x-xss-protection
0
last-modified
Thu, 03 Feb 2022 00:24:58 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 23 Feb 2023 05:34:56 GMT
/
p1.parsely.com/plogger/ 		43 B
257 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://p1.parsely.com/plogger/?rand=1645826155209&plid=79855118&idsite=newsobserver.com&url=https%3A%2F%2Fwww.newsobserver.com%2Fnews%2Fbusiness%2Farticle257921743.html&urlref=&screen=1600x1200%7C1600x1200%7C24&data=%7B%22subscriber%22%3Afalse%7D&sid=1&surl=https%3A%2F%2Fwww.newsobserver.com%2Fnews%2Fbusiness%2Farticle257921743.html%3Futm_medium%3Demail%26amp&sref=&sts=1645826155204&slts=0&title=SingleStore+could+double+employees+in+Raleigh+in+2022+%7C+Raleigh+News+%26+Observer&date=Fri+Feb+25+2022+21%3A55%3A55+GMT%2B0000+(GMT)&action=pageview&pvid=56843879&u=pid%3D05c40783f94ac933c09da6544658653e
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.205.167.202 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-205-167-202.compute-1.amazonaws.com
Software
nginx /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Fri, 25 Feb 2022 21:55:55 GMT
Cache-Control
no-cache
Last-Modified
Friday, 25-Feb-2022 21:55:55 GMT
Server
nginx
Connection
keep-alive
Content-Length
43
Content-Type
image/gif
b2
sb.scorecardresearch.com/ Frame ABD3
Redirect Chain
  • https://sb.scorecardresearch.com/b?c1=2&c2=6035363&ns__t=1645826155213&ns_c=UTF-8&ns_if=1&cv=3.5&c8=SingleStore%20could%20double%20employees%20in%20Raleigh%20in%202022%20%7C%20Raleigh%20News%20%26%...
  • https://sb.scorecardresearch.com/b2?c1=2&c2=6035363&ns__t=1645826155213&ns_c=UTF-8&ns_if=1&cv=3.5&c8=SingleStore%20could%20double%20employees%20in%20Raleigh%20in%202022%20%7C%20Raleigh%20News%20%26...
0
223 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sb.scorecardresearch.com/b2?c1=2&c2=6035363&ns__t=1645826155213&ns_c=UTF-8&ns_if=1&cv=3.5&c8=SingleStore%20could%20double%20employees%20in%20Raleigh%20in%202022%20%7C%20Raleigh%20News%20%26%20Observer&c7=https%3A%2F%2Fwww.newsobserver.com%2Fnews%2Fbusiness%2Farticle257921743.html%3Futm_medium%3Demail%26amp&c9=
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
Protocol
H2
Server
143.204.98.125 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-125.fra50.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:55:55 GMT
via
1.1 009e5e3e32afcd1d135a7234c9da5520.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA50-C1
etag
W/"0-2jmj7l5rSw0yVb/vlWAYkK/YBwk"
x-amz-cf-id
yziQK1I8mwOMmRZvSpZnYG3_WutZ44sIenfer3b_RZ702AiBbMdKKg==
x-cache
Miss from cloudfront

Redirect headers

date
Fri, 25 Feb 2022 21:55:55 GMT
via
1.1 009e5e3e32afcd1d135a7234c9da5520.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA50-C1
vary
Accept
x-cache
Miss from cloudfront
content-type
text/plain; charset=utf-8
location
https://sb.scorecardresearch.com/b2?c1=2&c2=6035363&ns__t=1645826155213&ns_c=UTF-8&ns_if=1&cv=3.5&c8=SingleStore%20could%20double%20employees%20in%20Raleigh%20in%202022%20%7C%20Raleigh%20News%20%26%20Observer&c7=https%3A%2F%2Fwww.newsobserver.com%2Fnews%2Fbusiness%2Farticle257921743.html%3Futm_medium%3Demail%26amp&c9=
content-length
341
x-amz-cf-id
p5mjysg9-KQHKveGflIKZ5b6fX9b50G04S6XWBvQZdAZ2cytkOKAsw==
/
lasteventf-tm.everesttech.net/ Frame F065 		0
143 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://lasteventf-tm.everesttech.net/?_les_imsOrgId=3B6E35F15A82BBB00A495D91@AdobeOrg&_les_sdid=816B9548B266CAB6-11B49A2D6F81B7A4&_les_last_search_click=&_les_rsid=mccltallmcclatchy&_les_mid=01471618368873911522870817528985920009&_les_url=https%3A%2F%2Fwww.newsobserver.com%2Fnews%2Fbusiness%2Farticle257921743.html%3Futm_medium%3Demail%26amp
Requested by
Host: www.everestjs.net
URL: https://www.everestjs.net/static/le/last-event-tag-latest.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Varnish /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:55:55 GMT
via
1.1 varnish
server
Varnish
x-timer
S1645826155.235489,VS0,VE0
x-cache
MISS
content-type
text/plain
access-control-allow-origin
https://www.newsobserver.com
access-control-allow-credentials
true
x-cache-hits
0
accept-ranges
bytes
content-length
0
retry-after
0
x-served-by
cache-hhn4069-HHN
t
jadserve.postrelease.com/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://jadserve.postrelease.com/t?ntv_url=https%3A%2F%2Fwww.newsobserver.com%2Fnews%2Fbusiness%2Farticle257921743.html%3Futm_medium%3Demail%26amp&ntv_mvi
Requested by
Host: s.ntv.io
URL: https://s.ntv.io/serve/load.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.92.67.221 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-92-67-221.compute-1.amazonaws.com
Software
nginx/1.12.1 /
Resource Hash
2c9b510a3a779a1ead27e4c03828263237d01d50cfa55d490562fe3a9133d631

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 25 Feb 2022 21:55:55 GMT
content-encoding
gzip
server
nginx/1.12.1
p3p
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type
text/javascript;charset=UTF-8
content-length
1373
expires
Mon, 1 Jan 1990 12:00:00 GMT
t
jadserve.postrelease.com/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://jadserve.postrelease.com/t?ntv_url=https%3A%2F%2Fwww.newsobserver.com%2Fnews%2Fbusiness%2Farticle257921743.html%3Futm_medium%3Demail%26amp&ntv_0=8&ntv_1=4&ntv_2=0&ntv_3=6&ntv_4=6&ntv_5=9&ntv_6=,&ntv_7=7&ntv_8=7&ntv_9=5&ntv_10=5&ntv_11=6&ntv_12=3&ntv_13=,&ntv_14=8&ntv_15=4&ntv_16=4&ntv_17=3&ntv_18=5&ntv_19=2&ntv_utf8Encode=function(){return%20unescape(encodeURIComponent(this))}&ntv_utf8Decode=function(){try{return%20decodeURIComponent(escape(this))}catch(e){return%20this}}&ntv_mvi
Requested by
Host: s.ntv.io
URL: https://s.ntv.io/serve/load.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.92.67.221 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-92-67-221.compute-1.amazonaws.com
Software
nginx/1.12.1 /
Resource Hash
718373a7c91888a59dd68756bc890f76e73bdb7301b10617f295a76cc03c7753

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 25 Feb 2022 21:55:55 GMT
content-encoding
gzip
server
nginx/1.12.1
p3p
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type
text/javascript;charset=UTF-8
content-length
1377
expires
Mon, 1 Jan 1990 12:00:00 GMT
Test_oPS_Script_Loads
sqs.us-east-1.amazonaws.com/397719490216/ 		378 B
658 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://sqs.us-east-1.amazonaws.com/397719490216/Test_oPS_Script_Loads?Action=SendMessage&MessageBody=cid%3D11%26bt%3Dnull
Requested by
Host: d15kdpgjg3unno.cloudfront.net
URL: https://d15kdpgjg3unno.cloudfront.net/oPS.js?cid=11
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.236.169.120 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-236-169-120.compute-1.amazonaws.com
Software
/
Resource Hash
a0891aabef5e8bc86e13dad5fdad8b113032f0f113f6298059bbdf2abe567c4a

Request headers

Referer
https://www.newsobserver.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
x-amzn-RequestId,x-amzn-ErrorType,x-amzn-ErrorMessage,Date
x-amzn-RequestId
fc127275-4c39-518b-8729-28e61e92a940
Date
Fri, 25 Feb 2022 21:55:55 GMT
Content-Length
378
Content-Type
text/xml
i
www.i.matheranalytics.com/ Frame A494 		43 B
245 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.i.matheranalytics.com/i?e=pv&page=ml&sec=Business&prem=metered&ptype=Story&uid=Unregistered&auth=Zachery%20Eanes&artpubt=1643803860&tv=js-3.0.146&tna=Mather&aid=v1&p=web&tz=Etc%2FUnknown&tzoff=0&lang=en-US&cs=UTF-8&navt=link&f_pdf=1&res=1600x1200&cd=24&cookie=1&f_es6=1&f_gears=2&tvltm=7&tvcfg=all&tid=0711ab1d-8df0-41d5-beeb-69a0f0376976&pid=d3457060-15e8-4da0-9512-be3bce3d36e9&dtm=1645826155268&qnm=_matherq&visible=1&tabid=cf85f918-aef1-45d9-a7ce-5912af46ef5f&url=https%3A%2F%2Fwww.newsobserver.com%2Fnews%2Fbusiness%2Farticle257921743.html%3Futm_medium%3Demail%26amp&vp=0x0&ds=0x0&tofa=1645826155&vid=1&lvidt=1645826155&duid=87875a7fa36c0041&fp=839606422&cid=ma12095&mrk=74930332&cx=eyJjYXRlZ29yeSI6eyJjYXRlZ29yaWVzIjpbWyJCdXNpbmVzc3x8fHwiXV19LCJpZGVudGl0eSI6e30sInBlcmYiOnsic3RhcnQiOiIxNjQ1ODI2MTU1MDE4IiwicmVkaXJDbnQiOiIwIiwibmF2VHlwZSI6ImxpbmsiLCJoZWFwVSI6IjMxLjJtYiIsImhlYXBUIjoiMzcuM21iIiwicmVzcEUiOiI0IiwiZG9tTG9hZCI6IjAiLCJkb21JbnRlciI6IjQiLCJkb21Mb2FkUyI6IjQiLCJkb21Mb2FkRSI6IjQiLCJkb21DbXBsdCI6IjQiLCJsb2FkUyI6IjQiLCJsb2FkRSI6IjQifSwiY2FtcGFpZ25zIjpbeyJwYWdlSWQiOiJkMzQ1NzA2MC0xNWU4LTRkYTAtOTUxMi1iZTNiY2UzZDM2ZTkiLCJuYW1lIjoidXRtX21lZGl1bSIsInZhbHVlIjoiZW1haWwiLCJyZWZUaW1lIjoiMTY0NTgyNjE1NSIsImNyZWF0ZVRpbWUiOiIxNjQ1ODI2MTU1In1dfQ
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.80.118.188 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-80-118-188.compute-1.amazonaws.com
Software
/
Resource Hash
d6fbd6d46b0a1be6a3cdc49f712f83d661805a42fc37993340e2cc4493819adc

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Fri, 25 Feb 2022 21:55:55 GMT
Connection
keep-alive
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
Content-Length
43
Content-Type
image/gif
AGSKWxWz6ewim4e183v8oVxRxRZz-LJnUPv4oiDSs3FejuOmDwEXknZVQ2CtvRcuB3xXl5ASAIPnNl2BAdCH4Ckf
fundingchoicesmessages.google.com/el/ 		0
25 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxWz6ewim4e183v8oVxRxRZz-LJnUPv4oiDSs3FejuOmDwEXknZVQ2CtvRcuB3xXl5ASAIPnNl2BAdCH4Ckf?pvid=D61C8791-AFB1-47CF-95AE-037986192C68&anonid=EECC7AC0-D574-4F47-8D53-6EC7BFE4E243
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.de.oCH7OEp009U.es5.O/d=1/rs=AJlcJMx1TQHWGiZLCmw9gE8DlzJe1V9wOQ/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-lxhGOfADaINBEIlUcMNaYg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-lxhGOfADaINBEIlUcMNaYg' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.newsobserver.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type
text/plain

Response headers

date
Fri, 25 Feb 2022 21:55:55 GMT
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
pragma
no-cache
server
ESF
cross-origin-opener-policy
same-origin
x-frame-options
SAMEORIGIN
access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
content-type
text/html; charset=utf-8
access-control-allow-origin
https://www.newsobserver.com
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-lxhGOfADaINBEIlUcMNaYg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-lxhGOfADaINBEIlUcMNaYg' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
expires
Mon, 01 Jan 1990 00:00:00 GMT
AGSKWxWz6ewim4e183v8oVxRxRZz-LJnUPv4oiDSs3FejuOmDwEXknZVQ2CtvRcuB3xXl5ASAIPnNl2BAdCH4Ckf
fundingchoicesmessages.google.com/el/ 		0
25 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxWz6ewim4e183v8oVxRxRZz-LJnUPv4oiDSs3FejuOmDwEXknZVQ2CtvRcuB3xXl5ASAIPnNl2BAdCH4Ckf?pvid=D61C8791-AFB1-47CF-95AE-037986192C68&anonid=EECC7AC0-D574-4F47-8D53-6EC7BFE4E243
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.de.oCH7OEp009U.es5.O/d=1/rs=AJlcJMx1TQHWGiZLCmw9gE8DlzJe1V9wOQ/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-bkQXsNQh/1rvU1UDIeSTBQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-bkQXsNQh/1rvU1UDIeSTBQ' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.newsobserver.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type
text/plain

Response headers

date
Fri, 25 Feb 2022 21:55:55 GMT
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
pragma
no-cache
server
ESF
cross-origin-opener-policy
same-origin
x-frame-options
SAMEORIGIN
access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
content-type
text/html; charset=utf-8
access-control-allow-origin
https://www.newsobserver.com
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-bkQXsNQh/1rvU1UDIeSTBQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-bkQXsNQh/1rvU1UDIeSTBQ' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
expires
Mon, 01 Jan 1990 00:00:00 GMT
AGSKWxWr3YpvHCmMXaMkOZAASkNyBicULP81JxWa_KALhB6pmqf3w7wQhDE0lWatGuQHoTX5AvWty-KiGNtAvt0i
fundingchoicesmessages.google.com/el/ 		0
25 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxWr3YpvHCmMXaMkOZAASkNyBicULP81JxWa_KALhB6pmqf3w7wQhDE0lWatGuQHoTX5AvWty-KiGNtAvt0i?pvid=D61C8791-AFB1-47CF-95AE-037986192C68&anonid=EECC7AC0-D574-4F47-8D53-6EC7BFE4E243
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.de.oCH7OEp009U.es5.O/d=1/rs=AJlcJMx1TQHWGiZLCmw9gE8DlzJe1V9wOQ/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-LBj9PochAM6fxCL8/mPdtw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-LBj9PochAM6fxCL8/mPdtw' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.newsobserver.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type
text/plain

Response headers

date
Fri, 25 Feb 2022 21:55:55 GMT
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
pragma
no-cache
server
ESF
cross-origin-opener-policy
same-origin
x-frame-options
SAMEORIGIN
access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
content-type
text/html; charset=utf-8
access-control-allow-origin
https://www.newsobserver.com
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-LBj9PochAM6fxCL8/mPdtw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-LBj9PochAM6fxCL8/mPdtw' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
expires
Mon, 01 Jan 1990 00:00:00 GMT
AGSKWxXYMYP6BzJ7YzhZc01T-GBrZQ-n60ydKn7StTw_VnkCtA6iCtWVJh1KGBBx0XJ2e5U8hd7k8vIPo6pZ7fkO
fundingchoicesmessages.google.com/f/ 		62 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/f/AGSKWxXYMYP6BzJ7YzhZc01T-GBrZQ-n60ydKn7StTw_VnkCtA6iCtWVJh1KGBBx0XJ2e5U8hd7k8vIPo6pZ7fkO?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNjQ1ODI2MTU1LDI5MzAwMDAwMF0sIkQ2MUM4NzkxLUFGQjEtNDdDRi05NUFFLTAzNzk4NjE5MkM2OCIsIkVFQ0M3QUMwLUQ1NzQtNEY0Ny04RDUzLTZFQzdCRkU0RTI0MyIsbnVsbCxbbnVsbCxbN10sbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLHRydWUsdHJ1ZV0sImh0dHBzOi8vd3d3Lm5ld3NvYnNlcnZlci5jb20vbmV3cy9idXNpbmVzcy9hcnRpY2xlMjU3OTIxNzQzLmh0bWwiLG51bGwsW11d
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.de.oCH7OEp009U.es5.O/d=1/rs=AJlcJMx1TQHWGiZLCmw9gE8DlzJe1V9wOQ/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
4e2ca7e6b935040d368111d2d8944e7687f7a2d81ccfda35862bb82af2673f7b
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-cMc1Mo5SJw9QsdZdXZkICA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-cMc1Mo5SJw9QsdZdXZkICA' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 25 Feb 2022 21:55:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
ESF
cross-origin-opener-policy
same-origin; report-to="ContributorGlobalRouterHttp"
x-frame-options
SAMEORIGIN
report-to
{"group":"ContributorGlobalRouterHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ContributorGlobalRouterHttp/external"}]}
content-type
application/javascript; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'report-sample' 'nonce-cMc1Mo5SJw9QsdZdXZkICA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-cMc1Mo5SJw9QsdZdXZkICA' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
expires
Mon, 01 Jan 1990 00:00:00 GMT
match
c1.adform.net/serving/cookie/ Frame F1E6
Redirect Chain
  • https://c1.adform.net/serving/cookie/match?party=14&cid=5BEBE1D3-4BAF-44DC-B4D6-4F3B1B462FEE
  • https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=5BEBE1D3-4BAF-44DC-B4D6-4F3B1B462FEE
35 B
468 B 		Document
General
Check archive.org
Download Go to
Full URL
https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=5BEBE1D3-4BAF-44DC-B4D6-4F3B1B462FEE
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=159414&s=&predirect=&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.3.30 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
date
Fri, 25 Feb 2022 21:55:55 GMT
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate, no-transform
pragma
no-cache
expires
-1
access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods
GET
access-control-allow-origin
*
access-control-max-age
86400
strict-transport-security
max-age=31536000; includeSubDomains

Redirect headers

server
nginx
date
Fri, 25 Feb 2022 21:55:55 GMT
content-length
0
location
https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=5BEBE1D3-4BAF-44DC-B4D6-4F3B1B462FEE
cache-control
no-cache, no-store, must-revalidate, no-transform
pragma
no-cache
expires
-1
access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods
GET
access-control-allow-origin
*
access-control-max-age
86400
strict-transport-security
max-age=31536000; includeSubDomains
usersync.aspx
dis.criteo.com/dis/ Frame D522 		43 B
362 B 		Document
General
Check archive.org
Download Go to
Full URL
https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=159414&s=&predirect=&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.0.163 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

date
Fri, 25 Feb 2022 21:55:54 GMT
content-type
image/gif
server
Kestrel
cache-control
no-cache
pragma
no-cache
expires
Fri, 25 Feb 2022 00:00:00 GMT
x-errorlevel
0
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cross-origin-resource-policy
cross-origin
server-processing-duration-in-ticks
600144
strict-transport-security
max-age=31536000; preload;
Pug
image2.pubmatic.com/AdServer/ Frame D6D7
Redirect Chain
  • https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
  • https://d5p.de17a.com/getuid/pubmatic;c?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=7070764015484992801
42 B
520 B 		Document
General
Check archive.org
Download Go to
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=7070764015484992801
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=159414&s=&predirect=&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
date
Fri, 25 Feb 2022 21:55:55 GMT
content-type
image/gif; charset=utf-8
content-length
42
x-lat
lhrpug022:0:443
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
no-store, no-cache, private

Redirect headers

location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=7070764015484992801
content-length
0
p3p
CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV
Pug
simage2.pubmatic.com/AdServer/ Frame 9CB0
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA%3D%3D%26piggybackCookie%...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:b7ee6219-506a-4a00-b525-30b76c7dbba9&gdpr=0&gdpr_consent=
42 B
651 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:b7ee6219-506a-4a00-b525-30b76c7dbba9&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=159414&s=&predirect=&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
date
Fri, 25 Feb 2022 17:26:01 GMT
content-type
image/gif; charset=utf-8
content-length
42
x-lat
amspug0026:0:471
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
no-store, no-cache, private

Redirect headers

Date
Fri, 25 Feb 2022 21:55:55 GMT
Content-Type
image/gif
Content-Length
0
Connection
keep-alive
Keep-Alive
timeout=360
Access-Control-Allow-Origin
*
Server
MT3 4172 645ee8c master zrh-pixel-x26 config:1.0.0
Cache-Control
no-cache
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:b7ee6219-506a-4a00-b525-30b76c7dbba9&gdpr=0&gdpr_consent=
Expires
Fri, 25 Feb 2022 21:55:54 GMT
Pug
simage2.pubmatic.com/AdServer/ Frame 9225
Redirect Chain
  • https://dsp.adfarm1.adition.com/cookie/?ssp=9
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7068769510638024856
42 B
211 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7068769510638024856
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=159414&s=&predirect=&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
date
Fri, 25 Feb 2022 21:55:54 GMT
content-type
image/gif; charset=utf-8
content-length
42
x-lat
amspug010:0:329
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
no-store, no-cache, private

Redirect headers

Server
nginx
Date
Fri, 25 Feb 2022 21:55:55 GMT
Transfer-Encoding
chunked
Connection
keep-alive
p3p
policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
Location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7068769510638024856
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 0EBE
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=W-vh00uvRNy01k87G0Yv7g%3D%3D
  • https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
15 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=159414&s=&predirect=&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&
Protocol
H2
Server
2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-233-180.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:55:55 GMT
content-encoding
gzip
last-modified
Tue, 01 Feb 2022 06:38:00 GMT
server
Apache/2.2.15 (CentOS)
etag
"1300708-3de4-5d6ef246ef4cf"
vary
Accept-Encoding
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
max-age=66126
accept-ranges
bytes
content-type
text/html; charset=UTF-8
content-length
5549
expires
Sat, 26 Feb 2022 16:18:01 GMT

Redirect headers

pragma
no-cache
date
Fri, 25 Feb 2022 21:55:55 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
272
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
SPug
image4.pubmatic.com/AdServer/ Frame 0EBE
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D
  • https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=9e936219-506a-4300-b40d-5f858cd535a5
0
261 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=9e936219-506a-4300-b40d-5f858cd535a5
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=159414&s=&predirect=&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&
Protocol
H2
Server
198.47.127.20 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:55:53 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date
Fri, 25 Feb 2022 21:55:55 GMT
Server
MT3 4172 645ee8c master zrh-pixel-x31 config:1.0.0
Access-Control-Allow-Origin
*
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=9e936219-506a-4300-b40d-5f858cd535a5
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Fri, 25 Feb 2022 21:55:54 GMT
mw
mwzeom.zeotap.com/ Frame 0EBE
Redirect Chain
  • https://pixel.onaudience.com/?partner=214&mapped=5BEBE1D3-4BAF-44DC-B4D6-4F3B1B462FEE
  • https://loada.exelator.com/load/?p=1164&g=1&j=r&ru=https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D161%26icm%26cver%26mapped%3D%25%25UID%25%25
  • https://loada.exelator.com/load/?p=1164&g=1&j=r&ru=https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D161%26icm%26cver%26mapped%3D%25%25UID%25%25&xl8blockcheck=1
  • https://pixel.onaudience.com/?partner=161&icm&cver&mapped=9bf1f2452395c0f27a5db78401681a30
  • https://sync.crwdcntrl.net/map/c=8587/tp=CLOD?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D
  • https://sync.crwdcntrl.net/map/ct=y/c=8587/tp=CLOD?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D
  • https://pixel.onaudience.com/?partner=104&icm&cver&mapped=7e5dbfe0e61625f33461614e2904ebcf
  • https://spl.zeotap.com/?zdid=1332&zcluid=f5e64495cc0dbd06
  • https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=bb6e83e4-fbd8-416b-6315-b107db014794&reqId=f68f0154-97cf-4837-773c-25708787bbe8&zclui...
  • https://mwzeom.zeotap.com/mw?google_gid=CAESEKljnf9-A4Plg1b7oeftSHI&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=bb6e83e4-fbd8-416b-6315-b107db014794&reqId=f68f0154-97cf-4837-773c-257...
95 B
164 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?google_gid=CAESEKljnf9-A4Plg1b7oeftSHI&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=bb6e83e4-fbd8-416b-6315-b107db014794&reqId=f68f0154-97cf-4837-773c-25708787bbe8&zcluid=f5e64495cc0dbd06&zdid=1332
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=159414&s=&predirect=&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&
Protocol
H2
Server
2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:55:56 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://ads.pubmatic.com
access-control-allow-credentials
true
cf-ray
6e342e441b546951-FRA
access-control-allow-headers
*
content-length
95

Redirect headers

pragma
no-cache
date
Fri, 25 Feb 2022 21:55:56 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://mwzeom.zeotap.com/mw?google_gid=CAESEKljnf9-A4Plg1b7oeftSHI&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=bb6e83e4-fbd8-416b-6315-b107db014794&reqId=f68f0154-97cf-4837-773c-25708787bbe8&zcluid=f5e64495cc0dbd06&zdid=1332
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
469
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
Pug
image2.pubmatic.com/AdServer/ Frame 0EBE
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=NUJFQkUxRDMtNEJBRi00NERDLUI0RDYtNEYzQjFCNDYyRkVF&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
42 B
111 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=159414&s=&predirect=&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&
Protocol
H2
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:55:55 GMT
cache-control
no-store, no-cache, private
x-lat
lhrpug024:0:435
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Fri, 25 Feb 2022 21:55:55 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
Pug
image2.pubmatic.com/AdServer/ Frame 0EBE
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEJ-5OT2RloLRRqfdU3p2dKU&google_cver=1
42 B
282 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEJ-5OT2RloLRRqfdU3p2dKU&google_cver=1
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=159414&s=&predirect=&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&
Protocol
H2
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:55:55 GMT
cache-control
no-store, no-cache, private
x-lat
lhrpug005:0:590
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Fri, 25 Feb 2022 21:55:55 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEJ-5OT2RloLRRqfdU3p2dKU&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
379
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pubmatic
um.simpli.fi/ Frame 0EBE 		43 B
612 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=159414&s=&predirect=&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
159.122.14.34 , United States, ASN36351 (SOFTLAYER, US),
Reverse DNS
22.0e.7a9f.ip4.static.sl-reverse.com
Software
/
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:55:55 GMT
x-content-type-options
nosniff
last-modified
Mon, 28 Sep 1970 06:00:00 GMT
strict-transport-security
max-age=63072000; includeSubdomains; preload
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
43
expires
Thu, 24 Feb 2022 21:55:55 GMT
Pug
simage2.pubmatic.com/AdServer/ Frame 0EBE
Redirect Chain
  • https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COO...
  • https://c1.adform.net/serving/cookie/match?CC=1&party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=2185369571982332337
42 B
390 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=2185369571982332337
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=159414&s=&predirect=&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&
Protocol
H2
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:55:54 GMT
cache-control
no-store, no-cache, private
x-lat
amspug012:0:418
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Fri, 25 Feb 2022 21:55:55 GMT
server
nginx
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=2185369571982332337
access-control-max-age
86400
access-control-allow-methods
GET
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
Pug
simage2.pubmatic.com/AdServer/ Frame 0EBE
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=78b4844b-aae7-4c34-9feb-c3730bce9346
42 B
451 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=78b4844b-aae7-4c34-9feb-c3730bce9346
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=159414&s=&predirect=&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&
Protocol
H2
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:55:53 GMT
cache-control
no-store, no-cache, private
x-lat
amspug009:0:2009
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Fri, 25 Feb 2022 21:55:55 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=78b4844b-aae7-4c34-9feb-c3730bce9346
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
313
Pug
image2.pubmatic.com/AdServer/ Frame 0EBE
Redirect Chain
  • https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent=
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA%3D%26piggybackCookie%3D%24UID%26gdpr%3D0%26gdpr_consent%3D
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=6288090308618684967&gdpr=0&gdpr_consent=
42 B
235 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=6288090308618684967&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=159414&s=&predirect=&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&
Protocol
H2
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:55:55 GMT
cache-control
no-store, no-cache, private
x-lat
lhrpug013:0:476
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Pragma
no-cache
Date
Fri, 25 Feb 2022 21:55:55 GMT
X-Proxy-Origin
138.199.38.133; 138.199.38.133; 717.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid
8ba9bf76-d1b1-4937-96c1-31564b51ff5a
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=6288090308618684967&gdpr=0&gdpr_consent=
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
pixels
ssp-sync.criteo.com/user-sync/ 		13 B
288 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ssp-sync.criteo.com/user-sync/pixels?countrycode=DE
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.83 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
243fb9953e49b6005f6ae1772f507bb789a8893960a495850afe43fe34030311
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:55:54 GMT
content-encoding
br
server
Kestrel
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.newsobserver.com
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; preload;
events
bidder.criteo.com/csm/ 		0
221 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://bidder.criteo.com/csm/events
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
bidder.am5.vip.prod.criteo.com
Software
Finatra /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://www.newsobserver.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Fri, 25 Feb 2022 21:55:54 GMT
server
Finatra
vary
Origin
access-control-allow-origin
https://www.newsobserver.com
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; preload;
timing-allow-origin
*
forbes-484fef5e39bd1f12260ad07d5cc3499d.js
vd.trinitymedia.ai/trinity-player/buttons/ Frame 73C0 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://vd.trinitymedia.ai/trinity-player/buttons/forbes-484fef5e39bd1f12260ad07d5cc3499d.js
Requested by
Host: trinitymedia.ai
URL: https://trinitymedia.ai/player/trinity-player.php?pageURL=https%3A%2F%2Fwww.newsobserver.com%2Fnews%2Fbusiness%2Farticle257921743.html&unitId=2900000552&userId=c3cd285a-ee86-4d7d-a658-4f3e0718328a&isLegacyBrowser=false&version=20220225_97f2884b268b4d0d886e31759457fc419a2ff7bb&useCFCDN=0&themeId=315
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
205.185.216.42 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
map2.hwcdn.net
Software
AmazonS3 /
Resource Hash
f8e49947d3547dba3e5bf18c2cefcc2dda7ff5f714e52f398b97d84887d1c586

