www.nytimes.com Open in urlscan Pro
151.101.129.164 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://movies.nytimes.com/person/1430347/Sarah-Jeanne-LaBrosse
Effective URL:
https://www.nytimes.com/section/movies
Submission: On December 12 via api (December 12th 2023, 2:23:05 pm UTC) from AU — Scanned from AU

Summary HTTP 250 Redirects Links 17 Behaviour Indicators

Summary

This website contacted 64 IPs in 8 countries across 61 domains to perform 250 HTTP transactions. The main IP is 151.101.129.164, located in United States and belongs to FASTLY, US. The main domain is www.nytimes.com. The Cisco Umbrella rank of the primary domain is 3174.
TLS certificate: Issued by Thawte RSA CA 2018 on March 22nd 2023. Valid for: a year.

This is the only time www.nytimes.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	151.101.193.164 151.101.193.164	54113 (FASTLY) (FASTLY)
58	151.101.129.164 151.101.129.164	54113 (FASTLY) (FASTLY)
1	18.67.97.42 18.67.97.42	16509 (AMAZON-02) (AMAZON-02)
2	142.250.66.232 142.250.66.232	15169 (GOOGLE) (GOOGLE)
6	50.112.118.45 50.112.118.45	16509 (AMAZON-02) (AMAZON-02)
4	18.67.93.81 18.67.93.81	16509 (AMAZON-02) (AMAZON-02)
3	13.35.151.131 13.35.151.131	16509 (AMAZON-02) (AMAZON-02)
1	13.35.147.106 13.35.147.106	16509 (AMAZON-02) (AMAZON-02)
8	142.250.204.2 142.250.204.2	15169 (GOOGLE) (GOOGLE)
1	13.213.94.216 13.213.94.216	16509 (AMAZON-02) (AMAZON-02)
3	69.173.158.65 69.173.158.65	26667 (RUBICONPR...) (RUBICONPROJECT)
1	67.199.150.87 67.199.150.87	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1	35.186.253.211 35.186.253.211	15169 (GOOGLE) (GOOGLE)
3 6	103.43.89.4 103.43.89.4	29990 (ASN-APPNEX) (ASN-APPNEX)
1	34.120.63.153 34.120.63.153	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
3 5	104.18.36.155 104.18.36.155	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	13.35.147.38 13.35.147.38	16509 (AMAZON-02) (AMAZON-02)
1 2	18.67.111.28 18.67.111.28	16509 (AMAZON-02) (AMAZON-02)
1	44.226.14.255 44.226.14.255	16509 (AMAZON-02) (AMAZON-02)
3	18.67.114.43 18.67.114.43	16509 (AMAZON-02) (AMAZON-02)
11	142.250.204.1 142.250.204.1	15169 (GOOGLE) (GOOGLE)
3	142.251.12.84 142.251.12.84	15169 (GOOGLE) (GOOGLE)
2 16	52.46.155.104 52.46.155.104	16509 (AMAZON-02) (AMAZON-02)
1 2	142.251.221.70 142.251.221.70	15169 (GOOGLE) (GOOGLE)
1	18.67.107.130 18.67.107.130	16509 (AMAZON-02) (AMAZON-02)
2	104.26.13.18 104.26.13.18	13335 (CLOUDFLAR...) (CLOUDFLARENET)
9 9	15.197.193.217 15.197.193.217	16509 (AMAZON-02) (AMAZON-02)
13 19	69.173.158.64 69.173.158.64	26667 (RUBICONPR...) (RUBICONPROJECT)
14 20	142.251.221.66 142.251.221.66	15169 (GOOGLE) (GOOGLE)
10 10	18.143.106.89 18.143.106.89	16509 (AMAZON-02) (AMAZON-02)
2	23.206.242.194 23.206.242.194	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	20.50.2.28 20.50.2.28	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	3.226.96.146 3.226.96.146	14618 (AMAZON-AES) (AMAZON-AES)
1 2	54.79.148.68 54.79.148.68	16509 (AMAZON-02) (AMAZON-02)
6	142.250.204.6 142.250.204.6	15169 (GOOGLE) (GOOGLE)
8	142.250.66.226 142.250.66.226	15169 (GOOGLE) (GOOGLE)
2	142.250.66.194 142.250.66.194	15169 (GOOGLE) (GOOGLE)
3	18.244.214.85 18.244.214.85	16509 (AMAZON-02) (AMAZON-02)
2 9	172.64.151.101 172.64.151.101	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 4	23.52.225.82 23.52.225.82	16625 (AKAMAI-AS) (AKAMAI-AS)
2	23.198.59.89 23.198.59.89	16625 (AKAMAI-AS) (AKAMAI-AS)
2	23.202.170.74 23.202.170.74	16625 (AKAMAI-AS) (AKAMAI-AS)
1 6	35.244.159.8 35.244.159.8	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2 3	35.71.178.8 35.71.178.8	16509 (AMAZON-02) (AMAZON-02)
2	67.199.150.81 67.199.150.81	3257 (GTT-BACKB...) (GTT-BACKBONE GTT)
13	104.17.202.110 104.17.202.110	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 5	35.213.12.39 35.213.12.39	15169 (GOOGLE) (GOOGLE)
1 1	124.146.153.163 124.146.153.163	2514 (INFOSPHER...) (INFOSPHERE NTT PC Communications)
2 2	13.224.181.100 13.224.181.100	16509 (AMAZON-02) (AMAZON-02)
3 3	35.169.223.36 35.169.223.36	14618 (AMAZON-AES) (AMAZON-AES)
3 3	50.116.239.135 50.116.239.135	6336 (TURN-US-ASN) (TURN-US-ASN)
2 2	18.238.192.123 18.238.192.123	16509 (AMAZON-02) (AMAZON-02)
1 1	198.8.71.130 198.8.71.130	54312 (ROCKETFUEL) (ROCKETFUEL)
3 5	35.244.154.8 35.244.154.8	15169 (GOOGLE) (GOOGLE)
1 2	34.234.28.111 34.234.28.111	14618 (AMAZON-AES) (AMAZON-AES)
1 3	54.255.162.48 54.255.162.48	16509 (AMAZON-02) (AMAZON-02)
1 1	34.160.19.107 34.160.19.107	15169 (GOOGLE) (GOOGLE)
3	13.35.151.118 13.35.151.118	16509 (AMAZON-02) (AMAZON-02)
2 4	34.111.113.62 34.111.113.62	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 2	54.251.155.38 54.251.155.38	16509 (AMAZON-02) (AMAZON-02)
1 2	119.9.108.180 119.9.108.180	45187 (RACKSPACE...) (RACKSPACE-AP Rackspace IT Hosting AS IT Hosting Provider Hong Kong)
4	207.65.33.82 207.65.33.82	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 1	35.236.220.17 35.236.220.17	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
5 7	67.199.150.86 67.199.150.86	3257 (GTT-BACKB...) (GTT-BACKBONE GTT)
8	54.218.45.54 54.218.45.54	16509 (AMAZON-02) (AMAZON-02)
1	64.233.185.94 64.233.185.94	15169 (GOOGLE) (GOOGLE)
1 1	69.173.151.100 69.173.151.100	26667 (RUBICONPR...) (RUBICONPROJECT)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	52.94.223.167 52.94.223.167	16509 (AMAZON-02) (AMAZON-02)
2 2	54.249.46.39 54.249.46.39	16509 (AMAZON-02) (AMAZON-02)
1 1	52.86.247.227 52.86.247.227	14618 (AMAZON-AES) (AMAZON-AES)
1 1	13.227.254.2 13.227.254.2	16509 (AMAZON-02) (AMAZON-02)
1 2	13.35.147.46 13.35.147.46	16509 (AMAZON-02) (AMAZON-02)
1	131.153.206.100 131.153.206.100	59210 (PHOENIXNA...) (PHOENIXNAP-AS-SG1 PhoenixNAP)
1 1	182.161.73.146 182.161.73.146	55569 (CRITEO-AS...) (CRITEO-AS-AP Criteo APAC)
1	23.202.170.128 23.202.170.128	16625 (AKAMAI-AS) (AKAMAI-AS)
2 2	18.136.5.195 18.136.5.195	16509 (AMAZON-02) (AMAZON-02)
4 4	89.207.22.137 89.207.22.137	399104 (CNVR-APAC) (CNVR-APAC)
4 6	67.199.150.82 67.199.150.82	3257 (GTT-BACKB...) (GTT-BACKBONE GTT)
3	67.199.150.85 67.199.150.85	3257 (GTT-BACKB...) (GTT-BACKBONE GTT)
3 4	185.84.60.23 185.84.60.23	() ()
1 1	192.96.203.13 192.96.203.13	30633 (LEASEWEB-...) (LEASEWEB-USA-WDC)
1 1	103.229.10.211 103.229.10.211	16509 (AMAZON-02) (AMAZON-02)
1 1	18.138.18.111 18.138.18.111	16509 (AMAZON-02) (AMAZON-02)
1 1	54.147.41.158 54.147.41.158	14618 (AMAZON-AES) (AMAZON-AES)
2 2	107.178.254.65 107.178.254.65	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 1	34.98.67.3 34.98.67.3	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
250	64

1 151.101.193.164 (United States) 1 redirects

ASN54113 (FASTLY, US)

movies.nytimes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

58 151.101.129.164 (United States)

ASN54113 (FASTLY, US)

www.nytimes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
g1.nyt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
static01.nyt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
samizdat-graphql.nytimes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mwcm.nytimes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
a1.nyt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.67.97.42 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-67-97-42.syd62.r.cloudfront.net

www.datadoghq-browser-agent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.66.232 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: syd15s15-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 50.112.118.45 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-50-112-118-45.us-west-2.compute.amazonaws.com

a.et.nytimes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
als-svc.nytimes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
purr.nytimes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 18.67.93.81 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-67-93-81.syd62.r.cloudfront.net

rumcdn.geoedge.be	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.35.151.131 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-35-151-131.syd1.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.35.147.106 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-35-147-106.syd1.r.cloudfront.net

config.aps.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 142.250.204.2 (United States)

ASN15169 (GOOGLE, US)
PTR: syd09s25-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.213.94.216 (Singapore, Singapore)

ASN16509 (AMAZON-02, US)
PTR: ec2-13-213-94-216.ap-southeast-1.compute.amazonaws.com

tlx.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 69.173.158.65 (Ashburn, United States)

ASN26667 (RUBICONPROJECT, US)

fastlane.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 67.199.150.87 (Singapore, Singapore)

ASN62713 (AS-PUBMATIC, US)

hbopenbid.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.253.211 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 211.253.186.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 103.43.89.4 (Singapore, Singapore) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 839.bm-nginx-loadbalancer.mgmt.sin3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.120.63.153 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 153.63.120.34.bc.googleusercontent.com

prebid.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 104.18.36.155 (None, ) 3 redirects

ASN13335 (CLOUDFLARENET, US)

htlb.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dsum.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.35.147.38 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-35-147-38.syd1.r.cloudfront.net

dd.nytimes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.67.111.28 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-18-67-111-28.syd62.r.cloudfront.net

sb.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 44.226.14.255 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-44-226-14-255.us-west-2.compute.amazonaws.com

a.nytimes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.67.114.43 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-67-114-43.syd62.r.cloudfront.net

aax.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 142.250.204.1 (United States)

ASN15169 (GOOGLE, US)
PTR: syd09s25-in-f1.1e100.net

68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.251.12.84 (United States)

ASN15169 (GOOGLE, US)
PTR: se-in-f84.1e100.net

accounts.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 52.46.155.104 (Ashburn, United States) 2 redirects

ASN16509 (AMAZON-02, US)

s.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.251.221.70 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: syd09s31-in-f6.1e100.net

5290727.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.67.107.130 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-67-107-130.syd62.r.cloudfront.net

static.chartbeat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.26.13.18 (None, )

ASN13335 (CLOUDFLARENET, US)

cdn.brandmetrics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 15.197.193.217 (Seattle, United States) 9 redirects

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

insight.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 69.173.158.64 (Singapore, Singapore) 13 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
token.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 142.251.221.66 (United States) 14 redirects

ASN15169 (GOOGLE, US)
PTR: syd09s31-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com.au	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 18.143.106.89 (Singapore, Singapore) 10 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-143-106-89.ap-southeast-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.206.242.194 (Sydney, Australia)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-206-242-194.deploy.static.akamaitechnologies.com

hb.yahoo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 20.50.2.28 (Amsterdam, Netherlands)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

collector.brandmetrics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.226.96.146 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-226-96-146.compute-1.amazonaws.com

pnytimes.chartbeat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.79.148.68 (Sydney, Australia) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-79-148-68.ap-southeast-2.compute.amazonaws.com

fw.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.204.6 (United States)

ASN15169 (GOOGLE, US)
PTR: syd09s25-in-f6.1e100.net

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 142.250.66.226 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: syd15s15-in-f2.1e100.net

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.66.194 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: syd09s23-in-f2.1e100.net

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.244.214.85 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-244-214-85.sfo53.r.cloudfront.net

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 172.64.151.101 (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dsum.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 23.52.225.82 (Sydney, Australia) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-52-225-82.deploy.static.akamaitechnologies.com

cs.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.198.59.89 (Sydney, Australia)

ASN16625 (AKAMAI-AS, US)
PTR: a23-198-59-89.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.202.170.74 (Sydney, Australia)

ASN16625 (AKAMAI-AS, US)
PTR: a23-202-170-74.deploy.static.akamaitechnologies.com

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 35.244.159.8 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 8.159.244.35.bc.googleusercontent.com

u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
jp-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
nytimes-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.71.178.8 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ade9ecc7904667038.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 67.199.150.81 (Singapore, Singapore)

ASN3257 (GTT-BACKBONE GTT, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 104.17.202.110 (None, )

ASN13335 (CLOUDFLARENET, US)

c.bannerflow.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 35.213.12.39 (Tokyo, Japan) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 39.12.213.35.bc.googleusercontent.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 124.146.153.163 (Kakegawa, Japan) 1 redirects

ASN2514 (INFOSPHERE NTT PC Communications, Inc., JP)

tg.socdm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.224.181.100 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: server-13-224-181-100.syd1.r.cloudfront.net

cr-p3.ladsp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.169.223.36 (Ashburn, United States) 3 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-169-223-36.compute-1.amazonaws.com

i.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 50.116.239.135 (United States) 3 redirects

ASN6336 (TURN-US-ASN, US)

d.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.238.192.123 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: server-18-238-192-123.sfo53.r.cloudfront.net

live.rezync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 198.8.71.130 (United States) 1 redirects

ASN54312 (ROCKETFUEL, US)

p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 35.244.154.8 (Kansas City, United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: 8.154.244.35.bc.googleusercontent.com

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.234.28.111 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-234-28-111.compute-1.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 54.255.162.48 (Singapore, Singapore) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-255-162-48.ap-southeast-1.compute.amazonaws.com

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.160.19.107 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 107.19.160.34.bc.googleusercontent.com

dmp.brand-display.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.35.151.118 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-35-151-118.syd1.r.cloudfront.net

gw.geoedge.be	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 34.111.113.62 (Kansas City, United States) 2 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 62.113.111.34.bc.googleusercontent.com

pixel.tapad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.251.155.38 (Singapore, Singapore) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-251-155-38.ap-southeast-1.compute.amazonaws.com

sync.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 119.9.108.180 (Hong Kong) 1 redirects

ASN45187 (RACKSPACE-AP Rackspace IT Hosting AS IT Hosting Provider Hong Kong, HK)

uipglob.semasio.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 207.65.33.82 (Saint Joseph, United States)

ASN62713 (AS-PUBMATIC, US)

image2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.236.220.17 (Washington, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 17.220.236.35.bc.googleusercontent.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 67.199.150.86 (Singapore, Singapore) 5 redirects

ASN3257 (GTT-BACKBONE GTT, US)

simage2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 54.218.45.54 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-218-45-54.us-west-2.compute.amazonaws.com

dt.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 64.233.185.94 (United States)

ASN15169 (GOOGLE, US)
PTR: yb-in-f94.1e100.net

csi.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.151.100 (United States) 1 redirects

ASN26667 (RUBICONPROJECT, US)

pixel-us-east.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.94.223.167 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)

aax-eu.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.249.46.39 (Tokyo, Japan) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-249-46-39.ap-northeast-1.compute.amazonaws.com

match.prod.bidr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.86.247.227 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-86-247-227.compute-1.amazonaws.com

sync.ipredictive.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.227.254.2 (Patterson, United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-13-227-254-2.sin52.r.cloudfront.net

live.primis.tech	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.35.147.46 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-13-35-147-46.syd1.r.cloudfront.net

sync.intentiq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync1.intentiq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 131.153.206.100 (United States)

ASN59210 (PHOENIXNAP-AS-SG1 PhoenixNAP, SG)

prebid.a-mo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 182.161.73.146 (Singapore) 1 redirects

ASN55569 (CRITEO-AS-AP Criteo APAC, JP)

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.202.170.128 (Sydney, Australia)

ASN16625 (AKAMAI-AS, US)
PTR: a23-202-170-128.deploy.static.akamaitechnologies.com

contextual.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.136.5.195 (Singapore, Singapore) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-136-5-195.ap-southeast-1.compute.amazonaws.com

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 89.207.22.137 (Singapore, Singapore) 4 redirects

ASN399104 (CNVR-APAC, US)
PTR: sin03-nessy-float1.dotomi.com

medianet-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pubmatic-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 67.199.150.82 (Singapore, Singapore) 4 redirects

ASN3257 (GTT-BACKBONE GTT, US)

image8.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 67.199.150.85 (Singapore, Singapore)

ASN3257 (GTT-BACKBONE GTT, US)

image4.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
simage4.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.84.60.23 (None, ) 3 redirects

ASN- ()

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.96.203.13 (Manassas, United States) 1 redirects

ASN30633 (LEASEWEB-USA-WDC, US)

sync.aralego.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 103.229.10.211 (Singapore) 1 redirects

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.138.18.111 (Singapore, Singapore) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-138-18-111.ap-southeast-1.compute.amazonaws.com

cm.ambientdsp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.147.41.158 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-147-41-158.compute-1.amazonaws.com

sync.srv.stackadapt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 107.178.254.65 (Kansas City, United States) 2 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 65.254.178.107.bc.googleusercontent.com

pippio.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.67.3 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 3.67.98.34.bc.googleusercontent.com

tags.rd.linksynergy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
40	nyt.com g1.nyt.com — Cisco Umbrella Rank: 9094 static01.nyt.com — Cisco Umbrella Rank: 7033 a1.nyt.com — Cisco Umbrella Rank: 7505	735 KB
30	doubleclick.net 15 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 196 5290727.fls.doubleclick.net — Cisco Umbrella Rank: 8695 cm.g.doubleclick.net — Cisco Umbrella Rank: 219 googleads.g.doubleclick.net — Cisco Umbrella Rank: 33 ad.doubleclick.net — Cisco Umbrella Rank: 139	259 KB
28	nytimes.com 1 redirects movies.nytimes.com www.nytimes.com — Cisco Umbrella Rank: 3174 samizdat-graphql.nytimes.com — Cisco Umbrella Rank: 6345 a.et.nytimes.com — Cisco Umbrella Rank: 5692 als-svc.nytimes.com — Cisco Umbrella Rank: 7335 dd.nytimes.com — Cisco Umbrella Rank: 8656 purr.nytimes.com — Cisco Umbrella Rank: 7184 a.nytimes.com — Cisco Umbrella Rank: 6439 mwcm.nytimes.com — Cisco Umbrella Rank: 12697	1 MB
25	pubmatic.com 9 redirects hbopenbid.pubmatic.com — Cisco Umbrella Rank: 504 ads.pubmatic.com — Cisco Umbrella Rank: 544 image6.pubmatic.com — Cisco Umbrella Rank: 793 image2.pubmatic.com — Cisco Umbrella Rank: 859 simage2.pubmatic.com — Cisco Umbrella Rank: 723 image8.pubmatic.com — Cisco Umbrella Rank: 661 image4.pubmatic.com — Cisco Umbrella Rank: 1224 simage4.pubmatic.com — Cisco Umbrella Rank: 1304	36 KB
25	rubiconproject.com 14 redirects fastlane.rubiconproject.com — Cisco Umbrella Rank: 537 pixel.rubiconproject.com — Cisco Umbrella Rank: 339 eus.rubiconproject.com — Cisco Umbrella Rank: 588 token.rubiconproject.com — Cisco Umbrella Rank: 461 pixel-us-east.rubiconproject.com — Cisco Umbrella Rank: 1237	35 KB
24	amazon-adsystem.com 2 redirects c.amazon-adsystem.com — Cisco Umbrella Rank: 306 config.aps.amazon-adsystem.com — Cisco Umbrella Rank: 614 aax.amazon-adsystem.com — Cisco Umbrella Rank: 410 s.amazon-adsystem.com — Cisco Umbrella Rank: 285 aax-eu.amazon-adsystem.com — Cisco Umbrella Rank: 807	84 KB
19	googlesyndication.com 68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 102 tpc.googlesyndication.com — Cisco Umbrella Rank: 148	107 KB
14	casalemedia.com 5 redirects htlb.casalemedia.com — Cisco Umbrella Rank: 484 dsum-sec.casalemedia.com — Cisco Umbrella Rank: 578 ssum-sec.casalemedia.com — Cisco Umbrella Rank: 480 dsum.casalemedia.com — Cisco Umbrella Rank: 1364	10 KB
13	bannerflow.net c.bannerflow.net — Cisco Umbrella Rank: 8227	161 KB
13	adsafeprotected.com 1 redirects fw.adsafeprotected.com — Cisco Umbrella Rank: 900 static.adsafeprotected.com — Cisco Umbrella Rank: 602 dt.adsafeprotected.com — Cisco Umbrella Rank: 567	173 KB
13	yahoo.com 11 redirects ups.analytics.yahoo.com — Cisco Umbrella Rank: 307 pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 474	5 KB
9	adsrvr.org 9 redirects insight.adsrvr.org — Cisco Umbrella Rank: 557 match.adsrvr.org — Cisco Umbrella Rank: 331	5 KB
7	openx.net 1 redirects rtb.openx.net — Cisco Umbrella Rank: 695 u.openx.net — Cisco Umbrella Rank: 672 jp-u.openx.net — Cisco Umbrella Rank: 15595 us-u.openx.net — Cisco Umbrella Rank: 491 nytimes-d.openx.net — Cisco Umbrella Rank: 14205	2 KB
7	geoedge.be rumcdn.geoedge.be — Cisco Umbrella Rank: 3375 gw.geoedge.be — Cisco Umbrella Rank: 4631	270 KB
6	media.net 1 redirects prebid.media.net — Cisco Umbrella Rank: 1498 cs.media.net — Cisco Umbrella Rank: 1381 contextual.media.net — Cisco Umbrella Rank: 665	4 KB
6	adnxs.com 3 redirects ib.adnxs.com — Cisco Umbrella Rank: 229	11 KB
5	rlcdn.com 3 redirects idsync.rlcdn.com — Cisco Umbrella Rank: 408	970 B
5	bidswitch.net 2 redirects x.bidswitch.net — Cisco Umbrella Rank: 336	2 KB
4	adform.net 3 redirects c1.adform.net	3 KB
4	dotomi.com 4 redirects medianet-match.dotomi.com — Cisco Umbrella Rank: 11792 pubmatic-match.dotomi.com	1 KB
4	tapad.com 2 redirects pixel.tapad.com — Cisco Umbrella Rank: 465	1 KB
4	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 300	200 KB
4	google.com accounts.google.com — Cisco Umbrella Rank: 23 adservice.google.com — Cisco Umbrella Rank: 93	81 KB
4	3lift.com 2 redirects tlx.3lift.com — Cisco Umbrella Rank: 592 eb2.3lift.com — Cisco Umbrella Rank: 372	17 KB
3	turn.com 3 redirects d.turn.com — Cisco Umbrella Rank: 1349 ad.turn.com — Cisco Umbrella Rank: 773	1 KB
3	liadm.com 3 redirects i.liadm.com — Cisco Umbrella Rank: 517	2 KB
3	brandmetrics.com cdn.brandmetrics.com — Cisco Umbrella Rank: 2872 collector.brandmetrics.com — Cisco Umbrella Rank: 3177	20 KB
2	pippio.com 2 redirects pippio.com — Cisco Umbrella Rank: 777	878 B
2	w55c.net 2 redirects pm.w55c.net — Cisco Umbrella Rank: 818	1 KB
2	intentiq.com 1 redirects sync.intentiq.com — Cisco Umbrella Rank: 846 sync1.intentiq.com — Cisco Umbrella Rank: 2869	2 KB
2	bidr.io 2 redirects match.prod.bidr.io — Cisco Umbrella Rank: 563	1 KB
2	semasio.net 1 redirects uipglob.semasio.net — Cisco Umbrella Rank: 1234	1 KB
2	crwdcntrl.net 1 redirects sync.crwdcntrl.net — Cisco Umbrella Rank: 799	854 B
2	demdex.net 1 redirects dpm.demdex.net — Cisco Umbrella Rank: 208	1 KB
2	rezync.com 2 redirects live.rezync.com — Cisco Umbrella Rank: 1785	1 KB
2	ladsp.com 2 redirects cr-p3.ladsp.com — Cisco Umbrella Rank: 25818	1 KB
2	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 206	129 KB
2	yahoo.net hb.yahoo.net — Cisco Umbrella Rank: 866	1 KB
2	scorecardresearch.com 1 redirects sb.scorecardresearch.com — Cisco Umbrella Rank: 172	666 B
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 36	183 KB
1	linksynergy.com 1 redirects tags.rd.linksynergy.com — Cisco Umbrella Rank: 4434	404 B
1	stackadapt.com 1 redirects sync.srv.stackadapt.com — Cisco Umbrella Rank: 702	1 KB
1	ambientdsp.com 1 redirects cm.ambientdsp.com — Cisco Umbrella Rank: 28132	652 B
1	quantserve.com 1 redirects cms.quantserve.com — Cisco Umbrella Rank: 749	594 B
1	aralego.com 1 redirects sync.aralego.com — Cisco Umbrella Rank: 2837	473 B
1	criteo.com 1 redirects dis.criteo.com — Cisco Umbrella Rank: 550	585 B
1	a-mo.net prebid.a-mo.net — Cisco Umbrella Rank: 751	451 B
1	primis.tech 1 redirects live.primis.tech — Cisco Umbrella Rank: 1398	554 B
1	ipredictive.com 1 redirects sync.ipredictive.com — Cisco Umbrella Rank: 836	493 B
1	linkedin.com px.ads.linkedin.com — Cisco Umbrella Rank: 327	729 B
1	gstatic.com csi.gstatic.com	225 B
1	simpli.fi 1 redirects um.simpli.fi — Cisco Umbrella Rank: 780	656 B
1	brand-display.com 1 redirects dmp.brand-display.com — Cisco Umbrella Rank: 1510	349 B
1	rfihub.com 1 redirects p.rfihub.com — Cisco Umbrella Rank: 825	1 KB
1	socdm.com 1 redirects tg.socdm.com — Cisco Umbrella Rank: 1450	857 B
1	google.com.au adservice.google.com.au — Cisco Umbrella Rank: 156058	303 B
1	chartbeat.net pnytimes.chartbeat.net — Cisco Umbrella Rank: 7123	201 B
1	chartbeat.com static.chartbeat.com — Cisco Umbrella Rank: 1767	24 KB
1	datadoghq-browser-agent.com www.datadoghq-browser-agent.com — Cisco Umbrella Rank: 1445	48 KB
0	everesttech.net Failed sync-tm.everesttech.net Failed
0	mathtag.com Failed sync.mathtag.com Failed
250	61

