www.grandforksherald.com Open in urlscan Pro
13.225.78.15  Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 186

• https://pubads.g.doubleclick.net/gampad/ad?iu=/8570/forumcommunications/forumcommunications-13675-728x90-activefill-desktop-pixel&sz=1x1&t=&c=5568377717 HTTP 302
• https://pubads.g.doubleclick.net/gampad/ad?iu=/8570/forumcommunications/forumcommunications-13675-728x90-activefill-desktop-pixel&sz=1x1&t=&c=5568377717&pre=1

210 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
11 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request 7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack Show response www.grandforksherald.com/business/agriculture/	119 KB 27 KB	434ms 416ms	Document text/html	13.225.78.15 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.78.15 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-78-15.fra2.r.cloudfront.net Software nginx/1.18.0 / Resource Hash 6303d5319e5d40bd2151a98e82695bacb8b06d06397db9da693e947580663a8f Security Headers Name Value Content-Security-Policy frame-ancestors https://cue.forum.cue.cloud Request headers :method GET :authority www.grandforksherald.com :scheme https :path /business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 accept-language de-DE,de;q=0.9 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept-Language de-DE,de;q=0.9 Response headers content-type text/html; charset=UTF-8 content-length 26238 date Fri, 24 Sep 2021 05:08:39 GMT set-cookie AWSALB=EwJdFT+QsH4HwBusaIg9ldPJtK7Llao+XVGP8D82G/y7nUCuJ0quEOS3CxIvJQzsGHJDNymF0TSrIykN3LXxWQZG2dcGQh5i3IrffN8yqdVoxBCsIshIzkIYkHtN; Expires=Fri, 01 Oct 2021 05:08:39 GMT; Path=/ AWSALBCORS=EwJdFT+QsH4HwBusaIg9ldPJtK7Llao+XVGP8D82G/y7nUCuJ0quEOS3CxIvJQzsGHJDNymF0TSrIykN3LXxWQZG2dcGQh5i3IrffN8yqdVoxBCsIshIzkIYkHtN; Expires=Fri, 01 Oct 2021 05:08:39 GMT; Path=/; SameSite=None; Secure server nginx/1.18.0 x-request-id 296220c0-b2af-436f-b80e-038379994d17 last-modified Thu, 23 Sep 2021 21:55:44 GMT cache-control public, s-maxage=60, max-age=80 etag W/"a6744f06d62d9e9f0c2fdf3740128904:090" content-encoding gzip x-varnish 11050555 622104161 634914617 via 1.1 varnish (Varnish/5.2), 1.1 6fa33d47af6f4da7007689083cfe9b9c.cloudfront.net (CloudFront) x-cache-backend cuefront1_nelson x-cache-host Front:varnish-10dfff.forum.cue.cloud Backend:cook-60712d.forum.cue.cloud x-ua Amazon CloudFront content-security-policy frame-ancestors https://cue.forum.cue.cloud accept-ranges bytes x-edge-origin-shield-skipped 0 vary Accept-Encoding x-cache Miss from cloudfront x-amz-cf-pop FRA2-C2 x-amz-cf-id bHi20fgrypNUeHzJdD6TI6L4CgMn1Tk44WK05D40cOLQo_bUt2yDYA== age 3823
GET H2	200	jquery-3.5.0.min.js Show response code.jquery.com/	87 KB 30 KB	32ms 12ms	Script application/javascript	69.16.175.42 HIGHWINDS3
General Check archive.org Show headers Download Go to Full URL https://code.jquery.com/jquery-3.5.0.min.js Requested by Host: www.grandforksherald.com URL: https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack Protocol H2 Security TLS 1.3, , AES_128_GCM Server 69.16.175.42 , United States, ASN20446 (HIGHWINDS3, US), Reverse DNS tlb.hwcdn.net Software nginx / Resource Hash c4dccdd9ae25b64078e0c73f273de94f8894d5c99e4741645ece29aeefc9c5a4 Request headers Referer https://www.grandforksherald.com/ Origin https://www.grandforksherald.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Fri, 24 Sep 2021 05:08:40 GMT content-encoding gzip last-modified Fri, 10 Apr 2020 15:24:08 GMT server nginx etag W/"5e908f98-15d95" vary Accept-Encoding x-hw 1632460120.dop005.fr8.t,1632460120.cds288.fr8.hn,1632460120.cds139.fr8.c content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=315360000, public accept-ranges bytes content-length 30880
GET H2	200	grandforksherald.png static.forumcomm.com/images/300x86/	11 KB 11 KB	63ms 7ms	Image image/png	13.224.193.88 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://static.forumcomm.com/images/300x86/grandforksherald.png Requested by Host: www.grandforksherald.com URL: https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.193.88 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-193-88.fra2.r.cloudfront.net Software AmazonS3 / Resource Hash e762f6f3ff1c1702cdcca24b7c037f6aa949a299eee641d399c39b5a19ed7ebd Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Thu, 23 Sep 2021 14:01:46 GMT via 1.1 29051585a13addd312c8ac9d527433c6.cloudfront.net (CloudFront) last-modified Tue, 17 Aug 2021 16:20:22 GMT server AmazonS3 age 54415 etag "9b1059eb1884a581fcb47d26eb75ae22" x-edge-origin-shield-skipped 0 content-type image/png x-cache Hit from cloudfront x-amz-cf-pop FRA2-C1 accept-ranges bytes content-length 11132 x-amz-cf-id sO9OFGl-NB4SQzN0vqcTBxaXTcTrUjj1rS-QwV_MhPj40XeU-esndg==
GET H2	200	grandforksherald.png static.forumcomm.com/images/620x220/	11 KB 12 KB	11ms 8ms	Image image/png	13.224.193.88 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://static.forumcomm.com/images/620x220/grandforksherald.png Requested by Host: www.grandforksherald.com URL: https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.193.88 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-193-88.fra2.r.cloudfront.net Software AmazonS3 / Resource Hash 6f07c0f143f0b79e22abb59ad6bc4b297cca2f0e4eb02c9f8e2eab2763f93587 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Thu, 23 Sep 2021 14:01:43 GMT via 1.1 29051585a13addd312c8ac9d527433c6.cloudfront.net (CloudFront) last-modified Mon, 16 Aug 2021 21:25:11 GMT server AmazonS3 age 54418 etag "6ecc1f746290f89cb215b63809feb8b6" x-edge-origin-shield-skipped 0 content-type image/png x-cache Hit from cloudfront x-amz-cf-pop FRA2-C1 accept-ranges bytes content-length 11689 x-amz-cf-id uoCLQw33xwddFPCkMvX8p0kYwuzF2o6t-lE89wc6JEfBf3d-ISBnpg==
GET H2	200	CrimeReport%20FSA.png www.inforum.com/incoming/7112920-miiqm0-CrimeReport-FSA.png/alternates/LANDSCAPE_400/	147 KB 148 KB	41ms 11ms	Image image/png	13.225.78.15 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://www.inforum.com/incoming/7112920-miiqm0-CrimeReport-FSA.png/alternates/LANDSCAPE_400/CrimeReport%20FSA.png Requested by Host: www.grandforksherald.com URL: https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.78.15 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-78-15.fra2.r.cloudfront.net Software nginx/1.18.0 / Resource Hash a5e85be94698d447f0319354ac6ada085194b010ce5977723d0cb5b709e5531e Security Headers Name Value Content-Security-Policy frame-ancestors https://cue.forum.cue.cloud Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Fri, 24 Sep 2021 04:51:48 GMT via 1.1 varnish (Varnish/5.2), 1.1 6fa33d47af6f4da7007689083cfe9b9c.cloudfront.net (CloudFront) age 1012 x-edge-origin-shield-skipped 0 x-cache-host Front:varnish-5bd899.forum.cue.cloud Backend:cook-1f23e6.forum.cue.cloud x-cache-backend cuefront2_nelson x-cache Hit from cloudfront x-ua Amazon CloudFront last-modified Thu, 15 Jul 2021 11:32:14 GMT server nginx/1.18.0 etag "1630067794.207267-150770-238557543" vary Accept-Encoding x-varnish 8658896, 633443484 x-request-id 0bfb353d-36f6-4a18-a820-ea9a47f764f2 cache-control max-age=7200, s-maxage=7200 content-security-policy frame-ancestors https://cue.forum.cue.cloud x-amz-cf-pop FRA2-C2 accept-ranges bytes content-type image/png x-amz-cf-id 2F29iT_78LQUmINUcshVckvMUiCk8pjj5tIJiJIJThMcumRutsz7zQ== expires Fri, 24 Sep 2021 16:51:48 GMT
GET H2	200	CrimeReport%20FSA.png www.inforum.com/incoming/7112920-miiqm0-CrimeReport-FSA.png/alternates/LANDSCAPE_768/	497 KB 499 KB	39ms 10ms	Image image/png	13.225.78.15 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://www.inforum.com/incoming/7112920-miiqm0-CrimeReport-FSA.png/alternates/LANDSCAPE_768/CrimeReport%20FSA.png Requested by Host: www.grandforksherald.com URL: https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.78.15 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-78-15.fra2.r.cloudfront.net Software nginx/1.18.0 / Resource Hash 09c55be4cac04e2c41d84b5e7191b690773d84cf21db33958653d62b47f112f5 Security Headers Name Value Content-Security-Policy frame-ancestors https://cue.forum.cue.cloud Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Fri, 24 Sep 2021 04:28:28 GMT via 1.1 varnish (Varnish/5.2), 1.1 6fa33d47af6f4da7007689083cfe9b9c.cloudfront.net (CloudFront) age 2412 x-edge-origin-shield-skipped 0 x-cache-host Front:varnish-5bd899.forum.cue.cloud Backend:cook-ea6823.forum.cue.cloud x-cache-backend cuefront1_nelson x-cache Hit from cloudfront content-length 509367 x-ua Amazon CloudFront last-modified Thu, 15 Jul 2021 11:32:14 GMT server nginx/1.18.0 etag "1630057403.6431947-509367-213260637" vary Accept-Encoding x-varnish 6914902, 612439115 x-request-id cd49f3f5-6fd8-461f-8938-f3f3ad4707e2 cache-control max-age=7200, s-maxage=7200 content-security-policy frame-ancestors https://cue.forum.cue.cloud x-amz-cf-pop FRA2-C2 accept-ranges bytes content-type image/png x-amz-cf-id 9RhqGqgOunZEo57bE6rPZ19WHENLyEvZ15JR9E8CcB4qyyfOl5zh0A== expires Fri, 24 Sep 2021 16:28:28 GMT
GET H2	200	grandforksherald.css www.grandforksherald.com/theme/css/	335 KB 50 KB	210ms 210ms	Stylesheet text/css	13.225.78.15 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.grandforksherald.com/theme/css/grandforksherald.css Requested by Host: www.grandforksherald.com URL: https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.78.15 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-78-15.fra2.r.cloudfront.net Software nginx/1.18.0 / Resource Hash 98c3de0ff1d93d06cd800767eae4834e466590e1a7f9a407b214065718e2b088 Security Headers Name Value Content-Security-Policy frame-ancestors https://cue.forum.cue.cloud Request headers :path /theme/css/grandforksherald.css pragma no-cache cookie AWSALB=EwJdFT+QsH4HwBusaIg9ldPJtK7Llao+XVGP8D82G/y7nUCuJ0quEOS3CxIvJQzsGHJDNymF0TSrIykN3LXxWQZG2dcGQh5i3IrffN8yqdVoxBCsIshIzkIYkHtN; AWSALBCORS=EwJdFT+QsH4HwBusaIg9ldPJtK7Llao+XVGP8D82G/y7nUCuJ0quEOS3CxIvJQzsGHJDNymF0TSrIykN3LXxWQZG2dcGQh5i3IrffN8yqdVoxBCsIshIzkIYkHtN accept-encoding gzip, deflate, br accept-language de-DE,de;q=0.9 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 sec-fetch-mode no-cors accept text/css,*/*;q=0.1 cache-control no-cache sec-fetch-dest style :authority www.grandforksherald.com referer https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack :scheme https sec-fetch-site same-origin :method GET Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Fri, 24 Sep 2021 05:08:40 GMT content-encoding gzip age 335 x-edge-origin-shield-skipped 0 x-cache-host Front:varnish-10dfff.forum.cue.cloud Backend:cook-0728cf.forum.cue.cloud x-cache-backend cuefront1_nelson set-cookie AWSALB=/at//IoTEDtSu5yYOY8yaSIODj2mfJhiBqekpFkg9baPvFckuDleg+5jdRL1ZDUDhqD5KVTm7FAaohza1dcO/8nYp2AHaBA/z3mnJm9QL/qBOZTgdB9tuGDyZqdw; Expires=Fri, 01 Oct 2021 05:08:40 GMT; Path=/ AWSALBCORS=/at//IoTEDtSu5yYOY8yaSIODj2mfJhiBqekpFkg9baPvFckuDleg+5jdRL1ZDUDhqD5KVTm7FAaohza1dcO/8nYp2AHaBA/z3mnJm9QL/qBOZTgdB9tuGDyZqdw; Expires=Fri, 01 Oct 2021 05:08:40 GMT; Path=/; SameSite=None; Secure x-cache Miss from cloudfront content-length 50003 x-ua Amazon CloudFront last-modified Thu, 23 Sep 2021 16:16:20 GMT server nginx/1.18.0 etag W/"614ca854-53c96" vary Accept-Encoding x-varnish 395523 635310245 634426804 via 1.1 varnish (Varnish/5.2), 1.1 6fa33d47af6f4da7007689083cfe9b9c.cloudfront.net (CloudFront) cache-control max-age=360, s-maxage=300 content-security-policy frame-ancestors https://cue.forum.cue.cloud x-amz-cf-pop FRA2-C2 accept-ranges bytes content-type text/css x-amz-cf-id Fi18o_aO0kTDSaqsYzxxXRV2-EytyrTCB6sa7w9ZV0Ed563-1UlLgw==
GET H2	200	fccgtmscriptloader.js Show response www.grandforksherald.com/theme/js/	430 B 1 KB	117ms 117ms	Script application/javascript	13.225.78.15 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.grandforksherald.com/theme/js/fccgtmscriptloader.js Requested by Host: www.grandforksherald.com URL: https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.78.15 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-78-15.fra2.r.cloudfront.net Software nginx/1.18.0 / Resource Hash 9d0f96b96952f9a0fbc79b7cf1263e8a2b871c9c8c030685d11e8ad77435ccee Security Headers Name Value Content-Security-Policy frame-ancestors https://cue.forum.cue.cloud Request headers :path /theme/js/fccgtmscriptloader.js pragma no-cache cookie AWSALB=EwJdFT+QsH4HwBusaIg9ldPJtK7Llao+XVGP8D82G/y7nUCuJ0quEOS3CxIvJQzsGHJDNymF0TSrIykN3LXxWQZG2dcGQh5i3IrffN8yqdVoxBCsIshIzkIYkHtN; AWSALBCORS=EwJdFT+QsH4HwBusaIg9ldPJtK7Llao+XVGP8D82G/y7nUCuJ0quEOS3CxIvJQzsGHJDNymF0TSrIykN3LXxWQZG2dcGQh5i3IrffN8yqdVoxBCsIshIzkIYkHtN accept-encoding gzip, deflate, br accept-language de-DE,de;q=0.9 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 sec-fetch-mode no-cors accept */* cache-control no-cache sec-fetch-dest script :authority www.grandforksherald.com referer https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack :scheme https sec-fetch-site same-origin :method GET Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Fri, 24 Sep 2021 05:08:40 GMT content-encoding gzip age 20 x-edge-origin-shield-skipped 0 x-cache-host Front:varnish-10dfff.forum.cue.cloud Backend:cook-0728cf.forum.cue.cloud x-cache-backend cuefront2_nelson set-cookie AWSALB=vJOa+wBgfP2IxTELlBHNFteHMWb1apPq8c67Iefqy+S3bKFHlCm7bQMYFr2eDczq8d4kHytZOlo5+uOPstvRz2rgBx44WjlUvokcNoy2cYcjacT4F6OasXvUOL7r; Expires=Fri, 01 Oct 2021 05:08:40 GMT; Path=/ AWSALBCORS=vJOa+wBgfP2IxTELlBHNFteHMWb1apPq8c67Iefqy+S3bKFHlCm7bQMYFr2eDczq8d4kHytZOlo5+uOPstvRz2rgBx44WjlUvokcNoy2cYcjacT4F6OasXvUOL7r; Expires=Fri, 01 Oct 2021 05:08:40 GMT; Path=/; SameSite=None; Secure x-cache Miss from cloudfront content-length 262 x-ua Amazon CloudFront last-modified Thu, 23 Sep 2021 15:05:35 GMT server nginx/1.18.0 etag W/"614c97bf-1ae" vary Accept-Encoding x-varnish 3872335 635833228 631508272 via 1.1 varnish (Varnish/5.2), 1.1 6fa33d47af6f4da7007689083cfe9b9c.cloudfront.net (CloudFront) cache-control max-age=360, s-maxage=300 content-security-policy frame-ancestors https://cue.forum.cue.cloud x-amz-cf-pop FRA2-C2 accept-ranges bytes content-type application/javascript x-amz-cf-id 8GEqigMDZobzCpDMUWrYStZG06wL2iEyMN0_nLpUpvsuqKelwaxQxA==
GET H2	200	jquery.lazyload.min.js Show response www.grandforksherald.com/theme/js/	3 KB 2 KB	16ms 13ms	Script application/javascript	13.225.78.15 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.grandforksherald.com/theme/js/jquery.lazyload.min.js Requested by Host: www.grandforksherald.com URL: https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.78.15 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-78-15.fra2.r.cloudfront.net Software nginx/1.18.0 / Resource Hash 0aeb042cd6bb4b9343177607db0647f2193ee4148c93770949efbfdc07d630ad Security Headers Name Value Content-Security-Policy frame-ancestors https://cue.forum.cue.cloud Request headers :path /theme/js/jquery.lazyload.min.js pragma no-cache cookie AWSALB=75h/b/F+uxDVL/joLFWWz+rDzmL7PQnHFwe+0xqhU8hVbaKKaaZ7l1ikhlnUJlppJwGNfn4quEp+JNCC9lAYgBS9C2IOyeY+ukSjM9Ie+I6W2amlClFVDQrx98xa; AWSALBCORS=75h/b/F+uxDVL/joLFWWz+rDzmL7PQnHFwe+0xqhU8hVbaKKaaZ7l1ikhlnUJlppJwGNfn4quEp+JNCC9lAYgBS9C2IOyeY+ukSjM9Ie+I6W2amlClFVDQrx98xa accept-encoding gzip, deflate, br accept-language de-DE,de;q=0.9 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 sec-fetch-mode no-cors accept */* cache-control no-cache sec-fetch-dest script :authority www.grandforksherald.com referer https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack :scheme https sec-fetch-site same-origin :method GET Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Fri, 24 Sep 2021 05:06:46 GMT content-encoding gzip age 148 x-edge-origin-shield-skipped 0 x-cache-host Front:varnish-5bd899.forum.cue.cloud Backend:cook-ea6823.forum.cue.cloud x-cache-backend cuefront1_nelson set-cookie AWSALB=IgbJP7ZvL+icBFjwQypk75QrCyDHMrngY7iR5jC9xZNNQSGAqyw4pSFVAHY8NOlyvaOHSTQXJ8phjfXGHOGQ2OPqi2xG9XvOpp2YwFAGD5z+cZ7GyTPo9YV9q4uy; Expires=Fri, 01 Oct 2021 05:06:46 GMT; Path=/ AWSALBCORS=IgbJP7ZvL+icBFjwQypk75QrCyDHMrngY7iR5jC9xZNNQSGAqyw4pSFVAHY8NOlyvaOHSTQXJ8phjfXGHOGQ2OPqi2xG9XvOpp2YwFAGD5z+cZ7GyTPo9YV9q4uy; Expires=Fri, 01 Oct 2021 05:06:46 GMT; Path=/; SameSite=None; Secure x-cache Hit from cloudfront content-length 1094 x-ua Amazon CloudFront last-modified Thu, 23 Sep 2021 15:05:35 GMT server nginx/1.18.0 etag W/"614c97bf-d32" vary Accept-Encoding x-varnish 1610813 637078991 637078965 via 1.1 varnish (Varnish/5.2), 1.1 6fa33d47af6f4da7007689083cfe9b9c.cloudfront.net (CloudFront) cache-control max-age=360, s-maxage=300 content-security-policy frame-ancestors https://cue.forum.cue.cloud x-amz-cf-pop FRA2-C2 accept-ranges bytes content-type application/javascript x-amz-cf-id Gq2cil6hy8ihWT-UWXa_2UMrlypzrvgJ_1KqgYl3uUb8zuQnAiPi8A==
GET H2	200	lazysizes.min.js Show response www.grandforksherald.com/theme/js/	8 KB 4 KB	116ms 114ms	Script application/javascript	13.225.78.15 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.grandforksherald.com/theme/js/lazysizes.min.js Requested by Host: www.grandforksherald.com URL: https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.78.15 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-78-15.fra2.r.cloudfront.net Software nginx/1.18.0 / Resource Hash 7c5112469a2b487beb6be62905d05affafb7e806ddadb82f41f66726bfe1fa0e Security Headers Name Value Content-Security-Policy frame-ancestors https://cue.forum.cue.cloud Request headers :path /theme/js/lazysizes.min.js pragma no-cache cookie AWSALB=75h/b/F+uxDVL/joLFWWz+rDzmL7PQnHFwe+0xqhU8hVbaKKaaZ7l1ikhlnUJlppJwGNfn4quEp+JNCC9lAYgBS9C2IOyeY+ukSjM9Ie+I6W2amlClFVDQrx98xa; AWSALBCORS=75h/b/F+uxDVL/joLFWWz+rDzmL7PQnHFwe+0xqhU8hVbaKKaaZ7l1ikhlnUJlppJwGNfn4quEp+JNCC9lAYgBS9C2IOyeY+ukSjM9Ie+I6W2amlClFVDQrx98xa accept-encoding gzip, deflate, br accept-language de-DE,de;q=0.9 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 sec-fetch-mode no-cors accept */* cache-control no-cache sec-fetch-dest script :authority www.grandforksherald.com referer https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack :scheme https sec-fetch-site same-origin :method GET Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Fri, 24 Sep 2021 05:08:40 GMT content-encoding gzip age 42 x-edge-origin-shield-skipped 0 x-cache-host Front:varnish-5bd899.forum.cue.cloud Backend:cook-0728cf.forum.cue.cloud x-cache-backend cuefront2_nelson set-cookie AWSALB=+ScOPb6jV8cC344cWtWGkRWmROhOztbxYTztOaKBInr49Kf1fDnJ34sitNiUJvA37HDr0aym5In+fWvX/U4TlKPlivKwI92RMD1iEycRYjb2AMInCPGU0Fxacnl9; Expires=Fri, 01 Oct 2021 05:08:40 GMT; Path=/ AWSALBCORS=+ScOPb6jV8cC344cWtWGkRWmROhOztbxYTztOaKBInr49Kf1fDnJ34sitNiUJvA37HDr0aym5In+fWvX/U4TlKPlivKwI92RMD1iEycRYjb2AMInCPGU0Fxacnl9; Expires=Fri, 01 Oct 2021 05:08:40 GMT; Path=/; SameSite=None; Secure x-cache Miss from cloudfront content-length 3457 x-ua Amazon CloudFront last-modified Thu, 23 Sep 2021 15:05:35 GMT server nginx/1.18.0 etag W/"614c97bf-1e5b" vary Accept-Encoding x-varnish 4000804 636653489 606999785 via 1.1 varnish (Varnish/5.2), 1.1 6fa33d47af6f4da7007689083cfe9b9c.cloudfront.net (CloudFront) cache-control max-age=360, s-maxage=300 content-security-policy frame-ancestors https://cue.forum.cue.cloud x-amz-cf-pop FRA2-C2 accept-ranges bytes content-type application/javascript x-amz-cf-id 2pS5iKqFTBGvfhuen3NB3EH6WRMfVJ-1bs0a5OqnQoEK6mINnYgyxA==
GET H2	200	saveLoadUTMCookies.js Show response www.grandforksherald.com/theme/js/	653 B 1 KB	418ms 415ms	Script application/javascript	13.225.78.15 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.grandforksherald.com/theme/js/saveLoadUTMCookies.js Requested by Host: www.grandforksherald.com URL: https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.78.15 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-78-15.fra2.r.cloudfront.net Software nginx/1.18.0 / Resource Hash 1bcdc9ac487568f647e37b2b1c85da6289e4a968f9df854992fbe4cab1bcd0bb Security Headers Name Value Content-Security-Policy frame-ancestors https://cue.forum.cue.cloud Request headers :path /theme/js/saveLoadUTMCookies.js pragma no-cache cookie AWSALB=75h/b/F+uxDVL/joLFWWz+rDzmL7PQnHFwe+0xqhU8hVbaKKaaZ7l1ikhlnUJlppJwGNfn4quEp+JNCC9lAYgBS9C2IOyeY+ukSjM9Ie+I6W2amlClFVDQrx98xa; AWSALBCORS=75h/b/F+uxDVL/joLFWWz+rDzmL7PQnHFwe+0xqhU8hVbaKKaaZ7l1ikhlnUJlppJwGNfn4quEp+JNCC9lAYgBS9C2IOyeY+ukSjM9Ie+I6W2amlClFVDQrx98xa accept-encoding gzip, deflate, br accept-language de-DE,de;q=0.9 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 sec-fetch-mode no-cors accept */* cache-control no-cache sec-fetch-dest script :authority www.grandforksherald.com referer https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack :scheme https sec-fetch-site same-origin :method GET Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Fri, 24 Sep 2021 05:08:41 GMT content-encoding gzip age 340 x-cache Miss from cloudfront x-cache-host Front:varnish-5bd899.forum.cue.cloud Backend:cook-4558c0.forum.cue.cloud x-cache-backend cuefront1_nelson set-cookie AWSALB=niL2OIhQ/VPiDERM6T/hePC4bz0eFl/p8eKW+mB2rzK40V4ZPWq7tYueauuZQ38vQuW2L5CncaldUeJOGNRMj8/F6oepIEcMoVmm4A77Z5eLt+fuo+aJipjsr3P/; Expires=Fri, 01 Oct 2021 05:08:41 GMT; Path=/ AWSALBCORS=niL2OIhQ/VPiDERM6T/hePC4bz0eFl/p8eKW+mB2rzK40V4ZPWq7tYueauuZQ38vQuW2L5CncaldUeJOGNRMj8/F6oepIEcMoVmm4A77Z5eLt+fuo+aJipjsr3P/; Expires=Fri, 01 Oct 2021 05:08:41 GMT; Path=/; SameSite=None; Secure content-length 312 x-ua Amazon CloudFront last-modified Thu, 23 Sep 2021 15:05:35 GMT server nginx/1.18.0 etag W/"614c97bf-28d" vary Accept-Encoding x-varnish 10034661 637370458 638978014 via 1.1 varnish (Varnish/5.2), 1.1 6fa33d47af6f4da7007689083cfe9b9c.cloudfront.net (CloudFront) cache-control max-age=360, s-maxage=300 content-security-policy frame-ancestors https://cue.forum.cue.cloud x-amz-cf-pop FRA2-C2 accept-ranges bytes content-type application/javascript x-amz-cf-id o46BlhQJdvXxs-A3f4WjPKjkFCINKDx7iG7qdQXMG9xReB7GVPJRQg==
GET H2	200	jquery.fcc_slider.min.js Show response www.grandforksherald.com/theme/js/	2 KB 2 KB	417ms 415ms	Script application/javascript	13.225.78.15 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.grandforksherald.com/theme/js/jquery.fcc_slider.min.js Requested by Host: www.grandforksherald.com URL: https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.78.15 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-78-15.fra2.r.cloudfront.net Software nginx/1.18.0 / Resource Hash bccae3322908314eee41f51672be6c357f70ac2720cb54ffe987a17e4d200eb7 Security Headers Name Value Content-Security-Policy frame-ancestors https://cue.forum.cue.cloud Request headers :path /theme/js/jquery.fcc_slider.min.js pragma no-cache cookie AWSALB=75h/b/F+uxDVL/joLFWWz+rDzmL7PQnHFwe+0xqhU8hVbaKKaaZ7l1ikhlnUJlppJwGNfn4quEp+JNCC9lAYgBS9C2IOyeY+ukSjM9Ie+I6W2amlClFVDQrx98xa; AWSALBCORS=75h/b/F+uxDVL/joLFWWz+rDzmL7PQnHFwe+0xqhU8hVbaKKaaZ7l1ikhlnUJlppJwGNfn4quEp+JNCC9lAYgBS9C2IOyeY+ukSjM9Ie+I6W2amlClFVDQrx98xa accept-encoding gzip, deflate, br accept-language de-DE,de;q=0.9 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 sec-fetch-mode no-cors accept */* cache-control no-cache sec-fetch-dest script :authority www.grandforksherald.com referer https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack :scheme https sec-fetch-site same-origin :method GET Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Fri, 24 Sep 2021 05:08:41 GMT content-encoding gzip age 397 x-cache Miss from cloudfront x-cache-host Front:varnish-10dfff.forum.cue.cloud Backend:cook-60712d.forum.cue.cloud x-cache-backend cuefront2_nelson set-cookie AWSALB=bpA57rXmmUoY0QcTKnIs3uqLCY3qapplhdqrhwZAC5AmreeafKoJ82T0pZWuUSsGLxpBGvq668ASHkHeN5+ATBf0DfVv8G4KXuiOpPFZNCeKf00A9Kmd0+MSKe1j; Expires=Fri, 01 Oct 2021 05:08:41 GMT; Path=/ AWSALBCORS=bpA57rXmmUoY0QcTKnIs3uqLCY3qapplhdqrhwZAC5AmreeafKoJ82T0pZWuUSsGLxpBGvq668ASHkHeN5+ATBf0DfVv8G4KXuiOpPFZNCeKf00A9Kmd0+MSKe1j; Expires=Fri, 01 Oct 2021 05:08:41 GMT; Path=/; SameSite=None; Secure content-length 934 x-ua Amazon CloudFront last-modified Thu, 23 Sep 2021 15:05:35 GMT server nginx/1.18.0 etag W/"614c97bf-798" vary Accept-Encoding x-varnish 6921727 626332032 627544439 via 1.1 varnish (Varnish/5.2), 1.1 6fa33d47af6f4da7007689083cfe9b9c.cloudfront.net (CloudFront) cache-control max-age=360, s-maxage=300 content-security-policy frame-ancestors https://cue.forum.cue.cloud x-amz-cf-pop FRA2-C2 accept-ranges bytes content-type application/javascript x-amz-cf-id XdVpsgQBoW1qsr7avLS7T7SyxaaJeknoHTXT1AMhrhw6wv3p2zWBrA==
GET H2	200	sm0dWOKa.js Show response cdn.jwplayer.com/libraries/	127 KB 41 KB	49ms 8ms	Script text/javascript	13.225.78.110 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cdn.jwplayer.com/libraries/sm0dWOKa.js Requested by Host: www.grandforksherald.com URL: https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.78.110 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-78-110.fra2.r.cloudfront.net Software openresty / Resource Hash b4854161efbe1bb461aecb20065620be7608ce7877401a716cd31cdefced96f1 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Fri, 24 Sep 2021 05:07:28 GMT content-encoding gzip server openresty age 72 x-edge-origin-shield-skipped 0 content-type text/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=150, max-stale=180 x-cache Hit from cloudfront x-amz-cf-pop FRA2-C2 content-length 41653 via 1.1 cc0ab20766d57035422a2c4c69fe0620.cloudfront.net (CloudFront) x-amz-cf-id w5XOcRuCsJBVWoiDwHZvpAyzLZHK12V73MO5tKHEEaupRrh6Z85vRg== expires Fri, 24 Sep 2021 05:09:58 GMT
GET H2	200	wxwidget.loader.js Show response widgets-lts.media.weather.com/	528 KB 127 KB	127ms 7ms	Script text/javascript	184.25.115.200 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://widgets-lts.media.weather.com/wxwidget.loader.js?cid=315354512 Requested by Host: www.grandforksherald.com URL: https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 184.25.115.200 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a184-25-115-200.deploy.static.akamaitechnologies.com Software nginx/1.20.0 / Express Resource Hash c03df04f200065378dc83341334332e036b3c34494ec2abedbd963019b51a6d6 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains; preload content-encoding gzip etag W/"840aa-Q4G5wMcTHnXEUAIXq/Ads3wD2CA" server nginx/1.20.0 x-powered-by Express x-cache-status HIT vary Accept-Encoding content-type text/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=74255 date Fri, 24 Sep 2021 05:08:40 GMT access-control-allow-headers Origin, X-Requested-With, Content-Type, Accept content-length 129247 expires Sat, 25 Sep 2021 01:46:15 GMT
GET H2	200	sha1.min.js Show response www.grandforksherald.com/theme/js/	4 KB 2 KB	419ms 416ms	Script application/javascript	13.225.78.15 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.grandforksherald.com/theme/js/sha1.min.js Requested by Host: www.grandforksherald.com URL: https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.78.15 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-78-15.fra2.r.cloudfront.net Software nginx/1.18.0 / Resource Hash 1261bd72cb39ecc1adb3aacb4987e04becf4dd1fce9622bf0895c3e90cb8c310 Security Headers Name Value Content-Security-Policy frame-ancestors https://cue.forum.cue.cloud Request headers :path /theme/js/sha1.min.js pragma no-cache cookie AWSALB=EwJdFT+QsH4HwBusaIg9ldPJtK7Llao+XVGP8D82G/y7nUCuJ0quEOS3CxIvJQzsGHJDNymF0TSrIykN3LXxWQZG2dcGQh5i3IrffN8yqdVoxBCsIshIzkIYkHtN; AWSALBCORS=EwJdFT+QsH4HwBusaIg9ldPJtK7Llao+XVGP8D82G/y7nUCuJ0quEOS3CxIvJQzsGHJDNymF0TSrIykN3LXxWQZG2dcGQh5i3IrffN8yqdVoxBCsIshIzkIYkHtN accept-encoding gzip, deflate, br accept-language de-DE,de;q=0.9 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 sec-fetch-mode no-cors accept */* cache-control no-cache sec-fetch-dest script :authority www.grandforksherald.com referer https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack :scheme https sec-fetch-site same-origin :method GET Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Fri, 24 Sep 2021 05:08:40 GMT content-encoding gzip age 91 x-edge-origin-shield-skipped 0 x-cache-host Front:varnish-10dfff.forum.cue.cloud Backend:cook-4558c0.forum.cue.cloud x-cache-backend cuefront1_nelson set-cookie AWSALB=YNlYFN02iGo6a7f7wYmxUZvO1U+5ROrZku3+FjCYtrqJ0XgGYks/bHjcf/fi5QK+3Gg3GpETT+bC3R3tiWTDNGdlj2L5XzFekrTMJVelB2G6TvC/FOiKK1YLDzld; Expires=Fri, 01 Oct 2021 05:08:40 GMT; Path=/ AWSALBCORS=YNlYFN02iGo6a7f7wYmxUZvO1U+5ROrZku3+FjCYtrqJ0XgGYks/bHjcf/fi5QK+3Gg3GpETT+bC3R3tiWTDNGdlj2L5XzFekrTMJVelB2G6TvC/FOiKK1YLDzld; Expires=Fri, 01 Oct 2021 05:08:40 GMT; Path=/; SameSite=None; Secure x-cache Miss from cloudfront content-length 1589 x-ua Amazon CloudFront last-modified Thu, 23 Sep 2021 15:05:35 GMT server nginx/1.18.0 etag W/"614c97bf-10f7" vary Accept-Encoding x-varnish 8265911 613718101 637078933 via 1.1 varnish (Varnish/5.2), 1.1 6fa33d47af6f4da7007689083cfe9b9c.cloudfront.net (CloudFront) cache-control max-age=360, s-maxage=300 content-security-policy frame-ancestors https://cue.forum.cue.cloud x-amz-cf-pop FRA2-C2 accept-ranges bytes content-type application/javascript x-amz-cf-id LXLZoxv6ZMssJMo7OH23IOc5O0XSztgvpndYCzO3g-gLrngupdMCFw==
GET H2	200	iframeResizer.js Show response cdnjs.cloudflare.com/ajax/libs/iframe-resizer/4.2.10/	36 KB 9 KB	34ms 15ms	Script application/javascript	104.16.18.94 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/iframe-resizer/4.2.10/iframeResizer.js Requested by Host: www.grandforksherald.com URL: https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.16.18.94 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 14cd740cfb34a149d34ebbcfe5391e044d5b1d2a5a1e4c4a5aa6e44c6914abf4 Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Fri, 24 Sep 2021 05:08:40 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} age 13295345 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 content-length 7882 cf-request-id 099f56ddb7000096f21930b000000001 timing-allow-origin * last-modified Mon, 04 May 2020 16:11:11 GMT server cloudflare cf-cdnjs-via cfworker/kv etag "5eb03e9f-8e6f" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=15780000 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=euz%2FeE%2BZCAlyS%2Fn%2Fs5NUgYqMAxMHxqYExTI1n2JSaNhD4vg4rOTDFNwxR5HFOHCcsAk%2BdjJyvTX9jUjdnBbvyZxYHYaNBtvVG36Xo8Ie0%2FwyWmLAON7l5uvne7EFFrSgKV3AR3m9"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=utf-8 access-control-allow-origin * vary Accept-Encoding cache-control public, max-age=30672000 accept-ranges bytes cf-ray 69397f069df35be9-FRA expires Wed, 14 Sep 2022 05:08:40 GMT
GET H2	200	auth0-spa-js.production.js Show response cdn.auth0.com/js/auth0-spa-js/1.13.6/	105 KB 38 KB	74ms 7ms	Script application/javascript	13.225.74.234 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cdn.auth0.com/js/auth0-spa-js/1.13.6/auth0-spa-js.production.js Requested by Host: www.grandforksherald.com URL: https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.74.234 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-74-234.fra2.r.cloudfront.net Software AmazonS3 / Resource Hash 01d6389de5581a2a3eb0cd4d6a05cb136bf07d221306f89173a080c73a38e392 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers x-amz-version-id hZQ15fDhfyRd2UWZnm65CTWubI52dYz6 content-encoding gzip etag W/"8bea9e0d733d097381a1b5eb8c40983d" age 29070 x-edge-origin-shield-skipped 0 x-amz-replication-status FAILED x-cache Hit from cloudfront last-modified Thu, 07 Jan 2021 14:32:48 GMT server AmazonS3 date Thu, 23 Sep 2021 21:04:10 GMT vary Accept-Encoding content-type application/javascript via 1.1 ccfe5851ecd4194e2d976fb32dec7539.cloudfront.net (CloudFront) cache-control max-age=2628000,public x-amz-cf-pop FRA2-C2 x-amz-cf-id Cb87-DH5pwkSujxuGWpZ1W8tvbXSdZ8320gksUGDdrJy0yyMzkt2eA==
GET H2	200	auth0.js Show response www.grandforksherald.com/theme/js/	6 KB 3 KB	417ms 414ms	Script application/javascript	13.225.78.15 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.grandforksherald.com/theme/js/auth0.js Requested by Host: www.grandforksherald.com URL: https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.78.15 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-78-15.fra2.r.cloudfront.net Software nginx/1.18.0 / Resource Hash 7547f8505f2a143a7d0977c5faaad0f8853f0212b2bee3c3a8149e2c0c115542 Security Headers Name Value Content-Security-Policy frame-ancestors https://cue.forum.cue.cloud Request headers :path /theme/js/auth0.js pragma no-cache cookie AWSALB=EwJdFT+QsH4HwBusaIg9ldPJtK7Llao+XVGP8D82G/y7nUCuJ0quEOS3CxIvJQzsGHJDNymF0TSrIykN3LXxWQZG2dcGQh5i3IrffN8yqdVoxBCsIshIzkIYkHtN; AWSALBCORS=EwJdFT+QsH4HwBusaIg9ldPJtK7Llao+XVGP8D82G/y7nUCuJ0quEOS3CxIvJQzsGHJDNymF0TSrIykN3LXxWQZG2dcGQh5i3IrffN8yqdVoxBCsIshIzkIYkHtN accept-encoding gzip, deflate, br accept-language de-DE,de;q=0.9 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 sec-fetch-mode no-cors accept */* cache-control no-cache sec-fetch-dest script :authority www.grandforksherald.com referer https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack :scheme https sec-fetch-site same-origin :method GET Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Fri, 24 Sep 2021 05:08:40 GMT content-encoding gzip age 386 x-cache Miss from cloudfront x-cache-host Front:varnish-5bd899.forum.cue.cloud Backend:cook-0728cf.forum.cue.cloud x-cache-backend cuefront2_nelson set-cookie AWSALB=N+yzmkbHp+soGpPTQaWhTStoxt7GUZpEW2SLSaTyNeYTXsM5BoKbhNnai0XnAu3ZiJc1I5JlAjGvWbVZoFAiGEMlwGQFnZ43ehkIomIkygSxKjUrdP++R5HMTmmY; Expires=Fri, 01 Oct 2021 05:08:40 GMT; Path=/ AWSALBCORS=N+yzmkbHp+soGpPTQaWhTStoxt7GUZpEW2SLSaTyNeYTXsM5BoKbhNnai0XnAu3ZiJc1I5JlAjGvWbVZoFAiGEMlwGQFnZ43ehkIomIkygSxKjUrdP++R5HMTmmY; Expires=Fri, 01 Oct 2021 05:08:40 GMT; Path=/; SameSite=None; Secure content-length 2093 x-ua Amazon CloudFront last-modified Thu, 23 Sep 2021 15:05:35 GMT server nginx/1.18.0 etag W/"614c97bf-18ed" vary Accept-Encoding x-varnish 1906628 638092744 626985375 via 1.1 varnish (Varnish/5.2), 1.1 6fa33d47af6f4da7007689083cfe9b9c.cloudfront.net (CloudFront) cache-control max-age=360, s-maxage=300 content-security-policy frame-ancestors https://cue.forum.cue.cloud x-amz-cf-pop FRA2-C2 accept-ranges bytes content-type application/javascript x-amz-cf-id 2kgQDx3jJ8GeSRg5Q_Otqtqbd3YAd63SZI1UBayl5sfye_bcJzktag==
GET H2	200	featherlight.min.css cdn.rawgit.com/noelboss/featherlight/1.7.13/release/	2 KB 1 KB	105ms 46ms	Stylesheet text/css	89.187.169.47 CDN77 ^_^
General Check archive.org Show headers Download Go to Full URL https://cdn.rawgit.com/noelboss/featherlight/1.7.13/release/featherlight.min.css Requested by Host: www.grandforksherald.com URL: https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack Protocol H2 Security TLS 1.3, , AES_256_GCM Server 89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB), Reverse DNS unn-89-187-169-47.cdn77.com Software BunnyCDN-DE1-756 / Resource Hash bc462b8920124b34fffa9f466debcfb0e097317ed6b76b73a547ad39c374fe34 Security Headers Name Value X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Fri, 24 Sep 2021 05:08:40 GMT content-encoding br x-content-type-options nosniff cdn-edgestorageid 756 access-control-allow-origin * cdn-cachedat 09/10/2021 02:04:17 cdn-pullzone 201235 server BunnyCDN-DE1-756 rawgit-cache-status HIT link <https://rawgit.com/>; rel="sunset"; title="RawGit will soon shut down. Please stop using it." cdn-proxyver 1.0 cdn-requestpullcode 200 x-robots-tag none vary Accept-Encoding sunset Tue, 01 Oct 2019 00:00:00 GMT cdn-cache HIT cdn-uid b1941f61-b576-4f40-80de-5677acb38f74 cache-control public, max-age=2592000 cdn-requestid fbd23b849934919bb52219885238b2cd content-type text/css; charset=utf-8 cdn-requestcountrycode US cdn-status 200 cdn-requestpullsuccess True
GET H2	200	featherlight.min.js Show response cdn.rawgit.com/noelboss/featherlight/1.7.13/release/	9 KB 4 KB	65ms 6ms	Script application/javascript	89.187.169.47 CDN77 ^_^
General Check archive.org Show headers Download Go to Full URL https://cdn.rawgit.com/noelboss/featherlight/1.7.13/release/featherlight.min.js Requested by Host: www.grandforksherald.com URL: https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack Protocol H2 Security TLS 1.3, , AES_256_GCM Server 89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB), Reverse DNS unn-89-187-169-47.cdn77.com Software BunnyCDN-DE1-756 / Resource Hash fd21104dc97db6fc980c0f12ba157f3cc9fddac84dde4367f02f6f9db05c13d6 Security Headers Name Value X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Fri, 24 Sep 2021 05:08:40 GMT content-encoding br x-content-type-options nosniff cdn-edgestorageid 756 access-control-allow-origin * cdn-cachedat 09/07/2021 21:56:08 cdn-pullzone 201235 server BunnyCDN-DE1-756 rawgit-cache-status HIT link <https://rawgit.com/>; rel="sunset"; title="RawGit will soon shut down. Please stop using it." cdn-proxyver 1.0 cdn-requestpullcode 200 x-robots-tag none vary Accept-Encoding sunset Tue, 01 Oct 2019 00:00:00 GMT cdn-cache HIT cdn-uid b1941f61-b576-4f40-80de-5677acb38f74 cache-control public, max-age=2592000 cdn-requestid dbec1eb054fb162cc5e93b9474014350 content-type application/javascript; charset=utf-8 cdn-requestcountrycode US cdn-status 200 cdn-requestpullsuccess True
GET H2	200	gpt.js Show response www.googletagservices.com/tag/js/	72 KB 26 KB	62ms 16ms	Script text/javascript	142.250.186.98 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagservices.com/tag/js/gpt.js Requested by Host: www.grandforksherald.com URL: https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.186.98 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s06-in-f2.1e100.net Software sffe / Resource Hash fb0c4f24759e388f0103e7d7048d98cdfe35c7f5e49b22236c19ac1db4afeb46 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Fri, 24 Sep 2021 05:08:40 GMT content-encoding gzip x-content-type-options nosniff server sffe etag "996 / 137 of 1000 / last-modified: 1632435212" vary Accept-Encoding report-to {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]} content-type text/javascript cache-control private, max-age=900, stale-while-revalidate=3600 timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 25687 x-xss-protection 0 cross-origin-opener-policy-report-only same-origin; report-to="ads-gpt-scs" expires Fri, 24 Sep 2021 05:08:40 GMT
GET H2	200	prebid.min.js Show response www.grandforksherald.com/theme/js/	207 KB 66 KB	522ms 521ms	Script application/javascript	13.225.78.15 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.grandforksherald.com/theme/js/prebid.min.js Requested by Host: www.grandforksherald.com URL: https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.78.15 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-78-15.fra2.r.cloudfront.net Software nginx/1.18.0 / Resource Hash 55bf71ca34feb96f04baa1a01816d839461ae9744389b9b30875216047581178 Security Headers Name Value Content-Security-Policy frame-ancestors https://cue.forum.cue.cloud Request headers :path /theme/js/prebid.min.js pragma no-cache cookie AWSALB=EwJdFT+QsH4HwBusaIg9ldPJtK7Llao+XVGP8D82G/y7nUCuJ0quEOS3CxIvJQzsGHJDNymF0TSrIykN3LXxWQZG2dcGQh5i3IrffN8yqdVoxBCsIshIzkIYkHtN; AWSALBCORS=EwJdFT+QsH4HwBusaIg9ldPJtK7Llao+XVGP8D82G/y7nUCuJ0quEOS3CxIvJQzsGHJDNymF0TSrIykN3LXxWQZG2dcGQh5i3IrffN8yqdVoxBCsIshIzkIYkHtN accept-encoding gzip, deflate, br accept-language de-DE,de;q=0.9 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 sec-fetch-mode no-cors accept */* cache-control no-cache sec-fetch-dest script :authority www.grandforksherald.com referer https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack :scheme https sec-fetch-site same-origin :method GET Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Fri, 24 Sep 2021 05:08:40 GMT content-encoding gzip age 371 x-edge-origin-shield-skipped 0 x-cache-host Front:varnish-10dfff.forum.cue.cloud Backend:cook-7b30fa.forum.cue.cloud x-cache-backend cuefront1_nelson set-cookie AWSALB=75h/b/F+uxDVL/joLFWWz+rDzmL7PQnHFwe+0xqhU8hVbaKKaaZ7l1ikhlnUJlppJwGNfn4quEp+JNCC9lAYgBS9C2IOyeY+ukSjM9Ie+I6W2amlClFVDQrx98xa; Expires=Fri, 01 Oct 2021 05:08:40 GMT; Path=/ AWSALBCORS=75h/b/F+uxDVL/joLFWWz+rDzmL7PQnHFwe+0xqhU8hVbaKKaaZ7l1ikhlnUJlppJwGNfn4quEp+JNCC9lAYgBS9C2IOyeY+ukSjM9Ie+I6W2amlClFVDQrx98xa; Expires=Fri, 01 Oct 2021 05:08:40 GMT; Path=/; SameSite=None; Secure x-cache Miss from cloudfront content-length 66346 x-ua Amazon CloudFront last-modified Thu, 23 Sep 2021 15:05:35 GMT server nginx/1.18.0 etag W/"614c97bf-33bb0" vary Accept-Encoding x-varnish 1114997 633800969 614242558 via 1.1 varnish (Varnish/5.2), 1.1 6fa33d47af6f4da7007689083cfe9b9c.cloudfront.net (CloudFront) cache-control max-age=360, s-maxage=300 content-security-policy frame-ancestors https://cue.forum.cue.cloud x-amz-cf-pop FRA2-C2 accept-ranges bytes content-type application/javascript x-amz-cf-id ZIwEytxK7NuTCfMCe40d4TNlDQVq2KLDKzLuevt-hdJEbS88a7Edng==