Request headers

Referer
https://trinitymedia.ai/
Origin
https://trinitymedia.ai
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:55:55 GMT
content-encoding
gzip
last-modified
Thu, 02 Dec 2021 16:20:22 GMT
server
AmazonS3
x-amz-request-id
7C43WXNCAWWE8ACD
etag
"36fd63d78ee11a3ae1d71d8cacae4b0a"
x-hw
1645826155.dop013.am5.t,1645826155.cds210.am5.hn,1645826155.cds291.am5.c
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=36476
accept-ranges
bytes
content-length
840
x-amz-id-2
feAYmAzCpFrtNprpJjTXVKqGkM6+6eiFQsHbT4U98RnkajS5du2o9xGj0JjU1FMzSNG9cWAPc4M=
trinity-player.js
vd.trinitymedia.ai/trinity-player/tts-player/20220225_97f2884b268b4d0d886e31759457fc419a2ff7bb/ Frame 73C0 		1 MB
199 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://vd.trinitymedia.ai/trinity-player/tts-player/20220225_97f2884b268b4d0d886e31759457fc419a2ff7bb/trinity-player.js
Requested by
Host: trinitymedia.ai
URL: https://trinitymedia.ai/player/trinity-player.php?pageURL=https%3A%2F%2Fwww.newsobserver.com%2Fnews%2Fbusiness%2Farticle257921743.html&unitId=2900000552&userId=c3cd285a-ee86-4d7d-a658-4f3e0718328a&isLegacyBrowser=false&version=20220225_97f2884b268b4d0d886e31759457fc419a2ff7bb&useCFCDN=0&themeId=315
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
205.185.216.42 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
map2.hwcdn.net
Software
AmazonS3 /
Resource Hash
f6382788327b22eca61d6904f8c9410b5760dd953cdd36483a5943f181738f51

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://trinitymedia.ai/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:55:55 GMT
content-encoding
gzip
last-modified
Fri, 25 Feb 2022 11:21:40 GMT
server
AmazonS3
x-amz-request-id
DADFKPSAKKH5X8QB
etag
"f77eb9bc31e2fb8c483b879b6e1d9c44"
x-hw
1645826155.dop214.am5.t,1645826155.cds243.am5.hn,1645826155.cds248.am5.c
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
content-length
203598
x-amz-id-2
HxtyYcJxlY424z3yPq8JJ9n+Ezm/RqxBByeDeDce+fKzNWvGMVPOp1vdtlJXHcD78ymojUVwLtk=
connatix.playspace.css
cds.connatix.com/p/151870/ 		99 KB
13 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cds.connatix.com/p/151870/connatix.playspace.css
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.playspace.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
ba2079aa9138b37a21f77b8dc51a0db401c136dc72e56c43891d6de5020ea217

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:55:55 GMT
content-encoding
br
last-modified
Fri, 25 Feb 2022 08:50:24 GMT
age
46788
etag
"dd800b2810ec6bd88a9c8e059c4c6459"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
access-control-max-age
86400
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
content-length
13591
headerstats
as-sec.casalemedia.com/ 		0
435 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://as-sec.casalemedia.com/headerstats?s=210842&u=https%3A%2F%2Fwww.newsobserver.com%2Fnews%2Fbusiness%2Farticle257921743.html%3Futm_medium%3Demail%26amp&v=3
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/185522-243508426708752.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.newsobserver.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

Pragma
no-cache
Date
Fri, 25 Feb 2022 21:55:55 GMT
X-AK-INITIAL-GEO
CC:[DE], RC:[HE], CN:[EU], CIP:[138.199.38.133], XFF:[]
Server
Apache
Access-Control-Allow-Origin
https://www.newsobserver.com
X-CS-CLIENT-GEO
12
Cache-Control
max-age=0, no-cache, no-store
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
0
X-AK-CLIENT-GEO
12
Expires
Fri, 25 Feb 2022 21:55:55 GMT
pixel_6cc292ca
www.newsobserver.com/akam/11/ 		0
782 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.newsobserver.com/akam/11/pixel_6cc292ca
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/akam/11/6cc292ca
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.219.128 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-219-128.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Fri, 25 Feb 2022 21:55:55 GMT
access-control-max-age
86400
access-control-allow-methods
GET,POST,OPTIONS
content-type
text/html
access-control-allow-origin
*
cache-control
max-age=0, no-cache
access-control-allow-credentials
false
access-control-allow-headers
*
content-length
0
expires
Fri, 25 Feb 2022 21:55:55 GMT
story
capi.connatix.com/core/ Frame A3B0 		200 B
520 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi.connatix.com/core/story?v=151870
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.playspace.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.216.183.199 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-216-183-199.us-east-2.compute.amazonaws.com
Software
Kestrel /
Resource Hash
a6473374780f5782e38516143842e20b9f24209965923e1e137bdeb8ded39342

Request headers

Referer
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Fri, 25 Feb 2022 21:55:55 GMT
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://www.newsobserver.com
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
218
css2
fonts.googleapis.com/ Frame 73C0 		2 KB
465 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Work+Sans:wght@400;600&display=swap
Requested by
Host: vd.trinitymedia.ai
URL: https://vd.trinitymedia.ai/trinity-player/tts-player/20220225_97f2884b268b4d0d886e31759457fc419a2ff7bb/trinity-player.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
7bc1c343272a50624781505b4fc29b239f9c4571f69db722259f05b515e540fd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://trinitymedia.ai/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Fri, 25 Feb 2022 20:21:06 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Fri, 25 Feb 2022 21:55:55 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 25 Feb 2022 21:55:55 GMT
collect
depart.trinitymedia.ai/api/ Frame 73C0 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://depart.trinitymedia.ai/api/collect?t=audio
Requested by
Host: vd.trinitymedia.ai
URL: https://vd.trinitymedia.ai/trinity-player/tts-player/20220225_97f2884b268b4d0d886e31759457fc419a2ff7bb/trinity-player.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.157.101.119 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-157-101-119.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash

Request headers

Referer
https://trinitymedia.ai/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Fri, 25 Feb 2022 21:55:55 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
access-control-allow-headers
origin, content-type, accept, authorization
content-length
0
access-control-allow-methods
GET, POST, OPTIONS
collect
depart.trinitymedia.ai/api/ Frame 73C0 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://depart.trinitymedia.ai/api/collect?t=audio
Requested by
Host: vd.trinitymedia.ai
URL: https://vd.trinitymedia.ai/trinity-player/tts-player/20220225_97f2884b268b4d0d886e31759457fc419a2ff7bb/trinity-player.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.157.101.119 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-157-101-119.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash

Request headers

Referer
https://trinitymedia.ai/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Fri, 25 Feb 2022 21:55:55 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
access-control-allow-headers
origin, content-type, accept, authorization
content-length
0
access-control-allow-methods
GET, POST, OPTIONS
trk.gif
jadserve.postrelease.com/ 		43 B
427 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://jadserve.postrelease.com/trk.gif?ntv_at=394&ntv_usid=6149213&ntv_pl=775563
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.92.67.221 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-92-67-221.compute-1.amazonaws.com
Software
nginx/1.12.1 /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 25 Feb 2022 21:55:55 GMT
server
nginx/1.12.1
p3p
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type
image/gif
content-length
43
expires
Mon, 1 Jan 1990 12:00:00 GMT
trk.gif
jadserve.postrelease.com/ 		43 B
427 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://jadserve.postrelease.com/trk.gif?ntv_ui=780ff170-65e1-4ad2-939a-fa53c119b27e&ntv_fl=CF4se3gYGjAPzQcMJoAeWXn779HbK1YqEawpkfv4QBWKxJhIUSJcEH3ygzv8pBedUNz2q2owTmpKy-N4DNQR1kF6GS-lPSjxk8zhcuRXAPK8FujW0aasFiLxcW3oGQhWDFSkoJmqYTGNPi7yR5VbjSl_dnMlRAmIN40CY1XUEdwl2IvpLSlcmYneDWSY4M8nt65K9c2_CjLEzI8hxHvY_00sKINO1Z-8m-wRILLqhRTFzEcu_WMhRA7MHPGUwI617gikwx49ANpRCAFdyzsfxL5-XFtfEyZ4Wd-LSL1MibQ=&ntv_ht=a1AZYgA&ntv_at=303,302&ntv_a=AAAAAAAAAA-8EQA&ord=1645826155681&ntv_it
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.92.67.221 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-92-67-221.compute-1.amazonaws.com
Software
nginx/1.12.1 /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 25 Feb 2022 21:55:55 GMT
server
nginx/1.12.1
p3p
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type
image/gif
content-length
43
expires
Mon, 1 Jan 1990 12:00:00 GMT
trk.gif
jadserve.postrelease.com/ 		43 B
427 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://jadserve.postrelease.com/trk.gif?ntv_ui=780ff170-65e1-4ad2-939a-fa53c119b27e&ntv_fl=CF4se3gYGjAPzQcMJoAeWXn779HbK1YqEawpkfv4QBWKxJhIUSJcEH3ygzv8pBedUNz2q2owTmpKy-N4DNQR1kF6GS-lPSjxk8zhcuRXAPK8FujW0aasFiLxcW3oGQhWDFSkoJmqYTGNPi7yR5VbjSl_dnMlRAmIN40CY1XUEdwl2IvpLSlcmYneDWSY4M8nt65K9c2_CjLEzI8hxHvY_00sKINO1Z-8m-wRILLqhRTFzEcu_WMhRA7MHPGUwI617gikwx49ANpRCAFdyzsfxL5-XFtfEyZ4Wd-LSL1MibQ=&ntv_ht=a1AZYgA&ntv_at=808&ntv_a=AAAAAAAAAAi9ULA&ntv_sat=15&ord=1645826155684&ntv_it
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.92.67.221 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-92-67-221.compute-1.amazonaws.com
Software
nginx/1.12.1 /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 25 Feb 2022 21:55:55 GMT
server
nginx/1.12.1
p3p
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type
image/gif
content-length
43
expires
Mon, 1 Jan 1990 12:00:00 GMT
gdprConsent
jadserve.postrelease.com/ 		43 B
427 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://jadserve.postrelease.com/gdprConsent?ntv_pl=775563&ntv_gdpr_consent=&ntv_it
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.92.67.221 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-92-67-221.compute-1.amazonaws.com
Software
nginx/1.12.1 /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 25 Feb 2022 21:55:55 GMT
server
nginx/1.12.1
p3p
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type
image/gif
content-length
43
expires
Mon, 1 Jan 1990 12:00:00 GMT
trk.gif
jadserve.postrelease.com/ 		43 B
427 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://jadserve.postrelease.com/trk.gif?ntv_ui=868d26a2-c887-4005-9f37-7c6dcd338887&ntv_fl=CF4se3gYGjAPzQcMJoAeWXn779HbK1YqEawpkfv4QBWKxJhIUSJcEH3ygzv8pBedUNz2q2owTmpKy-N4DNQR1kF6GS-lPSjxk8zhcuRXAPK8FujW0aasFiLxcW3oGQhWDFSkoJmqYTGNPi7yR5VbjSl_dnMlRAmIN40CY1XUEdwl2IvpLSlcmYneDWSY4M8nt65K9c2_CjLEzI8hxHvY_00sKINO1Z-8m-wRILLqhRTFzEcu_WMhRA7MHPGUwI617gikwx49ANpRCAFdyzsfxL5-XFtfEyZ4Wd-LSL1MibQ=&ntv_ht=a1AZYgA&ntv_at=303&ntv_a=AAAAAAAAAA-8EQA&ord=1645826155687&ntv_it
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.92.67.221 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-92-67-221.compute-1.amazonaws.com
Software
nginx/1.12.1 /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 25 Feb 2022 21:55:55 GMT
server
nginx/1.12.1
p3p
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type
image/gif
content-length
43
expires
Mon, 1 Jan 1990 12:00:00 GMT
trk.gif
jadserve.postrelease.com/ 		43 B
427 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://jadserve.postrelease.com/trk.gif?ntv_ui=868d26a2-c887-4005-9f37-7c6dcd338887&ntv_fl=CF4se3gYGjAPzQcMJoAeWXn779HbK1YqEawpkfv4QBWKxJhIUSJcEH3ygzv8pBedUNz2q2owTmpKy-N4DNQR1kF6GS-lPSjxk8zhcuRXAPK8FujW0aasFiLxcW3oGQhWDFSkoJmqYTGNPi7yR5VbjSl_dnMlRAmIN40CY1XUEdwl2IvpLSlcmYneDWSY4M8nt65K9c2_CjLEzI8hxHvY_00sKINO1Z-8m-wRILLqhRTFzEcu_WMhRA7MHPGUwI617gikwx49ANpRCAFdyzsfxL5-XFtfEyZ4Wd-LSL1MibQ=&ntv_ht=a1AZYgA&ntv_at=808&ntv_a=AAAAAAAAAAi9ULA&ntv_sat=15&ord=1645826155688&ntv_it
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.92.67.221 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-92-67-221.compute-1.amazonaws.com
Software
nginx/1.12.1 /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 25 Feb 2022 21:55:55 GMT
server
nginx/1.12.1
p3p
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type
image/gif
content-length
43
expires
Mon, 1 Jan 1990 12:00:00 GMT
QGYsz_wNahGAdqQ43Rh_fKDp.woff2
fonts.gstatic.com/s/worksans/v16/ Frame 73C0 		47 KB
47 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/worksans/v16/QGYsz_wNahGAdqQ43Rh_fKDp.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Work+Sans:wght@400;600&display=swap
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
481b2fb6ea4f714f9b58e143ddb63f973e0fc1b14a4d8213517b4451644c9fae
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://trinitymedia.ai
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Wed, 23 Feb 2022 05:34:56 GMT
x-content-type-options
nosniff
age
231659
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
48480
x-xss-protection
0
last-modified
Thu, 03 Feb 2022 00:24:58 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 23 Feb 2023 05:34:56 GMT
QGYsz_wNahGAdqQ43Rh_fKDp.woff2
fonts.gstatic.com/s/worksans/v16/ Frame 73C0 		47 KB
47 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/worksans/v16/QGYsz_wNahGAdqQ43Rh_fKDp.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Work+Sans:wght@400;600&display=swap
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
481b2fb6ea4f714f9b58e143ddb63f973e0fc1b14a4d8213517b4451644c9fae
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://trinitymedia.ai
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Wed, 23 Feb 2022 05:34:56 GMT
x-content-type-options
nosniff
age
231659
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
48480
x-xss-protection
0
last-modified
Thu, 03 Feb 2022 00:24:58 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 23 Feb 2023 05:34:56 GMT
gen_204
pagead2.googlesyndication.com/pagead/ 		0
442 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=gpt_fc_has_namespace_but_no_iframes&pvsid=1613147592311906&vrg=2022022401&nw_id=7675&nslots=3&eid=31065353%2C31064019&pub_url=https%3A%2F%2Fwww.newsobserver.com%2Fnews%2Fbusiness%2Farticle257921743.html%3Futm_medium%3Demail%26amp&networkId=7675
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 25 Feb 2022 21:55:55 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
integrator.js
adservice.google.de/adsid/ 		107 B
792 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=www.newsobserver.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022401.js?cb=31065353
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 25 Feb 2022 21:55:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
549 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=www.newsobserver.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022401.js?cb=31065353
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 25 Feb 2022 21:55:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/ 		95 KB
22 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1613147592311906&correlator=1065812647516012&output=ldjh&impl=fifs&eid=31065353%2C31064019&vrg=2022022401&ptt=17&sc=1&sfv=1-0-38&ecs=20220225&iu_parts=7675%2CRAL.site_newsobserver%2CBusiness&enc_prev_ius=%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2&prev_iu_szs=1x1%2C970x250%7C970x90%7C728x90%2C320x50%7C300x250&fluid=0%2C0%2Cheight&ists=4&prev_scp=slot%3Doverlay%26zeus_rendercount%3D1%26zeus_slot%3Dzeus_overlay.init.dsk%26amznbid%3D2%26amznp%3D2%7Catf%3Dy%26pkg%3Da%26slot%3Dtop-banner%26zeus_rendercount%3D1%26zeus_slot%3Dzeus_top-banner.init.dsk%26amznbid%3D2%26amznp%3D2%26optimera%3DZ%2CC0%2CD4%2CSA1%2CSA2%2CSA3%2COB3%2CE1%2CJ6%2CE0%2CJ0%2CB%7Catf%3Dn%26pkg%3Db%26slot%3Dinline-story-1%26zeus_rendercount%3D1%26zeus_slot%3Dzeus_inline-story-1.init.dsk%26amznbid%3D2%26amznp%3D2%26optimera%3DZ%2CA6%2CSA1%2CSA2%2CSA3%2CJ1%2CA5%2CA4%2CA3%2CTH0%2COA9%2CSA5%2CB%26zeus_appnexus%3D10%26zeus_auctionid_appnexus%3D2684997578350515165&eri=1&cust_params=zeus%3Dapplied%26cob%3Dy%26id%3D257921743%26pl%3Dstory%26ref%3D%26sect%3Dbusiness%26sids%3D10604%252C7041%252C7043%252C10652%252C10628%26sub%3Dn%26swgt%3Dna%26top%3D%26vl%3D0&cookie_enabled=1&bc=31&abxe=1&dt=1645826155725&lmt=1645826155&dlt=1645826154446&idt=708&frm=20&biw=1600&bih=1200&oid=2&adxs=-12245933%2C800%2C989&adys=-12245933%2C68%2C1373&ucis=1%7C2%7C3&adks=2752715635%2C1545193452%2C1982697111&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&dmc=8&url=https%3A%2F%2Fwww.newsobserver.com%2Fnews%2Fbusiness%2Farticle257921743.html%3Futm_medium%3Demail%26amp&vis=1&scr_x=0&scr_y=0&psz=1x0%7C1600x30%7C349x0&msz=0x0%7C1x30%7C1x0&ga_vid=1728467906.1645826156&ga_sid=1645826156&ga_hid=1169828248&ga_fc=false&fws=128%2C0%2C0&ohw=0%2C0%2C0&btvi=-1%7C0%7C1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&nvt=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022401.js?cb=31065353
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
cafe /
Resource Hash
655d4a4cd5ffc81e9c9929afbb9ec0cdb4a95ab4c029ccac6900eb704e621671
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:55:56 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2,-2,-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
22210
x-xss-protection
0
google-lineitem-id
5479766553,5925775414,5392567844
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
138317917956,138381539820,138313996117
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.newsobserver.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
container.html
39160c3bf28948ecd89e7a37550c150f.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame CEB4 		6 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://39160c3bf28948ecd89e7a37550c150f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022401.js?cb=31065353
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin
*
content-length
3108
date
Fri, 25 Feb 2022 21:55:55 GMT
expires
Sat, 25 Feb 2023 21:55:55 GMT
cache-control
public, immutable, max-age=31536000
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
collect
depart.trinitymedia.ai/api/ Frame 73C0 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://depart.trinitymedia.ai/api/collect?t=audio
Requested by
Host: vd.trinitymedia.ai
URL: https://vd.trinitymedia.ai/trinity-player/tts-player/20220225_97f2884b268b4d0d886e31759457fc419a2ff7bb/trinity-player.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.157.101.119 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-157-101-119.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash

Request headers

Referer
https://trinitymedia.ai/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Fri, 25 Feb 2022 21:55:55 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
access-control-allow-headers
origin, content-type, accept, authorization
content-length
0
access-control-allow-methods
GET, POST, OPTIONS
push.953cb9b53578c36076ba.js
www.newsobserver.com/static/yozons-lib/ 		1 KB
1007 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.newsobserver.com/static/yozons-lib/push.953cb9b53578c36076ba.js
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/static/yozons-lib/newsobservercore.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.219.128 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-219-128.deploy.static.akamaitechnologies.com
Software
MI /
Resource Hash
e22a95939468e07f704fac1adcdabc5ac4e9db9012e3a3307525d51b1f0af704

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:55:56 GMT
content-encoding
gzip
vary
Accept-Encoding
x-mi-in-market
0
surrogate-control
varnish=ESI/2.1
mi-cache-age
307
content-length
632
last-modified
Thu, 24 Feb 2022 16:30:01 GMT
server
MI
etag
W/"5a4-5d8c617faf440"
access-control-max-age
86400
access-control-allow-methods
GET,POST,OPTIONS
x-varnish
794535902 800064991
access-control-allow-origin
*
cache-control
max-age=499594
access-control-allow-credentials
false
mi-cache
HIT
content-type
application/javascript
access-control-allow-headers
*
pageLoad.b77135dca87112b64175.js
www.newsobserver.com/static/yozons-lib/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.newsobserver.com/static/yozons-lib/pageLoad.b77135dca87112b64175.js
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/static/yozons-lib/newsobservercore.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.219.128 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-219-128.deploy.static.akamaitechnologies.com
Software
MI /
Resource Hash
ef84b2a7529ea701a00da1617d0eb5808a22ee1a23e7d21ede633488705fddc5

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:55:56 GMT
content-encoding
gzip
vary
Accept-Encoding
x-mi-in-market
0
surrogate-control
varnish=ESI/2.1
mi-cache-age
307
content-length
855
last-modified
Thu, 24 Feb 2022 16:30:01 GMT
server
MI
etag
W/"8a5-5d8c617faf440"
access-control-max-age
86400
access-control-allow-methods
GET,POST,OPTIONS
x-varnish
394964370, 794535904 793424703
access-control-allow-origin
*
cache-control
max-age=499540
access-control-allow-credentials
false
mi-cache
HIT
content-type
application/javascript
access-control-allow-headers
*
/
api.ipify.org/ 		23 B
260 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.ipify.org/?format=json
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/static/yozons-lib/newsobservercore.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
52.20.78.240 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-20-78-240.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
c8d83443724cb99e58573a1f951b02c898c76c26fc8cd68f14d1c90a9d13c47f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Fri, 25 Feb 2022 21:55:56 GMT
Via
1.1 vegur
Server
Cowboy
Vary
Origin
Content-Type
application/json
Access-Control-Allow-Origin
https://www.newsobserver.com
Connection
keep-alive
Content-Length
23
otkstick.5729376a4d030b48dd51.js
www.newsobserver.com/static/yozons-lib/ 		886 B
817 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.newsobserver.com/static/yozons-lib/otkstick.5729376a4d030b48dd51.js
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/static/yozons-lib/newsobservercore.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.219.128 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-219-128.deploy.static.akamaitechnologies.com
Software
MI /
Resource Hash
ca7ddfe88d9881045a69097a49702800110e658e51077c5e961a689746783015

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:55:56 GMT
content-encoding
gzip
vary
Accept-Encoding
x-mi-in-market
0
surrogate-control
varnish=ESI/2.1
mi-cache-age
277
content-length
441
last-modified
Thu, 24 Feb 2022 15:28:42 GMT
server
MI
etag
W/"376-5d8c53cb1de80"
access-control-max-age
86400
access-control-allow-methods
GET,POST,OPTIONS
x-varnish
789799399 795353660
access-control-allow-origin
*
cache-control
max-age=495847
access-control-allow-credentials
false
mi-cache
HIT
content-type
application/javascript
access-control-allow-headers
*
pdp.gif
www.newsobserver.com/static/yozons-lib/ 		42 B
393 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.newsobserver.com/static/yozons-lib/pdp.gif?a=eyJpZCI6Im1pX2FzX25hb18wMTQ3MTYxODM2ODg3MzkxMTUyMjg3MDgxNzUyODk4NTkyMDAwOV8xXzBfMTY0NTgyNjE1NDY4NiIsIm5vdyI6MTY0NTgyNjE1NjE5OCwibnMiOnRydWV9
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.219.128 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-219-128.deploy.static.akamaitechnologies.com
Software
MI /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:55:56 GMT
x-mi-in-market
0
surrogate-control
varnish=ESI/2.1
mi-cache-age
569004
content-length
42
last-modified
Tue, 15 Feb 2022 18:23:14 GMT
server
MI
etag
"2a-5d812a04d8880"
access-control-max-age
86400
access-control-allow-methods
GET,POST,OPTIONS
x-varnish
221228631, 846128573 646925333
access-control-allow-origin
*
cache-control
max-age=604800
access-control-allow-credentials
false
mi-cache
HIT
content-type
image/gif
access-control-allow-headers
*
syncframe
gum.criteo.com/ Frame A669 		13 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://gum.criteo.com/syncframe?origin=publishertag&topUrl=www.newsobserver.com
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
/
Resource Hash
ea26c78f630f8d3924b66a3966e9d96b6ce9217ee085f6db77fa191e13a59848
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/

Response headers

cache-control
private, max-age=3600
content-type
text/html; charset=utf-8
content-encoding
gzip
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
cross-origin-embedder-policy
require-corp
server-processing-duration-in-ticks
2031
date
Fri, 25 Feb 2022 21:55:55 GMT
content-length
5147
strict-transport-security
max-age=31536000; preload;
sync
eb2.3lift.com/ Frame 3896
Redirect Chain
  • https://eb2.3lift.com/sync?
  • https://eb2.3lift.com/sync?&ld=1
1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://eb2.3lift.com/sync?&ld=1
Requested by
Host: ib.3lift.com
URL: https://ib.3lift.com/sync.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
fdd953c0b8c13c0446150bb1addff5668debb0213a3ffe780b12a765afa5b0f9

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/

Response headers

date
Fri, 25 Feb 2022 21:55:56 GMT
content-type
text/html; charset=utf-8
content-length
458
content-encoding
gzip
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
cache-control
no-cache, no-store, must-revalidate

Redirect headers

date
Fri, 25 Feb 2022 21:55:56 GMT
content-length
0
location
/sync?&ld=1
cache-control
no-cache, no-store, must-revalidate
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
pdp.gif
www.newsobserver.com/static/yozons-lib/ 		42 B
386 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.newsobserver.com/static/yozons-lib/pdp.gif?k=eyJpZCI6Im1pX2FzX25hb18wMTQ3MTYxODM2ODg3MzkxMTUyMjg3MDgxNzUyODk4NTkyMDAwOV8xXzBfMTY0NTgyNjE1NDY4NiIsImZpcnN0QWRSZXF1ZXN0IjoyMjQ5LCJsb2FkRXZlbnRTdGFydCI6MjcxM30=
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.219.128 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-219-128.deploy.static.akamaitechnologies.com
Software
MI /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:55:56 GMT
x-mi-in-market
0
surrogate-control
varnish=ESI/2.1
mi-cache-age
569004
content-length
42
last-modified
Tue, 15 Feb 2022 18:23:14 GMT
server
MI
etag
"2a-5d812a04d8880"
access-control-max-age
86400
access-control-allow-methods
GET,POST,OPTIONS
x-varnish
464071936 221228632
access-control-allow-origin
*
cache-control
max-age=604754
access-control-allow-credentials
false
mi-cache
HIT
content-type
image/gif
access-control-allow-headers
*
sodar
pagead2.googlesyndication.com/getconfig/ 		13 KB
10 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022022401&st=env
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022401.js?cb=31065353
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
fc9aafc92002e9d22789408325ebacb85b11551faf65e7ca5592a3d50ee567fb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 25 Feb 2022 21:55:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9792
x-xss-protection
0
st.v3.js
www.everestjs.net/static/ Frame D5C4 		91 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.everestjs.net/static/st.v3.js
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.234.92 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-234-92.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
a7b2e960f7628e2b6d292e1e5e51cedf3243dab1c9d7cafb9897ba05c8185ce4

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-amz-version-id
null
Content-Encoding
gzip
Last-Modified
Thu, 24 Jun 2021 13:55:47 GMT
Server
AmazonS3
x-amz-request-id
6Q100DGY3DQKPZ9D
ETag
"9a2486101572abfab95503fa8e906001"
Vary
Accept-Encoding
Content-Type
text/javascript
Date
Fri, 25 Feb 2022 21:55:56 GMT
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
28890
x-amz-id-2
FrgMWH9wjz58vFCQUN27Y21GuYuGW0ToChvUqqPGsF3lkCs0LUcpUBKmSlSw5dZZKQbnLD3n99M=
fbevents.js
connect.facebook.net/en_US/ Frame 2CC3 		99 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
27bcdc67e32fef9bdd86b785b1bafadd7f6915c49f6b49bed86bfbddf414b2f8
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
gzip
x-content-type-options
nosniff
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length
26236
x-xss-protection
0
pragma
public
x-fb-debug
0RcCHc/vDbFzY2HaP8VbGxv3it4+9akvDIIqI2nn0fmu2bC3M7zkmNtVMZrKpo9ysSizD8u4z1NZa1q+2PSehA==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Fri, 25 Feb 2022 21:55:56 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
a-01ec.min.js
b-code.liadm.com/ Frame 7846 		26 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://b-code.liadm.com/a-01ec.min.js
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:be00:8:8845:1500:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
ZIO-Http /
Resource Hash
86ba19b5038a1a2409d2ed06ba7930c0ab1e31820b789d977ace51df5b92ce1a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 18:16:23 GMT
via
1.1 b83a899c16a2f53127e152fe5fc783a4.cloudfront.net (CloudFront)
server
ZIO-Http
age
13173
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
public, max-age=86400
x-amz-cf-pop
FRA50-C1
content-encoding
gzip
x-amz-cf-id
HNYyBLyNvItpd8IHeIqzkmkks-N4dGQ6R9JatfyYTqNugJAtB8Ji5w==
14221371079760943072
tpc.googlesyndication.com/simgad/ Frame C7EF
Redirect Chain
  • https://tpc.googlesyndication.com/pagead/imgad?id=CICAgKDnq7jUeBABGAEoATIIRCa0hO01vLpA1fzu7AU
  • https://tpc.googlesyndication.com/simgad/14221371079760943072
43 B
69 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/14221371079760943072
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
Protocol
H3
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Tue, 22 Feb 2022 11:45:15 GMT
x-content-type-options
nosniff
age
295841
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
43
x-xss-protection
0
last-modified
Mon, 07 Oct 2019 22:37:26 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/gif
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Wed, 22 Feb 2023 11:45:15 GMT

Redirect headers

date
Fri, 25 Feb 2022 19:46:21 GMT
x-content-type-options
nosniff
server
cafe
age
7775
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
text/html; charset=UTF-8
location
https://tpc.googlesyndication.com/simgad/14221371079760943072
cache-control
public, max-age=2592000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Sun, 27 Mar 2022 19:46:21 GMT
m
secure-us.imrworldwide.com/cgi-bin/ Frame 189B 		44 B
369 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://secure-us.imrworldwide.com/cgi-bin/m?ci=us-203838h&cg=0&cc=1&si=https%3A//www.newsobserver.com/news/business/article257921743.html%3Futm_medium%3Demail%26amp&rp=&ts=compact&rnd=1645826154992
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
108.128.26.6 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-108-128-26-6.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
5ecb58845a9ac30e4eb4b18eb0e7431ba1fb195ce035309735efaee67421c7a3

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 25 Feb 2022 21:55:56 GMT
server
nginx
access-control-allow-methods
POST, OPTIONS
p3p
P3P policyref="http://secure-us.imrworldwide.com/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
access-control-allow-origin
*
cache-control
no-cache
cross-origin-resource-policy
cross-origin
content-type
image/gif
content-length
44
expires
Thu, 01 Dec 1994 16:00:00 GMT
events.js
tags.srv.stackadapt.com/ Frame 90D7 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.srv.stackadapt.com/events.js
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.193.254.175 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-193-254-175.compute-1.amazonaws.com
Software
/
Resource Hash
6409666a32397c9ebd17aebd5c37c80566a5376fd0295652f43788692ab5732d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Fri, 25 Feb 2022 21:55:56 GMT
Content-Encoding
gzip
Cache-Control
max-age=30
Content-Length
4412
Connection
keep-alive
Content-Type
text/javascript
quant.js
edge.quantserve.com/ Frame 8B78 		24 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://edge.quantserve.com/quant.js
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800d:21:3175:5196:e3fd:8c1d , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
b236dccee1a0d5280842bdff52b4005e2b0c9ee5d74a15db3e939c53306576d3