	Domain	Requested by
29	static01.nyt.com	www.nytimes.com
18	cm.g.doubleclick.net	14 redirects googleads.g.doubleclick.net u.openx.net s.amazon-adsystem.com
16	s.amazon-adsystem.com	2 redirects rumcdn.geoedge.be s.amazon-adsystem.com u.openx.net ssum-sec.casalemedia.com ads.pubmatic.com
13	c.bannerflow.net	rumcdn.geoedge.be 68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com c.bannerflow.net
12	pixel.rubiconproject.com	7 redirects s.amazon-adsystem.com
11	www.nytimes.com	www.nytimes.com rumcdn.geoedge.be
10	ups.analytics.yahoo.com	10 redirects
9	g1.nyt.com	www.nytimes.com g1.nyt.com
8	dt.adsafeprotected.com	68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com
8	dsum-sec.casalemedia.com	3 redirects googleads.g.doubleclick.net ssum-sec.casalemedia.com www.nytimes.com
8	tpc.googlesyndication.com	rumcdn.geoedge.be
8	pagead2.googlesyndication.com	rumcdn.geoedge.be 68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com tpc.googlesyndication.com securepubads.g.doubleclick.net
8	match.adsrvr.org	8 redirects
7	simage2.pubmatic.com	5 redirects ads.pubmatic.com
7	token.rubiconproject.com	6 redirects eus.rubiconproject.com
7	securepubads.g.doubleclick.net	www.nytimes.com rumcdn.geoedge.be www.datadoghq-browser-agent.com
6	image8.pubmatic.com	4 redirects ads.pubmatic.com
6	ib.adnxs.com	3 redirects www.datadoghq-browser-agent.com googleads.g.doubleclick.net s.amazon-adsystem.com
6	samizdat-graphql.nytimes.com	www.datadoghq-browser-agent.com
5	idsync.rlcdn.com	3 redirects ssum-sec.casalemedia.com ads.pubmatic.com
5	x.bidswitch.net	2 redirects u.openx.net www.nytimes.com ads.pubmatic.com
4	c1.adform.net	3 redirects ads.pubmatic.com
4	image2.pubmatic.com	ads.pubmatic.com
4	pixel.tapad.com	2 redirects ads.pubmatic.com s.amazon-adsystem.com
4	cs.media.net	1 redirects www.nytimes.com
4	s0.2mdn.net	rumcdn.geoedge.be s0.2mdn.net 68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com
4	rumcdn.geoedge.be	www.nytimes.com rumcdn.geoedge.be
4	a.et.nytimes.com	www.nytimes.com
3	gw.geoedge.be	rumcdn.geoedge.be
3	pr-bh.ybp.yahoo.com	1 redirects ssum-sec.casalemedia.com ads.pubmatic.com
3	i.liadm.com	3 redirects
3	eb2.3lift.com	2 redirects www.nytimes.com
3	ssum-sec.casalemedia.com	1 redirects s.amazon-adsystem.com ssum-sec.casalemedia.com
3	static.adsafeprotected.com	rumcdn.geoedge.be 68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com
3	accounts.google.com	rumcdn.geoedge.be www.datadoghq-browser-agent.com
3	68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com	securepubads.g.doubleclick.net rumcdn.geoedge.be
3	aax.amazon-adsystem.com	www.datadoghq-browser-agent.com
3	fastlane.rubiconproject.com	www.datadoghq-browser-agent.com
3	c.amazon-adsystem.com	www.nytimes.com www.datadoghq-browser-agent.com
2	pippio.com	2 redirects
2	pubmatic-match.dotomi.com	2 redirects
2	simage4.pubmatic.com	ads.pubmatic.com
2	medianet-match.dotomi.com	2 redirects
2	pm.w55c.net	2 redirects
2	ad.turn.com	2 redirects
2	match.prod.bidr.io	2 redirects
2	uipglob.semasio.net	1 redirects ads.pubmatic.com
2	sync.crwdcntrl.net	1 redirects ads.pubmatic.com
2	ad.doubleclick.net	rumcdn.geoedge.be
2	dsum.casalemedia.com	1 redirects ssum-sec.casalemedia.com
2	dpm.demdex.net	1 redirects ssum-sec.casalemedia.com
2	live.rezync.com	2 redirects
2	cr-p3.ladsp.com	2 redirects
2	jp-u.openx.net	u.openx.net
2	image6.pubmatic.com	ads.pubmatic.com
2	u.openx.net	1 redirects s.amazon-adsystem.com
2	eus.rubiconproject.com	s.amazon-adsystem.com eus.rubiconproject.com
2	ads.pubmatic.com	s.amazon-adsystem.com ads.pubmatic.com
2	www.googletagservices.com	rumcdn.geoedge.be
2	fw.adsafeprotected.com	1 redirects rumcdn.geoedge.be
2	hb.yahoo.net	www.nytimes.com s.amazon-adsystem.com
2	cdn.brandmetrics.com	www.googletagmanager.com rumcdn.geoedge.be
2	a1.nyt.com	www.nytimes.com www.googletagmanager.com
2	5290727.fls.doubleclick.net	1 redirects www.googletagmanager.com
2	sb.scorecardresearch.com	1 redirects www.nytimes.com
2	dd.nytimes.com	www.nytimes.com www.datadoghq-browser-agent.com
2	www.googletagmanager.com	www.nytimes.com www.googletagmanager.com
1	tags.rd.linksynergy.com	1 redirects
1	sync.srv.stackadapt.com	1 redirects
1	cm.ambientdsp.com	1 redirects
1	cms.quantserve.com	1 redirects
1	sync.aralego.com	1 redirects
1	nytimes-d.openx.net	www.nytimes.com
1	image4.pubmatic.com	www.nytimes.com
1	contextual.media.net	www.nytimes.com
1	dis.criteo.com	1 redirects
1	prebid.a-mo.net	s.amazon-adsystem.com
1	sync1.intentiq.com	s.amazon-adsystem.com
1	sync.intentiq.com	1 redirects
1	live.primis.tech	1 redirects
1	sync.ipredictive.com	1 redirects
1	aax-eu.amazon-adsystem.com	s.amazon-adsystem.com
1	px.ads.linkedin.com	s.amazon-adsystem.com
1	pixel-us-east.rubiconproject.com	1 redirects
1	csi.gstatic.com	securepubads.g.doubleclick.net
1	um.simpli.fi	1 redirects
1	dmp.brand-display.com	1 redirects
1	p.rfihub.com	1 redirects
1	d.turn.com	1 redirects
1	us-u.openx.net	u.openx.net
1	tg.socdm.com	1 redirects
1	adservice.google.com.au	adservice.google.com
1	googleads.g.doubleclick.net	rumcdn.geoedge.be
1	adservice.google.com	5290727.fls.doubleclick.net
1	pnytimes.chartbeat.net	www.nytimes.com
1	collector.brandmetrics.com	cdn.brandmetrics.com
1	insight.adsrvr.org	1 redirects
1	static.chartbeat.com	www.nytimes.com
1	mwcm.nytimes.com	www.datadoghq-browser-agent.com
1	a.nytimes.com	www.datadoghq-browser-agent.com
1	purr.nytimes.com	www.datadoghq-browser-agent.com
1	htlb.casalemedia.com	www.datadoghq-browser-agent.com
1	prebid.media.net	www.datadoghq-browser-agent.com
1	rtb.openx.net	www.datadoghq-browser-agent.com
1	hbopenbid.pubmatic.com	www.datadoghq-browser-agent.com
1	tlx.3lift.com	www.datadoghq-browser-agent.com
1	config.aps.amazon-adsystem.com	c.amazon-adsystem.com
1	als-svc.nytimes.com	www.datadoghq-browser-agent.com
1	www.datadoghq-browser-agent.com	www.nytimes.com
1	movies.nytimes.com	1 redirects
0	sync-tm.everesttech.net Failed	ads.pubmatic.com
0	sync.mathtag.com Failed	ads.pubmatic.com
250	112

This site contains links to these domains. Also see Links.

Domain
myaccount.nytimes.com
twitter.com
help.nytimes.com
www.nytco.com
nytmediakit.com
www.tbrandstudio.com

Subject Issuer	Validity	Valid
nytimes.com Thawte RSA CA 2018	`2023-03-22` - `2024-04-21`	a year	crt.sh
*.datadoghq-browser-agent.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-12-12` - `2024-12-14`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
a.et.nytimes.com R3	`2023-11-12` - `2024-02-10`	3 months	crt.sh
als-svc.nytimes.com R3	`2023-12-02` - `2024-03-01`	3 months	crt.sh
gw.geoedge.be Amazon RSA 2048 M01	`2023-08-12` - `2024-09-09`	a year	crt.sh
c.amazon-adsystem.com Amazon RSA 2048 M01	`2023-02-28` - `2024-02-17`	a year	crt.sh
config.aps.amazon-adsystem.com Amazon RSA 2048 M02	`2023-02-20` - `2024-03-20`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.3lift.com Amazon RSA 2048 M02	`2023-04-13` - `2024-05-11`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2023-03-05` - `2024-04-03`	a year	crt.sh
*.pubmatic.com DigiCert Baltimore TLS RSA SHA256 2020 CA1	`2023-04-20` - `2024-05-20`	a year	crt.sh
*.openx.net RapidSSL TLS RSA CA G1	`2023-08-18` - `2024-08-18`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2023-02-13` - `2024-03-15`	a year	crt.sh
prebid.media.net GTS CA 1D4	`2023-10-28` - `2024-01-26`	3 months	crt.sh
casalemedia.com Cloudflare Inc ECC CA-3	`2023-05-21` - `2024-05-20`	a year	crt.sh
dd.nytimes.com Sectigo RSA Domain Validation Secure Server CA	`2023-03-08` - `2024-04-06`	a year	crt.sh
purr.nytimes.com R3	`2023-11-04` - `2024-02-02`	3 months	crt.sh
a.nytimes.com R3	`2023-10-14` - `2024-01-12`	3 months	crt.sh
aax-dtb-mobile-cf.amazon-adsystem.com Amazon RSA 2048 M01	`2023-03-16` - `2024-03-08`	a year	crt.sh
accounts.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
s.amazon-adsystem.com Amazon RSA 2048 M01	`2023-03-03` - `2024-02-19`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.chartbeat.com Thawte TLS RSA CA G1	`2023-05-16` - `2024-06-06`	a year	crt.sh
brandmetrics.com GTS CA 1P5	`2023-11-04` - `2024-02-02`	3 months	crt.sh
*.brandmetrics.com Go Daddy Secure Certificate Authority - G2	`2023-05-10` - `2024-06-10`	a year	crt.sh
*.chartbeat.net Thawte TLS RSA CA G1	`2023-11-20` - `2024-12-20`	a year	crt.sh
*.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
fw.adsafeprotected.com Amazon RSA 2048 M02	`2023-03-29` - `2024-04-27`	a year	crt.sh
static.adsafeprotected.com Amazon RSA 2048 M02	`2023-07-07` - `2024-08-04`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-11` - `2024-05-10`	a year	crt.sh
*.ybp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2023-08-29` - `2024-02-21`	6 months	crt.sh
dt.adsafeprotected.com Amazon RSA 2048 M01	`2023-05-09` - `2024-06-06`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
aax-eu.amazon-adsystem.com Amazon RSA 2048 M01	`2023-06-21` - `2024-03-02`	8 months	crt.sh
*.media.net DigiCert TLS RSA SHA256 2020 CA1	`2023-02-10` - `2024-02-18`	a year	crt.sh
*.bidswitch.net Sectigo RSA Domain Validation Secure Server CA	`2023-03-23` - `2024-03-23`	a year	crt.sh
track.adform.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-06` - `2024-09-19`	a year	crt.sh

This page contains 33 frames:

Primary Page: https://www.nytimes.com/section/movies
Frame ID: 88FC8B9B2831AF121955769CD92CA20C
Requests: 108 HTTP requests in this frame

Frame: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi.js
Frame ID: 53E50C81823BAF93B588AD13106A3591
Requests: 1 HTTP requests in this frame

Frame: https://68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: AFD4D0E24CD103C113997F60437EE882
Requests: 1 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-index_pm-db5_rbd_n-vmg_n-MediaNet_ox-db5_an-db5_3lift&dcc=t
Frame ID: 0C4F2777AA0E5C472415B0AF521427A1
Requests: 1 HTTP requests in this frame

Frame: https://5290727.fls.doubleclick.net/activityi;dc_pre=COOto8yMioMDFV9HwgUd99gGjg;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=963752085070;auiddc=829376863.1702390978;u17=https%3A%2F%2Fwww.nytimes.com%2Fsection%2Fmovies;u5=;u18=anon;gtm=45He3bt0v72703797;gcd=11l1l1l1l1;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.nytimes.com%2Fsection%2Fmovies
Frame ID: F67FF51E238FAEEC9899CCBB81227A30
Requests: 1 HTTP requests in this frame

Frame: https://adservice.google.com/ddm/fls/i/dc_pre=COOto8yMioMDFV9HwgUd99gGjg;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=963752085070;auiddc=829376863.1702390978;u17=https%3A%2F%2Fwww.nytimes.com%2Fsection%2Fmovies;u5=;u18=anon;gtm=45He3bt0v72703797;gcd=11l1l1l1l1;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.nytimes.com%2Fsection%2Fmovies
Frame ID: 3AD5EB22CB51BE9EA1EA324994AFC5EA
Requests: 1 HTTP requests in this frame

Frame: https://68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: BB0998F373D2BB06FA0658D751239585
Requests: 28 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/v3/pr?exlist=n-index_pm-db5_rbd_n-vmg_n-MediaNet_ox-db5_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3
Frame ID: 066A1C291FA7484B951E3D1486FC3AC6
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIMDELCB_MIEGP689PkBMAE&v=APEucNXj5bldZgWcX5eQjh7GLE4KG3x6XdFFsEkjp0u6ErJT9Tc1Cf4i741sAOqQnXQJFM0xNnB8heolBdqbgL-Llik-oNv_NQ
Frame ID: 0F81C924C6C3BBB22950BC1A4AE5EFEA
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 04CB1AB30B2E780324E5083D41B48907
Requests: 3 HTTP requests in this frame

Frame: https://adservice.google.com.au/ddm/fls/i/dc_pre=COOto8yMioMDFV9HwgUd99gGjg;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=963752085070;auiddc=829376863.1702390978;u17=https%3A%2F%2Fwww.nytimes.com%2Fsection%2Fmovies;u5=;u18=anon;gtm=45He3bt0v72703797;gcd=11l1l1l1l1;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.nytimes.com%2Fsection%2Fmovies
Frame ID: 81E218E9DDFEC250118E25C22C9622A7
Requests: 1 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
Frame ID: FA5AEE82461F7EF74CEE9134ED12D20F
Requests: 10 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3DPM_UID
Frame ID: 03B03F2068A4A0A75804CDE1D9BF7DC2
Requests: 15 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east
Frame ID: 7A119ECB8EA912D4FE7DAA72CF4EA3BC
Requests: 20 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/ecm3?ex=vmg.com&id=eS0yemlBOWpORTJ1SjMybVNTbTNwSHR6dTBRWHd2RWNNQX5B
Frame ID: 5FCA441CA7164417D820E81653B45A49
Requests: 1 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/cm?cc=1&id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D
Frame ID: 5459308787F43AC38E9E28082C89E972
Requests: 7 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/ecm3?id=6094297737834264253&ex=appnexus.com
Frame ID: 3F33C33DA25934B8A6EF6AD3FBD3863B
Requests: 1 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/ecm3?ex=3lift.com&id=4563082581659851557982
Frame ID: 26C675B2F5997C8C83151EBC35F22519
Requests: 1 HTTP requests in this frame

Frame: https://68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 1E66AB6B158C86D969394DC506C39E01
Requests: 20 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/10992030431410607268/index.html?ev=01_250
Frame ID: 82216E2C7C8C5E078472F276B400BD12
Requests: 3 HTTP requests in this frame

Frame: https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA%3D%3D%26piggybackCookie%3Duid%3A%5BMM_UUID%5D
Frame ID: B27EF8D2C024D5F0CB1525B745BD8169
Requests: 1 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/ecm3?ex=pubmatic.com&id=PM_UIDB53FFD96-3FCD-48AE-AECE-02D31DCFA16D
Frame ID: 96C82B4AD65ABB635E52636E9E4E77F8
Requests: 1 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: 684595D8ED28A622277BA4E158D8D3EA
Requests: 1 HTTP requests in this frame

Frame: blob://https://68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com/32e1d9d9-6025-4c5b-9192-8eaf2459ee1c
Frame ID: BFF416F4551ADAB68CD7FAC57C95BBCC
Requests: 1 HTTP requests in this frame

Frame: https://c.bannerflow.net/accounts/framery/63b6d97abd3a31bb5822c898/images/96fa84ab-1942-4385-b367-5e4511ce2f2c.svg
Frame ID: FFD07F47A293BB8891217F2429109141
Requests: 7 HTTP requests in this frame

Frame: https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=B53FFD96-3FCD-48AE-AECE-02D31DCFA16D&gdpr=0&gdpr_consent=
Frame ID: 650D83B55AAE97037CF254D0E732242B
Requests: 1 HTTP requests in this frame

Frame: https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=&us_privacy=${US_PRIVACY}
Frame ID: E15AD2E0FD4F13F5158C2D62AD45309C
Requests: 1 HTTP requests in this frame

Frame: https://x.bidswitch.net/sync?dsp_id=445&user_id=2943f129-9419-38d5-b5e8-d44baa122c9c&ssp=pubmatic&bsw_param=a8253729-d409-460a-b0e5-033e0dd16f1d
Frame ID: E67567BAC38F3BCA44C3034F8064FDDA
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=ccEYVXGXTFpqwRZdcJUCD3WRGQhqx0xVJpZFVCQ6
Frame ID: 3F64140C6331F1CBD3E43EF1FDA3C7AF
Requests: 1 HTTP requests in this frame

Frame: https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=${TM_USER_ID}&gdpr=1&gdpr_consent=&_test=ZXhsyAAGZN74JQBd
Frame ID: 6C2F03DA960833C78F3FEB5AE90D2C32
Requests: 1 HTTP requests in this frame

Frame: https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=&us_privacy=${US_PRIVACY}
Frame ID: 222C5C137E61579930B376DA1A1B23D3
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=0QJjteEPWOVyOHxktb2SCULLcKU&gdpr=0&gdpr_consent=
Frame ID: 87D90F5CC7A17BDA0F36AE3DA6D6E2B1
Requests: 1 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/ecm3?ex=pubmatic.com&id=PM_UIDB53FFD96-3FCD-48AE-AECE-02D31DCFA16D
Frame ID: CD331329E8EB5A6F2A9C0266036D620E
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Movies - The New York Times

Page URL History Show full URLs

http://movies.nytimes.com/person/1430347/Sarah-Jeanne-LaBrosse HTTP 301
https://www.nytimes.com/section/movies Page URL

Detected technologies

Google Sign-in (Social logins) Expand

Overall confidence: 100%
Detected patterns

accounts\.google\.com/gsi/client

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Datadome (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Prebid (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.com/[^"]*(?:prebid|/pb\.js)

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

Page Statistics

250
Requests

78 %
HTTPS

0 %
IPv6

61
Domains

112
Subdomains

64
IPs

8
Countries

4093 kB
Transfer

10823 kB
Size

135
Cookies

17 Outgoing links

These are links going to different origins than the main page.

URL: https://myaccount.nytimes.com/auth/login?response_type=cookie&client_id=vi&redirect_uri=https%3A%2F%2Fwww.nytimes.com%2Fsubscription%2Fonboarding-offer%3FcampaignId%3D7JFJX%26EXIT_URI%3Dhttps%253A%252F%252Fwww.nytimes.com%252Fsection%252Fmovies&asset=masthead
Title: Log in

Search URL Search Domain Scan URL

URL: https://twitter.com/aoscott
Title: @aoscotttwitter page for @aoscott

Search URL Search Domain Scan URL

URL: https://twitter.com/ManohlaDargis
Title: @ManohlaDargistwitter page for @ManohlaDargis

Search URL Search Domain Scan URL

URL: https://twitter.com/brooksbarnesNYT
Title: @brooksbarnesNYTtwitter page for @brooksbarnesNYT

Search URL Search Domain Scan URL

URL: https://twitter.com/watching
Title: @watchingtwitter page for @watching

Search URL Search Domain Scan URL

URL: https://twitter.com/nytimesarts
Title: @nytimesartstwitter page for @nytimesarts

Search URL Search Domain Scan URL

URL: https://twitter.com/kylebuchanan
Title: @kylebuchanantwitter page for @kylebuchanan

Search URL Search Domain Scan URL

URL: https://help.nytimes.com/hc/en-us/articles/115014792127-Copyright-notice
Title: © 2023 The New York Times Company

Search URL Search Domain Scan URL

URL: https://www.nytco.com/
Title: NYTCo

Search URL Search Domain Scan URL

URL: https://help.nytimes.com/hc/en-us/articles/115015385887-Contact-Us
Title: Contact Us

Search URL Search Domain Scan URL

URL: https://help.nytimes.com/hc/en-us/articles/115015727108-Accessibility
Title: Accessibility

Search URL Search Domain Scan URL

URL: https://www.nytco.com/careers/
Title: Work with us

Search URL Search Domain Scan URL

URL: https://nytmediakit.com/
Title: Advertise

Search URL Search Domain Scan URL

URL: https://www.tbrandstudio.com/
Title: T Brand Studio

Search URL Search Domain Scan URL

URL: https://help.nytimes.com/hc/en-us/articles/115014893428-Terms-of-service
Title: Terms of Service

Search URL Search Domain Scan URL

URL: https://help.nytimes.com/hc/en-us/articles/115014893968-Terms-of-sale
Title: Terms of Sale

Search URL Search Domain Scan URL

URL: https://help.nytimes.com/hc/en-us
Title: Help

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://movies.nytimes.com/person/1430347/Sarah-Jeanne-LaBrosse HTTP 301
https://www.nytimes.com/section/movies Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 63

https://sb.scorecardresearch.com/b?c1=2&c2=3005403&ns__t=1702390977113&ns_c=UTF-8&c8=Movies%20-%20The%20New%20York%20Times&c7=https%3A%2F%2Fwww.nytimes.com%2Fsection%2Fmovies&c9= HTTP 302
https://sb.scorecardresearch.com/b2?c1=2&c2=3005403&ns__t=1702390977113&ns_c=UTF-8&c8=Movies%20-%20The%20New%20York%20Times&c7=https%3A%2F%2Fwww.nytimes.com%2Fsection%2Fmovies&c9=

Request Chain 91

https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-index_pm-db5_rbd_n-vmg_n-MediaNet_ox-db5_an-db5_3lift HTTP 302
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-index_pm-db5_rbd_n-vmg_n-MediaNet_ox-db5_an-db5_3lift&dcc=t

Request Chain 92

https://5290727.fls.doubleclick.net/activityi;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=963752085070;auiddc=829376863.1702390978;u17=https%3A%2F%2Fwww.nytimes.com%2Fsection%2Fmovies;u5=;u18=anon;gtm=45He3bt0v72703797;gcd=11l1l1l1l1;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.nytimes.com%2Fsection%2Fmovies HTTP 302
https://5290727.fls.doubleclick.net/activityi;dc_pre=COOto8yMioMDFV9HwgUd99gGjg;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=963752085070;auiddc=829376863.1702390978;u17=https%3A%2F%2Fwww.nytimes.com%2Fsection%2Fmovies;u5=;u18=anon;gtm=45He3bt0v72703797;gcd=11l1l1l1l1;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.nytimes.com%2Fsection%2Fmovies

Request Chain 97

https://insight.adsrvr.org/track/pxl/?adv=bomn82o&ct=0:s2f54xh&fmt=3&ttl=43200&gtmcb=1249826272 HTTP 302
https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=97c7f663-a8ae-4388-a348-f00d2a750605&gdpr=0&gdpr_consent=&expires=30&next=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Frubicon HTTP 302
https://match.adsrvr.org/track/cmf/rubicon?gdpr=0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=TheTradeDesk&google_cm&google_sc&google_hm=OTdjN2Y2NjMtYThhZS00Mzg4LWEzNDgtZjAwZDJhNzUwNjA1&gdpr=0&gdpr_consent=&ttd_tdid=97c7f663-a8ae-4388-a348-f00d2a750605 HTTP 302
https://match.adsrvr.org/track/cmf/google?g_uuid=&gdpr=0&gdpr_consent=&ttd_tdid=97c7f663-a8ae-4388-a348-f00d2a750605&google_gid=CAESEPXnB7Rh5iVDi0a-s92wGto&google_cver=1 HTTP 302
https://ups.analytics.yahoo.com/ups/55953/sync?uid=97c7f663-a8ae-4388-a348-f00d2a750605&_origin=1&redir=true&gdpr=0&gdpr_consent=&redir=true HTTP 302
https://ups.analytics.yahoo.com/ups/55953/sync?uid=97c7f663-a8ae-4388-a348-f00d2a750605&_origin=1&redir=true&gdpr=0&gdpr_consent=&redir=true&verify=true HTTP 302
https://ups.analytics.yahoo.com/ups/58824/sync?_origin=0&dpid=55953&ovsid=97c7f663-a8ae-4388-a348-f00d2a750605&gdpr=0&redir=true HTTP 302
https://hb.yahoo.net/cksync?cs=63&axid_e=eS0xdzZObzZCRTJ1RTdmUklZaS5ESHFUWHh2Y2M3VWNTLn5B&gdpr=0&ovsid=97c7f663-a8ae-4388-a348-f00d2a750605&dpid=55953

Request Chain 123

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED3wIzJO4noV7Wol-NXKLkM&google_cver=1

Request Chain 124

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZXhsw0O-dECp2dSN19ffEQAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED3wIzJO4noV7Wol-NXKLkM&google_cver=1

Request Chain 125

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESENQzOYRzBeRxFFpens_f7Og&google_cver=1

Request Chain 126

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjA5NDI5NzczNzgzNDI2NDI1Mw%3D%3D