GET H2	200	googletag-prebid.min.js Show response www.grandforksherald.com/theme/js/	44 KB 6 KB	426ms 424ms	Script application/javascript	13.225.78.15 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.grandforksherald.com/theme/js/googletag-prebid.min.js Requested by Host: www.grandforksherald.com URL: https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.78.15 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-78-15.fra2.r.cloudfront.net Software nginx/1.18.0 / Resource Hash d0d86b229c486e99a5c3ed289fe23d9365482826e3bb99002822d2cce292a667 Security Headers Name Value Content-Security-Policy frame-ancestors https://cue.forum.cue.cloud Request headers :path /theme/js/googletag-prebid.min.js pragma no-cache cookie AWSALB=EwJdFT+QsH4HwBusaIg9ldPJtK7Llao+XVGP8D82G/y7nUCuJ0quEOS3CxIvJQzsGHJDNymF0TSrIykN3LXxWQZG2dcGQh5i3IrffN8yqdVoxBCsIshIzkIYkHtN; AWSALBCORS=EwJdFT+QsH4HwBusaIg9ldPJtK7Llao+XVGP8D82G/y7nUCuJ0quEOS3CxIvJQzsGHJDNymF0TSrIykN3LXxWQZG2dcGQh5i3IrffN8yqdVoxBCsIshIzkIYkHtN accept-encoding gzip, deflate, br accept-language de-DE,de;q=0.9 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 sec-fetch-mode no-cors accept */* cache-control no-cache sec-fetch-dest script :authority www.grandforksherald.com referer https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack :scheme https sec-fetch-site same-origin :method GET Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Fri, 24 Sep 2021 05:08:40 GMT content-encoding gzip age 10 x-edge-origin-shield-skipped 0 x-cache-host Front:varnish-5bd899.forum.cue.cloud Backend:cook-ea6823.forum.cue.cloud x-cache-backend cuefront1_nelson set-cookie AWSALB=KqQmYp4grV1/dmlvHUJ0CpeAeZMPViSv1Gv0YHxiqGgi+ID2Nwb7lGYKnm1MrwoVgKbsKYFxVM4gB/kp7wIVIawGFez5mhb5IqmvZI1l9h/hEEfYuRoMasKLD8qe; Expires=Fri, 01 Oct 2021 05:08:40 GMT; Path=/ AWSALBCORS=KqQmYp4grV1/dmlvHUJ0CpeAeZMPViSv1Gv0YHxiqGgi+ID2Nwb7lGYKnm1MrwoVgKbsKYFxVM4gB/kp7wIVIawGFez5mhb5IqmvZI1l9h/hEEfYuRoMasKLD8qe; Expires=Fri, 01 Oct 2021 05:08:40 GMT; Path=/; SameSite=None; Secure x-cache Miss from cloudfront content-length 4998 x-ua Amazon CloudFront last-modified Thu, 23 Sep 2021 15:05:35 GMT server nginx/1.18.0 etag W/"614c97bf-af47" vary Accept-Encoding x-varnish 11212243 636391226 635736907 via 1.1 varnish (Varnish/5.2), 1.1 6fa33d47af6f4da7007689083cfe9b9c.cloudfront.net (CloudFront) cache-control max-age=360, s-maxage=300 content-security-policy frame-ancestors https://cue.forum.cue.cloud x-amz-cf-pop FRA2-C2 accept-ranges bytes content-type application/javascript x-amz-cf-id lJnWp2N2hb9C-_D_gd8bdOl6wcOkhetWJjWkYhC_mmdfqdf2epky9A==
GET H2	200	chartbeat_mab.js Show response static.chartbeat.com/js/	23 KB 10 KB	72ms 7ms	Script application/x-javascript	13.224.190.164 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://static.chartbeat.com/js/chartbeat_mab.js Requested by Host: www.grandforksherald.com URL: https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.190.164 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-190-164.fra2.r.cloudfront.net Software nginx / Resource Hash 8491e6705bdb33a52dce45f3e5299aab11aa555537f6a6e869e4a0bd9af3d7be Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Fri, 24 Sep 2021 03:54:19 GMT content-encoding gzip age 4461 x-edge-origin-shield-skipped 0 cross-origin-resource-policy cross-origin x-cache Hit from cloudfront last-modified Thu, 08 Jul 2021 15:47:37 GMT server nginx etag W/"60e71e19-5a0d" vary Accept-Encoding content-type application/x-javascript via 1.1 29051585a13addd312c8ac9d527433c6.cloudfront.net (CloudFront) cache-control max-age=7200 x-amz-cf-pop FRA2-C1 x-amz-cf-id xIzbVJyEbsz4XTnlHA9i6rlgr2EkzymF56sX1h7UaCQ35I3mI5I-VQ== expires Fri, 24 Sep 2021 05:54:19 GMT
GET H/1.1	200 OK	load.js Show response s.ntv.io/serve/	375 KB 110 KB	76ms 16ms	Script application/x-javascript	2.18.234.163 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://s.ntv.io/serve/load.js Requested by Host: www.grandforksherald.com URL: https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2.18.234.163 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a2-18-234-163.deploy.static.akamaitechnologies.com Software AmazonS3 / Resource Hash aad15a6fbf7002a4ec29808c3c48a5ca17265648f5fa3e4988fc0ef81f909e9c Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Date Fri, 24 Sep 2021 05:08:40 GMT Content-Encoding gzip x-amz-request-id FZ4E3B2ZF0X1SXAW x-amz-server-side-encryption AES256 Transfer-Encoding chunked Connection keep-alive, Transfer-Encoding x-amz-id-2 mdbYekDme3vgULUynPJ/5TJua2p/IXJyzOxiUIAVNvMwOGJeeXhcTcczgjjOs2s07Rt1aH6sLXI= Last-Modified Thu, 23 Sep 2021 21:54:09 GMT Server AmazonS3 ETag "7980e3f72665ae3fdf2ec282747af02e" Vary Accept-Encoding Access-Control-Allow-Methods GET Content-Type application/x-javascript Access-Control-Allow-Origin * Cache-Control public, max-age=3600 Accept-Ranges bytes Access-Control-Allow-Headers *
GET H2	200	spm.v1.min.js Show response ak.sail-horizon.com/spm/	121 KB 43 KB	86ms 7ms	Script application/javascript	13.225.78.57 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://ak.sail-horizon.com/spm/spm.v1.min.js Requested by Host: www.grandforksherald.com URL: https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.78.57 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-78-57.fra2.r.cloudfront.net Software AmazonS3 / Resource Hash d06ae5e97e495832fc4526c3e93d7e9440f1faf5f77669b41678c9d564a25faf Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Fri, 24 Sep 2021 05:04:49 GMT content-encoding gzip last-modified Tue, 08 Jun 2021 04:22:34 GMT server AmazonS3 age 231 etag W/"b22b4f4738e8722be1636447be239da2" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript via 1.1 58b222ebbb6cc6c8c8c9a46127ae3a3e.cloudfront.net (CloudFront) cache-control max-age=600; must-revalidate x-amz-cf-pop FRA2-C2 x-amz-cf-id kONvXQ2Y5V0eutX8lnU3CLeqQXsZJQ4D1akcNxeKzJMWU3KOgY50Ng==
GET H2	200	owl.carousel.min.css www.grandforksherald.com/theme/css/	3 KB 2 KB	12ms 11ms	Stylesheet text/css	13.225.78.15 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.grandforksherald.com/theme/css/owl.carousel.min.css Requested by Host: www.grandforksherald.com URL: https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.78.15 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-78-15.fra2.r.cloudfront.net Software nginx/1.18.0 / Resource Hash 521410e1fc44780061e09adc980275fb5ea277fd5d9e538454214ec4379ff4bc Security Headers Name Value Content-Security-Policy frame-ancestors https://cue.forum.cue.cloud Request headers :path /theme/css/owl.carousel.min.css pragma no-cache cookie AWSALB=EwJdFT+QsH4HwBusaIg9ldPJtK7Llao+XVGP8D82G/y7nUCuJ0quEOS3CxIvJQzsGHJDNymF0TSrIykN3LXxWQZG2dcGQh5i3IrffN8yqdVoxBCsIshIzkIYkHtN; AWSALBCORS=EwJdFT+QsH4HwBusaIg9ldPJtK7Llao+XVGP8D82G/y7nUCuJ0quEOS3CxIvJQzsGHJDNymF0TSrIykN3LXxWQZG2dcGQh5i3IrffN8yqdVoxBCsIshIzkIYkHtN accept-encoding gzip, deflate, br accept-language de-DE,de;q=0.9 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 sec-fetch-mode no-cors accept text/css,*/*;q=0.1 cache-control no-cache sec-fetch-dest style :authority www.grandforksherald.com referer https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack :scheme https sec-fetch-site same-origin :method GET Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Fri, 24 Sep 2021 05:07:46 GMT content-encoding gzip age 84 x-edge-origin-shield-skipped 0 x-cache-host Front:varnish-5bd899.forum.cue.cloud Backend:cook-0728cf.forum.cue.cloud x-cache-backend cuefront2_nelson set-cookie AWSALB=+lElVDn6GPiZOErD3abJ7iq+7438D/zZW1CPwplXK0wgBFbWclXmRC16vadX8K/RUFqYmbe8o181tVIIogkTEBzNzr/jWy159nl/LeoRJtCDixb7yMO/qbrX3GfB; Expires=Fri, 01 Oct 2021 05:07:46 GMT; Path=/ AWSALBCORS=+lElVDn6GPiZOErD3abJ7iq+7438D/zZW1CPwplXK0wgBFbWclXmRC16vadX8K/RUFqYmbe8o181tVIIogkTEBzNzr/jWy159nl/LeoRJtCDixb7yMO/qbrX3GfB; Expires=Fri, 01 Oct 2021 05:07:46 GMT; Path=/; SameSite=None; Secure x-cache Hit from cloudfront content-length 1068 x-ua Amazon CloudFront last-modified Thu, 23 Sep 2021 16:16:16 GMT server nginx/1.18.0 etag W/"614ca850-d17" vary Accept-Encoding x-varnish 4132054 624857361 638715486 via 1.1 varnish (Varnish/5.2), 1.1 6fa33d47af6f4da7007689083cfe9b9c.cloudfront.net (CloudFront) cache-control max-age=360, s-maxage=300 content-security-policy frame-ancestors https://cue.forum.cue.cloud x-amz-cf-pop FRA2-C2 accept-ranges bytes content-type text/css x-amz-cf-id VofSKXreV4qdGQvm5g5vhmOQpwD2aGz_irQ6SiKvukbdEEbPxRowmw==
GET H2	200	addthis_widget.js Show response s7.addthis.com/js/300/	353 KB 114 KB	94ms 30ms	Script application/javascript	104.75.88.126 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://s7.addthis.com/js/300/addthis_widget.js Requested by Host: www.grandforksherald.com URL: https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.75.88.126 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-75-88-126.deploy.static.akamaitechnologies.com Software nginx/1.15.8 / Resource Hash acd2f7ad78edeebad4b6b0fdd17ff57d81c3726c60fd5435ee8c5a0115d29403 Security Headers Name Value Strict-Transport-Security max-age=15724800; includeSubDomains Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers strict-transport-security max-age=15724800; includeSubDomains content-encoding gzip last-modified Mon, 26 Oct 2020 18:11:48 GMT server nginx/1.15.8 etag "5f971164-5834c" vary Accept-Encoding x-distribution 99 content-type application/javascript cache-control public, max-age=600 date Fri, 24 Sep 2021 05:08:40 GMT x-host s7.addthis.com content-length 116325
GET H2	200	origami-widget.js Show response origami.secure.ownlocal.com/	13 KB 13 KB	61ms 7ms	Script application/javascript	34.96.77.232 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://origami.secure.ownlocal.com/origami-widget.js Requested by Host: www.grandforksherald.com URL: https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.96.77.232 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS 232.77.96.34.bc.googleusercontent.com Software UploadServer / Resource Hash d6a5789ddcefcde65aca42763fdf458a4df543f92f13d903aab39e05918971cc Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Thu, 23 Sep 2021 07:01:58 GMT age 79602 x-guploader-uploadid ADPycdv2wabX1lGRjDvRRN3uqGMQDDx8cmAVC2Qyu9_IxqpizkcIY49FV9G_8JxAqkUy6xjUdt_KntHAQec53SnfUiC3A5Jy5g x-goog-storage-class MULTI_REGIONAL x-goog-metageneration 2 x-goog-stored-content-encoding identity alt-svc clear content-length 13289 last-modified Mon, 19 Oct 2020 18:40:43 GMT server UploadServer etag "f5183a07384a657e61aaaeba0fc72448" x-goog-hash crc32c=FHVKdg==, md5=9Rg6BzhKZX5hqq66D8ckSA== x-goog-generation 1603132843078573 access-control-allow-origin * access-control-expose-headers Content-Type cache-control public, max-age=86400 x-goog-stored-content-length 13289 accept-ranges bytes content-type application/javascript expires Fri, 24 Sep 2021 07:01:58 GMT
GET H/1.1	200 OK	loadJobsHQ.js Show response widgets.stagingjobshq.com/dist/	945 B 1 KB	802ms 131ms	Script application/x-javascript	65.52.24.41 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://widgets.stagingjobshq.com/dist/loadJobsHQ.js Requested by Host: www.grandforksherald.com URL: https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 65.52.24.41 Chicago, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Microsoft-IIS/10.0 / ASP.NET Resource Hash a83052c6ad5ef66bedfcefd1b5c1682285a71dd210412164170214d62bb4da97 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Date Fri, 24 Sep 2021 05:08:41 GMT Content-Encoding gzip ETag "f8b308f67c2d61:0" Last-Modified Tue, 24 Nov 2020 13:41:49 GMT Server Microsoft-IIS/10.0 X-Powered-By ASP.NET Vary Accept-Encoding Content-Type application/x-javascript Cache-Control max-age=604800 Accept-Ranges bytes Content-Length 503
GET H2	200	all.css static.forumcomm.com/css/	102 KB 18 KB	12ms 11ms	Stylesheet text/css	13.224.193.88 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://static.forumcomm.com/css/all.css Requested by Host: www.grandforksherald.com URL: https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.193.88 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-193-88.fra2.r.cloudfront.net Software AmazonS3 / Resource Hash 1cee87ecea5f99dce79483ee4d0f2bb1aa48b726bab80074ddac3fda062e7b40 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Thu, 23 Sep 2021 10:00:41 GMT content-encoding gzip last-modified Tue, 25 Jun 2019 21:22:06 GMT server AmazonS3 age 68880 etag W/"223184abec7096dbf32d54b6bd749901" vary Accept-Encoding x-edge-origin-shield-skipped 0 content-type text/css via 1.1 29051585a13addd312c8ac9d527433c6.cloudfront.net (CloudFront) x-cache Hit from cloudfront x-amz-cf-pop FRA2-C1 x-amz-cf-id d6GMlLgGBIQuL5aWh5Je_m3bE3goIG5yIXDP0grU2fSoHaE2WOfG5Q==
GET H2	200	moment.min.js Show response cdnjs.cloudflare.com/ajax/libs/moment.js/2.22.2/	50 KB 15 KB	15ms 12ms	Script application/javascript	104.16.18.94 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/moment.js/2.22.2/moment.min.js Requested by Host: www.grandforksherald.com URL: https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.16.18.94 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 0aeb4ecf1091b9c52c9fa0ba4dc118b1abafbd88a51278935e574f6baff0bb49 Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Fri, 24 Sep 2021 05:08:40 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} age 1428320 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 content-length 15247 timing-allow-origin * last-modified Mon, 04 May 2020 16:13:26 GMT server cloudflare cf-cdnjs-via cfworker/kv etag "5eb03f26-c9df" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=15780000 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FJTX4ILzJYDzZyR3qS0fNmiF6f9P4GjEYX6EGkZg7uHwob%2BWL3CuaYej8pu1s4yrVPAzgsY%2BIPx07cgVGhUoa7mbEaP%2BbC8vvKC73tY%2BGIctwongBLWlix1U209JYlFvUNE0lI2w"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=utf-8 access-control-allow-origin * vary Accept-Encoding cache-control public, max-age=30672000 accept-ranges bytes cf-ray 69397f0a9a0c5be9-FRA expires Wed, 14 Sep 2022 05:08:40 GMT
GET H2	200	jquery.oembed.min.js Show response www.grandforksherald.com/theme/js/	48 KB 15 KB	211ms 208ms	Script application/javascript	13.225.78.15 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.grandforksherald.com/theme/js/jquery.oembed.min.js Requested by Host: www.grandforksherald.com URL: https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.78.15 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-78-15.fra2.r.cloudfront.net Software nginx/1.18.0 / Resource Hash 977a8401bfc0c8e31b070aae1b35f5ab30ffbd958b79ecdef2c4b904cd431307 Security Headers Name Value Content-Security-Policy frame-ancestors https://cue.forum.cue.cloud Request headers :path /theme/js/jquery.oembed.min.js pragma no-cache cookie AWSALB=75h/b/F+uxDVL/joLFWWz+rDzmL7PQnHFwe+0xqhU8hVbaKKaaZ7l1ikhlnUJlppJwGNfn4quEp+JNCC9lAYgBS9C2IOyeY+ukSjM9Ie+I6W2amlClFVDQrx98xa; AWSALBCORS=75h/b/F+uxDVL/joLFWWz+rDzmL7PQnHFwe+0xqhU8hVbaKKaaZ7l1ikhlnUJlppJwGNfn4quEp+JNCC9lAYgBS9C2IOyeY+ukSjM9Ie+I6W2amlClFVDQrx98xa accept-encoding gzip, deflate, br accept-language de-DE,de;q=0.9 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 sec-fetch-mode no-cors accept */* cache-control no-cache sec-fetch-dest script :authority www.grandforksherald.com referer https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack :scheme https sec-fetch-site same-origin :method GET Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Fri, 24 Sep 2021 05:08:40 GMT content-encoding gzip age 256 x-cache Miss from cloudfront x-cache-host Front:varnish-5bd899.forum.cue.cloud Backend:cook-5e43d3.forum.cue.cloud x-cache-backend cuefront2_nelson set-cookie AWSALB=nZJQpykodnE7pZnbJ6+/DRyCtLKfJDSiSUNwVAfw23gfG+xWA05UpEGXACIR9ib7SChYEZSl3NGjNsrZZuXJ6M016S4S9eKKLMiM9Wgcp49pLpU6V82IYlL/88Kg; Expires=Fri, 01 Oct 2021 05:08:40 GMT; Path=/ AWSALBCORS=nZJQpykodnE7pZnbJ6+/DRyCtLKfJDSiSUNwVAfw23gfG+xWA05UpEGXACIR9ib7SChYEZSl3NGjNsrZZuXJ6M016S4S9eKKLMiM9Wgcp49pLpU6V82IYlL/88Kg; Expires=Fri, 01 Oct 2021 05:08:40 GMT; Path=/; SameSite=None; Secure content-length 14135 x-ua Amazon CloudFront last-modified Thu, 23 Sep 2021 15:05:35 GMT server nginx/1.18.0 etag W/"614c97bf-c1c2" vary Accept-Encoding x-varnish 3344528 636357806 638978092 via 1.1 varnish (Varnish/5.2), 1.1 6fa33d47af6f4da7007689083cfe9b9c.cloudfront.net (CloudFront) cache-control max-age=360, s-maxage=300 content-security-policy frame-ancestors https://cue.forum.cue.cloud x-amz-cf-pop FRA2-C2 accept-ranges bytes content-type application/javascript x-amz-cf-id Ah9Uz_0wGXGeAyDELPI0Y-uoHfIx9Fl2FDWsisG9sj1ysKYjqBX8_Q==
GET H2	200	main.js Show response www.grandforksherald.com/theme/js/	2 KB 2 KB	14ms 11ms	Script application/javascript	13.225.78.15 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.grandforksherald.com/theme/js/main.js Requested by Host: www.grandforksherald.com URL: https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.78.15 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-78-15.fra2.r.cloudfront.net Software nginx/1.18.0 / Resource Hash be3b7bbda10c8f4c5dc6052819baa8ad3829213e7db74d8aef16694dc3a61c75 Security Headers Name Value Content-Security-Policy frame-ancestors https://cue.forum.cue.cloud Request headers :path /theme/js/main.js pragma no-cache cookie AWSALB=75h/b/F+uxDVL/joLFWWz+rDzmL7PQnHFwe+0xqhU8hVbaKKaaZ7l1ikhlnUJlppJwGNfn4quEp+JNCC9lAYgBS9C2IOyeY+ukSjM9Ie+I6W2amlClFVDQrx98xa; AWSALBCORS=75h/b/F+uxDVL/joLFWWz+rDzmL7PQnHFwe+0xqhU8hVbaKKaaZ7l1ikhlnUJlppJwGNfn4quEp+JNCC9lAYgBS9C2IOyeY+ukSjM9Ie+I6W2amlClFVDQrx98xa accept-encoding gzip, deflate, br accept-language de-DE,de;q=0.9 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 sec-fetch-mode no-cors accept */* cache-control no-cache sec-fetch-dest script :authority www.grandforksherald.com referer https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack :scheme https sec-fetch-site same-origin :method GET Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Fri, 24 Sep 2021 05:08:10 GMT content-encoding gzip age 52 x-edge-origin-shield-skipped 0 x-cache-host Front:varnish-10dfff.forum.cue.cloud Backend:cook-7b30fa.forum.cue.cloud x-cache-backend cuefront1_nelson set-cookie AWSALB=7eCSsyCNE0uOg9DmMSmjuF3mqlFtFpQ0CX4VniFr9rPcReuquMNHG5B14DYutCsrPNOG67xEOG7lRpVL4qxBR/fkst3d70hq8ic4MHajj2x1/qyQiCrxB8wRXdLA; Expires=Fri, 01 Oct 2021 05:08:10 GMT; Path=/ AWSALBCORS=7eCSsyCNE0uOg9DmMSmjuF3mqlFtFpQ0CX4VniFr9rPcReuquMNHG5B14DYutCsrPNOG67xEOG7lRpVL4qxBR/fkst3d70hq8ic4MHajj2x1/qyQiCrxB8wRXdLA; Expires=Fri, 01 Oct 2021 05:08:10 GMT; Path=/; SameSite=None; Secure x-cache Hit from cloudfront content-length 842 x-ua Amazon CloudFront last-modified Thu, 23 Sep 2021 15:05:35 GMT server nginx/1.18.0 etag W/"614c97bf-984" vary Accept-Encoding x-varnish 951626 630952242 613718057 via 1.1 varnish (Varnish/5.2), 1.1 6fa33d47af6f4da7007689083cfe9b9c.cloudfront.net (CloudFront) cache-control max-age=360, s-maxage=300 content-security-policy frame-ancestors https://cue.forum.cue.cloud x-amz-cf-pop FRA2-C2 accept-ranges bytes content-type application/javascript x-amz-cf-id QNXeb-7V5uJvLKdsbanJYq6zkGquM1_6J3e06vN1HD-TBifJBxLt5Q==
GET H2	200	poll.js Show response www.grandforksherald.com/theme/js/	476 B 1 KB	423ms 420ms	Script application/javascript	13.225.78.15 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.grandforksherald.com/theme/js/poll.js Requested by Host: www.grandforksherald.com URL: https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.78.15 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-78-15.fra2.r.cloudfront.net Software nginx/1.18.0 / Resource Hash 4400f57e825b86a1f18695543f171d6c66ec01502e806d52b80a4d4a44e0ef10 Security Headers Name Value Content-Security-Policy frame-ancestors https://cue.forum.cue.cloud Request headers :path /theme/js/poll.js pragma no-cache cookie AWSALB=75h/b/F+uxDVL/joLFWWz+rDzmL7PQnHFwe+0xqhU8hVbaKKaaZ7l1ikhlnUJlppJwGNfn4quEp+JNCC9lAYgBS9C2IOyeY+ukSjM9Ie+I6W2amlClFVDQrx98xa; AWSALBCORS=75h/b/F+uxDVL/joLFWWz+rDzmL7PQnHFwe+0xqhU8hVbaKKaaZ7l1ikhlnUJlppJwGNfn4quEp+JNCC9lAYgBS9C2IOyeY+ukSjM9Ie+I6W2amlClFVDQrx98xa accept-encoding gzip, deflate, br accept-language de-DE,de;q=0.9 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 sec-fetch-mode no-cors accept */* cache-control no-cache sec-fetch-dest script :authority www.grandforksherald.com referer https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack :scheme https sec-fetch-site same-origin :method GET Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Fri, 24 Sep 2021 05:08:41 GMT content-encoding gzip age 110 x-edge-origin-shield-skipped 0 x-cache-host Front:varnish-10dfff.forum.cue.cloud Backend:cook-0728cf.forum.cue.cloud x-cache-backend cuefront1_nelson set-cookie AWSALB=Ds0IWnSMclO4FCw3yFvd1EhygdLlMMI7zBtEX5ogxBrrK3eZsq2EwIzUm8BrV+ytYiIM+XVce9qtCzTKxxY2ensqHjW4ONvie5Lu+fq6ojYJ17fb621eTphYXabb; Expires=Fri, 01 Oct 2021 05:08:41 GMT; Path=/ AWSALBCORS=Ds0IWnSMclO4FCw3yFvd1EhygdLlMMI7zBtEX5ogxBrrK3eZsq2EwIzUm8BrV+ytYiIM+XVce9qtCzTKxxY2ensqHjW4ONvie5Lu+fq6ojYJ17fb621eTphYXabb; Expires=Fri, 01 Oct 2021 05:08:41 GMT; Path=/; SameSite=None; Secure x-cache Miss from cloudfront content-length 264 x-ua Amazon CloudFront last-modified Thu, 23 Sep 2021 15:05:35 GMT server nginx/1.18.0 etag W/"614c97bf-1dc" vary Accept-Encoding x-varnish 4132032 630952285 615782122 via 1.1 varnish (Varnish/5.2), 1.1 6fa33d47af6f4da7007689083cfe9b9c.cloudfront.net (CloudFront) cache-control max-age=360, s-maxage=300 content-security-policy frame-ancestors https://cue.forum.cue.cloud x-amz-cf-pop FRA2-C2 accept-ranges bytes content-type application/javascript x-amz-cf-id kpK25C13mCZ_0Q9ZOifmOV-HhIXnibKlhjIul9Amc-nKLgVdNqj1Ug==
GET H2	200	owl.carousel.min.js Show response www.grandforksherald.com/theme/js/	43 KB 12 KB	419ms 416ms	Script application/javascript	13.225.78.15 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.grandforksherald.com/theme/js/owl.carousel.min.js Requested by Host: www.grandforksherald.com URL: https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.78.15 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-78-15.fra2.r.cloudfront.net Software nginx/1.18.0 / Resource Hash a53c43f834b32309b084ea9314df8307e9c78cee2202c6e07f216ae4ae5b704d Security Headers Name Value Content-Security-Policy frame-ancestors https://cue.forum.cue.cloud Request headers :path /theme/js/owl.carousel.min.js pragma no-cache cookie AWSALB=75h/b/F+uxDVL/joLFWWz+rDzmL7PQnHFwe+0xqhU8hVbaKKaaZ7l1ikhlnUJlppJwGNfn4quEp+JNCC9lAYgBS9C2IOyeY+ukSjM9Ie+I6W2amlClFVDQrx98xa; AWSALBCORS=75h/b/F+uxDVL/joLFWWz+rDzmL7PQnHFwe+0xqhU8hVbaKKaaZ7l1ikhlnUJlppJwGNfn4quEp+JNCC9lAYgBS9C2IOyeY+ukSjM9Ie+I6W2amlClFVDQrx98xa accept-encoding gzip, deflate, br accept-language de-DE,de;q=0.9 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 sec-fetch-mode no-cors accept */* cache-control no-cache sec-fetch-dest script :authority www.grandforksherald.com referer https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack :scheme https sec-fetch-site same-origin :method GET Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Fri, 24 Sep 2021 05:08:41 GMT content-encoding gzip age 153 x-cache Miss from cloudfront x-cache-host Front:varnish-5bd899.forum.cue.cloud Backend:cook-4558c0.forum.cue.cloud x-cache-backend cuefront1_nelson set-cookie AWSALB=VwRbotL3s+5YOYSAHvjeAB7LV+b0XwbXweesI9dGT9/jJyocXa9jpn3nWhjohc/FKQ5jkuwOrLqkQ472b+YjR6oIn3xcg8x4cHbrJxuIvF+T6/45KVOScp4C7Vp4; Expires=Fri, 01 Oct 2021 05:08:41 GMT; Path=/ AWSALBCORS=VwRbotL3s+5YOYSAHvjeAB7LV+b0XwbXweesI9dGT9/jJyocXa9jpn3nWhjohc/FKQ5jkuwOrLqkQ472b+YjR6oIn3xcg8x4cHbrJxuIvF+T6/45KVOScp4C7Vp4; Expires=Fri, 01 Oct 2021 05:08:41 GMT; Path=/; SameSite=None; Secure content-length 11412 x-ua Amazon CloudFront last-modified Thu, 23 Sep 2021 15:05:35 GMT server nginx/1.18.0 etag W/"614c97bf-ad36" vary Accept-Encoding x-varnish 13730759 637209976 630556763 via 1.1 varnish (Varnish/5.2), 1.1 6fa33d47af6f4da7007689083cfe9b9c.cloudfront.net (CloudFront) cache-control max-age=360, s-maxage=300 content-security-policy frame-ancestors https://cue.forum.cue.cloud x-amz-cf-pop FRA2-C2 accept-ranges bytes content-type application/javascript x-amz-cf-id KUQsJSRNi6P3W01VsHOTwsflb6Bbcx4OQVy1Me_IMu7H9Ha6DJ2G1g==
GET H2	200	fccgtminit.js Show response www.grandforksherald.com/theme/js/prod/	491 B 1 KB	116ms 115ms	Script application/javascript	13.225.78.15 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.grandforksherald.com/theme/js/prod/fccgtminit.js Requested by Host: www.grandforksherald.com URL: https://www.grandforksherald.com/theme/js/fccgtmscriptloader.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.78.15 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-78-15.fra2.r.cloudfront.net Software nginx/1.18.0 / Resource Hash 9f2ad8984cc485be77a3031bc50b975157e7ffe7a56d1ecee02a71092e2166f1 Security Headers Name Value Content-Security-Policy frame-ancestors https://cue.forum.cue.cloud Request headers :path /theme/js/prod/fccgtminit.js pragma no-cache cookie AWSALB=75h/b/F+uxDVL/joLFWWz+rDzmL7PQnHFwe+0xqhU8hVbaKKaaZ7l1ikhlnUJlppJwGNfn4quEp+JNCC9lAYgBS9C2IOyeY+ukSjM9Ie+I6W2amlClFVDQrx98xa; AWSALBCORS=75h/b/F+uxDVL/joLFWWz+rDzmL7PQnHFwe+0xqhU8hVbaKKaaZ7l1ikhlnUJlppJwGNfn4quEp+JNCC9lAYgBS9C2IOyeY+ukSjM9Ie+I6W2amlClFVDQrx98xa accept-encoding gzip, deflate, br accept-language de-DE,de;q=0.9 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 sec-fetch-mode no-cors accept */* cache-control no-cache sec-fetch-dest script :authority www.grandforksherald.com referer https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack :scheme https sec-fetch-site same-origin :method GET Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Fri, 24 Sep 2021 05:08:40 GMT content-encoding gzip age 397 x-edge-origin-shield-skipped 0 x-cache-host Front:varnish-5bd899.forum.cue.cloud Backend:cook-8a5ec2.forum.cue.cloud x-cache-backend cuefront1_nelson set-cookie AWSALB=21YcDLBBhqDtxFVn4si6CEPvcXE+xjwp8I3+4cxP0BgfXl6Z2mrNzo3qQHwEBLU0g7AdHBUxah93dtSV4qfC8I0Lb72q7ZJU+ksh/eaJqcv0hAVvidFM6NzBG82U; Expires=Fri, 01 Oct 2021 05:08:40 GMT; Path=/ AWSALBCORS=21YcDLBBhqDtxFVn4si6CEPvcXE+xjwp8I3+4cxP0BgfXl6Z2mrNzo3qQHwEBLU0g7AdHBUxah93dtSV4qfC8I0Lb72q7ZJU+ksh/eaJqcv0hAVvidFM6NzBG82U; Expires=Fri, 01 Oct 2021 05:08:40 GMT; Path=/; SameSite=None; Secure x-cache Miss from cloudfront content-length 361 x-ua Amazon CloudFront last-modified Thu, 23 Sep 2021 15:05:35 GMT server nginx/1.18.0 etag W/"614c97bf-1eb" vary Accept-Encoding x-varnish 6004557 630361495 634391756 via 1.1 varnish (Varnish/5.2), 1.1 6fa33d47af6f4da7007689083cfe9b9c.cloudfront.net (CloudFront) cache-control max-age=360, s-maxage=300 content-security-policy frame-ancestors https://cue.forum.cue.cloud x-amz-cf-pop FRA2-C2 accept-ranges bytes content-type application/javascript x-amz-cf-id aU7O9wBxcPJlLzGuSj-dnLCX4HalHABwSPEwlu-NlZGlJZZbn6x7SA==
GET H2	200	advertising.js Show response www.npttech.com/	7 KB 3 KB	64ms 23ms	Script application/javascript	104.21.60.63 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.npttech.com/advertising.js Requested by Host: www.grandforksherald.com URL: https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.21.60.63 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 7538e8f23fac8278c6027d8865bd1240514a3ff64b2c0af3b8ed3583e8ecce6b Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Fri, 24 Sep 2021 05:08:40 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 4909 alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 x-amz-request-id MY9S0PJDNWKA0N4N x-amz-id-2 u+L7370psI8SIxAmhNpCXyD7oSJ5Mvj4UhFctRtjgqEQW9IRVxx/Z0CAHkLIPiAPTAks5+rBcUw= last-modified Wed, 19 Jun 2019 08:25:01 GMT server cloudflare etag W/"3d6f80c860866175f58a84bbbc9217c6" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RiR0fScg31iZ%2FLqDYICjaDronvHHKKu0pN%2BA23s%2BG2YGZcG6QhYD29%2BYS9Vdgi4C9%2BchMs0nVeFQa63xgk3EioXO1vtvvZMviEyDraM4pPgLsu2Oi3rHr6A5z21MdOEbidE%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=28800 x-amz-version-id hXQWgdpwSBM26VgKOeTSlm.4VT89.h9w cf-ray 69397f0ad9bed721-FRA
GET H2	200	pubads_impl_2021092101.js Show response securepubads.g.doubleclick.net/gpt/	336 KB 118 KB	38ms 15ms	Script text/javascript	142.250.184.194 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021092101.js?31062914 Requested by Host: www.googletagservices.com URL: https://www.googletagservices.com/tag/js/gpt.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.184.194 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s11-in-f2.1e100.net Software sffe / Resource Hash 9cddc4e1c7049c1e45ebb678a8a47bb3b67dfa86009c877de6a9e6da0cfae474 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://www.grandforksherald.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" Response headers date Fri, 24 Sep 2021 05:08:40 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 120556 x-xss-protection 0 last-modified Tue, 21 Sep 2021 08:37:56 GMT server sffe vary Accept-Encoding report-to {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]} content-type text/javascript cache-control private, immutable, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="ads-gpt-scs" expires Fri, 24 Sep 2021 05:08:40 GMT
OPTIONS H2	200	simple api.sail-personalize.com/v1/personalize/ Frame	0 0	327ms 96ms	Preflight text/plain	75.2.40.13 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://api.sail-personalize.com/v1/personalize/simple?pageviews=1&isMobile=0 Protocol H2 Server 75.2.40.13 , United States, ASN16509 (AMAZON-02, US), Reverse DNS aa7557bb34ea5624b.awsglobalaccelerator.com Software / Resource Hash Request headers Accept */* Access-Control-Request-Method GET Access-Control-Request-Headers authorization,content-type,x-lib-version,x-referring-url Origin https://www.grandforksherald.com User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Sec-Fetch-Mode cors Response headers date Fri, 24 Sep 2021 05:08:41 GMT content-type text/plain content-length 18 access-control-allow-origin https://www.grandforksherald.com access-control-allow-credentials true access-control-max-age 1800 access-control-allow-methods OPTIONS,GET,POST,PUT,DELETE access-control-allow-headers Content-Type,Authorization,X-Requested-With,Content-Length,Accept,Origin,X-Lib-Version,X-Referring-URL allow HEAD,GET,OPTIONS
GET H2	200	apstag.js Show response c.amazon-adsystem.com/aax2/	133 KB 36 KB	73ms 8ms	Script application/javascript	13.224.186.4 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://c.amazon-adsystem.com/aax2/apstag.js Requested by Host: www.grandforksherald.com URL: https://www.grandforksherald.com/theme/js/googletag-prebid.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.186.4 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-186-4.fra2.r.cloudfront.net Software Server / Resource Hash 975b62423e82390a1b54f47625f46f5b4451a8ea69945b2e85008a194bb55edd Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers x-amz-version-id 8N42zakBwOFy.ZF9LMqjmgZs3f2_X5lT content-encoding gzip etag 3900a2c2d757386fb762bfd86288f882 age 536 x-edge-origin-shield-skipped 0 x-cache Hit from cloudfront server Server x-amz-rid 0PJV1XJX1VV1D209R8H4 date Fri, 24 Sep 2021 04:59:44 GMT vary Accept-Encoding content-type application/javascript via 1.1 f046bfa1468bb4385e357c8c9128cf51.cloudfront.net (CloudFront) cache-control public, max-age=900 x-amz-cf-pop FRA2-C1 accept-ranges bytes timing-allow-origin * x-amz-cf-id vDuatl5F88XrvnbhWb3e-pozxshklnPaDdg-tSBqkmREAaCo_z17_A==
GET H2	200	chartbeat_video.js Show response static.chartbeat.com/js/	69 KB 23 KB	73ms 9ms	Script application/x-javascript	13.224.190.164 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://static.chartbeat.com/js/chartbeat_video.js Requested by Host: www.grandforksherald.com URL: https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.190.164 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-190-164.fra2.r.cloudfront.net Software nginx / Resource Hash 7222bdb705a3d4af9ac5d4f1375a3709bc77578dcc0e1f3b5caf55fd14af959c Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Fri, 24 Sep 2021 04:59:29 GMT content-encoding gzip age 551 x-edge-origin-shield-skipped 0 cross-origin-resource-policy cross-origin x-cache Hit from cloudfront last-modified Fri, 09 Jul 2021 00:14:48 GMT server nginx etag W/"60e794f8-11377" vary Accept-Encoding content-type application/x-javascript via 1.1 29051585a13addd312c8ac9d527433c6.cloudfront.net (CloudFront) cache-control max-age=7200 x-amz-cf-pop FRA2-C1 x-amz-cf-id 4j5clJCA571JElQZ9LKa6E17MvnOV6E3AcihlhhxgOmKGSaWmnSzQw== expires Fri, 24 Sep 2021 06:59:29 GMT
GET H2	200	DFPAudiencePixel;ord=8290754258414.863;dc_seg=757965813 pubads.g.doubleclick.net/activity;dc_iu=/7021/	42 B 656 B	42ms 19ms	Image image/gif	142.250.181.226 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://pubads.g.doubleclick.net/activity;dc_iu=/7021/DFPAudiencePixel;ord=8290754258414.863;dc_seg=757965813? Requested by Host: www.grandforksherald.com URL: https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.181.226 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s56-in-f2.1e100.net Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers pragma no-cache date Fri, 24 Sep 2021 05:08:40 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	simple Show response api.sail-personalize.com/v1/personalize/	288 B 497 B	100ms 100ms	Fetch application/json	75.2.40.13 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://api.sail-personalize.com/v1/personalize/simple?pageviews=1&isMobile=0 Requested by Host: ak.sail-horizon.com URL: https://ak.sail-horizon.com/spm/spm.v1.min.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 75.2.40.13 , United States, ASN16509 (AMAZON-02, US), Reverse DNS aa7557bb34ea5624b.awsglobalaccelerator.com Software / Resource Hash db204c163aac48489a29528085dca29d2d829ae9b24cefde5eebb00d73c8dbf3 Request headers x-lib-version v1.0.1 Accept-Language de-DE,de;q=0.9 authorization Bearer 0d7127446e3b2361d3678f15db986f1f content-type application/json accept application/json Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 x-referring-url https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack Response headers pragma no-cache date Fri, 24 Sep 2021 05:08:41 GMT content-encoding gzip allowedorigins * vary Accept-Encoding content-type application/json access-control-allow-origin * cache-control no-store access-control-allow-credentials true allowedheaders Content-Type,Authorization,X-Requested-With,Content-Length,Accept,Origin content-length 196 allowedmethods GET,OPTIONS expires -1
GET H2	200	v2wncsODB1vFjoTgh7WbKdub3UvyuE68D7DEr-KZQqpFRenpjEclpRLg Show response stereotypedsugar.com/	103 KB 30 KB	230ms 210ms	Script text/javascript	35.201.96.133 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://stereotypedsugar.com/v2wncsODB1vFjoTgh7WbKdub3UvyuE68D7DEr-KZQqpFRenpjEclpRLg Requested by Host: www.grandforksherald.com URL: https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.201.96.133 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS 133.96.201.35.bc.googleusercontent.com Software / Resource Hash 19c91ad62aeaf43b7b32ff8684fb743aca17e5228cfd2d3553bc6ac075eef5e7 Security Headers Name Value Strict-Transport-Security max-age=15724800; preload Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers strict-transport-security max-age=15724800; preload content-encoding br x-datacenter gce-europe-west1 etag "eb0211bf60699f1dccf45375e221d70e19089bb9b0e9bbfcb82ee79b3e09c8da" vary Accept-Encoding, Accept-Language x-hostname c984a0b3 content-type text/javascript; charset=utf-8 cache-control private, must-revalidate, max-age=21600 date Fri, 24 Sep 2021 05:08:41 GMT timing-allow-origin *
GET H2	200	v2hqfzEANdvin8OCzcpVgyfqbP8krsZ0W_9GsVOi69IXWL0kDHl92Sb9pCpzf1rCU11wO1U1z Show response stereotypedsugar.com/	16 KB 6 KB	244ms 203ms	Script text/javascript	35.201.96.133 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://stereotypedsugar.com/v2hqfzEANdvin8OCzcpVgyfqbP8krsZ0W_9GsVOi69IXWL0kDHl92Sb9pCpzf1rCU11wO1U1z Requested by Host: www.grandforksherald.com URL: https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.201.96.133 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS 133.96.201.35.bc.googleusercontent.com Software / Resource Hash b822f92eb71c2ffb5ee96b228e88d10af2cbacc452e0774a3931bc3906f91234 Security Headers Name Value Strict-Transport-Security max-age=15724800; preload Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers strict-transport-security max-age=15724800; preload content-encoding gzip x-datacenter gce-europe-west1 etag "7bcea7fd3a1d697e725c1f235dea17eec28af75c259a4a3e746303f4e7ba39b4" vary Accept-Encoding, Accept-Language x-hostname c984a0b3 content-type text/javascript; charset=utf-8 cache-control private, must-revalidate, max-age=21600 date Fri, 24 Sep 2021 05:08:41 GMT timing-allow-origin *
GET H2	200	css fonts.googleapis.com/	10 KB 1 KB	39ms 15ms	Stylesheet text/css	142.250.186.138 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Oswald:400,700|Source+Sans+Pro:400,600,700&display=swap Requested by Host: www.grandforksherald.com URL: https://www.grandforksherald.com/theme/css/grandforksherald.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.186.138 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s07-in-f10.1e100.net Software ESF / Resource Hash a42b489f54bebf9b312731d94cdac2489b2fac850f0fb701350d1d9c6307c6f2 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers strict-transport-security max-age=31536000 content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" x-xss-protection 0 last-modified Fri, 24 Sep 2021 05:08:40 GMT server ESF date Fri, 24 Sep 2021 05:08:40 GMT x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Fri, 24 Sep 2021 05:08:40 GMT
GET H2	200	css fonts.googleapis.com/	3 KB 571 B	39ms 15ms	Stylesheet text/css	142.250.186.138 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=PT+Serif:400,700&display=swap Requested by Host: www.grandforksherald.com URL: https://www.grandforksherald.com/theme/css/grandforksherald.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.186.138 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s07-in-f10.1e100.net Software ESF / Resource Hash ce38e244b530479176732c2399703eb1c23b1d82fd12f39c23ab2d3516bff083 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers strict-transport-security max-age=31536000 content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" x-xss-protection 0 last-modified Fri, 24 Sep 2021 05:08:40 GMT server ESF date Fri, 24 Sep 2021 05:08:40 GMT x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Fri, 24 Sep 2021 05:08:40 GMT