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:55:56 GMT
content-encoding
gzip
etag
"yoD6mq4JTyPdtDBolW+GUg=="
vary
Accept-Encoding
content-type
application/javascript
cache-control
private, max-age=604800
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
expires
Fri, 04 Mar 2022 21:55:56 GMT
analytics.js
www.google-analytics.com/ Frame AD54 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 02 Nov 2021 17:39:06 GMT
server
Golfe2
age
1263
date
Fri, 25 Feb 2022 21:34:53 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Fri, 25 Feb 2022 23:34:53 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame E84F 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvvJgBUmF_GEwAutBn-6s1Ml5qogFapUGxxqlXXIIJ-UggpGmjUB79ZoaXSuYR0EYEImVVxO2sWItHmx-5j-t3vOT1QD9YXZzl5qLuJQSBLN1SjDH-FTh9UEVng8tt3Pu4J_MJqdKJJowIyqTuzN4OByexC3WcWeaAoDDs0_OceellDjOPUcvozJyfdAMIlYaD9pbDolQTSQlPG7ySItDQ4frmmpqcJRffJBf8k6bACvlbc6HhK-_vQCzMEvcXOiUMy9xJdiXsdSpQp18OQCPgb3oEPF85WeQMVswEagwKEhpvES07L0c8uSTAlLV5KVQnorq0Z6-fnqas8ZIIppRUMM4QHbKjSBAFO6NJf&sig=Cg0ArKJSzBeiznSXM4pqEAE&uach_m=[UACH]&adurl=
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 25 Feb 2022 21:55:56 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
abg_lite_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220223/r20110914/ Frame E84F 		19 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220223/r20110914/abg_lite_fy2019.js
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
f328f4ae2fe983386843cc07db0af78c5fe9fa5ae67812f80062d5baa0e61047
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:53:49 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
127
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7875
x-xss-protection
0
server
cafe
etag
9606807595520751986
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 11 Mar 2022 21:53:49 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220223/r20110914/client/ Frame E84F 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220223/r20110914/client/window_focus_fy2019.js
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:47:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
484
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1233
x-xss-protection
0
server
cafe
etag
16517525077337815633
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 11 Mar 2022 21:47:52 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame E84F 		124 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c17b823ddee789bdc88b380ce8aa533558cbdef360c5da8e1f9f0dd3b2a1040b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:55:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38829
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1645619776399499"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Fri, 25 Feb 2022 21:55:56 GMT
l
www.google.com/ads/measurement/ Frame E84F 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaTjBXu2qyVtAGCRJoithFtt5xN-rC8CKOwm41-IqFImN_ykAaxAiqBbYdue0n0YJeX4jEyk
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers
12816180608708777848
tpc.googlesyndication.com/simgad/ Frame E84F 		52 KB
52 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/12816180608708777848
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
94387900f32acd4db42c1b58497aed54e34c2e7f2d1dbab761ee72225dd6da7b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Thu, 24 Feb 2022 12:13:36 GMT
x-content-type-options
nosniff
age
121340
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
53345
x-xss-protection
0
last-modified
Thu, 17 Feb 2022 15:20:09 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Fri, 24 Feb 2023 12:13:36 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame F973 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstPsA06SpgdpteLmud3v39PXOxKKj6YnLtBonhvHpPLkgI-roTy4GlBG4i5Kt54Ly56OhbQDPJ6-bxR2vLeriAB9eDeiBuifAECpd6NSI5tCCtIqECZhr0_OThPPEVfP31yuGDktW5CrSULVSdKCQ5zh6NheeADscTVuGlFUG9gOJn1axelTf_wVoY_NJ13a8BdyNrJfYGTzldX8xO6g_ec1EtbBuZB45Jz_MbsIqhKVeY_C6TzdB6P9c2zKfJibVxb0SnrjOMH22kjfhSgbZbsLiUOf_H7bC46ISSUCh_znynQoae8n1gNdIn2fEtCExgvjHUVyEyfbxzygijE&sig=Cg0ArKJSzPRToye27p8OEAE&uach_m=[UACH]&urlfix=1&adurl=
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 25 Feb 2022 21:55:56 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
j7ljeqx6jfhz
hal9000.redintelligence.net/zone/ Frame F973 		10 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hal9000.redintelligence.net/zone/j7ljeqx6jfhz?subid=&gdpr=%5BBID_ATTR.gdpr_flag%5D&gdpr_consent=%5BBID_ATTR.gdpr_str%5D&rnd=5105979629534633494&extVar[]=DOUBLEBORDER:1&extVar[]=MMA_SSP:apn&redirectClick=http%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D5105979629534633494%26mt_id%3D6622395%26mt_adid%3D216536%26redirect%3D
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
138.201.63.149 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.149.63.201.138.clients.your-server.de
Software
Apache /
Resource Hash
9d31b53d791785dca06e24fa0f24499d855b860f2f2b9a89bc36339b83aa68b5

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Fri, 25 Feb 2022 21:55:56 GMT
Content-Encoding
gzip
Server
Apache
Connection
close
Content-Length
2804
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
img
sync.mathtag.com/sync/ Frame F973
Redirect Chain
  • https://tags.mathtag.com/notify/img?exch=apn&s_exch=apn&id=5aW95q2jLzIzLyAvWmpjNU1qVTJPRGd0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzUxMDU5Nzk2Mjk1MzQ2MzM0OTQvNjYyMjM5NS80NTYyMzEyLzEzL0NoWG...
  • https://sync.mathtag.com/sync/img?sync=auto&source=bidder&mt_lim=1&type=1,2
43 B
430 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.mathtag.com/sync/img?sync=auto&source=bidder&mt_lim=1&type=1,2
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
Protocol
HTTP/1.1
Server
185.29.132.245 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software
MT3 4172 645ee8c master zrh-pixel-x28 config:1.0.0 /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Fri, 25 Feb 2022 21:55:56 GMT
Server
MT3 4172 645ee8c master zrh-pixel-x28 config:1.0.0
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
43
Expires
Fri, 25 Feb 2022 21:55:55 GMT

Redirect headers

Date
Fri, 25 Feb 2022 21:55:56 GMT
x-mm-bid-request-time
1645826155
Last-Modified
Fri, 25 Feb 2022 21:55:55 GMT
Server
MMBD/3.302.0
x-mm-latency
12 (1)
Content-Type
text/html; charset=utf-8
Location
https://sync.mathtag.com/sync/img?sync=auto&source=bidder&mt_lim=1&type=1,2
x-mm-dbg
Invalid
Cache-Control
no-cache
x-mm-host
cdg-router-x91, zrh-bidder-x133
Connection
keep-alive
Keep-Alive
timeout=360
Content-Length
75
Expires
Fri, 25 Feb 2022 21:55:55 GMT
img
pixel.mathtag.com/event/ Frame F973 		43 B
405 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.mathtag.com/event/img?mt_id=1368875&mt_adid=216764&v1=13&v2=5105979629534633494&v3=651871&v4=4562312&v5=6622395&mt_nsync=1&no_attr=1
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-233-201.deploy.static.akamaitechnologies.com
Software
MT3 4172 645ee8c master zrh-pixel-x24 config:1.0.0 /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Fri, 25 Feb 2022 21:55:56 GMT
Server
MT3 4172 645ee8c master zrh-pixel-x24 config:1.0.0
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Fri, 25 Feb 2022 21:55:55 GMT
img
tags.mathtag.com/event/ Frame F973 		49 B
331 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tags.mathtag.com/event/img?type=mmImpTrack&exch=apn&bid=5105979629534633494&st=4562312&time=[IMP_ATTR.time]&nodeid=1622
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.29.134.245 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software
MMBD/3.302.0 /
Resource Hash
1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Fri, 25 Feb 2022 21:55:56 GMT
Server
MMBD/3.302.0
Content-Type
image/gif
Cache-Control
no-cache
x-mm-host
cdg-router-x102, zrh-bidder-x133
Connection
keep-alive
Keep-Alive
timeout=360
Content-Length
49
Expires
Fri, 25 Feb 2022 21:55:55 GMT
trk.js
cdn.adnxs.com/v/s/224/ Frame F973 		85 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.adnxs.com/v/s/224/trk.js
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.65.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
c652cb3dcc3b49133285c42c49b296c3a3af4f9fceffde1022a6e3539e2422b1

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Fri, 25 Feb 2022 21:55:56 GMT
Content-Encoding
gzip
Age
133045
X-Cache
HIT, HIT
Connection
keep-alive
Content-Length
29216
X-Served-By
cache-lga21958-LGA, cache-hhn4083-HHN
Access-Control-Allow-Origin
*, *
Last-Modified
Thu, 24 Feb 2022 08:58:20 GMT
Server
AkamaiNetStorage
X-Timer
S1645826156.420990,VS0,VE0
ETag
"80cd3e09497c9fa4207d756c9d41697c:1645693100.060631"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Via
1.1 varnish, 1.1 varnish
Expires
Fri, 24 Feb 2023 08:58:29 GMT
Cache-Control
max-age=31536000
Accept-Ranges
bytes
X-Cache-Hits
2, 696017
it
ams1-ib.adnxs.com/ Frame F973 		0
805 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ams1-ib.adnxs.com/it?an_audit=0&referrer=https%253A%252F%252Fwww.newsobserver.com%252Fnews%252Fbusiness%252Farticle257921743.html%253Futm_medium%253Demail%2526amp&e=wqT_3QLxCuhxBQAAAwDWAAUBCOug5ZAGEN2n94Km4sGhJRgAKjYJPujZrPpcvT8RxjL9EvHWuT8ZAAAA4HoUG0Ahxg0SACkRJMgxAAAAoEfh-j8wkszICjj3OkAdSAhQltqohgFYxp5MYABoyqRleJePBYABAYoBA1VTRJIFBvQFAZgBrAKgAfoBqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEA2AIA4AKT4DvqAlVodHRwczovL3d3dy5uZXdzb2JzZXJ2ZXIuY29tL25ld3MvYnVzaW5lc3MvYXJ0aWNsZTI1NzkyMTc0My5odG1sP3V0bV9tZWRpdW09ZW1haWwmYW1wgAMAiAMBkAMAmAMXoAMBqgOmBgrdBWh0dHA6Ly90YWdzLm1hdGh0YWcuY29tL25vdGlmeS9pbWc_ZXhjaD1hcG4mc19leGNoPWFwbiZpZD01YVc5NXEyakx6SXpMeUF2V21wak5VMXFWVEpQUkdkMFRVUkJkMDFETUhkTlJFRjNURlIBEAxFUVhSCRAEVVINEABkBRDwtkx6VXhNRFU1TnprMk1qazFNelEyTXpNME9UUXZOall5TWpNNU5TODBOVFl5TXpFeUx6RXpMME5vV0cwMVVsTnpaWGczYW5CcVRtNXhkekE0Y1dGWldsbEJkV1ZFU1dkVFlWQkZjVGxDYVRGSU9Ga3ZNUzh4TXk4d0x6QXZPVFUyT0RBekx6SXpNamd6TURjek16TXZNakUyTlRNMkx6WTFNVGczTVM4eEx6QXZNQzlOUkVGM1RVUg3EEdQMTXdkMAHkCGRNVhEgAEUFEAXkGfQMY3ZNQwl8CQhm_ABoZW5Kb0x6QXZNakF3TWk4NU5TODVPVGt2TXpJJQQsT0M0eE9Ua3VNemd1BUwBKPCGQzh4TmpRMU9ESTJNVFUxTHpFMk5EVTRNemczTlRVdk1UTXZOelUwTXk4L1pWeFdEWWlHN0FzcUp5Q1ZNVTRuR0JVenVHUSZub2RlaWQ9MTYyMiZncm91cD16cmgmYXVjdGlvbmlkPTUxMDU5Nzk2Mjk1MzQ2MzM0OTQmc2hhcmRrZXk9NTEwQh0A9BcBcHJpY2U9JHtBVUNUSU9OX1BSSUNFfSZuZnlfYWN0PUxENXdmM1UmYmZpcD0xODUuMjkuMTM1LjYxJnNpZD00NTYyMzEyJmNpZD02NjIyMzk1JnNyYz1hcGkmdHlwZT1idXJsJmNsaWVudD1zMnMSEzUxMDU5Nzk2Mjk1MzQ2MzM0OTQaEzI2ODQ5OTc1NzgzNTA1MTUxNjUiCTI4MTY4NTI3MCoGMTAxOTM2Ogc2NjIyMzk1wAOsAsgDANgD_RvgAwDoAwD4AwGABACSBA0vdXQvdjMvcHJlYmlkmAQAogQOMTM4LjE5OS4zOC4xMzOoBACyBBAIABABGKwCIPoBKAAwADgCuAQAwAQAyAQA2gQCCAHgBAHwBIVCWIgFAZgFAKAFpICLp8--gMlUwAUAyQUABQEU8D_SBQkJBQt8AAAA2AUB4AUB8AX5yyH6BQQIABAAkAYAmAYAuAYAwQYBITQAAPA_0Ab5qwHaBhYKEAkSGQGAEAAYAOAGAfIGAggAgAcBiAcAoAcBqgcGNjUxODcxugcPAVJIGAAgADAAOL0GQADIB5ePBdIHDRWAAUEI2gcGCSdE4AcA6gcCCADwB4fjAooIAhAA&s=12a9bc806d6370cf74a3884cb87c609c54aefffa
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.52 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
725.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 25 Feb 2022 21:55:56 GMT
X-Proxy-Origin
138.199.38.133; 138.199.38.133; 725.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid
603eb189-111b-4280-b995-e48857bed0e8
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame F973 		124 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c17b823ddee789bdc88b380ce8aa533558cbdef360c5da8e1f9f0dd3b2a1040b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:55:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38829
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1645619776399499"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Fri, 25 Feb 2022 21:55:56 GMT
pixel
protected-by.clarium.io/ Frame F973 		68 B
345 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://protected-by.clarium.io/pixel?tag=wt_YXdNeFZaTHBOVzZLNkVHNldDNVM4b1JfYTY4LzI3MDUxMjI5Njg6MXgx&v=5&s=v31fspe49qu&id=eyJkZnAiOnsiYWQiOjIyMTYzNjkzNCwiYyI6MTM4MzEzOTk2MTE3LCJsIjo1MzkyNTY3ODQ0LCJvIjoyNzA1MTIyOTY4LCJBIjoiLzc2NzUvUkFMLnNpdGVfbmV3c29ic2VydmVyL0J1c2luZXNzIiwieSI6MCwiY28iOjAsInMiOiJ6ZXVzX2lubGluZS1zdG9yeS0xIn19&sb=undefined&cb=3119499&h=www.newsobserver.com&d=eyJ3aCI6IllYZE5lRlphVEhCT1Z6WkxOa1ZITmxkRE5WTTRiMUpmWVRZNEx6STNNRFV4TWpJNU5qZzZNWGd4Iiwid2QiOnsibyI6MjcwNTEyMjk2OCwidyI6IjEiLCJoIjoiMSJ9LCJ3ciI6Mn0=
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.127.86.46 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-127-86-46.eu-central-1.compute.amazonaws.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
69539b5b3777cffda28a66d7f2aa9b17c91ee1ec8fd50c00c442af91753a60f7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 25 Feb 2022 21:55:56 GMT
Server
nginx/1.14.0 (Ubuntu)
Content-Type
image/png
Cache-Control
no-store, no-cache, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
68
Expires
Sat, 26 Jul 1997 05:00:00 GMT
pdp.gif
www.newsobserver.com/static/yozons-lib/ 		42 B
393 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.newsobserver.com/static/yozons-lib/pdp.gif?y=eyJpZCI6Im1pX2FzX25hb18wMTQ3MTYxODM2ODg3MzkxMTUyMjg3MDgxNzUyODk4NTkyMDAwOV8xXzBfMTY0NTgyNjE1NDY4NiIsImRlcHIiOiJnZXRDb25maWcifQ==
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/static/yozons-lib/newsobservercore.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.219.128 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-219-128.deploy.static.akamaitechnologies.com
Software
MI /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:55:56 GMT
x-mi-in-market
0
surrogate-control
varnish=ESI/2.1
mi-cache-age
569003
content-length
42
last-modified
Tue, 15 Feb 2022 18:23:14 GMT
server
MI
etag
"2a-5d812a04d8880"
access-control-max-age
86400
access-control-allow-methods
GET,POST,OPTIONS
x-varnish
221228631, 852002397 646925333
access-control-allow-origin
*
cache-control
max-age=604771
access-control-allow-credentials
false
mi-cache
HIT
content-type
image/gif
access-control-allow-headers
*
pushly-sdk.min.js
cdn.p-n.io/ 		297 KB
54 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.p-n.io/pushly-sdk.min.js?domain_key=VPoS70NkYCOk7Pck6gcFbSYfj8ni8X2OFRU1
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/static/yozons-lib/push.953cb9b53578c36076ba.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.59 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-59.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
99c80a6065bbde5861ffd7086d580f06d71fd07eb4c50d894bb3bd0e9002a78a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:55:58 GMT
content-encoding
gzip
last-modified
Mon, 21 Feb 2022 18:35:09 GMT
server
AmazonS3
x-amz-cf-pop
FRA50-C1
etag
W/"82a08a8117062eb14a737a711711d96d"
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
application/javascript
via
1.1 ea2e21f6a5c3ec2f96b0dac1b769e00e.cloudfront.net (CloudFront)
cache-control
max-age=900
x-amz-cf-id
KPMB7CVZNfn7uj7vN3YZmis4CIA3a15Kx8GfDAmlCfzc6elC2FRFjg==
sodar2.js
tpc.googlesyndication.com/sodar/ 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022401.js?cb=31065353
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:55:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Fri, 25 Feb 2022 21:55:56 GMT
generic
match.adsrvr.org/track/cmf/ Frame 3896 		70 B
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/generic?ttd_pid=svx9t50&ttd_tpi=1&gdpr=1&gdpr_consent=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 25 Feb 2022 21:55:56 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
xuidmid=7976&xuid=0y8xa1ufp&dongle=u6nf
eb2.3lift.com/ Frame 3896
Redirect Chain
  • https://ad.mrtnsvr.com/sync/triplelift
  • https://eb2.3lift.com/xuidmid=7976&xuid=0y8xa1ufp&dongle=u6nf
37 B
155 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuidmid=7976&xuid=0y8xa1ufp&dongle=u6nf
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol
H2
Server
76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:55:56 GMT
cache-control
no-cache, no-store, must-revalidate
x-error
Not Found
content-length
37
content-type
image/gif

Redirect headers

location
https://eb2.3lift.com/xuidmid=7976&xuid=0y8xa1ufp&dongle=u6nf
date
Fri, 25 Feb 2022 21:55:56 GMT
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
92
vary
Origin
content-type
text/html; charset=utf-8
pixel
cm.g.doubleclick.net/ Frame 3896 		170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=triplelift&google_cm&google_sc&gdpr=1&gdpr_consent=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 25 Feb 2022 21:55:56 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 3896
Redirect Chain
  • https://eb2.3lift.com/sync/google/demand?sync=1&gdpr=1&gdpr_consent=
  • https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MjYxNTIyMDEyMTA5OTA4OTg3NTE4OA%3D%3D
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MjYxNTIyMDEyMTA5OTA4OTg3NTE4OA%3D%3D
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol
H3
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 25 Feb 2022 21:55:56 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MjYxNTIyMDEyMTA5OTA4OTg3NTE4OA%3D%3D
date
Fri, 25 Feb 2022 21:55:56 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
0
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
setuid
px.ads.linkedin.com/ Frame 3896 		0
922 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.ads.linkedin.com/setuid?partner=tripleliftdbredirect&tlUid=2615220121099089875188&dbredirect=true&gdpr=1&consent=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:55:56 GMT
nel
{"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-li-pop
afd-prod-lor1-x
x-msedge-ref
Ref A: CC4314399CE242B49DF133D836905751 Ref B: FRAEDGE0707 Ref C: 2022-02-25T21:55:56Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-lor1
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
x-li-proto
http/2
content-length
0
x-li-uuid
AAXY3sNsPNAp0LaVj71HkQ==
xuid
eb2.3lift.com/ Frame 3896
Redirect Chain
  • https://pr-bh.ybp.yahoo.com/sync/triplelift/2615220121099089875188?gdpr=1&gdpr_consent=
  • https://eb2.3lift.com/xuid?mid=2662&xuid=y-vTY68WlE2oQoRipyVKJSFmSJDoDA_eBSammNad6FGw--~A&dongle=0883
37 B
354 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?mid=2662&xuid=y-vTY68WlE2oQoRipyVKJSFmSJDoDA_eBSammNad6FGw--~A&dongle=0883
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol
H2
Server
76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:55:56 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

date
Fri, 25 Feb 2022 21:55:56 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
location
https://eb2.3lift.com/xuid?mid=2662&xuid=y-vTY68WlE2oQoRipyVKJSFmSJDoDA_eBSammNad6FGw--~A&dongle=0883
x-xss-protection
1; mode=block
content-length
0
x-content-type-options
nosniff
c.gif
c.bing.com/ Frame 3896 		42 B
593 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.bing.com/c.gif?xid=2615220121099089875188&Red3=TLMS_pd
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/ ASP.NET
Resource Hash
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 25 Feb 2022 21:55:56 GMT
etag
"7f9eac45e25d81:0"
last-modified
Fri, 18 Feb 2022 21:27:03 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: E4C8D0F225FE410C8B141D1FE5AE0D61 Ref B: FRA31EDGE0513 Ref C: 2022-02-25T21:55:56Z
x-powered-by
ASP.NET
x-cache
CONFIG_NOCACHE
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control
private, no-cache, proxy-revalidate, no-store
accept-ranges
bytes
content-type
image/gif
content-length
42
iu3
s.amazon-adsystem.com/ Frame 3896
Redirect Chain
  • https://s.amazon-adsystem.com/x/757c0557066e95cfd4c7?gdpr=1&gdpr_consent=&uid=2615220121099089875188
  • https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=2615220121099089875188&dcc=t
0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=2615220121099089875188&dcc=t
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol
HTTP/1.1
Server
209.54.180.3 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Redirect headers

Pragma
no-cache
Date
Fri, 25 Feb 2022 21:55:56 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
MS4RBFA8QTBJWF5QQ8R2
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=2615220121099089875188&dcc=t
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
sync
x.bidswitch.net/ Frame 3896 		43 B
220 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://x.bidswitch.net/sync?ssp=triplelift&user_id=2615220121099089875188&gdpr=1&gdpr_consent=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.124.34.143 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-124-34-143.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Fri, 25 Feb 2022 21:55:56 GMT
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
43
Content-Type
image/gif
xuid
eb2.3lift.com/ Frame 3896
Redirect Chain
  • https://b1sync.zemanta.com/usersync/triplelift?gdpr=1&gdpr_consent=
  • https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=&gdpr=1
37 B
139 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=&gdpr=1
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol
H2
Server
76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:55:56 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
37
content-type
image/gif

Redirect headers

Location
https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=&gdpr=1
Pragma
no-cache
Date
Fri, 25 Feb 2022 21:55:56 GMT
Cache-Control
no-cache, no-store, must-revalidate
Expires
Thu, 01 Dec 1994 16:00:00 GMT
Content-Length
95
Content-Type
text/html; charset=utf-8
pixel_details.html
www.everestjs.net/static/ Frame EBD7
Redirect Chain
  • https://pixel.everesttech.net/7996/gr?ev_gb=0&url=https%3A%2F%2Fwww.everestjs.net%2Fstatic%2Fpixel_details.html%23google%3D__EFGCK__%26gsurfer%3D__EFGSURFER__%26imsId%3D__EFIMSORGID__%26optout%3D__...
  • https://www.everestjs.net/static/pixel_details.html
166 B
597 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.everestjs.net/static/pixel_details.html
Requested by
Host: www.everestjs.net
URL: https://www.everestjs.net/static/st.v3.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.234.92 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-234-92.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
769254457b771e41802cfbc21371888c7b2485ad5baddaacae3b25cd428e428a

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/

Response headers

x-amz-id-2
8ms7AkkSc1dd0r4D4Dm2rJkIjKfMRk8Q3YLcbWbnLAmXWzIqDC3FsgMCTq0jJGZ2RoEXJgAYJ/I=
x-amz-request-id
5S7JPFXJBQQQ4FE6
Last-Modified
Mon, 15 Mar 2021 04:37:06 GMT
ETag
"003ecf27f0c456effed26f884130b077"
x-amz-version-id
null
Accept-Ranges
bytes
Content-Type
text/html
Server
AmazonS3
Vary
Accept-Encoding
Content-Encoding
gzip
Date
Fri, 25 Feb 2022 21:55:56 GMT
Content-Length
146
Connection
keep-alive

Redirect headers

Date
Fri, 25 Feb 2022 21:55:56 GMT
Content-Type
text/html; charset=iso-8859-1
Content-Length
356
Connection
keep-alive
Server
Apache
Cache-Control
no-cache
P3P
CP="NOI DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT"
Location
https://www.everestjs.net/static/pixel_details.html#google=YhlQagAI-EGsGQBH&gsurfer=YhlQagAI-EGsGQBH&imsId=&optout=0&throttleCookie=&time=20220225215556
cookie-consent.css
cdn-prod.securiti.ai/consent/ 		22 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn-prod.securiti.ai/consent/cookie-consent.css
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/static/yozons-lib/pageLoad.b77135dca87112b64175.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:7600:12:1bf:30c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
391f7195f88fa7697b82bb024bfb4e108b2b632b0a9290f268ab8c733d552e72
Security Headers
Name Value
Content-Security-Policy default-src 'none'; img-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; object-src 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-amz-version-id
M4ciTcHP2X7NBBRQGqYq1P2JMRVpcNCo
content-encoding
gzip
vary
Accept-Encoding
age
3522
x-cache
Hit from cloudfront
date
Fri, 25 Feb 2022 20:58:57 GMT
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Wed, 23 Feb 2022 18:14:22 GMT
server
AmazonS3
x-frame-options
DENY
etag
W/"a11e29774648707c848ab77e2dc6d343"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
text/css
via
1.1 b912dc97777020eb19579888add26978.cloudfront.net (CloudFront)
content-security-policy
default-src 'none'; img-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; object-src 'none'
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
-kcVyW3q3CHi66rME6Lv_uruefi9UWNBHcT7PG2gQBF3kyENBSrBNA==
x-content-type-options
nosniff
cookie-consent-sdk.js
cdn-prod.securiti.ai/consent/ 		117 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-prod.securiti.ai/consent/cookie-consent-sdk.js
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/static/yozons-lib/pageLoad.b77135dca87112b64175.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:7600:12:1bf:30c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
29fa03d38ee8024c6991b44d4b4135b34afe72913433f634ca66c0b780a2b26b
Security Headers
Name Value
Content-Security-Policy default-src 'none'; img-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; object-src 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-amz-version-id
PwLZCHK3blXOVd6UUypVgI1b5.UkFqJb
content-encoding
gzip
vary
Accept-Encoding
age
2420
x-cache
Hit from cloudfront
date
Fri, 25 Feb 2022 21:15:38 GMT
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Wed, 23 Feb 2022 18:14:19 GMT
server
AmazonS3
x-frame-options
DENY
etag
W/"a9d4eaedcea46eb8e1eaab9f196bb062"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 b912dc97777020eb19579888add26978.cloudfront.net (CloudFront)
content-security-policy
default-src 'none'; img-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; object-src 'none'
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
vGz7cQITy2O1oCwn_vCZ-Y10s2jH4JeQHeXjCYshGKzZvk6Acxs0FQ==
x-content-type-options
nosniff
T-STICKY-INIT
sqs.us-east-1.amazonaws.com/397719490216/ 		0
0 		Ping
General
Check archive.org
Download Go to
Full URL
https://sqs.us-east-1.amazonaws.com/397719490216/T-STICKY-INIT?Action=SendMessage&MessageBody=host%3Dwww.newsobserver.com%26path%3D%2Fnews%2Fbusiness%2Farticle257921743.html
Requested by
Host: d15kdpgjg3unno.cloudfront.net
URL: https://d15kdpgjg3unno.cloudfront.net/oPS.js?cid=11
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.236.169.120 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-236-169-120.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.newsobserver.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers
1081709588515684
connect.facebook.net/signals/config/ Frame 2CC3 		308 KB
88 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/1081709588515684?v=2.9.52&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
daa6d2c8b86beb3fcda114f7a5f9509f0daae5df27d0eea2d26ab2f7eefffb29
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding
gzip
x-content-type-options
nosniff
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length
89572
x-xss-protection
0
pragma
public
x-fb-debug
GxGenih4fUtP7l/Fvn6vU0GreYsrqpQlN0XY5MwsKeA38aQohu1e+Mko+/MRXNu53ApN9GIbkx+Dfq/i0xxqfA==
x-frame-options
DENY
date
Fri, 25 Feb 2022 21:55:56 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
sid
mug.criteo.com/ Frame A669
Redirect Chain
  • https://gum.criteo.com/sid/json?origin=publishertag&domain=newsobserver.com&sn=ChromeSyncframe&so=0&topUrl=www.newsobserver.com&cw=1&lsw=1
  • https://mug.criteo.com/sid?cpp=OB8uonxmaVVQenIrNmlVdUhwdHVacG9kendMQVo5ZGZMcXdlSEhUUk9rU2hQUlFZTGJPdnFFaXZJdGkrOHBwV0l1bHExelg1VWhBZDVqR3ZkUmpKekpiTzlKZ3JyU0FTL05KNVErbW5sQkVJTTNaTno5MzZCNlNsVFpqcE...
433 B
636 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://mug.criteo.com/sid?cpp=OB8uonxmaVVQenIrNmlVdUhwdHVacG9kendMQVo5ZGZMcXdlSEhUUk9rU2hQUlFZTGJPdnFFaXZJdGkrOHBwV0l1bHExelg1VWhBZDVqR3ZkUmpKekpiTzlKZ3JyU0FTL05KNVErbW5sQkVJTTNaTno5MzZCNlNsVFpqcE1kUldJRGRRSStVMXhkQXkrSU4xMjlXU0Zaa0JwcDU5bE5JT0w5bmdWN0RhWjVMc2d0UEFkRnlBVVl4bnVVdHNCSnBHYStrRlRlZC9LOVQ3MmtkNFNkK1NZSHZTOVlxb2dleGpuZ3Q2a1pqZzQyNnJVR3liSzdyK29LdGFJTkhrSGcyM2FaeFhmR3hLc3VrajcyTmJWeEFXRnRsYmV0UT09fA&cppv=2
Requested by
Host: gum.criteo.com
URL: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=www.newsobserver.com
Protocol
H2
Server
178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
/
Resource Hash
d8fbef1b3806ee0274bf5e05c3fdad8c896be0e7e13c737c1a07ccbab66a82ea
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://gum.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 25 Feb 2022 21:55:56 GMT
content-encoding
gzip
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
https://gum.criteo.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
3316
strict-transport-security
max-age=31536000; preload;
expires
0