Request Chain 128

https://cs.media.net/cksync?cs=31&type=tam&redirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dmedia.net%26id%3D%3Cvsid%3E HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=media.net&id=3453925792890142000V10

Request Chain 129

https://ssum-sec.casalemedia.com/usermatch?s=192259&cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID HTTP 302
https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1

Request Chain 132

https://ups.analytics.yahoo.com/ups/58251/sync?redir=true HTTP 302
https://ups.analytics.yahoo.com/ups/58251/sync?redir=true&verify=true HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=vmg.com&id=eS0yemlBOWpORTJ1SjMybVNTbTNwSHR6dTBRWHd2RWNNQX5B

Request Chain 133

https://u.openx.net/w/1.0/cm?id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D HTTP 302
https://u.openx.net/w/1.0/cm?cc=1&id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D

Request Chain 134

https://ib.adnxs.com/getuid?https://s.amazon-adsystem.com/ecm3?id=$UID&ex=appnexus.com HTTP 302
https://s.amazon-adsystem.com/ecm3?id=6094297737834264253&ex=appnexus.com

Request Chain 135

https://eb2.3lift.com/getuid?redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3D3lift.com%26id%3D%24UID HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=3lift.com&id=4563082581659851557982

Request Chain 148

https://match.adsrvr.org/track/cmf/openx?oxid=b0ad7d6d-9f6e-3676-5949-8d185dd21765&gdpr=0 HTTP 302
https://x.bidswitch.net/syncd?dsp_id=93&user_group=1&user_id=97c7f663-a8ae-4388-a348-f00d2a750605&expires=30&redir=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Fgeneric%3Fttd_pid%3Dbidswitch

Request Chain 149

https://tg.socdm.com/rtb/sync_before?proto=openx HTTP 302
https://jp-u.openx.net/w/1.0/sd?id=537072335&val=ZXhsxMCo8X0AABYCj-gAAAAA

Request Chain 150

https://cr-p3.ladsp.com/cookiesender/3 HTTP 302
https://cr-p3.ladsp.com/cookiesender/3?cr=true HTTP 302
https://jp-u.openx.net/w/1.0/sd?id=537072451&val=AcOq2b-h6QVcks8AED41tPFQ2s8AAAGMXmjcWQ

Request Chain 152

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEHTK4lwGuBUScyGnIwz27fc&google_cver=1

Request Chain 154

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=ZXhsw9hMmxDOyEbVTzghIgAA HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESED3wIzJO4noV7Wol-NXKLkM&google_cver=1

Request Chain 155

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=ZXhsw9hMmxDOyEbVTzghIgAAEqcAAAIB&gdpr_consent=&us_privacy=&gdpr=&gpp=&gpp_sid= HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&gpp=&gpp_sid=&google_gid=CAESECiaucvMMo7L1XRYtmxNOFM&google_cver=1

Request Chain 157

https://i.liadm.com/s/31327?bidder_id=14481&bidder_uuid=ZXhsw9hMmxDOyEbVTzghIgAA%264775&gpdr=&gdpr_consent=&us_privacy=&gpp=&gpp_sid= HTTP 303
https://i.liadm.com/s/31327?gdpr_consent=&bidder_id=14481&gpp=&bidder_uuid=ZXhsw9hMmxDOyEbVTzghIgAA%264775&_li_chk=true&gpp_sid=&us_privacy=&gpdr=&previous_uuid=b549779f7bc64f959de8ed9bba8c1e0e HTTP 303
https://d.turn.com/r/dd/id/L21rdC8xOTcxL2NpZC8xNzQ5ODczMjc1L3QvMg/url/https://i.liadm.com/s/53233?bidder_id=183658&bidder_uuid=$!%7BTURN_UUID%7D HTTP 302
https://i.liadm.com/s/53233?bidder_id=183658&bidder_uuid=8000979015355519534 HTTP 303
https://live.rezync.com/sync?c=0aa2530f29e4f4a05b5d5d9bb35d60c2&p=93c1662463a616a7155169889dd99651&pid=b549779f-7bc6-4f95-9de8-ed9bba8c1e0e HTTP 302
https://p.rfihub.com/cm?pub=39342&in=1&userid=6fa7c272-8cc4-4735-a419-82b4fcca0c88%3A1702390982.615638&forward=https%3A//idsync.rlcdn.com/501709.gif%3Fpartner_uid%3D6fa7c272-8cc4-4735-a419-82b4fcca0c88%253A1702390982.615638%26_%3D1702390982.6183689&cb=1702390982.618402 HTTP 302
https://live.rezync.com/pixel?c=bd8618c307ae9885a12561b7191e2cea&cid=1978557985136605531&referrer={encSite}&forward=https%3A%2F%2Fidsync.rlcdn.com%2F501709.gif%3Fpartner_uid%3D6fa7c272-8cc4-4735-a419-82b4fcca0c88%253A1702390982.615638%26_%3D1702390982.6183689 HTTP 302
https://idsync.rlcdn.com/501709.gif?partner_uid=6fa7c272-8cc4-4735-a419-82b4fcca0c88%3A1702390982.615638&_=1702390982.6183689 HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=epsilon&google_cm HTTP 302
https://idsync.rlcdn.com/362358.gif?google_gid=CAESEHlb-HlBUT3TURiuVk0ZG7Q&google_cver=1

Request Chain 158

https://dpm.demdex.net/ibs:dpid=23728&dpuuid=ZXhsw9hMmxDOyEbVTzghIgAA%264775?gdpr_consent=&us_privacy=&gdpr=&gpp=&gpp_sid= HTTP 302
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=23728&dpuuid=ZXhsw9hMmxDOyEbVTzghIgAA%264775

Request Chain 159

https://ups.analytics.yahoo.com/ups/55940/sync?_origin=1&redir2=true&uid=ZXhsw9hMmxDOyEbVTzghIgAAEqcAAAIB&gdpr_consent=&us_privacy=&gdpr=&gpp=&gpp_sid= HTTP 302
https://ups.analytics.yahoo.com/ups/55940/sync?_origin=1&redir2=true&uid=ZXhsw9hMmxDOyEbVTzghIgAAEqcAAAIB&gdpr_consent=&us_privacy=&gdpr=&gpp=&gpp_sid=&verify=true HTTP 302
https://pr-bh.ybp.yahoo.com/sync/casale/ZXhsw9hMmxDOyEbVTzghIgAAEqcAAAIB

Request Chain 160

https://match.adsrvr.org/track/cmf/casale HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=97c7f663-a8ae-4388-a348-f00d2a750605&expiration=1704982979&gdpr=0&gdpr_consent=

Request Chain 161

https://dmp.brand-display.com/cm/api/index?cm_dsp_id=191&cm_user_id=%3cIndex_user_id%3e HTTP 302
https://dsum.casalemedia.com/crum?cm_dsp_id=191&external_user_id=8d0e630b-e327-4f5a-60adf172

Request Chain 169

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=tT_9lj_NSK6uzgLTHc-hbQ%3D%3D&gdpr=0&gdpr_consent= HTTP 302
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=

Request Chain 170

https://pixel.tapad.com/idsync/ex/receive?partner_id=3371&partner_device_id=B53FFD96-3FCD-48AE-AECE-02D31DCFA16D HTTP 302
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3371&partner_device_id=B53FFD96-3FCD-48AE-AECE-02D31DCFA16D HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=10e0fb2e-34c0-4e4b-95c1-9a17e5716ff2%252C%252C&gdpr=0&gdpr_consent= HTTP 302
https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=97c7f663-a8ae-4388-a348-f00d2a750605&ttd_puid=10e0fb2e-34c0-4e4b-95c1-9a17e5716ff2%2C%2C

Request Chain 171

https://sync.crwdcntrl.net/qmap?c=240&tp=PUBM&tpid=B53FFD96-3FCD-48AE-AECE-02D31DCFA16D&gdpr=0&gdpr_consent= HTTP 302
https://sync.crwdcntrl.net/qmap?c=240&tp=PUBM&tpid=B53FFD96-3FCD-48AE-AECE-02D31DCFA16D&gdpr=0&gdpr_consent=&ct=y

Request Chain 172

https://uipglob.semasio.net/pubmatic/1/info?sType=sync&sExtCookieId=B53FFD96-3FCD-48AE-AECE-02D31DCFA16D&sInitiator=external&gdpr=0&gdpr_consent= HTTP 302
https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=B53FFD96-3FCD-48AE-AECE-02D31DCFA16D&sInitiator=external&gdpr=0&gdpr_consent=

Request Chain 173

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=QjUzRkZEOTYtM0ZDRC00OEFFLUFFQ0UtMDJEMzFEQ0ZBMTZE&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=

Request Chain 174

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEJfXm496VJXDyraA2ISk7n0&google_cver=1

Request Chain 175

https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:525C936CB87B4D8E8003A94C1DA24957

Request Chain 177

https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=97c7f663-a8ae-4388-a348-f00d2a750605&gdpr=0&gdpr_consent=

Request Chain 183

https://fw.adsafeprotected.com/rfw/st/1703769/75569295/skeleton.js?adsafe_url=https%3A%2F%2Fwww.nytimes.com&adsafe_type=y&adsafe_url=https%3A%2F%2Fwww.nytimes.com%2F&adsafe_type=e&adsafe_url=https%3A%2F%2F68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2F68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&adsafe_type=d&adsafe_jsinfo=,id:26213381-5893-e5a2-429b-39bd1f7ebc43,c:wCJr42,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-cd76977fc-cxzt6,rg:au,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.970.250,am:sp,cc:0.0.970.250,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,bru:c,an:n,oam:0,mtim:980,mot:0,app:0,maw:0,fm:tYeD3Ag+11%7C12%7C1311%7C13121%7C13122%7C1313%7C1314%7C1315%7C1316%7C1317%7C1411%7C15*.1703769-75569295%7C151%7C152%7C153%7C16,idMap:15*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:DIV,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,tt:rjss,et:1059,oid:f349c2a4-98f9-11ee-9677-dadcb25db6dd,v:19.8.464,sp:1,st:0,fwm:1,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://static.adsafeprotected.com/skeleton.js

Request Chain 197

https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=a9us&khaos=LQ2FMTGL-25-4S9A HTTP 302
https://s.amazon-adsystem.com/ecm3?id=LQ2FMTGL-25-4S9A&ex=d-rubiconproject.com&status=ok

Request Chain 200

https://token.rubiconproject.com/token?pid=36584 HTTP 302
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LQ2FMTGL-25-4S9A

Request Chain 201

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc HTTP 302
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEJRlMf5yoiXktxYqTW1XmW4&google_cver=1

Request Chain 202

https://token.rubiconproject.com/token?pid=2249&pt=n HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=NmE0ODM5NTczMGMyOWE0ZDhiNThhNzU5MzIzM2JjMDNkZDdjNWZiNg

Request Chain 203

https://match.adsrvr.org/track/cmf/rubicon HTTP 302
https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=97c7f663-a8ae-4388-a348-f00d2a750605&gdpr=0&gdpr_consent=&expires=30

Request Chain 205

https://token.rubiconproject.com/token?pid=25470 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_cm&google_hm=TFEyRk1UR0wtMjUtNFM5QQ== HTTP 302
https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEH-gn0mRFqJuxcdchhvDYrQ&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TFEyRk1UR0wtMjUtNFM5QQ==&google_push=

Request Chain 206

https://pixel.rubiconproject.com/exchange/sync.php?p=a9us HTTP 302
https://s.amazon-adsystem.com/ecm3?id=LQ2FMTGL-25-4S9A&ex=d-rubiconproject.com&status=ok

Request Chain 207

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1 HTTP 302
https://pr-bh.ybp.yahoo.com/sync/rubicon/Giz9XuHk56iu8ZB8g8LNYsn5EUdSAgOZEtemQ7w0kco?csrc= HTTP 302
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-VtFmjCpE2oIjAuB37D25dmGGbKDfoDmTg3GIcA--~A

Request Chain 208

https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id= HTTP 302
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=KmHtP3QGShmiaFIp4M_kOg&rk=usync-na HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=KmHtP3QGShmiaFIp4M_kOg

Request Chain 209

https://match.prod.bidr.io/cookie-sync/rp?bee_sync_partners=rp HTTP 303
https://match.prod.bidr.io/cookie-sync/rp?bee_sync_partners=rp&_bee_ppp=1 HTTP 303
https://pixel.rubiconproject.com/tap.php?v=183462&nid=4114&put=AAAlr07K8NoAABRNEyjRQw&expires=30

Request Chain 210

https://sync.ipredictive.com/d/sync/cookie/generic?https://pixel.rubiconproject.com/tap.php?v=17149&nid=2861&put=${ADELPHIC_CUID}&expires=30 HTTP 302
https://pixel.rubiconproject.com/tap.php?v=17149&nid=2861&put=65102b74-5207-4d0a-92d0-2a3a405f5420&expires=30

Request Chain 211

https://pixel.rubiconproject.com/exchange/sync.php?p=pbs-apn HTTP 302
https://ib.adnxs.com/prebid/setuid?bidder=rubicon&uid=LQ2FMTGL-25-4S9A

Request Chain 212

https://token.rubiconproject.com/token?pid=26594 HTTP 302
https://ups.analytics.yahoo.com/ups/58160/sync?_origin=1&uid=LQ2FMTGL-25-4S9A&redir=true HTTP 302
https://ups.analytics.yahoo.com/ups/58824/sync?_origin=0&dpid=58160&ovsid=LQ2FMTGL-25-4S9A&redir=true HTTP 302
https://hb.yahoo.net/cksync?cs=63&axid_e=eS0xdzZObzZCRTJ1RTdmUklZaS5ESHFUWHh2Y2M3VWNTLn5B&ovsid=LQ2FMTGL-25-4S9A&dpid=58160

Request Chain 213

https://pixel.rubiconproject.com/exchange/sync.php?p=primis HTTP 302
https://live.primis.tech/live/liveCS.php?source=external&advId=100&advUuid=LQ2FMTGL-25-4S9A HTTP 301
https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=793790479&3rddpi=1725065545&3rdpcid=LQ2FMTGL-25-4S9A HTTP 302
https://sync1.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=793790479&3rddpi=1725065545&3rdpcid=LQ2FMTGL-25-4S9A&ckls=true&ci=xJvfvhhG22&nc=false&trid=-561359954

Request Chain 214

https://token.rubiconproject.com/token?pid=37556&a=1 HTTP 302
https://pixel.tapad.com/idsync/ex/receive?partner_id=3355&partner_device_id=LQ2FMTGL-25-4S9A

Request Chain 215

https://pixel.rubiconproject.com/exchange/sync.php?p=pbs-adaptmx HTTP 302
https://prebid.a-mo.net/setuid/magnite?uid=LQ2FMTGL-25-4S9A

Request Chain 218

https://dis.criteo.com/dis/usersync.aspx?r=115&p=226&cp=medianet&cu=1&gdpr=${GDPR}&gdpr_consent=${GDPR_CONSENT}&us_privacy=&gpp=${GPP_STRING_142}&gpp_sid=${GPP_SID}&url=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D1%26type%3Dcrt%26ovsid%3D%40%40CRITEO_USERID%40%40 HTTP 302
https://contextual.media.net/cksync.php?cs=1&type=crt&ovsid=108491ce-0083-467b-adbd-07a77e7a6bdb&gdpr=${GDPR}&gdpr_consent=${GDPR_CONSENT}&us_privacy=

Request Chain 219

https://dsum.casalemedia.com/pbusermatch?origin=prebid&site_id=995821&p=1&i=0&gdpr=0&gdpr_consent=&us_privacy= HTTP 302
https://ad.turn.com/r/cs?pid=21 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=7785087708218446382

Request Chain 220

https://pm.w55c.net/ping_match.gif?ei=MEDIANET&rurl=https%3A%2F%2Fcs.media.net%2Fcksync.php%3Fcs%3D8%26type%3Ddxu%26ovsid%3D_wfivefivec_ HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=MEDIANET&rurl=https%3A%2F%2Fcs.media.net%2Fcksync.php%3Fcs%3D8%26type%3Ddxu%26ovsid%3D_wfivefivec_ HTTP 302
https://cs.media.net/cksync.php?cs=8&type=dxu&ovsid=mTTU3yPJ1Rd3F35

Request Chain 221

https://eb2.3lift.com/sync?px=1&src=prebid& HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=svx9t50&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://eb2.3lift.com/xuid?mid=3658&xuid=97c7f663-a8ae-4388-a348-f00d2a750605&dongle=0cfd&gdpr=0&gdpr_consent=

Request Chain 223

https://medianet-match.dotomi.com/match/bounce/current?version=1&networkId=57734&gdpr=${GDPR}&gdpr_consent=${GDPR_CONSENT}&redir=https%3A%2F%2Fcs.media.net%2Fcksync.php%3Fcs%3D8%26type%3Dcon%26ovsid%3D%24UID HTTP 302
https://medianet-match.dotomi.com/match/bounce/current?DotomiTest=1867e518f41820bf&is_secure=true&version=1&networkId=57734&gdpr=%24%7BGDPR%7D&gdpr_consent=%24%7BGDPR_CONSENT%7D&redir=https%3A%2F%2Fcs.media.net%2Fcksync.php%3Fcs%3D8%26type%3Dcon%26ovsid%3D%24UID HTTP 302
https://cs.media.net/cksync.php?cs=8&type=con&ovsid=AAAL_TcoJe4jQgMKhUIiAAAAAAA&expiration=1702477382&is_secure=true&gdpr_consent=${GDPR_CONSENT}&gdpr=${GDPR}

Request Chain 224

https://image8.pubmatic.com/AdServer/ImgSync?p=163427 HTTP 302
https://ad.turn.com/r/cs?pid=1&gdpr=-1&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=4205292252947206702&gdpr=&gdpr_consent=&us_privacy= HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=&us_privacy=${US_PRIVACY} HTTP 302
https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=B53FFD96-3FCD-48AE-AECE-02D31DCFA16D&redir=true&gdpr=0&gdpr_consent= HTTP 302
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-7fbllLZE2uXQrV41VItAX0PJDkkJeXM-~A&gdpr=0

Request Chain 241

https://c1.adform.net/serving/cookie/match?party=14&cid=B53FFD96-3FCD-48AE-AECE-02D31DCFA16D&gdpr=0&gdpr_consent= HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=B53FFD96-3FCD-48AE-AECE-02D31DCFA16D&gdpr=0&gdpr_consent=

Request Chain 242

https://ib.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=6094297737834264253&gdpr=0&gdpr_consent= HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=&us_privacy=${US_PRIVACY}

Request Chain 243

https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent=&us_privacy= HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=pubmatic&gdpr=0&gdpr_consent=&us_privacy= HTTP 302
https://sync.aralego.com/bsw_sync?ucf_nid=par-E2B44D84BBBDED8A0B297323E4B4A68&dsp_id=445&bidswitch_ssp_id=pubmatic&bsw_custom_parameter=a8253729-d409-460a-b0e5-033e0dd16f1d&gdpr=0&gdpr_consent=&gdpr_pd=&usprivacy= HTTP 302
https://x.bidswitch.net/sync?dsp_id=445&user_id=2943f129-9419-38d5-b5e8-d44baa122c9c&ssp=pubmatic&bsw_param=a8253729-d409-460a-b0e5-033e0dd16f1d

Request Chain 244

https://cms.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=ccEYVXGXTFpqwRZdcJUCD3WRGQhqx0xVJpZFVCQ6

Request Chain 245

https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=${TM_USER_ID}&gdpr=1&gdpr_consent= HTTP 302
https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=${TM_USER_ID}&gdpr=1&gdpr_consent=&_test=ZXhsyAAGZN74JQBd

Request Chain 246

https://cm.ambientdsp.com/cm/send?vc=pmj HTTP 301
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQ0OSZ0bD00MzIwMA==&piggybackCookie=12okvn4lmvlu HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=&us_privacy=${US_PRIVACY} HTTP 302
https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&gdpr=0&gdpr_consent=&piggybackCookie=659307077908634591 HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=&us_privacy=${US_PRIVACY} HTTP 302
https://pubmatic-match.dotomi.com/match/bounce/current?networkId=17100&version=1&nuid=B53FFD96-3FCD-48AE-AECE-02D31DCFA16D&gdpr=0&gdpr_consent= HTTP 302
https://pubmatic-match.dotomi.com/match/bounce/current?DotomiTest=16fc33cb672a20bf&is_secure=true&networkId=17100&version=1&nuid=B53FFD96-3FCD-48AE-AECE-02D31DCFA16D&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTQ2MSZ0bD0xMDA4MA==&piggybackCookie=AAALx-y8fmr1IQNbQzxRAAAAAAA&expiration=1702477384&nuid=B53FFD96-3FCD-48AE-AECE-02D31DCFA16D&is_secure=true&gdpr_consent=&gdpr=0 HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=&us_privacy=${US_PRIVACY}

Request Chain 247

https://sync.srv.stackadapt.com/sync?nid=11&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=0QJjteEPWOVyOHxktb2SCULLcKU&gdpr=0&gdpr_consent=

Request Chain 249

https://idsync.rlcdn.com/420486.gif?partner_uid=B53FFD96-3FCD-48AE-AECE-02D31DCFA16D HTTP 307
https://idsync.rlcdn.com/1000.gif?memo=CIbVGRIwCiwIARCMowEaJEI1M0ZGRDk2LTNGQ0QtNDhBRS1BRUNFLTAyRDMxRENGQTE2RBAAGg0IxtnhqwYSBQjoBxAAQgBKAA HTTP 307
https://pippio.com/api/sync?pid=5324&it=1&iv=4a5905f20c5fe6350ae07696ed08a6074a111c8202aa939ea0aebafb6aa9bebe791426b5417dce21&_=2 HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=pippio_dmp&google_cm&google_no_sc&m=CMwpElsKVwgBEJInGlA0YTU5MDVmMjBjNWZlNjM1MGFlMDc2OTZlZDA4YTYwNzRhMTExYzgyMDJhYTkzOWVhMGFlYmFmYjZhYTliZWJlNzkxNDI2YjU0MTdkY2UyMRAAGgwIx9nhqwYSBAgCEABCAEoA HTTP 302
https://pippio.com/api/sync/ddp?pid=2&m=CMwpElsKVwgBEJInGlA0YTU5MDVmMjBjNWZlNjM1MGFlMDc2OTZlZDA4YTYwNzRhMTExYzgyMDJhYTkzOWVhMGFlYmFmYjZhYTliZWJlNzkxNDI2YjU0MTdkY2UyMRAAGgwIx9nhqwYSBAgCEABCAEoA&google_gid=CAESEHWRq7IwBaEpKnSbLJj2Z2w&google_cver=1 HTTP 307
https://tags.rd.linksynergy.com/rcs?ns=lr&uid3= HTTP 303
https://idsync.rlcdn.com/458249.gif?partner_uid=f6ab34e2-1145-4aa7-b724-56146f712545

250 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request movies Show response
www.nytimes.com/section/
Redirect Chain

http://movies.nytimes.com/person/1430347/Sarah-Jeanne-LaBrosse
https://www.nytimes.com/section/movies

627 KB
98 KB

453ms
143ms

Document
text/html

151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nytimes.com/section/movies

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

4be3bad3d13ad8dcc3232eaf08560b691d426ef49592aa8e43a6cd88d11062a6

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src data: https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

accept-ranges: bytes
age: 555
cache-control: s-maxage=600,no-cache
content-encoding: gzip
content-length: 99159
content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src data: https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-type: text/html; charset=utf-8
date: Tue, 12 Dec 2023 14:22:55 GMT
last-modified: Tue, 12 Dec 2023 14:13:40 GMT
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/section/movies
server: nginx
strict-transport-security: max-age=63072000; preload; includeSubdomains
vary: Accept-Encoding, Fastly-SSL
x-api-version: F-F-VI
x-b3-traceid: 5ad45c78ed4f4e6480028c3696180645
x-cache: HIT, HIT
x-cache-hits: 12, 1
x-content-type-options: nosniff
x-frame-options: DENY
x-gdpr: 0
x-nyt-app-webview: 0
x-nyt-data-last-modified: Tue, 12 Dec 2023 14:13:40 GMT
x-nyt-edge-cache: HIT-HIT
x-nyt-route: vi-collection
x-origin-time: 2023-12-12 14:16:00 UTC
x-pagetype: vi-collection
x-served-by: cache-lga13622-LGA, cache-bfi-kbfi7400042-BFI
x-timer: S1702390976.934968,VS0,VE3
x-xss-protection: 1; mode=block

Redirect headers

Accept-Ranges: bytes
Connection: keep-alive
Date: Tue, 12 Dec 2023 14:22:55 GMT
Vary: Accept-Encoding
Via: 1.1 varnish
X-Cache: MISS
X-Cache-Hits: 0
X-Served-By: cache-bfi-kbfi7400100-BFI
X-Timer: S1702390975.386787,VS0,VE99
cache-control: public, max-age=300
content-encoding: gzip
content-type: text/html; charset=iso-8859-1
location: https://www.nytimes.com/section/movies
server: envoy
transfer-encoding: chunked
x-API-Version: F-GL
x-envoy-decorator-operation: legacy-www.web-platforms-legacy-www.nyti.nyt.net:443/*
x-envoy-upstream-service-time: 63

GET
H2 200 datadog-rum.js Show response
www.datadoghq-browser-agent.com/us1/v4/ 150 KB
48 KB 19ms
5ms Script
application/javascript 18.67.97.42
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.datadoghq-browser-agent.com/us1/v4/datadog-rum.js
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/section/movies
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.67.97.42 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-67-97-42.syd62.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: cd5eb76033d96219a0c4fe45fb0df10202e1febcb4d086fb1305f1b3304a6b1a

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 14:22:56 GMT
content-encoding: br
via: 1.1 2e05fb1b0c75f8ef4c701fadb0b27fd8.cloudfront.net (CloudFront)
last-modified: Mon, 09 Oct 2023 09:24:57 GMT
server: AmazonS3
x-amz-cf-pop: SYD62-P1
age: 3
x-amz-server-side-encryption: AES256
etag: W/"2630b3d7ad4a41fac67742216e506d83"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=14400, s-maxage=60
timing-allow-origin: *
x-amz-cf-id: faftXvl2usTCwYvJKMwI8aXeVgWGjElkJvSIGHbWZ1rt8sVhR2ryXw==

GET
H2 200 web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css
g1.nyt.com/fonts/css/ 60 KB
10 KB 251ms
239ms Stylesheet
text/css 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/section/movies