GET H2	200	css fonts.googleapis.com/	2 KB 600 B	46ms 23ms	Stylesheet text/css	142.250.186.138 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Roboto:100&display=swap Requested by Host: www.grandforksherald.com URL: https://www.grandforksherald.com/theme/css/grandforksherald.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.186.138 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s07-in-f10.1e100.net Software ESF / Resource Hash 85e50fe35ea954d81d2feea489b29264aa77b93526409bc630df84d2d11e99ae Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers strict-transport-security max-age=31536000 content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" x-xss-protection 0 last-modified Fri, 24 Sep 2021 05:08:40 GMT server ESF date Fri, 24 Sep 2021 05:08:40 GMT x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Fri, 24 Sep 2021 05:08:40 GMT
GET H2	200	uxm5owm.css use.typekit.net/	1 KB 817 B	43ms 6ms	Stylesheet text/css	2.16.186.59 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://use.typekit.net/uxm5owm.css Requested by Host: www.grandforksherald.com URL: https://www.grandforksherald.com/theme/css/grandforksherald.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.16.186.59 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-16-186-59.deploy.static.akamaitechnologies.com Software nginx / Resource Hash 5f965c172c7fa2f5be586fa90c123404dfb75984060015aaefd926fc6206c238 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains; content-encoding gzip server nginx date Fri, 24 Sep 2021 05:08:40 GMT vary Accept-Encoding content-type text/css;charset=utf-8 access-control-allow-origin * cache-control private, max-age=600, stale-while-revalidate=604800 cross-origin-resource-policy cross-origin timing-allow-origin * content-length 585
GET H2	200	/ Show response mab.chartbeat.com/mab_strategy/headline_testing/get_strategy/	276 B 558 B	150ms 102ms	XHR application/json	151.101.130.202 FASTLY
General Check archive.org Show headers Download Go to Full URL https://mab.chartbeat.com/mab_strategy/headline_testing/get_strategy/?host=grandforksherald.com&domain=grandforksherald.com&path=%2Fbusiness%2Fagriculture%2F7208196-Minnesota-grain-handler-Crystal-Valley-Co-op-targeted-in-ransomware-attack Requested by Host: static.chartbeat.com URL: https://static.chartbeat.com/js/chartbeat_mab.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.130.202 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash 3a204c54c86b162b497cd8ac121b03e8d52be3fbaf9cf879f98ae3fa1f908fd0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Fri, 24 Sep 2021 05:08:40 GMT content-encoding gzip x-cache-hits 0 age 0 x-cache MISS cross-origin-resource-policy cross-origin content-length 205 x-served-by cache-hhn4074-HHN access-control-allow-origin * x-timer S1632460121.870352,VS0,VE96 vary Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding content-type application/json via 1.1 varnish (Varnish/6.0), 1.1 varnish cache-control no-store, no-cache, must-revalidate, max-age=0, s-maxage=0 accept-ranges bytes expires Wed, 22 Sep 2021 05:08:40 GMT
GET H2	204	config Show response c.amazon-adsystem.com/cdn/prod/	0 333 B	100ms 99ms	XHR text/plain	13.224.186.4 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fwww.grandforksherald.com%2Fbusiness%2Fagriculture%2F7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack&pubid=59950d2e-4dfc-490d-92ee-81f8d387b7dd Requested by Host: c.amazon-adsystem.com URL: https://c.amazon-adsystem.com/aax2/apstag.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.186.4 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-186-4.fra2.r.cloudfront.net Software Server / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Fri, 24 Sep 2021 05:08:39 GMT via 1.1 f046bfa1468bb4385e357c8c9128cf51.cloudfront.net (CloudFront) server Server x-edge-origin-shield-skipped 0 x-cache Miss from cloudfront access-control-allow-origin https://www.grandforksherald.com cache-control max-age=21550, s-maxage=21600 access-control-allow-credentials true x-amz-cf-pop FRA2-C1 x-amz-cf-id o-YRvedmZA9Y3bDy5l16-gLyiW-S3_fhIGiWVqYr85LdEzZvijoseQ==
GET H2	200	aps_csm.js Show response c.amazon-adsystem.com/bao-csm/aps-comm/	6 KB 3 KB	25ms 9ms	XHR application/javascript	13.224.186.4 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js Requested by Host: c.amazon-adsystem.com URL: https://c.amazon-adsystem.com/aax2/apstag.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.186.4 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-186-4.fra2.r.cloudfront.net Software AmazonS3 / Resource Hash 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers x-amz-version-id S8kNCKkikutwvs4V44q0sFuZ4JNc9Ate content-encoding gzip etag W/"a4d296427fc806b21335359e398c025c" age 16064 x-edge-origin-shield-skipped 0 access-control-max-age 3000 x-cache Hit from cloudfront access-control-allow-origin * last-modified Tue, 07 Sep 2021 22:15:56 GMT server AmazonS3 date Fri, 24 Sep 2021 00:40:57 GMT vary Origin access-control-allow-methods GET content-type application/javascript via 1.1 dde0b4b1e223fa23670e93078a04c116.cloudfront.net (CloudFront) cache-control public, max-age=86400 x-amz-cf-pop FRA2-C1 x-amz-cf-id mdnCCQEpJTA2Frktpz7bg-jNgRh0uHYoH9DqvD6O7WP6BpZIrqjAeg==
GET H2	200	p.css p.typekit.net/	5 B 181 B	27ms 7ms	Stylesheet text/css	104.111.215.74 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://p.typekit.net/p.css?s=1&k=uxm5owm&ht=tk&f=28129&a=18633131&app=typekit&e=css Requested by Host: use.typekit.net URL: https://use.typekit.net/uxm5owm.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.111.215.74 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-111-215-74.deploy.static.akamaitechnologies.com Software nginx / Resource Hash 1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb Request headers Accept-Language de-DE,de;q=0.9 Referer https://use.typekit.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Fri, 24 Sep 2021 05:08:40 GMT last-modified Thu, 05 Nov 2020 13:49:42 GMT server nginx etag "5fa402f6-5" content-type text/css access-control-allow-origin * cache-control public, max-age=604800 cross-origin-resource-policy cross-origin accept-ranges bytes content-length 5
GET H2	200	t Show response jadserve.postrelease.com/	2 KB 1 KB	349ms 111ms	Script text/javascript	35.153.224.87 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://jadserve.postrelease.com/t?ntv_url=https%3A%2F%2Fwww.grandforksherald.com%2Fbusiness%2Fagriculture%2F7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack&ntv_mvi Requested by Host: s.ntv.io URL: https://s.ntv.io/serve/load.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 35.153.224.87 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-35-153-224-87.compute-1.amazonaws.com Software nginx/1.12.1 / Resource Hash 587bc109af9439fa4930eeb10aae6183fa0ad4da6d023eecc7552220e905440f Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers pragma no-cache date Fri, 24 Sep 2021 05:08:41 GMT content-encoding gzip server nginx/1.12.1 p3p CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" access-control-allow-origin * cache-control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 content-type text/javascript;charset=UTF-8 content-length 801 expires Mon, 1 Jan 1990 12:00:00 GMT
GET H2	200	survey Show response survey.g.doubleclick.net/	9 KB 4 KB	168ms 68ms	Script text/javascript	142.250.186.113 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://survey.g.doubleclick.net/survey?site=_l7cz4rmrh2p4h2qycpldwqba6a&url=https%3A%2F%2Fwww.grandforksherald.com%2Fbusiness%2Fagriculture%2F7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack&cid=everything&random=1632460120872 Requested by Host: www.grandforksherald.com URL: https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.186.113 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s06-in-f17.1e100.net Software / Resource Hash e3efbe793db95bc86ee341776132f69ed19b4162e195e0062292e5fd7c36d919 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Referer https://www.grandforksherald.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" Response headers pragma no-cache date Fri, 24 Sep 2021 05:08:41 GMT content-encoding gzip x-content-type-options nosniff alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" x-frame-options SAMEORIGIN content-type text/javascript; charset=utf-8 cache-control private, no-cache, must-revalidate, no-store cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" vary * x-xss-protection 0 expires Mon, 01 Jan 1990 00:00:00 GMT
GET H2	200	gtm.js Show response www.googletagmanager.com/	291 KB 70 KB	61ms 38ms	Script application/javascript	142.250.184.232 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtm.js?id=GTM-5GVGN9S Requested by Host: www.grandforksherald.com URL: https://www.grandforksherald.com/theme/js/prod/fccgtminit.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.184.232 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s12-in-f8.1e100.net Software Google Tag Manager / Resource Hash 61adac71416f62e6d27b7e5eb37968f3db27ae114cfa33a818d018b8d9b803ab Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Fri, 24 Sep 2021 05:08:40 GMT content-encoding br vary Accept-Encoding cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 71537 x-xss-protection 0 last-modified Fri, 24 Sep 2021 03:00:00 GMT server Google Tag Manager strict-transport-security max-age=31536000; includeSubDomains content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Fri, 24 Sep 2021 05:08:40 GMT
GET H2	200	fbevents.js Show response connect.facebook.net/en_US/	98 KB 26 KB	21ms 7ms	Script application/x-javascript	157.240.236.1 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/en_US/fbevents.js Requested by Host: www.grandforksherald.com URL: https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack Protocol H2 Security TLS 1.3, , AES_128_GCM Server 157.240.236.1 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS xx-fbcdn-shv-02-frx5.fbcdn.net Software / Resource Hash ab43cf929d649dba8ce38c92dec4849c8049b678fec9942ae08df5ca57757280 Security Headers Name Value Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers content-security-policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests; content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=3600,h3-29=":443"; ma=3600,h3-27=":443"; ma=3600 content-length 25969 x-xss-protection 0 pragma public x-fb-debug N4OJalMx1AcSZZMRtAZr9nQ+ESrrc0I7jHsrf3MMdu0enZCRWNgklpLnugmneiKDaZjGyGG2FLvPZGd01hLdww== x-fb-trip-id 2050670934 x-frame-options DENY cross-origin-opener-policy same-origin-allow-popups cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" date Fri, 24 Sep 2021 05:08:41 GMT strict-transport-security max-age=31536000; preload; includeSubDomains report-to {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"} content-type application/x-javascript; charset=utf-8 vary Accept-Encoding cache-control public, max-age=1200 x-fb-rlafr 0 priority u=3,i expires Sat, 01 Jan 2000 00:00:00 GMT
GET H2	200	analytics.js Show response www.google-analytics.com/	48 KB 20 KB	57ms 16ms	Script text/javascript	142.250.186.78 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/analytics.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-5GVGN9S Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.186.78 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s05-in-f14.1e100.net Software Golfe2 / Resource Hash fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62 Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers strict-transport-security max-age=10886400; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff last-modified Wed, 11 Aug 2021 00:32:57 GMT server Golfe2 age 1001 date Fri, 24 Sep 2021 04:52:00 GMT vary Accept-Encoding content-type text/javascript cache-control public, max-age=7200 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 19747 expires Fri, 24 Sep 2021 06:52:00 GMT
GET H2	200	uwt.js Show response static.ads-twitter.com/	14 KB 6 KB	47ms 6ms	Script application/javascript	151.101.12.157 FASTLY
General Check archive.org Show headers Download Go to Full URL https://static.ads-twitter.com/uwt.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-5GVGN9S Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.12.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash 4da3e3aa30b5b06390d7e7e3fcfb16d648909eb429d161c2748bd6d79a7ec5fb Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Fri, 24 Sep 2021 05:08:41 GMT content-encoding gzip last-modified Mon, 20 Sep 2021 23:58:10 GMT etag "8dc11b7ca1d5ed9ec3b1ab1beb621c75+gzip+gzip" vary Accept-Encoding,Host x-tw-cdn FT p3p CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT" x-tw-geo-cc_and_ra DE-BB cache-control no-cache x-cache HIT, HIT accept-ranges bytes content-type application/javascript; charset=utf-8 content-length 5410 x-served-by cache-iad-kjyo7100045-IAD, cache-fra19147-FRA
GET H2	200	conversion_async.js Show response www.googleadservices.com/pagead/	37 KB 14 KB	68ms 27ms	Script text/javascript	142.250.185.98 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googleadservices.com/pagead/conversion_async.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-5GVGN9S Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.185.98 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s49-in-f2.1e100.net Software cafe / Resource Hash 936790ccabd26acddebd039c54120623734e2aa82310def49cc535912338fc0c Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Fri, 24 Sep 2021 05:08:41 GMT content-encoding gzip x-content-type-options nosniff p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 14166 x-xss-protection 0 server cafe etag 5348393372526461885 vary Accept-Encoding content-type text/javascript; charset=UTF-8 cache-control private, max-age=3600 timing-allow-origin * expires Fri, 24 Sep 2021 05:08:41 GMT
GET H/1.1	200 OK	config.js Show response confiant-integrations.global.ssl.fastly.net/cUnQ-tYNZ95Jh3EezVQMDpKuEDk/gpt_and_prebid/	94 KB 22 KB	34ms 7ms	Script text/javascript	151.101.129.194 FASTLY
General Check archive.org Show headers Download Go to Full URL https://confiant-integrations.global.ssl.fastly.net/cUnQ-tYNZ95Jh3EezVQMDpKuEDk/gpt_and_prebid/config.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-5GVGN9S Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.129.194 , United States, ASN54113 (FASTLY, US), Reverse DNS Software AmazonS3 / Resource Hash b51192dc5b80e1d2fbf9e8acae02f0cbce09d485848f26ecba86ce58c1de092a Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Date Fri, 24 Sep 2021 05:08:41 GMT Content-Encoding gzip Age 111 X-Cache HIT Connection keep-alive Content-Length 22083 x-amz-id-2 7f5vuw3opWsJuLy4UYMPNX6004Xnq87xznKU7j0EegAJNr1Pubw/gCz0G2zjjmb6vdaBfN/sZm0= X-Served-By cache-hhn4075-HHN Last-Modified Fri, 24 Sep 2021 03:36:03 GMT Server AmazonS3 X-Timer S1632460121.024452,VS0,VE1 ETag "69bf3b0f7d50b4a173da3b585af4e1fc" x-amz-request-id Q8CWADGX59S41KKE Via 1.1 varnish Cache-Control public, max-age=900, stale-while-revalidate=3600 Accept-Ranges bytes Content-Type text/javascript X-Cache-Hits 1
GET H/1.1	200 OK	up_loader.1.1.0.js Show response js.adsrvr.org/	4 KB 2 KB	42ms 7ms	Script application/x-javascript	13.225.85.149 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.adsrvr.org/up_loader.1.1.0.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-5GVGN9S Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 13.225.85.149 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-85-149.fra2.r.cloudfront.net Software AmazonS3 / Resource Hash ee3a7301fe1e0c0f6bf6acff0d7a8d107f5cb3f62a2566740c0416d8e61f00b9 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Date Fri, 24 Sep 2021 02:51:47 GMT Content-Encoding gzip Last-Modified Thu, 24 Sep 2020 15:15:34 GMT Server AmazonS3 Age 8215 ETag W/"98d98b3499058b76d58073cf8ede2f10" Vary Accept-Encoding X-Edge-Origin-Shield-Skipped 0 Content-Type application/x-javascript Via 1.1 32e3b86ae254a231182567c0124af893.cloudfront.net (CloudFront) Connection keep-alive Transfer-Encoding chunked X-Cache Hit from cloudfront X-Amz-Cf-Pop FRA2-C2 X-Amz-Cf-Id SWSoHVBrPChWYXO46TXwKpK9GSt8tG-_S6AxjL2NY8hkGNRiJZOr_g==
GET H3	200	2395609997225387 Show response connect.facebook.net/signals/config/	490 KB 143 KB	222ms 213ms	Script application/x-javascript	157.240.236.1 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/signals/config/2395609997225387?v=2.9.46&r=stable Requested by Host: connect.facebook.net URL: https://connect.facebook.net/en_US/fbevents.js Protocol H3 Security QUIC, , AES_128_GCM Server 157.240.236.1 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS xx-fbcdn-shv-02-frx5.fbcdn.net Software / Resource Hash b638a7aef297f45881c566cdfdf9a0e700e526e7b42ed90b91984a4312304d27 Security Headers Name Value Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers content-security-policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=3600,h3-29=":443"; ma=3600,h3-27=":443"; ma=3600 x-xss-protection 0 pragma public x-fb-debug qmr0EnTDPmpwQLUL9UbQeJtYy25jxVTHyK1rJnAuX501SDGpMunXegOMg0pW5aplEIDz757YaafmtGf37GkEuA== cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" cross-origin-opener-policy same-origin-allow-popups x-frame-options DENY date Fri, 24 Sep 2021 05:08:41 GMT strict-transport-security max-age=31536000; preload; includeSubDomains report-to {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"} content-type application/x-javascript; charset=utf-8 vary Accept-Encoding cache-control public, max-age=1200 x-fb-rlafr 0 priority u=3,i expires Sat, 01 Jan 2000 00:00:00 GMT
GET H/1.1	200 OK	wrap.js Show response confiant-integrations.global.ssl.fastly.net/gptprebidnative/202109231016/	179 KB 58 KB	6ms 6ms	Script application/javascript	151.101.129.194 FASTLY
General Check archive.org Show headers Download Go to Full URL https://confiant-integrations.global.ssl.fastly.net/gptprebidnative/202109231016/wrap.js Requested by Host: confiant-integrations.global.ssl.fastly.net URL: https://confiant-integrations.global.ssl.fastly.net/cUnQ-tYNZ95Jh3EezVQMDpKuEDk/gpt_and_prebid/config.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.129.194 , United States, ASN54113 (FASTLY, US), Reverse DNS Software AmazonS3 / Resource Hash 4c91dad330c16c5895489912b1136b4b330ff386868edce1e5c7852913274be9 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Date Fri, 24 Sep 2021 05:08:41 GMT Content-Encoding gzip Age 716 X-Cache HIT Connection keep-alive Content-Length 58483 x-amz-id-2 aalZMYuCBQQYsQa+YQ0baTyLECPI1sldcw6cS87AgX3p0KOwkzpvfvGPecSoe8n1VU3r2Ek51Fg= X-Served-By cache-hhn4075-HHN Last-Modified Thu, 23 Sep 2021 14:17:45 GMT Server AmazonS3 X-Timer S1632460121.050094,VS0,VE0 ETag "4a36118c85e655f97fa047933325892e" x-amz-request-id 9B90X8ZS47YKQ4JA Via 1.1 varnish Cache-Control public, max-age=31536000 Accept-Ranges bytes Content-Type application/javascript; charset=utf-8 X-Cache-Hits 1760
GET H3	200	prompt_embed_static__de.js Show response survey.g.doubleclick.net/insights/consumersurveys/static/438198885283519827/	399 KB 399 KB	22ms 8ms	Script application/javascript	142.250.186.113 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://survey.g.doubleclick.net/insights/consumersurveys/static/438198885283519827/prompt_embed_static__de.js Requested by Host: survey.g.doubleclick.net URL: https://survey.g.doubleclick.net/survey?site=_l7cz4rmrh2p4h2qycpldwqba6a&url=https%3A%2F%2Fwww.grandforksherald.com%2Fbusiness%2Fagriculture%2F7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack&cid=everything&random=1632460120872 Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.186.113 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s06-in-f17.1e100.net Software Google Frontend / Resource Hash 622f9cbe336aafd62c8c021d4d7fe0a9d9b61a169e739146587c1d19b6f8fa1d Request headers Referer https://www.grandforksherald.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" Response headers date Fri, 24 Sep 2021 00:38:55 GMT last-modified Thu, 23 Sep 2021 17:12:40 GMT server Google Frontend age 16186 content-type application/javascript x-cloud-trace-context 39a377e1842bc759e344fec165742a22 cache-control public, max-age=2592000 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 408770
GET H2	200	integrator.sync.js Show response adservice.google.com/adsid/	111 B 574 B	38ms 16ms	Script application/javascript	142.250.186.66 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://adservice.google.com/adsid/integrator.sync.js?domain=www.grandforksherald.com Requested by Host: survey.g.doubleclick.net URL: https://survey.g.doubleclick.net/survey?site=_l7cz4rmrh2p4h2qycpldwqba6a&url=https%3A%2F%2Fwww.grandforksherald.com%2Fbusiness%2Fagriculture%2F7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack&cid=everything&random=1632460120872 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.186.66 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s05-in-f2.1e100.net Software cafe / Resource Hash da46bc766028c67f94e34c39ecf0c36513fd5ffffe1e126ce09908ebcd671eb6 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers timing-allow-origin * date Fri, 24 Sep 2021 05:08:41 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info." cache-control private, no-cache, no-store cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type application/javascript; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 104 x-xss-protection 0
GET H2	200	adsct t.co/i/	43 B 454 B	140ms 111ms	Image image/gif	104.244.42.69 TWITTER
General Check archive.org Show headers Download Go to Show image Full URL https://t.co/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=o2f7x&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=f27120be-fa71-44a2-96d9-d5c615b19840&tw_document_href=https%3A%2F%2Fwww.grandforksherald.com%2Fbusiness%2Fagriculture%2F7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack Requested by Host: www.grandforksherald.com URL: https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.244.42.69 , United States, ASN13414 (TWITTER, US), Reverse DNS Software tsa_o / Resource Hash ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957 Security Headers Name Value Strict-Transport-Security max-age=0 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Fri, 24 Sep 2021 05:08:41 GMT content-encoding gzip x-content-type-options nosniff status 200 OK x-twitter-response-tags BouncerCompliant content-length 65 x-xss-protection 0 pragma no-cache last-modified Fri, 24 Sep 2021 05:08:41 GMT server tsa_o x-frame-options SAMEORIGIN strict-transport-security max-age=0 content-type image/gif;charset=utf-8 cache-control no-cache, no-store, must-revalidate, pre-check=0, post-check=0 x-connection-hash 4f9b36976bc41e2a5d85bfa336079acfea7b6eaa054bc3d84dc1a002f982ea0d x-transaction bc3d4ed9afb21b76 expires Tue, 31 Mar 1981 05:00:00 GMT
GET H2	200	/ Show response googleads.g.doubleclick.net/pagead/viewthroughconversion/409408157/	2 KB 2 KB	23ms 22ms	Script text/javascript	142.250.186.98 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/pagead/viewthroughconversion/409408157/?random=1632460121085&cv=9&fst=1632460121085&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=376635471&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg9m0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.grandforksherald.com%2Fbusiness%2Fagriculture%2F7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack&tiba=Minnesota%20grain%20handler%20Crystal%20Valley%20Co-op%20targeted%20in%20ransomware%20attack%20%7C%20Grand%20Forks%20Herald&hn=www.googleadservices.com&us_privacy=error&async=1&rfmt=3&fmt=4 Requested by Host: www.googleadservices.com URL: https://www.googleadservices.com/pagead/conversion_async.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.186.98 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s06-in-f2.1e100.net Software cafe / Resource Hash c0f84793707c6e79388d13e2723dab05ace3d97971fde76e2b6b65c9c0d167ae Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers pragma no-cache date Fri, 24 Sep 2021 05:08:41 GMT content-encoding gzip x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type text/javascript; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 1122 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H3	200	collect Show response www.google-analytics.com/j/	2 B 22 B	46ms 23ms	XHR text/plain	142.250.186.78 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/j/collect?v=1&_v=j93&a=2088399970&t=pageview&_s=1&dl=https%3A%2F%2Fwww.grandforksherald.com%2Fbusiness%2Fagriculture%2F7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack&ul=en-us&de=UTF-8&dt=Minnesota%20grain%20handler%20Crystal%20Valley%20Co-op%20targeted%20in%20ransomware%20attack%20%7C%20Grand%20Forks%20Herald&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGBACEABBAAAAC~&jid=1074678916&gjid=685446953&cid=962869590.1632460121&tid=UA-41542537-2&_gid=1955106622.1632460121&_r=1&gtm=2wg9m05GVGN9S&z=784356192 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.186.78 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s05-in-f14.1e100.net Software Golfe2 / Resource Hash de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://www.grandforksherald.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Content-Type text/plain Response headers pragma no-cache date Fri, 24 Sep 2021 05:08:41 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 content-type text/plain access-control-allow-origin https://www.grandforksherald.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 2 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H3	200	collect Show response www.google-analytics.com/j/	2 B 22 B	44ms 23ms	XHR text/plain	142.250.186.78 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/j/collect?v=1&_v=j93&a=2088399970&t=pageview&_s=1&dl=https%3A%2F%2Fwww.grandforksherald.com%2Fbusiness%2Fagriculture%2F7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack&ul=en-us&de=UTF-8&dt=Minnesota%20grain%20handler%20Crystal%20Valley%20Co-op%20targeted%20in%20ransomware%20attack%20%7C%20Grand%20Forks%20Herald&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGDACEABBAAAAC~&jid=478294172&gjid=148769086&cid=962869590.1632460121&tid=UA-778232-77&_gid=1955106622.1632460121&_r=1&gtm=2wg9m05GVGN9S&z=1627965581 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.186.78 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s05-in-f14.1e100.net Software Golfe2 / Resource Hash de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://www.grandforksherald.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Content-Type text/plain Response headers pragma no-cache date Fri, 24 Sep 2021 05:08:41 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 content-type text/plain access-control-allow-origin https://www.grandforksherald.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 2 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H2	200	collect Show response stats.g.doubleclick.net/j/	2 B 468 B	72ms 23ms	XHR text/plain	74.125.140.157 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j93&tid=UA-778232-37&cid=962869590.1632460121&jid=503634377&gjid=1750136292&_gid=1955106622.1632460121&_u=YGDAiEABBAAAAG~&z=738152891 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 74.125.140.157 , United States, ASN15169 (GOOGLE, US), Reverse DNS wq-in-f157.1e100.net Software Golfe2 / Resource Hash 6068f86ff5e6d3a3e100e95fd0ab03a5fb9ebfca9386b2c0ee131361a62526c2 Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://www.grandforksherald.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Content-Type text/plain Response headers pragma no-cache strict-transport-security max-age=10886400; includeSubDomains; preload x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 date Fri, 24 Sep 2021 05:08:41 GMT content-type text/plain access-control-allow-origin https://www.grandforksherald.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 2 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	collect www.google-analytics.com/	35 B 55 B	32ms 16ms	Image image/gif	142.250.186.78 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google-analytics.com/collect?v=1&_v=j93&a=2088399970&t=pageview&_s=1&dl=https%3A%2F%2Fwww.grandforksherald.com%2Fbusiness%2Fagriculture%2F7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack&ul=en-us&de=UTF-8&dt=Minnesota%20grain%20handler%20Crystal%20Valley%20Co-op%20targeted%20in%20ransomware%20attack%20%7C%20Grand%20Forks%20Herald&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGDAiEABBAAAAC~&jid=503634377&gjid=1750136292&cid=962869590.1632460121&tid=UA-778232-37&_gid=1955106622.1632460121&gtm=2wg9m05GVGN9S&z=1575951782 Requested by Host: www.grandforksherald.com URL: https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.186.78 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s05-in-f14.1e100.net Software Golfe2 / Resource Hash 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015 Security Headers Name Value X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers pragma no-cache date Thu, 23 Sep 2021 12:19:02 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 age 60579 content-type image/gif access-control-allow-origin * cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 35 expires Mon, 01 Jan 1990 00:00:00 GMT
GET H3	200	prompt Show response survey.g.doubleclick.net/gk/	31 B 73 B	103ms 103ms	Script text/javascript	142.250.186.113 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://survey.g.doubleclick.net/gk/prompt?site=_l7cz4rmrh2p4h2qycpldwqba6a&t=1&url=https%3A%2F%2Fwww.grandforksherald.com%2Fbusiness%2Fagriculture%2F7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack&cid=everything&random=1632460121046&ref=&token= Requested by Host: survey.g.doubleclick.net URL: https://survey.g.doubleclick.net/survey?site=_l7cz4rmrh2p4h2qycpldwqba6a&url=https%3A%2F%2Fwww.grandforksherald.com%2Fbusiness%2Fagriculture%2F7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack&cid=everything&random=1632460120872 Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.186.113 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s06-in-f17.1e100.net Software / Resource Hash 3620a534a30e7482173a2758d3929972213a19f52e6ecb8a765882157e305977 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Referer https://www.grandforksherald.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" Response headers x-why Exhausted. content-encoding gzip x-content-type-options nosniff date Fri, 24 Sep 2021 05:08:41 GMT x-frame-options SAMEORIGIN content-type text/javascript; charset=utf-8 cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 55 x-xss-protection 0
GET H2	200	/ www.google.com/pagead/1p-user-list/409408157/	42 B 569 B	44ms 19ms	Image image/gif	142.250.181.228 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.com/pagead/1p-user-list/409408157/?random=1632460121085&cv=9&fst=1632459600000&num=1&guid=ON&eid=376635471&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg9m0&sendb=1&frm=0&url=https%3A%2F%2Fwww.grandforksherald.com%2Fbusiness%2Fagriculture%2F7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack&tiba=Minnesota%20grain%20handler%20Crystal%20Valley%20Co-op%20targeted%20in%20ransomware%20attack%20%7C%20Grand%20Forks%20Herald&async=1&fmt=3&is_vtc=1&random=2795568152&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y Requested by Host: www.grandforksherald.com URL: https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.181.228 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s56-in-f4.1e100.net Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers pragma no-cache date Fri, 24 Sep 2021 05:08:41 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-security-policy script-src 'none'; object-src 'none' content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H2	200	collect Show response stats.g.doubleclick.net/j/	2 B 68 B	32ms 24ms	XHR text/plain	74.125.140.157 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j93&tid=UA-778232-77&cid=962869590.1632460121&jid=478294172&gjid=148769086&_gid=1955106622.1632460121&_u=YGDACEABBAAAAC~&z=2125601493 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 74.125.140.157 , United States, ASN15169 (GOOGLE, US), Reverse DNS wq-in-f157.1e100.net Software Golfe2 / Resource Hash 6068f86ff5e6d3a3e100e95fd0ab03a5fb9ebfca9386b2c0ee131361a62526c2 Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://www.grandforksherald.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Content-Type text/plain Response headers pragma no-cache strict-transport-security max-age=10886400; includeSubDomains; preload x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 date Fri, 24 Sep 2021 05:08:41 GMT content-type text/plain access-control-allow-origin https://www.grandforksherald.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 2 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H2	200	collect Show response stats.g.doubleclick.net/j/	2 B 68 B	31ms 24ms	XHR text/plain	74.125.140.157 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j93&tid=UA-41542537-2&cid=962869590.1632460121&jid=1074678916&gjid=685446953&_gid=1955106622.1632460121&_u=YGBACEAABAAAAC~&z=1509040226 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 74.125.140.157 , United States, ASN15169 (GOOGLE, US), Reverse DNS wq-in-f157.1e100.net Software Golfe2 / Resource Hash 6068f86ff5e6d3a3e100e95fd0ab03a5fb9ebfca9386b2c0ee131361a62526c2 Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://www.grandforksherald.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Content-Type text/plain Response headers pragma no-cache strict-transport-security max-age=10886400; includeSubDomains; preload x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 date Fri, 24 Sep 2021 05:08:41 GMT content-type text/plain access-control-allow-origin https://www.grandforksherald.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 2 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	ga-audiences www.google.com/ads/	42 B 63 B	57ms 27ms	Image image/gif	142.250.181.228 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j93&tid=UA-41542537-2&cid=962869590.1632460121&jid=1074678916&_u=YGBACEAABAAAAC~&z=192112629 Requested by Host: www.grandforksherald.com URL: https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.181.228 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s56-in-f4.1e100.net Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers pragma no-cache date Fri, 24 Sep 2021 05:08:41 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	ga-audiences www.google.com/ads/	42 B 63 B	56ms 26ms	Image image/gif	142.250.181.228 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j93&tid=UA-778232-77&cid=962869590.1632460121&jid=478294172&_u=YGDACEABBAAAAC~&z=67839973 Requested by Host: www.grandforksherald.com URL: https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.181.228 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s56-in-f4.1e100.net Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers pragma no-cache date Fri, 24 Sep 2021 05:08:41 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	ga-audiences www.google.com/ads/	42 B 63 B	55ms 26ms	Image image/gif	142.250.181.228 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j93&tid=UA-778232-37&cid=962869590.1632460121&jid=503634377&_u=YGDAiEABBAAAAG~&z=1950175086 Requested by Host: www.grandforksherald.com URL: https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.181.228 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s56-in-f4.1e100.net Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers pragma no-cache date Fri, 24 Sep 2021 05:08:41 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	trk.gif jadserve.postrelease.com/	43 B 426 B	99ms 98ms	Image image/gif	35.153.224.87 AMAZON-AES
General Check archive.org Show headers Download Go to Show image Full URL https://jadserve.postrelease.com/trk.gif?ntv_at=394&ntv_usid=3323602&ntv_pl=1113230 Requested by Host: www.grandforksherald.com URL: https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 35.153.224.87 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-35-153-224-87.compute-1.amazonaws.com Software nginx/1.12.1 / Resource Hash a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers pragma no-cache date Fri, 24 Sep 2021 05:08:41 GMT server nginx/1.12.1 p3p CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" access-control-allow-origin * cache-control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 content-type image/gif content-length 43 expires Mon, 1 Jan 1990 12:00:00 GMT
GET H2	200	gdprConsent jadserve.postrelease.com/	43 B 426 B	110ms 110ms	Image image/gif	35.153.224.87 AMAZON-AES
General Check archive.org Show headers Download Go to Show image Full URL https://jadserve.postrelease.com/gdprConsent?ntv_pl=1113230&ntv_gdpr_consent=&ntv_it Requested by Host: www.grandforksherald.com URL: https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 35.153.224.87 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-35-153-224-87.compute-1.amazonaws.com Software nginx/1.12.1 / Resource Hash a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers pragma no-cache date Fri, 24 Sep 2021 05:08:41 GMT server nginx/1.12.1 p3p CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" access-control-allow-origin * cache-control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 content-type image/gif content-length 43 expires Mon, 1 Jan 1990 12:00:00 GMT
GET H2	200	6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2 fonts.gstatic.com/s/sourcesanspro/v14/	16 KB 16 KB	30ms 7ms	Font font/woff2	172.217.23.99 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/sourcesanspro/v14/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Oswald:400,700|Source+Sans+Pro:400,600,700&display=swap Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.217.23.99 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s45-in-f3.1e100.net Software sffe / Resource Hash a9950fa5ca9cf47072770900d259bcf6778aa1119652d2e706d5eb92df254199 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://www.grandforksherald.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Wed, 22 Sep 2021 17:41:06 GMT x-content-type-options nosniff age 127655 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 16112 x-xss-protection 0 last-modified Tue, 15 Sep 2020 18:10:09 GMT server sffe report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="apps-themes" expires Thu, 22 Sep 2022 17:41:06 GMT
GET H2	200	6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2 fonts.gstatic.com/s/sourcesanspro/v14/	16 KB 16 KB	26ms 15ms	Font font/woff2	172.217.23.99 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/sourcesanspro/v14/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Oswald:400,700|Source+Sans+Pro:400,600,700&display=swap Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.217.23.99 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s45-in-f3.1e100.net Software sffe / Resource Hash efb3cdc5e4582fd67dffab6fc6e5062074ce3f8c51747346af944e97749dc309 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://www.grandforksherald.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Mon, 20 Sep 2021 04:26:59 GMT x-content-type-options nosniff age 348102 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 15948 x-xss-protection 0 last-modified Tue, 15 Sep 2020 18:10:32 GMT server sffe content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Tue, 20 Sep 2022 04:26:59 GMT