Redirect headers

pragma
no-cache
date
Fri, 25 Feb 2022 21:55:55 GMT
strict-transport-security
max-age=31536000; preload;
content-type
text/html; charset=utf-8
location
https://mug.criteo.com/sid?cpp=OB8uonxmaVVQenIrNmlVdUhwdHVacG9kendMQVo5ZGZMcXdlSEhUUk9rU2hQUlFZTGJPdnFFaXZJdGkrOHBwV0l1bHExelg1VWhBZDVqR3ZkUmpKekpiTzlKZ3JyU0FTL05KNVErbW5sQkVJTTNaTno5MzZCNlNsVFpqcE1kUldJRGRRSStVMXhkQXkrSU4xMjlXU0Zaa0JwcDU5bE5JT0w5bmdWN0RhWjVMc2d0UEFkRnlBVVl4bnVVdHNCSnBHYStrRlRlZC9LOVQ3MmtkNFNkK1NZSHZTOVlxb2dleGpuZ3Q2a1pqZzQyNnJVR3liSzdyK29LdGFJTkhrSGcyM2FaeFhmR3hLc3VrajcyTmJWeEFXRnRsYmV0UT09fA&cppv=2
cache-control
no-cache, no-store, must-revalidate
server-processing-duration-in-ticks
1975
content-length
541
expires
0
prebid
ib.adnxs.com/ut/v3/ 		13 KB
7 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: mcclatchy-newsobserver.zeustechnology.com
URL: https://mcclatchy-newsobserver.zeustechnology.com/main.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.220.240 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
717.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
96fe1186e2a31459395b08e503f7c89b99e1d549ec16a7ab68725a75a675c9bc
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.newsobserver.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
content-type
text/plain;charset=UTF-8

Response headers

Date
Fri, 25 Feb 2022 21:55:56 GMT
Content-Encoding
gzip
Transfer-Encoding
chunked
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection
keep-alive
X-Proxy-Origin
138.199.38.133; 138.199.38.133; 717.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
X-XSS-Protection
0
Pragma
no-cache
AN-X-Request-Uuid
c7d5047f-61a3-4333-a182-1f716ebab37f
Server
nginx/1.17.9
Vary
Accept-Encoding
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
https://www.newsobserver.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Expires
Sat, 15 Nov 2008 16:00:00 GMT
cdb
bidder.criteo.com/ 		2 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://bidder.criteo.com/cdb?ptv=119&profileId=184&cb=24424732175
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
bidder.am5.vip.prod.criteo.com
Software
Finatra /
Resource Hash
153ec94b25e3b5290a078646704eda9eb6d256e76a4be7b6b49ba37674f10ab0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://www.newsobserver.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Fri, 25 Feb 2022 21:55:55 GMT
content-encoding
gzip
server
Finatra
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.newsobserver.com
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; preload;
timing-allow-origin
*
content-length
1733
cygnus
htlb.casalemedia.com/ 		58 B
357 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://htlb.casalemedia.com/cygnus?ac=j&s=641209&v=7.2&sd=1&r=%7B%22id%22%3A%22082aed7c-11fc-4c80-9f30-620681421b5b%22%2C%22imp%22%3A%5B%7B%22id%22%3A%22f964e20f-dc3b-462c-8278-01f1efdffcf3%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A970%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22702988%22%7D%7D%5D%2C%22ext%22%3A%7B%22gpid%22%3A%227675%2Fzeus_inline-card-1000%22%7D%7D%7D%5D%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fwww.newsobserver.com%2Fnews%2Fbusiness%2Farticle257921743.html%3Futm_medium%3Demail%26amp%22%2C%22ref%22%3A%22%22%7D%2C%22user%22%3A%7B%22eids%22%3A%5B%7B%22source%22%3A%22adserver.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%2278b4844b-aae7-4c34-9feb-c3730bce9346%22%2C%22ext%22%3A%7B%22rtiPartner%22%3A%22TDID%22%7D%7D%2C%7B%22id%22%3A%22FALSE%22%2C%22ext%22%3A%7B%22rtiPartner%22%3A%22TDID_LOOKUP%22%7D%7D%2C%7B%22id%22%3A%222022-02-25T21%3A55%3A54%22%2C%22ext%22%3A%7B%22rtiPartner%22%3A%22TDID_CREATED_AT%22%7D%7D%5D%7D%2C%7B%7D%2C%7B%7D%5D%7D%7D
Requested by
Host: mcclatchy-newsobserver.zeustechnology.com
URL: https://mcclatchy-newsobserver.zeustechnology.com/main.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.31.84.150 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-31-84-150.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
0d5eeb85179769e8e3fee914f7741d884b613fc94f2529e0f981776fb70d2503

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 25 Feb 2022 21:55:56 GMT
x-ak-initial-geo
CC:[DE], RC:[HE], CN:[EU], CIP:[138.199.38.133], XFF:[]
server
Apache
content-type
application/json
access-control-allow-origin
https://www.newsobserver.com
x-cs-client-geo
12
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
58
x-ak-client-geo
12
expires
Fri, 25 Feb 2022 21:55:56 GMT
arj
mcclatchy-d.openx.net/w/1.0/ 		73 B
101 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mcclatchy-d.openx.net/w/1.0/arj?auid=545653703&aus=970x90&bc=hb_pb_wapo&be=1&ch=UTF-8&ju=https%3A%2F%2Fwww.newsobserver.com%2Fnews%2Fbusiness%2Farticle257921743.html%3Futm_medium%3Demail%26amp&res=1600x1200x24&tz=0&nocache=1645826156447
Requested by
Host: mcclatchy-newsobserver.zeustechnology.com
URL: https://mcclatchy-newsobserver.zeustechnology.com/main.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/17.1.0 /
Resource Hash
a1049edc101b6c597fe5c027720da70b3c03509fdfbfe41ef6a4ab742e728287

Request headers

Referer
https://www.newsobserver.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Fri, 25 Feb 2022 21:55:56 GMT
content-encoding
gzip
server
OXGW/17.1.0
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://www.newsobserver.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
application/json
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
79
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
translator
hbopenbid.pubmatic.com/ 		5 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=zeus_client
Requested by
Host: mcclatchy-newsobserver.zeustechnology.com
URL: https://mcclatchy-newsobserver.zeustechnology.com/main.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e49209227732b3b603d5d03516286977e06812b880ec859bc7d5ad46dbd5abb0

Request headers

Referer
https://www.newsobserver.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
content-type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
https://www.newsobserver.com
date
Fri, 25 Feb 2022 21:55:56 GMT
content-encoding
gzip
x-openrtb-version
2.3
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-type
application/json
fastlane.json
fastlane.rubiconproject.com/a/api/ 		239 B
700 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=6291&site_id=80324&tk_flint=custom&slots=1&size_id=55&alt_size_ids=&zone_id=2124898&rp_floor=0.01
Requested by
Host: mcclatchy-newsobserver.zeustechnology.com
URL: https://mcclatchy-newsobserver.zeustechnology.com/main.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
2602:803:c003:200::61 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
7e24b7ae3f8c6241b9fccc0bb43f791b5f17b7175fb5e043ffacc9a68e4f34c6

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 25 Feb 2022 21:55:56 GMT
Server
nginx/1.16.0
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://www.newsobserver.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
239
Expires
Wed, 17 Sep 1975 21:32:10 GMT
auction
tlx.3lift.com/header/ 		19 B
482 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tlx.3lift.com/header/auction?lib=zeus&v=1&referrer=www.newsobserver.com&debug=false
Requested by
Host: mcclatchy-newsobserver.zeustechnology.com
URL: https://mcclatchy-newsobserver.zeustechnology.com/main.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.123.205.63 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-123-205-63.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.newsobserver.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 25 Feb 2022 21:55:56 GMT
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
access-control-allow-origin
https://www.newsobserver.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-type
application/json; charset=utf-8
content-length
19
x-xss-protection
0
expires
Thu, 15 Oct 1992 20:10:00 GMT
bid
c.amazon-adsystem.com/e/dtb/ 		23 B
497 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.newsobserver.com%2Fnews%2Fbusiness%2Farticle257921743.html%3Futm_medium%3Demail%26amp&pid=IBayXJonKVS1o&cb=1&ws=1600x1200&v=7.73.0&t=1000&slots=%5B%7B%22sd%22%3A%22zeus_inline-card-1000%22%2C%22s%22%3A%5B%22970x90%22%5D%2C%22sn%22%3A%22%2F7675%2FRAL.site_newsobserver%2FBusiness%22%7D%5D&pubid=10f892c4-b76d-4f37-b1fd-0ae5d74780b5&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.95.188 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-95-188.fra50.r.cloudfront.net
Software
Server /
Resource Hash
89b4aa9e9bf8516c2ab7b5134f65d47b02071637259a14c9f60dccc207e05ce4
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:55:56 GMT
via
1.1 e38834cd8f7f79ef118dc9bba0861780.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
FRA50-C1
x-amz-rid
QAXEEN5TDHSVQKMF5984
vary
Accept-Encoding,User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://www.newsobserver.com
access-control-allow-credentials
true
permissions-policy
interest-cohort=()
strict-transport-security
max-age=47474747; includeSubDomains; preload
timing-allow-origin
*
content-length
23
x-amz-cf-id
57FmSxqneVu7PvYT3DWocHi1kFdMXQRDD86qL_r-P-L7KvI8navkEA==
rules-p-50B2Fi6bBqYto.js
rules.quantcount.com/ Frame 8B78 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://rules.quantcount.com/rules-p-50B2Fi6bBqYto.js
Requested by
Host: edge.quantserve.com
URL: https://edge.quantserve.com/quant.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:e200:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
5b6da6699e22347ded40584215d759d21842a07be029c95c4886efa3c1385454

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:35:20 GMT
content-encoding
gzip
age
1330
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
last-modified
Mon, 26 Mar 2018 17:43:26 GMT
server
AmazonS3
etag
W/"eeeb10fbb8e6fc7fff11277347add08a"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
via
1.1 24475cc722041223cf99f56b55432566.cloudfront.net (CloudFront)
cache-control
max-age=3600
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
L9Fm_n_Mgu8ivV44YNrqL0eKwspdGzWehKCIfZ7AWMPFO8HNcjrltg==
sync-container.js
b-code.liadm.com/ Frame 7846 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://b-code.liadm.com/sync-container.js
Requested by
Host: b-code.liadm.com
URL: https://b-code.liadm.com/a-01ec.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:be00:8:8845:1500:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
58a07739b05fec4d319e4d5c6b1fa4ac79e2a625e08ab3f303929b77fde5bdf4

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-amz-version-id
CQKQeFXs_ero.dSxGj8yyrCkT6TzPcRS
content-encoding
gzip
etag
W/"ae5e94de938b0387eda6df8f20da811a"
last-modified
Wed, 02 Jun 2021 16:15:01 GMT
server
AmazonS3
age
1633033
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 b83a899c16a2f53127e152fe5fc783a4.cloudfront.net (CloudFront)
date
Mon, 07 Feb 2022 00:18:44 GMT
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
5YVfjAo1sDC7KE4bVlZ5g_sPMTGhONF4d0ACa_Wc8mH04upGGmtE4A==
collect
www.google-analytics.com/j/ Frame AD54 		4 B
24 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1361443365&t=pageview&_s=1&dl=https%3A%2F%2Fwww.newsobserver.com%2Fnews%2Fbusiness%2Farticle257921743.html%3Futm_medium%3Demail%26amp&dh=newsobserver.com&ul=en-us&de=UTF-8&dt=Story%3A257921743%7CSan%20Francisco%20tech%20firm%20SingleStore%20continues%20aggressive%20growth%20in%20downtown%20Raleigh&sd=24-bit&sr=1600x1200&vp=&je=0&_u=YFBAAAABCAAAAC~&jid=1578108418&gjid=1628211420&cid=1127891160.1645826156&tid=UA-48279682-1&_gid=15620806.1645826156&_r=1&_slc=1&cd1=NAO&cd2=News%20and%20Observer&cd3=Story&cd4=Business%7C%7C%7C%7C&cd5=&cd6=Business&cd8=Zachery%20Eanes&cd9=2022%2F02%2F02&cd10=2022%2F02%2F02%20H13&cd14=&cd15=%3Futm_medium%3Demail%26amp&cg1=News%20and%20Observer&cg2=Business&z=1748394105
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.newsobserver.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 25 Feb 2022 21:55:56 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.newsobserver.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame E84F 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuVZ2jV8Oufls5s7w4hOFS8v3N_xVp3ybEzPdHitcrljiuAfHzNO-mQHkSkZTQccTmPAi8BFryIouPwxghAe3zfjCyz9REFGf_odc6GiGM_IKGIgACpzVIdpF-KMAsf1wPoPXD-TuO_-qoIEDDEQrRe4M3Chu7H50Sbv4en0n_iickucmrtDxzBbnFi6hTZ-3rsNNeV9Mjz-sQNM5Q7lEERyfoIG3XQpBSHEAR4p8tDvnDTEIQ3GwaR01EKPev_VEuvBsEn0jgru_1ykjV87DhxZilo6_rYIBNdv-ajSJfugXw9VhCjxtN9hf4alDKEDTssuUAKIWcCXLwmaoaozyzI&sig=Cg0ArKJSzLPONMzTChbgEAE&uach_m=[UACH]&adurl=
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 25 Feb 2022 21:55:56 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
expires
Fri, 25 Feb 2022 21:55:56 GMT
i
www.i.matheranalytics.com/ Frame A494 		43 B
245 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.i.matheranalytics.com/i?e=ue&ue_na=Ad%20Impression&ue_px=eyJlYWlkIjoiNTkyNTc3NTQxNCIsImVidXkiOiIyOTg0MDAxOTg4IiwiZWFkdiI6IjUwODE3MjUxNTAiLCJlY2lkIjoiMTM4MzgxNTM5ODIwIiwiZWVudiI6ImoiLCJlcGlkIjoiMTM3MDY4MTQiLCJlc2lkIjoiMTM3MDUxMzQifQ&tv=js-3.0.146&tna=Mather&aid=v1&p=web&tz=Etc%2FUnknown&tzoff=0&lang=en-US&cs=UTF-8&navt=link&f_pdf=1&res=1600x1200&cd=24&cookie=1&f_es6=1&f_gears=2&tvltm=7&tvcfg=all&tid=dbb2c32b-e5d8-479a-ba71-9335dcf82f79&uid=Unregistered&pid=d3457060-15e8-4da0-9512-be3bce3d36e9&dtm=1645826156520&qnm=_matherq&visible=1&tabid=cf85f918-aef1-45d9-a7ce-5912af46ef5f&url=https%3A%2F%2Fwww.newsobserver.com%2Fnews%2Fbusiness%2Farticle257921743.html%3Futm_medium%3Demail%26amp&vp=0x0&ds=0x0&tofa=1645826155&vid=1&lvidt=1645826155&duid=87875a7fa36c0041&fp=839606422&cid=ma12095&mrk=74930332
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.80.118.188 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-80-118-188.compute-1.amazonaws.com
Software
/
Resource Hash
d6fbd6d46b0a1be6a3cdc49f712f83d661805a42fc37993340e2cc4493819adc

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Fri, 25 Feb 2022 21:55:56 GMT
Connection
keep-alive
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
Content-Length
43
Content-Type
image/gif
truncated
/ Frame E84F 		209 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
41b10e875b631a5107c4bb4883bf9b9b2a526fda141ae35b7faa962ae060de0b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type
image/png
request.php
hal900022.redintelligence.net/ Frame F973
Redirect Chain
  • https://hal900022.redintelligence.net/request.php?zone=j7ljeqx6jfhz&nw=20&renderingType=javascript&namespace=f7b9c5f8dd&subid=&uid=a20ecdda5af80927&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...
  • https://hal900022.redintelligence.net/request.php?zone=j7ljeqx6jfhz&nw=20&renderingType=javascript&namespace=f7b9c5f8dd&subid=&uid=a20ecdda5af80927&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...
4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hal900022.redintelligence.net/request.php?zone=j7ljeqx6jfhz&nw=20&renderingType=javascript&namespace=f7b9c5f8dd&subid=&uid=a20ecdda5af80927&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Aapn&envData=&gdpr=%5BBID_ATTR.gdpr_flag%5D&gdpr_consent=%5BBID_ATTR.gdpr_str%5D&ud=&redirectClick=http%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D5105979629534633494%26mt_id%3D6622395%26mt_adid%3D216536%26redirect%3D&documentReferer=https%3A%2F%2Fwww.newsobserver.com%2Fnews%2Fbusiness%2Farticle257921743.html%3Futm_medium%3Demail%26amp&ancestorOrigins=https%3A%2F%2Fwww.newsobserver.com&random=4957907411894&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
Protocol
HTTP/1.1
Server
144.76.104.53 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.53.104.76.144.clients.your-server.de
Software
Apache /
Resource Hash
808dac61dc1b335537a242fdcd4e3506a7c3d4307cc7b0b14cfab69f3bcb596d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 25 Feb 2022 21:55:56 GMT
Content-Encoding
gzip
Server
Apache
Vary
Accept-Encoding
P3P
CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control
no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId
96548700200570900951425011881022
Connection
close
Content-Type
application/x-javascript; charset=utf-8
Content-Length
1310
Expires
Fri, 25 Feb 2022 21:55:56 +0100

Redirect headers

Pragma
no-cache
Date
Fri, 25 Feb 2022 21:55:56 GMT
Server
Apache
P3P
CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location
request.php?zone=j7ljeqx6jfhz&nw=20&renderingType=javascript&namespace=f7b9c5f8dd&subid=&uid=a20ecdda5af80927&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Aapn&envData=&gdpr=%5BBID_ATTR.gdpr_flag%5D&gdpr_consent=%5BBID_ATTR.gdpr_str%5D&ud=&redirectClick=http%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D5105979629534633494%26mt_id%3D6622395%26mt_adid%3D216536%26redirect%3D&documentReferer=https%3A%2F%2Fwww.newsobserver.com%2Fnews%2Fbusiness%2Farticle257921743.html%3Futm_medium%3Demail%26amp&ancestorOrigins=https%3A%2F%2Fwww.newsobserver.com&random=4957907411894&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Cache-Control
no-store, no-cache, must-revalidate, max-age=0
Connection
close
Content-Type
text/html; charset=UTF-8
Content-Length
0
Expires
Fri, 25 Feb 2022 21:55:56 +0100
pixels
ssp-sync.criteo.com/user-sync/ 		699 B
809 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ssp-sync.criteo.com/user-sync/pixels?countrycode=DE
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.83 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
bfa419bc604da1ea251c5fcc59bbbc1a6f973b61990ec5b24dd21ad56b8e17ff
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:55:55 GMT
content-encoding
br
server
Kestrel
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.newsobserver.com
cache-control
no-store,max-age=0
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; preload;
events
bidder.criteo.com/csm/ 		0
221 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://bidder.criteo.com/csm/events
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
bidder.am5.vip.prod.criteo.com
Software
Finatra /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://www.newsobserver.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Fri, 25 Feb 2022 21:55:55 GMT
server
Finatra
vary
Origin
access-control-allow-origin
https://www.newsobserver.com
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; preload;
timing-allow-origin
*
collect
stats.g.doubleclick.net/j/ Frame AD54 		4 B
446 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-48279682-1&cid=1127891160.1645826156&jid=1578108418&gjid=1628211420&_gid=15620806.1645826156&_u=YFBAAAAACAAAAC~&z=1135393273
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c00::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.newsobserver.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Fri, 25 Feb 2022 21:55:56 GMT
content-type
text/plain
access-control-allow-origin
https://www.newsobserver.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame F4D4 		13 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length
5046
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
date
Fri, 25 Feb 2022 17:53:53 GMT
expires
Sat, 25 Feb 2023 17:53:53 GMT
cache-control
public, max-age=31536000
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
content-type
text/html
age
14523
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
aframe
www.google.com/recaptcha/api2/ Frame 8B19 		783 B
533 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
95b2f026f7df6a9a342aa8113762767e0f2b493fff09ac405017a6c9ad43f000
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-tEGcsQxfeIaIv+4iWe8/OA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/

Response headers

cross-origin-resource-policy
cross-origin
cross-origin-embedder-policy
require-corp
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires
Fri, 25 Feb 2022 21:55:56 GMT
date
Fri, 25 Feb 2022 21:55:56 GMT
cache-control
private, max-age=300
content-type
text/html; charset=utf-8
content-security-policy
script-src 'report-sample' 'nonce-tEGcsQxfeIaIv+4iWe8/OA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
511
server
GSE
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
j
rp4.liadm.com/ Frame 7846
Redirect Chain
  • https://rp.liadm.com/j?dtstmp=1645826156645&aid=a-01ec&se=e30&duid=287830b26e9e--01fwse49xm2ypmpnw2wce6b8dv&tna=v2.3.0&pu=https%3A%2F%2Fwww.newsobserver.com%2Fnews%2Fbusiness%2Farticle257921743.htm...
  • https://rp4.liadm.com/j?dtstmp=1645826156645&aid=a-01ec&se=e30&duid=287830b26e9e--01fwse49xm2ypmpnw2wce6b8dv&tna=v2.3.0&pu=https%3A%2F%2Fwww.newsobserver.com%2Fnews%2Fbusiness%2Farticle257921743.ht...
49 B
587 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://rp4.liadm.com/j?dtstmp=1645826156645&aid=a-01ec&se=e30&duid=287830b26e9e--01fwse49xm2ypmpnw2wce6b8dv&tna=v2.3.0&pu=https%3A%2F%2Fwww.newsobserver.com%2Fnews%2Fbusiness%2Farticle257921743.html%3Futm_medium%3Demail%26amp&ext_ixwrapperliveintentip=%7B%22t%22%3A1645826155398%2C%22d%22%3A%7B%22response%22%3A%22error%22%2C%22version%22%3A%221.1.1%22%2C%22data%22%3A%22response%20missing%20id%20and%2For%20keyID%22%7D%2C%22e%22%3A1645912555398%7D&wpn=lc-bundle&c=PHRpdGxlPkxpdmVDb25uZWN0IFBpeGVsPC90aXRsZT4&i6=MmEwMjo2ZWEwOmM3MWI6MDoxMDEyOjM3YWI6OWE0NTpmZmU3
Protocol
H2
Server
3.224.47.34 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-224-47-34.compute-1.amazonaws.com
Software
/
Resource Hash
4fcdfd7851af4fa7856fcbd6fab17f118f8b6000caad9cf9a1f9263e0e68dc59
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:55:57 GMT
x-pixel-event-id
22ad569c-11ce-498e-8d85-15a07dcafe1a
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
x-permitted-cross-domain-policies
master-only
x-frame-options
DENY
content-type
application/json
access-control-allow-origin
null
x-xss-protection
1; mode=block
vary
Origin
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
trace-id
1ac3d6bb34c321db
request-time
1
content-length
49
x-content-type-options
nosniff

Redirect headers

date
Fri, 25 Feb 2022 21:55:56 GMT
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
x-permitted-cross-domain-policies
master-only
location
https://rp4.liadm.com/j?dtstmp=1645826156645&aid=a-01ec&se=e30&duid=287830b26e9e--01fwse49xm2ypmpnw2wce6b8dv&tna=v2.3.0&pu=https%3A%2F%2Fwww.newsobserver.com%2Fnews%2Fbusiness%2Farticle257921743.html%3Futm_medium%3Demail%26amp&ext_ixwrapperliveintentip=%7B%22t%22%3A1645826155398%2C%22d%22%3A%7B%22response%22%3A%22error%22%2C%22version%22%3A%221.1.1%22%2C%22data%22%3A%22response%20missing%20id%20and%2For%20keyID%22%7D%2C%22e%22%3A1645912555398%7D&wpn=lc-bundle&c=PHRpdGxlPkxpdmVDb25uZWN0IFBpeGVsPC90aXRsZT4&i6=MmEwMjo2ZWEwOmM3MWI6MDoxMDEyOjM3YWI6OWE0NTpmZmU3
x-frame-options
DENY
access-control-allow-origin
https://www.newsobserver.com
x-xss-protection
1; mode=block
vary
Origin
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
trace-id
2776c61c7d3cd153
request-time
0
content-length
0
x-content-type-options
nosniff
match
ssp-sync.criteo.com/user-sync/
Redirect Chain
  • https://match.prod.bidr.io/cookie-sync/cri?r=https%3a%2f%2fssp-sync.criteo.com%2fuser-sync%2fmatch%3fp%3dIyhCxV9hQURSTW9kUk5VTFAwSzZhYWxwck4yeE9MQmRVOXFEJTJCS0RqN0dQeE9aeFElM0Q%26u%3d%24%7bUSER_ID%...
  • https://match.prod.bidr.io/cookie-sync/cri?r=https%3A%2F%2Fssp-sync.criteo.com%2Fuser-sync%2Fmatch%3Fp%3DIyhCxV9hQURSTW9kUk5VTFAwSzZhYWxwck4yeE9MQmRVOXFEJTJCS0RqN0dQeE9aeFElM0Q%26u%3D%24%7BUSER_ID%...
  • https://ssp-sync.criteo.com/user-sync/match?p=IyhCxV9hQURSTW9kUk5VTFAwSzZhYWxwck4yeE9MQmRVOXFEJTJCS0RqN0dQeE9aeFElM0Q&u=AAFuv07EMqEAAHxEK4bs6A&gdpr=false
0
141 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssp-sync.criteo.com/user-sync/match?p=IyhCxV9hQURSTW9kUk5VTFAwSzZhYWxwck4yeE9MQmRVOXFEJTJCS0RqN0dQeE9aeFElM0Q&u=AAFuv07EMqEAAHxEK4bs6A&gdpr=false
Protocol
H2
Server
178.250.2.83 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:55:56 GMT
cache-control
no-store,max-age=0
cross-origin-resource-policy
cross-origin
server
Kestrel
strict-transport-security
max-age=31536000; preload;

Redirect headers

location
https://ssp-sync.criteo.com/user-sync/match?p=IyhCxV9hQURSTW9kUk5VTFAwSzZhYWxwck4yeE9MQmRVOXFEJTJCS0RqN0dQeE9aeFElM0Q&u=AAFuv07EMqEAAHxEK4bs6A&gdpr=false
Date
Fri, 25 Feb 2022 21:55:56 GMT
Server
nginx
Connection
keep-alive
Content-Length
0
strict-transport-security
max-age=2592000; includeSubDomains
match
ssp-sync.criteo.com/user-sync/
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=criteo&custom_data=kyHP7l9KdSUyQjR2SmhYNHkyZlN2U3ZNV05XMVhybUIwQWd4dGVYSE5NJTJCQmlERXFPTSUzRA&gdpr=false&gdpr_consent=&us_privacy=&cr_user_id=k-lq7WSQYrPOr7SSR9r0kf...
  • https://x.bidswitch.net/ul_cb/sync?ssp=criteo&custom_data=kyHP7l9KdSUyQjR2SmhYNHkyZlN2U3ZNV05XMVhybUIwQWd4dGVYSE5NJTJCQmlERXFPTSUzRA&gdpr=false&gdpr_consent=&us_privacy=&cr_user_id=k-lq7WSQYrPOr7SS...
  • https://rtb.mfadsrvr.com/sync?ssp=bidswitch&bidswitch_ssp_id=criteo&bsw_user_id=a72f5e15-275d-4ac5-badb-c26004de2a3e
  • https://rtb.mfadsrvr.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=criteo&bsw_user_id=a72f5e15-275d-4ac5-badb-c26004de2a3e
  • https://x.bidswitch.net/sync?dsp_id=250&expires=14&user_id=04c6b035-fef6-4bfb-9cc2-9181f4c4e87b&ssp=criteo
  • https://ssp-sync.criteo.com/user-sync/match?p=kyHP7l9KdSUyQjR2SmhYNHkyZlN2U3ZNV05XMVhybUIwQWd4dGVYSE5NJTJCQmlERXFPTSUzRA&u=a72f5e15-275d-4ac5-badb-c26004de2a3e
0
141 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssp-sync.criteo.com/user-sync/match?p=kyHP7l9KdSUyQjR2SmhYNHkyZlN2U3ZNV05XMVhybUIwQWd4dGVYSE5NJTJCQmlERXFPTSUzRA&u=a72f5e15-275d-4ac5-badb-c26004de2a3e
Protocol
H2
Server
178.250.2.83 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:55:56 GMT
cache-control
no-store,max-age=0
cross-origin-resource-policy
cross-origin
server
Kestrel
strict-transport-security
max-age=31536000; preload;

Redirect headers

Location
//ssp-sync.criteo.com/user-sync/match?p=kyHP7l9KdSUyQjR2SmhYNHkyZlN2U3ZNV05XMVhybUIwQWd4dGVYSE5NJTJCQmlERXFPTSUzRA&u=a72f5e15-275d-4ac5-badb-c26004de2a3e
Date
Fri, 25 Feb 2022 21:55:56 GMT
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
0
match
ssp-sync.criteo.com/user-sync/
Redirect Chain
  • https://sync.taboola.com/sg/criteoscod/1/cm?redirect=https%3a%2f%2fssp-sync.criteo.com%2fuser-sync%2fmatch%3fp%3df2i28l9WdDlocFMlMkYlMkZwJTJGUnUzQXJoRXdmQm1KU0NKOHA4R2hWSlZXWUIlMkZLNyUyRkhDRSUzRA%2...
  • https://ssp-sync.criteo.com/user-sync/match?p=f2i28l9WdDlocFMlMkYlMkZwJTJGUnUzQXJoRXdmQm1KU0NKOHA4R2hWSlZXWUIlMkZLNyUyRkhDRSUzRA&u=a8038f00-149d-4891-b51e-b2300493663a-tuct912d5ec
0
141 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssp-sync.criteo.com/user-sync/match?p=f2i28l9WdDlocFMlMkYlMkZwJTJGUnUzQXJoRXdmQm1KU0NKOHA4R2hWSlZXWUIlMkZLNyUyRkhDRSUzRA&u=a8038f00-149d-4891-b51e-b2300493663a-tuct912d5ec
Protocol
H2
Server
178.250.2.83 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:55:56 GMT
cache-control
no-store,max-age=0
cross-origin-resource-policy
cross-origin
server
Kestrel
strict-transport-security
max-age=31536000; preload;