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

09bff184ea094a06e46d7f26512fd7b245304078a27f1ba8084488cbcf7704de

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

expires: Fri, 02 Aug 2024 09:34:15 GMT
date: Tue, 12 Dec 2023 14:22:56 GMT
content-encoding: gzip
via: 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 2959351
x-guploader-uploadid: ADPycdtCMXL4vj80iPWu7kpoZQQ0rt1uHJuL2YG-ifMT89ZSnzte1jP72s6kC_S-7YOBzsC8Eb8cu5u59qu5pV5E9Af9HQ
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
content-length: 9868
x-served-by: cache-bfi-kbfi7400042-BFI
last-modified: Tue, 17 Jan 2023 21:42:55 GMT
server: UploadServer
x-timer: S1702390976.114707,VS0,VE0
etag: "b79308aee772cf8921761a4fdb884fe5"
vary: Accept-Encoding
x-goog-generation: 1673991774978541
content-type: text/css; charset=utf-8
access-control-allow-origin: *
x-goog-hash: crc32c=ay5bmg==, md5=t5MIrudyz4khdhpP24hP5Q==
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
access-control-allow-methods: GET, OPTIONS
x-goog-stored-content-length: 9868
accept-ranges: bytes
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 20509

GET
H2 200 global-f449cfd9976ad673ef2b7ab5098b85be.css
www.nytimes.com/vi-assets/static-assets/ 6 KB
3 KB 157ms
156ms Stylesheet
text/css 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nytimes.com/vi-assets/static-assets/global-f449cfd9976ad673ef2b7ab5098b85be.css

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/section/movies

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

57bc281be64ff5ec8e3c2258640df6097a32f08ac5a2c346f214300eb430f176

Security Headers

Name

Value

Content-Security-Policy

upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src data: https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;

Strict-Transport-Security

max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.nytimes.com/section/movies
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src data: https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-encoding: gzip
age: 2438277
x-guploader-uploadid: ADPycdtG_4k8BoasSHVWCt9eK7gdaUwwbg0z92TgUD4LYwC2WzPCHGE2Q_Ghvjh1HUh3bbZdxm_Vy_tBv_8W9KSCFIilEISkYrlL
x-goog-stored-content-encoding: identity
x-origin-time: 2022-10-12 15:50:00 UTC
x-served-by: cache-bfi-kbfi7400042-BFI
x-timer: S1702390976.103556,VS0,VE1
etag: "e74f8b7c668251280cf3e52e20455a1c"
vary: Accept-Encoding, Fastly-SSL
x-goog-generation: 1665589250507895
content-type: text/css; charset=utf-8
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/global-f449cfd9976ad673ef2b7ab5098b85be.css
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 20610
expires: Thu, 12 Oct 2023 15:50:00 GMT
date: Tue, 12 Dec 2023 14:22:56 GMT
strict-transport-security: max-age=63072000; preload; includeSubdomains
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
content-length: 1968
last-modified: Wed, 12 Oct 2022 15:40:50 GMT
server: UploadServer
x-goog-hash: crc32c=jAKqfw==, md5=50+LfGaCUSgM8+UuIEVaHA==
x-gdpr: 0
x-goog-stored-content-length: 5656
accept-ranges: bytes

GET
H2 200 adslot-9682e4930b73f574c86b.js Show response
www.nytimes.com/vi-assets/static-assets/ 23 KB
9 KB 187ms
183ms Script
application/javascript 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nytimes.com/vi-assets/static-assets/adslot-9682e4930b73f574c86b.js

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/section/movies

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

c4bbc583aaed302599700b32c627128eaf272499efdc8458f816b4cb7911e1c2

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.nytimes.com/section/movies
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src data: https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-encoding: gzip
age: 85918
x-guploader-uploadid: ABPtcPpjfewcd_485UbRG-HYfE8RC8cMAA3EOcHxM2aopx5SHSuHur2SeKwNeIqQMH3Gjmo9bQ
x-goog-stored-content-encoding: identity
x-origin-time: 2023-12-11 14:30:58 UTC
x-served-by: cache-bfi-kbfi7400042-BFI
x-timer: S1702390976.385180,VS0,VE1
etag: "4dd52b4691bae33f209b9b83dfb3552a"
vary: Accept-Encoding, Fastly-SSL
x-goog-generation: 1702304886973777
content-type: application/javascript
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/adslot-9682e4930b73f574c86b.js
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 1958
expires: Tue, 10 Dec 2024 14:30:58 GMT
date: Tue, 12 Dec 2023 14:22:56 GMT
strict-transport-security: max-age=63072000; preload; includeSubdomains
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
content-length: 7974
last-modified: Mon, 11 Dec 2023 14:28:07 GMT
server: UploadServer
x-goog-hash: crc32c=Td43VQ==, md5=TdUrRpG64z8gm5uD37NVKg==
x-gdpr: 0
x-goog-stored-content-length: 23084
accept-ranges: bytes

GET
H2 200 11globes-list-tmkv-videoLarge.jpg
static01.nyt.com/images/2023/12/11/multimedia/11globes-list-tmkv/ 45 KB
46 KB 156ms
141ms Image
image/webp 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static01.nyt.com/images/2023/12/11/multimedia/11globes-list-tmkv/11globes-list-tmkv-videoLarge.jpg?auto=webp

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/section/movies

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

316e65b89469c80f64de0ee59a4c9f4ea6c5e79a9acf9c415b57a465d7f8f6aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

expires: Mon, 11 Dec 2023 20:06:38 GMT
date: Tue, 12 Dec 2023 14:22:56 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
fastly-io-served-by: vpop-kiad7010215
age: 65778
x-guploader-uploadid: ABPtcPrHHwux3YddXPEk6d0Inm_zk_Bn0rymBw1SZY4RgjIHYGegtsV-lU7ATQUgiNu4i3lAs4c
x-cache: HIT, HIT
fastly-io-info: ifsz=86677 idim=768x507 ifmt=jpeg ofsz=45960 odim=768x507 ofmt=webp
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
fastly-stats: io=1
content-length: 45960
x-served-by: cache-iad-kjyo7100109-IAD, cache-bfi-kbfi7400042-BFI
server: UploadServer
x-timer: S1702390976.241642,VS0,VE0
etag: "H2J8fmyKdzFZGvQYk9Ot1PFIVz+w/SKRWOpwlrNGppQ"
vary: Accept
x-goog-generation: 1702325192498403
content-type: image/webp
access-control-allow-origin: *
x-goog-hash: crc32c=iO5ugw==, md5=/7pVfZzPl4o3hiH639NxRg==
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-goog-stored-content-length: 86677
x-amz-checksum-crc32c: iO5ugw==
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 16, 2

GET
H2 200 08oneal-appraisal-02-videoLarge.jpg
static01.nyt.com/images/2023/12/08/arts/08oneal-appraisal-02/ 33 KB
34 KB 184ms
169ms Image
image/webp 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static01.nyt.com/images/2023/12/08/arts/08oneal-appraisal-02/08oneal-appraisal-02-videoLarge.jpg?auto=webp

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/section/movies

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

42b02163b99f5f59d7f7e839ffa3933734c70e613f8d92f6cc4575bb97d1d489

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

expires: Sat, 09 Dec 2023 01:23:13 GMT
date: Tue, 12 Dec 2023 14:22:56 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
fastly-io-served-by: vpop-kiad7010227
age: 305982
x-guploader-uploadid: ABPtcPrHmR8-7DHtCbl7VoG-wrMw7B_B0IhUgXE1el04P4ARQ4-Xox9L1AMKNWLaSSnWnKNg07bRu4OK_g
x-cache: HIT, HIT
fastly-io-info: ifsz=60360 idim=768x507 ifmt=jpeg ofsz=33960 odim=768x507 ofmt=webp
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
fastly-stats: io=1
content-length: 33960
x-served-by: cache-iad-kjyo7100172-IAD, cache-bfi-kbfi7400042-BFI
server: UploadServer
x-timer: S1702390976.241479,VS0,VE1
etag: "iNXy2md/HjxdmQMqGfQl5f5TRvVxVz5Dd1SXwBkGlTE"
vary: Accept
x-goog-generation: 1702084610490871
content-type: image/webp
access-control-allow-origin: *
x-goog-hash: crc32c=UciiCA==, md5=YU1UJTsimY40GfMd++gkng==
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-goog-stored-content-length: 60360
x-amz-checksum-crc32c: UciiCA==
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 24, 0

GET
H2 200 10HOLOCAUST-MOVIES-01-mhvb-mediumThreeByTwo225.jpg
static01.nyt.com/images/2023/12/10/multimedia/10HOLOCAUST-MOVIES-01-mhvb/ 4 KB
4 KB 188ms
183ms Image
image/webp 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static01.nyt.com/images/2023/12/10/multimedia/10HOLOCAUST-MOVIES-01-mhvb/10HOLOCAUST-MOVIES-01-mhvb-mediumThreeByTwo225.jpg?auto=webp

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/section/movies

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

bd0746450746c2e23310f91b52d3023a7ca760bbd022540556ec7395c148353a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

expires: Sun, 10 Dec 2023 10:12:23 GMT
date: Tue, 12 Dec 2023 14:22:56 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
fastly-io-served-by: vpop-kiad7010247
age: 187833
x-guploader-uploadid: ABPtcPrP5lOE-tM5OCWYW5VpnK-JzY-EOzU3XlECbAcGk41buxNh2kFlNGzENH-yGAeWxWzDEVk
x-cache: HIT, HIT
fastly-io-info: ifsz=10900 idim=225x150 ifmt=jpeg ofsz=3836 odim=225x150 ofmt=webp
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
fastly-stats: io=1
content-length: 3836
x-served-by: cache-iad-kjyo7100160-IAD, cache-bfi-kbfi7400042-BFI
server: UploadServer
x-timer: S1702390976.384763,VS0,VE2
etag: "fsCuZEb/HEMSj99ad17n/VbcHC5DJvjr8awWl5cQYfw"
vary: Accept
x-goog-generation: 1702202453636272
content-type: image/webp
access-control-allow-origin: *
x-goog-hash: crc32c=zmLCzw==, md5=OhL7V1Uf+FTDq4ur+rqxrA==
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-goog-stored-content-length: 10900
x-amz-checksum-crc32c: zmLCzw==
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 15, 0

GET
H2 200 miyazaki-flying-promo-mediumThreeByTwo225.jpg
static01.nyt.com/images/2023/12/06/arts/miyazaki-flying-promo/ 11 KB
11 KB 307ms
302ms Image
image/webp 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static01.nyt.com/images/2023/12/06/arts/miyazaki-flying-promo/miyazaki-flying-promo-mediumThreeByTwo225.jpg?auto=webp

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/section/movies

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

45263fcec38868af5a6ab765d2e941b6ab7010fdd2ce0234581af769c30fbc3d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

expires: Fri, 08 Dec 2023 10:08:44 GMT
date: Tue, 12 Dec 2023 14:22:56 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
fastly-io-served-by: vpop-kiad7010216
age: 360852
x-guploader-uploadid: ABPtcPprZKmpTNKv5ZU9ExMrUADMBXyF86bC8Vd7vsdlZ05o4_BIzt9rRjf_atPuIMcRmFWxev0
x-cache: HIT, HIT
fastly-io-info: ifsz=20182 idim=225x150 ifmt=jpeg ofsz=10900 odim=225x150 ofmt=webp
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
fastly-stats: io=1
content-length: 10900
x-served-by: cache-iad-kjyo7100118-IAD, cache-bfi-kbfi7400042-BFI
server: UploadServer
x-timer: S1702390976.384856,VS0,VE2
etag: "iHjzMYbsdgPRE7qag2Vgm35IkfcLoIXS5I+b2CdLuNc"
vary: Accept
x-goog-generation: 1701895680338165
content-type: image/webp
access-control-allow-origin: *
x-goog-hash: crc32c=tZHUaA==, md5=FJvQ2o0Yhi2ye8nfMyz/QQ==
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-goog-stored-content-length: 20182
x-amz-checksum-crc32c: tZHUaA==
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 7, 0

GET
H2 200 07POOR-THINGS-REVIEW-mhqv-videoLarge.jpg
static01.nyt.com/images/2023/12/08/multimedia/07POOR-THINGS-REVIEW-mhqv/ 46 KB
47 KB 150ms
146ms Image
image/webp 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static01.nyt.com/images/2023/12/08/multimedia/07POOR-THINGS-REVIEW-mhqv/07POOR-THINGS-REVIEW-mhqv-videoLarge.jpg?auto=webp

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/section/movies

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

677032f463161f7eb7bc3fc5216fc7f81b233ad8f2fe0a48506f4b3bf8a2d15d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

expires: Fri, 08 Dec 2023 14:28:37 GMT
date: Tue, 12 Dec 2023 14:22:56 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
fastly-io-served-by: vpop-kiad7010251
age: 345260
x-guploader-uploadid: ABPtcPrfl4Ga8yhhBFBzCmP2OKHNfXd-8t5E4MfTsCoGktHeeqmi54pQl1JiJQyanpHNK2v270EM92pA5Q
x-cache: HIT, HIT
fastly-io-info: ifsz=90953 idim=768x507 ifmt=jpeg ofsz=47332 odim=768x507 ofmt=webp
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
fastly-stats: io=1
content-length: 47332
x-served-by: cache-iad-kcgs7200173-IAD, cache-bfi-kbfi7400042-BFI
server: UploadServer
x-timer: S1702390976.384960,VS0,VE0
etag: "+zLeZ3qNp8bfYAYata+ibBbvLYhdlGykdJVx2uxh+Mk"
vary: Accept
x-goog-generation: 1702045588367617
content-type: image/webp
access-control-allow-origin: *
x-goog-hash: crc32c=ck0VFQ==, md5=PiQ6+Iu66SutJeCHUR7+PQ==
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-goog-stored-content-length: 90953
x-amz-checksum-crc32c: ck0VFQ==
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 5, 2

GET
H2 200 08o-neal-streaming-love-mediumThreeByTwo225.jpg
static01.nyt.com/images/2023/12/08/arts/08o-neal-streaming-love/ 9 KB
10 KB 156ms
152ms Image
image/webp 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static01.nyt.com/images/2023/12/08/arts/08o-neal-streaming-love/08o-neal-streaming-love-mediumThreeByTwo225.jpg?auto=webp

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/section/movies

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

beb4f2cf4d77438d70f43bf4ddd4b44cc8b5a904bc9519065a56ac22a6012d04

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

expires: Sat, 09 Dec 2023 02:54:03 GMT
date: Tue, 12 Dec 2023 14:22:56 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
fastly-io-served-by: vpop-kiad7010250
age: 300533
x-guploader-uploadid: ABPtcPoqBbWYuI4-PWwNc7Ew7g3Iw2uLOCnlLm74322dXKaS70TN_-9qGJtylf50cfOmQify244
x-cache: HIT, HIT
fastly-io-info: ifsz=13789 idim=225x150 ifmt=jpeg ofsz=9330 odim=225x150 ofmt=webp
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
fastly-stats: io=1
content-length: 9330
x-served-by: cache-iad-kcgs7200057-IAD, cache-bfi-kbfi7400042-BFI
server: UploadServer
x-timer: S1702390976.385149,VS0,VE0
etag: "K8wmKK6HtLpPG4STg4j35+21IZB7TFmg3XeO65a6Jis"
vary: Accept
x-goog-generation: 1702090137991266
content-type: image/webp
access-control-allow-origin: *
x-goog-hash: crc32c=fnGAzQ==, md5=BNTaITCnmmbypxegGygIqw==
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-goog-stored-content-length: 13789
x-amz-checksum-crc32c: fnGAzQ==
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 35, 2

GET
H2 200 07origin-review-fbmj-videoLarge.jpg
static01.nyt.com/images/2023/12/08/multimedia/07origin-review-fbmj/ 39 KB
40 KB 316ms
316ms Image
image/webp 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static01.nyt.com/images/2023/12/08/multimedia/07origin-review-fbmj/07origin-review-fbmj-videoLarge.jpg?auto=webp

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/section/movies

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

1bdff12fc4f8e14a0f32bfb9aa0ecb447713dc8ce01f635fd7f582c71518fa68

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

expires: Fri, 08 Dec 2023 04:40:12 GMT
date: Tue, 12 Dec 2023 14:22:56 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
fastly-io-served-by: vpop-kiad7010213
age: 380564
x-guploader-uploadid: ABPtcPq4z1n-k-YS8voBmD_qL3K5sNDSBBRRnJIeu5Qchwqzq6F3aHsutQ3dp3PCKhJ8qcGD57w
x-cache: HIT, HIT
fastly-io-info: ifsz=77099 idim=768x507 ifmt=jpeg ofsz=39680 odim=768x507 ofmt=webp
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
fastly-stats: io=1
content-length: 39680
x-served-by: cache-iad-kcgs7200132-IAD, cache-bfi-kbfi7400042-BFI
server: UploadServer
x-timer: S1702390976.410705,VS0,VE1
etag: "2k3/gG/MGi6dwZKlqCfnKIDA5OUADL69PJWw+QmRltA"
vary: Accept
x-goog-generation: 1702010405396350
content-type: image/webp
access-control-allow-origin: *
x-goog-hash: crc32c=mS2Vng==, md5=9qyT2tFNOqzxZ80Z0woyxg==
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-goog-stored-content-length: 77099
x-amz-checksum-crc32c: mS2Vng==
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 4, 0

GET
H2 200 10best-staffers-02-czkt-videoLarge.jpg
static01.nyt.com/images/2023/12/10/multimedia/10best-staffers-02-czkt/ 44 KB
44 KB 301ms
301ms Image
image/webp 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static01.nyt.com/images/2023/12/10/multimedia/10best-staffers-02-czkt/10best-staffers-02-czkt-videoLarge.jpg?auto=webp

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/section/movies

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

8db149554ca8da3ec8d27bcc17432052801e32f9f651b4030414a4aa93acaa1a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

expires: Sat, 09 Dec 2023 10:00:49 GMT
date: Tue, 12 Dec 2023 14:22:56 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
fastly-io-served-by: vpop-kiad7010213
age: 274927
x-guploader-uploadid: ABPtcPrA_DB1hfeKtyazyUWd7YhlFxYM46sCPr147DdVXmI1vQfVi6dOYIpWPZmQfZ8oVmR2VD4
x-cache: HIT, HIT
fastly-io-info: ifsz=85693 idim=768x507 ifmt=jpeg ofsz=44734 odim=768x507 ofmt=webp
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
fastly-stats: io=1
content-length: 44734
x-served-by: cache-iad-kjyo7100166-IAD, cache-bfi-kbfi7400042-BFI
server: UploadServer
x-timer: S1702390977.523662,VS0,VE0
etag: "5ZekO/6qcYwSBFcudaWcG0pn2UivQwqBnvSo63mm/XA"
vary: Accept
x-goog-generation: 1702116011066971
content-type: image/webp
access-control-allow-origin: *
x-goog-hash: crc32c=YfPmPw==, md5=BFLByGpAEKhRvVAkF+/wVA==
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-goog-stored-content-length: 85693
x-amz-checksum-crc32c: YfPmPw==
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 5, 2

GET
H2 200 11holiday-wonderfullife-videoLarge.jpg
static01.nyt.com/images/2018/12/11/arts/11holiday-wonderfullife/ 78 KB
79 KB 201ms
201ms Image
image/webp 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static01.nyt.com/images/2018/12/11/arts/11holiday-wonderfullife/11holiday-wonderfullife-videoLarge.jpg?auto=webp

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/section/movies

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

e4f36ff5478faa26189d3c027452c4959c15cbaba110619e4ef8e210e9da555a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

expires: Tue, 05 Dec 2023 12:16:21 GMT
date: Tue, 12 Dec 2023 14:22:56 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
fastly-io-served-by: vpop-mnz1300715
age: 7569
x-guploader-uploadid: ABPtcPqFCi1gsaQnQ0HvyZVOWA6i2YTrPtsy_88bGPCJo02CJzb92CZwZUM9zkUfKoDgZxr4jcs
x-cache: HIT, HIT
fastly-io-info: ifsz=98523 idim=768x507 ifmt=jpeg ofsz=79956 odim=768x507 ofmt=webp
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
fastly-stats: io=1
content-length: 79956
fastly-io-warning: Failed to apply profile
x-served-by: cache-iad-kiad7000045-IAD, cache-bfi-kbfi7400042-BFI
server: UploadServer
x-timer: S1702390977.530435,VS0,VE1
etag: "cf8it5Vm8PgXFPGqIJbU4V2NuHvCFY7Y5xVsV4tPnoM"
vary: Accept
x-goog-generation: 1701777609306181
content-type: image/webp
access-control-allow-origin: *
x-goog-hash: crc32c=V3RLAQ==, md5=cG30Sp1UH3L/LHJ+5d7hsg==
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-goog-stored-content-length: 98523
x-amz-checksum-crc32c: V3RLAQ==
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 29, 0

GET
H2 200 17mag-metoo-mediumThreeByTwo210-v2.jpg
static01.nyt.com/images/2023/12/17/magazine/17mag-metoo/ 9 KB
9 KB 184ms
184ms Image
image/webp 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static01.nyt.com/images/2023/12/17/magazine/17mag-metoo/17mag-metoo-mediumThreeByTwo210-v2.jpg?quality=100&auto=webp

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/section/movies

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

626fe07f8002e07eb5641ba6b6536c50367625e351cf157f9b5f24e7de0e040c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

expires: Tue, 12 Dec 2023 10:09:07 GMT
date: Tue, 12 Dec 2023 14:22:56 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
fastly-io-served-by: vpop-kiad7010211
age: 15229
x-guploader-uploadid: ABPtcPpZP-bT8CHQeGRMPjDntqgJl-22J7X9HNKT0tMm6nyhmcFN73Dbcbo-Y__su3PglbDcRA1czzZH1g
x-cache: HIT, HIT
fastly-io-info: ifsz=9485 idim=210x140 ifmt=jpeg ofsz=8876 odim=210x140 ofmt=webp
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
fastly-stats: io=1
content-length: 8876
x-served-by: cache-iad-kjyo7100141-IAD, cache-bfi-kbfi7400042-BFI
server: UploadServer
x-timer: S1702390977.705589,VS0,VE1
etag: "ph3y8JG1btYGHbGCCAoTXpz+ZJmLEvPzypObXaLd6wA"
vary: Accept
x-goog-generation: 1702375330605345
content-type: image/webp
access-control-allow-origin: *
x-goog-hash: crc32c=msNNpg==, md5=ryfyD5bqKGGqQSMWBxNo7Q==
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-goog-stored-content-length: 9485
x-amz-checksum-crc32c: msNNpg==
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 11, 0

GET
H2 200 11GLOBES-SNUBS-PROMO-fhbc-mediumThreeByTwo210.jpg
static01.nyt.com/images/2023/12/11/multimedia/11GLOBES-SNUBS-PROMO-fhbc/ 11 KB
12 KB 147ms
146ms Image
image/jpeg 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static01.nyt.com/images/2023/12/11/multimedia/11GLOBES-SNUBS-PROMO-fhbc/11GLOBES-SNUBS-PROMO-fhbc-mediumThreeByTwo210.jpg?quality=100&auto=webp

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/section/movies

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

78409fb2cff4656c59023442d3b9601e5b413fd24bfe43346824f5d7ad02fa4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

expires: Mon, 11 Dec 2023 20:07:47 GMT
date: Tue, 12 Dec 2023 14:22:56 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
fastly-io-served-by: vpop-kiad7010213
age: 65709
x-guploader-uploadid: ABPtcPrn5IGPaTugxvfq_j3qPOe-LOqYPVNx5UpbM6TN3rtNwYVOcH_9IgQGn1hzKrQ1H6RBqQs
x-cache: HIT, HIT
fastly-io-info: ifsz=14604 idim=210x140 ifmt=jpeg ofsz=11442 odim=210x140 ofmt=jpeg
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
fastly-stats: io=1
content-length: 11442
fastly-io-warning: Failed to shrink image
x-served-by: cache-iad-kcgs7200124-IAD, cache-bfi-kbfi7400042-BFI
server: UploadServer
x-timer: S1702390977.744367,VS0,VE0
etag: "yDSuIICC12E6mEz7DXBdh7hoJ1JFrpjHyi/cfG20pTk"
vary: Accept
x-goog-generation: 1702325203774739
content-type: image/jpeg
access-control-allow-origin: *
x-goog-hash: crc32c=6UHioQ==, md5=4rbLTc7g/2NOkcZJVTFprQ==
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-goog-stored-content-length: 14604
x-amz-checksum-crc32c: 6UHioQ==
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 11, 2

GET
H2 200 10SLEEVES-POOR-THINGS-cmbv-mediumThreeByTwo210.jpg
static01.nyt.com/images/2023/12/10/multimedia/10SLEEVES-POOR-THINGS-cmbv/ 9 KB
10 KB 148ms
147ms Image
image/jpeg 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static01.nyt.com/images/2023/12/10/multimedia/10SLEEVES-POOR-THINGS-cmbv/10SLEEVES-POOR-THINGS-cmbv-mediumThreeByTwo210.jpg?quality=100&auto=webp

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/section/movies

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

81619079df55e825a05ee5c4560da97e35fcdfa62c7f4c06ffad6dd61ba1beed

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

expires: Sun, 10 Dec 2023 10:04:03 GMT
date: Tue, 12 Dec 2023 14:22:56 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
fastly-io-served-by: vpop-kiad7010226
age: 188333
x-guploader-uploadid: ABPtcPo2PEedI5yEbmGdXytgnQAXnGzBCreumhtQM6-FHzFtPyd4jfgDxvZ8qlgFTAMTTj8Gb65_HZrjpA
x-cache: HIT, HIT
fastly-io-info: ifsz=12362 idim=210x140 ifmt=jpeg ofsz=9200 odim=210x140 ofmt=jpeg
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
fastly-stats: io=1
content-length: 9200
fastly-io-warning: Failed to shrink image
x-served-by: cache-iad-kcgs7200051-IAD, cache-bfi-kbfi7400042-BFI
server: UploadServer
x-timer: S1702390977.744452,VS0,VE1
etag: "5i2zv6I/zRWDEYrRmCmFM+3+yumXeAS3OTI9hJk0bgs"
vary: Accept
x-goog-generation: 1702202407233047
content-type: image/jpeg
access-control-allow-origin: *
x-goog-hash: crc32c=LobSkQ==, md5=ARzr+blWTZJdkyT7k92Aug==
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-goog-stored-content-length: 12362
x-amz-checksum-crc32c: LobSkQ==
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 14, 0

GET
H2 200 08oneal-vwkj-mediumThreeByTwo210.jpg
static01.nyt.com/images/2023/12/10/multimedia/08oneal-vwkj/ 8 KB
8 KB 145ms
145ms Image
image/jpeg 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static01.nyt.com/images/2023/12/10/multimedia/08oneal-vwkj/08oneal-vwkj-mediumThreeByTwo210.jpg?quality=100&auto=webp