GET H2	200	6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2 fonts.gstatic.com/s/sourcesanspro/v14/	15 KB 16 KB	22ms 12ms	Font font/woff2	172.217.23.99 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/sourcesanspro/v14/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Oswald:400,700|Source+Sans+Pro:400,600,700&display=swap Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.217.23.99 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s45-in-f3.1e100.net Software sffe / Resource Hash 24f7e397faec79e62c37ff2f00b170f6dc1557fb46ac169f9f1897a9d641dd03 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://www.grandforksherald.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Tue, 21 Sep 2021 03:52:06 GMT x-content-type-options nosniff age 263795 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 15764 x-xss-protection 0 last-modified Tue, 15 Sep 2020 18:10:17 GMT server sffe content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Wed, 21 Sep 2022 03:52:06 GMT
GET H3	200	TK3IWkUHHAIjg75cFRf3bXL8LICs1_Fv40pKlN4NNSeSASz7FmlWHYg.woff2 fonts.gstatic.com/s/oswald/v40/	24 KB 24 KB	36ms 21ms	Font font/woff2	172.217.23.99 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/oswald/v40/TK3IWkUHHAIjg75cFRf3bXL8LICs1_Fv40pKlN4NNSeSASz7FmlWHYg.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Oswald:400,700|Source+Sans+Pro:400,600,700&display=swap Protocol H3 Security QUIC, , AES_128_GCM Server 172.217.23.99 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s45-in-f3.1e100.net Software sffe / Resource Hash 9c21b3dbf862e916d2689453d7f27dcc0539a0239bf323e5f2db397fca0e5d21 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://www.grandforksherald.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Mon, 20 Sep 2021 04:47:28 GMT x-content-type-options nosniff age 346873 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 24080 x-xss-protection 0 last-modified Tue, 10 Aug 2021 00:16:47 GMT server sffe content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Tue, 20 Sep 2022 04:47:28 GMT
GET H3	200	EJRSQgYoZZY2vCFuvAnt66qSVys.woff2 fonts.gstatic.com/s/ptserif/v12/	29 KB 29 KB	36ms 21ms	Font font/woff2	172.217.23.99 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/ptserif/v12/EJRSQgYoZZY2vCFuvAnt66qSVys.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=PT+Serif:400,700&display=swap Protocol H3 Security QUIC, , AES_128_GCM Server 172.217.23.99 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s45-in-f3.1e100.net Software sffe / Resource Hash e548abcd8734bfcf8b4ebbbca1af98f9e8ae1e0ff884c0971f29498a4fc108f4 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://www.grandforksherald.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Sun, 19 Sep 2021 07:06:58 GMT x-content-type-options nosniff age 424903 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 29400 x-xss-protection 0 last-modified Thu, 10 Sep 2020 17:05:20 GMT server sffe content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Mon, 19 Sep 2022 07:06:58 GMT
GET H3	200	EJRVQgYoZZY2vCFuvAFWzr8.woff2 fonts.gstatic.com/s/ptserif/v12/	32 KB 32 KB	37ms 23ms	Font font/woff2	172.217.23.99 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/ptserif/v12/EJRVQgYoZZY2vCFuvAFWzr8.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=PT+Serif:400,700&display=swap Protocol H3 Security QUIC, , AES_128_GCM Server 172.217.23.99 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s45-in-f3.1e100.net Software sffe / Resource Hash ef391572f9fbb7bab7fef6ce2c4fc92ad68a8c148889a79cb9f9b1452d851fab Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://www.grandforksherald.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Sun, 19 Sep 2021 17:58:59 GMT x-content-type-options nosniff age 385782 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 32960 x-xss-protection 0 last-modified Thu, 10 Sep 2020 17:06:03 GMT server sffe content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Mon, 19 Sep 2022 17:58:59 GMT
GET H2	200	moatframe.js Show response z.moatads.com/addthismoatframe568911941483/	2 KB 1 KB	55ms 8ms	Script application/x-javascript	2.18.235.40 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://z.moatads.com/addthismoatframe568911941483/moatframe.js Requested by Host: s7.addthis.com URL: https://s7.addthis.com/js/300/addthis_widget.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a2-18-235-40.deploy.static.akamaitechnologies.com Software AmazonS3 / Resource Hash 05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Fri, 24 Sep 2021 05:08:41 GMT content-encoding gzip last-modified Fri, 08 Nov 2019 20:13:52 GMT server AmazonS3 x-amz-request-id D5503D14AA2F06AA etag "f14b4e1f799b14f798a195f43cf58376" vary Accept-Encoding content-type application/x-javascript cache-control max-age=47581 accept-ranges bytes content-length 948 x-amz-id-2 JgalEtxvSAtZmM7+naGfrhsdf0JFS0gJW8lypWF8Tp90EkcPp4c3eAnpK+RDOIL1ltWgpx8wc3s=
GET H3	200	777836059807583 Show response connect.facebook.net/signals/config/	489 KB 143 KB	8ms 7ms	Script application/x-javascript	157.240.236.1 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/signals/config/777836059807583?v=2.9.46&r=stable Requested by Host: connect.facebook.net URL: https://connect.facebook.net/en_US/fbevents.js Protocol H3 Security QUIC, , AES_128_GCM Server 157.240.236.1 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS xx-fbcdn-shv-02-frx5.fbcdn.net Software / Resource Hash 96d26aa4e3ea536ca4767726b009800aefc00c8bccc5c5efff47881328b3fe6c Security Headers Name Value Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers content-security-policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=3600,h3-29=":443"; ma=3600,h3-27=":443"; ma=3600 content-length 146663 x-xss-protection 0 pragma public x-fb-debug dCWmI+L05iLW8fmEot0tCa44A5mAO+GbyiMeNdcb2s0LA9JcXfbni6K0x4qObZgyPgpIPpTwXw42TtvjFPGd4g== x-frame-options DENY date Fri, 24 Sep 2021 05:08:41 GMT strict-transport-security max-age=31536000; preload; includeSubDomains content-type application/x-javascript; charset=utf-8 vary Accept-Encoding cache-control public, max-age=1200 x-fb-rlafr 0 priority u=3,i expires Sat, 01 Jan 2000 00:00:00 GMT
GET H2	200	/ www.facebook.com/tr/	44 B 313 B	25ms 7ms	Image image/gif	157.240.236.35 FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/tr/?id=2395609997225387&ev=PageView&dl=https%3A%2F%2Fwww.grandforksherald.com%2Fbusiness%2Fagriculture%2F7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack&rl=&if=false&ts=1632460121392&sw=1600&sh=1200&v=2.9.46&r=stable&ec=0&o=30&fbp=fb.1.1632460121391.610775530&it=1632460121025&coo=false&exp=p0&rqm=GET Requested by Host: www.grandforksherald.com URL: https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack Protocol H2 Security TLS 1.3, , AES_128_GCM Server 157.240.236.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS edge-star-mini-shv-02-frx5.facebook.com Software proxygen-bolt / Resource Hash 10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Fri, 24 Sep 2021 05:08:41 GMT last-modified Fri, 21 Dec 2012 00:00:01 GMT server proxygen-bolt strict-transport-security max-age=31536000; includeSubDomains content-type image/gif cache-control no-cache, must-revalidate, max-age=0 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=3600, h3-29=":443"; ma=3600,h3-27=":443"; ma=3600 content-length 44 expires Fri, 24 Sep 2021 05:08:41 GMT
GET H3	200	rollbar.min.js Show response cdnjs.cloudflare.com/ajax/libs/rollbar.js/2.4.6/	61 KB 17 KB	24ms 14ms	Script application/javascript	104.16.18.94 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/rollbar.js/2.4.6/rollbar.min.js Requested by Host: origami.secure.ownlocal.com URL: https://origami.secure.ownlocal.com/origami-widget.js Protocol H3 Security QUIC, , AES_128_GCM Server 104.16.18.94 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 8e2d476a3da7d96d989379c7fb3be5ed4595a5dcdf7164cda8b5ecf0ed9a39fe Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers Referer https://www.grandforksherald.com/ Origin https://www.grandforksherald.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Fri, 24 Sep 2021 05:08:41 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} age 38972 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 content-length 17086 timing-allow-origin * last-modified Mon, 04 May 2020 16:16:01 GMT server cloudflare cf-cdnjs-via cfworker/kv etag "5eb03fc1-f4a1" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=15780000 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XeTB1iB5JQveCZm6S4%2F4M9TKGfjttn4u3DMjgLlOv15%2F6RGI9JmBeFU4SyHIgSX9%2BK3fH3aNpKU453lUrtd0VfiBtbYGkMPUnb1yaTNER6OX87RPM8uLf%2FnDcsgFWQrpivp%2BQl7Z"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=utf-8 access-control-allow-origin * vary Accept-Encoding cache-control public, max-age=30672000 accept-ranges bytes cf-ray 69397f0f0ac75c44-FRA expires Wed, 14 Sep 2022 05:08:41 GMT
GET H/1.1	200 OK	1 Show response forumcomm.friends2follow.com/f2f/widget/html/socialstack/89/0/12/140/1/1/1/9/9/ Frame 9A62	59 KB 11 KB	449ms 106ms	Document text/html	35.174.182.213 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://forumcomm.friends2follow.com/f2f/widget/html/socialstack/89/0/12/140/1/1/1/9/9/1 Requested by Host: www.grandforksherald.com URL: https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 35.174.182.213 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-35-174-182-213.compute-1.amazonaws.com Software Apache / Resource Hash 1c453c5fc527e1a7fa1cb50519365db31ca044a2119b751ad759fbb3a5a1d91b Security Headers Name Value X-Content-Type-Options nosniff nosniff Request headers Host forumcomm.friends2follow.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept-Language de-DE,de;q=0.9 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site cross-site Sec-Fetch-Mode navigate Sec-Fetch-Dest iframe Referer https://www.grandforksherald.com/ Accept-Encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ Response headers Accept-Ranges bytes Age 115 Cache-Control no-cache, must-revalidate Content-Encoding gzip Content-Type text/html; charset=UTF-8 Date Fri, 24 Sep 2021 05:08:41 GMT Expires Sun, 19 Nov 1978 05:00:00 GMT Server Apache Vary Accept-Encoding Via 1.1 varnish X-Content-Type-Options nosniff nosniff X-Varnish 586513904 586509572 X-Varnish-Cache HIT Content-Length 10589 Connection keep-alive
GET H3	200	/ www.facebook.com/tr/	44 B 91 B	15ms 7ms	Image image/gif	157.240.236.35 FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/tr/?id=777836059807583&ev=PageView&dl=https%3A%2F%2Fwww.grandforksherald.com%2Fbusiness%2Fagriculture%2F7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack&rl=&if=false&ts=1632460121466&sw=1600&sh=1200&v=2.9.46&r=stable&ec=0&o=30&fbp=fb.1.1632460121391.610775530&it=1632460121025&coo=false&exp=p0&rqm=GET Requested by Host: www.grandforksherald.com URL: https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack Protocol H3 Security QUIC, , AES_128_GCM Server 157.240.236.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS edge-star-mini-shv-02-frx5.facebook.com Software proxygen-bolt / Resource Hash 10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Fri, 24 Sep 2021 05:08:41 GMT last-modified Fri, 21 Dec 2012 00:00:01 GMT server proxygen-bolt strict-transport-security max-age=31536000; includeSubDomains content-type image/gif cache-control no-cache, must-revalidate, max-age=0 cross-origin-resource-policy cross-origin content-length 44 alt-svc h3=":443"; ma=3600, h3-29=":443"; ma=3600,h3-27=":443"; ma=3600 priority u=3,i expires Fri, 24 Sep 2021 05:08:41 GMT
GET H2	200	auth_config.json Show response www.grandforksherald.com/theme/json/	6 KB 7 KB	109ms 109ms	Fetch application/json	13.225.78.15 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.grandforksherald.com/theme/json/auth_config.json Requested by Host: www.grandforksherald.com URL: https://www.grandforksherald.com/theme/js/auth0.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.78.15 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-78-15.fra2.r.cloudfront.net Software nginx/1.18.0 / Resource Hash b9fa1c3c432c32592fb34d7b02d6d1bc165aab10783ee326e62f2f70e425328f Security Headers Name Value Content-Security-Policy frame-ancestors https://cue.forum.cue.cloud Request headers :path /theme/json/auth_config.json pragma no-cache cookie sailthru_pageviews=1; _cb_ls=1; _gcl_au=1.1.175563507.1632460121; __adblocker=false; _ga=GA1.2.962869590.1632460121; _gid=GA1.2.1955106622.1632460121; _gat_UA-41542537-2=1; _gat_UA-778232-77=1; _dc_gtm_UA-778232-37=1; AWSALB=Ds0IWnSMclO4FCw3yFvd1EhygdLlMMI7zBtEX5ogxBrrK3eZsq2EwIzUm8BrV+ytYiIM+XVce9qtCzTKxxY2ensqHjW4ONvie5Lu+fq6ojYJ17fb621eTphYXabb; AWSALBCORS=Ds0IWnSMclO4FCw3yFvd1EhygdLlMMI7zBtEX5ogxBrrK3eZsq2EwIzUm8BrV+ytYiIM+XVce9qtCzTKxxY2ensqHjW4ONvie5Lu+fq6ojYJ17fb621eTphYXabb; sailthru_content=90e1ff3164edaa1fc87e349cc94e0f59; sailthru_visitor=adf5dad3-ba3c-4031-aaf4-bf30b28112d7; _fbp=fb.1.1632460121391.610775530 accept-encoding gzip, deflate, br accept-language de-DE,de;q=0.9 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 sec-fetch-mode cors accept */* cache-control no-cache sec-fetch-dest empty :authority www.grandforksherald.com referer https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack :scheme https sec-fetch-site same-origin :method GET Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Fri, 24 Sep 2021 05:08:41 GMT via 1.1 varnish (Varnish/5.2), 1.1 6fa33d47af6f4da7007689083cfe9b9c.cloudfront.net (CloudFront) age 30 x-cache Miss from cloudfront x-cache-host Front:varnish-10dfff.forum.cue.cloud Backend:cook-60712d.forum.cue.cloud x-cache-backend cuefront1_nelson set-cookie AWSALB=JyRCn/jhptcV4rH+PNovQNCe/OljJF4QRXdX3jhoshpMv/3P2eGVKLf4b7UdGNm0LcSG++peT6exCsC7hRQpZin01Bjz1D+A7Us865OoOVluObYUHyRavESUUQ2H; Expires=Fri, 01 Oct 2021 05:08:41 GMT; Path=/ AWSALBCORS=JyRCn/jhptcV4rH+PNovQNCe/OljJF4QRXdX3jhoshpMv/3P2eGVKLf4b7UdGNm0LcSG++peT6exCsC7hRQpZin01Bjz1D+A7Us865OoOVluObYUHyRavESUUQ2H; Expires=Fri, 01 Oct 2021 05:08:41 GMT; Path=/; SameSite=None; Secure content-length 6351 x-ua Amazon CloudFront last-modified Thu, 23 Sep 2021 15:05:35 GMT server nginx/1.18.0 etag "614c97bf-18cf" vary Accept-Encoding x-varnish 3641070 611686700 626331989 cache-control max-age=120, s-maxage=120 content-security-policy frame-ancestors https://cue.forum.cue.cloud x-amz-cf-pop FRA2-C2 accept-ranges bytes content-type application/json x-amz-cf-id R7WWwmiP849YtLGURCnLA9a3vHyQ8c5hWMXaQn9CFQHliaNA8eR8-A==
GET H2	200	skeleton.gif static.adsafeprotected.com/	43 B 259 B	120ms 31ms	Image image/gif	52.209.62.127 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://static.adsafeprotected.com/skeleton.gif Requested by Host: www.grandforksherald.com URL: https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.209.62.127 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-209-62-127.eu-west-1.compute.amazonaws.com Software nginx/1.16.1 / Resource Hash 42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Fri, 24 Sep 2021 05:08:41 GMT last-modified Mon, 17 Aug 2020 23:55:15 GMT server nginx/1.16.1 age 18558990 etag "45cf913e5d9d3c9b2058033056d3dd23" x-cache-status HIT content-type image/gif cache-control max-age=315360000 accept-ranges bytes content-length 43
GET H2	200	fa-light-300.woff2 static.forumcomm.com/webfonts/	161 KB 161 KB	28ms 7ms	Font binary/octet-stream	13.224.193.88 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://static.forumcomm.com/webfonts/fa-light-300.woff2 Requested by Host: static.forumcomm.com URL: https://static.forumcomm.com/css/all.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.193.88 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-193-88.fra2.r.cloudfront.net Software AmazonS3 / Resource Hash c709adcccd859f7a8789e88854ab4d190a39ea76d4ab1fcf3dc0ad7dc4f81b8a Request headers Referer https://static.forumcomm.com/css/all.css Origin https://www.grandforksherald.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Thu, 23 Sep 2021 14:01:24 GMT via 1.1 24c299c0a6423c6f96984a85fb014109.cloudfront.net (CloudFront) vary Origin age 54438 x-edge-origin-shield-skipped 0 x-cache Hit from cloudfront content-length 164548 last-modified Tue, 25 Jun 2019 13:27:52 GMT server AmazonS3 etag "8d8d7db2c6282c3a8174dc601ad5c4bd" access-control-max-age 3000 access-control-allow-methods GET content-type binary/octet-stream access-control-allow-origin * x-amz-cf-pop FRA2-C1 accept-ranges bytes x-amz-cf-id W_h52WHoQZy9ky5zaXZyhrViu58VhvAoQVQsK1tVhykOvaH8hvK8Ng==
GET H2	200	adsct Show response analytics.twitter.com/i/	31 B 657 B	129ms 114ms	Script application/javascript	104.244.42.195 TWITTER
General Check archive.org Show headers Download Go to Full URL https://analytics.twitter.com/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=o2f7x&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=f27120be-fa71-44a2-96d9-d5c615b19840&tw_document_href=https%3A%2F%2Fwww.grandforksherald.com%2Fbusiness%2Fagriculture%2F7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack&tpx_cb=twttr.conversion.loadPixels Requested by Host: static.ads-twitter.com URL: https://static.ads-twitter.com/uwt.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.244.42.195 , United States, ASN13414 (TWITTER, US), Reverse DNS Software tsa_o / Resource Hash df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf Security Headers Name Value Strict-Transport-Security max-age=631138519 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Fri, 24 Sep 2021 05:08:41 GMT content-encoding gzip x-content-type-options nosniff p3p CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT" status 200 OK x-twitter-response-tags BouncerCompliant content-length 57 x-xss-protection 0 pragma no-cache last-modified Fri, 24 Sep 2021 05:08:41 GMT server tsa_o x-frame-options SAMEORIGIN strict-transport-security max-age=631138519 content-type application/javascript;charset=utf-8 cache-control no-cache, no-store, must-revalidate, pre-check=0, post-check=0 x-connection-hash 1cacd98332a6d75162d457ef16d5367de1efa9f4f6c236a54862c68da09c1267 x-transaction 5c3523c9f116c718 expires Tue, 31 Mar 1981 05:00:00 GMT
GET H2	200	_ate.track.config_resp Show response v1.addthisedge.com/live/boost/ra-56ec67b5ab5cb344/	1 KB 729 B	32ms 9ms	Script application/javascript	104.75.88.126 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://v1.addthisedge.com/live/boost/ra-56ec67b5ab5cb344/_ate.track.config_resp Requested by Host: s7.addthis.com URL: https://s7.addthis.com/js/300/addthis_widget.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.75.88.126 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-75-88-126.deploy.static.akamaitechnologies.com Software / Resource Hash 9a90cdaa2cc278db91481dae0444c9a218417329b739af1ac68331f41875251f Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Fri, 24 Sep 2021 05:08:41 GMT content-encoding gzip etag -1844408649--gzip vary Accept-Encoding content-type application/javascript;charset=utf-8 cache-control public, max-age=19, s-maxage=86400 content-disposition attachment; filename=1.txt content-length 552
GET H2	200	300lo.json Show response m.addthis.com/live/red_lojson/	89 B 249 B	174ms 136ms	Script application/javascript	104.75.88.126 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://m.addthis.com/live/red_lojson/300lo.json?si=614d5d59979f946b&bkl=0&bl=1&pdt=535&sid=614d5d59979f946b&pub=ra-56ec67b5ab5cb344&rev=v8.28.8-wp&ln=en&pc=men&cb=0&ab=-&dp=www.grandforksherald.com&fp=business%2Fagriculture%2F7208196-Minnesota-grain-handler-Crystal-Valley-Co-op-targeted-in-ransomware-attack&fr=&of=0&pd=0&irt=0&vcl=0&md=0&ct=1&tct=0&abt=0&cdn=0&pi=1&rb=0&gen=100&chr=UTF-8&colc=1632460121551&jsl=139265&uvs=614d5d5988ecca4a000&skipb=1&callback=addthis.cbs.jsonp__96508479444437680 Requested by Host: s7.addthis.com URL: https://s7.addthis.com/js/300/addthis_widget.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.75.88.126 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-75-88-126.deploy.static.akamaitechnologies.com Software / Resource Hash f5a7293d32ab389abe1b74275f9d7ea02921b0cb12f91ccb9f7a800b47651cb1 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers pragma no-cache date Fri, 24 Sep 2021 05:08:41 GMT cache-control max-age=0, no-cache, no-store, no-transform content-disposition attachment; filename=1.txt content-length 89 content-type application/javascript;charset=utf-8
GET		sh.f48a1a04fe8dbf021b4cda1d.html s7.addthis.com/static/ Frame EE08	0 0
GET H2	200	sh.f48a1a04fe8dbf021b4cda1d.html Show response s7.addthis.com/static/ Frame 6798	71 KB 26 KB	9ms 8ms	Document text/html	104.75.88.126 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html Requested by Host: s7.addthis.com URL: https://s7.addthis.com/js/300/addthis_widget.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.75.88.126 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-75-88-126.deploy.static.akamaitechnologies.com Software nginx/1.15.8 / Resource Hash 7b6bfa13f0778c40bb2a00af9819bea2f07afcb4d071e7e4f436196953a5db4d Security Headers Name Value Strict-Transport-Security max-age=15724800; includeSubDomains Request headers :method GET :authority s7.addthis.com :scheme https :path /static/sh.f48a1a04fe8dbf021b4cda1d.html pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 accept-language de-DE,de;q=0.9 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest iframe referer https://www.grandforksherald.com/ accept-encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ Response headers server nginx/1.15.8 content-type text/html last-modified Mon, 26 Oct 2020 18:11:48 GMT etag W/"5f971164-11adc" timing-allow-origin * cache-control public, max-age=86313600 p3p CP="NON ADM OUR DEV IND COM STA" strict-transport-security max-age=15724800; includeSubDomains content-encoding gzip content-length 26421 date Fri, 24 Sep 2021 05:08:41 GMT vary Accept-Encoding x-host s7.addthis.com
GET H2	200	active_orders Show response origami.secure.ownlocal.com/api/	14 B 499 B	21ms 7ms	XHR application/json	34.96.77.232 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://origami.secure.ownlocal.com/api/active_orders?owned_by=69b32431-f541-4bcc-ade4-941f8b27d6e9 Requested by Host: origami.secure.ownlocal.com URL: https://origami.secure.ownlocal.com/origami-widget.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.96.77.232 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS 232.77.96.34.bc.googleusercontent.com Software nginx/1.17.2 / Resource Hash 5021e624e752b001ce3e3846e8f158ed4aeb93a4c9a72fdb35a0c5b14a0eea84 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Accept application/json Referer https://www.grandforksherald.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Fri, 24 Sep 2021 05:05:50 GMT via 1.1 google x-content-type-options nosniff x-permitted-cross-domain-policies none age 171 strict-transport-security max-age=31536000; includeSubDomains alt-svc clear content-length 14 x-xss-protection 1; mode=block x-request-id b395bb17-07ac-4493-a93b-b06028d9fbb1 x-runtime 0.078043 referrer-policy strict-origin-when-cross-origin server nginx/1.17.2 x-frame-options SAMEORIGIN etag W/"5021e624e752b001ce3e3846e8f158ed" x-download-options noopen access-control-max-age 7200 access-control-allow-methods GET, OPTIONS content-type application/json; charset=utf-8 access-control-allow-origin * vary Origin cache-control max-age=3600, public access-control-expose-headers
GET H2	200	active_orders Show response origami.secure.ownlocal.com/api/	14 B 80 B	21ms 7ms	XHR application/json	34.96.77.232 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://origami.secure.ownlocal.com/api/active_orders?owned_by=69b32431-f541-4bcc-ade4-941f8b27d6e9 Requested by Host: origami.secure.ownlocal.com URL: https://origami.secure.ownlocal.com/origami-widget.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.96.77.232 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS 232.77.96.34.bc.googleusercontent.com Software nginx/1.17.2 / Resource Hash 5021e624e752b001ce3e3846e8f158ed4aeb93a4c9a72fdb35a0c5b14a0eea84 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Accept application/json Referer https://www.grandforksherald.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Fri, 24 Sep 2021 05:05:50 GMT via 1.1 google x-content-type-options nosniff x-permitted-cross-domain-policies none age 171 strict-transport-security max-age=31536000; includeSubDomains alt-svc clear content-length 14 x-xss-protection 1; mode=block x-request-id b395bb17-07ac-4493-a93b-b06028d9fbb1 x-runtime 0.078043 referrer-policy strict-origin-when-cross-origin server nginx/1.17.2 x-frame-options SAMEORIGIN etag W/"5021e624e752b001ce3e3846e8f158ed" x-download-options noopen access-control-max-age 7200 access-control-allow-methods GET, OPTIONS content-type application/json; charset=utf-8 access-control-allow-origin * vary Origin cache-control max-age=3600, public access-control-expose-headers
GET H3	200	DFPAudiencePixel;ord=5836158091594.448;dc_seg=487073367 pubads.g.doubleclick.net/activity;dc_iu=/7021/	42 B 63 B	40ms 26ms	Image image/gif	142.250.181.226 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://pubads.g.doubleclick.net/activity;dc_iu=/7021/DFPAudiencePixel;ord=5836158091594.448;dc_seg=487073367? Requested by Host: www.grandforksherald.com URL: https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.181.226 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s56-in-f2.1e100.net Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers pragma no-cache date Fri, 24 Sep 2021 05:08:41 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	bid Show response c.amazon-adsystem.com/e/dtb/	23 B 377 B	121ms 121ms	XHR text/javascript	13.224.186.4 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.grandforksherald.com%2Fbusiness%2Fagriculture%2F7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack&pid=6xCv8IJNkrhok&cb=0&ws=1600x1200&v=7.69.01&t=1200&slots=%5B%7B%22sd%22%3A%220%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x90%22%2C%22970x250%22%2C%22320x100%22%2C%22320x50%22%2C%22300x50%22%5D%2C%22sn%22%3A%22%27%2F7021%2Fcue_sites%2F%27%20%2B%20tags%2C%20leaderboard_ad_mapping%22%7D%2C%7B%22sd%22%3A%221%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x90%22%2C%22970x250%22%2C%22320x100%22%2C%22320x50%22%2C%22300x50%22%5D%2C%22sn%22%3A%22%27%2F7021%2Fcue_sites%2F%27%20%2B%20tags%2C%20leaderboard_ad_mapping%22%7D%2C%7B%22sd%22%3A%222%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x90%22%2C%22970x250%22%2C%22320x100%22%2C%22320x50%22%2C%22300x50%22%5D%2C%22sn%22%3A%22%27%2F7021%2Fcue_sites%2F%27%20%2B%20tags%2C%20leaderboard_ad_mapping%22%7D%2C%7B%22sd%22%3A%223%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x90%22%2C%22970x250%22%2C%22320x100%22%2C%22320x50%22%2C%22300x50%22%5D%2C%22sn%22%3A%22%27%2F7021%2Fcue_sites%2F%27%20%2B%20tags%2C%20leaderboard_ad_mapping%22%7D%2C%7B%22sd%22%3A%224%22%2C%22s%22%3A%5B%22300x600%22%2C%22120x600%22%2C%22160x600%22%2C%22300x250%22%2C%22320x100%22%2C%22320x50%22%2C%22300x50%22%2C%22250x250%22%5D%2C%22sn%22%3A%22%27%2F7021%2Fcue_sites%2F%27%20%2B%20tags%2C%20sidebar1_ad_mapping%22%7D%2C%7B%22sd%22%3A%225%22%2C%22s%22%3A%5B%22300x250%22%2C%22320x100%22%2C%22320x50%22%2C%22300x50%22%2C%22250x250%22%5D%2C%22sn%22%3A%22%27%2F7021%2Fcue_sites%2F%27%20%2B%20tags%2C%20sidebar2_ad_mapping%22%7D%2C%7B%22sd%22%3A%226%22%2C%22s%22%3A%5B%22300x600%22%2C%22300x250%22%2C%22320x100%22%2C%22320x50%22%2C%22300x50%22%2C%22250x250%22%5D%2C%22sn%22%3A%22%27%2F7021%2Fcue_sites%2F%27%20%2B%20tags%2C%20sidebar3_ad_mapping%22%7D%2C%7B%22sd%22%3A%227%22%2C%22s%22%3A%5B%22728x90%22%2C%22320x100%22%2C%22320x50%22%2C%22300x50%22%5D%2C%22sn%22%3A%22%27%2F7021%2Fcue_sites%2F%27%20%2B%20tags%2C%20article_ad_mapping%22%7D%2C%7B%22sd%22%3A%228%22%2C%22s%22%3A%5B%22728x90%22%2C%22320x100%22%2C%22320x50%22%2C%22300x50%22%5D%2C%22sn%22%3A%22%27%2F7021%2Fcue_sites%2F%27%20%2B%20tags%2C%20article_ad_mapping%22%7D%2C%7B%22sd%22%3A%229%22%2C%22s%22%3A%5B%22728x90%22%2C%22320x100%22%2C%22320x50%22%2C%22300x50%22%5D%2C%22sn%22%3A%22%27%2F7021%2Fcue_sites%2F%27%20%2B%20tags%2C%20article_ad_mapping%22%7D%2C%7B%22sd%22%3A%2210%22%2C%22s%22%3A%5B%22320x50%22%5D%2C%22sn%22%3A%22%27%2F7021%2Fcue_sites%2F%27%20%2B%20tags%2C%20%5B320%2C%2050%5D%22%7D%2C%7B%22sd%22%3A%2211%22%2C%22s%22%3A%5B%22320x50%22%5D%2C%22sn%22%3A%22%27%2F7021%2Fcue_sites%2F%27%20%2B%20tags%2C%20%5B320%2C%2050%5D%22%7D%2C%7B%22sd%22%3A%2212%22%2C%22s%22%3A%5B%22320x50%22%5D%2C%22sn%22%3A%22%27%2F7021%2Fcue_sites%2F%27%20%2B%20tags%2C%20%5B320%2C%2050%5D%22%7D%2C%7B%22sd%22%3A%2213%22%2C%22s%22%3A%5B%22300x600%22%5D%2C%22sn%22%3A%22%27%2F7021%2Fcue_sites%2F%27%20%2B%20tags%2C%20%5B300%2C%20600%5D%22%7D%2C%7B%22sd%22%3A%2214%22%2C%22s%22%3A%5B%22300x600%22%5D%2C%22sn%22%3A%22%27%2F7021%2Fcue_sites%2F%27%20%2B%20tags%2C%20%5B300%2C%20600%5D%22%7D%2C%7B%22sd%22%3A%2215%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%27%2F7021%2Fcue_sites%2F%27%20%2B%20tags%2C%20%5B300%2C%20250%5D%22%7D%2C%7B%22sd%22%3A%2216%22%2C%22s%22%3A%5B%22300x250%22%2C%22300x600%22%5D%2C%22sn%22%3A%22%27%2F7021%2Fcue_sites%2F%27%20%2B%20tags%2C%20st_homepage_spot_ad_mapping%22%7D%5D&pubid=59950d2e-4dfc-490d-92ee-81f8d387b7dd&gdprl=%7B%22status%22%3A%22no-cmp%22%7D Requested by Host: c.amazon-adsystem.com URL: https://c.amazon-adsystem.com/aax2/apstag.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.186.4 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-186-4.fra2.r.cloudfront.net Software Server / Resource Hash 745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Fri, 24 Sep 2021 05:08:41 GMT via 1.1 f046bfa1468bb4385e357c8c9128cf51.cloudfront.net (CloudFront) server Server x-amz-cf-pop FRA2-C1 vary User-Agent x-cache Miss from cloudfront content-type text/javascript;charset=UTF-8 access-control-allow-origin https://www.grandforksherald.com access-control-allow-credentials true timing-allow-origin * content-length 23 x-amz-cf-id gknHpeTvi4IqNRed-vybVoUJ6rp5PKEvrV3zLxp1qez0HHEsuilzSw==
GET H3	200	integrator.js Show response adservice.google.com/adsid/	107 B 122 B	32ms 18ms	Script application/javascript	142.250.186.66 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://adservice.google.com/adsid/integrator.js?domain=www.grandforksherald.com Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021092101.js?31062914 Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.186.66 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s05-in-f2.1e100.net Software cafe / Resource Hash a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers timing-allow-origin * date Fri, 24 Sep 2021 05:08:41 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info." cache-control private, no-cache, no-store cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type application/javascript; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 100 x-xss-protection 0
GET H3	200	ads Show response securepubads.g.doubleclick.net/gampad/	478 B 281 B	98ms 84ms	XHR text/plain	142.250.184.194 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2662016907880576&correlator=2524497906848203&output=ldjh&impl=fifs&hxva=1&scor=3446825522224359&eid=31062536%2C31062914%2C44750532&vrg=2021092101&ptt=17&us_privacy=1---&sc=1&sfv=1-0-38&ecs=20210924&iu_parts=7021%2Ccue_sites%2Cbusiness%2Cagriculture&enc_prev_ius=%2F0%2F1%2F2%2F3&prev_iu_szs=150x26&prev_scp=kw%3DAGRICULTURE%2CAgweek%2CCRYSTAL%2520VALLEY%2520COOPERATIVE%2CRansomware%2Cgrandforksherald%26position%3Dweather-header-container&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1632434144&dt=1632460121598&dlt=1632460120054&idt=531&frm=20&biw=1600&bih=1200&oid=3&adxs=153&adys=176&adks=1660045673&ucis=1&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.grandforksherald.com%2Fbusiness%2Fagriculture%2F7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack&vis=1&dmc=8&scr_x=0&scr_y=0&psz=100x26&msz=150x0&ga_vid=962869590.1632460121&ga_sid=1632460122&ga_hid=2088399970&ga_fc=false&fws=128&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0. Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021092101.js?31062914 Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.184.194 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s11-in-f2.1e100.net Software cafe / Resource Hash c6b54c32befd7758136c129071f1be17c6be1b150fddc412fd977e324690d3b4 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Fri, 24 Sep 2021 05:08:41 GMT content-encoding br x-content-type-options nosniff google-mediationgroup-id -2 p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 252 x-xss-protection 0 google-lineitem-id -2 pragma no-cache server cafe google-mediationtag-id -2 google-creative-id -2 content-type text/plain; charset=UTF-8 access-control-allow-origin https://www.grandforksherald.com cache-control no-cache, must-revalidate access-control-allow-credentials true timing-allow-origin * expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	container.html Show response e7721a49896b4e0467640f3caf5a08db.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame E696	6 KB 4 KB	88ms 14ms	Document text/html	142.250.184.193 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://e7721a49896b4e0467640f3caf5a08db.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021092101.js?31062914 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.184.193 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s11-in-f1.1e100.net Software sffe / Resource Hash a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers :method GET :authority e7721a49896b4e0467640f3caf5a08db.safeframe.googlesyndication.com :scheme https :path /safeframe/1-0-38/html/container.html pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 accept-language de-DE,de;q=0.9 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest iframe referer https://www.grandforksherald.com/ accept-encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ Response headers accept-ranges bytes vary Accept-Encoding content-encoding gzip content-type text/html cross-origin-resource-policy cross-origin cross-origin-opener-policy-report-only same-origin; report-to="ads-gpt-scs" report-to {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]} timing-allow-origin * content-length 3108 date Fri, 24 Sep 2021 05:08:41 GMT expires Sat, 24 Sep 2022 05:08:41 GMT cache-control public, immutable, max-age=31536000 last-modified Tue, 02 Mar 2021 20:17:03 GMT x-content-type-options nosniff server sffe x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H2	200	weather-announcements-all.php Show response di0pj5fi16z67.cloudfront.net/	416 B 800 B	980ms 944ms	XHR application/json	13.224.194.32 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://di0pj5fi16z67.cloudfront.net/weather-announcements-all.php?publication=grandforksherald&format=json&group=all Requested by Host: code.jquery.com URL: https://code.jquery.com/jquery-3.5.0.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.194.32 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-194-32.fra2.r.cloudfront.net Software Apache/2.4.29 (Ubuntu) / Resource Hash 3832e530ec47518cf85231f6466f5d85b3fdce65f2458da510c2be92b53774b7 Request headers Accept application/json, text/javascript, */*; q=0.01 Referer https://www.grandforksherald.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Fri, 24 Sep 2021 05:08:42 GMT via 1.1 69f13f852a135432abb1b7bfc5a8b421.cloudfront.net (CloudFront) server Apache/2.4.29 (Ubuntu) x-edge-origin-shield-skipped 0 x-cache Miss from cloudfront content-type application/json access-control-allow-origin * access-control-allow-credentials true x-amz-cf-pop FRA2-C1 access-control-allow-headers origin, x-requested-with, content-type content-length 416 x-amz-cf-id oxLuPwuYud8vlAMk1V0v-4WR2Cvhq-ut_a4Lxs19zeSZM-frOtYafQ==
GET H2	200	bid Show response c.amazon-adsystem.com/e/dtb/	23 B 377 B	132ms 132ms	XHR text/javascript	13.224.186.4 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.grandforksherald.com%2Fbusiness%2Fagriculture%2F7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack&pid=6xCv8IJNkrhok&cb=1&ws=1600x1200&v=7.69.01&t=1200&slots=%5B%7B%22sd%22%3A%220%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x90%22%2C%22970x250%22%2C%22320x100%22%2C%22320x50%22%2C%22300x50%22%5D%2C%22sn%22%3A%22%27%2F7021%2Fcue_sites%2F%27%20%2B%20tags%2C%20leaderboard_ad_mapping%22%7D%2C%7B%22sd%22%3A%221%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x90%22%2C%22970x250%22%2C%22320x100%22%2C%22320x50%22%2C%22300x50%22%5D%2C%22sn%22%3A%22%27%2F7021%2Fcue_sites%2F%27%20%2B%20tags%2C%20leaderboard_ad_mapping%22%7D%2C%7B%22sd%22%3A%222%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x90%22%2C%22970x250%22%2C%22320x100%22%2C%22320x50%22%2C%22300x50%22%5D%2C%22sn%22%3A%22%27%2F7021%2Fcue_sites%2F%27%20%2B%20tags%2C%20leaderboard_ad_mapping%22%7D%2C%7B%22sd%22%3A%223%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x90%22%2C%22970x250%22%2C%22320x100%22%2C%22320x50%22%2C%22300x50%22%5D%2C%22sn%22%3A%22%27%2F7021%2Fcue_sites%2F%27%20%2B%20tags%2C%20leaderboard_ad_mapping%22%7D%2C%7B%22sd%22%3A%224%22%2C%22s%22%3A%5B%22300x600%22%2C%22120x600%22%2C%22160x600%22%2C%22300x250%22%2C%22320x100%22%2C%22320x50%22%2C%22300x50%22%2C%22250x250%22%5D%2C%22sn%22%3A%22%27%2F7021%2Fcue_sites%2F%27%20%2B%20tags%2C%20sidebar1_ad_mapping%22%7D%2C%7B%22sd%22%3A%225%22%2C%22s%22%3A%5B%22300x250%22%2C%22320x100%22%2C%22320x50%22%2C%22300x50%22%2C%22250x250%22%5D%2C%22sn%22%3A%22%27%2F7021%2Fcue_sites%2F%27%20%2B%20tags%2C%20sidebar2_ad_mapping%22%7D%2C%7B%22sd%22%3A%226%22%2C%22s%22%3A%5B%22300x600%22%2C%22300x250%22%2C%22320x100%22%2C%22320x50%22%2C%22300x50%22%2C%22250x250%22%5D%2C%22sn%22%3A%22%27%2F7021%2Fcue_sites%2F%27%20%2B%20tags%2C%20sidebar3_ad_mapping%22%7D%2C%7B%22sd%22%3A%227%22%2C%22s%22%3A%5B%22728x90%22%2C%22320x100%22%2C%22320x50%22%2C%22300x50%22%5D%2C%22sn%22%3A%22%27%2F7021%2Fcue_sites%2F%27%20%2B%20tags%2C%20article_ad_mapping%22%7D%2C%7B%22sd%22%3A%228%22%2C%22s%22%3A%5B%22728x90%22%2C%22320x100%22%2C%22320x50%22%2C%22300x50%22%5D%2C%22sn%22%3A%22%27%2F7021%2Fcue_sites%2F%27%20%2B%20tags%2C%20article_ad_mapping%22%7D%2C%7B%22sd%22%3A%229%22%2C%22s%22%3A%5B%22728x90%22%2C%22320x100%22%2C%22320x50%22%2C%22300x50%22%5D%2C%22sn%22%3A%22%27%2F7021%2Fcue_sites%2F%27%20%2B%20tags%2C%20article_ad_mapping%22%7D%2C%7B%22sd%22%3A%2210%22%2C%22s%22%3A%5B%22320x50%22%5D%2C%22sn%22%3A%22%27%2F7021%2Fcue_sites%2F%27%20%2B%20tags%2C%20%5B320%2C%2050%5D%22%7D%2C%7B%22sd%22%3A%2211%22%2C%22s%22%3A%5B%22320x50%22%5D%2C%22sn%22%3A%22%27%2F7021%2Fcue_sites%2F%27%20%2B%20tags%2C%20%5B320%2C%2050%5D%22%7D%2C%7B%22sd%22%3A%2212%22%2C%22s%22%3A%5B%22320x50%22%5D%2C%22sn%22%3A%22%27%2F7021%2Fcue_sites%2F%27%20%2B%20tags%2C%20%5B320%2C%2050%5D%22%7D%2C%7B%22sd%22%3A%2213%22%2C%22s%22%3A%5B%22300x600%22%5D%2C%22sn%22%3A%22%27%2F7021%2Fcue_sites%2F%27%20%2B%20tags%2C%20%5B300%2C%20600%5D%22%7D%2C%7B%22sd%22%3A%2214%22%2C%22s%22%3A%5B%22300x600%22%5D%2C%22sn%22%3A%22%27%2F7021%2Fcue_sites%2F%27%20%2B%20tags%2C%20%5B300%2C%20600%5D%22%7D%2C%7B%22sd%22%3A%2215%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%27%2F7021%2Fcue_sites%2F%27%20%2B%20tags%2C%20%5B300%2C%20250%5D%22%7D%2C%7B%22sd%22%3A%2216%22%2C%22s%22%3A%5B%22300x250%22%2C%22300x600%22%5D%2C%22sn%22%3A%22%27%2F7021%2Fcue_sites%2F%27%20%2B%20tags%2C%20st_homepage_spot_ad_mapping%22%7D%5D&pubid=59950d2e-4dfc-490d-92ee-81f8d387b7dd&gdprl=%7B%22status%22%3A%22no-cmp%22%7D Requested by Host: c.amazon-adsystem.com URL: https://c.amazon-adsystem.com/aax2/apstag.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.186.4 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-186-4.fra2.r.cloudfront.net Software Server / Resource Hash 89b4aa9e9bf8516c2ab7b5134f65d47b02071637259a14c9f60dccc207e05ce4 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Fri, 24 Sep 2021 05:08:41 GMT via 1.1 f046bfa1468bb4385e357c8c9128cf51.cloudfront.net (CloudFront) server Server x-amz-cf-pop FRA2-C1 vary User-Agent x-cache Miss from cloudfront content-type text/javascript;charset=UTF-8 access-control-allow-origin https://www.grandforksherald.com access-control-allow-credentials true timing-allow-origin * content-length 23 x-amz-cf-id 5xcDwxepR_HEMCtyS0p2UdkuFVwuV2uvW7AsclIgCPqGflsbXNXRcA==