Redirect headers

location
https://ssp-sync.criteo.com/user-sync/match?p=f2i28l9WdDlocFMlMkYlMkZwJTJGUnUzQXJoRXdmQm1KU0NKOHA4R2hWSlZXWUIlMkZLNyUyRkhDRSUzRA&u=a8038f00-149d-4891-b51e-b2300493663a-tuct912d5ec
date
Fri, 25 Feb 2022 21:55:56 GMT
access-control-allow-credentials
true
server
nginx
x-fastly-to-nlb-rtt
19513
/
www.facebook.com/tr/ Frame 2CC3 		44 B
295 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=1081709588515684&ev=PageView&dl=https%3A%2F%2Fwww.newsobserver.com%2Fnews%2Fbusiness%2Farticle257921743.html%3Futm_medium%3Demail%26amp&rl=&if=true&ts=1645826156744&sw=1600&sh=1200&v=2.9.52&r=stable&ec=0&o=30&fbp=fb.1.1645826156743.1250820515&it=1645826156436&coo=false&exp=p1&rqm=GET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:55:56 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
44
expires
Fri, 25 Feb 2022 21:55:56 GMT
/
www.facebook.com/tr/ Frame 2CC3 		44 B
101 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=1081709588515684&ev=ViewContent&dl=https%3A%2F%2Fwww.newsobserver.com%2Fnews%2Fbusiness%2Farticle257921743.html%3Futm_medium%3Demail%26amp&rl=&if=true&ts=1645826156745&sw=1600&sh=1200&v=2.9.52&r=stable&ec=1&o=30&fbp=fb.1.1645826156743.1250820515&it=1645826156436&coo=false&exp=p1&rqm=GET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:55:56 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
44
expires
Fri, 25 Feb 2022 21:55:56 GMT
pixel;r=1075076165;labels=NAO;rf=0;a=p-50B2Fi6bBqYto;url=https%3A%2F%2Fwww.newsobserver.com%2Fnews%2Fbusiness%2Farticle257921743.html%3Futm_medium%3Demail%26amp;uht=2;fpan=1;fpa=P0-1321686590-16458...
pixel.quantserve.com/ Frame 8B78 		35 B
372 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.quantserve.com/pixel;r=1075076165;labels=NAO;rf=0;a=p-50B2Fi6bBqYto;url=https%3A%2F%2Fwww.newsobserver.com%2Fnews%2Fbusiness%2Farticle257921743.html%3Futm_medium%3Demail%26amp;uht=2;fpan=1;fpa=P0-1321686590-1645826156749;pbc=;ns=1;ce=1;qjs=1;qv=b4915a16-20220201183321;cm=;gdpr=0;ref=;d=newsobserver.com;je=0;sr=1600x1200x24;dst=0;et=1645826156748;tzo=0;ogl=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800b:21:f716:921a:893c:c3d8 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 25 Feb 2022 21:55:57 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control
private, no-cache, no-store, proxy-revalidate
content-type
image/gif
content-length
35
expires
Fri, 04 Aug 1978 12:00:00 GMT
ga-audiences
www.google.com/ads/ Frame AD54 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-48279682-1&cid=1127891160.1645826156&jid=1578108418&_u=YFBAAAAACAAAAC~&z=1359959527
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 25 Feb 2022 21:55:56 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ Frame AD54 		42 B
501 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-48279682-1&cid=1127891160.1645826156&jid=1578108418&_u=YFBAAAAACAAAAC~&z=1359959527
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 25 Feb 2022 21:55:56 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
en.json
cdn-prod.securiti.ai/consent/cookie_banner/0451dd58-47bb-4a6e-9e6f-7fbe4070b019/a789e563-e41f-4a00-97ce-3519ab228929/ 		44 KB
29 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn-prod.securiti.ai/consent/cookie_banner/0451dd58-47bb-4a6e-9e6f-7fbe4070b019/a789e563-e41f-4a00-97ce-3519ab228929/en.json
Requested by
Host: cdn-prod.securiti.ai
URL: https://cdn-prod.securiti.ai/consent/cookie-consent-sdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:7600:12:1bf:30c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d3bf3c7c44408c98d49e2f8e29731eca94a4f52c65286c38695fdce386a93f89
Security Headers
Name Value
Content-Security-Policy default-src 'none'; img-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; object-src 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-amz-version-id
yRKf.f4alIj5e2cKbnWoAL56WP9osoSR
content-encoding
gzip
x-content-type-options
nosniff
age
17508
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
vary
Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
no-referrer
last-modified
Wed, 19 Jan 2022 17:54:32 GMT
server
AmazonS3
x-frame-options
DENY
date
Fri, 25 Feb 2022 17:04:08 GMT
access-control-max-age
0
access-control-allow-methods
GET, HEAD
content-type
application/json
via
1.1 f6c241b75ae7d21ac836339454ab90b8.cloudfront.net (CloudFront)
cache-control
public,max-age=86400
etag
W/"2473c5e5332c3cd27c7816a864d25e50"
content-security-policy
default-src 'none'; img-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; object-src 'none'
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
O5iLKFUOrUnHUwmNsphaRsixty69DSZw-ctTp8t-GaJgovL2kue4kg==
location
app.securiti.ai/core/v1/utils/geo/ 		862 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.securiti.ai/core/v1/utils/geo/location
Requested by
Host: cdn-prod.securiti.ai
URL: https://cdn-prod.securiti.ai/consent/cookie-consent-sdk.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.240.106.223 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-44-240-106-223.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
411085cb261352fa3c96129f4fff9ebf8a4826c46b9a61fd746a550f0bad3505
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=315360000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:55:57 GMT
x-content-type-options
nosniff
x-frame-options
DENY
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.newsobserver.com
content-security-policy
default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline';
strict-transport-security
max-age=315360000
content-length
862
x-xss-protection
1; mode=block
sa.css
tags.srv.stackadapt.com/ Frame 90D7 		65 B
292 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://tags.srv.stackadapt.com/sa.css
Requested by
Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.193.254.175 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-193-254-175.compute-1.amazonaws.com
Software
/
Resource Hash
bc3d00772523b8cafdc54048d0867a792191304dc4bcfe24a4bc2874eeb928a9

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Fri, 25 Feb 2022 21:55:56 GMT
Cache-Control
only-if-cached, no-transform, private, max-age=7776000
Connection
keep-alive
Content-Length
65
Content-Type
text/css
sa.jpeg
tags.srv.stackadapt.com/ Frame 90D7 		0
881 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://tags.srv.stackadapt.com/sa.jpeg
Requested by
Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.193.254.175 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-193-254-175.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Fri, 25 Feb 2022 21:55:57 GMT
Cache-Control
only-if-cached, no-transform, private, max-age=7776000
Connection
keep-alive
Content-Length
651
Content-Type
image/jpeg
t
pixel.everesttech.net/7996/ Frame D5C4 		128 B
705 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.everesttech.net/7996/t?ev_ContentPage_Story=1&timestamp=1645826156414
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.215.248.120 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-215-248-120.eu-west-1.compute.amazonaws.com
Software
Apache /
Resource Hash
bf94db5c7d218f9a2a2edfff6c01bf65f5946a32000cd41835fee5b564efa62f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Fri, 25 Feb 2022 21:55:56 GMT
Last-Modified
Mon, 19 Jul 2021 07:56:25 GMT
Server
Apache
ETag
"b3b521-80-5c775461d9c40"
Vary
Cookie
P3P
CP="NOI DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT", CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control
no-cache, no-cache
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
image/png
Content-Length
128
1x1
pixel.everesttech.net/ Frame D5C4
Redirect Chain
  • https://cm.everesttech.net/cm
  • https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&url=/1x1&google_hm=WWhsUWFnQUktRUdzR1FCSA
  • https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1x1&google_gid=CAESEDi99AhdhB8uCppcaUTw4Q4&google_cver=1
  • https://pixel.everesttech.net/1x1
128 B
691 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.everesttech.net/1x1
Protocol
HTTP/1.1
Server
52.215.248.120 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-215-248-120.eu-west-1.compute.amazonaws.com
Software
Apache /
Resource Hash
bf94db5c7d218f9a2a2edfff6c01bf65f5946a32000cd41835fee5b564efa62f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Fri, 25 Feb 2022 21:55:56 GMT
Last-Modified
Mon, 19 Jul 2021 07:56:25 GMT
Server
Apache
ETag
"b3b521-80-5c775461d9c40"
P3P
CP="NOI DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT", CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control
no-cache, no-cache
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
image/png
Content-Length
128

Redirect headers

Location
https://pixel.everesttech.net/1x1
Date
Fri, 25 Feb 2022 21:55:56 GMT
Cache-Control
no-cache
Server
AMO-cookiemap/1.1
Connection
keep-alive
Content-Length
0
P3P
CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
gen_204
pagead2.googlesyndication.com/pagead/ 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=gpt_fc_has_namespace_but_no_iframes&pvsid=1613147592311906&vrg=2022022401&nw_id=7675&nslots=4&eid=31065353%2C31064019&pub_url=https%3A%2F%2Fwww.newsobserver.com%2Fnews%2Fbusiness%2Farticle257921743.html%3Futm_medium%3Demail%26amp&networkId=7675
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 25 Feb 2022 21:55:56 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
integrator.js
adservice.google.de/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=www.newsobserver.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022401.js?cb=31065353
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 25 Feb 2022 21:55:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=www.newsobserver.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022401.js?cb=31065353
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 25 Feb 2022 21:55:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/ 		325 B
161 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1613147592311906&correlator=1065812647516012&output=ldjh&impl=fifs&eid=31065353%2C31064019&vrg=2022022401&ptt=17&sc=1&sfv=1-0-38&ecs=20220225&iu_parts=7675%2CRAL.site_newsobserver%2CBusiness&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=970x90&prev_scp=position%3Dzeus_fixed-bottom%26slot%3Dinline-card%26optimera%3DZ%2CC0%2CD4%2CJ0%2CSA1%2CSA2%2CSA3%2CK2%2CI9%2CI8%2CI7%2CI6%2COC3%2CB%26zeus_rendercount%3D1%26zeus_slot%3Dzeus_inline-card-1000.init.dsk%26amznbid%3D2%26amznp%3D2%26crt_pb%3D0.07%26crt_bidid%3Dryyect%26zeus_pubmatic%3D3%26zeus_auctionid_pubmatic%3Deaea3dc6-7fc2-4552-a21e-60882c002d76%26zeus_appnexus%3D3%26zeus_auctionid_appnexus%3D35016665013494899&eri=1&cust_params=zeus%3Dapplied%26cob%3Dy%26id%3D257921743%26pl%3Dstory%26ref%3D%26sect%3Dbusiness%26sids%3D10604%252C7041%252C7043%252C10652%252C10628%26sub%3Dn%26swgt%3Dna%26top%3D%26vl%3D0&cookie=ID%3D8594f2fd7411c77e%3AT%3D1645826155%3AS%3DALNI_Ma8aWTVWAXAotD7fbR6TpWkbpHqdg&bc=31&abxe=1&dt=1645826156791&lmt=1645826156&dlt=1645826154446&idt=708&frm=20&biw=1600&bih=1200&oid=2&adxs=800&adys=1192&ucis=4&adks=3743186484&ifi=4&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&dmc=8&url=https%3A%2F%2Fwww.newsobserver.com%2Fnews%2Fbusiness%2Farticle257921743.html%3Futm_medium%3Demail%26amp&vis=1&scr_x=0&scr_y=0&psz=1x-1&msz=1x-1&psts=AGkb-H_ySvw19X0PTxUuPO9ub-YiMclhyqNj3tuUp1KhA04xh-fRHjjZ5R014QjEC1EXGuvQo7HGcDXRT-ggvkvGRD70%2CAGkb-H94iCGrXl6Ss_CYqAZ2wGlJx-tTy19R1W2MCqnY9JalVmi-jXsY2fZiS-oDcsDJTtLkV-njO4gwnN_nhA%2CAGkb-H_301PXhJS2xkkI3pdG49ldJ3ioP_qnrnz0rb6Hwt-9OSZz7Ct6tW0Fu62w8o4BNZaw25dxjvQgAPi3Kw&ga_vid=1728467906.1645826156&ga_sid=1645826156&ga_hid=1169828248&ga_fc=false&fws=512&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&a3p=Eh4KDmVzcC5jcml0ZW8uY29tEgAY79GIl_MvRQAAAAA.&nvt=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022401.js?cb=31065353
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
cafe /
Resource Hash
c4b05519bc96db8b65e056e8272009893742b83e0d8f4212b533a09a1e2c1f0c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:55:57 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
132
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.newsobserver.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame 8B19 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022022401&jk=1613147592311906&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers
U5D2RVqZ1PRjVXB30NjW_eGY8d3xtAEXQJvJ3b52R2Q.js
pagead2.googlesyndication.com/bg/ Frame F4D4 		36 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/U5D2RVqZ1PRjVXB30NjW_eGY8d3xtAEXQJvJ3b52R2Q.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5390f6455a99d4f463557077d0d8d6fde198f1ddf1b40117409bc9ddbe764764
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 18:43:23 GMT
content-encoding
br
x-content-type-options
nosniff
age
11553
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13821
x-xss-protection
0
last-modified
Wed, 23 Feb 2022 16:08:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sat, 25 Feb 2023 18:43:23 GMT
view.aspx
pb.media01.eu/ Frame 9423
Redirect Chain
  • https://pv.medialead.de/trck/epv/e99aace94e6e5873830a7df8deda4aa6?subid=96548700200570900951425011881022&t=htlp
  • https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=96548700200570900951425011881022&actionid=981741&produktid=&dt_url=
0
630 B 		Document
General
Check archive.org
Download Go to
Full URL
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=96548700200570900951425011881022&actionid=981741&produktid=&dt_url=
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
88.198.250.30 Baienfurt, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.88-198-250-30.clients.your-server.de
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/

Response headers

cache-control
no-cache, must-revalidate
pragma
no-cache
content-type
text/html; charset=UTF-8
expires
Mon, 26 Jul 1997 05:00:00 GMT
last-modified
Fri, 25 Feb 2022 10:55:56 GMT
server
Microsoft-IIS/10.0
p3p
policyref="https://pb.media01.eu/pb.media01.eu/p3p.xml", CP="NOI NID PSA OUR BUS NAV STA"
access-control-allow-origin
*
access-control-allow-credentials
true
x-xss-protection
1; mode=block
access-control-allow-methods
GET,POST
access-control-allow-headers
Content-Type, Content-Range, Content-Disposition, Content-Description, X-XSRF-TOKEN, X-Location
x-aspnet-version
4.0.30319
x-powered-by
ASP.NET
date
Fri, 25 Feb 2022 21:55:56 GMT
content-length
0

Redirect headers

Server
nginx/1.17.5
Date
Fri, 25 Feb 2022 21:55:57 GMT
Content-Type
application/javascript
Content-Length
0
Keep-Alive
timeout=20
Location
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=96548700200570900951425011881022&actionid=981741&produktid=&dt_url=
Host
pv.medialead.de
Proxy-Host
pv.medialead.de
X-IPLB-Request-ID
8AC72685:E6C4_91EFC182:01BB_6219506C_35B0F36:F725
Strict-Transport-Security
max-age=15768000
X-IPLB-Instance
40027
/
adv.office-partner.de/ Frame 027B 		930 B
931 B 		Document
General
Check archive.org
Download Go to
Full URL
https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software
keycdn-engine /
Resource Hash
384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/

Response headers

server
keycdn-engine
date
Fri, 25 Feb 2022 21:55:56 GMT
content-type
text/html
content-length
552
x-accel-version
0.01
last-modified
Thu, 06 May 2021 15:37:28 GMT
etag
"3a2-5c1ab16b3be00-gzip"
vary
Accept-Encoding
content-encoding
gzip
expires
Fri, 04 Mar 2022 21:55:56 GMT
cache-control
max-age=604800
link
<https://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains>; rel="canonical"
x-cache
HIT
x-edge-location
defr
access-control-allow-origin
*
accept-ranges
bytes
link.html
track.webgains.com/ Frame F973 		1 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://track.webgains.com/link.html?wglinkid=2513135&wgcampaignid=99582&js=1&viewref=96548700200570900951425011881022&nw=1
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_CBC
Server
46.236.13.147 , United Kingdom, ASN12703 (PULSANT-AS, GB),
Reverse DNS
46-236-13-147.servers.dedipower.net
Software
Apache /
Resource Hash
1dd60fad6130583e2d37759b814687d176acd3714786c44189072b17f6994a9a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 25 Feb 2022 21:55:57 GMT
Last-Modified
Fri, 25 Feb 2022 21:55:57 GMT
Server
Apache
P3P
policyref="http://www.webgains.com/w3c/p3p.xml", CP="NON DSP COR NID ADM DEV CURi OUR NOR COM NAV"
X-WG-cache
hit
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection
close
Content-Type
text/html;charset=utf-8
Content-Length
1232
Expires
Mon, 26 Jul 1997 05:00:00 GMT
activityi;dc_pre=CMuRy5vsm_YCFU1EHQkdve8Icw;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=2586457850182.3286
5994599.fls.doubleclick.net/ Frame 6BA0
Redirect Chain
  • https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=2586457850182.3286?
  • https://5994599.fls.doubleclick.net/activityi;dc_pre=CMuRy5vsm_YCFU1EHQkdve8Icw;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=2586457850182.3286?
392 B
346 B 		Document
General
Check archive.org
Download Go to
Full URL
https://5994599.fls.doubleclick.net/activityi;dc_pre=CMuRy5vsm_YCFU1EHQkdve8Icw;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=2586457850182.3286?
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.166 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s51-in-f6.1e100.net
Software
cafe /
Resource Hash
f53da17ecb8859ec94ff820393477e6f0e0ce7e157c6e2422b7c75de6e9f6780
Security Headers
Name Value
Strict-Transport-Security max-age=21600
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
date
Fri, 25 Feb 2022 21:55:57 GMT
expires
Fri, 25 Feb 2022 21:55:57 GMT
cache-control
private, max-age=0
strict-transport-security
max-age=21600
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
323
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
date
Fri, 25 Feb 2022 21:55:56 GMT
pragma
no-cache
expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, must-revalidate
follow-only-when-prerender-shown
1
strict-transport-security
max-age=21600
location
https://5994599.fls.doubleclick.net/activityi;dc_pre=CMuRy5vsm_YCFU1EHQkdve8Icw;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=2586457850182.3286?
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
request_content.php
hal900022.redintelligence.net/ Frame 8E36 		7 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://hal900022.redintelligence.net/request_content.php?s=96548700200570900951425011881022&a=ae3657fa
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
144.76.104.53 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.53.104.76.144.clients.your-server.de
Software
Apache /
Resource Hash
d1f18aa9276d6efc7f9f231eb3a6bd52999e6806ee4c6f81b7ad6377037520bf

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/

Response headers

Date
Fri, 25 Feb 2022 21:55:56 GMT
Server
Apache
Cache-Control
no-store, no-cache, must-revalidate, max-age=0
Expires
Fri, 25 Feb 2022 21:55:56 +0100
Pragma
no-cache
P3P
CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Vary
Accept-Encoding
Content-Encoding
gzip
Content-Length
2056
Connection
close
Content-Type
text/html; charset=utf-8
native.png
ad-server.eu/wm/pb/ Frame F973
Redirect Chain
  • https://pv.medialead.de/trck/eview/e99aace94e6e5873830a7df8deda4aa6?subid=96548700200570900951425011881022
  • https://ad-server.eu/wm/pb/native.png
68 B
312 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ad-server.eu/wm/pb/native.png
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
Protocol
HTTP/1.1
Server
54.76.176.197 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-76-176-197.eu-west-1.compute.amazonaws.com
Software
nginx/1.4.6 (Ubuntu) /
Resource Hash
93ae7d494fad0fb30cbf3ae746a39c4bc7a0f8bbf87fbb587a3f3c01f3c5ce20

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Fri, 25 Feb 2022 22:01:38 GMT
Last-Modified
Sat, 21 Dec 2019 23:06:59 GMT
Server
nginx/1.4.6 (Ubuntu)
ETag
"5dfea593-44"
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
68

Redirect headers

Date
Fri, 25 Feb 2022 21:55:57 GMT
Server
nginx/1.17.5
Host
pv.medialead.de
X-IPLB-Request-ID
8AC72685:E6CA_91EFC182:01BB_6219506C_359DD4D:F723
X-IPLB-Instance
40027
Strict-Transport-Security
max-age=15768000
Content-Type
application/go
Location
https://ad-server.eu/wm/pb/native.png
Keep-Alive
timeout=20
Content-Length
0
Proxy-Host
pv.medialead.de
cshow.php
www.awin1.com/ Frame F973 		43 B
702 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.awin1.com/cshow.php?s=2519595&v=14098&q=379097&r=296283&pref1=96548700200570900951425011881022&pv=1
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.239.217 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-239-217.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 25 Feb 2022 21:55:56 GMT
Strict-Transport-Security
max-age=86400
P3P
policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control
no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set
default
Node
Helix
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
0
rd_log
ams1-ib.adnxs.com/ Frame F973 		0
805 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ams1-ib.adnxs.com/rd_log?an_audit=0&referrer=https%3A%2F%2Fwww.newsobserver.com%2Fnews%2Fbusiness%2Farticle257921743.html%3Futm_medium%3Demail%26amp&e=wqT_3QKoBHwoAgAAAwDWAAUBCOug5ZAGEMmZsNKQzoSsOhgAKjYJAA0BABENCCgAGQAAACCuRxtAIRESACkRCfRIATEAAADgUbjyPzCRzMgKOPc6QPc6SABQAFjGnkxgAGjKpGV4l48FgAEBigEAkgEDVVNEmAHKB6AB-gGoAQGwAQC4AQDAAQDIAQDQAQDYAQDgAQDwAQDYAgDgApPgO-oCVWh0dHBzOi8vd3d3Lm5ld3NvYnNlcnZlci5jb20vbmV3cy9idXNpbmVzcy9hcnRpY2xlMjU3OTIxNzQzLmh0bWw_dXRtX21lZGl1bT1lbWFpbCZhbXCAAwCIAwGQAwCYAxegAwGqAwDAA6wCyAMA2AP9G-ADAOgDAPgDAYAEAJIEDS91dC92My9wcmViaWSYBACiBA4xMzguMTk5LjM4LjEzM6gEALIEEAgAEAEYygcg-gEoADAAOAK4BADABADIBADaBAIIAOAEAPAEAIgFAZgFAKAFAMAFAMkFAAAAAAAA8D_SBQkJAAAAJVFo2AUB4AUA8AUA-gUECAAQAJAGAJgGALgGAMEGBSAcAAAA2gYWChABCS4BAFwQABgA4AYA8gYCCACABwGIBwCgBwC6Bw8BREgYACAAMAA4vQZAAMgHl48F0gcNNeIBOAjaBwYJJ0TgBwDqBwIIAPAHh-MCiggCEAA.&s=8729bfd3fd04486ee2f4754c9567a00ecba71afc&bdref=https%3A%2F%2Fwww.newsobserver.com%2Fnews%2Fbusiness%2Farticle257921743.html%3Futm_medium%3Demail%26amp&bdtop=true&bdifs=1&bstk=https%3A%2F%2Fwww.newsobserver.com%2Fnews%2Fbusiness%2Farticle257921743.html%3Futm_medium%3Demail%26amp,https%3A%2F%2Fwww.newsobserver.com%2Fnews%2Fbusiness%2Farticle257921743.html%3Futm_medium%3Demail%26amp&
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.52 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
725.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 25 Feb 2022 21:55:57 GMT
X-Proxy-Origin
138.199.38.133; 138.199.38.133; 725.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid
683d10e5-745f-41a8-a684-13216e3c49e5
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
generate_204
tpc.googlesyndication.com/ Frame F4D4 		0
9 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/generate_204?mdJtTg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:55:56 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
css
fonts.googleapis.com/ Frame 8E36 		4 KB
649 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600
Requested by
Host: hal900022.redintelligence.net
URL: https://hal900022.redintelligence.net/request_content.php?s=96548700200570900951425011881022&a=ae3657fa
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
97efeda8567c33ed3cd7eb616868f1282f50e8ca9ec1ebe3ab632b0913dbdc26
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://hal900022.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Fri, 25 Feb 2022 20:16:22 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Fri, 25 Feb 2022 21:55:56 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 25 Feb 2022 21:55:56 GMT
/
hal9000.redintelligence.net/scale/ Frame 8E36 		16 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/6383/creativesup/pb_goldschmied_1200x627.jpg
Requested by
Host: hal900022.redintelligence.net
URL: https://hal900022.redintelligence.net/request_content.php?s=96548700200570900951425011881022&a=ae3657fa
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
138.201.63.149 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.149.63.201.138.clients.your-server.de
Software
Apache /
Resource Hash
1da19ccd67c659a0869767883f8b4e5089e1acc7bdb8c7742d85e2fa748faa10

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://hal900022.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Fri, 25 Feb 2022 21:55:56 GMT
Content-Encoding
gzip
Server
Apache
Connection
close
Content-Length
16465
Vary
Accept-Encoding
Content-Type
image/png
/
hal9000.redintelligence.net/scale/ Frame 8E36 		16 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/30229/creativesup/1200x627_Office-Partner.jpg
Requested by
Host: hal900022.redintelligence.net
URL: https://hal900022.redintelligence.net/request_content.php?s=96548700200570900951425011881022&a=ae3657fa
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
138.201.63.149 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.149.63.201.138.clients.your-server.de
Software
Apache /
Resource Hash
43075f591294b754c8e0e2568a30341cf6d9e3635719e9def9e5b4b9675ece97

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://hal900022.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Fri, 25 Feb 2022 21:55:56 GMT
Content-Encoding
gzip
Server
Apache
Connection
close
Content-Length
16532
Vary
Accept-Encoding
Content-Type
image/png
/
hal9000.redintelligence.net/scale/ Frame 8E36 		17 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/3839/creativesup/father_daughter_1200x627.jpg
Requested by
Host: hal900022.redintelligence.net
URL: https://hal900022.redintelligence.net/request_content.php?s=96548700200570900951425011881022&a=ae3657fa
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
138.201.63.149 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.149.63.201.138.clients.your-server.de
Software
Apache /
Resource Hash
b11d4ed85ff14bbb39ed9d57952d01466e002f4469cbfa5afd4370bbdaf1996e

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://hal900022.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Fri, 25 Feb 2022 21:55:56 GMT
Content-Encoding
gzip
Server
Apache
Connection
close
Content-Length
16859
Vary
Accept-Encoding
Content-Type
image/png
gtm.js
www.googletagmanager.com/ Frame 027B 		85 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF
Requested by
Host: adv.office-partner.de
URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
7bf60965c05ac6414cbfc34821b53339155efbbccd67624d4ccfef3dc33800a4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://adv.office-partner.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:55:56 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
33371
x-xss-protection
0
last-modified
Fri, 25 Feb 2022 21:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 25 Feb 2022 21:55:56 GMT
viewability
hal900022.redintelligence.net/ Frame 8E36 		0
150 B 		Script
General
Check archive.org
Download Go to
Full URL
https://hal900022.redintelligence.net/viewability?s=96548700200570900951425011881022&a=27a0f355&vb=m
Requested by
Host: hal900022.redintelligence.net
URL: https://hal900022.redintelligence.net/request_content.php?s=96548700200570900951425011881022&a=ae3657fa
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
144.76.104.53 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.53.104.76.144.clients.your-server.de
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://hal900022.redintelligence.net/request_content.php?s=96548700200570900951425011881022&a=ae3657fa
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Fri, 25 Feb 2022 21:55:57 GMT
Server
Apache
Connection
close
Content-Length
0
Content-Type
text/html; charset=UTF-8
6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
fonts.gstatic.com/s/sourcesanspro/v19/ Frame 8E36 		13 KB
13 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/sourcesanspro/v19/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
bc9a16cd945457ad9463cdaed95129b01c589466978dfee3d019d9c604b2171a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://hal900022.redintelligence.net
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Wed, 23 Feb 2022 18:04:09 GMT
x-content-type-options
nosniff
age
186707
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13052
x-xss-protection
0
last-modified
Wed, 23 Feb 2022 17:37:40 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 23 Feb 2023 18:04:09 GMT
6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
fonts.gstatic.com/s/sourcesanspro/v19/ Frame 8E36 		13 KB
13 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/sourcesanspro/v19/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c124c88ca4fcb4336e97617647ef0d32441329371120c8eabaea0fea226560b0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://hal900022.redintelligence.net
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Wed, 23 Feb 2022 18:03:30 GMT
x-content-type-options
nosniff
age
186746
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13036
x-xss-protection
0
last-modified
Wed, 23 Feb 2022 17:39:39 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 23 Feb 2023 18:03:30 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame F973 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssEadIg14utyLDkMXGiJ65HZ6BGFJ2JWF2tGguM8F9yRSFfM4yrb1IKJgvNSJDiSkbg1Bk23K6ZxY5TI72OHiwHtdLfXJueLDy6b2CYTrPjcULjF_Ep7OxArSEKr8d2DPUpGgGWqv574rRzXVP3F1jpZ4DjgQ8LfUxxftMICtPOo3_RHLfAokzngyoRNk89kg_ayiNDh0EnsOKW284cHaGhUPI968ult4cjjA5g4wPY1TmM8XmIagLwvazD-SvR6_xfsCBu863jQ_qJTDBHPqHf46qvVz_U13KxjJCjenfOtwp5_9pFAELHyIsEH-2ODHoOHgt-I0r36v2xbIF_Zlk&sig=Cg0ArKJSzEeqCAYOlU8aEAE&uach_m=[UACH]&urlfix=1&adurl=
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 25 Feb 2022 21:55:57 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
expires
Fri, 25 Feb 2022 21:55:57 GMT
i
www.i.matheranalytics.com/ Frame A494 		43 B
245 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.i.matheranalytics.com/i?e=ue&ue_na=Ad%20Impression&ue_px=eyJlYWlkIjoiNTM5MjU2Nzg0NCIsImVidXkiOiIyNzA1MTIyOTY4IiwiZWFkdiI6IjIyMTYzNjkzNCIsImVjaWQiOiIxMzgzMTM5OTYxMTciLCJlZW52IjoiaiIsImVwaWQiOiIxMzcwNjgxNCIsImVzaWQiOiIxMzcwNTEzNCJ9&tv=js-3.0.146&tna=Mather&aid=v1&p=web&tz=Etc%2FUnknown&tzoff=0&lang=en-US&cs=UTF-8&navt=link&f_pdf=1&res=1600x1200&cd=24&cookie=1&f_es6=1&f_gears=2&tvltm=7&tvcfg=all&tid=073b25c7-d19c-4395-bd23-39be4563f788&uid=Unregistered&pid=d3457060-15e8-4da0-9512-be3bce3d36e9&dtm=1645826157028&qnm=_matherq&visible=1&tabid=cf85f918-aef1-45d9-a7ce-5912af46ef5f&url=https%3A%2F%2Fwww.newsobserver.com%2Fnews%2Fbusiness%2Farticle257921743.html%3Futm_medium%3Demail%26amp&vp=0x0&ds=0x0&tofa=1645826155&vid=1&lvidt=1645826155&duid=87875a7fa36c0041&fp=839606422&cid=ma12095&mrk=74930332
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.80.118.188 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-80-118-188.compute-1.amazonaws.com
Software
/
Resource Hash
d6fbd6d46b0a1be6a3cdc49f712f83d661805a42fc37993340e2cc4493819adc

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Fri, 25 Feb 2022 21:55:57 GMT
Connection
keep-alive
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
Content-Length
43
Content-Type
image/gif
truncated
/ Frame F973 		214 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0800158a10a31d0557b6842d746d4c0531cbe5ed569c06fa8b888f46b1199504