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/section/movies

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

029fea4d8569b2bc1c939ff408bafc069c61748e42c85d876ce38989bfdfef52

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

expires: Sat, 09 Dec 2023 06:47:41 GMT
date: Tue, 12 Dec 2023 14:22:56 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
fastly-io-served-by: vpop-kiad7010211
age: 286516
x-guploader-uploadid: ABPtcPqOIhzlqv9TR0hICeTGf5q9Hc10YgMd51LGsPF87jBJiq-uZrOabzeM5kXlJHZkkmA2tjy-IWpcnQ
x-cache: HIT, HIT
fastly-io-info: ifsz=11037 idim=210x140 ifmt=jpeg ofsz=7875 odim=210x140 ofmt=jpeg
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
fastly-stats: io=1
content-length: 7875
fastly-io-warning: Failed to shrink image
x-served-by: cache-iad-kcgs7200116-IAD, cache-bfi-kbfi7400042-BFI
server: UploadServer
x-timer: S1702390977.747279,VS0,VE1
etag: "wBS7CuJTiELrAXsNqVmAZB0enTC8ePHIVRkNUxK7P8o"
vary: Accept
x-goog-generation: 1702104384278193
content-type: image/jpeg
access-control-allow-origin: *
x-goog-hash: crc32c=VfsHSw==, md5=AofUxd/QgLJcZM+6ZhnVhA==
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-goog-stored-content-length: 11037
x-amz-checksum-crc32c: VfsHSw==
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 2, 0

GET
H2 200 poor-things-anatomy1-jqbk-mediumThreeByTwo210.jpg
static01.nyt.com/images/2023/12/07/multimedia/poor-things-anatomy1-jqbk/ 8 KB
9 KB 141ms
141ms Image
image/jpeg 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static01.nyt.com/images/2023/12/07/multimedia/poor-things-anatomy1-jqbk/poor-things-anatomy1-jqbk-mediumThreeByTwo210.jpg?quality=100&auto=webp

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/section/movies

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

5632afc3acab8b36b1724af185ceb5dd236c4586598f05fd93b9b4d4e2fe41f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

expires: Fri, 08 Dec 2023 16:36:23 GMT
date: Tue, 12 Dec 2023 14:22:56 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
fastly-io-served-by: vpop-kiad7010210
age: 337593
x-guploader-uploadid: ABPtcPprp_Ud7YRn_nwFqxtnYWjlR1iAWLbwe8zWM56ivd4yvAvmoWsiYyZ1nWCtHJeLaB0s5dwUlktjpA
x-cache: HIT, HIT
fastly-io-info: ifsz=11652 idim=210x140 ifmt=jpeg ofsz=8490 odim=210x140 ofmt=jpeg
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
fastly-stats: io=1
content-length: 8490
fastly-io-warning: Failed to shrink image
x-served-by: cache-iad-kjyo7100172-IAD, cache-bfi-kbfi7400042-BFI
server: UploadServer
x-timer: S1702390977.751646,VS0,VE0
etag: "fjIrStyf3/k15W729DWpsWpoQIhdQxnrYT4B2EfRoJM"
vary: Accept
x-goog-generation: 1701985898272582
content-type: image/jpeg
access-control-allow-origin: *
x-goog-hash: crc32c=sMKFoA==, md5=EoSBLQAxefKPlyn5QUCvJQ==
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-goog-stored-content-length: 11652
x-amz-checksum-crc32c: sMKFoA==
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 33, 2

GET
H2 200 wintertide1-mediumThreeByTwo210.jpg
static01.nyt.com/images/2023/12/07/arts/wintertide1/ 7 KB
8 KB 140ms
139ms Image
image/webp 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static01.nyt.com/images/2023/12/07/arts/wintertide1/wintertide1-mediumThreeByTwo210.jpg?quality=100&auto=webp

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/section/movies

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

112f3b860b3119ca5423d480476d5b60cef7ae7468623201dde0376bb6131e0f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

expires: Fri, 08 Dec 2023 16:00:51 GMT
date: Tue, 12 Dec 2023 14:22:56 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
fastly-io-served-by: vpop-kiad7010231
age: 339725
x-guploader-uploadid: ABPtcPpaIBI25tWLX-cpeSfuWqU7YjxjxpCurgNwdxEEUxUYkdNkIuoEKwloH6nItorGJgrowcaI9yB1oQ
x-cache: HIT, HIT
fastly-io-info: ifsz=8473 idim=210x140 ifmt=jpeg ofsz=7532 odim=210x140 ofmt=webp
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
fastly-stats: io=1
content-length: 7532
x-served-by: cache-iad-kcgs7200071-IAD, cache-bfi-kbfi7400042-BFI
server: UploadServer
x-timer: S1702390977.817000,VS0,VE0
etag: "qU30me+wiEH6ccEBLi/oUmDy/Dqq2HEwYc8a6R6z4Vo"
vary: Accept
x-goog-generation: 1702051206305455
content-type: image/webp
access-control-allow-origin: *
x-goog-hash: crc32c=noGgXw==, md5=SOa7wCwzWVGe8O9viULDxQ==
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-goog-stored-content-length: 8473
x-amz-checksum-crc32c: noGgXw==
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 23, 2

GET
H2 200 08streaming-kids-fhpl-mediumThreeByTwo210.jpg
static01.nyt.com/images/2023/12/08/multimedia/08streaming-kids-fhpl/ 13 KB
13 KB 142ms
141ms Image
image/webp 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static01.nyt.com/images/2023/12/08/multimedia/08streaming-kids-fhpl/08streaming-kids-fhpl-mediumThreeByTwo210.jpg?quality=100&auto=webp

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/section/movies

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

307ec4276d520aa1731262647da82d9c2464f3fe4dd67ecba8912d015abe3d84

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

expires: Fri, 08 Dec 2023 12:04:45 GMT
date: Tue, 12 Dec 2023 14:22:56 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
fastly-io-served-by: vpop-kiad7010247
age: 353890
x-guploader-uploadid: ABPtcPpOFCY7sgtZh0Yci3IhSpTxru90PXdojn-Ux29kNPZ0ExAtnxDh3R5p7yho9WUxt6igR8M
x-cache: HIT, HIT
fastly-io-info: ifsz=13438 idim=210x140 ifmt=jpeg ofsz=12818 odim=210x140 ofmt=webp
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
fastly-stats: io=1
content-length: 12818
x-served-by: cache-iad-kjyo7100103-IAD, cache-bfi-kbfi7400042-BFI
server: UploadServer
x-timer: S1702390977.893958,VS0,VE0
etag: "8TXpPo8migR6Ssmh3wxRQBYrARURfzisVNDCjt1lsOc"
vary: Accept
x-goog-generation: 1702036805386186
content-type: image/webp
access-control-allow-origin: *
x-goog-hash: crc32c=tkIIUA==, md5=etJ+CDKTmP8fp6leKxFgig==
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-goog-stored-content-length: 13438
x-amz-checksum-crc32c: tkIIUA==
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 15, 2

GET
H2 200 08italy-movie-01-qcvg-mediumThreeByTwo210.jpg
static01.nyt.com/images/2023/12/08/multimedia/08italy-movie-01-qcvg/ 14 KB
14 KB 143ms
143ms Image
image/jpeg 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static01.nyt.com/images/2023/12/08/multimedia/08italy-movie-01-qcvg/08italy-movie-01-qcvg-mediumThreeByTwo210.jpg?quality=100&auto=webp

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/section/movies

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

375158c1bf9b1fdfd7fb158bc931aab8a3cc3d0407065e804fcc80a04b6bdea2

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

expires: Fri, 08 Dec 2023 10:06:23 GMT
date: Tue, 12 Dec 2023 14:22:56 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
fastly-io-served-by: vpop-kiad7010210
age: 360993
x-guploader-uploadid: ABPtcPr_X5Ww3q1TPeUSL8h-o9TIW3SXUKMJCPFq5K2Sa1Ujwvsvur24iKIi8TQv07AGyIkxaTnRR-Vmrg
x-cache: HIT, HIT
fastly-io-info: ifsz=17085 idim=210x140 ifmt=jpeg ofsz=13923 odim=210x140 ofmt=jpeg
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
fastly-stats: io=1
content-length: 13923
fastly-io-warning: Failed to shrink image
x-served-by: cache-iad-kiad7000149-IAD, cache-bfi-kbfi7400042-BFI
server: UploadServer
x-timer: S1702390977.894130,VS0,VE1
etag: "dSqhQ2qvjabtbtZfbC8ZpwZyT5GTyItKCU9TZ2lFxFw"
vary: Accept
x-goog-generation: 1702029826961572
content-type: image/jpeg
access-control-allow-origin: *
x-goog-hash: crc32c=2W9ZJg==, md5=M51lEjeuT/jknaxfDxQ91w==
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-goog-stored-content-length: 17085
x-amz-checksum-crc32c: 2W9ZJg==
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 31, 0

GET
H2 200 THE-CURSE-02-pljk-mediumThreeByTwo210.jpg
static01.nyt.com/images/2023/12/01/multimedia/THE-CURSE-02-pljk/ 9 KB
9 KB 142ms
141ms Image
image/jpeg 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static01.nyt.com/images/2023/12/01/multimedia/THE-CURSE-02-pljk/THE-CURSE-02-pljk-mediumThreeByTwo210.jpg?quality=100&auto=webp

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/section/movies

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

d6999b8277188f61786d4faf83e18d783360ccfaeb0483e748e7ddb306f8c819

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

expires: Fri, 08 Dec 2023 10:08:15 GMT
date: Tue, 12 Dec 2023 14:22:56 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
fastly-io-served-by: vpop-kiad7010231
age: 360881
x-guploader-uploadid: ABPtcPqH8R5bPus2cB3KhLCUPfiSHvGI3QHKp4j9UQn0CA52eucukZi_UMmavLY8uqaIV4HEThM
x-cache: HIT, HIT
fastly-io-info: ifsz=12131 idim=210x140 ifmt=jpeg ofsz=8969 odim=210x140 ofmt=jpeg
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
fastly-stats: io=1
content-length: 8969
fastly-io-warning: Failed to shrink image
x-served-by: cache-iad-kiad7000057-IAD, cache-bfi-kbfi7400042-BFI
server: UploadServer
x-timer: S1702390977.894101,VS0,VE0
etag: "+YFSYnzqH63DdJm839O13xaM/abMk0CFb9hWoRs4144"
vary: Accept
x-goog-generation: 1702029763829943
content-type: image/jpeg
access-control-allow-origin: *
x-goog-hash: crc32c=mzLR8w==, md5=G/KBzuT9NsQoK8JYsUo0/g==
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-goog-stored-content-length: 12131
x-amz-checksum-crc32c: mzLR8w==
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 30, 2

GET
H2 200 vendor-7799bfe3d9a78d57c093.js Show response
www.nytimes.com/vi-assets/static-assets/ 173 KB
50 KB 164ms
162ms Script
application/javascript 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nytimes.com/vi-assets/static-assets/vendor-7799bfe3d9a78d57c093.js

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/section/movies

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

3459a86a1a5a0ebefc38ba347c8eee86838664553d2732a9f0d75d9b474bab72

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.nytimes.com/section/movies
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src data: https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-encoding: gzip
age: 1267727
x-guploader-uploadid: ABPtcPrJvvr65vmM7N99VGE-_vf8jIItSQHeaJV0sXfFl_aaPQwZHmlx1gKM3WuWR5Gry1cpcWy4UOS3hg
x-goog-stored-content-encoding: identity
x-origin-time: 2023-11-27 22:14:08 UTC
x-served-by: cache-bfi-kbfi7400042-BFI
x-timer: S1702390976.385245,VS0,VE1
etag: "b5e3f2c1b76554752bb8d61689b81dc5"
vary: Accept-Encoding, Fastly-SSL
x-goog-generation: 1701122630852416
content-type: application/javascript
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/vendor-7799bfe3d9a78d57c093.js
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 16550
expires: Tue, 26 Nov 2024 22:14:08 GMT
date: Tue, 12 Dec 2023 14:22:56 GMT
strict-transport-security: max-age=63072000; preload; includeSubdomains
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
content-length: 50434
last-modified: Mon, 27 Nov 2023 22:03:51 GMT
server: UploadServer
x-goog-hash: crc32c=DUs3dw==, md5=tePywbdlVHUruNYWibgdxQ==
x-gdpr: 0
x-goog-stored-content-length: 176881
accept-ranges: bytes

GET
H2 200 collections-2ef4bb95a59da5c49429.js Show response
www.nytimes.com/vi-assets/static-assets/ 2 MB
420 KB 305ms
303ms Script
application/javascript 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nytimes.com/vi-assets/static-assets/collections-2ef4bb95a59da5c49429.js

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/section/movies

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

f873b046caf3f9312f75aa80873bbe267547a1814ae39e47181463416253a90c

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.nytimes.com/section/movies
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src data: https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-encoding: gzip
age: 62604
x-guploader-uploadid: ABPtcPpzzpE4L4g0CVePYpF7P8PwLDbaIZyF0WN5eHOOD_vjCKmuhguzWrJpOhWe5JfqYjggGSuK6NqQRg
x-goog-stored-content-encoding: identity
x-origin-time: 2023-12-11 20:59:32 UTC
x-served-by: cache-bfi-kbfi7400042-BFI
x-timer: S1702390976.385336,VS0,VE3
etag: "abbd282e1ab2f5e7cfc36b7b3a28ac70"
vary: Accept-Encoding, Fastly-SSL
x-goog-generation: 1702328088242412
content-type: application/javascript
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/collections-2ef4bb95a59da5c49429.js
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 1
expires: Tue, 10 Dec 2024 20:59:32 GMT
date: Tue, 12 Dec 2023 14:22:56 GMT
strict-transport-security: max-age=63072000; preload; includeSubdomains
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
content-length: 428220
last-modified: Mon, 11 Dec 2023 20:54:48 GMT
server: UploadServer
x-goog-hash: crc32c=U7fJiw==, md5=q70oLhqy9efPw2t7OiiscA==
x-gdpr: 0
x-goog-stored-content-length: 1626293
accept-ranges: bytes

GET
H2 200 main-35ef6f999b3a8eba9474.js Show response
www.nytimes.com/vi-assets/static-assets/ 2 MB
506 KB 180ms
178ms Script
application/javascript 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nytimes.com/vi-assets/static-assets/main-35ef6f999b3a8eba9474.js

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/section/movies

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

2e8d3d94804cb18f10af813e0ffec73594193d4ab6df11ff947c13e4f617a218

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.nytimes.com/section/movies
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src data: https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-encoding: gzip
age: 65291
x-guploader-uploadid: ABPtcPoxpVqZ7TTKzmwQCfdt79LkQKkIEW768Tixc1AidQ8z1AkDSnRyzx60eZtgXRVTigSlXp7XBHGNnA
x-goog-stored-content-encoding: identity
x-origin-time: 2023-12-11 20:14:45 UTC
x-served-by: cache-bfi-kbfi7400042-BFI
x-timer: S1702390976.385575,VS0,VE1
etag: "4da04b3f0b3f5f99f737783e1741ab06"
vary: Accept-Encoding, Fastly-SSL
x-goog-generation: 1702325176318609
content-type: application/javascript
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/main-35ef6f999b3a8eba9474.js
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 23
expires: Tue, 10 Dec 2024 20:14:45 GMT
date: Tue, 12 Dec 2023 14:22:56 GMT
strict-transport-security: max-age=63072000; preload; includeSubdomains
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
content-length: 516976
last-modified: Mon, 11 Dec 2023 20:06:16 GMT
server: UploadServer
x-goog-hash: crc32c=HgM5kw==, md5=TaBLPws/X5n3N3g+F0GrBg==
x-gdpr: 0
x-goog-stored-content-length: 1815058
accept-ranges: bytes

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 444 KB
121 KB 515ms
112ms Script
application/javascript 142.250.66.232
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-P528B3&gtm_auth=tfAzqo1rYDLgYhmTnSjPqw&gtm_preview=env-130&gtm_cookies_win=x

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/section/movies

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.66.232 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s15-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

0e6980668245ddf949ca2231afae205e62a0660d0ef73a97242941c74ee9c757

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 14:22:56 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 123541
x-xss-protection: 0
pragma: no-cache
server: Google Tag Manager
vary: *
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 01 Jan 1990 00:00:00 GMT

OPTIONS
H2 200 v2
samizdat-graphql.nytimes.com/graphql/ Frame 0
0 48ms
14ms Preflight 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://samizdat-graphql.nytimes.com/graphql/v2

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,nyt-app-type,nyt-app-version,nyt-token
Access-Control-Request-Method: POST
Origin: https://www.nytimes.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-credentials: true
access-control-allow-headers: content-type,nyt-app-type,nyt-app-version,nyt-token
access-control-allow-methods: GET,POST
access-control-allow-origin: https://www.nytimes.com
access-control-expose-headers: x-nyt-audience-target-flat,x-nyt-continent,x-nyt-country,x-nyt-region,x-nyt-meridiem,x-nyt-gmt-offset
access-control-max-age: 300
age: 855
content-length: 0
date: Tue, 12 Dec 2023 14:22:56 GMT
server: envoy
strict-transport-security: max-age=63072000; preload; includeSubdomains
timing-allow-origin: *
vary: Origin, Access-Control-Request-Headers, Accept-Encoding, Access-Control-Request-Method
via: 1.1 google, 1.1 varnish
x-cache: HIT
x-cache-hits: 164
x-envoy-decorator-operation: graphql-v1.samizdat.nyti.nyt.net:443/*
x-envoy-upstream-service-time: 54
x-nyt-audience-target-flat: NA:AM
x-nyt-continent: NA
x-nyt-country: US
x-nyt-edge-cache: HIT
x-nyt-meridiem: AM
x-nyt-region: DE
x-samizdat-query-exe-id: 887be06d575d853c
x-samizdat-query-field-errors: 0
x-served-by: cache-bne12529-BNE
x-timer: S1702390976.345196,VS0,VE0

POST
H2 200 track
a.et.nytimes.com/ 0
0 544ms
238ms Ping
text/plain 50.112.118.45
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://a.et.nytimes.com/track
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/section/movies
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 50.112.118.45 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-50-112-118-45.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.nytimes.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

POST
H2 200 v2 Show response
samizdat-graphql.nytimes.com/graphql/ 149 B
1 KB 445ms
445ms XHR
application/json 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://samizdat-graphql.nytimes.com/graphql/v2

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/us1/v4/datadog-rum.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

envoy /

Resource Hash

7837207f1197c426c0551dcbead6be815beff78431f5c45e84014a94cfde09d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Referer: https://www.nytimes.com/
nyt-app-version: 0.0.5
nyt-token: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs+/oUCTBmD/cLdmcecrnBMHiU/pxQCn2DDyaPKUOXxi4p0uUSZQzsuq1pJ1m5z1i0YGPd1U1OeGHAChWtqoxC7bFMCXcwnE1oyui9G1uobgpm1GdhtwkR7ta7akVTcsF8zxiXx7DNXIPd2nIJFH83rmkZueKrC4JVaNzjvD+Z03piLn5bHWU6+w+rA+kyJtGgZNTXKyPh6EC6o5N+rknNMG5+CdTq35p8f99WjFawSvYgP9V64kgckbTbtdJ6YhVP58TnuYgr12urtwnIqWP9KSJ1e5vmgf3tunMqWNm6+AnsqNj8mCLdCuc5cEB74CwUeQcP2HQQmbCddBy2y0mEwIDAQAB
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
nyt-app-type: project-vi
Content-Type: application/json

Response headers

content-encoding: gzip
x-nyt-meridiem: AM
x-b3-traceid: 0
age: 0
x-samizdat-query-field-errors: 0
x-samizdat-query-cache: H
x-samizdat-query-exe-id: 53f15b424d520bf2
samizdat-x-canary: false
x-served-by: cache-bfi-kbfi7400042-BFI
x-graphiti-gateway: 411667ba
x-nyt-country: US
x-timer: S1702390977.523304,VS0,VE140
x-nyt-continent: NA
vary: Accept-Encoding, Samizdat-X-Personalize, x-nyt-is-anonymous, Origin, Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.nytimes.com
x-nyt-region: DE
access-control-expose-headers: x-nyt-audience-target-flat, x-nyt-continent, x-nyt-country, x-nyt-region, x-nyt-meridiem, x-nyt-gmt-offset
cache-control: max-age=30
x-nyt-audience-target-flat: NA:AM
x-nyt-edge-cache: MISS
x-samizdat-query-op-id: project-vi.v2.UserQuery
x-cache-hits: 0
x-samizdat-query-sup-code
date: Tue, 12 Dec 2023 14:22:56 GMT
x-envoy-decorator-operation: graphql-v1.samizdat.nyti.nyt.net:443/*
via: 1.1 google, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
x-cache: MISS
samizdat-x-instance: 554f27c0
x-envoy-upstream-service-time: 131
x-samizdat-query-personalized
content-length: 125
last-modified: Tue, 12 Dec 2023 14:22:56 GMT
server: envoy
samizdat-x-kubernetes-namespace: v1
x-fetch-attempts: 1, 1
x-samizdat-query-surrogates-size: 0
access-control-allow-credentials: true
x-datadog-trace-id: 0
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 als Show response
als-svc.nytimes.com/ 548 B
828 B 529ms
216ms XHR
application/json 50.112.118.45
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://als-svc.nytimes.com/als?uri=nyt://legacycollection/0ab96d56-f798-503d-9e3d-25e6fbd68a37&typ=&prop=nyt&plat=web

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/us1/v4/datadog-rum.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

50.112.118.45 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-50-112-118-45.us-west-2.compute.amazonaws.com

Software

envoy /

Resource Hash

0f6c5dce22f32948222277096740ba2e7cb56b77a7feb3a9d37350672c588ac6

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 14:22:56 GMT
via: 1.1 google
content-encoding: gzip
strict-transport-security: max-age=63072000; preload; includeSubdomains
x-envoy-decorator-operation: als-svc.nytimes.com:443/*
server: envoy
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.nytimes.com
cache-control: private, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
x-envoy-upstream-service-time: 64
access-control-allow-headers: DNT, X-CustomHeader, Keep-Alive, User-Agent, X-Requested-With, If-Modified-Since, Cache-Control, Content-Type, Cookie, Accept, x-requested-by, x-api-key, nyt-a

GET
H2 200 grumi-ip.js Show response
rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/ 15 KB
6 KB 325ms
3ms Script
application/javascript 18.67.93.81
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi-ip.js
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/section/movies
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.67.93.81 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-67-93-81.syd62.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 9d05ae9b253cab83099387db0d3a4ec1c2be203c3738e2dcb74927c1fd6bc626

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 14:21:56 GMT
x-amz-version-id: hqOVgn0HjZQPcs0LFfvBLxiyjrh2UzkI
content-encoding: br
last-modified: Sun, 10 Dec 2023 11:33:19 GMT
server: AmazonS3
via: 1.1 909f00169c0be43b0eae99ab8e7a6126.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD62-P1
etag: W/"8a0c1c442967d757a46b3bb7a75ef66d"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding, Origin
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public, max-age=14400, stale-while-revalidate=14400, immutable
age: 61
x-amz-cf-id: OSwtu84gx-X5a6jn24CMF0GjKWe_zOfnonXdw3YJ_FyLgO7xEJ8faQ==

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 270 KB
66 KB 13ms
3ms Script
application/javascript 13.35.151.131
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/section/movies
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.151.131 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-151-131.syd1.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: dd0464c1b94d39e8958ba7a4c594cec1c1625ec4c5c154aa9ffc51de38e04da6

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 13:30:17 GMT
content-encoding: gzip
via: 1.1 f865f1be74e5f717fcfbc68b80767134.cloudfront.net (CloudFront), 1.1 55995d846c30878fb2be24f27b355ccc.cloudfront.net (CloudFront)
last-modified: Tue, 05 Dec 2023 22:47:11 GMT
server: AmazonS3
x-amz-cf-pop: SYD1-C1, SYD1-C1
age: 3160
x-amz-server-side-encryption: AES256
etag: W/"ccfaf15c322e197d2e6d0d6bd5642adc"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=3600
x-amz-cf-id: 2PWHS5PKsP2Pb7KO66kzI2qGjwNcjxAyZI6H94j3KFzmO04TY_8_wA==

GET
H2 200 prebid8.25.0.js Show response
www.nytimes.com/ads/ 315 KB
317 KB 344ms
343ms Script
text/javascript 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nytimes.com/ads/prebid8.25.0.js

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/section/movies

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

c11d50a1918e615029f239580a1d4a1aa32328fdd6149225cc74e411c84db96e

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.nytimes.com/section/movies
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src data: https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
x-guploader-uploadid: ABPtcPp6Q7EVEuVVQ7dylcqVjUwOwzJgs1-Qebsm1NPVScEpvX2XEHAnwIwt-Rqgc3e4soIx_Q
x-goog-stored-content-encoding: identity
x-origin-time: 2023-12-12 14:22:56 UTC
x-served-by: cache-bfi-kbfi7400042-BFI
x-timer: S1702390976.385573,VS0,VE63
etag: "78c86859abaee40f233a9a8c96540124"
vary: Accept-Encoding, Fastly-SSL
x-goog-generation: 1701363099682984
content-type: text/javascript
access-control-allow-origin: *
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/ads/prebid8.25.0.js
x-nyt-route: ads-static-assets
cache-control: private, max-age=0
x-nyt-app-webview: 0
x-nyt-edge-cache: MISS
x-amz-checksum-crc32c: b1VVOA==
x-cache-hits: 0
expires: Tue, 12 Dec 2023 14:22:56 GMT
date: Tue, 12 Dec 2023 14:22:56 GMT
strict-transport-security: max-age=63072000; preload; includeSubdomains
x-api-version: F-X
x-cache: MISS
x-goog-storage-class: REGIONAL
x-goog-metageneration: 1
content-length: 322837
last-modified: Thu, 30 Nov 2023 16:51:39 GMT
server: UploadServer
x-goog-hash: crc32c=b1VVOA==, md5=eMhoWauu5A8jOpqMllQBJA==
x-gdpr: 0
x-goog-stored-content-length: 322837
accept-ranges: bytes

GET
H2 200 10HOLOCAUST-MOVIES-01-mhvb-thumbLarge.jpg
static01.nyt.com/images/2023/12/10/multimedia/10HOLOCAUST-MOVIES-01-mhvb/ 3 KB
4 KB 265ms
265ms Image
image/webp 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static01.nyt.com/images/2023/12/10/multimedia/10HOLOCAUST-MOVIES-01-mhvb/10HOLOCAUST-MOVIES-01-mhvb-thumbLarge.jpg?auto=webp