GET H2	200	arj Show response forumcomm-d.openx.net/w/1.0/	173 B 567 B	65ms 28ms	XHR application/json	35.244.159.8 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://forumcomm-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fwww.grandforksherald.com%2Fbusiness%2Fagriculture%2F7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=ac57fdfe-c3d5-481b-a09a-7ad52e0177ad&nocache=1632460121627&aus=980x330%2C728x90%2C960x200%2C930x180%2C970x90%2C970x250%2C970x66%2C980x120&divIds=banner-1&auid=540477224 Requested by Host: www.grandforksherald.com URL: https://www.grandforksherald.com/theme/js/prebid.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS 8.159.244.35.bc.googleusercontent.com Software OXGW/16.216.2 / Resource Hash 655dcf9303f9ef2a942e5e9bf9aff5d1220bdff4a39819c81038dfc304044d52 Request headers Referer https://www.grandforksherald.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Content-Type text/plain Response headers pragma no-cache date Fri, 24 Sep 2021 05:08:41 GMT content-encoding gzip server OXGW/16.216.2 vary Accept, Accept-Encoding p3p CP="CUR ADM OUR NOR STA NID" access-control-allow-origin https://www.grandforksherald.com cache-control private, max-age=0, no-cache access-control-allow-credentials true content-type application/json alt-svc clear content-length 165 via 1.1 google expires Mon, 26 Jul 1997 05:00:00 GMT
GET H2	200	cygnus Show response htlb.casalemedia.com/	25 B 381 B	330ms 282ms	XHR application/json	184.31.84.150 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://htlb.casalemedia.com/cygnus?s=248828&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%2210456dd2cea4f6b%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fwww.grandforksherald.com%2Fbusiness%2Fagriculture%2F7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A5%2C%22msi%22%3A5%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%2211f4a60fd3ce8d3%22%2C%22ext%22%3A%7B%22siteID%22%3A%22248828%22%2C%22sid%22%3A%22728x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2212fd2e4899cb9ab%22%2C%22ext%22%3A%7B%22siteID%22%3A%22248842%22%2C%22sid%22%3A%22970x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2213974f2d3d8edd1%22%2C%22ext%22%3A%7B%22siteID%22%3A%22248840%22%2C%22sid%22%3A%22970x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2211f4a60fd3ce8d3%22%2C%22ext%22%3A%7B%22siteID%22%3A%22248828%22%2C%22sid%22%3A%22980x330%22%7D%2C%22banner%22%3A%7B%22w%22%3A980%2C%22h%22%3A330%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2211f4a60fd3ce8d3%22%2C%22ext%22%3A%7B%22siteID%22%3A%22248828%22%2C%22sid%22%3A%22960x200%22%7D%2C%22banner%22%3A%7B%22w%22%3A960%2C%22h%22%3A200%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2211f4a60fd3ce8d3%22%2C%22ext%22%3A%7B%22siteID%22%3A%22248828%22%2C%22sid%22%3A%22930x180%22%7D%2C%22banner%22%3A%7B%22w%22%3A930%2C%22h%22%3A180%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2211f4a60fd3ce8d3%22%2C%22ext%22%3A%7B%22siteID%22%3A%22248828%22%2C%22sid%22%3A%22970x66%22%7D%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A66%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2211f4a60fd3ce8d3%22%2C%22ext%22%3A%7B%22siteID%22%3A%22248828%22%2C%22sid%22%3A%22980x120%22%7D%2C%22banner%22%3A%7B%22w%22%3A980%2C%22h%22%3A120%2C%22topframe%22%3A1%7D%7D%5D%7D Requested by Host: www.grandforksherald.com URL: https://www.grandforksherald.com/theme/js/prebid.min.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 184.31.84.150 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a184-31-84-150.deploy.static.akamaitechnologies.com Software Apache / Resource Hash b4701e04ae4c43a380935e8a3cdb52523d38476e0aa9b37aecf0f7063993fced Request headers Referer https://www.grandforksherald.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Content-Type text/plain Response headers pragma no-cache date Fri, 24 Sep 2021 05:08:41 GMT content-encoding gzip x-ak-initial-geo CC:[DE], RC:[HE], CN:[EU], CIP:[216.131.114.127], XFF:[] server Apache vary Is-Traffic-Invalid,Accept-Encoding content-type application/json access-control-allow-origin https://www.grandforksherald.com x-cs-client-geo 12 cache-control max-age=0, no-cache, no-store access-control-allow-credentials true content-length 45 x-ak-client-geo 12 expires Fri, 24 Sep 2021 05:08:41 GMT
POST H/1.1	200 OK	prebid Show response ib.adnxs.com/ut/v3/	13 KB 8 KB	120ms 74ms	XHR application/json	185.33.221.13 ASN-APPNEX
General Check archive.org Show headers Download Go to Full URL https://ib.adnxs.com/ut/v3/prebid Requested by Host: www.grandforksherald.com URL: https://www.grandforksherald.com/theme/js/prebid.min.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 185.33.221.13 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US), Reverse DNS 729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net Software nginx/1.17.9 / Resource Hash 3866da0ec13e89014dc271c8367d191db27174a02fa558f068c0133cabf89915 Security Headers Name Value X-Xss-Protection 0 Request headers Referer https://www.grandforksherald.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Content-Type text/plain Response headers Date Fri, 24 Sep 2021 05:08:41 GMT Content-Encoding gzip Transfer-Encoding chunked P3P policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" Connection keep-alive X-Proxy-Origin 216.131.114.127; 216.131.114.127; 729.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com X-XSS-Protection 0 Pragma no-cache AN-X-Request-Uuid b2784566-41bf-4627-a874-46aa5c5e808b Server nginx/1.17.9 Vary Accept-Encoding Content-Type application/json; charset=utf-8 Access-Control-Allow-Origin https://www.grandforksherald.com Cache-Control no-store, no-cache, private Access-Control-Allow-Credentials true Expires Sat, 15 Nov 2008 16:00:00 GMT
POST H2	204	v1 Show response dmx.districtm.io/b/	0 35 B	46ms 14ms	XHR text/plain	104.16.190.66 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://dmx.districtm.io/b/v1 Requested by Host: www.grandforksherald.com URL: https://www.grandforksherald.com/theme/js/prebid.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.16.190.66 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://www.grandforksherald.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Content-Type text/plain Response headers date Fri, 24 Sep 2021 05:08:41 GMT server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding access-control-allow-methods GET, HEAD, POST, OPTIONS access-control-allow-origin https://www.grandforksherald.com access-control-allow-credentials true cf-ray 69397f106bfc6928-FRA access-control-allow-headers Content-Type, Origin
GET		ADTECH;v=2;cmd=bid;cors=yes;alias=28d6cd19e775133;misc=1632460121633; adserver-us.adtech.advertising.com/pubapi/3.0/10798.1/4330528/0/0/	0 0
GET		ADTECH;v=2;cmd=bid;cors=yes;alias=29de0ac1acfd709;misc=1632460121633; adserver-us.adtech.advertising.com/pubapi/3.0/10798.1/4330526/0/0/	0 0
GET H/1.1	200 OK	fastlane.json Show response fastlane.rubiconproject.com/a/api/	261 B 2 KB	141ms 120ms	XHR application/json	69.173.144.143 RUBICONPROJECT
General Check archive.org Show headers Download Go to Full URL https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=12144&site_id=44028&zone_id=190792&size_id=2&alt_size_ids=31%2C38%2C55%2C57&rf=https%3A%2F%2Fwww.grandforksherald.com%2Fbusiness%2Fagriculture%2F7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack&tk_flint=pbjs_lite_v4.20.0&x_source.tid=ac57fdfe-c3d5-481b-a09a-7ad52e0177ad&p_screen_res=1600x1200&rp_secure=1&slots=1&rand=0.039618612681224574 Requested by Host: www.grandforksherald.com URL: https://www.grandforksherald.com/theme/js/prebid.min.js Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_256_GCM Server 69.173.144.143 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US), Reverse DNS Software nginx/1.16.0 / Resource Hash 52a3f5b286fc7a394d7acd712afd0c98567e737476f4a788b6450e952917f644 Request headers Referer https://www.grandforksherald.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Content-Type text/plain Response headers Pragma no-cache Date Fri, 24 Sep 2021 05:08:41 GMT Server nginx/1.16.0 Vary Accept-Encoding P3P CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT" Access-Control-Allow-Origin https://www.grandforksherald.com Cache-Control no-cache, no-store, max-age=0, must-revalidate Access-Control-Allow-Credentials true Connection keep-alive Content-Type application/json Content-Length 261 Expires Wed, 17 Sep 1975 21:32:10 GMT
POST H/1.1	200 OK	prebid Show response ib.adnxs.com/ut/v3/	142 B 1 KB	105ms 62ms	XHR application/json	185.33.221.13 ASN-APPNEX
General Check archive.org Show headers Download Go to Full URL https://ib.adnxs.com/ut/v3/prebid Requested by Host: www.grandforksherald.com URL: https://www.grandforksherald.com/theme/js/prebid.min.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 185.33.221.13 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US), Reverse DNS 729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net Software nginx/1.17.9 / Resource Hash d569e8fbc440ebf4ff3b773bcd365de1e93abad6141760e6bd3494e8abf7ca75 Security Headers Name Value X-Xss-Protection 0 Request headers Referer https://www.grandforksherald.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Content-Type text/plain Response headers Pragma no-cache Date Fri, 24 Sep 2021 05:08:41 GMT X-Proxy-Origin 216.131.114.127; 216.131.114.127; 729.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com AN-X-Request-Uuid f3e1bd0d-efdb-4356-8f0f-b7de4eeb0920 Server nginx/1.17.9 P3P policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" Access-Control-Allow-Origin https://www.grandforksherald.com Cache-Control no-store, no-cache, private Access-Control-Allow-Credentials true Connection keep-alive Content-Type application/json; charset=utf-8 Content-Length 142 X-XSS-Protection 0 Expires Sat, 15 Nov 2008 16:00:00 GMT
GET H/1.1	200 OK	bidRequest Show response c2shb.ssp.yahoo.com/	62 B 484 B	302ms 210ms	XHR application/json	52.28.203.152 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a9698480174740b89970c9353d4003a&pos=8a9698480174740b89970c94bd890040&cmd=bid&secure=1 Requested by Host: www.grandforksherald.com URL: https://www.grandforksherald.com/theme/js/prebid.min.js Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 52.28.203.152 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-28-203-152.eu-central-1.compute.amazonaws.com Software ATS/7.1.2.138 / Resource Hash ba2cefb9e409d9cda43bf8f027d09fd23bf09a15970bca032ea8fe1e8676dee1 Request headers Referer https://www.grandforksherald.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Content-Type text/plain Response headers Date Fri, 24 Sep 2021 05:08:41 GMT Server ATS/7.1.2.138 Age 0 Vary Origin, Access-Control-Request-Method, Access-Control-Request-Headers Access-Control-Allow-Methods POST,GET,HEAD,OPTIONS Content-Type application/json;charset=utf-8 Access-Control-Allow-Origin https://www.grandforksherald.com Access-Control-Allow-Credentials true Connection keep-alive Content-Length 62
GET H/1.1	200 OK	bidRequest Show response c2shb.ssp.yahoo.com/	62 B 484 B	163ms 71ms	XHR application/json	52.28.203.152 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a9698480174740b89970c9353d4003a&pos=8a9698480174740b89970c943e1c003e&cmd=bid&secure=1 Requested by Host: www.grandforksherald.com URL: https://www.grandforksherald.com/theme/js/prebid.min.js Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 52.28.203.152 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-28-203-152.eu-central-1.compute.amazonaws.com Software ATS/7.1.2.138 / Resource Hash b985c7e8988e05d50544a82c157410b483661347d8d2f470aefd78d84829634d Request headers Referer https://www.grandforksherald.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Content-Type text/plain Response headers Date Fri, 24 Sep 2021 05:08:41 GMT Server ATS/7.1.2.138 Age 0 Vary Origin, Access-Control-Request-Method, Access-Control-Request-Headers Access-Control-Allow-Methods POST,GET,HEAD,OPTIONS Content-Type application/json;charset=utf-8 Access-Control-Allow-Origin https://www.grandforksherald.com Access-Control-Allow-Credentials true Connection keep-alive Content-Length 62
GET H2	200	bid Show response c.amazon-adsystem.com/e/dtb/	23 B 376 B	120ms 119ms	XHR text/javascript	13.224.186.4 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.grandforksherald.com%2Fbusiness%2Fagriculture%2F7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack&pid=6xCv8IJNkrhok&cb=2&ws=1600x1200&v=7.69.01&t=1200&slots=%5B%7B%22sd%22%3A%220%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x90%22%2C%22970x250%22%2C%22320x100%22%2C%22320x50%22%2C%22300x50%22%5D%2C%22sn%22%3A%22%27%2F7021%2Fcue_sites%2F%27%20%2B%20tags%2C%20leaderboard_ad_mapping%22%7D%2C%7B%22sd%22%3A%221%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x90%22%2C%22970x250%22%2C%22320x100%22%2C%22320x50%22%2C%22300x50%22%5D%2C%22sn%22%3A%22%27%2F7021%2Fcue_sites%2F%27%20%2B%20tags%2C%20leaderboard_ad_mapping%22%7D%2C%7B%22sd%22%3A%222%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x90%22%2C%22970x250%22%2C%22320x100%22%2C%22320x50%22%2C%22300x50%22%5D%2C%22sn%22%3A%22%27%2F7021%2Fcue_sites%2F%27%20%2B%20tags%2C%20leaderboard_ad_mapping%22%7D%2C%7B%22sd%22%3A%223%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x90%22%2C%22970x250%22%2C%22320x100%22%2C%22320x50%22%2C%22300x50%22%5D%2C%22sn%22%3A%22%27%2F7021%2Fcue_sites%2F%27%20%2B%20tags%2C%20leaderboard_ad_mapping%22%7D%2C%7B%22sd%22%3A%224%22%2C%22s%22%3A%5B%22300x600%22%2C%22120x600%22%2C%22160x600%22%2C%22300x250%22%2C%22320x100%22%2C%22320x50%22%2C%22300x50%22%2C%22250x250%22%5D%2C%22sn%22%3A%22%27%2F7021%2Fcue_sites%2F%27%20%2B%20tags%2C%20sidebar1_ad_mapping%22%7D%2C%7B%22sd%22%3A%225%22%2C%22s%22%3A%5B%22300x250%22%2C%22320x100%22%2C%22320x50%22%2C%22300x50%22%2C%22250x250%22%5D%2C%22sn%22%3A%22%27%2F7021%2Fcue_sites%2F%27%20%2B%20tags%2C%20sidebar2_ad_mapping%22%7D%2C%7B%22sd%22%3A%226%22%2C%22s%22%3A%5B%22300x600%22%2C%22300x250%22%2C%22320x100%22%2C%22320x50%22%2C%22300x50%22%2C%22250x250%22%5D%2C%22sn%22%3A%22%27%2F7021%2Fcue_sites%2F%27%20%2B%20tags%2C%20sidebar3_ad_mapping%22%7D%2C%7B%22sd%22%3A%227%22%2C%22s%22%3A%5B%22728x90%22%2C%22320x100%22%2C%22320x50%22%2C%22300x50%22%5D%2C%22sn%22%3A%22%27%2F7021%2Fcue_sites%2F%27%20%2B%20tags%2C%20article_ad_mapping%22%7D%2C%7B%22sd%22%3A%228%22%2C%22s%22%3A%5B%22728x90%22%2C%22320x100%22%2C%22320x50%22%2C%22300x50%22%5D%2C%22sn%22%3A%22%27%2F7021%2Fcue_sites%2F%27%20%2B%20tags%2C%20article_ad_mapping%22%7D%2C%7B%22sd%22%3A%229%22%2C%22s%22%3A%5B%22728x90%22%2C%22320x100%22%2C%22320x50%22%2C%22300x50%22%5D%2C%22sn%22%3A%22%27%2F7021%2Fcue_sites%2F%27%20%2B%20tags%2C%20article_ad_mapping%22%7D%2C%7B%22sd%22%3A%2210%22%2C%22s%22%3A%5B%22320x50%22%5D%2C%22sn%22%3A%22%27%2F7021%2Fcue_sites%2F%27%20%2B%20tags%2C%20%5B320%2C%2050%5D%22%7D%2C%7B%22sd%22%3A%2211%22%2C%22s%22%3A%5B%22320x50%22%5D%2C%22sn%22%3A%22%27%2F7021%2Fcue_sites%2F%27%20%2B%20tags%2C%20%5B320%2C%2050%5D%22%7D%2C%7B%22sd%22%3A%2212%22%2C%22s%22%3A%5B%22320x50%22%5D%2C%22sn%22%3A%22%27%2F7021%2Fcue_sites%2F%27%20%2B%20tags%2C%20%5B320%2C%2050%5D%22%7D%2C%7B%22sd%22%3A%2213%22%2C%22s%22%3A%5B%22300x600%22%5D%2C%22sn%22%3A%22%27%2F7021%2Fcue_sites%2F%27%20%2B%20tags%2C%20%5B300%2C%20600%5D%22%7D%2C%7B%22sd%22%3A%2214%22%2C%22s%22%3A%5B%22300x600%22%5D%2C%22sn%22%3A%22%27%2F7021%2Fcue_sites%2F%27%20%2B%20tags%2C%20%5B300%2C%20600%5D%22%7D%2C%7B%22sd%22%3A%2215%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%27%2F7021%2Fcue_sites%2F%27%20%2B%20tags%2C%20%5B300%2C%20250%5D%22%7D%2C%7B%22sd%22%3A%2216%22%2C%22s%22%3A%5B%22300x250%22%2C%22300x600%22%5D%2C%22sn%22%3A%22%27%2F7021%2Fcue_sites%2F%27%20%2B%20tags%2C%20st_homepage_spot_ad_mapping%22%7D%5D&pubid=59950d2e-4dfc-490d-92ee-81f8d387b7dd&gdprl=%7B%22status%22%3A%22no-cmp%22%7D Requested by Host: cdnjs.cloudflare.com URL: https://cdnjs.cloudflare.com/ajax/libs/rollbar.js/2.4.6/rollbar.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.186.4 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-186-4.fra2.r.cloudfront.net Software Server / Resource Hash 5d7c7d25a0da74c0dd466120c3c09bd94cb982fc66ebc4a78675339f37323bf5 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Fri, 24 Sep 2021 05:08:41 GMT via 1.1 f046bfa1468bb4385e357c8c9128cf51.cloudfront.net (CloudFront) server Server x-amz-cf-pop FRA2-C1 vary User-Agent x-cache Miss from cloudfront content-type text/javascript;charset=UTF-8 access-control-allow-origin https://www.grandforksherald.com access-control-allow-credentials true timing-allow-origin * content-length 23 x-amz-cf-id pCl4qd2AlZEaZhE8E3qwousafdlF9cims0cG19JNrBFPsJy3Mw7vRw==
POST H2	204	v1 Show response dmx.districtm.io/b/	0 291 B	32ms 12ms	XHR text/plain	104.16.190.66 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://dmx.districtm.io/b/v1 Requested by Host: cdnjs.cloudflare.com URL: https://cdnjs.cloudflare.com/ajax/libs/rollbar.js/2.4.6/rollbar.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.16.190.66 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://www.grandforksherald.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Content-Type text/plain Response headers date Fri, 24 Sep 2021 05:08:41 GMT server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding access-control-allow-methods GET, HEAD, POST, OPTIONS access-control-allow-origin https://www.grandforksherald.com access-control-allow-credentials true cf-ray 69397f106bfd6928-FRA access-control-allow-headers Content-Type, Origin
GET		ADTECH;v=2;cmd=bid;cors=yes;alias=47eb09731b9c6f8;misc=1632460121644; adserver-us.adtech.advertising.com/pubapi/3.0/10798.1/4330525/0/0/	0 0
GET		ADTECH;v=2;cmd=bid;cors=yes;alias=48658989353c572;misc=1632460121644; adserver-us.adtech.advertising.com/pubapi/3.0/10798.1/4330526/0/0/	0 0
GET H2	200	cygnus Show response htlb.casalemedia.com/	24 B 380 B	110ms 78ms	XHR application/json	184.31.84.150 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://htlb.casalemedia.com/cygnus?s=248828&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%22350392ff77f523%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fwww.grandforksherald.com%2Fbusiness%2Fagriculture%2F7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A0%2C%22msi%22%3A0%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%2236f311343730a02%22%2C%22ext%22%3A%7B%22siteID%22%3A%22248828%22%2C%22sid%22%3A%22728x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%5D%7D Requested by Host: cdnjs.cloudflare.com URL: https://cdnjs.cloudflare.com/ajax/libs/rollbar.js/2.4.6/rollbar.min.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 184.31.84.150 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a184-31-84-150.deploy.static.akamaitechnologies.com Software Apache / Resource Hash 2b9b3dc518ffb33d6ceb614a06fb34c59e3b2949e469bd592d1b7760793d43ac Request headers Referer https://www.grandforksherald.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Content-Type text/plain Response headers pragma no-cache date Fri, 24 Sep 2021 05:08:41 GMT content-encoding gzip x-ak-initial-geo CC:[DE], RC:[HE], CN:[EU], CIP:[216.131.114.127], XFF:[] server Apache vary Is-Traffic-Invalid,Accept-Encoding content-type application/json access-control-allow-origin https://www.grandforksherald.com x-cs-client-geo 12 cache-control max-age=0, no-cache, no-store access-control-allow-credentials true content-length 44 x-ak-client-geo 12 expires Fri, 24 Sep 2021 05:08:41 GMT
GET H/1.1	200 OK	fastlane.json Show response fastlane.rubiconproject.com/a/api/	238 B 2 KB	89ms 70ms	XHR application/json	69.173.144.143 RUBICONPROJECT
General Check archive.org Show headers Download Go to Full URL https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=12144&site_id=44028&zone_id=190792&size_id=2&rf=https%3A%2F%2Fwww.grandforksherald.com%2Fbusiness%2Fagriculture%2F7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack&tk_flint=pbjs_lite_v4.20.0&x_source.tid=5592fb59-9e3b-48a2-908a-21fef02c1a73&p_screen_res=1600x1200&rp_secure=1&slots=1&rand=0.48703848672119365 Requested by Host: cdnjs.cloudflare.com URL: https://cdnjs.cloudflare.com/ajax/libs/rollbar.js/2.4.6/rollbar.min.js Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_256_GCM Server 69.173.144.143 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US), Reverse DNS Software nginx/1.16.0 / Resource Hash 08d22644acc0bdc20b4a622ecc921ea821911dd97376a5acc7c07fd6c417ada8 Request headers Referer https://www.grandforksherald.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Content-Type text/plain Response headers Pragma no-cache Date Fri, 24 Sep 2021 05:08:41 GMT Server nginx/1.16.0 Vary Accept-Encoding P3P CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT" Access-Control-Allow-Origin https://www.grandforksherald.com Cache-Control no-cache, no-store, max-age=0, must-revalidate Access-Control-Allow-Credentials true Connection keep-alive Content-Type application/json Content-Length 238 Expires Wed, 17 Sep 1975 21:32:10 GMT
POST H/1.1	200 OK	prebid Show response ib.adnxs.com/ut/v3/	144 B 1 KB	106ms 75ms	XHR application/json	185.33.221.13 ASN-APPNEX
General Check archive.org Show headers Download Go to Full URL https://ib.adnxs.com/ut/v3/prebid Requested by Host: cdnjs.cloudflare.com URL: https://cdnjs.cloudflare.com/ajax/libs/rollbar.js/2.4.6/rollbar.min.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 185.33.221.13 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US), Reverse DNS 729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net Software nginx/1.17.9 / Resource Hash 6fd3b1a70c5cb895fc04276e955c2352c15d5d6f7913722ab4b5a3744861d8f9 Security Headers Name Value X-Xss-Protection 0 Request headers Referer https://www.grandforksherald.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Content-Type text/plain Response headers Pragma no-cache Date Fri, 24 Sep 2021 05:08:41 GMT X-Proxy-Origin 216.131.114.127; 216.131.114.127; 729.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com AN-X-Request-Uuid e312d04c-45ec-4517-9365-f25da6fc71d6 Server nginx/1.17.9 P3P policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" Access-Control-Allow-Origin https://www.grandforksherald.com Cache-Control no-store, no-cache, private Access-Control-Allow-Credentials true Connection keep-alive Content-Type application/json; charset=utf-8 Content-Length 144 X-XSS-Protection 0 Expires Sat, 15 Nov 2008 16:00:00 GMT
GET H/1.1	200 OK	bidRequest Show response c2shb.ssp.yahoo.com/	5 KB 5 KB	201ms 117ms	XHR application/json	52.28.203.152 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a9698480174740b89970c9353d4003a&pos=8a9698480174740b89970c941077003d&cmd=bid&secure=1 Requested by Host: cdnjs.cloudflare.com URL: https://cdnjs.cloudflare.com/ajax/libs/rollbar.js/2.4.6/rollbar.min.js Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 52.28.203.152 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-28-203-152.eu-central-1.compute.amazonaws.com Software ATS/7.1.2.138 / Resource Hash a8f896f7b51f009e3c4b0ec13d0afd9d56e0561a466c2405515cf02e8a5fc94e Request headers Referer https://www.grandforksherald.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Content-Type text/plain Response headers Date Fri, 24 Sep 2021 05:08:41 GMT Server ATS/7.1.2.138 Age 0 Vary Origin, Access-Control-Request-Method, Access-Control-Request-Headers Access-Control-Allow-Methods POST,GET,HEAD,OPTIONS Content-Type application/json;charset=utf-8 Access-Control-Allow-Origin https://www.grandforksherald.com Access-Control-Allow-Credentials true Connection keep-alive Content-Length 4680
GET H2	200	arj Show response forumcomm-d.openx.net/w/1.0/	174 B 357 B	135ms 116ms	XHR application/json	35.244.159.8 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://forumcomm-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fwww.grandforksherald.com%2Fbusiness%2Fagriculture%2F7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=5592fb59-9e3b-48a2-908a-21fef02c1a73&nocache=1632460121647&aus=728x90&divIds=in-article&auid=540477234 Requested by Host: cdnjs.cloudflare.com URL: https://cdnjs.cloudflare.com/ajax/libs/rollbar.js/2.4.6/rollbar.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS 8.159.244.35.bc.googleusercontent.com Software OXGW/16.216.2 / Resource Hash 0ec65293a766c80ea6f0c73ecc0c52e5978867c26b7ddf5c0835f37ffb72834c Request headers Referer https://www.grandforksherald.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Content-Type text/plain Response headers pragma no-cache date Fri, 24 Sep 2021 05:08:41 GMT content-encoding gzip server OXGW/16.216.2 vary Accept, Accept-Encoding p3p CP="CUR ADM OUR NOR STA NID" access-control-allow-origin https://www.grandforksherald.com cache-control private, max-age=0, no-cache access-control-allow-credentials true content-type application/json alt-svc clear content-length 165 via 1.1 google expires Mon, 26 Jul 1997 05:00:00 GMT
POST H/1.1	200 OK	prebid Show response ib.adnxs.com/ut/v3/	13 KB 8 KB	135ms 105ms	XHR application/json	185.33.221.13 ASN-APPNEX
General Check archive.org Show headers Download Go to Full URL https://ib.adnxs.com/ut/v3/prebid Requested by Host: cdnjs.cloudflare.com URL: https://cdnjs.cloudflare.com/ajax/libs/rollbar.js/2.4.6/rollbar.min.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 185.33.221.13 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US), Reverse DNS 729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net Software nginx/1.17.9 / Resource Hash aad197744bec1fa948cdb13671531e89002e8c3191af66712182acb1c012aeba Security Headers Name Value X-Xss-Protection 0 Request headers Referer https://www.grandforksherald.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Content-Type text/plain Response headers Date Fri, 24 Sep 2021 05:08:41 GMT Content-Encoding gzip Transfer-Encoding chunked P3P policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" Connection keep-alive X-Proxy-Origin 216.131.114.127; 216.131.114.127; 729.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com X-XSS-Protection 0 Pragma no-cache AN-X-Request-Uuid efd86d33-db10-4dbb-8412-722ae03f46f3 Server nginx/1.17.9 Vary Accept-Encoding Content-Type application/json; charset=utf-8 Access-Control-Allow-Origin https://www.grandforksherald.com Cache-Control no-store, no-cache, private Access-Control-Allow-Credentials true Expires Sat, 15 Nov 2008 16:00:00 GMT
GET H3	200	ads Show response securepubads.g.doubleclick.net/gampad/	476 B 286 B	42ms 42ms	XHR text/plain	142.250.184.194 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2662016907880576&correlator=3715719439203257&output=ldjh&impl=fifs&hxva=1&scor=3446825522224359&eid=31062536%2C31062914%2C44750532&vrg=2021092101&ptt=17&us_privacy=1---&sc=1&sfv=1-0-38&ecs=20210924&iu_parts=7021%2Ccue_sites%2Cadhesion_banner&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=1550x90&prev_scp=kw%3DAGRICULTURE%2CAgweek%2CCRYSTAL%2520VALLEY%2520COOPERATIVE%2CRansomware%2Cgrandforksherald%26position%3Din-page%26adhesion%3Dtrue&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1632434144&dt=1632460121652&dlt=1632460120054&idt=531&frm=20&biw=1600&bih=1200&oid=3&adxs=25&adys=1110&adks=3153324745&ucis=2&ifi=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.grandforksherald.com%2Fbusiness%2Fagriculture%2F7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1600x3436&msz=1600x90&ga_vid=962869590.1632460121&ga_sid=1632460122&ga_hid=2088399970&ga_fc=false&fws=640&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0. Requested by Host: cdnjs.cloudflare.com URL: https://cdnjs.cloudflare.com/ajax/libs/rollbar.js/2.4.6/rollbar.min.js Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.184.194 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s11-in-f2.1e100.net Software cafe / Resource Hash cecdc0d60c1b1ba310d673dcf45a148bf5161e87487378d13993cb9fd9cd5eca Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Fri, 24 Sep 2021 05:08:41 GMT content-encoding br x-content-type-options nosniff google-mediationgroup-id -2 p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 257 x-xss-protection 0 google-lineitem-id -2 pragma no-cache server cafe google-mediationtag-id -2 google-creative-id -2 content-type text/plain; charset=UTF-8 access-control-allow-origin https://www.grandforksherald.com cache-control no-cache, must-revalidate access-control-allow-credentials true timing-allow-origin * expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	ping ping.chartbeat.net/	43 B 201 B	329ms 106ms	Image image/gif	50.16.218.57 AMAZON-AES
General Check archive.org Show headers Download Go to Show image Full URL https://ping.chartbeat.net/ping?h=grandforksherald.com&p=%2Fbusiness%2Fagriculture%2F7208196-Minnesota-grain-handler-Crystal-Valley-Co-op-targeted-in-ransomware-attack&u=B-vx6HDDkjZCWOUyd&d=grandforksherald.com&g=63431&g0=Agriculture&g1=Tom%20Polansek%20and%20Karl%20Plume%20%2F%20Reuters&g4=article&n=1&f=00001&c=0&x=0&m=0&y=3437&o=1600&w=1200&j=45&R=1&W=0&I=0&E=0&e=0&r=&b=2042&t=ClEDv9BFM13N8wa59Boepq8BBAe6O&V=128&i=Minnesota%20grain%20handler%20Crystal%20Valley%20Co-op%20targeted%20in%20ransomware%20attack%20%7C%20Grand%20Forks%20Herald&tz=0&sn=1&sv=B1cTnFB852ilBkU8eGDWhdDtC2hPDH&sd=1&im=067bfcff&_ Requested by Host: www.grandforksherald.com URL: https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 50.16.218.57 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-50-16-218-57.compute-1.amazonaws.com Software / Resource Hash cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers pragma no-cache date Fri, 24 Sep 2021 05:08:41 GMT cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif content-length 43 expires 0
GET H2	200	layers.fa6cd1947ce26e890d3d.js Show response s7.addthis.com/static/	263 KB 76 KB	10ms 9ms	Script application/javascript	104.75.88.126 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://s7.addthis.com/static/layers.fa6cd1947ce26e890d3d.js Requested by Host: s7.addthis.com URL: https://s7.addthis.com/js/300/addthis_widget.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.75.88.126 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-75-88-126.deploy.static.akamaitechnologies.com Software nginx/1.15.8 / Resource Hash 6121ca306ad1045453d52517b8f436eb5a68055c82aefa46a9a77de36996a3df Security Headers Name Value Strict-Transport-Security max-age=15724800; includeSubDomains Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers strict-transport-security max-age=15724800; includeSubDomains content-encoding gzip last-modified Mon, 26 Oct 2020 18:11:48 GMT server nginx/1.15.8 etag W/"5f971164-41cf5" vary Accept-Encoding content-type application/javascript cache-control public, max-age=86313600 date Fri, 24 Sep 2021 05:08:41 GMT x-host s7.addthis.com timing-allow-origin * content-length 77617
GET H2	200	wdayLogo.png www.grandforksherald.com/theme/images/weatherwidget/	266 KB 267 KB	114ms 112ms	Image image/png	13.225.78.15 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://www.grandforksherald.com/theme/images/weatherwidget/wdayLogo.png Requested by Host: www.grandforksherald.com URL: https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.78.15 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-78-15.fra2.r.cloudfront.net Software nginx/1.18.0 / Resource Hash 467e9cc04057d83a083af5b23317f0582a5a46245b84b767a690419722e74d7c Security Headers Name Value Content-Security-Policy frame-ancestors https://cue.forum.cue.cloud Request headers :path /theme/images/weatherwidget/wdayLogo.png pragma no-cache cookie sailthru_pageviews=1; _cb_ls=1; _gcl_au=1.1.175563507.1632460121; __adblocker=false; _ga=GA1.2.962869590.1632460121; _gid=GA1.2.1955106622.1632460121; _gat_UA-41542537-2=1; _gat_UA-778232-77=1; _dc_gtm_UA-778232-37=1; sailthru_content=90e1ff3164edaa1fc87e349cc94e0f59; sailthru_visitor=adf5dad3-ba3c-4031-aaf4-bf30b28112d7; _fbp=fb.1.1632460121391.610775530; usprivacy=1---; _cb=B-vx6HDDkjZCWOUyd; _chartbeat2=.1632460121521.1632460121521.1.B1cTnFB852ilBkU8eGDWhdDtC2hPDH.1; _cb_svref=null; __atuvc=1%7C38; __atuvs=614d5d5988ecca4a000; AWSALB=JyRCn/jhptcV4rH+PNovQNCe/OljJF4QRXdX3jhoshpMv/3P2eGVKLf4b7UdGNm0LcSG++peT6exCsC7hRQpZin01Bjz1D+A7Us865OoOVluObYUHyRavESUUQ2H; AWSALBCORS=JyRCn/jhptcV4rH+PNovQNCe/OljJF4QRXdX3jhoshpMv/3P2eGVKLf4b7UdGNm0LcSG++peT6exCsC7hRQpZin01Bjz1D+A7Us865OoOVluObYUHyRavESUUQ2H accept-encoding gzip, deflate, br accept-language de-DE,de;q=0.9 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 sec-fetch-mode no-cors accept image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8 cache-control no-cache sec-fetch-dest image :authority www.grandforksherald.com referer https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack :scheme https sec-fetch-site same-origin :method GET Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Fri, 24 Sep 2021 05:08:41 GMT via 1.1 varnish (Varnish/5.2), 1.1 6fa33d47af6f4da7007689083cfe9b9c.cloudfront.net (CloudFront) age 0 x-edge-origin-shield-skipped 0 x-cache-host Front:varnish-5bd899.forum.cue.cloud Backend:cook-7b30fa.forum.cue.cloud x-cache-backend cuefront2_nelson set-cookie AWSALB=WgUQ3yqJeBIOzLjK85jsUAjJoDEXlA0X2/dd4RXTSGM4F5WmaI4sPd3/8hm5ASPxEQ82QlJXzK6fZ0BBUFuZib4tu4TXu/PEUkeozqsN03sbW1AWTvxJVRLkFQym; Expires=Fri, 01 Oct 2021 05:08:41 GMT; Path=/ AWSALBCORS=WgUQ3yqJeBIOzLjK85jsUAjJoDEXlA0X2/dd4RXTSGM4F5WmaI4sPd3/8hm5ASPxEQ82QlJXzK6fZ0BBUFuZib4tu4TXu/PEUkeozqsN03sbW1AWTvxJVRLkFQym; Expires=Fri, 01 Oct 2021 05:08:41 GMT; Path=/; SameSite=None; Secure x-cache Miss from cloudfront content-length 272522 x-ua Amazon CloudFront last-modified Thu, 23 Sep 2021 15:05:35 GMT server nginx/1.18.0 etag "614c97bf-4288a" vary Accept-Encoding x-varnish 1148588 633444114 cache-control max-age=120, s-maxage=120 content-security-policy frame-ancestors https://cue.forum.cue.cloud x-amz-cf-pop FRA2-C2 accept-ranges bytes content-type image/png x-amz-cf-id x6rtq3yY8Lp6RVUpM0g5eiadlWjxw9AHSBS6ofor15cbkFeQdPcjlg==
GET H2	200	your-news-your-way.jpg static.forumcomm.com/images/300x50/	18 KB 18 KB	9ms 7ms	Image image/jpeg	13.224.193.88 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://static.forumcomm.com/images/300x50/your-news-your-way.jpg Requested by Host: www.grandforksherald.com URL: https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.193.88 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-193-88.fra2.r.cloudfront.net Software AmazonS3 / Resource Hash bcb63c7334a1486332adc36daf7c87aa282d1df6d4575c5e4ff0e25af0729bbd Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Thu, 23 Sep 2021 14:00:55 GMT via 1.1 29051585a13addd312c8ac9d527433c6.cloudfront.net (CloudFront) last-modified Thu, 28 Jan 2021 21:04:27 GMT server AmazonS3 age 54467 etag "61bdc5175b164005aa7d910c2a91f5c1" x-edge-origin-shield-skipped 0 content-type image/jpeg x-cache Hit from cloudfront x-amz-cf-pop FRA2-C1 accept-ranges bytes content-length 17989 x-amz-cf-id o_XuztFgnsk_TQZ5TqZLq7deeSCOG9rrHw4GptbEHp-R-5RQTPAVeQ==
GET H2	200	151.67aec2e0546e639563bb.js Show response s7.addthis.com/static/	2 KB 1 KB	9ms 8ms	Script application/javascript	104.75.88.126 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://s7.addthis.com/static/151.67aec2e0546e639563bb.js Requested by Host: s7.addthis.com URL: https://s7.addthis.com/js/300/addthis_widget.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.75.88.126 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-75-88-126.deploy.static.akamaitechnologies.com Software nginx/1.15.8 / Resource Hash e1fa72e38624f68bc2039aded02a054eead1fbf24646f4df60abcacc665a8690 Security Headers Name Value Strict-Transport-Security max-age=15724800; includeSubDomains Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers strict-transport-security max-age=15724800; includeSubDomains content-encoding gzip last-modified Mon, 26 Oct 2020 18:11:48 GMT server nginx/1.15.8 etag W/"5f971164-68f" vary Accept-Encoding content-type application/javascript cache-control public, max-age=86313600 date Fri, 24 Sep 2021 05:08:41 GMT x-host s7.addthis.com timing-allow-origin * content-length 815
POST H2	200	shares-post.json Show response api-public.addthis.com/url/serviceapi/	2 B 342 B	174ms 173ms	XHR application/json	104.75.88.126 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://api-public.addthis.com/url/serviceapi/shares-post.json?services=sFbt&url=https%3A%2F%2Fwww.grandforksherald.com%2Fbusiness%2Fagriculture%2F7208196-Minnesota-grain-handler-Crystal-Valley-Co-op-targeted-in-ransomware-attack Requested by Host: cdnjs.cloudflare.com URL: https://cdnjs.cloudflare.com/ajax/libs/rollbar.js/2.4.6/rollbar.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.75.88.126 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-75-88-126.deploy.static.akamaitechnologies.com Software nginx/1.15.8 / Resource Hash 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a Security Headers Name Value Strict-Transport-Security max-age=15724800; includeSubDomains Request headers Referer https://www.grandforksherald.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Content-type text/plain Response headers strict-transport-security max-age=15724800; includeSubDomains surrogate-key sFbt=https://www.grandforksherald.com/business/agriculture/7208196-Minnesota-grain-handler-Crystal-Valley-Co-op-targeted-in-ransomware-attack last-modified Fri, 24 Sep 2021 05:00:00 GMT server nginx/1.15.8 date Fri, 24 Sep 2021 05:08:41 GMT content-type application/json access-control-allow-origin https://www.grandforksherald.com cache-control no-transform, max-age=0, s-maxage=14400 access-control-allow-credentials true content-length 2
GET H2	200	info.json Show response www.reddit.com/api/	144 B 692 B	162ms 111ms	Script application/javascript	151.101.129.140 FASTLY
General Check archive.org Show headers Download Go to Full URL https://www.reddit.com/api/info.json?url=https%3A%2F%2Fwww.grandforksherald.com%2Fbusiness%2Fagriculture%2F7208196-Minnesota-grain-handler-Crystal-Valley-Co-op-targeted-in-ransomware-attack&jsonp=_ate.cbs.rcb_hb9r0 Requested by Host: s7.addthis.com URL: https://s7.addthis.com/js/300/addthis_widget.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.129.140 , United States, ASN54113 (FASTLY, US), Reverse DNS Software snooserv / Resource Hash ad23ed1a237b9e27da232dc0195e53fd2aee9729fa6309abd2fb69cced7be865 Security Headers Name Value Strict-Transport-Security max-age=15552000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers x-ratelimit-used 1 via 1.1 varnish x-content-type-options nosniff strict-transport-security max-age=15552000; includeSubDomains; preload content-length 144 x-xss-protection 1; mode=block x-ua-compatible IE=edge x-moose majestic x-clacks-overhead GNU Terry Pratchett server snooserv x-frame-options SAMEORIGIN date Fri, 24 Sep 2021 05:08:41 GMT x-ratelimit-remaining 299 content-type application/javascript; charset=UTF-8 access-control-allow-origin * access-control-expose-headers X-Moose cache-control private, s-maxage=0, max-age=0, must-revalidate, no-store, max-age=0, must-revalidate x-ratelimit-reset 79 accept-ranges bytes expires -1
GET H2	200	info.json Show response www.reddit.com/api/	144 B 262 B	170ms 120ms	Script application/javascript	151.101.129.140 FASTLY