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type
image/png
vevent
ams1-ib.adnxs.com/ Frame F973 		0
832 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://ams1-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2Fwww.newsobserver.com%2Fnews%2Fbusiness%2Farticle257921743.html%3Futm_medium%3Demail%26amp&e=wqT_3QLxCuhxBQAAAwDWAAUBCOug5ZAGEN2n94Km4sGhJRgAKjYJPujZrPpcvT8RxjL9EvHWuT8ZAAAA4HoUG0Ahxg0SACkRJMgxAAAAoEfh-j8wkszICjj3OkAdSAhQltqohgFYxp5MYABoyqRleJePBYABAYoBA1VTRJIFBvQFAZgBrAKgAfoBqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEA2AIA4AKT4DvqAlVodHRwczovL3d3dy5uZXdzb2JzZXJ2ZXIuY29tL25ld3MvYnVzaW5lc3MvYXJ0aWNsZTI1NzkyMTc0My5odG1sP3V0bV9tZWRpdW09ZW1haWwmYW1wgAMAiAMBkAMAmAMXoAMBqgOmBgrdBWh0dHA6Ly90YWdzLm1hdGh0YWcuY29tL25vdGlmeS9pbWc_ZXhjaD1hcG4mc19leGNoPWFwbiZpZD01YVc5NXEyakx6SXpMeUF2V21wak5VMXFWVEpQUkdkMFRVUkJkMDFETUhkTlJFRjNURlIBEAxFUVhSCRAEVVINEABkBRDwtkx6VXhNRFU1TnprMk1qazFNelEyTXpNME9UUXZOall5TWpNNU5TODBOVFl5TXpFeUx6RXpMME5vV0cwMVVsTnpaWGczYW5CcVRtNXhkekE0Y1dGWldsbEJkV1ZFU1dkVFlWQkZjVGxDYVRGSU9Ga3ZNUzh4TXk4d0x6QXZPVFUyT0RBekx6SXpNamd6TURjek16TXZNakUyTlRNMkx6WTFNVGczTVM4eEx6QXZNQzlOUkVGM1RVUg3EEdQMTXdkMAHkCGRNVhEgAEUFEAXkGfQMY3ZNQwl8CQhm_ABoZW5Kb0x6QXZNakF3TWk4NU5TODVPVGt2TXpJJQQsT0M0eE9Ua3VNemd1BUwBKPCGQzh4TmpRMU9ESTJNVFUxTHpFMk5EVTRNemczTlRVdk1UTXZOelUwTXk4L1pWeFdEWWlHN0FzcUp5Q1ZNVTRuR0JVenVHUSZub2RlaWQ9MTYyMiZncm91cD16cmgmYXVjdGlvbmlkPTUxMDU5Nzk2Mjk1MzQ2MzM0OTQmc2hhcmRrZXk9NTEwQh0A9BcBcHJpY2U9JHtBVUNUSU9OX1BSSUNFfSZuZnlfYWN0PUxENXdmM1UmYmZpcD0xODUuMjkuMTM1LjYxJnNpZD00NTYyMzEyJmNpZD02NjIyMzk1JnNyYz1hcGkmdHlwZT1idXJsJmNsaWVudD1zMnMSEzUxMDU5Nzk2Mjk1MzQ2MzM0OTQaEzI2ODQ5OTc1NzgzNTA1MTUxNjUiCTI4MTY4NTI3MCoGMTAxOTM2Ogc2NjIyMzk1wAOsAsgDANgD_RvgAwDoAwD4AwGABACSBA0vdXQvdjMvcHJlYmlkmAQAogQOMTM4LjE5OS4zOC4xMzOoBACyBBAIABABGKwCIPoBKAAwADgCuAQAwAQAyAQA2gQCCAHgBAHwBIVCWIgFAZgFAKAFpICLp8--gMlUwAUAyQUABQEU8D_SBQkJBQt8AAAA2AUB4AUB8AX5yyH6BQQIABAAkAYAmAYAuAYAwQYBITQAAPA_0Ab5qwHaBhYKEAkSGQGAEAAYAOAGAfIGAggAgAcBiAcAoAcBqgcGNjUxODcxugcPAVJIGAAgADAAOL0GQADIB5ePBdIHDRWAAUEI2gcGCSdE4AcA6gcCCADwB4fjAooIAhAA&s=12a9bc806d6370cf74a3884cb87c609c54aefffa&type=nv&nvt=5&jm=1003&px=840&py=1463&bw=300&bh=250&sid=3380500121923857863&vd=ct~0|rr~0&sv=224&tv=view7-1hs&ua=chrome52&pl=win&x=v&tag_id=22160914&sw=1600&sh=1200&pw=1600&ph=5235&ww=1600&wh=1200&ft=2
Requested by
Host: cdn.adnxs.com
URL: https://cdn.adnxs.com/v/s/224/trk.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.52 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
725.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 25 Feb 2022 21:55:57 GMT
X-Proxy-Origin
138.199.38.133; 138.199.38.133; 725.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid
705a73a9-7d2b-4c6b-a3bc-08782075eb94
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://www.newsobserver.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
dc_pre=CMuRy5vsm_YCFU1EHQkdve8Icw;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=2586457850182.3286
adservice.google.com/ddm/fls/z/ Frame 6BA0 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://adservice.google.com/ddm/fls/z/dc_pre=CMuRy5vsm_YCFU1EHQkdve8Icw;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=2586457850182.3286
Requested by
Host: 5994599.fls.doubleclick.net
URL: https://5994599.fls.doubleclick.net/activityi;dc_pre=CMuRy5vsm_YCFU1EHQkdve8Icw;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=2586457850182.3286?
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://5994599.fls.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 25 Feb 2022 21:55:57 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pvClk.min.js
analytics.webgains.io/ Frame F973 		51 KB
51 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.webgains.io/pvClk.min.js
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-117.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c6ce2b47cde7cf913a3c34ddce355fa9c75012577dd34c35928add8676cb7fa0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-amz-version-id
wvDglZsFnxZ0eZ1mUErJkFMo1VNidWYJ
via
1.1 e64eb476d8f76c461d21278e018e194e.cloudfront.net (CloudFront)
last-modified
Tue, 09 Nov 2021 11:05:10 GMT
server
AmazonS3
age
56403
etag
"ec0ced40cbb5211db06b8a36f209e442"
x-cache
Hit from cloudfront
content-type
application/javascript
date
Fri, 25 Feb 2022 06:15:55 GMT
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
content-length
51794
x-amz-cf-id
VuyvXRrJnLwwKzbEhXlWBLtw_YSfOuRlvTUQ90UuS6EMp5oQosygCw==
link.html
track.webgains.com/ Frame F973 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.webgains.com/link.html?wgcampaignid=99582&viewref=52056300186879000710690011881005&wglinkid=2513135
Requested by
Host: www.newsobserver.com
URL: https://www.newsobserver.com/news/business/article257921743.html?utm_medium=email&amp
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_CBC
Server
46.236.13.147 , United Kingdom, ASN12703 (PULSANT-AS, GB),
Reverse DNS
46-236-13-147.servers.dedipower.net
Software
Apache /
Resource Hash
232d3fbf590a584138bb563319747dbef0c9e41db91f19ff45d41e785a5f4f98

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 25 Feb 2022 21:55:57 GMT
Last-Modified
Fri, 25 Feb 2022 21:55:57 GMT
Server
Apache
P3P
policyref="http://www.webgains.com/w3c/p3p.xml", CP="NON DSP COR NID ADM DEV CURi OUR NOR COM NAV"
X-WG-cache
hit
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection
close
Content-Type
image/png
Content-Length
2808
Expires
Mon, 26 Jul 1997 05:00:00 GMT
saq_pxl
tags.srv.stackadapt.com/ Frame 90D7 		138 B
447 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tags.srv.stackadapt.com/saq_pxl?uid=hXFHelqg_0qGLqDaoIkgLQ&is_js=true&landing_url=https%3A%2F%2Fwww.newsobserver.com&t=StackAdapt%20Pixel&host=https://www.newsobserver.com&sa_conv_data_css_value=%20%220-174d0351-3a7a-4264-4a44-e1d8fb9cdd39%22&sa_conv_data_image_value=ffd8ffe000104a46494600010101006000600000ffdb004300080606070605080707070909080a0c140d0c0b0b0c1912130f141d1a1f1e1d1a1c1c20242e2720222c231c1c2837292c30313434341f27393d38323c2e333432ffdb0043010909090c0b0c180d0d1832211c213232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232ffc00011080001000103012200021101031101ffc4001f0000010501010101010100000000000000000102030405060708090a0bffc400b5100002010303020403050504040000017d01020300041105122131410613516107227114328191a1082342b1c11552d1f02433627282090a161718191a25262728292a3435363738393a434445464748494a535455565758595a636465666768696a737475767778797a838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae1e2e3e4e5e6e7e8e9eaf1f2f3f4f5f6f7f8f9faffc4001f0100030101010101010101010000000000000102030405060708090a0bffc400b51100020102040403040705040400010277000102031104052131061241510761711322328108144291a1b1c109233352f0156272d10a162434e125f11718191a262728292a35363738393a434445464748494a535455565758595a636465666768696a737475767778797a82838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae2e3e4e5e6e7e8e9eaf2f3f4f5f6f7f8f9faffda000c03010002110311003f00f7fa28a2803fffd93460dd26a7e4455764b727b06bcefe148ac72685
Requested by
Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.193.254.175 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-193-254-175.compute-1.amazonaws.com
Software
/
Resource Hash
0ecaf1ce9b0ffdc9b0c4d90c685ea025673e26adc0a2ce6c00cccd9ccba32227

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Fri, 25 Feb 2022 21:55:57 GMT
Access-Control-Allow-Methods
GET
Content-Type
text/plain; charset=utf-8
Access-Control-Allow-Origin
https://www.newsobserver.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Access-Control-Allow-Headers
*
Content-Length
138
a-01ec
i.liadm.com/s/c/ Frame 79C2 		1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://i.liadm.com/s/c/a-01ec?s=&cim=&ps=true&ls=true&duid=287830b26e9e--01fwse49xm2ypmpnw2wce6b8dv&ppid=0&euns=0&ci=0&version=sc-v0.2.0&nosync=false&monitorExternalSyncs=false&
Requested by
Host: b-code.liadm.com
URL: https://b-code.liadm.com/sync-container.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
107.22.240.229 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-107-22-240-229.compute-1.amazonaws.com
Software
/
Resource Hash
f1eeb08b8ac47851636c1d0d15d527b0e28487a7d1f471962ad0b191b848ca61
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/

Response headers

Cache-Control
private, no-cache, max-age=0
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Fri, 25 Feb 2022 21:55:57 GMT
ETag
1.61803398874
Strict-Transport-Security
max-age=31536000; includeSubDomains
Vary
Accept-Encoding
Content-Length
640
Connection
keep-alive
baker
sli.newsobserver.com/ Frame 7846 		0
311 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sli.newsobserver.com/baker?dtstmp=1645826157286
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:e000:3:c7cf:1100:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:55:57 GMT
via
1.1 6b8ac2d6d64dc42007741d312e2d73aa.cloudfront.net (CloudFront)
server
CloudFront
x-amz-cf-pop
FRA50-C1
x-cache
FunctionGeneratedResponse from cloudfront
content-type
image/gif
content-length
0
x-amz-cf-id
GS9cDN2V6N-U1NPoryfxbT7-TklBvElxM7DRK7bZMJAq6Sv7IzR0Hg==
SPug
simage4.pubmatic.com/AdServer/ Frame 0EBE 		0
260 B 		Script
General
Check archive.org
Download Go to
Full URL
https://simage4.pubmatic.com/AdServer/SPug?partnerID=159414&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=159414&s=&predirect=&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.81 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:55:57 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
singleupload
app.securiti.ai/privaci/v1/consent/cookie/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://app.securiti.ai/privaci/v1/consent/cookie/singleupload
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.240.106.223 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-44-240-106-223.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=315360000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
content-type,x-auth-token
Origin
https://www.newsobserver.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

date
Fri, 25 Feb 2022 21:55:57 GMT
content-length
0
access-control-allow-credentials
true
access-control-allow-headers
Origin,content-type,x-request-id,x-correlation-id,X-Xsrftoken,X-Auth-Token,X-User-Auth-Token,X-Tenant-Id,X-CMP-UUID,x-xsrf-token,X-DSP-USERID,X-CMP-DOMAIN-ID,X-CMP-FORM-ID,isotype
access-control-allow-origin
https://www.newsobserver.com
access-control-request-method
POST
content-security-policy
default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline';
strict-transport-security
max-age=315360000
x-content-type-options
nosniff
x-frame-options
DENY
x-xss-protection
1; mode=block
singleupload
app.securiti.ai/privaci/v1/consent/cookie/ 		67 B
377 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.securiti.ai/privaci/v1/consent/cookie/singleupload
Requested by
Host: cdn-prod.securiti.ai
URL: https://cdn-prod.securiti.ai/consent/cookie-consent-sdk.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.240.106.223 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-44-240-106-223.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
f1e25328be62ee5aca4777d33ecfbaf64a502f80dac2008bd7197e236cac8dc7
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=315360000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.newsobserver.com/
X-Auth-Token
ca301f2f-b047-4fd4-b267-18afa593da84
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-type
application/json

Response headers

date
Fri, 25 Feb 2022 21:55:57 GMT
x-content-type-options
nosniff
x-frame-options
DENY
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.newsobserver.com
content-security-policy
default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline';
strict-transport-security
max-age=315360000
content-length
67
x-xss-protection
1; mode=block
showads.
fundingchoicesmessages.google.com/f/AGSKWxVM4zDh_w_kxZ4K2IDh_wDcTVCrN3yTnFwhAoQOVxOlRI-XcmLVYxHi-ruCVgpz53ZnMBa-aUQXMrIO0s3d3Unw_W0dPEl0X_ds35tuCLft4IfoWSvAbaHOX3rsgh7slCDzyNx-xl-qUGIj8JvqBYXoHEeLG... 		54 B
107 B 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/f/AGSKWxVM4zDh_w_kxZ4K2IDh_wDcTVCrN3yTnFwhAoQOVxOlRI-XcmLVYxHi-ruCVgpz53ZnMBa-aUQXMrIO0s3d3Unw_W0dPEl0X_ds35tuCLft4IfoWSvAbaHOX3rsgh7slCDzyNx-xl-qUGIj8JvqBYXoHEeLGQQKu06nRTJzK2e5ISh4pacs_I9VnVOPTDZeNcdWpNY3y-f3Z-uXZ2xWQP3m8SAyrMwPTS_XdKgvAfOsOIw=/_/textadrotate./getsponslinksauto./adnetwork__300x160_/showads.
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingDetectionClientJs.de.cz4YzNLI3CA.es5.O/d=1/rs=AJlcJMxL1O4iNo49HkCttkMH9ZAbEteYBg/m=detection
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
d96fcf3f8a17811af2f621154319dc0867c76a66e0dde0e0c1287ffe062852f0
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-D0psib9vl/zAIs1VFIxGHg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-D0psib9vl/zAIs1VFIxGHg' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 25 Feb 2022 21:55:57 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
ESF
cross-origin-opener-policy
same-origin; report-to="ContributorGlobalRouterHttp"
x-frame-options
SAMEORIGIN
report-to
{"group":"ContributorGlobalRouterHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ContributorGlobalRouterHttp/external"}]}
content-type
application/javascript; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'report-sample' 'nonce-D0psib9vl/zAIs1VFIxGHg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-D0psib9vl/zAIs1VFIxGHg' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
expires
Mon, 01 Jan 1990 00:00:00 GMT
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 		153 KB
53 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?fcd=true
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingDetectionClientJs.de.cz4YzNLI3CA.es5.O/d=1/rs=AJlcJMxL1O4iNo49HkCttkMH9ZAbEteYBg/m=detection
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
cc1acaf97e4cb9f274d253d6cf45598a5bb3b5d435cc89b4b7074b64efa76225
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:55:57 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
53892
x-xss-protection
0
server
cafe
etag
16881416471945448740
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Fri, 25 Feb 2022 21:55:57 GMT
AGSKWxUQfik5rbGQ6tbr7LAIb_-CQAZFDsyrQ-Lnkb8KVGb-inAjlD5StT2ye4O6AxvR8qz7lfmAc9yEa6-EOhv-tKiByBzwHzbwctc39iW7VGow3OrC2PhHCRX85CDJAtrVcCQ2iD4QjdHIiSuVu4RxwCPKveGqQ56thd2izo8SCqvIe_hMCxdxVBh1pw==
fundingchoicesmessages.google.com/el/ 		0
25 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxUQfik5rbGQ6tbr7LAIb_-CQAZFDsyrQ-Lnkb8KVGb-inAjlD5StT2ye4O6AxvR8qz7lfmAc9yEa6-EOhv-tKiByBzwHzbwctc39iW7VGow3OrC2PhHCRX85CDJAtrVcCQ2iD4QjdHIiSuVu4RxwCPKveGqQ56thd2izo8SCqvIe_hMCxdxVBh1pw==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingDetectionClientJs.de.cz4YzNLI3CA.es5.O/d=1/rs=AJlcJMxL1O4iNo49HkCttkMH9ZAbEteYBg/m=detection
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-wimJ1QxJ0qoZ41T3Gv9vrw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-wimJ1QxJ0qoZ41T3Gv9vrw' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.newsobserver.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type
text/plain

Response headers

date
Fri, 25 Feb 2022 21:55:57 GMT
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
pragma
no-cache
server
ESF
cross-origin-opener-policy
same-origin
x-frame-options
SAMEORIGIN
access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
content-type
text/html; charset=utf-8
access-control-allow-origin
https://www.newsobserver.com
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
content-security-policy
script-src 'report-sample' 'nonce-wimJ1QxJ0qoZ41T3Gv9vrw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-wimJ1QxJ0qoZ41T3Gv9vrw' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
expires
Mon, 01 Jan 1990 00:00:00 GMT
AGSKWxUQfik5rbGQ6tbr7LAIb_-CQAZFDsyrQ-Lnkb8KVGb-inAjlD5StT2ye4O6AxvR8qz7lfmAc9yEa6-EOhv-tKiByBzwHzbwctc39iW7VGow3OrC2PhHCRX85CDJAtrVcCQ2iD4QjdHIiSuVu4RxwCPKveGqQ56thd2izo8SCqvIe_hMCxdxVBh1pw==
fundingchoicesmessages.google.com/el/ 		0
25 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxUQfik5rbGQ6tbr7LAIb_-CQAZFDsyrQ-Lnkb8KVGb-inAjlD5StT2ye4O6AxvR8qz7lfmAc9yEa6-EOhv-tKiByBzwHzbwctc39iW7VGow3OrC2PhHCRX85CDJAtrVcCQ2iD4QjdHIiSuVu4RxwCPKveGqQ56thd2izo8SCqvIe_hMCxdxVBh1pw==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingDetectionClientJs.de.cz4YzNLI3CA.es5.O/d=1/rs=AJlcJMxL1O4iNo49HkCttkMH9ZAbEteYBg/m=detection
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-IQBeb+XeiqnQg2QQ6b6nUw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-IQBeb+XeiqnQg2QQ6b6nUw' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.newsobserver.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type
text/plain

Response headers

date
Fri, 25 Feb 2022 21:55:57 GMT
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
pragma
no-cache
server
ESF
cross-origin-opener-policy
same-origin
x-frame-options
SAMEORIGIN
access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
content-type
text/html; charset=utf-8
access-control-allow-origin
https://www.newsobserver.com
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-IQBeb+XeiqnQg2QQ6b6nUw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-IQBeb+XeiqnQg2QQ6b6nUw' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
expires
Mon, 01 Jan 1990 00:00:00 GMT
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20220223/r20190131/ Frame A85C 		10 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20220223/r20190131/zrt_lookup.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?fcd=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0ce5fc08d0f617e71e1d61bcd79fc7cc1855f4221945b0c09ac774685fe7f52c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
vary
Accept-Encoding
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
4502
x-xss-protection
0
date
Fri, 25 Feb 2022 04:58:03 GMT
expires
Fri, 11 Mar 2022 04:58:03 GMT
cache-control
public, max-age=1209600
age
61074
etag
4044455266028820542
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
AGSKWxUQfik5rbGQ6tbr7LAIb_-CQAZFDsyrQ-Lnkb8KVGb-inAjlD5StT2ye4O6AxvR8qz7lfmAc9yEa6-EOhv-tKiByBzwHzbwctc39iW7VGow3OrC2PhHCRX85CDJAtrVcCQ2iD4QjdHIiSuVu4RxwCPKveGqQ56thd2izo8SCqvIe_hMCxdxVBh1pw==
fundingchoicesmessages.google.com/el/ 		0
25 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxUQfik5rbGQ6tbr7LAIb_-CQAZFDsyrQ-Lnkb8KVGb-inAjlD5StT2ye4O6AxvR8qz7lfmAc9yEa6-EOhv-tKiByBzwHzbwctc39iW7VGow3OrC2PhHCRX85CDJAtrVcCQ2iD4QjdHIiSuVu4RxwCPKveGqQ56thd2izo8SCqvIe_hMCxdxVBh1pw==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingDetectionClientJs.de.cz4YzNLI3CA.es5.O/d=1/rs=AJlcJMxL1O4iNo49HkCttkMH9ZAbEteYBg/m=detection
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-GB2+dH8mq5OBxPPBcBW/iA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-GB2+dH8mq5OBxPPBcBW/iA' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.newsobserver.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type
text/plain

Response headers

date
Fri, 25 Feb 2022 21:55:57 GMT
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
pragma
no-cache
server
ESF
cross-origin-opener-policy
same-origin
x-frame-options
SAMEORIGIN
access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
content-type
text/html; charset=utf-8
access-control-allow-origin
https://www.newsobserver.com
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-GB2+dH8mq5OBxPPBcBW/iA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-GB2+dH8mq5OBxPPBcBW/iA' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
expires
Mon, 01 Jan 1990 00:00:00 GMT
AGSKWxXCoGQE34r8gGJkEsmWuxLYZHTLl5ooRjGZ7FE3A5DN31h9XaW3sFlqeruoz7bbzKr7tVQvUfozm_rP-iOoFTx8Ha506BxRg-jRNnhuLCHYqs-oVlcaBjocP3Wr9WirASE2UwOFmpxh-wC7awdKGJuQjVlmMiMJze7-ygPumZF4ZzUD2GPHgQg79Q==
fundingchoicesmessages.google.com/f/ 		38 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/f/AGSKWxXCoGQE34r8gGJkEsmWuxLYZHTLl5ooRjGZ7FE3A5DN31h9XaW3sFlqeruoz7bbzKr7tVQvUfozm_rP-iOoFTx8Ha506BxRg-jRNnhuLCHYqs-oVlcaBjocP3Wr9WirASE2UwOFmpxh-wC7awdKGJuQjVlmMiMJze7-ygPumZF4ZzUD2GPHgQg79Q==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNjQ1ODI2MTU3LDQ2NzAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsNl0sbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLDEsMSxudWxsLG51bGwsMV0sImh0dHBzOi8vd3d3Lm5ld3NvYnNlcnZlci5jb20vbmV3cy9idXNpbmVzcy9hcnRpY2xlMjU3OTIxNzQzLmh0bWwiLG51bGwsW11d
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingDetectionClientJs.de.cz4YzNLI3CA.es5.O/d=1/rs=AJlcJMxL1O4iNo49HkCttkMH9ZAbEteYBg/m=detection
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e1a96050ca42b7f7fc93dfd8eb3f8ba2daa6db76030a07459f09756b4e5b81a8
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-wm1OnUNzh3xJ2AeTWwj8Cg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-wm1OnUNzh3xJ2AeTWwj8Cg' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 25 Feb 2022 21:55:57 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
ESF
cross-origin-opener-policy
same-origin; report-to="ContributorGlobalRouterHttp"
x-frame-options
SAMEORIGIN
report-to
{"group":"ContributorGlobalRouterHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ContributorGlobalRouterHttp/external"}]}
content-type
application/javascript; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'report-sample' 'nonce-wm1OnUNzh3xJ2AeTWwj8Cg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-wm1OnUNzh3xJ2AeTWwj8Cg' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
expires
Mon, 01 Jan 1990 00:00:00 GMT
AGSKWxUQfik5rbGQ6tbr7LAIb_-CQAZFDsyrQ-Lnkb8KVGb-inAjlD5StT2ye4O6AxvR8qz7lfmAc9yEa6-EOhv-tKiByBzwHzbwctc39iW7VGow3OrC2PhHCRX85CDJAtrVcCQ2iD4QjdHIiSuVu4RxwCPKveGqQ56thd2izo8SCqvIe_hMCxdxVBh1pw==
fundingchoicesmessages.google.com/el/ 		0
26 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxUQfik5rbGQ6tbr7LAIb_-CQAZFDsyrQ-Lnkb8KVGb-inAjlD5StT2ye4O6AxvR8qz7lfmAc9yEa6-EOhv-tKiByBzwHzbwctc39iW7VGow3OrC2PhHCRX85CDJAtrVcCQ2iD4QjdHIiSuVu4RxwCPKveGqQ56thd2izo8SCqvIe_hMCxdxVBh1pw==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingDetectionClientJs.de.cz4YzNLI3CA.es5.O/d=1/rs=AJlcJMxL1O4iNo49HkCttkMH9ZAbEteYBg/m=detection
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-b8PBeRml9Ro8o0pxJ0irKQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-b8PBeRml9Ro8o0pxJ0irKQ' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.newsobserver.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type
text/plain

Response headers

date
Fri, 25 Feb 2022 21:55:57 GMT
access-control-allow-methods
POST, GET, OPTIONS
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
pragma
no-cache
server
ESF
cross-origin-opener-policy
same-origin; report-to="ContributorLoggingHttp"
x-frame-options
SAMEORIGIN
access-control-max-age
86400
report-to
{"group":"ContributorLoggingHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ContributorLoggingHttp/external"}]}
content-type
text/html; charset=utf-8
access-control-allow-origin
https://www.newsobserver.com
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-b8PBeRml9Ro8o0pxJ0irKQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-b8PBeRml9Ro8o0pxJ0irKQ' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
expires
Mon, 01 Jan 1990 00:00:00 GMT
pushly-sdk.min.css
cdn.p-n.io/ 		27 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.p-n.io/pushly-sdk.min.css?domain_key=VPoS70NkYCOk7Pck6gcFbSYfj8ni8X2OFRU1
Requested by
Host: cdn.p-n.io
URL: https://cdn.p-n.io/pushly-sdk.min.js?domain_key=VPoS70NkYCOk7Pck6gcFbSYfj8ni8X2OFRU1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.59 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-59.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d7471e3df1ba49ecc8acc2dc6d8c4c3619f1a8e094050bdb2432c1cb2548468d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 03:10:08 GMT
content-encoding
gzip
last-modified
Tue, 15 Feb 2022 17:01:29 GMT
server
AmazonS3
age
67550
etag
W/"f3cd76bbdf477b890d940ce319bd1d16"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/css
via
1.1 ea2e21f6a5c3ec2f96b0dac1b769e00e.cloudfront.net (CloudFront)
cache-control
max-age=86400
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
XDEoRyinJ095TOXIFoLpK3taD-q3OP63Jp7pHVYhe4y4FqOtdaInjw==
gen_204
pagead2.googlesyndication.com/pagead/ 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022022401&jk=1613147592311906&bg=!5-Sl5KDNAAas2QJZrNk7ACkAdvg8WqQO_uHT3NQmIorD2unV4hLGOu_P7J6YRlxOs1vW4YkHChSJqAIAAACDUgAAAANoAQcKAA6xQNuSGHrfaq7nd2I8spkC6Br8tbp48HXXfEZW8TE73NSKQOa3XavJBIc9Hvgak2tIhmaKlmC8Pe0y2u8s7-NEBcAZ3yevvD8BJwqOiTiIMskI2XUB8paUAKb7diGgtrj79lO54lK9SzlGUGH9Eb6pB_DB_JUx4ZchZN-gMUzBVrtQ2gdpBw_DQ2TYqbjXTG1gdOKR65QgTaHSWxXKYBYatWIuj2JOL0JT4-CO4jPJFyXJ7PY5GUI1bhQ0K6JuxkJxWS87Q9eR9Zxjnu-GxsNkwSHQFjIdp_Tz9Y0mQIX0jgBI_lY7zLAn86UuOTwnD7qFUQ8P3MqPNGvnT0fjZcMyNt68YIVnuy_IN-WxEzL1ZKtUU_NlLQbYzmrcNQRDb5ihxlVGkhGe8GsZXMJwOdDuzQekWHG9zvJLk3RAVdOvCEZdvfJUxw69Cb3FWTdtiRctyr74clOh_3sQFy_nMaL4DjTfuHLOyJm238VkrqaQQD4sKx15C3t8jhnH432gqQhgKbUg23UBnK-wCSwj9iqkhrt9GbFa8OILZ2sjZ9qlQB1GhbQDCT1ZTlvpNYmc-XObI78W-VlFJtR9oTQmHdUrRhKYtII_Ww2aBtVBTpeKQ5INbD2p6HRfdCykw6pGSYgJA5fV4MN7UOd57jV6L9NWulK8s-4jkZIjFZ2bvOvC0N0yrgKDvooJ_4j_CDyPwucowLtuJQsRVUJt5XkfYliyYSPdKr59elTY0evZwKCDKby-_Fqb1VYYZoPO3_-5zijbh9kPiTDa0cfIaNqHVCLILuh43Q_WSkp-lAqfjrfiZ2ly5D_AVUbl81GkLSDb_6rp5Y7yt8vqZOetbpdroWH7YqY81VWa0Swv6ZeIISfBLwDFjRsUCvWsZSgG5V8KfHoZb36vf232R96ZR5kwv5diJ8DApuls52M8-8h4TDmptJgVjvP7d3td4h9_W3PGrI5hTHko_bJsy8g2sAshV4nDaAKce1pDEVGK7QAzX2WWyKqh4faKLik6yQ
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 25 Feb 2022 21:55:57 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
AGSKWxXqJ8fjXo5RcZJeI1LjwJ0BydivE3C_NjabubzALcMZYiVZ93HFbkoevA8gPIltsDS_hYsdT0pYRAZHkR72Vcj2IRC5zpbpLMhD76yev8hRl4fXqGtMKZdTZ2Iqbi-FwK-wd7bLMWxWlHedTxqJinNK4pQcRXybxl2eTP8ZUVKqjv-i81onVlHEgQ==
fundingchoicesmessages.google.com/el/ 		0
26 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxXqJ8fjXo5RcZJeI1LjwJ0BydivE3C_NjabubzALcMZYiVZ93HFbkoevA8gPIltsDS_hYsdT0pYRAZHkR72Vcj2IRC5zpbpLMhD76yev8hRl4fXqGtMKZdTZ2Iqbi-FwK-wd7bLMWxWlHedTxqJinNK4pQcRXybxl2eTP8ZUVKqjv-i81onVlHEgQ==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingCookieRefreshClientJs.de.ZY9L_Hkyn1k.es5.O/d=1/rs=AJlcJMyvQjtR0E06i2VvX5Ss3FNNEHsDZg/m=cookie_refresh
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-MO08ImluACIuqK5ZR4NVBw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-MO08ImluACIuqK5ZR4NVBw' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.newsobserver.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type
text/plain