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/section/movies

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

84927937ae71e45d5246323b4b067c77915e8cd2bdb6bd549cfeecb31b693329

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

expires: Sun, 10 Dec 2023 10:49:46 GMT
date: Tue, 12 Dec 2023 14:22:56 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
fastly-io-served-by: vpop-kiad7010226
age: 185590
x-guploader-uploadid: ABPtcPo-6XTxyb_pMs4tfxi0bSgHyLOs6S254HH3-asxUAhNMZLagrRwMFPqYwZ9i1L7u_b7EHg
x-cache: HIT, HIT
fastly-io-info: ifsz=8626 idim=150x150 ifmt=jpeg ofsz=2976 odim=150x150 ofmt=webp
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
fastly-stats: io=1
content-length: 2976
x-served-by: cache-iad-kjyo7100033-IAD, cache-bfi-kbfi7400042-BFI
server: UploadServer
x-timer: S1702390977.523635,VS0,VE1
etag: "PRD374DyZ/1yMPtRPrCuZQn952rB2BESlqyRw08jZYc"
vary: Accept
x-goog-generation: 1702202460818484
content-type: image/webp
access-control-allow-origin: *
x-goog-hash: crc32c=tgu8rQ==, md5=FAXAtnJXtCcU+bwMfOTufg==
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-goog-stored-content-length: 8626
x-amz-checksum-crc32c: tgu8rQ==
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 13, 0

GET
H2 200 miyazaki-flying-promo-thumbLarge.jpg
static01.nyt.com/images/2023/12/06/arts/miyazaki-flying-promo/ 6 KB
6 KB 265ms
265ms Image
image/webp 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static01.nyt.com/images/2023/12/06/arts/miyazaki-flying-promo/miyazaki-flying-promo-thumbLarge.jpg?auto=webp

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/section/movies

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

4393afca1705a2ce3ed685ec428533f39710cf04adb2ffaa94282b4ff9e8d248

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

expires: Fri, 08 Dec 2023 10:48:16 GMT
date: Tue, 12 Dec 2023 14:22:56 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
fastly-io-served-by: vpop-kiad7010213
age: 358480
x-guploader-uploadid: ABPtcPruY5kPsU8iHqzrOhnqjq4d8BgR7oshWw5H_ST_brMbzTXlaSF1CCZ9oHcjbVMB0jfFZDIg8OqHhw
x-cache: HIT, HIT
fastly-io-info: ifsz=12208 idim=150x150 ifmt=jpeg ofsz=6204 odim=150x150 ofmt=webp
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
fastly-stats: io=1
content-length: 6204
x-served-by: cache-iad-kjyo7100113-IAD, cache-bfi-kbfi7400042-BFI
server: UploadServer
x-timer: S1702390977.523650,VS0,VE3
etag: "1UWDF2ULow/lcBtYmLvw/WTT4syB7DmzTdN6eNXclTI"
vary: Accept
x-goog-generation: 1701895680247997
content-type: image/webp
access-control-allow-origin: *
x-goog-hash: crc32c=Pxglfg==, md5=b+463O/JJYIIiGdUS0CmJQ==
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-goog-stored-content-length: 12208
x-amz-checksum-crc32c: Pxglfg==
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 6, 0

GET
H2 200 icon-twitter-20x20-fullcolor-2b3b15cf7ffad73aea500d7ccdc0d807.svg
www.nytimes.com/vi-assets/static-assets/ 927 B
2 KB 297ms
294ms Image
image/svg+xml 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.nytimes.com/vi-assets/static-assets/icon-twitter-20x20-fullcolor-2b3b15cf7ffad73aea500d7ccdc0d807.svg

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/section/movies

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

770bee6f13fa88ea66aa20f957872838258a975bc7296652eefef496fa9d6492

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.nytimes.com/section/movies
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src data: https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-encoding: gzip
age: 2959057
x-guploader-uploadid: ADPycdsjWvbJXWmdDrI2-cDXum_dUviAxEJ0eziWfvrzx7CAqeQr3Y3tf14xVxQtA7Es2LKmFDs5ora7CqzsYV-RxhCBsA
x-goog-stored-content-encoding: identity
x-origin-time: 2023-02-22 11:25:15 UTC
x-served-by: cache-bfi-kbfi7400042-BFI
x-timer: S1702390977.523921,VS0,VE1
etag: "50610484bc91e46269d75fced922b77a"
vary: Accept-Encoding, Fastly-SSL
x-goog-generation: 1677019731653585
content-type: image/svg+xml
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/icon-twitter-20x20-fullcolor-2b3b15cf7ffad73aea500d7ccdc0d807.svg
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 4566
expires: Thu, 22 Feb 2024 11:25:15 GMT
date: Tue, 12 Dec 2023 14:22:56 GMT
strict-transport-security: max-age=63072000; preload; includeSubdomains
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
content-length: 551
last-modified: Tue, 21 Feb 2023 22:48:51 GMT
server: UploadServer
x-goog-hash: crc32c=AvgBnA==, md5=UGEEhLyR5GJp11/O2SK3eg==
x-gdpr: 0
x-goog-stored-content-length: 927
accept-ranges: bytes

GET
H2 200 franklin-normal-700.91eaf6b5642463af4091160b4bbfdfcb.woff2
g1.nyt.com/fonts/family/franklin/ 20 KB
20 KB 37ms
34ms Font
application/octet-stream 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://g1.nyt.com/fonts/family/franklin/franklin-normal-700.91eaf6b5642463af4091160b4bbfdfcb.woff2

Requested by

Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

b5221e0636a97505ae38720d4ef182d35be5fb47d2628428db4fc918ab7ee30e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Referer: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css
Origin: https://www.nytimes.com
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

expires: Thu, 20 Apr 2023 17:50:34 GMT
date: Tue, 12 Dec 2023 14:22:56 GMT
via: 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 20377922
x-guploader-uploadid: ADPycdut3exAeyJLMLnswh26VG_z-3M2nKY2tEoMO3m5ajEsHicy7BgEytOCEe9i2EV840chuMS_dfmjE9FqWPHkU2Thkg
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 20276
x-served-by: cache-bne12529-BNE
last-modified: Wed, 20 Apr 2022 13:09:40 GMT
server: UploadServer
x-timer: S1702390976.374742,VS0,VE0
etag: "91eaf6b5642463af4091160b4bbfdfcb"
x-goog-generation: 1650460180610251
x-goog-hash: crc32c=teZvhg==, md5=ker2tWQkY69AkRYLS7/fyw==
content-type: application/octet-stream
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
access-control-allow-methods: GET, OPTIONS
x-goog-stored-content-length: 20276
accept-ranges: bytes
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 14075

GET
H2 200 franklin-normal-500.0f4aea3d462cdb64748629efcbbf36bc.woff2
g1.nyt.com/fonts/family/franklin/ 19 KB
20 KB 18ms
15ms Font
application/octet-stream 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://g1.nyt.com/fonts/family/franklin/franklin-normal-500.0f4aea3d462cdb64748629efcbbf36bc.woff2

Requested by

Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

0b904723c5938b523c9ae329ba2b763681cb1de225c8f202d11012cbfd533f1f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Referer: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css
Origin: https://www.nytimes.com
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

expires: Thu, 20 Apr 2023 17:52:03 GMT
date: Tue, 12 Dec 2023 14:22:56 GMT
via: 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 20377845
x-guploader-uploadid: ADPycdsXwgys8aj3ZPmvtiOu0IVs0bwyR9UOKUCwDGJ8cCoGlhRrbTjJjb1VhDZfiwaE6JvaXa9frs9HrbF4CkPhRrU3eA
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 19816
x-served-by: cache-bne12529-BNE
last-modified: Wed, 20 Apr 2022 13:09:40 GMT
server: UploadServer
x-timer: S1702390976.373417,VS0,VE0
etag: "0f4aea3d462cdb64748629efcbbf36bc"
x-goog-generation: 1650460180561781
content-type: application/octet-stream
access-control-allow-origin: *
x-goog-hash: crc32c=bdL0Mw==, md5=D0rqPUYs22R0hinvy782vA==
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
access-control-allow-methods: GET, OPTIONS
x-goog-stored-content-length: 19816
accept-ranges: bytes
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 14471

GET
H2 200 karnak-normal-400.b2143e2f1890f4d516078da14aebab03.woff2
g1.nyt.com/fonts/family/karnak/ 26 KB
27 KB 20ms
17ms Font
application/octet-stream 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://g1.nyt.com/fonts/family/karnak/karnak-normal-400.b2143e2f1890f4d516078da14aebab03.woff2

Requested by

Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

cf270229e004cc9e09e49f17fd5f5de7b0785b9352875f7f9ce4338837b491dc

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Referer: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css
Origin: https://www.nytimes.com
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

expires: Tue, 24 Sep 2024 18:44:42 GMT
date: Tue, 12 Dec 2023 14:22:56 GMT
via: 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 6723493
x-guploader-uploadid: ADPycdsnLOusDVNjLomR7SF3pqAglHqhy54H1NW4qrJdW8R19yv0ljPckPjhlA1Ffz9AsD3nZSg1of-mgezKbOBjHrKfQg
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 27004
x-served-by: cache-bne12529-BNE
last-modified: Tue, 17 Jan 2023 21:42:57 GMT
server: UploadServer
x-timer: S1702390976.374145,VS0,VE0
etag: "b2143e2f1890f4d516078da14aebab03"
x-goog-generation: 1673991777104472
content-type: application/octet-stream
access-control-allow-origin: *
x-goog-hash: crc32c=3pdvdA==, md5=shQ+LxiQ9NUWB42hSuurAw==
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
access-control-allow-methods: GET, OPTIONS
x-goog-stored-content-length: 27004
accept-ranges: bytes
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 43

GET
H2 200 karnak-normal-900.7552fe3fdd9952aeda91e6c5a2adc59f.woff2
g1.nyt.com/fonts/family/karnak/ 21 KB
21 KB 20ms
18ms Font
application/octet-stream 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://g1.nyt.com/fonts/family/karnak/karnak-normal-900.7552fe3fdd9952aeda91e6c5a2adc59f.woff2

Requested by

Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

1fe37d55e6324e8660e627fdf1cd545c9a84f80963bc07f3a564434043650a09

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Referer: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css
Origin: https://www.nytimes.com
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

expires: Tue, 02 Jul 2024 15:21:58 GMT
date: Tue, 12 Dec 2023 14:22:56 GMT
via: 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 13993258
x-guploader-uploadid: ADPycduE5tK1NJEhNjkxSbe9NBpQPMqTGmNiGR_0oNAbnwmDkMMIRPaLVp8-vUXGbunJq7Ck-kVGSJj6WqLunf55YfrgMDPw0pJ3
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 21288
x-served-by: cache-bne12529-BNE
last-modified: Tue, 17 Jan 2023 21:42:57 GMT
server: UploadServer
x-timer: S1702390976.374121,VS0,VE0
etag: "7552fe3fdd9952aeda91e6c5a2adc59f"
x-goog-generation: 1673991777178724
content-type: application/octet-stream
access-control-allow-origin: *
x-goog-hash: crc32c=5QA+9Q==, md5=dVL+P92ZUq7akebFoq3Fnw==
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
access-control-allow-methods: GET, OPTIONS
x-goog-stored-content-length: 21288
accept-ranges: bytes
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 2336

GET
H2 200 cheltenham-normal-200.40ccfe2cc61a71e6617e56162d49b896.woff2
g1.nyt.com/fonts/family/cheltenham/ 26 KB
26 KB 45ms
43ms Font
application/octet-stream 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://g1.nyt.com/fonts/family/cheltenham/cheltenham-normal-200.40ccfe2cc61a71e6617e56162d49b896.woff2

Requested by

Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

4f837869b80c34ed1a128362a6ed24ff5ebdae743dc55eb3c183ae9c8b5f4ca3

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Referer: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css
Origin: https://www.nytimes.com
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

expires: Fri, 07 Jul 2023 22:24:36 GMT
date: Tue, 12 Dec 2023 14:22:56 GMT
via: 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 13622297
x-guploader-uploadid: ADPycduuUyNUicJrRywq5yUDxIOZ9SwACxqTouh-hrOJ2c-gf9x_eYwddiUkxafTQnRN1YS1WSGysEdeB4Oc_skzy9KbnVpoEOZ1
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 26448
x-served-by: cache-bne12529-BNE
last-modified: Tue, 03 May 2022 17:15:49 GMT
server: UploadServer
x-timer: S1702390976.374970,VS0,VE0
etag: "40ccfe2cc61a71e6617e56162d49b896"
x-goog-generation: 1651598149572244
content-type: application/octet-stream
access-control-allow-origin: *
x-goog-hash: crc32c=kUZRqw==, md5=QMz+LMYaceZhflYWLUm4lg==
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
access-control-allow-methods: GET, OPTIONS
x-goog-stored-content-length: 26448
accept-ranges: bytes
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 8124

GET
H2 200 imperial-normal-400.6131cd77b6e216c7693ed925f4309ffc.woff2
g1.nyt.com/fonts/family/imperial/ 26 KB
26 KB 45ms
43ms Font
application/octet-stream 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://g1.nyt.com/fonts/family/imperial/imperial-normal-400.6131cd77b6e216c7693ed925f4309ffc.woff2

Requested by

Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

b32e3879c83af441e675efa49587cb894bdd3c10420475f79879fbfb7a69766b

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Referer: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css
Origin: https://www.nytimes.com
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

expires: Fri, 07 Jul 2023 22:24:36 GMT
date: Tue, 12 Dec 2023 14:22:56 GMT
via: 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 13622297
x-guploader-uploadid: ADPycds7UDfnu3Y6rt2s1pVPBl4-HhLgXEMo-hhB9HwPixx7HCwuFjobZXOtDiqsPls06teiGwNXr16z3biyckys6Swk4EGI9sHG
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 26504
x-served-by: cache-bne12529-BNE
last-modified: Tue, 03 May 2022 17:15:51 GMT
server: UploadServer
x-timer: S1702390976.374794,VS0,VE0
etag: "6131cd77b6e216c7693ed925f4309ffc"
x-goog-generation: 1651598151578179
content-type: application/octet-stream
access-control-allow-origin: *
x-goog-hash: crc32c=ZzOuxA==, md5=YTHNd7biFsdpPtkl9DCf/A==
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
access-control-allow-methods: GET, OPTIONS
x-goog-stored-content-length: 26504
accept-ranges: bytes
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 13217

GET
H2 200 cheltenham-normal-500.a22ae3ed1e775ce90ced16f1822f4ddc.woff2
g1.nyt.com/fonts/family/cheltenham/ 28 KB
28 KB 44ms
43ms Font
font/woff2 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://g1.nyt.com/fonts/family/cheltenham/cheltenham-normal-500.a22ae3ed1e775ce90ced16f1822f4ddc.woff2

Requested by

Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

3b7df8039da00c48c5cf0ca207eb9a4a03d362e17176171c9c2ba75fcfbd6ca2

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Referer: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css
Origin: https://www.nytimes.com
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

expires: Wed, 08 Jun 2022 11:05:18 GMT
date: Tue, 12 Dec 2023 14:22:56 GMT
via: 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 16168654
x-guploader-uploadid: ABg5-UyHcmDrKWEoVxL0hlmiGsJUxU9H9KBEB21rkBQAlEcC8Ktx5v8MdikomLcU4orXoNyN0IcR4mOlBm_GUy_JlAk
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 28604
x-served-by: cache-bne12529-BNE
last-modified: Tue, 06 Apr 2021 21:11:52 GMT
server: UploadServer
x-timer: S1702390976.374789,VS0,VE0
etag: "a22ae3ed1e775ce90ced16f1822f4ddc"
x-goog-generation: 1617743511992222
content-type: font/woff2
access-control-allow-origin: *
x-goog-hash: crc32c=zgCcGg==, md5=oirj7R53XOkM7Rbxgi9N3A==
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
access-control-allow-methods: GET, OPTIONS
x-goog-stored-content-length: 28604
accept-ranges: bytes
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 6317

GET
H2 200 cheltenham-normal-400.a3ed7afe3eaa0a873f3fbd379f8c491b.woff2
g1.nyt.com/fonts/family/cheltenham/ 28 KB
29 KB 35ms
34ms Font
font/woff2 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://g1.nyt.com/fonts/family/cheltenham/cheltenham-normal-400.a3ed7afe3eaa0a873f3fbd379f8c491b.woff2

Requested by

Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

48c17df8a89e5c3acb4127a265cce50218716f0dfdf7ad265267d4a013f01b2f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Referer: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css
Origin: https://www.nytimes.com
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

expires: Wed, 08 Jun 2022 11:21:56 GMT
date: Tue, 12 Dec 2023 14:22:56 GMT
via: 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 16167658
x-guploader-uploadid: ABg5-Uzj2l_Q2AYc7g5xp4Sq9mPJtACHNCFnIHoVsYjoNP3OH3fWlQbNBVAXLLbdKqLzFfOM2Frc5eIm2Esrj_FSefs
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 29076
x-served-by: cache-bne12529-BNE
last-modified: Tue, 06 Apr 2021 21:11:52 GMT
server: UploadServer
x-timer: S1702390976.374741,VS0,VE0
etag: "a3ed7afe3eaa0a873f3fbd379f8c491b"
x-goog-generation: 1617743511931481
content-type: font/woff2
access-control-allow-origin: *
x-goog-hash: crc32c=qrdFGQ==, md5=o+16/j6qCoc/P703n4xJGw==
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
access-control-allow-methods: GET, OPTIONS
x-goog-stored-content-length: 29076
accept-ranges: bytes
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 7580

GET
H2 200 3030 Show response
config.aps.amazon-adsystem.com/configs/ 714 B
981 B 14ms
2ms Script
application/javascript 13.35.147.106
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://config.aps.amazon-adsystem.com/configs/3030
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.147.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-147-106.syd1.r.cloudfront.net
Software: CloudFront /
Resource Hash: 3f770f537145bf6ca53f22706f1befe600243936bd5eb48eb4b18456cfca5fb3

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 13:33:59 GMT
via: 1.1 d143ff54d809978a01bd0ec973b6c3b2.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: SYD1-C1
age: 2937
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=3600
content-length: 714
x-amz-cf-id: P3CT_MMvefPx-AYZAHQOzVBSZs0HN5qGSnmqu2ZhokW_QOmiGK39LQ==

GET
H2 204 config Show response
c.amazon-adsystem.com/cdn/prod/ 0
309 B 3ms
2ms XHR
text/plain 13.35.151.131
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=3030&u=https%3A%2F%2Fwww.nytimes.com
Requested by: Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/us1/v4/datadog-rum.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.151.131 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-151-131.syd1.r.cloudfront.net
Software: Server /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 08:59:37 GMT
via: 1.1 55995d846c30878fb2be24f27b355ccc.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: SYD1-C1
age: 19399
x-cache: Hit from cloudfront
access-control-allow-origin: https://www.nytimes.com
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
x-amz-cf-id: LLj6rJ2mXJBjVb2SQHxlHgh-wRKycQpplrcYv_oa9p230n-1tIwxVg==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 8ms
2ms XHR
application/javascript 13.35.151.131
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/us1/v4/datadog-rum.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.151.131 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-151-131.syd1.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 21:16:42 GMT
x-amz-version-id: 9yABOonr2HqHtwbarUcdbIqN0f4A8Qog
content-encoding: gzip
via: 1.1 eda9fe2763cea4a982a09ceb352512a6.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD1-C1
age: 61575
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Tue, 29 Aug 2023 08:30:37 GMT
server: AmazonS3
etag: W/"a4d296427fc806b21335359e398c025c"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
vary: Accept-Encoding,Origin
x-amz-cf-id: cvQ4iJgUKPR3ml2_q81tkCShhrd7lzywskd50mAUJ_j2SLx_nj3weQ==

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 89 KB
29 KB 540ms
139ms Script
text/javascript 142.250.204.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/vi-assets/static-assets/adslot-9682e4930b73f574c86b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.204.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s25-in-f2.1e100.net

Software

cafe /

Resource Hash

641ce763bef7827c20830206189d4640b73383c7618079ec675abe18661db463

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 14:22:56 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29092
x-xss-protection: 0
server: cafe
etag: 743 / 19703 / m202312050101 / config-hash: 11999804698944333348
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 12 Dec 2023 14:22:56 GMT

GET
H2 200 grumi.js Show response
rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/ Frame 53E5 273 KB
88 KB 4ms
4ms Script
text/javascript 18.67.93.81
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi.js
Requested by: Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi-ip.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.67.93.81 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-67-93-81.syd62.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 21b9e0f4cf193d980500358ef342b8fe7a0e4b4fbcddf247f6dd1d45bbfa27b9

Request headers

accept-language: en-AU,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 14:21:57 GMT
x-amz-version-id: 6fepN.VNWz0MWP4kDwf2Irob35V_9YW7
content-encoding: br
last-modified: Tue, 12 Dec 2023 14:01:30 GMT
server: AmazonS3
via: 1.1 909f00169c0be43b0eae99ab8e7a6126.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD62-P1
etag: W/"96a87dd5f2afc11b78052816807e8711"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding, Origin
x-cache: Hit from cloudfront
content-type: text/javascript
cache-control: public,max-age=3600,stale-while-revalidate=3600,immutable,must-revalidate
age: 60
x-amz-cf-id: nvN2ZSStLme6cE6xzYwOKMEflHDCRT4bbHVwl4HYqUPfdYdSSaQcSw==

GET
H2 200 vendors~allAccessLandingPage~bestsellers~card~collections~cookingAppDownloadLandingPage~cookingLandi~3fc321fe-3c9fe90542175afafd75.js Show response
www.nytimes.com/vi-assets/static-assets/ 48 KB
11 KB 145ms
144ms Script
application/javascript 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nytimes.com/vi-assets/static-assets/vendors~allAccessLandingPage~bestsellers~card~collections~cookingAppDownloadLandingPage~cookingLandi~3fc321fe-3c9fe90542175afafd75.js

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi-ip.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

f8018ac0d5ade5c992dccb83915d04af94d42283dadbe071b57f058c27d126ee

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.nytimes.com/section/movies
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src data: https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-encoding: gzip
age: 75459
x-guploader-uploadid: ABPtcPqTE-Ofhn-zP0rlocrA5j2veibohdXvaE3j-4N7qben2LdeTtqLOvCpChFpwbIweCxSuYo
x-goog-stored-content-encoding: identity
x-origin-time: 2023-12-11 17:25:17 UTC
x-served-by: cache-bfi-kbfi7400042-BFI
x-timer: S1702390977.041620,VS0,VE1
etag: "7fc801944914d461ed548dbdb2411530"
vary: Accept-Encoding, Fastly-SSL
x-goog-generation: 1702315451217140
content-type: application/javascript
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/vendors~allAccessLandingPage~bestsellers~card~collections~cookingAppDownloadLandingPage~cookingLandi~3fc321fe-3c9fe90542175afafd75.js
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 1482
expires: Tue, 10 Dec 2024 17:25:17 GMT
date: Tue, 12 Dec 2023 14:22:57 GMT
strict-transport-security: max-age=63072000; preload; includeSubdomains
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
content-length: 9822
last-modified: Mon, 11 Dec 2023 17:24:11 GMT
server: UploadServer
x-goog-hash: crc32c=j1VBkQ==, md5=f8gBlEkU1GHtVI29skEVMA==
x-gdpr: 0
x-goog-stored-content-length: 48898
accept-ranges: bytes

GET
H2 200 vendors~accessCodeLPAllAccess~accessCodeLPCooking~accessCodeLPGames~accessCodeLPNews~activateaccess~~87088c14-cbe5ed1e6b9885bf9b31.js Show response
www.nytimes.com/vi-assets/static-assets/ 225 KB
60 KB 147ms
146ms Script
application/javascript 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nytimes.com/vi-assets/static-assets/vendors~accessCodeLPAllAccess~accessCodeLPCooking~accessCodeLPGames~accessCodeLPNews~activateaccess~~87088c14-cbe5ed1e6b9885bf9b31.js

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi-ip.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

856aaced31ed8261b78a7aea881a732f46cc68ec9ff93861a99e8aed2100716e

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.nytimes.com/section/movies
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src data: https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-encoding: gzip
age: 85917
x-guploader-uploadid: ABPtcPoS4bDAQbfGf8EMFlZhBwr5V2vWoz9ZibrGpUORtLduYpnlOPA86LtLArj62B1gi1pB32OR5WpzxA
x-goog-stored-content-encoding: identity
x-origin-time: 2023-12-11 14:30:59 UTC
x-served-by: cache-bfi-kbfi7400042-BFI
x-timer: S1702390977.041828,VS0,VE1
etag: "462e69e4a0ba91b4523e9bd180efa554"
vary: Accept-Encoding, Fastly-SSL
x-goog-generation: 1702304889252369
content-type: application/javascript
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/vendors~accessCodeLPAllAccess~accessCodeLPCooking~accessCodeLPGames~accessCodeLPNews~activateaccess~~87088c14-cbe5ed1e6b9885bf9b31.js
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 1791
expires: Tue, 10 Dec 2024 14:30:59 GMT
date: Tue, 12 Dec 2023 14:22:57 GMT
strict-transport-security: max-age=63072000; preload; includeSubdomains
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
content-length: 60208
last-modified: Mon, 11 Dec 2023 14:28:09 GMT
server: UploadServer
x-goog-hash: crc32c=6eDCbA==, md5=Ri5p5KC6kbRSPpvRgO+lVA==
x-gdpr: 0
x-goog-stored-content-length: 230091
accept-ranges: bytes

GET
H2 200 vendors~account~byline~capsule~clientSideCapsule~collections~explainer~getstarted~liveAsset~newslett~64426ae5-506798ca96de1ea2e924.js Show response
www.nytimes.com/vi-assets/static-assets/ 14 KB
4 KB 145ms
145ms Script
application/javascript 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nytimes.com/vi-assets/static-assets/vendors~account~byline~capsule~clientSideCapsule~collections~explainer~getstarted~liveAsset~newslett~64426ae5-506798ca96de1ea2e924.js

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi-ip.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

2af4b1fb066de4da4960940fcb990e1eab05732fe95480ffa7cf5f29f422218f

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.nytimes.com/section/movies
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src data: https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-encoding: gzip
age: 2422941
x-guploader-uploadid: ABPtcPqxYEKx4IAMd2UvrsUvRh3kWqGvnYclWyOPY5njC60kQMIM4xdrmJKavs_FAz_rJMfzlc2PPa35tQ
x-goog-stored-content-encoding: identity
x-origin-time: 2023-11-08 19:49:25 UTC
x-served-by: cache-bfi-kbfi7400042-BFI
x-timer: S1702390977.041829,VS0,VE0
etag: "a36fb3d5183169e4046876a7c799a984"
vary: Accept-Encoding, Fastly-SSL
x-goog-generation: 1699472569555314
content-type: application/javascript
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/vendors~account~byline~capsule~clientSideCapsule~collections~explainer~getstarted~liveAsset~newslett~64426ae5-506798ca96de1ea2e924.js
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 20711
expires: Thu, 07 Nov 2024 19:49:25 GMT
date: Tue, 12 Dec 2023 14:22:57 GMT
strict-transport-security: max-age=63072000; preload; includeSubdomains
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
content-length: 3961
last-modified: Wed, 08 Nov 2023 19:42:49 GMT
server: UploadServer
x-goog-hash: crc32c=/3aK1w==, md5=o2+z1RgxaeQEaHanx5mphA==
x-gdpr: 0
x-goog-stored-content-length: 14443
accept-ranges: bytes