General Check archive.org Show headers Download Go to Full URL https://www.reddit.com/api/info.json?url=http%3A%2F%2Fwww.grandforksherald.com%2Fbusiness%2Fagriculture%2F7208196-Minnesota-grain-handler-Crystal-Valley-Co-op-targeted-in-ransomware-attack&jsonp=_ate.cbs.rcb_54ik0 Requested by Host: s7.addthis.com URL: https://s7.addthis.com/js/300/addthis_widget.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.129.140 , United States, ASN54113 (FASTLY, US), Reverse DNS Software snooserv / Resource Hash f581e7123c09f3b0a94a7b4d15117c29411abe4a4e7646c53817992843deef4e Security Headers Name Value Strict-Transport-Security max-age=15552000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers x-ratelimit-used 2 via 1.1 varnish x-content-type-options nosniff strict-transport-security max-age=15552000; includeSubDomains; preload content-length 144 x-xss-protection 1; mode=block x-ua-compatible IE=edge x-moose majestic x-clacks-overhead GNU Terry Pratchett server snooserv x-frame-options SAMEORIGIN date Fri, 24 Sep 2021 05:08:41 GMT x-ratelimit-remaining 298 content-type application/javascript; charset=UTF-8 access-control-allow-origin * access-control-expose-headers X-Moose cache-control private, s-maxage=0, max-age=0, must-revalidate, no-store, max-age=0, must-revalidate x-ratelimit-reset 79 accept-ranges bytes expires -1
GET H2	200	authorize login.forumcomm.com/ Frame 3346	0 0	582ms 511ms	Document text/html	13.225.78.118 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://login.forumcomm.com/authorize?client_id=1AjxoS33DVsu0QTjEskvghHwMplgkaIZ&scope=openid%20profile%20email%20offline_access&response_type=code&response_mode=web_message&state=QnBHU3RsYWNVdS56TnRycXQzQ2VrbGl6Q0ZOZjdKdXZyNmFVWkpGVm9uYw%3D%3D&nonce=VmxQWH5MWDNWZkhpcGJRbDlDTX4tdTdSSUp1SEc3UmRZX3pSQm1QbDdPVQ%3D%3D&redirect_uri=https%3A%2F%2Fwww.grandforksherald.com&code_challenge=b4E9gAV8vPnQTNDGHo5HuG0VKpXklLiGCbpzANHwYfU&code_challenge_method=S256&prompt=none&auth0Client=eyJuYW1lIjoiYXV0aDAtc3BhLWpzIiwidmVyc2lvbiI6IjEuMTMuNiJ9 Requested by Host: cdn.auth0.com URL: https://cdn.auth0.com/js/auth0-spa-js/1.13.6/auth0-spa-js.production.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.78.118 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-78-118.fra2.r.cloudfront.net Software cloudflare / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff Request headers :method GET :authority login.forumcomm.com :scheme https :path /authorize?client_id=1AjxoS33DVsu0QTjEskvghHwMplgkaIZ&scope=openid%20profile%20email%20offline_access&response_type=code&response_mode=web_message&state=QnBHU3RsYWNVdS56TnRycXQzQ2VrbGl6Q0ZOZjdKdXZyNmFVWkpGVm9uYw%3D%3D&nonce=VmxQWH5MWDNWZkhpcGJRbDlDTX4tdTdSSUp1SEc3UmRZX3pSQm1QbDdPVQ%3D%3D&redirect_uri=https%3A%2F%2Fwww.grandforksherald.com&code_challenge=b4E9gAV8vPnQTNDGHo5HuG0VKpXklLiGCbpzANHwYfU&code_challenge_method=S256&prompt=none&auth0Client=eyJuYW1lIjoiYXV0aDAtc3BhLWpzIiwidmVyc2lvbiI6IjEuMTMuNiJ9 pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 accept-language de-DE,de;q=0.9 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest iframe referer https://www.grandforksherald.com/ accept-encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ Response headers content-type text/html;charset=UTF-8 date Fri, 24 Sep 2021 05:08:42 GMT cf-ray 69397f11befc4ea9-FRA cache-control no-cache, no-store set-cookie did=s%3Av0%3A7c7fac70-1cf5-11ec-bd31-9b5a70d521b3.ad%2B%2FJPELYL6Qk1PWDbD%2FIfgS0lozW1Ud2h%2FC5urrXeo; Max-Age=31557600; Path=/; Expires=Sat, 24 Sep 2022 11:08:42 GMT; HttpOnly; Secure; SameSite=None did_compat=s%3Av0%3A7c7fac70-1cf5-11ec-bd31-9b5a70d521b3.ad%2B%2FJPELYL6Qk1PWDbD%2FIfgS0lozW1Ud2h%2FC5urrXeo; Max-Age=31557600; Path=/; Expires=Sat, 24 Sep 2022 11:08:42 GMT; HttpOnly; Secure strict-transport-security max-age=31536000 cf-cache-status DYNAMIC expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" ot-baggage-auth0-request-id 69397f11befc4ea9 ot-tracer-sampled true ot-tracer-spanid 21858a0a6e79db53 ot-tracer-traceid 3c5b915018e5ad87 pragma no-cache x-auth0-requestid 909b4e4fff9c816fd4fc x-content-type-options nosniff x-ratelimit-limit 1000 x-ratelimit-remaining 999 x-ratelimit-reset 1632460123 server cloudflare content-encoding gzip x-edge-origin-shield-skipped 0 vary Accept-Encoding x-cache Miss from cloudfront via 1.1 27f665df26bde4a7226480b4a2890ff9.cloudfront.net (CloudFront) x-amz-cf-pop FRA2-C2 x-amz-cf-id qWxOXHs0_0os7EEYV4oYPNxUsIZrz-xH2iauNzF92OhCPBkvrPj_VQ==
GET H2	200	Paap%2C%20Kevin.jpg www.agweek.com/incoming/6925622-557xqg-Paap-Kevin.jpg/alternates/BASE_LANDSCAPE/	66 KB 67 KB	33ms 9ms	Image image/jpeg	13.225.78.15 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://www.agweek.com/incoming/6925622-557xqg-Paap-Kevin.jpg/alternates/BASE_LANDSCAPE/Paap%2C%20Kevin.jpg Requested by Host: www.grandforksherald.com URL: https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.78.15 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-78-15.fra2.r.cloudfront.net Software nginx/1.18.0 / Resource Hash 03d6e77ce1c0237089fb26d66e3b585f91c14239a4de05a380b845c18120d2fc Security Headers Name Value Content-Security-Policy frame-ancestors https://cue.forum.cue.cloud Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Fri, 24 Sep 2021 03:54:22 GMT via 1.1 varnish (Varnish/5.2), 1.1 6fa33d47af6f4da7007689083cfe9b9c.cloudfront.net (CloudFront) age 4459 x-edge-origin-shield-skipped 0 x-cache-host Front:varnish-5bd899.forum.cue.cloud Backend:cook-60712d.forum.cue.cloud x-cache-backend cuefront2_nelson x-cache Hit from cloudfront content-length 67266 x-ua Amazon CloudFront last-modified Thu, 23 Sep 2021 21:55:20 GMT server nginx/1.18.0 etag "1632445348.6186728-67266-4241365163" vary Accept-Encoding x-varnish 401154, 639632482 x-request-id 6971f89f-c201-47a7-8b90-10d383d77e45 cache-control max-age=7200, s-maxage=7200 content-security-policy frame-ancestors https://cue.forum.cue.cloud x-amz-cf-pop FRA2-C2 accept-ranges bytes content-type image/jpeg x-amz-cf-id Sc4LTsL5XeCbJDfB4rcTOlxcMFVaIFR8xo05s_9av3VyyDVMnooUng== expires Fri, 24 Sep 2021 15:54:22 GMT
POST H3	200	/ Show response www.facebook.com/tr/ Frame 4780	0 15 B	7ms 7ms	Document text/plain	157.240.236.35 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://www.facebook.com/tr/ Requested by Host: www.grandforksherald.com URL: https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack Protocol H3 Security QUIC, , AES_128_GCM Server 157.240.236.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS edge-star-mini-shv-02-frx5.facebook.com Software proxygen-bolt / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers :method POST :authority www.facebook.com :scheme https :path /tr/ content-length 6840 pragma no-cache cache-control no-cache upgrade-insecure-requests 1 origin https://www.grandforksherald.com content-type application/x-www-form-urlencoded user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 accept-language de-DE,de;q=0.9 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest iframe referer https://www.grandforksherald.com/ accept-encoding gzip, deflate, br Upgrade-Insecure-Requests 1 Origin https://www.grandforksherald.com Content-Type application/x-www-form-urlencoded User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ Response headers content-type text/plain access-control-allow-origin https://www.grandforksherald.com access-control-allow-credentials true strict-transport-security max-age=31536000; includeSubDomains cross-origin-resource-policy cross-origin content-length 0 server proxygen-bolt alt-svc h3=":443"; ma=3600, h3-29=":443"; ma=3600,h3-27=":443"; ma=3600 priority u=3,i date Fri, 24 Sep 2021 05:08:41 GMT
GET H/1.1	200 OK	friends2follow_socialstack_v2.min.css forumcomm.friends2follow.com/sites/all/modules/friends2follow/dist/ Frame 9A62	71 KB 10 KB	106ms 106ms	Stylesheet text/css	35.174.182.213 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://forumcomm.friends2follow.com/sites/all/modules/friends2follow/dist/friends2follow_socialstack_v2.min.css?v=20210819 Requested by Host: forumcomm.friends2follow.com URL: https://forumcomm.friends2follow.com/f2f/widget/html/socialstack/89/0/12/140/1/1/1/9/9/1 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 35.174.182.213 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-35-174-182-213.compute-1.amazonaws.com Software Apache / Resource Hash 88d6326963e31ad6b939b8543439030fc30aa4cac826e51127012909f3700828 Security Headers Name Value X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://forumcomm.friends2follow.com/f2f/widget/html/socialstack/89/0/12/140/1/1/1/9/9/1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers X-Varnish-Cache HIT Date Fri, 24 Sep 2021 05:08:41 GMT Content-Encoding gzip X-Content-Type-Options nosniff Age 127 Connection keep-alive Content-Length 10174 Last-Modified Fri, 20 Aug 2021 20:39:32 GMT Server Apache Vary Accept-Encoding X-Varnish 586513912 586509288 Via 1.1 varnish Cache-Control max-age=1209600 Accept-Ranges bytes Content-Type text/css Expires Fri, 08 Oct 2021 05:06:34 GMT
GET H3	200	css fonts.googleapis.com/ Frame 9A62	5 KB 659 B	29ms 15ms	Stylesheet text/css	142.250.186.138 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Open+Sans:400,700 Requested by Host: forumcomm.friends2follow.com URL: https://forumcomm.friends2follow.com/f2f/widget/html/socialstack/89/0/12/140/1/1/1/9/9/1 Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.186.138 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s07-in-f10.1e100.net Software ESF / Resource Hash 357abb4b6b6c077e1285a2c8b2d2e03c268a0ef223062782d094728b85cd2f6c Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://forumcomm.friends2follow.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers strict-transport-security max-age=31536000 content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" x-xss-protection 0 last-modified Fri, 24 Sep 2021 03:48:57 GMT server ESF date Fri, 24 Sep 2021 05:08:41 GMT x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Fri, 24 Sep 2021 05:08:41 GMT
GET H/1.1	200 OK	jquery.min.js Show response forumcomm.friends2follow.com/sites/all/modules/friends2follow/dist/ Frame 9A62	91 KB 33 KB	213ms 106ms	Script application/javascript	35.174.182.213 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://forumcomm.friends2follow.com/sites/all/modules/friends2follow/dist/jquery.min.js?v=20210819 Requested by Host: forumcomm.friends2follow.com URL: https://forumcomm.friends2follow.com/f2f/widget/html/socialstack/89/0/12/140/1/1/1/9/9/1 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 35.174.182.213 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-35-174-182-213.compute-1.amazonaws.com Software Apache / Resource Hash de71fa7acfd31b2b19a4ee556a3772b9c6fe285606ba65830037a3e0670c3bd5 Security Headers Name Value X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://forumcomm.friends2follow.com/f2f/widget/html/socialstack/89/0/12/140/1/1/1/9/9/1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers X-Varnish-Cache HIT Date Fri, 24 Sep 2021 05:08:42 GMT Content-Encoding gzip X-Content-Type-Options nosniff Age 159 Connection keep-alive Content-Length 33080 Last-Modified Sat, 26 May 2018 17:40:47 GMT Server Apache Vary Accept-Encoding X-Varnish 932069154 932062769 Via 1.1 varnish Cache-Control max-age=1209600 Accept-Ranges bytes Content-Type application/javascript Expires Fri, 08 Oct 2021 05:06:03 GMT
GET H/1.1	200 OK	friends2follow_tracking.min.js Show response tracking.friends2follow.com/sites/all/modules/friends2follow/dist/ Frame 9A62	6 KB 2 KB	407ms 97ms	Script application/javascript	52.6.83.111 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://tracking.friends2follow.com/sites/all/modules/friends2follow/dist/friends2follow_tracking.min.js?v=20210819 Requested by Host: forumcomm.friends2follow.com URL: https://forumcomm.friends2follow.com/f2f/widget/html/socialstack/89/0/12/140/1/1/1/9/9/1 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.6.83.111 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-52-6-83-111.compute-1.amazonaws.com Software Apache / Resource Hash f43581454cc4d007baf49f3103c8b754302a7ce5a097f1ef6648a7d1fab3d73e Security Headers Name Value X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://forumcomm.friends2follow.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers X-Varnish-Cache HIT Date Fri, 24 Sep 2021 05:08:42 GMT Content-Encoding gzip X-Content-Type-Options nosniff Age 84 Connection keep-alive Content-Length 1605 Last-Modified Fri, 20 Aug 2021 20:39:32 GMT Server Apache Vary Accept-Encoding X-Varnish 932069163 932066290 Via 1.1 varnish Cache-Control max-age=1209600 Accept-Ranges bytes Content-Type application/javascript Expires Fri, 08 Oct 2021 05:07:18 GMT
GET H/1.1	200 OK	friends2follow_antifraud.min.js Show response antifraudjs.friends2follow.com/sites/all/modules/friends2follow/dist/ Frame 9A62	35 KB 11 KB	408ms 98ms	Script application/javascript	52.6.83.111 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://antifraudjs.friends2follow.com/sites/all/modules/friends2follow/dist/friends2follow_antifraud.min.js?v=20210819 Requested by Host: forumcomm.friends2follow.com URL: https://forumcomm.friends2follow.com/f2f/widget/html/socialstack/89/0/12/140/1/1/1/9/9/1 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.6.83.111 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-52-6-83-111.compute-1.amazonaws.com Software Apache / Resource Hash 35344c8fadf8cc7e65b9adc5e6f8a6ebaa48548dc006d8066052775b3e209310 Security Headers Name Value X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://forumcomm.friends2follow.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers X-Varnish-Cache HIT Date Fri, 24 Sep 2021 05:08:42 GMT Content-Encoding gzip X-Content-Type-Options nosniff Age 63 Connection keep-alive Content-Length 10755 Last-Modified Thu, 26 Dec 2019 16:40:28 GMT Server Apache Vary Accept-Encoding X-Varnish 586513930 586511519 Via 1.1 varnish Cache-Control max-age=1209600 Accept-Ranges bytes Content-Type application/javascript Expires Fri, 08 Oct 2021 05:07:39 GMT
GET H/1.1	200 OK	friends2follow_socialstack.min.js Show response forumcomm.friends2follow.com/sites/all/modules/friends2follow/dist/ Frame 9A62	96 KB 31 KB	386ms 193ms	Script application/javascript	35.174.182.213 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://forumcomm.friends2follow.com/sites/all/modules/friends2follow/dist/friends2follow_socialstack.min.js?v=20210819 Requested by Host: forumcomm.friends2follow.com URL: https://forumcomm.friends2follow.com/f2f/widget/html/socialstack/89/0/12/140/1/1/1/9/9/1 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 35.174.182.213 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-35-174-182-213.compute-1.amazonaws.com Software Apache / Resource Hash c72048d0852c015fe512c31a836d82eb13b539fd1e37e00400312ea330f5e39a Security Headers Name Value X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://forumcomm.friends2follow.com/f2f/widget/html/socialstack/89/0/12/140/1/1/1/9/9/1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers X-Varnish-Cache HIT Date Fri, 24 Sep 2021 05:08:42 GMT Content-Encoding gzip X-Content-Type-Options nosniff Age 542 Connection keep-alive Content-Length 31132 Last-Modified Fri, 20 Aug 2021 20:39:32 GMT Server Apache Vary Accept-Encoding X-Varnish 932069159 932046669 Via 1.1 varnish Cache-Control max-age=1209600 Accept-Ranges bytes Content-Type application/javascript Expires Fri, 08 Oct 2021 04:59:39 GMT
GET DATA	200 OK	truncated / Frame 9A62	825 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 7948356110204534d1413a0b11a2e836c2870816afe2caab685a9cd26fa5f65b Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated / Frame 9A62	89 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 5665f8390a5ed541cbfd66da58c3212dd18a200dc62a0bd6096e9d9cfd3da9c7 Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated / Frame 9A62	107 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash adddf67e951bdd862698d47b291241fe2c63ab0831647afb27d20eb7cc0eaa29 Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated / Frame 9A62	346 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash cea9a67c3e951c461bf604b9e4c4e274a15621610d9d84dc0c50804539de619d Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated / Frame 9A62	791 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash a55d7b3b44ad4721b460b2b22e79b353f5a861d86b6817ce9d629e607c83f7a0 Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated / Frame 9A62	851 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 3c27f83815ee5e82d069d97beb8e40ce3add52e98311b54736ec1ecbf839a8fe Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated / Frame 9A62	109 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash ec75f5f81f8d9976ae985ba86f53f9a069e44f1ee66bc3595f97801abf582b3f Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated / Frame 9A62	568 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 45ff09e3928a9fddfaf53f7f4f94732d324eda50d98874da50f3cd452409d22a Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated / Frame 9A62	112 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 7ec59858d23a7dac43ae8db561df5e36d359a2d11b5f65ad043500d6830fced8 Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Content-Type image/png
POST H3	200	/ Show response www.facebook.com/tr/ Frame DA9D	0 15 B	8ms 7ms	Document text/plain	157.240.236.35 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://www.facebook.com/tr/ Requested by Host: www.grandforksherald.com URL: https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack Protocol H3 Security QUIC, , AES_128_GCM Server 157.240.236.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS edge-star-mini-shv-02-frx5.facebook.com Software proxygen-bolt / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers :method POST :authority www.facebook.com :scheme https :path /tr/ content-length 6839 pragma no-cache cache-control no-cache upgrade-insecure-requests 1 origin https://www.grandforksherald.com content-type application/x-www-form-urlencoded user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 accept-language de-DE,de;q=0.9 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest iframe referer https://www.grandforksherald.com/ accept-encoding gzip, deflate, br Upgrade-Insecure-Requests 1 Origin https://www.grandforksherald.com Content-Type application/x-www-form-urlencoded User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ Response headers content-type text/plain access-control-allow-origin https://www.grandforksherald.com access-control-allow-credentials true strict-transport-security max-age=31536000; includeSubDomains cross-origin-resource-policy cross-origin content-length 0 server proxygen-bolt alt-svc h3=":443"; ma=3600, h3-29=":443"; ma=3600,h3-27=":443"; ma=3600 priority u=3,i date Fri, 24 Sep 2021 05:08:41 GMT
GET H3	200	memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 fonts.gstatic.com/s/opensans/v26/ Frame 9A62	44 KB 44 KB	8ms 8ms	Font font/woff2	172.217.23.99 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/opensans/v26/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Open+Sans:400,700 Protocol H3 Security QUIC, , AES_128_GCM Server 172.217.23.99 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s45-in-f3.1e100.net Software sffe / Resource Hash 538dd4ff6e384a44155168326ac40a6c20a93cd212b1fbf88ae7b0c44f9ab0bd Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://forumcomm.friends2follow.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Thu, 23 Sep 2021 17:04:31 GMT x-content-type-options nosniff age 43451 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 44760 x-xss-protection 0 last-modified Thu, 23 Sep 2021 16:50:17 GMT server sffe report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="apps-themes" expires Fri, 23 Sep 2022 17:04:31 GMT
GET H/1.1	200 OK	social.woff2 forumcomm.friends2follow.com/sites/all/modules/friends2follow/font/ Frame 9A62	5 KB 6 KB	169ms 97ms	Font text/plain	35.174.182.213 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://forumcomm.friends2follow.com/sites/all/modules/friends2follow/font/social.woff2?49894406 Requested by Host: forumcomm.friends2follow.com URL: https://forumcomm.friends2follow.com/sites/all/modules/friends2follow/dist/friends2follow_socialstack_v2.min.css?v=20210819 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 35.174.182.213 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-35-174-182-213.compute-1.amazonaws.com Software Apache / Resource Hash 3ebd026647714647aaa1e9ce958a12670dee2ff940ac4b334d2d718f780400bf Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://forumcomm.friends2follow.com/sites/all/modules/friends2follow/dist/friends2follow_socialstack_v2.min.css?v=20210819 Origin https://forumcomm.friends2follow.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers X-Varnish-Cache MISS Date Fri, 24 Sep 2021 05:08:42 GMT Via 1.1 varnish X-Content-Type-Options nosniff Last-Modified Fri, 14 Feb 2020 20:14:31 GMT Server Apache Age 0 X-Varnish 586513923 Access-Control-Allow-Origin * Cache-Control max-age=1209600 Connection keep-alive Accept-Ranges bytes, bytes Content-Length 5316 Expires Fri, 08 Oct 2021 05:08:42 GMT
GET H3	200	integrator.js Show response adservice.google.com/adsid/	107 B 122 B	17ms 16ms	Script application/javascript	142.250.186.66 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://adservice.google.com/adsid/integrator.js?domain=www.grandforksherald.com Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021092101.js?31062914 Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.186.66 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s05-in-f2.1e100.net Software cafe / Resource Hash a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers timing-allow-origin * date Fri, 24 Sep 2021 05:08:42 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info." cache-control private, no-cache, no-store cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type application/javascript; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 100 x-xss-protection 0
GET H3	200	ads Show response securepubads.g.doubleclick.net/gampad/	16 KB 8 KB	214ms 214ms	XHR text/plain	142.250.184.194 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2662016907880576&correlator=3556096208985840&output=ldjh&impl=fifs&hxva=1&scor=3446825522224359&eid=31062536%2C31062914%2C44750532&vrg=2021092101&ptt=17&us_privacy=1---&sc=1&sfv=1-0-38&ecs=20210924&iu_parts=7021%2Ccue_sites%2Cbusiness%2Cagriculture&enc_prev_ius=%2F0%2F1%2F2%2F3&prev_iu_szs=980x330%7C728x90%7C960x200%7C930x180%7C970x90%7C970x250%7C970x66%7C980x120&prev_scp=kw%3DAGRICULTURE%2CAgweek%2CCRYSTAL%2520VALLEY%2520COOPERATIVE%2CRansomware%2Cgrandforksherald%26position%3Dbanner-1%26amznbid%3D2%26amznp%3D2%26hb_format_appnexus%3Dbanner%26hb_source_appnexus%3Dclient%26hb_size_appnexus%3D728x90%26hb_pb_appnexus%3D0.01%26hb_adid_appnexus%3D49eb951d0b48732%26hb_bidder_appnexus%3Dappnexus%26hb_format%3Dbanner%26hb_source%3Dclient%26hb_size%3D728x90%26hb_pb%3D0.01%26hb_adid%3D49eb951d0b48732%26hb_bidder%3Dappnexus&eri=1&cookie=ID%3D536e5f81fa5be873%3AT%3D1632460121%3AS%3DALNI_MZxewSZCtHNiHu3kJkdxcj3ygRSdA&bc=31&abxe=1&lmt=1632434144&dt=1632460122118&dlt=1632460120054&idt=531&frm=20&biw=1600&bih=1200&oid=3&adxs=335&adys=406&adks=2570968063&ucis=3&ifi=3&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.grandforksherald.com%2Fbusiness%2Fagriculture%2F7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1230x0&msz=980x0&psts=AGkb-H_7__sSfHRESqFR1-WVaaTe1wxNyqgyYDw2srxPkgvWfQCgglUC-A%2CAGkb-H9BW1rv29HXj-8umfgnHq0eA9xQx4feneNZZs72_9tJHWwzywzBEg&ga_vid=962869590.1632460121&ga_sid=1632460122&ga_hid=2088399970&ga_fc=false&fws=132&ohw=1600&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0. Requested by Host: cdnjs.cloudflare.com URL: https://cdnjs.cloudflare.com/ajax/libs/rollbar.js/2.4.6/rollbar.min.js Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.184.194 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s11-in-f2.1e100.net Software cafe / Resource Hash b5248080307c62af4fb336b115a35030c69805d15596965b31f5223b4d46af90 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Fri, 24 Sep 2021 05:08:42 GMT content-encoding br x-content-type-options nosniff google-mediationgroup-id -2 p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 7673 x-xss-protection 0 google-lineitem-id 5578280524 pragma no-cache server cafe google-mediationtag-id -2 google-creative-id 138335800017 content-type text/plain; charset=UTF-8 access-control-allow-origin https://www.grandforksherald.com cache-control no-cache, must-revalidate access-control-allow-credentials true timing-allow-origin * expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	ads Show response securepubads.g.doubleclick.net/gampad/	16 KB 8 KB	234ms 233ms	XHR text/plain	142.250.184.194 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2662016907880576&correlator=2041355193019149&output=ldjh&impl=fifs&hxva=1&scor=3446825522224359&eid=31062536%2C31062914%2C44750532&vrg=2021092101&ptt=17&us_privacy=1---&sc=1&sfv=1-0-38&ecs=20210924&iu_parts=7021%2Ccue_sites%2Cbusiness%2Cagriculture&enc_prev_ius=%2F0%2F1%2F2%2F3&prev_iu_szs=728x90&prev_scp=kw%3DAGRICULTURE%2CAgweek%2CCRYSTAL%2520VALLEY%2520COOPERATIVE%2CRansomware%2Cgrandforksherald%26position%3Din-article%26amznbid%3D2%26amznp%3D2%26hb_format_onemobile%3Dbanner%26hb_source_onemobile%3Dclient%26hb_size_onemobile%3D728x90%26hb_pb_onemobile%3D0.01%26hb_adid_onemobile%3D51620ef689ad74d%26hb_bidder_onemobile%3Donemobile%26hb_format_appnexus%3Dbanner%26hb_source_appnexus%3Dclient%26hb_size_appnexus%3D728x90%26hb_pb_appnexus%3D0.01%26hb_adid_appnexus%3D508e8be4ef88b2%26hb_bidder_appnexus%3Dappnexus%26hb_format%3Dbanner%26hb_source%3Dclient%26hb_size%3D728x90%26hb_pb%3D0.01%26hb_adid%3D51620ef689ad74d%26hb_bidder%3Donemobile&eri=1&cookie=ID%3D536e5f81fa5be873%3AT%3D1632460121%3AS%3DALNI_MZxewSZCtHNiHu3kJkdxcj3ygRSdA&bc=31&abxe=1&lmt=1632434144&dt=1632460122129&dlt=1632460120054&idt=531&frm=20&biw=1600&bih=1200&oid=3&adxs=376&adys=1694&adks=1426787701&ucis=4&ifi=4&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.grandforksherald.com%2Fbusiness%2Fagriculture%2F7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack&vis=1&dmc=8&scr_x=0&scr_y=0&psz=0x0&msz=728x0&psts=AGkb-H_7__sSfHRESqFR1-WVaaTe1wxNyqgyYDw2srxPkgvWfQCgglUC-A%2CAGkb-H9BW1rv29HXj-8umfgnHq0eA9xQx4feneNZZs72_9tJHWwzywzBEg&ga_vid=962869590.1632460121&ga_sid=1632460122&ga_hid=2088399970&ga_fc=false&fws=132&ohw=1600&btvi=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0. Requested by Host: cdnjs.cloudflare.com URL: https://cdnjs.cloudflare.com/ajax/libs/rollbar.js/2.4.6/rollbar.min.js Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.184.194 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s11-in-f2.1e100.net Software cafe / Resource Hash 9f17df86f46342f3085b755602c8fe184109c52729923c405ce8ad71cc229f6f Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Fri, 24 Sep 2021 05:08:42 GMT content-encoding br x-content-type-options nosniff google-mediationgroup-id -2 p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 7668 x-xss-protection 0 google-lineitem-id 5578280524 pragma no-cache server cafe google-mediationtag-id -2 google-creative-id 138335733707 content-type text/plain; charset=UTF-8 access-control-allow-origin https://www.grandforksherald.com cache-control no-cache, must-revalidate access-control-allow-credentials true timing-allow-origin * expires Fri, 01 Jan 1990 00:00:00 GMT
GET		friends2follow_socialstack_on_init.min.js forumcomm.friends2follow.com/sites/all/modules/friends2follow/dist/ Frame 9A62	0 0
GET		1f4a5.png twemoji.maxcdn.com/36x36/ Frame 9A62	0 0
GET		1f4e3.png twemoji.maxcdn.com/36x36/ Frame 9A62	0 0
GET		2705.png twemoji.maxcdn.com/36x36/ Frame 9A62	0 0
GET		1f3a8.png twemoji.maxcdn.com/36x36/ Frame 9A62	0 0
GET		2702.png twemoji.maxcdn.com/36x36/ Frame 9A62	0 0
GET		2728.png twemoji.maxcdn.com/36x36/ Frame 9A62	0 0
GET		1f60d.png twemoji.maxcdn.com/36x36/ Frame 9A62	0 0
GET		1f378.png twemoji.maxcdn.com/36x36/ Frame 9A62	0 0
GET		1f389.png twemoji.maxcdn.com/36x36/ Frame 9A62	0 0
GET		1f379.png twemoji.maxcdn.com/36x36/ Frame 9A62	0 0
GET		1f357.png twemoji.maxcdn.com/36x36/ Frame 9A62	0 0
GET		1f355.png twemoji.maxcdn.com/36x36/ Frame 9A62	0 0
GET		26a1.png twemoji.maxcdn.com/36x36/ Frame 9A62	0 0
GET H3	200	view securepubads.g.doubleclick.net/pcs/	0 0	29ms 29ms	Fetch image/gif	142.250.184.194 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstXw5cQXfX1uQV3-xY9p1aclANMci82i_7KuaDsRXYT_5gNdwqaZSws3f7nYCyht8_n95nsCeCqLIlmp1kIHCAGuq7SPA75JTzJMNFbWD0fEM8-9CXqTQdFFS7XRNdEaD8cSY69zF3832aYzCQmaAPlUWwtW7i-YWTLhHzzBbjtyBpNKlq4Q-H7Xj0tPgWaSBJmLSGku8n40qtqg_pwgDLVtCS6JRk6zgN8x7_IK5BjEqVr9fwYsXnU0_y2EWoIo4UAo7dEmX7IybYyLMK_uH4r1_jOeFcxt10-ZuULJIfAFU01cbOiIebalqAPD9YNR-ZF0Aq7dAD8hxyYsJwCP0MYJHE&sig=Cg0ArKJSzH_CZhQIGzfvEAE&urlfix=1&adurl= Requested by Host: cdnjs.cloudflare.com URL: https://cdnjs.cloudflare.com/ajax/libs/rollbar.js/2.4.6/rollbar.min.js Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.184.194 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s11-in-f2.1e100.net Software cafe / Resource Hash Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers timing-allow-origin * date Fri, 24 Sep 2021 05:08:42 GMT x-content-type-options nosniff accept-ch Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" access-control-allow-origin * cache-control private cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 x-xss-protection 0 server cafe
GET H2	200	index.js Show response cdn1.opstag.com/13675/	12 KB 5 KB	56ms 11ms	Script application/javascript	13.224.193.39 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cdn1.opstag.com/13675/index.js Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021092101.js?31062914 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.193.39 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-193-39.fra2.r.cloudfront.net Software AmazonS3 / Resource Hash eecc861eea616ebba842f3542efd79edd68d088b2dfac4329c9fa0798fa600b8 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Fri, 24 Sep 2021 05:08:42 GMT content-encoding gzip last-modified Mon, 20 Sep 2021 10:42:09 GMT server AmazonS3 x-edge-origin-shield-skipped 0 etag "3d16e229ab8d20198672f8daf2bc44cd" x-cache Hit from cloudfront content-type application/javascript via 1.1 24c299c0a6423c6f96984a85fb014109.cloudfront.net (CloudFront) x-amz-cf-pop FRA2-C1 accept-ranges bytes content-length 4906 x-amz-cf-id 2PmJjSiXGpVSAOHf_nSTknp2Rwyfdif_GpCIO3WxJrhokRKHjUiPLA==
GET H3	200	rx_lidar.js Show response www.googletagservices.com/activeview/js/current/	128 KB 39 KB	30ms 15ms	Script text/javascript	142.250.186.98 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914 Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021092101.js?31062914 Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.186.98 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s06-in-f2.1e100.net Software sffe / Resource Hash c2918d0edea50f453e2143087cb6f5b232a6fef8b687e228496629f0739fc809 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://www.grandforksherald.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" Response headers date Fri, 24 Sep 2021 05:08:42 GMT content-encoding gzip x-content-type-options nosniff content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 39662 x-xss-protection 0 server sffe etag "1632310973010379" vary Accept-Encoding report-to {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]} content-type text/javascript cache-control private, max-age=3000 accept-ranges bytes cross-origin-opener-policy-report-only same-origin; report-to="active-view-scs-read-write-acl" expires Fri, 24 Sep 2021 05:08:42 GMT
GET H3	200	osd.js Show response www.googletagservices.com/activeview/js/current/	72 KB 27 KB	41ms 29ms	Script text/javascript	142.250.186.98 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagservices.com/activeview/js/current/osd.js Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021092101.js?31062914 Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.186.98 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s06-in-f2.1e100.net Software sffe / Resource Hash 3a7ad5974f3d165d1a83149795afe792e241b0e6a41078c6e14bcecc5449934e Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Fri, 24 Sep 2021 05:08:42 GMT content-encoding gzip x-content-type-options nosniff content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 27652 x-xss-protection 0 server sffe etag "1632310961004595" vary Accept-Encoding report-to {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]} content-type text/javascript cache-control private, max-age=3000 accept-ranges bytes cross-origin-opener-policy-report-only same-origin; report-to="active-view-scs-read-write-acl" expires Fri, 24 Sep 2021 05:08:42 GMT
GET DATA	200 OK	truncated /	214 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 36bac6e4e106ca8d398d2bd87fe4409f372523a9bd23972465595cb264fa590b Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Content-Type image/png
GET H2	200	prebid.js Show response cdn1.opstag.com/13675/ Frame CF48	300 KB 94 KB	392ms 392ms	Script application/javascript	13.224.193.39 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cdn1.opstag.com/13675/prebid.js Requested by Host: cdn1.opstag.com URL: https://cdn1.opstag.com/13675/index.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.193.39 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-193-39.fra2.r.cloudfront.net Software AmazonS3 / Resource Hash 2d4f138449904b48c46331df11a06c545b84b874e98346144f018218ede8b660 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Fri, 24 Sep 2021 05:08:43 GMT content-encoding gzip last-modified Mon, 20 Sep 2021 10:42:09 GMT server AmazonS3 x-edge-origin-shield-skipped 0 etag "93002eb44c9109ad77d52087c9a26f5f" x-cache RefreshHit from cloudfront content-type application/javascript via 1.1 24c299c0a6423c6f96984a85fb014109.cloudfront.net (CloudFront) x-amz-cf-pop FRA2-C1 accept-ranges bytes content-length 95598 x-amz-cf-id GWCLTUfx1QLH779KGst8yVDyXDWgQQqE_xDeGZDOjlSnrMSk6xCulg==
GET H2	200	pwt.js Show response ads.pubmatic.com/AdServer/js/pwt/157898/3581/ Frame CF48	162 KB 53 KB	67ms 12ms	Script text/javascript	2.18.233.180 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://ads.pubmatic.com/AdServer/js/pwt/157898/3581/pwt.js Requested by Host: www.grandforksherald.com URL: https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a2-18-233-180.deploy.static.akamaitechnologies.com Software Apache/2.2.15 (CentOS) / Resource Hash 72b344244c3c4d428c9a24c657d0407cf14514ae8c3e774a4370ee2ec38202e3 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Fri, 24 Sep 2021 05:08:42 GMT content-encoding gzip last-modified Mon, 26 Apr 2021 15:31:20 GMT server Apache/2.2.15 (CentOS) etag "1421bfb-2884d-5c0e1d65d8e87" vary Accept-Encoding p3p CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC" cache-control public, max-age=97093 accept-ranges bytes content-type text/javascript content-length 53257 expires Sat, 25 Sep 2021 08:06:55 GMT
GET H/1.1	200 OK	config.js Show response confiant-integrations.global.ssl.fastly.net/TmbDn9EgxmQToWId4cuWAYMgK68/gpt_and_prebid/ Frame CF48	65 KB 16 KB	8ms 8ms	Script text/javascript	151.101.129.194 FASTLY
General Check archive.org Show headers Download Go to Full URL https://confiant-integrations.global.ssl.fastly.net/TmbDn9EgxmQToWId4cuWAYMgK68/gpt_and_prebid/config.js Requested by Host: cdn1.opstag.com URL: https://cdn1.opstag.com/13675/index.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.129.194 , United States, ASN54113 (FASTLY, US), Reverse DNS Software AmazonS3 / Resource Hash b0c0c740b9408cb76bb33456e30f9847d286684e6c18765df84c3632064eead3 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Date Fri, 24 Sep 2021 05:08:42 GMT Content-Encoding gzip Age 2032 X-Cache HIT Connection keep-alive Content-Length 15619 x-amz-id-2 q1TvQtfKqhbjfDGB7V6YRZKil5Dk2MP/pSTE9+o1QlcfijDe6d3u3wOvjHJqXyXtIW93r9AX98Y= X-Served-By cache-hhn4075-HHN Last-Modified Fri, 24 Sep 2021 03:07:43 GMT Server AmazonS3 X-Timer S1632460123.569735,VS0,VE1 ETag "71474c3a39281d57ab4df59b727b072a" x-amz-request-id 443XCBXXXT99SS1C Via 1.1 varnish Cache-Control public, max-age=900, stale-while-revalidate=3600 Accept-Ranges bytes Content-Type text/javascript X-Cache-Hits 1
GET H2	200	placement.js Show response cdn1.opstag.com/13675/ Frame CF48	19 KB 6 KB	15ms 15ms	Script application/javascript	13.224.193.39 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cdn1.opstag.com/13675/placement.js?cb=1632460122565 Requested by Host: cdn1.opstag.com URL: https://cdn1.opstag.com/13675/index.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.193.39 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-193-39.fra2.r.cloudfront.net Software AmazonS3 / Resource Hash ee77003c9eb64cb4fec83e4059d011c973eb1c8c3520cfae72978b040ba6c06a Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Fri, 24 Sep 2021 05:08:42 GMT content-encoding gzip last-modified Mon, 20 Sep 2021 10:42:09 GMT server AmazonS3 x-edge-origin-shield-skipped 0 etag "13669e710ca42535a5f4242cb51c7c99" x-cache Hit from cloudfront content-type application/javascript via 1.1 24c299c0a6423c6f96984a85fb014109.cloudfront.net (CloudFront) x-amz-cf-pop FRA2-C1 accept-ranges bytes content-length 6057 x-amz-cf-id IHFfskfdOfcUcNxBkcutJdnPuAecoq8z_uvqvykaD4cUvesFPfm8hA==
GET H3	200	ad pubads.g.doubleclick.net/gampad/ Redirect Chain https://pubads.g.doubleclick.net/gampad/ad?iu=/8570/forumcommunications/forumcommunications-13675-728x90-activefill-desktop-pixel&sz=1x1&t=&c=5568377717 https://pubads.g.doubleclick.net/gampad/ad?iu=/8570/forumcommunications/forumcommunications-13675-728x90-activefill-desktop-pixel&sz=1x1&t=&c=5568377717&pre=1	42 B 65 B	41ms 40ms	Image image/gif	142.250.181.226 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://pubads.g.doubleclick.net/gampad/ad?iu=/8570/forumcommunications/forumcommunications-13675-728x90-activefill-desktop-pixel&sz=1x1&t=&c=5568377717&pre=1 Requested by Host: www.grandforksherald.com URL: https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.181.226 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s56-in-f2.1e100.net Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers pragma no-cache date Fri, 24 Sep 2021 05:08:42 GMT x-content-type-options nosniff server cafe timing-allow-origin * google-creative-id -2 p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" expires Fri, 01 Jan 1990 00:00:00 GMT cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 google-lineitem-id -2 Redirect headers timing-allow-origin * date Fri, 24 Sep 2021 05:08:42 GMT x-content-type-options nosniff server cafe p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" location https://pubads.g.doubleclick.net/gampad/ad?iu=/8570/forumcommunications/forumcommunications-13675-728x90-activefill-desktop-pixel&sz=1x1&t=&c=5568377717&pre=1 cross-origin-resource-policy cross-origin follow-only-when-prerender-shown 1 content-type text/html; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 x-xss-protection 0
GET H/1.1	200 OK	wrap.js Show response confiant-integrations.global.ssl.fastly.net/gptprebidnative/202109231016/ Frame CF48	179 KB 58 KB	7ms 6ms	Script application/javascript	151.101.129.194 FASTLY