Response headers

date
Fri, 25 Feb 2022 21:55:57 GMT
access-control-allow-methods
POST, GET, OPTIONS
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
pragma
no-cache
server
ESF
cross-origin-opener-policy
same-origin; report-to="ContributorLoggingHttp"
x-frame-options
SAMEORIGIN
access-control-max-age
86400
report-to
{"group":"ContributorLoggingHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ContributorLoggingHttp/external"}]}
content-type
text/html; charset=utf-8
access-control-allow-origin
https://www.newsobserver.com
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-MO08ImluACIuqK5ZR4NVBw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-MO08ImluACIuqK5ZR4NVBw' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
expires
Mon, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame E84F 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssgtXiSR0YccJn9-JcZ7TzzxCLJaHUOXeOfyqRmHZv6RQxRFlFUMN2v_cFU-3QQV2GFjIu7N3v6rAGNjW5SS5ytf0XWYzqROIUtMBmeDZyu4UM5wsHu&sig=Cg0ArKJSzPqNHitcp9--EAE&id=lidar2&mcvt=1004&p=68,436,158,1164&mtos=1004,1004,1004,1004,1004&tos=1004,0,0,0,0&v=20220223&bin=7&avms=nio&bs=1600,1200&mc=1&app=0&itpl=3&adk=1545193452&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0%3D&vs=4&r=v&rst=1645826156301&rpt=216&isd=0&lsd=0&met=mue&wmsd=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 25 Feb 2022 21:55:57 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
envelope
api.rlcdn.com/api/identity/ 		44 B
110 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.rlcdn.com/api/identity/envelope?pid=1405
Requested by
Host: mcclatchy-newsobserver.zeustechnology.com
URL: https://mcclatchy-newsobserver.zeustechnology.com/main.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.133.55 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
55.133.120.34.bc.googleusercontent.com
Software
/
Resource Hash
da45962a1fb4a049c9367ebe9b1b628f071d7a4c9997ee807c01d23f4866e19c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:55:57 GMT
via
1.1 google
x-content-type-options
nosniff
access-control-allow-headers
Accept, Authorization, Content-Type, Cookie, Origin, X-Requested-With
access-control-allow-methods
GET, OPTIONS
content-type
text/plain; charset=utf-8
access-control-allow-origin
https://www.newsobserver.com
access-control-allow-credentials
true
alt-svc
clear
content-length
44
e53e8d344b4c41cba3f833f208f5204c
i.liadm.com/s/e/a-01ec/0/ Frame 79C2
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=36&redir=https%3A%2F%2Fi.liadm.com%2Fs%2Fe%2Fa-01ec%2F0%2Fe53e8d344b4c41cba3f833f208f5204c%3Fmpid%3D7156%26muid%3D%5BMM_UUID%5D&eaa3bd13-0944-445e-bbf7-f32...
  • https://i.liadm.com/s/e/a-01ec/0/e53e8d344b4c41cba3f833f208f5204c?mpid=7156&muid=9e936219-506a-4300-b40d-5f858cd535a5
43 B
257 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.liadm.com/s/e/a-01ec/0/e53e8d344b4c41cba3f833f208f5204c?mpid=7156&muid=9e936219-506a-4300-b40d-5f858cd535a5
Requested by
Host: i.liadm.com
URL: https://i.liadm.com/s/c/a-01ec?s=&cim=&ps=true&ls=true&duid=287830b26e9e--01fwse49xm2ypmpnw2wce6b8dv&ppid=0&euns=0&ci=0&version=sc-v0.2.0&nosync=false&monitorExternalSyncs=false&
Protocol
HTTP/1.1
Server
107.22.240.229 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-107-22-240-229.compute-1.amazonaws.com
Software
/
Resource Hash
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://i.liadm.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Fri, 25 Feb 2022 21:55:57 GMT
Cache-Control
no-store
Connection
keep-alive
Content-Length
43
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
image/gif

Redirect headers

Date
Fri, 25 Feb 2022 21:55:57 GMT
Server
MT3 4172 645ee8c master zrh-pixel-x13 config:1.0.0
Access-Control-Allow-Origin
*
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://i.liadm.com/s/e/a-01ec/0/e53e8d344b4c41cba3f833f208f5204c?mpid=7156&muid=9e936219-506a-4300-b40d-5f858cd535a5
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Fri, 25 Feb 2022 21:55:56 GMT
35759
i6.liadm.com/s/ Frame 79C2
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=liveintent&ttd_tpi=1
  • https://i.liadm.com/s/35759?bidder_id=44489&bidder_uuid=78b4844b-aae7-4c34-9feb-c3730bce9346
  • https://i6.liadm.com/s/35759?bidder_id=44489&bidder_uuid=78b4844b-aae7-4c34-9feb-c3730bce9346
43 B
419 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i6.liadm.com/s/35759?bidder_id=44489&bidder_uuid=78b4844b-aae7-4c34-9feb-c3730bce9346
Requested by
Host: i.liadm.com
URL: https://i.liadm.com/s/c/a-01ec?s=&cim=&ps=true&ls=true&duid=287830b26e9e--01fwse49xm2ypmpnw2wce6b8dv&ppid=0&euns=0&ci=0&version=sc-v0.2.0&nosync=false&monitorExternalSyncs=false&
Protocol
HTTP/1.1
Server
2600:1f18:444a:4680:469d:1ee7:c700:42a5 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://i.liadm.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Fri, 25 Feb 2022 21:55:58 GMT
Cache-Control
no-store
Connection
keep-alive
Content-Length
43
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
image/gif

Redirect headers

Location
https://i6.liadm.com/s/35759?bidder_id=44489&bidder_uuid=78b4844b-aae7-4c34-9feb-c3730bce9346
Date
Fri, 25 Feb 2022 21:55:57 GMT
Connection
keep-alive
Content-Length
0
Strict-Transport-Security
max-age=31536000; includeSubDomains
e53e8d344b4c41cba3f833f208f5204c
i.liadm.com/s/e/a-01ec/0/ Frame 79C2
Redirect Chain
  • https://dpm.demdex.net/ibs:dpid=127444&dpuuid=eaa3bd13-0944-445e-bbf7-f32202ef208a&redir=https%3A%2F%2Fi.liadm.com%2Fs%2Fe%2Fa-01ec%2F0%2Fe53e8d344b4c41cba3f833f208f5204c%3Fmpid%3D82775%26muid%3D%2...
  • https://i.liadm.com/s/e/a-01ec/0/e53e8d344b4c41cba3f833f208f5204c?mpid=82775&muid=02038028050926991432813041325413651902
43 B
257 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.liadm.com/s/e/a-01ec/0/e53e8d344b4c41cba3f833f208f5204c?mpid=82775&muid=02038028050926991432813041325413651902
Requested by
Host: i.liadm.com
URL: https://i.liadm.com/s/c/a-01ec?s=&cim=&ps=true&ls=true&duid=287830b26e9e--01fwse49xm2ypmpnw2wce6b8dv&ppid=0&euns=0&ci=0&version=sc-v0.2.0&nosync=false&monitorExternalSyncs=false&
Protocol
HTTP/1.1
Server
107.22.240.229 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-107-22-240-229.compute-1.amazonaws.com
Software
/
Resource Hash
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://i.liadm.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Fri, 25 Feb 2022 21:55:57 GMT
Cache-Control
no-store
Connection
keep-alive
Content-Length
43
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
image/gif

Redirect headers

DCS
dcs-prod-irl1-2-v028-0cd7a732c.edge-irl1.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-TID
ejMDkPZNRlk=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location
https://i.liadm.com/s/e/a-01ec/0/e53e8d344b4c41cba3f833f208f5204c?mpid=82775&muid=02038028050926991432813041325413651902
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 UTC
live_intent_sync
x.dlx.addthis.com/e/ Frame 79C2
Redirect Chain
  • https://x.dlx.addthis.com/e/live_intent_sync?na_exid=eaa3bd13-0944-445e-bbf7-f32202ef208a
  • https://x.dlx.addthis.com/e/live_intent_sync?na_exid=eaa3bd13-0944-445e-bbf7-f32202ef208a&rd=Y
43 B
603 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://x.dlx.addthis.com/e/live_intent_sync?na_exid=eaa3bd13-0944-445e-bbf7-f32202ef208a&rd=Y
Requested by
Host: i.liadm.com
URL: https://i.liadm.com/s/c/a-01ec?s=&cim=&ps=true&ls=true&duid=287830b26e9e--01fwse49xm2ypmpnw2wce6b8dv&ppid=0&euns=0&ci=0&version=sc-v0.2.0&nosync=false&monitorExternalSyncs=false&
Protocol
H2
Server
104.111.215.191 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-215-191.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=2628000

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://i.liadm.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 25 Feb 2022 21:55:58 GMT
cache-control
max-age=0, no-cache, no-store
expires
Fri, 25 Feb 2022 21:55:58 GMT
content-length
43
strict-transport-security
max-age=2628000
content-type
image/gif

Redirect headers

location
https://x.dlx.addthis.com/e/live_intent_sync?na_exid=eaa3bd13-0944-445e-bbf7-f32202ef208a&rd=Y
pragma
no-cache
date
Fri, 25 Feb 2022 21:55:58 GMT
cache-control
max-age=0, no-cache, no-store
content-length
0
strict-transport-security
max-age=2628000
expires
Fri, 25 Feb 2022 21:55:58 GMT
52176
i6.liadm.com/s/ Frame 79C2
Redirect Chain
  • https://x.bidswitch.net/syncd?dsp_id=256&user_group=2&user_id=eaa3bd13-0944-445e-bbf7-f32202ef208a&redir=%2F%2Fi.liadm.com%2Fs%2F52176%3Fbidder_id%3D5298%26bidder_uuid%3D%24%7BBSW_UID%7D
  • https://i.liadm.com/s/52176?bidder_id=5298&bidder_uuid=a72f5e15-275d-4ac5-badb-c26004de2a3e
  • https://i6.liadm.com/s/52176?bidder_id=5298&bidder_uuid=a72f5e15-275d-4ac5-badb-c26004de2a3e
43 B
419 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i6.liadm.com/s/52176?bidder_id=5298&bidder_uuid=a72f5e15-275d-4ac5-badb-c26004de2a3e
Requested by
Host: i.liadm.com
URL: https://i.liadm.com/s/c/a-01ec?s=&cim=&ps=true&ls=true&duid=287830b26e9e--01fwse49xm2ypmpnw2wce6b8dv&ppid=0&euns=0&ci=0&version=sc-v0.2.0&nosync=false&monitorExternalSyncs=false&
Protocol
HTTP/1.1
Server
2600:1f18:444a:4680:469d:1ee7:c700:42a5 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://i.liadm.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Fri, 25 Feb 2022 21:55:58 GMT
Cache-Control
no-store
Connection
keep-alive
Content-Length
43
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
image/gif

Redirect headers

Location
https://i6.liadm.com/s/52176?bidder_id=5298&bidder_uuid=a72f5e15-275d-4ac5-badb-c26004de2a3e
Date
Fri, 25 Feb 2022 21:55:57 GMT
Connection
keep-alive
Content-Length
0
Strict-Transport-Security
max-age=31536000; includeSubDomains
52164
i6.liadm.com/s/ Frame 79C2
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=liveintent&user_id=eaa3bd13-0944-445e-bbf7-f32202ef208a
  • https://c1.adform.net/serving/cookie/match/?party=24&bidswitch_ssp_id=liveintent
  • https://x.bidswitch.net/sync?dsp_id=70&user_id=2185369571982332337&ssp=liveintent
  • https://i.liadm.com/s/52164?bidder_id=5298&licd=&bidder_uuid=a72f5e15-275d-4ac5-badb-c26004de2a3e
  • https://i6.liadm.com/s/52164?bidder_id=5298&licd=&bidder_uuid=a72f5e15-275d-4ac5-badb-c26004de2a3e
43 B
419 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i6.liadm.com/s/52164?bidder_id=5298&licd=&bidder_uuid=a72f5e15-275d-4ac5-badb-c26004de2a3e
Requested by
Host: i.liadm.com
URL: https://i.liadm.com/s/c/a-01ec?s=&cim=&ps=true&ls=true&duid=287830b26e9e--01fwse49xm2ypmpnw2wce6b8dv&ppid=0&euns=0&ci=0&version=sc-v0.2.0&nosync=false&monitorExternalSyncs=false&
Protocol
HTTP/1.1
Server
2600:1f18:444a:4680:469d:1ee7:c700:42a5 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://i.liadm.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Fri, 25 Feb 2022 21:55:58 GMT
Cache-Control
no-store
Connection
keep-alive
Content-Length
43
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
image/gif

Redirect headers

Location
https://i6.liadm.com/s/52164?bidder_id=5298&licd=&bidder_uuid=a72f5e15-275d-4ac5-badb-c26004de2a3e
Date
Fri, 25 Feb 2022 21:55:57 GMT
Connection
keep-alive
Content-Length
0
Strict-Transport-Security
max-age=31536000; includeSubDomains
/
trc.taboola.com/sg/liveintent/1/cm/ Frame 79C2 		43 B
233 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://trc.taboola.com/sg/liveintent/1/cm/
Requested by
Host: i.liadm.com
URL: https://i.liadm.com/s/c/a-01ec?s=&cim=&ps=true&ls=true&duid=287830b26e9e--01fwse49xm2ypmpnw2wce6b8dv&ppid=0&euns=0&ci=0&version=sc-v0.2.0&nosync=false&monitorExternalSyncs=false&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::300 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
0d9762a1a60deef8aa093c473ad27c38eed77184d6940e7df06d89d77cbd3e94

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://i.liadm.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-vcl-time-ms
38
pragma
no-cache
date
Fri, 25 Feb 2022 21:55:58 GMT
via
1.1 varnish
server
nginx
x-timer
S1645826158.468684,VS0,VE38
x-served-by
cache-icn1450054-ICN
x-cache
MISS
cache-control
no-cache, no-store
accept-ranges
bytes
x-cache-hits
0
tracking-event
api.webgains.io/ Frame F973 		16 B
232 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.webgains.io/tracking-event
Requested by
Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.72.0.164 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-72-0-164.eu-west-1.compute.amazonaws.com
Software
nginx / PHP/7.4.25
Resource Hash
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.newsobserver.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type
application/json

Response headers

date
Fri, 25 Feb 2022 21:55:58 GMT
x-content-type-options
nosniff
server
nginx
x-powered-by
PHP/7.4.25
x-frame-options
SAMEORIGIN
content-type
application/json
access-control-allow-origin
*
cache-control
no-cache, private
x-xss-protection
1; mode=block
tracking-event
api.webgains.io/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.webgains.io/tracking-event
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.72.0.164 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-72-0-164.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
content-type
Origin
https://www.newsobserver.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

date
Fri, 25 Feb 2022 21:55:57 GMT
server
nginx
access-control-allow-origin
*
access-control-allow-headers
Content-Type
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS
/
www.facebook.com/tr/ Frame 2CC3 		44 B
91 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=1081709588515684&ev=Microdata&dl=https%3A%2F%2Fwww.newsobserver.com%2Fnews%2Fbusiness%2Farticle257921743.html%3Futm_medium%3Demail%26amp&rl=&if=true&ts=1645826158247&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22Facebook%20Pixel%22%7D&cd[OpenGraph]=%7B%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.52&r=stable&ec=2&o=30&fbp=fb.1.1645826156743.1250820515&it=1645826156436&coo=false&es=automatic&tm=3&exp=p1&rqm=GET
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.newsobserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 21:55:58 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
content-length
44
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority
u=3,i
expires
Fri, 25 Feb 2022 21:55:58 GMT
event-stream
k.p-n.io/ 		0
126 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://k.p-n.io/event-stream
Requested by
Host: cdn.p-n.io
URL: https://cdn.p-n.io/pushly-sdk.min.js?domain_key=VPoS70NkYCOk7Pck6gcFbSYfj8ni8X2OFRU1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.59.187.13 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.newsobserver.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
*
date
Fri, 25 Feb 2022 21:56:01 GMT
access-control-allow-headers
*
access-control-max-age
600
access-control-allow-methods
*
event-stream
k.p-n.io/ 		0
125 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://k.p-n.io/event-stream
Requested by
Host: cdn.p-n.io
URL: https://cdn.p-n.io/pushly-sdk.min.js?domain_key=VPoS70NkYCOk7Pck6gcFbSYfj8ni8X2OFRU1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.59.187.13 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.newsobserver.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
*
date
Fri, 25 Feb 2022 21:56:01 GMT
access-control-allow-headers
*
access-control-max-age
600
access-control-allow-methods
*

Verdicts & Comments Add Verdict or Comment

294 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 object| 11 object| 12 object| 13 object| 14 object| 15 object| 16 object| 17 object| 18 object| 19 object| 20 object| 21 object| 22 object| 23 object| 24 object| 25 function| structuredClone object| pageInfo object| mistats object| yozonsWebpackJsonp object| regeneratorRuntime object| mi object| Util function| $ function| jQuery function| miAppControler function| checkUserSubscribed function| renewSession boolean| getSubscribedFlag boolean| dfpOnPageWrapEnabled function| generateGuid function| getGuid function| callbackCaptcha string| bazadebezolkohpepadr string| userIconSignedOut string| userIconSignedIn string| popoutContainer string| label undefined| userName object| FB object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client object| mediaRule object| googletag object| zeusKeyvalues string| zeusAdUnitPath object| zeus object| recaptcha object| currentScript number| __TRINITY_TAG_TIME__ object| TRINITY_PLAYER object| WFClientTypeDef object| imageSizes function| processBackUpName function| updateProgress function| disableNewDownload function| downloadFile function| setUpNewDownload function| downloadPagesUrl object| subnavSection object| masthead object| $articles number| artToShow function| changePage number| relatedSeriesLength object| mia11y object| wpJsonpWPS function| setImmediate function| clearImmediate object| vttjs function| WebVTT object| scrollMonitor function| videojs object| mediaGallery object| mediaGalleryActions string| urhehlevkedkilrobacf object| Scroll object| oDv object| oVa object| confiant object| headertag function| cnxps object| criteo_syncframe_state object| criteo_pubtag object| criteo_pubtag_119 object| Criteo object| Criteo_119 object| PubMaticSync object| ggeac object| google_js_reporting_queue object| PARSELY boolean| apstagLOADED object| googlefc object| _matherq object| _prx function| __475an521in8a__ boolean| creativeVendorLibraryLoaded string| p1836623806 number| p1836623807 function| p1836623825 function| oConvTrackURL_ function| p1836623808 function| p1836623804 function| p1836623802 function| p1836623814 function| p1836623811 function| p1836623809 function| p1836623785 function| p1836623790 function| p1836623776 function| p1836623775 function| p1836623773 function| p1836623766 function| oEnableNullChecklistener_ function| p1836623818 function| p1836623757 function| oPageUnload function| p1836623686 function| p1836623691 function| p1836623810 number| p1836623676 string| p1836623677 object| p1836623678 object| p1836623679 boolean| p1836623680 number| p1836623682 number| p1836623683 object| p1836623704 string| p1836623746 number| p1836623687 object| p1836623754 string| p1836623722 string| p1836623723 object| p1836623760 number| p1836623761 boolean| p1836623765 number| p1836623767 boolean| p1836623769 boolean| p1836623819 boolean| p1836623794 boolean| p1836623821 boolean| oObserverChanges_ boolean| p1836623820 boolean| p1836623822 boolean| oAudienceListenerEnabled_ object| p1836623771 string| oDevice string| oParentHostname_ string| oParentPathname_ boolean| p1836623772 boolean| p1836623774 number| p1836623789 boolean| p1836623791 number| p1836623792 object| p1836623781 object| oAdSlots_ object| otkjs boolean| p1836623812 boolean| p1836623813 object| optimeraInsights string| p1836623823 object| oTrackSlots_ string| p1836623731 function| p1836623684 string| p1836623685 boolean| p1836623753 boolean| p1836623733 object| p1836623732 string| p1836623751 number| p1836623735 object| opbjs object| oaudLibjs object| ovpjs number| p1836623734 object| ats boolean| google_measure_js_timing object| _google_rum_ns_ object| google_persistent_state_async number| google_global_correlator number| google_srt function| mb function| Goog_AdSense_Lidar_sendVastEvent function| Goog_AdSense_Lidar_getViewability function| Goog_AdSense_Lidar_getUrlSignalsArray function| Goog_AdSense_Lidar_getUrlSignalsList object| module$contents$ima$CompanionAdSelectionSettings_CompanionAdSelectionSettings object| ima object| module$contents$ima$AdsRenderingSettings_AdsRenderingSettings object| module$contents$ima$AdCuePoints_AdCuePoints object| module$contents$ima$AdError_AdError object| module$contents$ima$AdErrorEvent_AdErrorEvent object| module$contents$ima$AdEvent_AdEvent object| module$contents$ima$AdsManagerLoadedEvent_AdsManagerLoadedEvent object| google function| _typeof undefined| nQuery number| ntvLoadStart object| ntv object| prdom object| onFocusEvents function| ntvjQueryInit function| ntvExtends function| ntvAppendStylesheet function| ntvAppendScript function| ntvArticleTracker function| ntvGetElementViewability function| ntvViewableImpressionTracker object| PostRelease object| ntvToutAds boolean| onFocus number| p1836623688 string| oUrl_ object| _mather object| default_ContributorServingResponseClientJs object| __googlefc string| __fcInvoked string| N2RmNzZhMTZhYmZjYWIxOGxvYWRlcl9qcw== string| N2RmNzZhMTZhYmZjYWIxOGNhY2hlZF9qcw== string| __fcexpdef object| __fcInternalApiManager boolean| __fcInternalApiPostMessageReady object| pbjs object| cnx_usr_storage number| oIndex4_ number| p1836623703 object| default_ContributorServingDetectionClientJs function| __45zy51t9ik3m__ object| google_image_requests object| googleToken object| googleIMState function| processGoogleToken number| google_unique_id object| gaGlobal function| confiantDfpWrap object| PushlySDK object| GoogleGcLKhOms function| _toConsumableArray function| _nonIterableSpread function| _unsupportedIterableToArray function| _iterableToArray function| _arrayWithoutHoles function| _arrayLikeToArray undefined| proto object| TCFUtils undefined| ariaTabsGeneration function| ownKeys function| _objectSpread function| _defineProperty object| bannerConfigUtils function| _slicedToArray function| _nonIterableRest function| _iterableToArrayLimit function| _arrayWithHoles function| asyncGeneratorStep function| _asyncToGenerator object| bannerGenerator object| commonConstants object| commonUtils object| consentBannerUtils object| consentTuningUtils object| getterUtils function| initCmp object| preferenceCenterGeneration object| runtime function| ARIAtabs object| cookieconsent function| setConsentBannerParams function| showConsentPreferencesPopup function| overrideThemeMatching number| lnt_z boolean| 71bfdee9-4ca1-454a-89a6-58a2327873c8 number| _swclk_ number| _swsts_ object| google_logging_queue number| tmod object| google_ad_modifications object| google_reactive_ads_global_state boolean| _gfp_a_ object| adsbygoogle string| google_user_agent_client_hint object| default_ContributorServingCookieRefreshClientJs function| __8v31i8woen1z__

97 Cookies

Domain/Path Name / Value
www.newsobserver.com/news/business Name: _liChk
Value: 0.33803895278293195
.3lift.com/sync Name: sync
Value: CgoIgQIQz82Il_MvCgoI4gEQz82Il_MvCgoI5gEQz82Il_MvCgoIhwIQz82Il_MvCgkICRDPzYiX8y8KCQg6EM_NiJfzLwoJCAsQz82Il_MvCgoIjAIQz82Il_MvCgoIngIQz82Il_MvCgkIXxDPzYiX8y8=
.mrtnsvr.com/sync Name: userId
Value: 0y8xa1ufp
i.liadm.com/s Name: _li_ss
Value: MgUIBhDWETIFCAoQ1hEyBQh-ENURMgYIiwEQ1hEyBQgLENYRMgUIDBDWETIFCHkQ1REyCQj_____BxDWEQ
.demdex.net/ Name: demdex
Value: 02038028050926991432813041325413651902
.doubleclick.net/ Name: IDE
Value: AHWqTUlPOpZyl4pdMQnwtqjPEtSmNwSFMioYf1J5wum5gbLuOe2DmeuvKauUYTo2UD8
.everesttech.net/ Name: everest_g_v2
Value: g_surferid~YhlQagAI-EGsGQBH
.dpm.demdex.net/ Name: dpm
Value: 02038028050926991432813041325413651902
.adsrvr.org/ Name: TDID
Value: 78b4844b-aae7-4c34-9feb-c3730bce9346
.spotxchange.com/ Name: audience
Value: b4d79880-9685-11ec-9563-1626150c0406
.pubmatic.com/ Name: KADUSERCOOKIE
Value: 5BEBE1D3-4BAF-44DC-B4D6-4F3B1B462FEE
.pubmatic.com/ Name: chkChromeAb67Sec
Value: 1
.pubmatic.com/ Name: pi
Value: 159414:2
.pubmatic.com/ Name: DPSync3
Value: 1646956800%3A201_197_219%7C1645833600%3A174
.pubmatic.com/ Name: SyncRTB3
Value: 1647043200%3A35%7C1646956800%3A220_21_56_7_3_13_54_161%7C1648339200%3A203
trinitymedia.ai/ Name: AWSALBCORS
Value: enL8EPKSdVNAU5RK18+ZVGcX0dEC4KqizLS7Gro/z1b0OG2ey9+Kcohue/ZnWZQjsGUmW23B/FMWWRBqgEHf6Y3L0c/8cFrOd3hj+gZKUb6t+aqHo/6GKQhpugx5
.trinitymedia.ai/ Name: AUID
Value: c3cd285a-ee86-4d7d-a658-4f3e0718328a
.scorecardresearch.com/ Name: UID
Value: 114c9e0ae26b1268ffd6e211645826155
.newsobserver.com/ Name: _sp_uid
Value: Unregistered
.newsobserver.com/ Name: _sp_ses.1b7f
Value: *
.newsobserver.com/ Name: adcloud
Value: {%22_les_v%22:%22y%2Cnewsobserver.com%2C1645827955%22}
.adnxs.com/ Name: uuid2
Value: 6288090308618684967
.liadm.com/ Name: lidid
Value: eaa3bd13-0944-445e-bbf7-f32202ef208a
.adform.net/ Name: C
Value: 1
.simpli.fi/ Name: suid
Value: AC8B584E87944C34A51E7116F6BAC845
.mathtag.com/ Name: uuid
Value: 9e936219-506a-4300-b40d-5f858cd535a5
.adform.net/ Name: uid
Value: 2185369571982332337
.de17a.com/ Name: guid2
Value: 1.7070764015484992801
.pubmatic.com/ Name: KRTBCOOKIE_27
Value: 16735-uid:b7ee6219-506a-4a00-b525-30b76c7dbba9&KRTB&16736-uid:b7ee6219-506a-4a00-b525-30b76c7dbba9&KRTB&23019-uid:b7ee6219-506a-4a00-b525-30b76c7dbba9&KRTB&23208-uid:b7ee6219-506a-4a00-b525-30b76c7dbba9
.pubmatic.com/ Name: PUBMDCID
Value: 3
.pubmatic.com/ Name: KRTBCOOKIE_377
Value: 6810-78b4844b-aae7-4c34-9feb-c3730bce9346&KRTB&22918-78b4844b-aae7-4c34-9feb-c3730bce9346&KRTB&23031-78b4844b-aae7-4c34-9feb-c3730bce9346
.pubmatic.com/ Name: KRTBCOOKIE_336
Value: 5844-7070764015484992801
.pubmatic.com/ Name: KRTBCOOKIE_80
Value: 22987-CAESEJ-5OT2RloLRRqfdU3p2dKU&KRTB&16514-CAESEJ-5OT2RloLRRqfdU3p2dKU&KRTB&23025-CAESEJ-5OT2RloLRRqfdU3p2dKU
.rubiconproject.com/ Name: khaos
Value: L02YECY2-11-ILF1
.rubiconproject.com/ Name: audit
Value: 1|naVuGyos1qrQNyqtQZ3vt3jc0/aJelRdbjRFtGIHH0tgQkuuSU/3aEAb9wsm/DvhpYcoezCkB8n92N5tVnzTlsBQn6AvuCLF0JQga6zwDhiyqVI1k5poNA==
.postrelease.com/ Name: opt_out
Value: 1
.newsobserver.com/ Name: ak_bmsc
Value: A7517C258735A1B44B5EF49ACD2BE764~000000000000000000000000000000~YAAQXbsQAvx1bSZ/AQAAICTiMg58MUil3Eq7ew9W2NxOr2R4aWrEOjGJqM2d7kwJZhHYO0ZIdnDhvEquUC9pLT7sZJcPbiqBUugyKMJTilwi5JVjOj5czTMLr59Z1vq/OpPEixfqJ9ZADxqWXjvMEN0D/wDDi45F1x/xnZZvlqBLsShxYvVkgTWlrO67MEnnpJxjsU2/FZ7P5WdZ3O9Niskun1bu9p7KRrwu8LeGfSZQsoxR2f505wARmUPD2y0wiqr90kDj98TQJtx8pkb6OMGfVYRHrNKKSVchfvgoCvtkA67e5te/fRmIedUdZ0BdQGyhb26M0nZGS3Yix+XYPGu0J5NnswyXALNHBXiTecXLrkFc20s8CaVr+8A9d65U97ezsFnkOkmFPqsPwnxA8js+uKDK9yoj8304UKqUzoBE8IEUx/2wI5SRYjflO0BLKy4WwWQwxYxgdbmFaLc5xSGpSdU2mmrBPTk+EDBBApglaUnt+HithpA2Bh8L6HkRIPs=
.pubmatic.com/ Name: KRTBCOOKIE_391
Value: 22924-2185369571982332337&KRTB&23263-2185369571982332337
.adfarm1.adition.com/ Name: UserID1
Value: 7068769510638024856
.pubmatic.com/ Name: KRTBCOOKIE_57
Value: 22776-6288090308618684967&KRTB&23339-6288090308618684967
.pubmatic.com/ Name: KRTBCOOKIE_1101
Value: 23040-7068769510638024856
.pubmatic.com/ Name: PugT
Value: 1645826154
.onaudience.com/ Name: cookie
Value: f5e64495cc0dbd06
.onaudience.com/ Name: done_redirects161
Value: 1
.exelator.com/ Name: EE
Value: "9bf1f2452395c0f27a5db78401681a30"
.exelator.com/ Name: ud
Value: "eJxrXxzq6XKLQcEyKc0wzcjE1MjY0jTZIM3IPNE0JcncwsTA0MzCMNHYYHFZatGCpaXFqSlJh5ZU5JTkNK0uiw91jHdz9PX0iVzmnFGUn5u6AiwU5hq0yNJiSX5RZvoiF9fFRSlpDItKik8F759ZCABQhimh"
.onaudience.com/ Name: done_redirects104
Value: 1
.crwdcntrl.net/ Name: _cc_dc
Value: 1
.crwdcntrl.net/ Name: _cc_id
Value: 7e5dbfe0e61625f33461614e2904ebcf
.onaudience.com/ Name: done_redirects219
Value: 1
.zeotap.com/ Name: zc
Value: bb6e83e4-fbd8-416b-6315-b107db014794
.zeotap.com/ Name: zsc
Value: %19%AA%96%EE%0A%16H%C7%BFo%F6%B5m%F5v%8F7%07%B8%BF%5DM%5D%22%60A%BD%1C%9C%F9%D8%80o%B3Y%11%DF%DF%ED~%C9%FB%82%B9%88%C6%17k%B1%14%DD%DFs%CC%A7%F9%FC%C9%F8%13%F4%3D%CF%89%5C%5DB%09%E4X%0C%40%D0%14%BCfJ%7FTFjH%E4
.3lift.com/ Name: tluid
Value: 2615220121099089875188
.criteo.com/ Name: uid
Value: aaf9cc8e-b7af-4337-9845-5d1265c3cf58
.newsobserver.com/ Name: _li_dcdm_c
Value: .newsobserver.com
.newsobserver.com/ Name: _lc2_fpi
Value: 287830b26e9e--01fwse49xm2ypmpnw2wce6b8dv
.newsobserver.com/ Name: _ga
Value: GA1.2.1127891160.1645826156
.newsobserver.com/ Name: _gid
Value: GA1.2.15620806.1645826156
.newsobserver.com/ Name: _gat_ganewsobserver_UA-48279682-1
Value: 1
.bing.com/ Name: MUID
Value: 1306C7ABB15B6AA000FAD6FDB0D06B04
.everesttech.net/ Name: everest_session_v2
Value: YhlQbAAAAH9PP1yZ
.newsobserver.com/ Name: _sp_id.1b7f
Value: 87875a7fa36c0041.1645826155.1.1645826157.1645826155
.yahoo.com/ Name: A3
Value: d=AQABBGxQGWICEM_aJt6VYDqgzSh-_j3CRD4FEgEBAQGhGmIjYgAAAAAA_eMAAA&S=AQAAAqeaTmaOaUqHjJKsMiKx7ac
.adnxs.com/ Name: icu
Value: ChgIkcg7EAoYAiACKAIw7KDlkAY4AkACSAIQ7KDlkAYYAQ..
.redintelligence.net/ Name: 8lcfmzhxc8d6_uid
Value: a5e7d5a612bb8004
.ads.linkedin.com/ Name: lang
Value: v=2&lang=en-us
.linkedin.com/ Name: bcookie
Value: "v=2&3f231ca9-065e-460b-8bcc-978a17358640"
.linkedin.com/ Name: li_gc
Value: MTswOzE2NDU4MjYxNTY7MjswMjG3xf5PDFzHyAhkZh8QOuKWSrHttwUlI87y5CWJaR5VIw==
.linkedin.com/ Name: lidc
Value: "b=OGST08:s=O:r=O:a=O:p=O:g=2247:u=1:x=1:i=1645826156:t=1645912556:v=2:sig=AQGRcja09CXcXhfqLUH89L-3bzhVclUb"
.bidswitch.net/ Name: tuuid
Value: a72f5e15-275d-4ac5-badb-c26004de2a3e
.bidswitch.net/ Name: c
Value: 1645826156
.bidswitch.net/ Name: tuuid_lu
Value: 1645826156
tags.srv.stackadapt.com/ Name: sa-user-id
Value: s%3A0-174d0351-3a7a-4264-4a44-e1d8fb9cdd39.7mWD3zcIGilbagWATUTgyXNUq9CbGNDNWrW3mM3WixU
.srv.stackadapt.com/ Name: sa-user-id-v2
Value: s%3AF00DUTp6QmRKROHY-5zdOYrHJoU.9drO%2BmOOi6PW9q0uZofRv3FoYmWDrk3e%2FnjC%2F%2BYO3Q8
.newsobserver.com/ Name: _fbp
Value: fb.1.1645826156743.1250820515
.bidr.io/ Name: bito
Value: AAFuv07EMqEAAHxEK4bs6A
.bidr.io/ Name: bitoIsSecure
Value: ok
.everesttech.net/ Name: ev_sync_ax
Value: 20220225
.mfadsrvr.com/ Name: tuuid
Value: 04c6b035-fef6-4bfb-9cc2-9181f4c4e87b
.mfadsrvr.com/ Name: c
Value: 1645826156
.mfadsrvr.com/ Name: tuuid_lu
Value: 1645826156
.mfadsrvr.com/ Name: ssh
Value: !bidswitch,1645826156
.mfadsrvr.com/ Name: bsw_uid
Value: a72f5e15-275d-4ac5-badb-c26004de2a3e
.awin1.com/ Name: awpv14098
Value: 296283|1645826156|b5fcc0a1-9685-11ec-906f-22303242639c
.awin1.com/ Name: AWSESS
Value: 429086:2519595
.quantserve.com/ Name: mc
Value: 6219506d-01ebe-e8cfb-a2992
.office-partner.de/ Name: source
Value: {"webgains_webgains":{"timestamp":1645826157076,"clickCookie":false}}
.newsobserver.com/ Name: __qca
Value: P0-1321686590-1645826156749
pb.media01.eu/ Name: ASP.NET_SessionId
Value: wjufcwatkwskaytrt0zy2i0k
pb.media01.eu/ Name: DTU
Value: DFF7DDA3B362585391CDEC51968DE77D
.pubmatic.com/ Name: SPugT
Value: 1645826157
.adsrvr.org/ Name: TDCPM
Value: CAESFwoIcHVibWF0aWMSCwjK54WY9Ky8OhAFEhkKCmxpdmVpbnRlbnQSCwiOtqaw9Ky8OhAFGAEgASgCMgsIjq6p3YqtvDoQBTgBWgpsaXZlaW50ZW50YAI.
.addthis.com/ Name: na_id
Value: 2022022521555700011097245170
.addthis.com/ Name: na_tc
Value: Y
.addthis.com/ Name: uid
Value: 6219506d3585f0e6
.addthis.com/ Name: ouid
Value: 6219506d0001ee7d0340b5df640387eb1d33577c0224e954cfe1
.dlx.addthis.com/ Name: na_sc_x
Value: 1