POST
H2 200 auction Show response
tlx.3lift.com/header/ 71 KB
16 KB 731ms
360ms Fetch
application/json 13.213.94.216
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tlx.3lift.com/header/auction?lib=prebid&v=8.25.0&referrer=https%3A%2F%2Fwww.nytimes.com%2Fsection%2Fmovies&tmax=10000

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/us1/v4/datadog-rum.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.213.94.216 Singapore, Singapore, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-213-94-216.ap-southeast-1.compute.amazonaws.com

Software

Resource Hash

293b602d0f7dddf0de912af3bf11ad62bb390b5159e5a8c44b4c3805e6834ab6

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.nytimes.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
content-type: text/plain

Response headers

pragma: no-cache
date: Tue, 12 Dec 2023 14:22:57 GMT
content-encoding: gzip
accept-ch: sec-ch-ua-bitness,sec-ch-device-memory,sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ect,sec-ch-save-data,sec-ch-viewport-height,sec-ch-width,user-agent,sec-ch-dpr,sec-ch-ua-platform,sec-ch-prefers-color-scheme,sec-ch-ua-full-version-list,sec-ch-downlink,sec-ch-viewport-width,sec-ch-ua-mobile,sec-ch-rtt,sec-ch-ua-arch,sec-ch-ua-full-version,sec-ch-ua
content-type: application/json; charset=utf-8
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
access-control-allow-origin: https://www.nytimes.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 15149
x-xss-protection: 0
expires: Thu, 15 Oct 1992 20:10:00 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 381 B
714 B 1244ms
395ms Fetch
application/json 69.173.158.65
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=12330&site_id=378266&zone_id=2088370&size_id=2&alt_size_ids=55%2C57&p_pos=atf&rf=https%3A%2F%2Fwww.nytimes.com%2Fsection%2Fmovies&kw=Movies&tg_i.domain=nytimes.com&tg_i.page=https%3A%2F%2Fwww.nytimes.com%2Fsection%2Fmovies&tg_i.invCode=nyt_movies_top&tg_i.pbadslot=top&tk_flint=pbjs_lite_v8.25.0&l_pb_bid_id=6ec9b292189001&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&m_ch_mobile=%3F0&slots=1&rand=0.32986785537344643
Requested by: Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/us1/v4/datadog-rum.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 69.173.158.65 Ashburn, United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 136b5c63e0ecd000667c1e627837e0b604bafef7f7338a5b57fe51ec5b1492c5

Request headers

Referer: https://www.nytimes.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
content-type: text/plain

Response headers

pragma: no-cache
date: Tue, 12 Dec 2023 14:22:58 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.nytimes.com
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 381
expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 6 KB
3 KB 1130ms
283ms Fetch
application/json 69.173.158.65
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=12330&site_id=378266&zone_id=2088372&size_id=2&alt_size_ids=55%2C57&p_pos=btf&rf=https%3A%2F%2Fwww.nytimes.com%2Fsection%2Fmovies&kw=Movies&tg_i.domain=nytimes.com&tg_i.page=https%3A%2F%2Fwww.nytimes.com%2Fsection%2Fmovies&tg_i.invCode=nyt_movies_mid1&tg_i.pbadslot=mid1&tk_flint=pbjs_lite_v8.25.0&l_pb_bid_id=7afd79d3958bd2&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&m_ch_mobile=%3F0&slots=1&rand=0.3121092316152756
Requested by: Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/us1/v4/datadog-rum.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 69.173.158.65 Ashburn, United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: b78e47480c89dd9cff7f581de356397aa0be04220097068b611152a492396b1d

Request headers

Referer: https://www.nytimes.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
content-type: text/plain

Response headers

pragma: no-cache
date: Tue, 12 Dec 2023 14:22:58 GMT
content-encoding: gzip
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.nytimes.com
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 6 KB
3 KB 1117ms
270ms Fetch
application/json 69.173.158.65
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=12330&site_id=378266&zone_id=2088372&size_id=15&p_pos=btf&rf=https%3A%2F%2Fwww.nytimes.com%2Fsection%2Fmovies&kw=Movies&tg_i.domain=nytimes.com&tg_i.page=https%3A%2F%2Fwww.nytimes.com%2Fsection%2Fmovies&tg_i.invCode=nyt_movies_mid2&tg_i.pbadslot=mid2&tk_flint=pbjs_lite_v8.25.0&l_pb_bid_id=8b86e1df64510c&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&m_ch_mobile=%3F0&slots=1&rand=0.1799444240317163
Requested by: Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/us1/v4/datadog-rum.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 69.173.158.65 Ashburn, United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 0624d4a945f2c2079ae3046b3fa8440920828c2743f112c69f99d6085c985f88

Request headers

Referer: https://www.nytimes.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
content-type: text/plain

Response headers

pragma: no-cache
date: Tue, 12 Dec 2023 14:22:58 GMT
content-encoding: gzip
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.nytimes.com
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H2 200 translator Show response
hbopenbid.pubmatic.com/ 17 KB
5 KB 696ms
330ms Fetch
application/json 67.199.150.87
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/us1/v4/datadog-rum.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 67.199.150.87 Singapore, Singapore, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: 68105f1407ddbb60d8759e83603ed8826f8696d113453d0eb3ae2c9b1d8ac9a8

Request headers

Referer: https://www.nytimes.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
content-type: text/plain

Response headers

date: Tue, 12 Dec 2023 14:22:57 GMT
content-encoding: gzip
x-openrtb-version: 2.3
observe-browsing-topics: ?1
content-type: application/json
access-control-allow-origin: https://www.nytimes.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H2 200 prebidjs Show response
rtb.openx.net/openrtbb/ 53 B
340 B 198ms
185ms Fetch
text/plain 35.186.253.211
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.openx.net/openrtbb/prebidjs
Requested by: Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/us1/v4/datadog-rum.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.253.211 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 211.253.186.35.bc.googleusercontent.com
Software: /
Resource Hash: 32ca19db6ff65e76a89d648378528c65251e6fe0e4aace4b2e87f47eab95a498

Request headers

Referer: https://www.nytimes.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
content-type: text/plain

Response headers

date: Tue, 12 Dec 2023 14:22:57 GMT
content-encoding: gzip
via: 1.1 google
vary: Origin
content-type: text/plain
access-control-allow-origin: https://www.nytimes.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 77

POST
H2 200 prebid Show response
ib.adnxs.com/ut/v3/ 17 KB
7 KB 753ms
383ms Fetch
application/json 103.43.89.4
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/us1/v4/datadog-rum.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

103.43.89.4 Singapore, Singapore, ASN29990 (ASN-APPNEX, US),

Reverse DNS

839.bm-nginx-loadbalancer.mgmt.sin3.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

761030a5378e067b411705db758970243679c69413bb808e5bdaf5d1f200de02

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.nytimes.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
content-type: text/plain

Response headers

pragma: no-cache
date: Tue, 12 Dec 2023 14:22:57 GMT
content-encoding: gzip
an-x-request-uuid: 038ead6f-f832-4fa4-b22e-f4dbd35aa114
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
vary: Accept-Encoding
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.nytimes.com
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 66.203.112.165; 66.203.112.165; 839.bm-nginx-loadbalancer.mgmt.sin3.adnexus.net; adnxs.com
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 200 prebid Show response
prebid.media.net/rtb/ 1 KB
1 KB 219ms
206ms Fetch
application/json 34.120.63.153
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.media.net/rtb/prebid?cid=8CU4WQK98
Requested by: Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/us1/v4/datadog-rum.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.120.63.153 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 153.63.120.34.bc.googleusercontent.com
Software: envoy /
Resource Hash: 98933a92e36a9f02568cba0776c649efeee2aa7dd02cde8abf8a51ad88e2e326

Request headers

Referer: https://www.nytimes.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
content-type: text/plain

Response headers

pragma: no-cache
date: Tue, 12 Dec 2023 14:22:56 GMT
content-encoding: gzip
via: 1.1 google
accept-ch: Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model
server: envoy
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.nytimes.com
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-envoy-upstream-service-time: 107
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 12 Dec 2023 14:22:57 GMT

POST
H2 200 pbjs Show response
htlb.casalemedia.com/openrtb/ 36 B
553 B 386ms
375ms Fetch
application/json 104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/openrtb/pbjs?s=995821
Requested by: Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/us1/v4/datadog-rum.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0c443b91759dd30a5d3a0f34ab1fe5219052a1233922ce3f64909a22382bd430

Request headers

Referer: https://www.nytimes.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
content-type: text/plain

Response headers

pragma: no-cache
date: Tue, 12 Dec 2023 14:22:57 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a%2FRigSa5e%2F5uTeOQkoBbGH%2BCo3yRQ1m1oq8fK%2FUdSabCQWtI%2BEiAmNN%2B6EYASzZQf3b6eRX4ZZW7m4GbjRNxxgOEUjj0Ba18IcBKXPjCbCQA6IHYD2jvQzHnIToN%2BON7uU2CwLyw"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: https://www.nytimes.com
cache-control: no-cache
access-control-allow-credentials: true
cf-ray: 83469f568b45a947-SYD
alt-svc: h3=":443"; ma=86400
content-length: 36
expires: 0

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 184 KB
62 KB 114ms
114ms Script
application/javascript 142.250.66.232
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-N5P6T9S&l=dataLayer

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P528B3&gtm_auth=tfAzqo1rYDLgYhmTnSjPqw&gtm_preview=env-130&gtm_cookies_win=x

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.66.232 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s15-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

5fc1722631c279136d35b326ea4fee27c1f7da8cf3df37bb1aa7aec58827d023

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 14:22:57 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 63348
x-xss-protection: 0
last-modified: Tue, 12 Dec 2023 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 12 Dec 2023 14:22:57 GMT

GET
H2 200 tags.js Show response
dd.nytimes.com/ 147 KB
27 KB 49ms
3ms Script
text/javascript 13.35.147.38
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dd.nytimes.com/tags.js

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/section/movies

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.35.147.38 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-35-147-38.syd1.r.cloudfront.net

Software

Apache /

Resource Hash

c54140eac6df64b97abf9bf21e88910bac89ddc973d871fcd33dca119b8b4c24

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: gzip
via: 1.1 7c4c2286abc7fc5145c880b21a28bb46.cloudfront.net (CloudFront)
date: Tue, 12 Dec 2023 13:57:26 GMT
x-amz-cf-pop: SYD1-C1
age: 1532
x-cache: Hit from cloudfront
content-length: 27331
last-modified: Wed, 29 Nov 2023 13:37:06 GMT
server: Apache
etag: "24cd6-60b4aa18fa3ca-gzip"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=3600, public
accept-ranges: bytes
x-amz-cf-id: pn4-HkG5UDhyNRU_jUu4maXNfNJ60YrFzTg-MVlr4BIOBzMzKAU2yQ==
expires: Tue, 12 Dec 2023 14:57:24 GMT

GET
H2

204

b2
sb.scorecardresearch.com/
Redirect Chain

https://sb.scorecardresearch.com/b?c1=2&c2=3005403&ns__t=1702390977113&ns_c=UTF-8&c8=Movies%20-%20The%20New%20York%20Times&c7=https%3A%2F%2Fwww.nytimes.com%2Fsection%2Fmovies&c9=
https://sb.scorecardresearch.com/b2?c1=2&c2=3005403&ns__t=1702390977113&ns_c=UTF-8&c8=Movies%20-%20The%20New%20York%20Times&c7=https%3A%2F%2Fwww.nytimes.com%2Fsection%2Fmovies&c9=

0
225 B

142ms
142ms

Image
text/plain

18.67.111.28
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/b2?c1=2&c2=3005403&ns__t=1702390977113&ns_c=UTF-8&c8=Movies%20-%20The%20New%20York%20Times&c7=https%3A%2F%2Fwww.nytimes.com%2Fsection%2Fmovies&c9=
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/section/movies
Protocol: H2
Server: 18.67.111.28 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-67-111-28.syd62.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 14:22:57 GMT
via: 1.1 c9801432acaf39452e5421e7eeabc4b0.cloudfront.net (CloudFront)
accept-ch: UA, Platform, Arch, Model, Mobile
x-amz-cf-pop: SYD62-P2
x-amz-cf-id: PdEi-zVeI-IAggUxQn8jUXui_STVNrTHu9RH0KDZLgbx34SbBGz1nQ==
x-cache: Miss from cloudfront

Redirect headers

date: Tue, 12 Dec 2023 14:22:57 GMT
via: 1.1 c9801432acaf39452e5421e7eeabc4b0.cloudfront.net (CloudFront)
accept-ch: UA, Platform, Arch, Model, Mobile
x-amz-cf-pop: SYD62-P2
x-cache: Miss from cloudfront
location: /b2?c1=2&c2=3005403&ns__t=1702390977113&ns_c=UTF-8&c8=Movies%20-%20The%20New%20York%20Times&c7=https%3A%2F%2Fwww.nytimes.com%2Fsection%2Fmovies&c9=
content-length: 0
x-amz-cf-id: sERfqFmwBCtqpp8Pkeos-274aWWcMPQdtanVpUL5qGBhjjKS_AN7mg==

OPTIONS
H2 200 v2
samizdat-graphql.nytimes.com/graphql/ Frame 0
0 27ms
27ms Preflight 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://samizdat-graphql.nytimes.com/graphql/v2

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,nyt-app-type,nyt-app-version,nyt-token,x-nyt-entitlements,x-nyt-internal-meter-override,x-nyt-news-tenure,x-nyt-programming-abtest
Access-Control-Request-Method: POST
Origin: https://www.nytimes.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-credentials: true
access-control-allow-headers: content-type,nyt-app-type,nyt-app-version,nyt-token,x-nyt-entitlements,x-nyt-internal-meter-override,x-nyt-news-tenure,x-nyt-programming-abtest
access-control-allow-methods: GET,POST
access-control-allow-origin: https://www.nytimes.com
access-control-expose-headers: x-nyt-audience-target-flat,x-nyt-continent,x-nyt-country,x-nyt-region,x-nyt-meridiem,x-nyt-gmt-offset
access-control-max-age: 300
age: 549
content-length: 0
date: Tue, 12 Dec 2023 14:22:57 GMT
server: envoy
strict-transport-security: max-age=63072000; preload; includeSubdomains
timing-allow-origin: *
vary: Origin, Access-Control-Request-Headers, Accept-Encoding, Access-Control-Request-Method
via: 1.1 google, 1.1 varnish
x-cache: HIT
x-cache-hits: 11
x-envoy-decorator-operation: graphql-v1.samizdat.nyti.nyt.net:443/*
x-envoy-upstream-service-time: 60
x-nyt-audience-target-flat: NA:AM
x-nyt-continent: NA
x-nyt-country: US
x-nyt-edge-cache: HIT
x-nyt-meridiem: AM
x-nyt-region: DE
x-samizdat-query-exe-id: 838d196f49d0d2cc
x-samizdat-query-field-errors: 0
x-served-by: cache-bne12529-BNE
x-timer: S1702390978.623095,VS0,VE1

POST
H2 200 v2 Show response
samizdat-graphql.nytimes.com/graphql/ 11 KB
4 KB 316ms
315ms Fetch
application/json 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://samizdat-graphql.nytimes.com/graphql/v2

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/us1/v4/datadog-rum.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

envoy /

Resource Hash

d3a56f8b41b66ccd5d69973d233c4e106581454c0ff292ae2ece2df66f7a49cb

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

nyt-token: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs+/oUCTBmD/cLdmcecrnBMHiU/pxQCn2DDyaPKUOXxi4p0uUSZQzsuq1pJ1m5z1i0YGPd1U1OeGHAChWtqoxC7bFMCXcwnE1oyui9G1uobgpm1GdhtwkR7ta7akVTcsF8zxiXx7DNXIPd2nIJFH83rmkZueKrC4JVaNzjvD+Z03piLn5bHWU6+w+rA+kyJtGgZNTXKyPh6EC6o5N+rknNMG5+CdTq35p8f99WjFawSvYgP9V64kgckbTbtdJ6YhVP58TnuYgr12urtwnIqWP9KSJ1e5vmgf3tunMqWNm6+AnsqNj8mCLdCuc5cEB74CwUeQcP2HQQmbCddBy2y0mEwIDAQAB
accept-language: en-AU,en;q=0.9
x-nyt-entitlements
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
x-nyt-programming-abtest
nyt-app-type: project-vi
Content-Type: application/json
Referer: https://www.nytimes.com/
nyt-app-version: 0.0.5
x-nyt-news-tenure
x-nyt-internal-meter-override

Response headers

content-encoding: gzip
x-nyt-meridiem: AM
x-b3-traceid: 0
x-nyt-pass-reason: PRVT
x-samizdat-query-field-errors: 0
x-samizdat-query-cache: M
x-samizdat-query-exe-id: 68c444355567e0d6
samizdat-x-canary: false
x-served-by: cache-bfi-kbfi7400042-BFI
x-graphiti-gateway: 411667ba
x-nyt-country: US
x-timer: S1702390978.713372,VS0,VE175
x-nyt-continent: NA
vary: Accept-Encoding, Samizdat-X-Personalize, x-nyt-is-anonymous, Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.nytimes.com
x-nyt-region: DE
access-control-expose-headers: x-nyt-audience-target-flat, x-nyt-continent, x-nyt-country, x-nyt-region, x-nyt-meridiem, x-nyt-gmt-offset
cache-control: private, no-store
x-nyt-audience-target-flat: NA:AM
x-nyt-edge-cache: MISS
x-samizdat-query-op-id: project-vi.v2.getMessageSelection
x-cache-hits: 0
x-samizdat-query-sup-code
date: Tue, 12 Dec 2023 14:22:57 GMT
via: 1.1 google, 1.1 varnish
x-envoy-decorator-operation: graphql-v1.samizdat.nyti.nyt.net:443/*
strict-transport-security: max-age=63072000; preload; includeSubdomains
x-cache: MISS
samizdat-x-instance: 7cc2f01d
x-envoy-upstream-service-time: 166
x-samizdat-query-personalized: p
last-modified: Tue, 12 Dec 2023 14:22:57 GMT
server: envoy
samizdat-x-kubernetes-namespace: v1
x-fetch-attempts: 1
x-samizdat-query-surrogates-size: 0
access-control-allow-credentials: true
x-datadog-trace-id: 0
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 purr-cache Show response
purr.nytimes.com/v1/ 0
370 B 540ms
236ms Fetch
text/html 50.112.118.45
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://purr.nytimes.com/v1/purr-cache

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/us1/v4/datadog-rum.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

50.112.118.45 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-50-112-118-45.us-west-2.compute.amazonaws.com

Software

envoy /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 14:22:58 GMT
via: 1.1 google
x-envoy-decorator-operation: purr.nytimes.com:443/*
strict-transport-security: max-age=63072000; preload; includeSubdomains
server: envoy
vary: Origin
content-type: text/html
access-control-allow-origin: https://www.nytimes.com
x-cloud-trace-context: 064eada7cda225b8985d4ad69dca9aa7
access-control-allow-credentials: true
x-envoy-upstream-service-time: 85
content-length: 0

GET
H2 200 data-layer Show response
a.nytimes.com/svc/nyt/ 1 KB
2 KB 553ms
247ms Fetch
application/json 44.226.14.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://a.nytimes.com/svc/nyt/data-layer?assetUrl=https%3A%2F%2Fwww.nytimes.com%2Fsection%2Fmovies&caller_id=nyt-vi&jkcb=1702390977621&referrer=&sourceApp=nyt-vi

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/us1/v4/datadog-rum.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.226.14.255 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-226-14-255.us-west-2.compute.amazonaws.com

Software

envoy /

Resource Hash

844236314113f0997ba9146c0b71b329ea02b2551976c62134822ffacf24605d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

x-nyti-upstream: gke
date: Tue, 12 Dec 2023 14:22:58 GMT
x-envoy-decorator-operation: a.nytimes.com:443/*
via: 1.1 google
strict-transport-security: max-age=63072000; preload; includeSubdomains
content-encoding: gzip
server: envoy
vary: Accept-Encoding
access-control-allow-methods: GET, PUT, POST, DELETE, OPTIONS
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.nytimes.com
access-control-allow-credentials: true
x-envoy-upstream-service-time: 94
access-control-allow-headers: Content-Type, x-requested-by

POST
H2 200 track
a.et.nytimes.com/ 0
0 244ms
244ms Ping
text/plain 50.112.118.45
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://a.et.nytimes.com/track
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/section/movies
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 50.112.118.45 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-50-112-118-45.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.nytimes.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312050101/ 431 KB
135 KB 3ms
2ms Script
text/javascript 142.250.204.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312050101/pubads_impl.js

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi-ip.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.204.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s25-in-f2.1e100.net

Software

cafe /

Resource Hash

ba014b41e87e2deda011cf92146d1b1842133b416d5ce0be02719670c0d46e10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 12:24:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7104
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 138171
x-xss-protection: 0
server: cafe
etag: 7807444821274263820
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Wed, 11 Dec 2024 12:24:33 GMT

GET
H2 200 17mag-metoo-mediumThreeByTwo210-v2.jpg
static01.nyt.com/images/2023/12/17/magazine/17mag-metoo/ 9 KB
9 KB 144ms
143ms Image
image/webp 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static01.nyt.com/images/2023/12/17/magazine/17mag-metoo/17mag-metoo-mediumThreeByTwo210-v2.jpg?quality=100&auto=webp

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/section/movies

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

626fe07f8002e07eb5641ba6b6536c50367625e351cf157f9b5f24e7de0e040c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

expires: Tue, 12 Dec 2023 10:09:07 GMT
date: Tue, 12 Dec 2023 14:22:57 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
fastly-io-served-by: vpop-kiad7010211
age: 15230
x-guploader-uploadid: ABPtcPpZP-bT8CHQeGRMPjDntqgJl-22J7X9HNKT0tMm6nyhmcFN73Dbcbo-Y__su3PglbDcRA1czzZH1g
x-cache: HIT, HIT
fastly-io-info: ifsz=9485 idim=210x140 ifmt=jpeg ofsz=8876 odim=210x140 ofmt=webp
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
fastly-stats: io=1
content-length: 8876
x-served-by: cache-iad-kjyo7100141-IAD, cache-bfi-kbfi7400042-BFI
server: UploadServer
x-timer: S1702390978.780691,VS0,VE1
etag: "ph3y8JG1btYGHbGCCAoTXpz+ZJmLEvPzypObXaLd6wA"
vary: Accept
x-goog-generation: 1702375330605345
content-type: image/webp
access-control-allow-origin: *
x-goog-hash: crc32c=msNNpg==, md5=ryfyD5bqKGGqQSMWBxNo7Q==
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-goog-stored-content-length: 9485
x-amz-checksum-crc32c: msNNpg==
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 11, 1

GET
H2 200 11GLOBES-SNUBS-PROMO-fhbc-mediumThreeByTwo210.jpg
static01.nyt.com/images/2023/12/11/multimedia/11GLOBES-SNUBS-PROMO-fhbc/ 11 KB
12 KB 142ms
141ms Image
image/jpeg 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static01.nyt.com/images/2023/12/11/multimedia/11GLOBES-SNUBS-PROMO-fhbc/11GLOBES-SNUBS-PROMO-fhbc-mediumThreeByTwo210.jpg?quality=100&auto=webp

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/section/movies

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

78409fb2cff4656c59023442d3b9601e5b413fd24bfe43346824f5d7ad02fa4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

expires: Mon, 11 Dec 2023 20:07:47 GMT
date: Tue, 12 Dec 2023 14:22:57 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
fastly-io-served-by: vpop-kiad7010213
age: 65710
x-guploader-uploadid: ABPtcPrn5IGPaTugxvfq_j3qPOe-LOqYPVNx5UpbM6TN3rtNwYVOcH_9IgQGn1hzKrQ1H6RBqQs
x-cache: HIT, HIT
fastly-io-info: ifsz=14604 idim=210x140 ifmt=jpeg ofsz=11442 odim=210x140 ofmt=jpeg
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
fastly-stats: io=1
content-length: 11442
fastly-io-warning: Failed to shrink image
x-served-by: cache-iad-kcgs7200124-IAD, cache-bfi-kbfi7400042-BFI
server: UploadServer
x-timer: S1702390978.780914,VS0,VE0
etag: "yDSuIICC12E6mEz7DXBdh7hoJ1JFrpjHyi/cfG20pTk"
vary: Accept
x-goog-generation: 1702325203774739
content-type: image/jpeg
access-control-allow-origin: *
x-goog-hash: crc32c=6UHioQ==, md5=4rbLTc7g/2NOkcZJVTFprQ==
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-goog-stored-content-length: 14604
x-amz-checksum-crc32c: 6UHioQ==
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 11, 3

GET
H2 200 10SLEEVES-POOR-THINGS-cmbv-mediumThreeByTwo210.jpg
static01.nyt.com/images/2023/12/10/multimedia/10SLEEVES-POOR-THINGS-cmbv/ 9 KB
10 KB 145ms
145ms Image
image/jpeg 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static01.nyt.com/images/2023/12/10/multimedia/10SLEEVES-POOR-THINGS-cmbv/10SLEEVES-POOR-THINGS-cmbv-mediumThreeByTwo210.jpg?quality=100&auto=webp

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/section/movies

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

81619079df55e825a05ee5c4560da97e35fcdfa62c7f4c06ffad6dd61ba1beed

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

expires: Sun, 10 Dec 2023 10:04:03 GMT
date: Tue, 12 Dec 2023 14:22:57 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
fastly-io-served-by: vpop-kiad7010226
age: 188334
x-guploader-uploadid: ABPtcPo2PEedI5yEbmGdXytgnQAXnGzBCreumhtQM6-FHzFtPyd4jfgDxvZ8qlgFTAMTTj8Gb65_HZrjpA
x-cache: HIT, HIT
fastly-io-info: ifsz=12362 idim=210x140 ifmt=jpeg ofsz=9200 odim=210x140 ofmt=jpeg
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
fastly-stats: io=1
content-length: 9200
fastly-io-warning: Failed to shrink image
x-served-by: cache-iad-kcgs7200051-IAD, cache-bfi-kbfi7400042-BFI
server: UploadServer
x-timer: S1702390978.780918,VS0,VE2
etag: "5i2zv6I/zRWDEYrRmCmFM+3+yumXeAS3OTI9hJk0bgs"
vary: Accept
x-goog-generation: 1702202407233047
content-type: image/jpeg
access-control-allow-origin: *
x-goog-hash: crc32c=LobSkQ==, md5=ARzr+blWTZJdkyT7k92Aug==
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-goog-stored-content-length: 12362
x-amz-checksum-crc32c: LobSkQ==
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 14, 1

GET
H2 200 08oneal-vwkj-mediumThreeByTwo210.jpg
static01.nyt.com/images/2023/12/10/multimedia/08oneal-vwkj/ 8 KB
8 KB 145ms
145ms Image
image/jpeg 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static01.nyt.com/images/2023/12/10/multimedia/08oneal-vwkj/08oneal-vwkj-mediumThreeByTwo210.jpg?quality=100&auto=webp