General Check archive.org Show headers Download Go to Full URL https://confiant-integrations.global.ssl.fastly.net/gptprebidnative/202109231016/wrap.js Requested by Host: confiant-integrations.global.ssl.fastly.net URL: https://confiant-integrations.global.ssl.fastly.net/TmbDn9EgxmQToWId4cuWAYMgK68/gpt_and_prebid/config.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.129.194 , United States, ASN54113 (FASTLY, US), Reverse DNS Software AmazonS3 / Resource Hash 4c91dad330c16c5895489912b1136b4b330ff386868edce1e5c7852913274be9 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Date Fri, 24 Sep 2021 05:08:42 GMT Content-Encoding gzip Age 717 X-Cache HIT Connection keep-alive Content-Length 58483 x-amz-id-2 aalZMYuCBQQYsQa+YQ0baTyLECPI1sldcw6cS87AgX3p0KOwkzpvfvGPecSoe8n1VU3r2Ek51Fg= X-Served-By cache-hhn4075-HHN Last-Modified Thu, 23 Sep 2021 14:17:45 GMT Server AmazonS3 X-Timer S1632460123.594844,VS0,VE0 ETag "4a36118c85e655f97fa047933325892e" x-amz-request-id 9B90X8ZS47YKQ4JA Via 1.1 varnish Cache-Control public, max-age=31536000 Accept-Ranges bytes Content-Type application/javascript; charset=utf-8 X-Cache-Hits 1765
OPTIONS H2	200	json gum.criteo.com/sid/ Frame	0 0	49ms 16ms	Preflight application/json	178.250.0.157 ASN-CRITEO-EUROPE
General Check archive.org Show headers Download Go to Full URL https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwww.grandforksherald.com%2F&domain=www.grandforksherald.com&cw=1&lsw=1 Protocol H2 Server 178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR), Reverse DNS Software / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Accept */* Access-Control-Request-Method GET Access-Control-Request-Headers content-type Origin https://www.grandforksherald.com User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Sec-Fetch-Mode cors Response headers cache-control no-cache, no-store, must-revalidate pragma no-cache content-type application/json; charset=utf-8 expires 0 strict-transport-security max-age=31536000 access-control-allow-origin https://www.grandforksherald.com access-control-allow-headers content-type access-control-allow-credentials true access-control-allow-methods GET server-processing-duration-in-ticks 1502 date Fri, 24 Sep 2021 05:08:41 GMT content-encoding gzip vary Accept-Encoding
GET H2	200	json Show response gum.criteo.com/sid/ Frame CF48	380 B 657 B	46ms 17ms	XHR application/json	178.250.0.157 ASN-CRITEO-EUROPE
General Check archive.org Show headers Download Go to Full URL https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwww.grandforksherald.com%2F&domain=www.grandforksherald.com&cw=1&lsw=1 Requested by Host: ads.pubmatic.com URL: https://ads.pubmatic.com/AdServer/js/pwt/157898/3581/pwt.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR), Reverse DNS Software / Resource Hash 7189ddf087427656d9ad08e81d027753e6777115db5fc8b1d6af29dd3b514c2a Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Referer https://www.grandforksherald.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Content-Type application/json Response headers pragma no-cache strict-transport-security max-age=31536000 content-encoding gzip date Fri, 24 Sep 2021 05:08:42 GMT vary Accept-Encoding access-control-allow-methods GET content-type application/json; charset=utf-8 access-control-allow-origin https://www.grandforksherald.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true server-processing-duration-in-ticks 2703 expires 0
GET H3	200	gpt.js Show response www.googletagservices.com/tag/js/ Frame CF48	73 KB 24 KB	17ms 16ms	Script text/javascript	142.250.186.98 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagservices.com/tag/js/gpt.js Requested by Host: www.grandforksherald.com URL: https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.186.98 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s06-in-f2.1e100.net Software sffe / Resource Hash 0a123679614b2f675f96dc01b96caf55391e4fef31e7d2bbb461fda69f61be71 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Fri, 24 Sep 2021 05:08:42 GMT content-encoding gzip x-content-type-options nosniff server sffe etag "996 / 906 of 1000 / last-modified: 1632435071" vary Accept-Encoding report-to {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]} content-type text/javascript cache-control private, max-age=900, stale-while-revalidate=3600 timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 24857 x-xss-protection 0 cross-origin-opener-policy-report-only same-origin; report-to="ads-gpt-scs" expires Fri, 24 Sep 2021 05:08:42 GMT
GET H3	200	pubads_impl_2021091501.js Show response securepubads.g.doubleclick.net/gpt/ Frame CF48	334 KB 116 KB	19ms 19ms	Script text/javascript	142.250.184.194 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021091501.js Requested by Host: www.googletagservices.com URL: https://www.googletagservices.com/tag/js/gpt.js Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.184.194 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s11-in-f2.1e100.net Software sffe / Resource Hash 52c41152c7916b4cf3b3a90f790faa0ba7f746603671e286531bc50407d844ca Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Fri, 24 Sep 2021 05:08:42 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 119151 x-xss-protection 0 last-modified Wed, 15 Sep 2021 08:39:44 GMT server sffe vary Accept-Encoding report-to {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]} content-type text/javascript cache-control private, immutable, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="ads-gpt-scs" expires Fri, 24 Sep 2021 05:08:42 GMT
GET H/1.1	200 OK	fastlane.json Show response fastlane.rubiconproject.com/a/api/ Frame CF48	240 B 1 KB	73ms 72ms	XHR application/json	69.173.144.143 RUBICONPROJECT
General Check archive.org Show headers Download Go to Full URL https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=13702&site_id=359170&zone_id=1933828&size_id=2&rp_schain=1.0,1!yieldlift.com,2000107,1,,,&eid_pubcid.org=60041967-495c-4ff3-b53f-f0bfa7382529%5E1&rf=https%3A%2F%2Fwww.grandforksherald.com%2Fbusiness%2Fagriculture%2F7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack&tk_flint=pbjs_lite_v5.1.0&x_source.tid=8dd2185c-41bb-413c-ab1c-5c71ceb1379a&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.9293051316020491 Requested by Host: cdn1.opstag.com URL: https://cdn1.opstag.com/13675/prebid.js Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_256_GCM Server 69.173.144.143 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US), Reverse DNS Software nginx/1.16.0 / Resource Hash 88d3906dcb47b81b068d20249a410804052d1f783e5f7c645660bde4ab12f2a3 Request headers Referer https://www.grandforksherald.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Content-Type text/plain Response headers Pragma no-cache Date Fri, 24 Sep 2021 05:08:43 GMT Server nginx/1.16.0 Vary Accept-Encoding P3P CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT" Access-Control-Allow-Origin https://www.grandforksherald.com Cache-Control no-cache, no-store, max-age=0, must-revalidate Access-Control-Allow-Credentials true Connection keep-alive Content-Type application/json Content-Length 240 Expires Wed, 17 Sep 1975 21:32:10 GMT
POST H/1.1	200 OK	bid Show response ap.lijit.com/rtb/ Frame CF48	94 B 769 B	127ms 71ms	XHR application/json	72.251.249.14 VOXEL-DOT-NET
General Check archive.org Show headers Download Go to Full URL https://ap.lijit.com/rtb/bid?src=prebid_prebid_5.1.0 Requested by Host: cdn1.opstag.com URL: https://cdn1.opstag.com/13675/prebid.js Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 72.251.249.14 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US), Reverse DNS Software nginx / Resource Hash 329f118d26e9735868181e16dd463053d5a95a01bd74faa1a006462a00df4954 Request headers Referer https://www.grandforksherald.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Content-Type text/plain Response headers Date Fri, 24 Sep 2021 05:08:43 GMT Content-Encoding gzip Server nginx Vary Accept-Encoding, User-Agent Access-Control-Allow-Methods GET, POST, DELETE, PUT Content-Type application/json Access-Control-Allow-Origin https://www.grandforksherald.com Access-Control-Allow-Credentials true X-Sovrn-Pod ad_ap1ams1 Access-Control-Allow-Headers X-Requested-With, Content-Type Content-Length 98
POST		translator hbopenbid.pubmatic.com/ Frame CF48	0 0
GET H2	200	arj Show response os4m-d.openx.net/w/1.0/ Frame CF48	174 B 357 B	88ms 63ms	XHR application/json	35.244.159.8 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://os4m-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fwww.grandforksherald.com%2Fbusiness%2Fagriculture%2F7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack&ch=UTF-8&res=1600x1200x24&ifr=true&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=8dd2185c-41bb-413c-ab1c-5c71ceb1379a&nocache=1632460122994&pubcid=60041967-495c-4ff3-b53f-f0bfa7382529&schain=1.0%2C1!yieldlift.com%2C2000107%2C1%2C%2C%2C&aus=728x90&divids=div-gpt-ad-3835049052572-0&aucs=&auid=543846343 Requested by Host: cdn1.opstag.com URL: https://cdn1.opstag.com/13675/prebid.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS 8.159.244.35.bc.googleusercontent.com Software OXGW/16.216.2 / Resource Hash d20b61e13a6049a20474ad6213e861f39494eb747885ba244636de9a3692efaa Request headers Referer https://www.grandforksherald.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Content-Type text/plain Response headers pragma no-cache date Fri, 24 Sep 2021 05:08:43 GMT content-encoding gzip server OXGW/16.216.2 vary Accept, Accept-Encoding p3p CP="CUR ADM OUR NOR STA NID" access-control-allow-origin https://www.grandforksherald.com cache-control private, max-age=0, no-cache access-control-allow-credentials true content-type application/json alt-svc clear content-length 165 via 1.1 google expires Mon, 26 Jul 1997 05:00:00 GMT
POST H/1.1	200 OK	prebid Show response ib.adnxs.com/ut/v3/ Frame CF48	15 KB 8 KB	92ms 92ms	XHR application/json	185.33.221.13 ASN-APPNEX
General Check archive.org Show headers Download Go to Full URL https://ib.adnxs.com/ut/v3/prebid Requested by Host: cdn1.opstag.com URL: https://cdn1.opstag.com/13675/prebid.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 185.33.221.13 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US), Reverse DNS 729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net Software nginx/1.17.9 / Resource Hash 14565e2a49accb4324dc31fa02c93c724a9d893bd574b33f9e151209e50505a2 Security Headers Name Value X-Xss-Protection 0 Request headers Referer https://www.grandforksherald.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Content-Type text/plain Response headers Date Fri, 24 Sep 2021 05:08:43 GMT Content-Encoding gzip Transfer-Encoding chunked P3P policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" Connection keep-alive X-Proxy-Origin 216.131.114.127; 216.131.114.127; 729.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com X-XSS-Protection 0 Pragma no-cache AN-X-Request-Uuid 731027f9-faf8-48e9-bce9-7a78706e7758 Server nginx/1.17.9 Vary Accept-Encoding Content-Type application/json; charset=utf-8 Access-Control-Allow-Origin https://www.grandforksherald.com Cache-Control no-store, no-cache, private Access-Control-Allow-Credentials true Expires Sat, 15 Nov 2008 16:00:00 GMT
GET H/1.1	200 OK	trinity.json Show response apex.go.sonobi.com/ Frame CF48	95 B 739 B	99ms 33ms	XHR application/json	178.162.133.150 LEASEWEB-NL-AMS-0...
General Check archive.org Show headers Download Go to Full URL https://apex.go.sonobi.com/trinity.json?key_maker=%7B%2212f4bc90339e3d6%22%3A%22b81ac7e9429c22495628%7C728x90%7Cgpid%3D%2F8570%2Fforumcommunications%2Fforumcommunications-13675-728x90-activefill-desktop%22%7D&ref=https%3A%2F%2Fwww.grandforksherald.com%2Fbusiness%2Fagriculture%2F7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack&s=e7851270-0b10-4bf7-bf8a-633c07b63228&pv=14b632ad-b789-4465-8a29-c33b0ca839f7&vp=mobile&lib_name=prebid&lib_v=5.1.0&us=10&ius=1&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22yieldlift.com%22%2C%22sid%22%3A%222000107%22%2C%22hp%22%3A1%7D%5D%7D&userid=%7B%22pubcid%22%3A%2260041967-495c-4ff3-b53f-f0bfa7382529%22%7D&eids=%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%2260041967-495c-4ff3-b53f-f0bfa7382529%22%2C%22atype%22%3A1%7D%5D%7D%5D&coppa=0 Requested by Host: cdn1.opstag.com URL: https://cdn1.opstag.com/13675/prebid.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 178.162.133.150 Rotterdam, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL), Reverse DNS ams-1-apex.go.sonobi.com Software sonobi-go / Resource Hash ff7abd1b8a8e92648e91a9b193b0575880214a5d0270d306c610e8d98b9894a9 Security Headers Name Value X-Xss-Protection 0 Request headers Referer https://www.grandforksherald.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Content-Type text/plain Response headers Pragma no-cache Date Fri, 24 Sep 2021 05:08:43 GMT Content-Encoding gzip Server sonobi-go Vary negotiate,Accept-Encoding X-Go-Server apex-ams-1-6-9 P3p CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA" Access-Control-Allow-Origin https://www.grandforksherald.com Cache-Control no-cache, no-store, private Access-Control-Allow-Credentials true Tcn Choice Content-Type application/json Content-Length 120 X-Xss-Protection 0 Expires Sat, 26 Jul 1997 05:00:00 GMT
GET H3	200	view securepubads.g.doubleclick.net/pcs/	0 0	58ms 36ms	Fetch image/gif	142.250.184.194 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstXL8XuA1bv9o4uIlDd4lbMKeMYO6XTd0fX9Cd--iNEG2d0Rhs2OSM-vBYYKPcTrY_HWVLeRmVWcMVu6vozW7Wz7xfmagSuDgD6LwYtVjGBb9PsjgWef99Qt4rYhcvASGyzjkCyPlFIbnSLFJj5pqBUhygILpd04mDmwGlzcaPcN7WW_3c8m1-vllYVnxDuZR09YCwC-B_RvJgse3DQwbAU-5XKzwDWW7LON09z6ZlYogxD4UH0VG0m29rRnE5vSXJOwtizo-_C41_8SsHsAK4g_FuShFRz3Y8Amg-keMfavtf5mTvdDypfGNbSB6RbAXlQcvHV9TIS8M_XBEXLG4oD2vx5zQ&sig=Cg0ArKJSzIFsooXHS1VXEAE&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&adurl= Requested by Host: cdnjs.cloudflare.com URL: https://cdnjs.cloudflare.com/ajax/libs/rollbar.js/2.4.6/rollbar.min.js Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.184.194 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s11-in-f2.1e100.net Software cafe / Resource Hash Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers timing-allow-origin * date Fri, 24 Sep 2021 05:08:43 GMT x-content-type-options nosniff accept-ch Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" access-control-allow-origin * cache-control private cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 x-xss-protection 0 server cafe expires Fri, 24 Sep 2021 05:08:43 GMT
GET H2	200	activeview Show response pagead2.googlesyndication.com/pcs/	42 B 518 B	38ms 16ms	Fetch image/gif	142.250.185.98 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsu_MjB_kXXfXa_RPeJ7VgQipHC8iv75XWOUnc4LcSxY5QCHtwp7PglHpOMnVtXY7IzeZI15PsBd3ffq-jNNsc3QgP-fV4fOMUzx69Y5LfeX2uyLiUpQ&sig=Cg0ArKJSzLRT7BadZwNNEAE&id=lidar2&mcvt=1000&p=0,0,90,1600&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20210922&bin=7&avms=nio&bs=1600,1200&mc=1&app=0&itpl=19&adk=2570968063&rs=4&met=mue&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&eosm=0&rst=1632460119616&rpt=3383&r=v Requested by Host: cdnjs.cloudflare.com URL: https://cdnjs.cloudflare.com/ajax/libs/rollbar.js/2.4.6/rollbar.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.185.98 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s49-in-f2.1e100.net Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers pragma no-cache date Fri, 24 Sep 2021 05:08:44 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" access-control-allow-origin * cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	451	envelope Show response api.rlcdn.com/api/identity/ Frame CF48	44 B 335 B	48ms 17ms	XHR text/plain	34.120.133.55 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://api.rlcdn.com/api/identity/envelope?pid=1258 Requested by Host: ads.pubmatic.com URL: https://ads.pubmatic.com/AdServer/js/pwt/157898/3581/pwt.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.120.133.55 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS 55.133.120.34.bc.googleusercontent.com Software / Resource Hash da45962a1fb4a049c9367ebe9b1b628f071d7a4c9997ee807c01d23f4866e19c Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://www.grandforksherald.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Content-Type text/plain Response headers date Fri, 24 Sep 2021 05:08:44 GMT via 1.1 google x-content-type-options nosniff access-control-allow-headers Accept, Authorization, Content-Type, Cookie, Origin, X-Requested-With access-control-allow-methods GET, OPTIONS content-type text/plain; charset=utf-8 access-control-allow-origin https://www.grandforksherald.com access-control-allow-credentials true alt-svc clear content-length 44
GET H2	200	rid Show response match.adsrvr.org/track/ Frame CF48	109 B 551 B	110ms 32ms	XHR application/json	13.248.242.197 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://match.adsrvr.org/track/rid?ttd_pid=71nw1m8&fmt=json Requested by Host: ads.pubmatic.com URL: https://ads.pubmatic.com/AdServer/js/pwt/157898/3581/pwt.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 13.248.242.197 , United States, ASN16509 (AMAZON-02, US), Reverse DNS a97adde81b00f2ca4.awsglobalaccelerator.com Software / Resource Hash d455ff68ab4b30562a0904bc96197e4a66d7b038a41b5e074ebe73dc25083eb4 Request headers Referer https://www.grandforksherald.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Content-Type text/plain Response headers date Fri, 24 Sep 2021 05:08:44 GMT x-aspnet-version 4.0.30319 vary Origin content-type application/json; charset=utf-8 access-control-allow-origin https://www.grandforksherald.com cache-control private access-control-allow-credentials true access-control-allow-headers Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept content-length 109 expires Sun, 24 Oct 2021 05:08:44 GMT
GET H3	200	integrator.js Show response adservice.google.com/adsid/ Frame CF48	107 B 122 B	16ms 16ms	Script application/javascript	142.250.186.66 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://adservice.google.com/adsid/integrator.js?domain=www.grandforksherald.com Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021091501.js Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.186.66 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s05-in-f2.1e100.net Software cafe / Resource Hash a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers timing-allow-origin * date Fri, 24 Sep 2021 05:08:45 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info." cache-control private, no-cache, no-store cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type application/javascript; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 100 x-xss-protection 0
GET H3	200	ads Show response securepubads.g.doubleclick.net/gampad/ Frame CF48	16 KB 8 KB	182ms 181ms	XHR text/plain	142.250.184.194 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2348295077200080&correlator=1621045533037844&output=ldjh&impl=fifs&vrg=2021091501&ptt=17&sc=1&sfv=1-0-38&ecs=20210924&iu_parts=8570%2Cforumcommunications%2Cforumcommunications-13675-728x90-activefill-desktop&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=728x90&prev_scp=hb_format_appnexus%3Dbanner%26hb_size_appnexus%3D728x90%26hb_pb_appnexus%3D0.01%26hb_adid_appnexus%3D14694fc85112963%26hb_bidder_appnexus%3Dappnexus%26hb_format%3Dbanner%26hb_size%3D728x90%26hb_pb%3D0.01%26hb_adid%3D14694fc85112963%26hb_bidder%3Dappnexus%26rfsh%3D1%26rfshtime%3D1&eri=1&cookie=ID%3D536e5f81fa5be873%3AT%3D1632460121%3AS%3DALNI_MZxewSZCtHNiHu3kJkdxcj3ygRSdA&cdm=www.grandforksherald.com&bc=31&abxe=1&lmt=1632460125&dt=1632460125018&dlt=1632460122559&idt=182&ea=0&frm=23&biw=1600&bih=1200&isw=728&ish=90&oid=3&adxs=0&adys=0&adks=168346690&ucis=y0zrtg7anzps&ifi=1&ifk=1103143639&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&url=https%3A%2F%2Fwww.grandforksherald.com%2Fbusiness%2Fagriculture%2F7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack&top=https%3A%2F%2Fwww.grandforksherald.com%2Fbusiness%2Fagriculture%2F7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack&vis=1&dmc=8&scr_x=0&scr_y=0&psz=728x-1&msz=728x-1&ga_vid=962869590.1632460121&ga_sid=1632460125&ga_hid=815366483&ga_fc=true&fws=260&ohw=728&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0. Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021091501.js Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.184.194 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s11-in-f2.1e100.net Software cafe / Resource Hash fb1c865a8c3cc5ede4a37c6ca5e0d351557af6ad1598536ed81485416a08268a Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Fri, 24 Sep 2021 05:08:45 GMT content-encoding br x-content-type-options nosniff google-mediationgroup-id -2 p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 7822 x-xss-protection 0 google-lineitem-id 4925163041 pragma no-cache server cafe google-mediationtag-id -2 google-creative-id 138257536831 content-type text/plain; charset=UTF-8 access-control-allow-origin https://www.grandforksherald.com cache-control no-cache, must-revalidate access-control-allow-credentials true timing-allow-origin * expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	container.html Show response e184b3b19b9362fbf76e4197c4cb0b8d.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 5259	6 KB 3 KB	36ms 14ms	Document text/html	142.250.184.193 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://e184b3b19b9362fbf76e4197c4cb0b8d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1 Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021091501.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.184.193 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s11-in-f1.1e100.net Software sffe / Resource Hash a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers :method GET :authority e184b3b19b9362fbf76e4197c4cb0b8d.safeframe.googlesyndication.com :scheme https :path /safeframe/1-0-38/html/container.html?n=1 pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 accept-language de-DE,de;q=0.9 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest iframe referer https://www.grandforksherald.com/ accept-encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ Response headers accept-ranges bytes vary Accept-Encoding content-encoding gzip content-type text/html cross-origin-resource-policy cross-origin cross-origin-opener-policy-report-only same-origin; report-to="ads-gpt-scs" report-to {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]} timing-allow-origin * content-length 3108 date Fri, 24 Sep 2021 05:08:45 GMT expires Sat, 24 Sep 2022 05:08:45 GMT cache-control public, immutable, max-age=31536000 last-modified Tue, 02 Mar 2021 20:17:03 GMT x-content-type-options nosniff server sffe x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H3	200	view securepubads.g.doubleclick.net/pcs/ Frame CF48	0 0	30ms 30ms	Fetch image/gif	142.250.184.194 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsun9sHalHt9roquRiI47qPewClRj5aWR5_jdRgzfAJmH2DUMCnLMorLAnnqP2E0cyxLFWP5Ux3e8YMIkwqy6BuqEenPfgJmX0nlARvbrMD5NKxoQTygnkU-ECOqwspl34xBoVHegs5GE-f82X-Uu4zDXKhZ8M5AkDlEuGejyIaaWynFZsJpGVosAEYGZxhZdJdgNgxjgLKM93IRiZGsfVxY5HJSM6iE8i5n7CLi_Abav5DS1AImZEvSVPTZSQm8h5YCRvmXuv-URPxp4VpM0Nxb3cptwJgz4epC0F8DX9TOoAfchJXK4pq6OO10gtjsuP-6-4h0hjtbUnTkYpdo4j4eazNegnMBhk6kAPQrr4WNB_01sQ7-OdUV4z6Ap2M20DOkPkit_4CiAg&sig=Cg0ArKJSzBhnup9C-mIVEAE&urlfix=1&adurl= Requested by Host: www.grandforksherald.com URL: https://www.grandforksherald.com/business/agriculture/7208196-minnesota-grain-handler-crystal-valley-co-op-targeted-in-ransomware-attack Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.184.194 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s11-in-f2.1e100.net Software cafe / Resource Hash Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers timing-allow-origin * date Fri, 24 Sep 2021 05:08:45 GMT x-content-type-options nosniff accept-ch Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" access-control-allow-origin * cache-control private cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 x-xss-protection 0 server cafe
GET H3	200	rx_lidar.js Show response www.googletagservices.com/activeview/js/current/ Frame CF48	128 KB 39 KB	17ms 17ms	Script text/javascript	142.250.186.98 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914 Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021091501.js Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.186.98 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s06-in-f2.1e100.net Software sffe / Resource Hash c2918d0edea50f453e2143087cb6f5b232a6fef8b687e228496629f0739fc809 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Fri, 24 Sep 2021 05:08:45 GMT content-encoding gzip x-content-type-options nosniff content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 39662 x-xss-protection 0 server sffe etag "1632310973010379" vary Accept-Encoding report-to {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]} content-type text/javascript cache-control private, max-age=3000 accept-ranges bytes cross-origin-opener-policy-report-only same-origin; report-to="active-view-scs-read-write-acl" expires Fri, 24 Sep 2021 05:08:45 GMT
GET H3	200	osd.js Show response www.googletagservices.com/activeview/js/current/ Frame CF48	72 KB 27 KB	17ms 17ms	Script text/javascript	142.250.186.98 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagservices.com/activeview/js/current/osd.js Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021091501.js Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.186.98 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s06-in-f2.1e100.net Software sffe / Resource Hash 3a7ad5974f3d165d1a83149795afe792e241b0e6a41078c6e14bcecc5449934e Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Fri, 24 Sep 2021 05:08:45 GMT content-encoding gzip x-content-type-options nosniff content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 27652 x-xss-protection 0 server sffe etag "1632310961004595" vary Accept-Encoding report-to {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]} content-type text/javascript cache-control private, max-age=3000 accept-ranges bytes cross-origin-opener-policy-report-only same-origin; report-to="active-view-scs-read-write-acl" expires Fri, 24 Sep 2021 05:08:45 GMT
GET DATA	200 OK	truncated / Frame CF48	217 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 33bfc0e10247e82f38bf795ea3810d82e70f6bea05dce8efd129e7aa3e60a725 Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Content-Type image/png
GET H3	200	sodar Show response pagead2.googlesyndication.com/getconfig/ Frame CF48	11 KB 8 KB	34ms 20ms	XHR application/json	142.250.185.98 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021091501&st=env Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021091501.js Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.185.98 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s49-in-f2.1e100.net Software cafe / Resource Hash a5556cda80a2b5b5e15466f060937c434962398a7a9887b6b44110b3f9f2b521 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers timing-allow-origin * date Fri, 24 Sep 2021 05:08:45 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" access-control-allow-origin * cache-control private cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type application/json; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 8475 x-xss-protection 0
GET H3	200	view securepubads.g.doubleclick.net/pcs/ Frame CF48	0 0	36ms 36ms	Fetch image/gif	142.250.184.194 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsv2uo8ujIjW2jwaB1oh-iPTgIA_QZQBQoPxrfJpS4SBSaQrytNlV2uJ6xDaQM9R5l6P3PapY_BsYRQBBKAvbgSlZwxbzag6ghEloUYmU9QaiG6BnzSjHkKu-P0dLD6buLDU5jk-dLnJPH_NZ8DbVNdhsX9L1troDvA2lk9kgxcE5OsolmCi_wRaAr-QNC4NOTTn_3KoLEqFKQgSPniL0INsK9pLmmMZdxdafZ1cfuzVw79__NkwWucC35K1zQQCVMQaaj_Qt3E9mOFep6gF5ZjL8PJnjjPc0jK4O5p2fItpd5d6Hix8EnZ7GxkvC8jaMJS66z29hVzR-ZrBt1mawanpUM7zvcmNlJ_pzWR80pKiy1gUI8kUz0jK-fMUdob2-G7CKCRbtMEtrn1X&sig=Cg0ArKJSzDyNk2QwraXTEAE&urlfix=1&adurl= Requested by Host: www.googletagservices.com URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914 Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.184.194 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s11-in-f2.1e100.net Software cafe / Resource Hash Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers timing-allow-origin * date Fri, 24 Sep 2021 05:08:45 GMT x-content-type-options nosniff accept-ch Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" access-control-allow-origin * cache-control private cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 x-xss-protection 0 server cafe expires Fri, 24 Sep 2021 05:08:45 GMT
GET H2	200	sodar2.js Show response tpc.googlesyndication.com/sodar/ Frame CF48	17 KB 7 KB	48ms 26ms	Script text/javascript	142.250.184.193 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/sodar/sodar2.js Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021091501.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.184.193 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s11-in-f1.1e100.net Software sffe / Resource Hash a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Fri, 24 Sep 2021 05:08:45 GMT content-encoding gzip x-content-type-options nosniff server sffe etag "1624308425655142" vary Accept-Encoding report-to {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]} content-type text/javascript cache-control private, max-age=3000 accept-ranges bytes alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 6467 x-xss-protection 0 cross-origin-opener-policy-report-only same-origin; report-to="adspam-signals-scs" expires Fri, 24 Sep 2021 05:08:45 GMT
GET H3	200	runner.html Show response tpc.googlesyndication.com/sodar/sodar2/224/ Frame 405F	12 KB 5 KB	36ms 13ms	Document text/html	142.250.184.193 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/sodar2.js Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.184.193 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s11-in-f1.1e100.net Software sffe / Resource Hash 4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers :method GET :authority tpc.googlesyndication.com :scheme https :path /sodar/sodar2/224/runner.html pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 accept-language de-DE,de;q=0.9 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest iframe referer https://www.grandforksherald.com/ accept-encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ Response headers accept-ranges bytes vary Accept-Encoding content-encoding gzip content-type text/html cross-origin-resource-policy cross-origin cross-origin-opener-policy-report-only same-origin; report-to="adspam-signals-scs" report-to {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]} content-length 5029 date Thu, 23 Sep 2021 19:12:55 GMT expires Fri, 23 Sep 2022 19:12:55 GMT last-modified Wed, 02 Jun 2021 17:09:45 GMT x-content-type-options nosniff server sffe x-xss-protection 0 cache-control public, max-age=31536000 age 35750 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H3	200	aframe Show response www.google.com/recaptcha/api2/ Frame 47E3	783 B 537 B	25ms 24ms	Document text/html	142.250.181.228 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google.com/recaptcha/api2/aframe Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/sodar2.js Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.181.228 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s56-in-f4.1e100.net Software GSE / Resource Hash c0166de36fedadd187017a70f3d03c12b5a7bd8ee6877581b9c0e20712ca1435 Security Headers Name Value Content-Security-Policy script-src 'report-sample' 'nonce-mjBnXJuBVYG0K+47Oj8dHA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers :method GET :authority www.google.com :scheme https :path /recaptcha/api2/aframe pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 accept-language de-DE,de;q=0.9 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest iframe referer https://www.grandforksherald.com/ accept-encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ Response headers cross-origin-resource-policy cross-origin cross-origin-embedder-policy-report-only require-corp; report-to="recaptcha" report-to {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} expires Fri, 24 Sep 2021 05:08:45 GMT date Fri, 24 Sep 2021 05:08:45 GMT cache-control private, max-age=300 content-type text/html; charset=utf-8 content-security-policy script-src 'report-sample' 'nonce-mjBnXJuBVYG0K+47Oj8dHA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1 content-encoding gzip x-content-type-options nosniff x-xss-protection 1; mode=block content-length 515 server GSE alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H3	204	sodar pagead2.googlesyndication.com/pagead/ Frame 47E3	0 0	47ms 33ms	Image text/html	142.250.185.98 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gpt_2021091501&jk=2348295077200080&rc= Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.185.98 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s49-in-f2.1e100.net Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.google.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers
GET H3	200	WAz-nyaJu9uVRUq8NsxhsXGtXViWwv7lV4sP3qP2SqA.js Show response pagead2.googlesyndication.com/bg/ Frame 405F	35 KB 13 KB	11ms 7ms	Script text/javascript	142.250.185.98 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/bg/WAz-nyaJu9uVRUq8NsxhsXGtXViWwv7lV4sP3qP2SqA.js Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.185.98 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s49-in-f2.1e100.net Software sffe / Resource Hash 580cfe9f2689bbdb95454abc36cc61b171ad5d5896c2fee5578b0fdea3f64aa0 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://tpc.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Thu, 23 Sep 2021 12:02:04 GMT content-encoding br x-content-type-options nosniff age 61601 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 13388 x-xss-protection 0 last-modified Mon, 20 Sep 2021 23:08:00 GMT server sffe vary Accept-Encoding report-to {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]} content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes cross-origin-opener-policy-report-only same-origin; report-to="botguard-scs" expires Fri, 23 Sep 2022 12:02:04 GMT
GET H3	204	sodar pagead2.googlesyndication.com/pagead/ Frame CF48	0 0	49ms 48ms	Image text/html	142.250.185.98 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&t=2&li=gpt_2021091501&jk=2348295077200080&bg=!W1ilWBzNAAZNQyuQTUM7ACkAdvg8WtArWwB6WdpbMmIj59TLDTBWhx8cMeOgh4T3m9PVoqTFqSjKkAIAAABjUgAAAAloAQeZAvNOOicss1tywmtT0rSiRy-8fWdJix76ZVlMjpLYl1DoWihS-ydNgD4hWEjscL7h5Fr4cRwGBt76MAmG-Mhup0mt2aU_spz9igGTDSz4UQ57m4naa6m1rqDSA3e5P8dUlAoFhP5cn0z7n1xj9WExfC4tHpdhW_6Rdlp2FUfa4Q7s7jvt0pIR7h0CkR0nhOd4DUJJING7BPocCotitgiVj97YPAgJsh9cGzqdJFpdKHny96xQiXk5kBeDbf-PzMRtl3KOQc3xA-LYhYN2alkGPyVnLorUv9lSIf7MuenYLQQn6UTMKw-OPj-4O6_OnKrUwpwL6cmH82IOFT0JuI3yHz9uu9vk-cxleQt3zn7FGTgCUBcgtgvb26PXmJHYopilRMHDfPHVAOGRo9c5-vJCqo2VY7HbvxTS_R0Wx_JGC7mc8NyIl4-VSANjZLoAaHxTWtg8-07yjuWj6fE-ELSy0Q8oZl_iS0-bnbI_Idxdi3dUVwTD-jDlgOmvGyNLpKtURTXpCbIsQLYXfm0r-TCIxTEknNZqeyfR4RShzDMXLbw_j1LvIEMV2wJqUfcskpbdjKvpUsXCLu2DlcBOmGn6KRUIwc-DmzRZj6ZlOF1d2kqx7J68POQmulh7MSfeBYBneM2-uqL-TQZUSYu_Qi-eqWjqdp7iejBj6rhcc-q9gk0qjmn2uD56ixX2Buuv5a_TuOLrHqXa8oX7vgYqtoBJvlMN_m-E7VWCGSl_rXckXmvCiRn0qMeY54NArJOyidHSk6LvaMpQNHZkYTL3-Z9Oce1pN87p9iTd6_aC1ABOQSNyu3MIB40gotXRLoy6lDCsYIY8QqW-15C-SkmvDZd8JOi6XiblAARd-5GeBf1rJh1YQlFA_q1fU1ssSQOhyG7lVxkutIAQfs8dyqlw60iok4RFR-Wb5B50dBiRn2pXGVeWRAK3Q_C_8jQp9bZDWR-o4x8lkNqrvXqwC3mzkHCJoB1qpeuA1lxpSW7gXtuqFFAcA72ipQ Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.185.98 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s49-in-f2.1e100.net Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers
GET H3	200	activeview Show response pagead2.googlesyndication.com/pcs/ Frame CF48	42 B 64 B	15ms 15ms	Fetch image/gif	142.250.185.98 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvTMZkXGaOjZgZTGMG4nawrj9ZB1J9Ykr0Va4J0XGtz7-X4K__SO8rCqvO_wlpnDCnCVJtJqngWlu_wwpwod8Acj2rsfxD-v6feC-s962JM4t__ptwj&sig=Cg0ArKJSzCLR9F9ZSGB7EAE&id=lidar2&mcvt=1000&p=0,0,90,728&asp=0,0,90,728&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20210922&bin=7&avms=nio&bs=1600,1200&mc=1&app=0&itpl=19&adk=168346690&rs=4&met=ce&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&eosm=0&rst=1632460122559&rpt=2720&isd=0&lsd=0&r=v Requested by Host: www.googletagservices.com URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914 Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.185.98 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s49-in-f2.1e100.net Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.grandforksherald.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers pragma no-cache date Fri, 24 Sep 2021 05:08:46 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" access-control-allow-origin * cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H2	200	v2mznxZTyR7_M19l6lr3frBIwfTtp6mpy_E3MsF7WH8TMRCx1-Xu5Yx8RBpbbeQQYXN3R9Yzs Show response stereotypedsugar.com/	216 B 620 B	49ms 18ms	Fetch application/json	35.201.96.133 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://stereotypedsugar.com/v2mznxZTyR7_M19l6lr3frBIwfTtp6mpy_E3MsF7WH8TMRCx1-Xu5Yx8RBpbbeQQYXN3R9Yzs Requested by Host: cdnjs.cloudflare.com URL: https://cdnjs.cloudflare.com/ajax/libs/rollbar.js/2.4.6/rollbar.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.201.96.133 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS 133.96.201.35.bc.googleusercontent.com Software / Resource Hash 110afd89503924f23a073e9a523ccc92f0347a8321c0e1309fbbabf31f97824f Security Headers Name Value Strict-Transport-Security max-age=15724800; preload Request headers Referer https://www.grandforksherald.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers strict-transport-security max-age=15724800; preload x-datacenter gce-europe-west1 date Fri, 24 Sep 2021 05:08:46 GMT vary Accept-Encoding, Origin access-control-allow-methods POST, OPTIONS content-type application/json; charset=utf-8 access-control-allow-origin https://www.grandforksherald.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true x-hostname c984a0b3 timing-allow-origin * access-control-allow-headers DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie content-length 216 expires Fri, 24 Sep 2021 05:08:45 GMT
POST H2	200	v2bmamDjFzrt06aESAnyaQwvu8ZFYjlCCEBCZx2tS_XO-EZTmP2e6YEhpQsTAYPB782548ChY Show response stereotypedsugar.com/	3 B 59 B	227ms 226ms	Fetch application/json	35.201.96.133 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://stereotypedsugar.com/v2bmamDjFzrt06aESAnyaQwvu8ZFYjlCCEBCZx2tS_XO-EZTmP2e6YEhpQsTAYPB782548ChY Requested by Host: cdnjs.cloudflare.com URL: https://cdnjs.cloudflare.com/ajax/libs/rollbar.js/2.4.6/rollbar.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.201.96.133 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS 133.96.201.35.bc.googleusercontent.com Software / Resource Hash ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356 Security Headers Name Value Strict-Transport-Security max-age=15724800; preload Request headers Referer https://www.grandforksherald.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers strict-transport-security max-age=15724800; preload x-datacenter gce-europe-west1 date Fri, 24 Sep 2021 05:08:47 GMT vary Accept-Encoding, Origin access-control-allow-methods POST, OPTIONS content-type application/json; charset=utf-8 access-control-allow-origin https://www.grandforksherald.com access-control-allow-credentials true x-hostname c984a0b3 timing-allow-origin * access-control-allow-headers DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie content-length 3