3 Console Messages

Source Level URL
Text
network error URL: https://api.rlcdn.com/api/identity?pid=2&rt=envelope
Message:
Failed to load resource: the server responded with a status of 451 ()
network error URL: https://eb2.3lift.com/xuidmid=7976&xuid=0y8xa1ufp&dongle=u6nf
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://api.rlcdn.com/api/identity/envelope?pid=1405
Message:
Failed to load resource: the server responded with a status of 451 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

39160c3bf28948ecd89e7a37550c150f.safeframe.googlesyndication.com
5994599.fls.doubleclick.net
ad-server.eu
ad.mrtnsvr.com
adobedc.demdex.net
ads.pubmatic.com
adservice.google.com
adservice.google.de
adv.office-partner.de
ams1-ib.adnxs.com
analytics.webgains.io
api.ipify.org
api.rlcdn.com
api.webgains.io
app.securiti.ai
as-sec.casalemedia.com
ats.rlcdn.com
b-code.liadm.com
b1sync.zemanta.com
bidder.criteo.com
c.amazon-adsystem.com
c.bing.com
c1.adform.net
capi.connatix.com
cd.connatix.com
cdn-prod.securiti.ai
cdn.adnxs.com
cdn.p-n.io
cdn.parsely.com
cds.connatix.com
check.analytics.rlcdn.com
cm.everesttech.net
cm.g.doubleclick.net
confiant-integrations.global.ssl.fastly.net
connect.facebook.net
d15kdpgjg3unno.cloudfront.net
d5p.de17a.com
depart.trinitymedia.ai
dis.criteo.com
dpm.demdex.net
dsp.adfarm1.adition.com
dyv1bugovvq1g.cloudfront.net
eb2.3lift.com
edge.adobedc.net
edge.quantserve.com
fastlane.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
fundingchoicesmessages.google.com
geo.privacymanager.io
geolocation.onetrust.com
googleads.g.doubleclick.net
gum.criteo.com
hal9000.redintelligence.net
hal900022.redintelligence.net
hbopenbid.pubmatic.com
htlb.casalemedia.com
i.liadm.com
i6.liadm.com
ib.3lift.com
ib.adnxs.com
idx.liadm.com
image2.pubmatic.com
image4.pubmatic.com
image6.pubmatic.com
imasdk.googleapis.com
jadserve.postrelease.com
js-sec.indexww.com
js.matheranalytics.com
k.p-n.io
lasteventf-tm.everesttech.net
loada.exelator.com
match.adsrvr.org
match.prod.bidr.io
mcclatchy-d.openx.net
mcclatchy-newsobserver.cdn.zephr.com
mcclatchy-newsobserver.zeustechnology.com
mug.criteo.com
mwzeom.zeotap.com
p1.parsely.com
pagead2.googlesyndication.com
pb.media01.eu
pixel.everesttech.net
pixel.mathtag.com
pixel.onaudience.com
pixel.quantserve.com
pr-bh.ybp.yahoo.com
protected-by.clarium.io
pv.medialead.de
px.ads.linkedin.com
rp.liadm.com
rp4.liadm.com
rtb.mfadsrvr.com
rules.quantcount.com
s.amazon-adsystem.com
s.ntv.io
sb.scorecardresearch.com
secure-us.imrworldwide.com
securepubads.g.doubleclick.net
simage2.pubmatic.com
simage4.pubmatic.com
sli.newsobserver.com
spl.zeotap.com
sponsorship-lines.zeustechnology.com
sqs.us-east-1.amazonaws.com
ssp-sync.criteo.com
static.criteo.net
static.scroll.com
stats.g.doubleclick.net
sync-tm.everesttech.net
sync.crwdcntrl.net
sync.mathtag.com
sync.search.spotxchange.com
sync.taboola.com
tags.mathtag.com
tags.srv.stackadapt.com
tlx.3lift.com
tpc.googlesyndication.com
track.webgains.com
trc.taboola.com
trinitymedia.ai
um.simpli.fi
vd.trinitymedia.ai
www.awin1.com
www.everestjs.net
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.i.matheranalytics.com
www.newsobserver.com
x.bidswitch.net
x.dlx.addthis.com
104.111.215.191
104.111.219.128
104.111.234.92
104.111.239.217
107.178.250.234
107.22.240.229
108.128.26.6
13.36.218.177
138.201.63.149
141.226.228.48
142.250.184.226
142.250.185.130
142.250.185.166
143.204.103.127
143.204.95.188
143.204.98.115
143.204.98.117
143.204.98.119
143.204.98.124
143.204.98.125
143.204.98.16
143.204.98.32
143.204.98.54
143.204.98.56
143.204.98.59
144.76.104.53
145.239.193.130
15.188.95.229
151.101.194.49
151.101.2.137
151.101.65.108
151.101.65.194
159.122.14.34
178.250.0.163
178.250.2.131
178.250.2.146
178.250.2.83
18.192.85.110
18.204.184.124
18.216.183.199
184.31.84.150
185.29.132.245
185.29.134.245
185.33.220.240
185.33.221.52
185.64.189.110
185.64.189.112
185.64.190.80
185.64.190.81
185.94.180.126
198.47.127.19
198.47.127.20
199.232.194.217
2.18.233.180
2.18.233.201
2.18.234.163
2.18.234.21
205.185.216.42
209.54.180.3
213.155.156.164
2600:1f18:444a:4680:469d:1ee7:c700:42a5
2600:1f18:730:b150:1533:8f19:3ef8:a567
2600:9000:2156:5600:5:82fd:2500:21
2600:9000:2156:7600:12:1bf:30c0:93a1
2600:9000:2156:be00:8:8845:1500:93a1
2600:9000:2156:e000:3:c7cf:1100:93a1
2600:9000:2156:e200:6:44e3:f8c0:93a1
2600:9000:2156:e400:11:b309:9100:21
2602:803:c003:200::61
2606:4700:10::6814:b944
2606:4700:10::6816:1957
2620:116:800b:21:f716:921a:893c:c3d8
2620:116:800d:21:3175:5196:e3fd:8c1d
2620:1ec:21::14
2620:1ec:c11::200
2a00:1450:4001:803::2002
2a00:1450:4001:803::2003
2a00:1450:4001:808::2008
2a00:1450:4001:80e::200a
2a00:1450:4001:80f::200e
2a00:1450:4001:810::2001
2a00:1450:4001:810::2002
2a00:1450:4001:810::200e
2a00:1450:4001:811::2003
2a00:1450:4001:828::2002
2a00:1450:4001:828::2003
2a00:1450:4001:82b::2004
2a00:1450:4001:82b::200a
2a00:1450:4001:82f::2001
2a00:1450:4001:830::2002
2a00:1450:400c:c00::9d
2a02:2638::1c
2a02:2638::3
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f12d:83:face:b00c:0:25de
2a04:4e42:400::300
2a05:d018:d29:3601:48c:2850:f91f:4df0
2a0b:4d07:101::1
3.123.205.63
3.124.34.143
3.127.86.46
3.224.47.34
3.236.169.120
3.92.67.221
34.102.163.6
34.120.133.55
34.193.254.175
34.206.8.217
34.253.74.200
34.254.143.3
34.98.64.218
35.157.101.119
37.157.3.30
44.240.106.223
46.236.13.147
50.31.142.31
51.222.80.231
52.20.78.240
52.205.167.202
52.215.248.120
52.215.92.65
52.223.40.198
52.30.14.23
52.59.187.13
54.154.165.122
54.72.0.164
54.76.176.197
54.80.118.188
76.223.111.18
85.114.159.93
88.198.250.30
01c359b552904d096aba5c7db32c6fcd6f8f0105f9cc8fc0740f50c85c036969
0333a90b010263da8fbaddbe8a6415d40c8699ab5ff4e2bddfdbcc0c75b8cb24
04b15f5300716033ee6827b33c186e46d88d6a253679504cf1a8e9c1a3d75391
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
0800158a10a31d0557b6842d746d4c0531cbe5ed569c06fa8b888f46b1199504
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0ce5fc08d0f617e71e1d61bcd79fc7cc1855f4221945b0c09ac774685fe7f52c
0d5eeb85179769e8e3fee914f7741d884b613fc94f2529e0f981776fb70d2503
0d9762a1a60deef8aa093c473ad27c38eed77184d6940e7df06d89d77cbd3e94
0ecaf1ce9b0ffdc9b0c4d90c685ea025673e26adc0a2ce6c00cccd9ccba32227
10165ad8492adc91debb4a89bc266bef3b7bd63e999f706175e58a8d32fb0255
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
138d6c1a7a6db96fca90ce8b6ce226d5ccfe1d4854e9b349d942d60bd20edad3
14dd7082d18bcf4515bc4c7fe8ad898e0cc49b6e3b1c19b62b3988e4ac667a55
153ec94b25e3b5290a078646704eda9eb6d256e76a4be7b6b49ba37674f10ab0
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002
1b0fbbf2a9213b3cc3e711de20c4775167a70b71b95922f69a51878d16ddbadf
1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944
1cf9ae5c0529bf103cb71b4b7e875fc270c4094e3e6932897873e80fd30fb5ce
1d5a218c6676c6afa0caf376ceaa2c21a6c96a26849fb248b059ed73c8a7ffa6
1da19ccd67c659a0869767883f8b4e5089e1acc7bdb8c7742d85e2fa748faa10
1dd60fad6130583e2d37759b814687d176acd3714786c44189072b17f6994a9a
1e6d94ef150d4115e6628cd2343020b53d8005f230b822a528e9dfbf4c4094e1
1edc83f7137848a661dbf5a61dbe4bb3b42fc7d064004560ea0269b45747e7d3
1f3dd8063edfcdb39f4a2163e59dbc73e16a688c59979a4103948fcbf060f385
232d3fbf590a584138bb563319747dbef0c9e41db91f19ff45d41e785a5f4f98
243fb9953e49b6005f6ae1772f507bb789a8893960a495850afe43fe34030311
25475d82cc976fb2c71b15b3e416c22bf636dd247bbb268d312e7c076ec5b6e4
27bcdc67e32fef9bdd86b785b1bafadd7f6915c49f6b49bed86bfbddf414b2f8
2969aa16b763893fa2f600de842a23475f8c0f1d58ebbed3c4f7f1a63edbc0b5
29fa03d38ee8024c6991b44d4b4135b34afe72913433f634ca66c0b780a2b26b
2c884d249c5eec8f42cd3c97d51911016e9fff782af087fb51a1d6cfa21c7ee3
2c8e9c17c51ac13646a59b8c82f28ddbc7567ae6c99a102904383d8fb3408c13
2c9b510a3a779a1ead27e4c03828263237d01d50cfa55d490562fe3a9133d631
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2ff8dc4161b9a017745c29cdc9594fdff3e16b981f87664a6c3868bf4424ef3f
3081cd5942a29f59f16b662f9487cdb95dc4473722804097a0d697bd72fb1693
36a588822bfb9e3d351da79c492ed62f9d98275d59f611a50b0f37ae11731a34
384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7
391f7195f88fa7697b82bb024bfb4e108b2b632b0a9290f268ab8c733d552e72
3a3a57333f53e4f4724ebff87ecef57190953d0aae200c71f31f487644878d7c
3ad44d75738d40d406e7439c3667f33fcaab42796537afd22296d0d5c308a5b8
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
411085cb261352fa3c96129f4fff9ebf8a4826c46b9a61fd746a550f0bad3505
41b10e875b631a5107c4bb4883bf9b9b2a526fda141ae35b7faa962ae060de0b
41dd3e48dbef1ddbc59957d4e99ef7662c1702dd8b55d0900b02150f87af354a
43075f591294b754c8e0e2568a30341cf6d9e3635719e9def9e5b4b9675ece97
4739f74db2cec124c36c4fb60c8b2240172678404c4e6fad50c51c31f627e9b2
481b2fb6ea4f714f9b58e143ddb63f973e0fc1b14a4d8213517b4451644c9fae
4a6d54f7ddea9776c46bea423d9c42f41c7d54f879d0dea93d82ce2412813c37
4b9019b46768d884816f34f0572435e6b9060ff9d0ef785996285a9b7d97a715
4cff0edca41f1061d4de142e185cc820b1f2fd49122a3bddc1601fc56b19bc32
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e2ca7e6b935040d368111d2d8944e7687f7a2d81ccfda35862bb82af2673f7b
4fcdfd7851af4fa7856fcbd6fab17f118f8b6000caad9cf9a1f9263e0e68dc59
50b04fe8bef4a4c0f1c63c90f81e17274ececa52ea4180a96768a3016f4ec3e4
5390f6455a99d4f463557077d0d8d6fde198f1ddf1b40117409bc9ddbe764764
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
571d29030eddb0ad8e924f625d155f38e67271b228e59afba74ad2304369ee75
5792434943c87af4f700d107963412694121fa9f2bf0d33e3fd3a5a66c16b7d9
58a07739b05fec4d319e4d5c6b1fa4ac79e2a625e08ab3f303929b77fde5bdf4
59a6be8714d0d3d1412927d09cc691faa41beda4018e77d2ba67773580667f2e
5a49ffdeec0e61058ab6cdd783275b84a2c27a7a26b95a644f7764a78b510a7a
5b6da6699e22347ded40584215d759d21842a07be029c95c4886efa3c1385454
5dfd3c25368057fb42b8f5d53c61585031546e2a671cf0e3eec33fdff1073851
5ecb58845a9ac30e4eb4b18eb0e7431ba1fb195ce035309735efaee67421c7a3
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
63b693778274923011281f0c339ac4116f8a31b9d186d0657849380cd5bd34b7
6409666a32397c9ebd17aebd5c37c80566a5376fd0295652f43788692ab5732d
655d4a4cd5ffc81e9c9929afbb9ec0cdb4a95ab4c029ccac6900eb704e621671
659dacde48b8fcbdc60b1a15f237a3f7c4ccac52ac4385a4cfc544d8036af72f
68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f
69539b5b3777cffda28a66d7f2aa9b17c91ee1ec8fd50c00c442af91753a60f7
6a33111079bea48d7f3a4f7a20904139b74ef65fe1e4061b542634c7bb3e38ba
6b2a50938c5bd46548ab8043aafa317b98df93e8425b8b2b18161af233994975
6df7cb882995fe8138913eefbd043496b18ff37efa17c5f412b86378b6f2699e
718373a7c91888a59dd68756bc890f76e73bdb7301b10617f295a76cc03c7753
72c5d10e99c6620a2561415895a84064b5b5616c2b1914602263886be4cdc229
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
7635741e19ea05cd0621ffd2aaf56334b24e54c1f4833a5b22f2fc0a722555a8
769254457b771e41802cfbc21371888c7b2485ad5baddaacae3b25cd428e428a
7725538fe2f71147bffeba7452b434c826aef9009666cb4360c605d0b2a91d1d
784acd540b5fcfb87c47dfe12e5311084ce692366a2ac196fd5cc8eb28ff4c23
798b67bb2ea3243fac61fc7df7e5585a5adc40887e278bdf62598ca5d7629903
7a5e636d7882bf1f785a7e507f8fc859c67fc2825fdd3a91bd0b1abf586a83a1
7bc1c343272a50624781505b4fc29b239f9c4571f69db722259f05b515e540fd
7bf60965c05ac6414cbfc34821b53339155efbbccd67624d4ccfef3dc33800a4
7e24b7ae3f8c6241b9fccc0bb43f791b5f17b7175fb5e043ffacc9a68e4f34c6
808dac61dc1b335537a242fdcd4e3506a7c3d4307cc7b0b14cfab69f3bcb596d
80d54533f80e8233621f965ae0a7713928bdb4d491ed0eb5e90434550f1894cb
81abb2049251ad61c5569a04da793f36dce52b303689400d4fea58720eb959b5
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
844b59780c272f04ea427fce32b01199f8eecebca60038857c7770fc698082ef
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
86ba19b5038a1a2409d2ed06ba7930c0ab1e31820b789d977ace51df5b92ce1a
896d1670c2fcbfda967c13e2dabb6ffbafae8af429fa587e75dded97b8425f58
89b4aa9e9bf8516c2ab7b5134f65d47b02071637259a14c9f60dccc207e05ce4
8a9ba7bbc88ec23d81a2d63845638a3b6603de473261872f301803cef84ef335
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8ea9df9aa296a2eac3fe1a8b6972fecea49c7295f723cf9c93356ff9301a09ec
93ae7d494fad0fb30cbf3ae746a39c4bc7a0f8bbf87fbb587a3f3c01f3c5ce20
94387900f32acd4db42c1b58497aed54e34c2e7f2d1dbab761ee72225dd6da7b
952d5990bfa8902cb04f15d02b1ee6bdd3805f640c6e25424a645a63521cc26a
95b2f026f7df6a9a342aa8113762767e0f2b493fff09ac405017a6c9ad43f000
962633a9b2b7df607d091396cbe096cef615f8bd36ea627151254a5743c4e0c7
96fe1186e2a31459395b08e503f7c89b99e1d549ec16a7ab68725a75a675c9bc
97efeda8567c33ed3cd7eb616868f1282f50e8ca9ec1ebe3ab632b0913dbdc26
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
99c80a6065bbde5861ffd7086d580f06d71fd07eb4c50d894bb3bd0e9002a78a
9b015e39eef1a91405fc98c50e6a16d48beabdac62c08e4b8218581464034cd5
9d31b53d791785dca06e24fa0f24499d855b860f2f2b9a89bc36339b83aa68b5
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0891aabef5e8bc86e13dad5fdad8b113032f0f113f6298059bbdf2abe567c4a
a0a9ce1553fa74dad4d8cf55b7df7d012a3acdec01cd39d682fce0e5b52e99f2
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a1049edc101b6c597fe5c027720da70b3c03509fdfbfe41ef6a4ab742e728287
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a6473374780f5782e38516143842e20b9f24209965923e1e137bdeb8ded39342
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a7b2e960f7628e2b6d292e1e5e51cedf3243dab1c9d7cafb9897ba05c8185ce4
abb45ae4b3a896ae99132c1786a9676218c119ea552d3fbb5ab6d40d9e05e43c
ac53400c04ca28a29467c3b6cf8f0be2f9d4333a518574fba32cc239195117db
ac6de1839d1642937e40679f0415f1638166c8c203e315f6fb02e71cba74da24
acccc501aa6afa3cfac15e8ddccf1561deed2ed08c2f7d652abbdbe9aa71609a
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b11d4ed85ff14bbb39ed9d57952d01466e002f4469cbfa5afd4370bbdaf1996e
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b236dccee1a0d5280842bdff52b4005e2b0c9ee5d74a15db3e939c53306576d3
ba2079aa9138b37a21f77b8dc51a0db401c136dc72e56c43891d6de5020ea217
babed12c9b205a623d41b3807e090cf86ac5be73b2451de8b62029e26becdb15
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bc3d00772523b8cafdc54048d0867a792191304dc4bcfe24a4bc2874eeb928a9
bc9a16cd945457ad9463cdaed95129b01c589466978dfee3d019d9c604b2171a
bf94db5c7d218f9a2a2edfff6c01bf65f5946a32000cd41835fee5b564efa62f
bfa419bc604da1ea251c5fcc59bbbc1a6f973b61990ec5b24dd21ad56b8e17ff
c0941c831e1fa577700d13892de340682e12bec0c3dd0136232fd4d2ce067838
c0b73118990e8a933880c152b750065934be45922d40834f81057d22f5fc625e
c124c88ca4fcb4336e97617647ef0d32441329371120c8eabaea0fea226560b0
c17b823ddee789bdc88b380ce8aa533558cbdef360c5da8e1f9f0dd3b2a1040b
c2c42789a705be8af2bd9fa3437fd83abacd43834c1da2dcd1513d00fbe189c7
c306fb031803650f838048d2009bc4ef76218e790d8648ad2cd041d94c9bd14d
c4b05519bc96db8b65e056e8272009893742b83e0d8f4212b533a09a1e2c1f0c
c5229f002ac2e5386363995cd322db64b853c58d83c93a0f760677a8e8a29ed5
c652cb3dcc3b49133285c42c49b296c3a3af4f9fceffde1022a6e3539e2422b1
c6ce2b47cde7cf913a3c34ddce355fa9c75012577dd34c35928add8676cb7fa0
c7c09e9d407d0630fc345d492fab84c1fe0bb5cd684c84ee4e11663954bd3fa4
c815be0139a92202ff8f262cc335f6ae103594bb1d92c1c479ed604adf384a16
c8d83443724cb99e58573a1f951b02c898c76c26fc8cd68f14d1c90a9d13c47f
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
ca7ddfe88d9881045a69097a49702800110e658e51077c5e961a689746783015
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
cc1acaf97e4cb9f274d253d6cf45598a5bb3b5d435cc89b4b7074b64efa76225
ce3daa38c75b999bcc0583f073d663e0b1805b9447d0de99128c4ef3fdecdc59
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d1f18aa9276d6efc7f9f231eb3a6bd52999e6806ee4c6f81b7ad6377037520bf
d3bf3c7c44408c98d49e2f8e29731eca94a4f52c65286c38695fdce386a93f89
d6f461281199dd975b4e6633b4d9607e40c0c54e21509c17b51cb3cbe39508da
d6fbd6d46b0a1be6a3cdc49f712f83d661805a42fc37993340e2cc4493819adc
d7471e3df1ba49ecc8acc2dc6d8c4c3619f1a8e094050bdb2432c1cb2548468d
d8fbef1b3806ee0274bf5e05c3fdad8c896be0e7e13c737c1a07ccbab66a82ea
d96fcf3f8a17811af2f621154319dc0867c76a66e0dde0e0c1287ffe062852f0
da3d46779f54718dbe874f7d3d7d35fa89a0c46a59d03e773ac9835b476b614e
da45962a1fb4a049c9367ebe9b1b628f071d7a4c9997ee807c01d23f4866e19c
daa6d2c8b86beb3fcda114f7a5f9509f0daae5df27d0eea2d26ab2f7eefffb29
dd0ca95fd9a9bdd98c00311638cd1f71f56a86550ad5a602c17992d0a30fd1b5
de053e2b9ae468ad472f1f86cca21476d28bf67b95ac295d0b242be49680c70f
e1a96050ca42b7f7fc93dfd8eb3f8ba2daa6db76030a07459f09756b4e5b81a8
e22a95939468e07f704fac1adcdabc5ac4e9db9012e3a3307525d51b1f0af704
e257df7266563e157bb7df93fd09c6d13afb1c9554468b21c7378e09a94d3250
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e49209227732b3b603d5d03516286977e06812b880ec859bc7d5ad46dbd5abb0
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
ea26c78f630f8d3924b66a3966e9d96b6ce9217ee085f6db77fa191e13a59848
eab92ff2ec845f28c66e026b42dfb3697fd12716c51491953894ff4dba8c6ca4
eb17a933f0977509c796b9055e3c140746326ecd3ec343dfa3614e8bdb1ac2f5
ebb56d62f90a98774650f0c32c831d0acaabc57d86ceb22d5ad23d88f536d424
ebfcd6d197f4c04e167c1996a57dabe2134d94f9b20ffd3fa1a5d639bdf8f474
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152
ee14cb5ce7f59fb3240804e38e3f3a91410e06e5b9db9a06896b13d43b35450d
ee5d8f682805ed45d8c9ff24941a1ad286763bf61e23fde210d41e5016607106
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef84b2a7529ea701a00da1617d0eb5808a22ee1a23e7d21ede633488705fddc5
f1e25328be62ee5aca4777d33ecfbaf64a502f80dac2008bd7197e236cac8dc7
f1eeb08b8ac47851636c1d0d15d527b0e28487a7d1f471962ad0b191b848ca61
f2269030e7ae16aaaa8aef896cb37a76bea291cd89c3ed8c9bd36f4c51ad8bed
f328f4ae2fe983386843cc07db0af78c5fe9fa5ae67812f80062d5baa0e61047
f53da17ecb8859ec94ff820393477e6f0e0ce7e157c6e2422b7c75de6e9f6780
f6382788327b22eca61d6904f8c9410b5760dd953cdd36483a5943f181738f51
f8e49947d3547dba3e5bf18c2cefcc2dda7ff5f714e52f398b97d84887d1c586
f987f79b0127a62cd1f023ffd464599511868be10fad2a07c8f827eda7ef6cb9
fa5d2912bec294d33c9dc4be4a00a9a5f4ac993049a935f4535ae687e3b08d0b
fbcc47d748ec7901f0d7b52d664a969d953ba9e65831044cf25627b08487d835
fc9aafc92002e9d22789408325ebacb85b11551faf65e7ca5592a3d50ee567fb
fdd953c0b8c13c0446150bb1addff5668debb0213a3ffe780b12a765afa5b0f9
ff899365624bdc28c5da8084b4568e93f9530847f746179a9a7ccbe7d7c60d75