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

s7.addthis.com

URL

https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html

Domain

adserver-us.adtech.advertising.com

URL

https://adserver-us.adtech.advertising.com/pubapi/3.0/10798.1/4330528/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=28d6cd19e775133;misc=1632460121633;

Domain

adserver-us.adtech.advertising.com

URL

https://adserver-us.adtech.advertising.com/pubapi/3.0/10798.1/4330526/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=29de0ac1acfd709;misc=1632460121633;

Domain

adserver-us.adtech.advertising.com

URL

https://adserver-us.adtech.advertising.com/pubapi/3.0/10798.1/4330525/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=47eb09731b9c6f8;misc=1632460121644;

Domain

adserver-us.adtech.advertising.com

URL

https://adserver-us.adtech.advertising.com/pubapi/3.0/10798.1/4330526/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=48658989353c572;misc=1632460121644;

Domain

forumcomm.friends2follow.com

URL

https://forumcomm.friends2follow.com/sites/all/modules/friends2follow/dist/friends2follow_socialstack_on_init.min.js

Domain

twemoji.maxcdn.com

URL

https://twemoji.maxcdn.com/36x36/1f4a5.png

Domain

twemoji.maxcdn.com

URL

https://twemoji.maxcdn.com/36x36/1f4e3.png

Domain

twemoji.maxcdn.com

URL

https://twemoji.maxcdn.com/36x36/2705.png

Domain

twemoji.maxcdn.com

URL

https://twemoji.maxcdn.com/36x36/1f3a8.png

Domain

twemoji.maxcdn.com

URL

https://twemoji.maxcdn.com/36x36/2702.png

Domain

twemoji.maxcdn.com

URL

https://twemoji.maxcdn.com/36x36/2728.png

Domain

twemoji.maxcdn.com

URL

https://twemoji.maxcdn.com/36x36/1f60d.png

Domain

twemoji.maxcdn.com

URL

https://twemoji.maxcdn.com/36x36/1f378.png

Domain

twemoji.maxcdn.com

URL

https://twemoji.maxcdn.com/36x36/1f389.png

Domain

twemoji.maxcdn.com

URL

https://twemoji.maxcdn.com/36x36/1f379.png

Domain

twemoji.maxcdn.com

URL

https://twemoji.maxcdn.com/36x36/1f357.png

Domain

twemoji.maxcdn.com

URL

https://twemoji.maxcdn.com/36x36/1f355.png

Domain

twemoji.maxcdn.com

URL

https://twemoji.maxcdn.com/36x36/26a1.png

Domain

hbopenbid.pubmatic.com

URL

https://hbopenbid.pubmatic.com/translator?source=prebid-client