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/section/movies

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

029fea4d8569b2bc1c939ff408bafc069c61748e42c85d876ce38989bfdfef52

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

expires: Sat, 09 Dec 2023 06:47:41 GMT
date: Tue, 12 Dec 2023 14:22:57 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
fastly-io-served-by: vpop-kiad7010211
age: 286517
x-guploader-uploadid: ABPtcPqOIhzlqv9TR0hICeTGf5q9Hc10YgMd51LGsPF87jBJiq-uZrOabzeM5kXlJHZkkmA2tjy-IWpcnQ
x-cache: HIT, HIT
fastly-io-info: ifsz=11037 idim=210x140 ifmt=jpeg ofsz=7875 odim=210x140 ofmt=jpeg
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
fastly-stats: io=1
content-length: 7875
fastly-io-warning: Failed to shrink image
x-served-by: cache-iad-kcgs7200116-IAD, cache-bfi-kbfi7400042-BFI
server: UploadServer
x-timer: S1702390978.780932,VS0,VE2
etag: "wBS7CuJTiELrAXsNqVmAZB0enTC8ePHIVRkNUxK7P8o"
vary: Accept
x-goog-generation: 1702104384278193
content-type: image/jpeg
access-control-allow-origin: *
x-goog-hash: crc32c=VfsHSw==, md5=AofUxd/QgLJcZM+6ZhnVhA==
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-goog-stored-content-length: 11037
x-amz-checksum-crc32c: VfsHSw==
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 2, 1

GET
H2 200 poor-things-anatomy1-jqbk-mediumThreeByTwo210.jpg
static01.nyt.com/images/2023/12/07/multimedia/poor-things-anatomy1-jqbk/ 8 KB
9 KB 143ms
143ms Image
image/jpeg 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static01.nyt.com/images/2023/12/07/multimedia/poor-things-anatomy1-jqbk/poor-things-anatomy1-jqbk-mediumThreeByTwo210.jpg?quality=100&auto=webp

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/section/movies

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

5632afc3acab8b36b1724af185ceb5dd236c4586598f05fd93b9b4d4e2fe41f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

expires: Fri, 08 Dec 2023 16:36:23 GMT
date: Tue, 12 Dec 2023 14:22:57 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
fastly-io-served-by: vpop-kiad7010210
age: 337594
x-guploader-uploadid: ABPtcPprp_Ud7YRn_nwFqxtnYWjlR1iAWLbwe8zWM56ivd4yvAvmoWsiYyZ1nWCtHJeLaB0s5dwUlktjpA
x-cache: HIT, HIT
fastly-io-info: ifsz=11652 idim=210x140 ifmt=jpeg ofsz=8490 odim=210x140 ofmt=jpeg
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
fastly-stats: io=1
content-length: 8490
fastly-io-warning: Failed to shrink image
x-served-by: cache-iad-kjyo7100172-IAD, cache-bfi-kbfi7400042-BFI
server: UploadServer
x-timer: S1702390978.781468,VS0,VE0
etag: "fjIrStyf3/k15W729DWpsWpoQIhdQxnrYT4B2EfRoJM"
vary: Accept
x-goog-generation: 1701985898272582
content-type: image/jpeg
access-control-allow-origin: *
x-goog-hash: crc32c=sMKFoA==, md5=EoSBLQAxefKPlyn5QUCvJQ==
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-goog-stored-content-length: 11652
x-amz-checksum-crc32c: sMKFoA==
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 33, 3

GET
H2 200 wintertide1-mediumThreeByTwo210.jpg
static01.nyt.com/images/2023/12/07/arts/wintertide1/ 7 KB
8 KB 144ms
143ms Image
image/webp 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static01.nyt.com/images/2023/12/07/arts/wintertide1/wintertide1-mediumThreeByTwo210.jpg?quality=100&auto=webp

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/section/movies

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

112f3b860b3119ca5423d480476d5b60cef7ae7468623201dde0376bb6131e0f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

expires: Fri, 08 Dec 2023 16:00:51 GMT
date: Tue, 12 Dec 2023 14:22:57 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
fastly-io-served-by: vpop-kiad7010231
age: 339726
x-guploader-uploadid: ABPtcPpaIBI25tWLX-cpeSfuWqU7YjxjxpCurgNwdxEEUxUYkdNkIuoEKwloH6nItorGJgrowcaI9yB1oQ
x-cache: HIT, HIT
fastly-io-info: ifsz=8473 idim=210x140 ifmt=jpeg ofsz=7532 odim=210x140 ofmt=webp
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
fastly-stats: io=1
content-length: 7532
x-served-by: cache-iad-kcgs7200071-IAD, cache-bfi-kbfi7400042-BFI
server: UploadServer
x-timer: S1702390978.781477,VS0,VE0
etag: "qU30me+wiEH6ccEBLi/oUmDy/Dqq2HEwYc8a6R6z4Vo"
vary: Accept
x-goog-generation: 1702051206305455
content-type: image/webp
access-control-allow-origin: *
x-goog-hash: crc32c=noGgXw==, md5=SOa7wCwzWVGe8O9viULDxQ==
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-goog-stored-content-length: 8473
x-amz-checksum-crc32c: noGgXw==
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 23, 3

GET
H2 200 08streaming-kids-fhpl-mediumThreeByTwo210.jpg
static01.nyt.com/images/2023/12/08/multimedia/08streaming-kids-fhpl/ 13 KB
13 KB 141ms
139ms Image
image/webp 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static01.nyt.com/images/2023/12/08/multimedia/08streaming-kids-fhpl/08streaming-kids-fhpl-mediumThreeByTwo210.jpg?quality=100&auto=webp

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/section/movies

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

307ec4276d520aa1731262647da82d9c2464f3fe4dd67ecba8912d015abe3d84

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

expires: Fri, 08 Dec 2023 12:04:45 GMT
date: Tue, 12 Dec 2023 14:22:57 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
fastly-io-served-by: vpop-kiad7010247
age: 353891
x-guploader-uploadid: ABPtcPpOFCY7sgtZh0Yci3IhSpTxru90PXdojn-Ux29kNPZ0ExAtnxDh3R5p7yho9WUxt6igR8M
x-cache: HIT, HIT
fastly-io-info: ifsz=13438 idim=210x140 ifmt=jpeg ofsz=12818 odim=210x140 ofmt=webp
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
fastly-stats: io=1
content-length: 12818
x-served-by: cache-iad-kjyo7100103-IAD, cache-bfi-kbfi7400042-BFI
server: UploadServer
x-timer: S1702390978.927854,VS0,VE0
etag: "8TXpPo8migR6Ssmh3wxRQBYrARURfzisVNDCjt1lsOc"
vary: Accept
x-goog-generation: 1702036805386186
content-type: image/webp
access-control-allow-origin: *
x-goog-hash: crc32c=tkIIUA==, md5=etJ+CDKTmP8fp6leKxFgig==
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-goog-stored-content-length: 13438
x-amz-checksum-crc32c: tkIIUA==
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 15, 3

GET
H2 200 08italy-movie-01-qcvg-mediumThreeByTwo210.jpg
static01.nyt.com/images/2023/12/08/multimedia/08italy-movie-01-qcvg/ 14 KB
14 KB 143ms
142ms Image
image/jpeg 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static01.nyt.com/images/2023/12/08/multimedia/08italy-movie-01-qcvg/08italy-movie-01-qcvg-mediumThreeByTwo210.jpg?quality=100&auto=webp

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/section/movies

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

375158c1bf9b1fdfd7fb158bc931aab8a3cc3d0407065e804fcc80a04b6bdea2

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

expires: Fri, 08 Dec 2023 10:06:23 GMT
date: Tue, 12 Dec 2023 14:22:57 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
fastly-io-served-by: vpop-kiad7010210
age: 360994
x-guploader-uploadid: ABPtcPr_X5Ww3q1TPeUSL8h-o9TIW3SXUKMJCPFq5K2Sa1Ujwvsvur24iKIi8TQv07AGyIkxaTnRR-Vmrg
x-cache: HIT, HIT
fastly-io-info: ifsz=17085 idim=210x140 ifmt=jpeg ofsz=13923 odim=210x140 ofmt=jpeg
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
fastly-stats: io=1
content-length: 13923
fastly-io-warning: Failed to shrink image
x-served-by: cache-iad-kiad7000149-IAD, cache-bfi-kbfi7400042-BFI
server: UploadServer
x-timer: S1702390978.929148,VS0,VE1
etag: "dSqhQ2qvjabtbtZfbC8ZpwZyT5GTyItKCU9TZ2lFxFw"
vary: Accept
x-goog-generation: 1702029826961572
content-type: image/jpeg
access-control-allow-origin: *
x-goog-hash: crc32c=2W9ZJg==, md5=M51lEjeuT/jknaxfDxQ91w==
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-goog-stored-content-length: 17085
x-amz-checksum-crc32c: 2W9ZJg==
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 31, 1

GET
H2 200 THE-CURSE-02-pljk-mediumThreeByTwo210.jpg
static01.nyt.com/images/2023/12/01/multimedia/THE-CURSE-02-pljk/ 9 KB
9 KB 142ms
140ms Image
image/jpeg 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static01.nyt.com/images/2023/12/01/multimedia/THE-CURSE-02-pljk/THE-CURSE-02-pljk-mediumThreeByTwo210.jpg?quality=100&auto=webp

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/section/movies

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

d6999b8277188f61786d4faf83e18d783360ccfaeb0483e748e7ddb306f8c819

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

expires: Fri, 08 Dec 2023 10:08:15 GMT
date: Tue, 12 Dec 2023 14:22:57 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
fastly-io-served-by: vpop-kiad7010231
age: 360882
x-guploader-uploadid: ABPtcPqH8R5bPus2cB3KhLCUPfiSHvGI3QHKp4j9UQn0CA52eucukZi_UMmavLY8uqaIV4HEThM
x-cache: HIT, HIT
fastly-io-info: ifsz=12131 idim=210x140 ifmt=jpeg ofsz=8969 odim=210x140 ofmt=jpeg
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
fastly-stats: io=1
content-length: 8969
fastly-io-warning: Failed to shrink image
x-served-by: cache-iad-kiad7000057-IAD, cache-bfi-kbfi7400042-BFI
server: UploadServer
x-timer: S1702390978.929227,VS0,VE0
etag: "+YFSYnzqH63DdJm839O13xaM/abMk0CFb9hWoRs4144"
vary: Accept
x-goog-generation: 1702029763829943
content-type: image/jpeg
access-control-allow-origin: *
x-goog-hash: crc32c=mzLR8w==, md5=G/KBzuT9NsQoK8JYsUo0/g==
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-goog-stored-content-length: 12131
x-amz-checksum-crc32c: mzLR8w==
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 30, 3

GET
BLOB 200
OK ad095e80-c492-44aa-94a1-3acfa066c52f
https://www.nytimes.com/ 597 B
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.nytimes.com/ad095e80-c492-44aa-94a1-3acfa066c52f
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/section/movies
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6292d47914f9b1671e0c7b3076ea35aa0127785ed01ae8df56f534171114b08a

Request headers

accept-language: en-AU,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Content-Length: 597
Content-Type: application/javascript

GET
H2 200 bid Show response
aax.amazon-adsystem.com/e/dtb/ 191 B
524 B 445ms
435ms XHR
text/javascript 18.67.114.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://aax.amazon-adsystem.com/e/dtb/bid?src=3030&u=https%3A%2F%2Fwww.nytimes.com%2Fsection%2Fmovies&pid=uQyjEewsHxiiC&cb=0&ws=1600x1200&v=23.1129.2055&t=2000&slots=%5B%7B%22sd%22%3A%22top%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x90%22%2C%22970x250%22%5D%2C%22sn%22%3A%22top_sf_web%22%7D%5D&pj=%7B%22si_section%22%3A%22movies%22%7D&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
Requested by: Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/us1/v4/datadog-rum.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.67.114.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-67-114-43.syd62.r.cloudfront.net
Software: Server /
Resource Hash: 4dce82188087b5a879afaed84f7c41579a9ccd759994d30d908879edc355ca62

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 14:22:57 GMT
via: 1.1 7bbccbab99aa927533c5da8ccfb22e02.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: SYD62-P2
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.nytimes.com
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 191
x-amz-cf-id: Rhijsc1UROvSzzgAt3BMQ4sEL50DvdEQLWn3BbHjFPfAS_Bdv6A18Q==

GET
H2 200 bid Show response
aax.amazon-adsystem.com/e/dtb/ 191 B
526 B 278ms
273ms XHR
text/javascript 18.67.114.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://aax.amazon-adsystem.com/e/dtb/bid?src=3030&u=https%3A%2F%2Fwww.nytimes.com%2Fsection%2Fmovies&pid=uQyjEewsHxiiC&cb=1&ws=1600x1200&v=23.1129.2055&t=2000&slots=%5B%7B%22sd%22%3A%22mid1%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x90%22%2C%22970x250%22%5D%2C%22sn%22%3A%22mid1_sf_web%22%7D%5D&pj=%7B%22si_section%22%3A%22movies%22%7D&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
Requested by: Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/us1/v4/datadog-rum.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.67.114.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-67-114-43.syd62.r.cloudfront.net
Software: Server /
Resource Hash: ab58c90a662cf700705e739676c14e82d7ab3e91ec18689f6f30daf88d8a2194

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 14:22:57 GMT
via: 1.1 7bbccbab99aa927533c5da8ccfb22e02.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: SYD62-P2
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.nytimes.com
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 191
x-amz-cf-id: xKHghxZCItbHX4HYTqOURoPtQcK7WF0bg_zLrIMwv_NG5brNR_Fohg==

GET
H2 200 bid Show response
aax.amazon-adsystem.com/e/dtb/ 191 B
524 B 467ms
467ms XHR
text/javascript 18.67.114.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://aax.amazon-adsystem.com/e/dtb/bid?src=3030&u=https%3A%2F%2Fwww.nytimes.com%2Fsection%2Fmovies&pid=uQyjEewsHxiiC&cb=2&ws=1600x1200&v=23.1129.2055&t=2000&slots=%5B%7B%22sd%22%3A%22mid2%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22mid2_sf_web%22%7D%5D&pj=%7B%22si_section%22%3A%22movies%22%7D&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
Requested by: Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/us1/v4/datadog-rum.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.67.114.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-67-114-43.syd62.r.cloudfront.net
Software: Server /
Resource Hash: 1c5395f6205dc8e59a1869a8e3b4a38ee649e96f23907d907f4b9cc958aa5f76

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 14:22:57 GMT
via: 1.1 7bbccbab99aa927533c5da8ccfb22e02.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: SYD62-P2
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.nytimes.com
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 191
x-amz-cf-id: zjBvjndihg5Uj5ns2B_od3Y2ZyFywEb-2Qdka6BRXWlL8PAwMU2WNw==

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 121 KB
47 KB 1020ms
1020ms XHR
text/plain 142.250.204.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2379048516978431&correlator=1580878052010544&eid=31080078%2C44809720&output=ldjh&gdfp_req=1&vrg=202312050101&ptt=17&impl=fif&iu_parts=29390238%2Cnyt%2Cmovies%2Csectionfront&enc_prev_ius=%2F0%2F1%2F2%2F3&prev_iu_szs=320x50%7C728x90%7C970x90%7C970x250%7C1605x300&fluid=height&ifi=1&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1702390977902&lmt=1702390420&adxs=0&adys=75&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=480&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fwww.nytimes.com%2Fsection%2Fmovies&vis=1&psz=1600x0&msz=1600x0&fws=4&ohw=1600&ga_vid=483061683.1702390978&ga_sid=1702390978&ga_hid=1663247322&ga_fc=false&dlt=1702390976011&idt=1764&prev_scp=div%3Dtop%26pos%3Dtop%26amznbid%3D1%26amznp%3D1%26request_time%3D1879&cust_params=als_test_clientside%3Dweb_none_none_20231212142256%26mktg%3Dtype_anon%252Clogf%252Cabf%26bt%3D%26sub%3Danon%26edn%3Dus%26test%3Dprojectvi%26ver%3Dvi%26typ%3Dsf%26vp%3Dlarge%26als_test%3D1702383898825%26prop%3Dnyt%26plat%3Dweb%26brandsensitive%3Dfalse%26artlen%3Dshort%26ledemedsz%3Dnone%26template%3Dlegacycollection%26section%3Dmovies%26si_section%3Dmovies%26id%3D100000004272298%26gscat%3Dgv_safe%252Cgb_safe%252Cneg_ibmtest%252Cgs_entertain%252Cgs_genres%252Cgs_entertain_movies%252Cneg_ibm%252Cneg_ihw%252Cneg_racism%252Cneg_chan2%252Cneg_chanel%252Cneg_hms%252Cneg_mastercard%252Cneg_citi_aa%252Cgs_t%26abra_dfp%3Ddfp_prebid_0723_3_index_pubmatic%252Cdfp_als_home_1_als%26sov%3D3%26page_view_id%3DNmzto2xnS7dut1kKI15JE621%26purr%3Dfull%26uap%3Dbrowser%26slug%3Dmovies&adks=845365794&frm=20

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/us1/v4/datadog-rum.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.204.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s25-in-f2.1e100.net

Software

cafe /

Resource Hash

cd2eef8e807f0e9a4d87ef688e2050d574f1371040dcef1df57c62a1aab5531d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 14:22:58 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48122
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.nytimes.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame AFD4 6 KB
3 KB 507ms
102ms Document
text/html 142.250.204.1
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312050101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.204.1 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s25-in-f1.1e100.net

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nytimes.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 12 Dec 2023 14:22:58 GMT
expires: Wed, 11 Dec 2024 14:22:58 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 55 KB
19 KB 1442ms
1442ms XHR
text/plain 142.250.204.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2379048516978431&correlator=1580878052010544&eid=31080078%2C44809720&output=ldjh&gdfp_req=1&vrg=202312050101&ptt=17&impl=fif&iu_parts=29390238%2Cnyt%2Cmovies%2Csectionfront&enc_prev_ius=%2F0%2F1%2F2%2F3&prev_iu_szs=320x50%7C728x90%7C970x90%7C970x250%7C1605x300&fluid=height&ifi=2&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1702390977930&lmt=1702390420&adxs=0&adys=1556&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=1&ucis=2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=480&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fwww.nytimes.com%2Fsection%2Fmovies&vis=1&psz=1600x335&msz=1600x0&fws=4&ohw=1600&ga_vid=483061683.1702390978&ga_sid=1702390978&ga_hid=1663247322&ga_fc=false&dlt=1702390976011&idt=1764&prev_scp=div%3Dmid1%26pos%3Dmid1%26amznbid%3D1%26amznp%3D1%26request_time%3D1912&cust_params=als_test_clientside%3Dweb_none_none_20231212142256%26mktg%3Dtype_anon%252Clogf%252Cabf%26bt%3D%26sub%3Danon%26edn%3Dus%26test%3Dprojectvi%26ver%3Dvi%26typ%3Dsf%26vp%3Dlarge%26als_test%3D1702383898825%26prop%3Dnyt%26plat%3Dweb%26brandsensitive%3Dfalse%26artlen%3Dshort%26ledemedsz%3Dnone%26template%3Dlegacycollection%26section%3Dmovies%26si_section%3Dmovies%26id%3D100000004272298%26gscat%3Dgv_safe%252Cgb_safe%252Cneg_ibmtest%252Cgs_entertain%252Cgs_genres%252Cgs_entertain_movies%252Cneg_ibm%252Cneg_ihw%252Cneg_racism%252Cneg_chan2%252Cneg_chanel%252Cneg_hms%252Cneg_mastercard%252Cneg_citi_aa%252Cgs_t%26abra_dfp%3Ddfp_prebid_0723_3_index_pubmatic%252Cdfp_als_home_1_als%26sov%3D3%26page_view_id%3DNmzto2xnS7dut1kKI15JE621%26purr%3Dfull%26uap%3Dbrowser%26slug%3Dmovies&adks=1779676781&frm=20

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/us1/v4/datadog-rum.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.204.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s25-in-f2.1e100.net

Software

cafe /

Resource Hash

29a39b512e3a33aba1de7f9664a09621e6a7e6b351d13f9a3e3c4ab7bb124d0d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 14:22:59 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19622
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.nytimes.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 / Show response
dd.nytimes.com/js/ 235 B
620 B 13ms
6ms XHR
application/json 13.35.147.38
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dd.nytimes.com/js/

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/us1/v4/datadog-rum.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.35.147.38 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-35-147-38.syd1.r.cloudfront.net

Software

DataDome /

Resource Hash

650a7f5042bb1691c47e2739b4addbb6073e65c00ec12350f8cbb6c9bb35cdd5

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://www.nytimes.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Tue, 12 Dec 2023 14:22:57 GMT
via: 1.1 6defb821ef88eaf5ac6c82035b5646e2.cloudfront.net (CloudFront)
strict-transport-security: max-age=63072000; includeSubDomains; preload
server: DataDome
x-amz-cf-pop: SYD1-C1
x-cache: Miss from cloudfront
content-type: application/json;charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
content-length: 235
x-amz-cf-id: gGf7MhGkdhI140VqhCDGiK3QnSX6SbfKBank4xZiD6_a7MgNxrVNKw==
expires: 0

OPTIONS
H2 200 v2
samizdat-graphql.nytimes.com/graphql/ Frame 0
0 18ms
18ms Preflight 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://samizdat-graphql.nytimes.com/graphql/v2

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,nyt-app-type,nyt-app-version,nyt-token
Access-Control-Request-Method: POST
Origin: https://www.nytimes.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-credentials: true
access-control-allow-headers: content-type,nyt-app-type,nyt-app-version,nyt-token
access-control-allow-methods: GET,POST
access-control-allow-origin: https://www.nytimes.com
access-control-expose-headers: x-nyt-audience-target-flat,x-nyt-continent,x-nyt-country,x-nyt-region,x-nyt-meridiem,x-nyt-gmt-offset
access-control-max-age: 300
age: 857
content-length: 0
date: Tue, 12 Dec 2023 14:22:57 GMT
server: envoy
strict-transport-security: max-age=63072000; preload; includeSubdomains
timing-allow-origin: *
vary: Origin, Access-Control-Request-Headers, Accept-Encoding, Access-Control-Request-Method
via: 1.1 google, 1.1 varnish
x-cache: HIT
x-cache-hits: 166
x-envoy-decorator-operation: graphql-v1.samizdat.nyti.nyt.net:443/*
x-envoy-upstream-service-time: 54
x-nyt-audience-target-flat: NA:AM
x-nyt-continent: NA
x-nyt-country: US
x-nyt-edge-cache: HIT
x-nyt-meridiem: AM
x-nyt-region: DE
x-samizdat-query-exe-id: 8a9cf96fcc75219d
x-samizdat-query-field-errors: 0
x-served-by: cache-bne12529-BNE
x-timer: S1702390978.980429,VS0,VE1

POST
H2 200 v2 Show response
samizdat-graphql.nytimes.com/graphql/ 4 KB
2 KB 141ms
140ms Fetch
application/json 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://samizdat-graphql.nytimes.com/graphql/v2

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/us1/v4/datadog-rum.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

envoy /

Resource Hash

2872a6283f92a0e48691020c8f3b4d021f42c03a7e2d4354c6a33ff8da206fe5

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Referer: https://www.nytimes.com/
nyt-app-version: 0.0.5
nyt-token: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs+/oUCTBmD/cLdmcecrnBMHiU/pxQCn2DDyaPKUOXxi4p0uUSZQzsuq1pJ1m5z1i0YGPd1U1OeGHAChWtqoxC7bFMCXcwnE1oyui9G1uobgpm1GdhtwkR7ta7akVTcsF8zxiXx7DNXIPd2nIJFH83rmkZueKrC4JVaNzjvD+Z03piLn5bHWU6+w+rA+kyJtGgZNTXKyPh6EC6o5N+rknNMG5+CdTq35p8f99WjFawSvYgP9V64kgckbTbtdJ6YhVP58TnuYgr12urtwnIqWP9KSJ1e5vmgf3tunMqWNm6+AnsqNj8mCLdCuc5cEB74CwUeQcP2HQQmbCddBy2y0mEwIDAQAB
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
nyt-app-type: project-vi
Content-Type: application/json

Response headers

content-encoding: gzip
x-nyt-meridiem: AM
x-b3-traceid: 1
age: 73
x-samizdat-query-field-errors: 0
x-samizdat-query-cache: H
x-samizdat-query-exe-id: 6e89f37c5022cbdc
samizdat-x-canary: false
x-served-by: cache-bfi-kbfi7400042-BFI
x-graphiti-gateway: 411667ba
x-nyt-country: US
x-timer: S1702390978.060091,VS0,VE0
x-nyt-continent: NA
vary: Accept-Encoding, Samizdat-X-Personalize, Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.nytimes.com
x-nyt-region: DE
access-control-expose-headers: x-nyt-audience-target-flat, x-nyt-continent, x-nyt-country, x-nyt-region, x-nyt-meridiem, x-nyt-gmt-offset
cache-control: max-age=30
x-nyt-audience-target-flat: NA:AM
x-nyt-edge-cache: HIT
x-samizdat-query-op-id: project-vi.v2.getOffer
x-cache-hits: 1
x-samizdat-query-sup-code
date: Tue, 12 Dec 2023 14:22:58 GMT
via: 1.1 google, 1.1 varnish
x-envoy-decorator-operation: graphql-v1.samizdat.nyti.nyt.net:443/*
strict-transport-security: max-age=63072000; preload; includeSubdomains
x-cache: HIT
samizdat-x-instance: ef84ee32
x-envoy-upstream-service-time: 68
x-samizdat-query-personalized
content-length: 1183
last-modified: Tue, 12 Dec 2023 13:09:02 GMT
server: envoy
samizdat-x-kubernetes-namespace: v1
x-fetch-attempts: 1
x-samizdat-query-surrogates-size: 0
access-control-allow-credentials: true
x-datadog-trace-id: 1
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 / Show response
mwcm.nytimes.com/capi/metered_assets/ 9 KB
3 KB 323ms
320ms Fetch
application/json 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://mwcm.nytimes.com/capi/metered_assets/?plat=web&mc=0&gr=OPEN&mr=1&ma=1&counted=false&granted=true&us=anon&context-type=&areas=barOne

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/us1/v4/datadog-rum.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

envoy /

Resource Hash

eccd98f60887db343dda1d6e742eae7c954c554ade7a3d815bddd734a029d3a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.nytimes.com/section/movies
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 14:22:58 GMT
content-encoding: gzip
via: 1.1 google, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
x-envoy-decorator-operation: capi-prd.growth-mc.nyti.nyt.net:443/*
x-cache: MISS
x-envoy-upstream-service-time: 171
x-served-by: cache-bfi-kbfi7400042-BFI
server: envoy
x-cmots-campaign-names: {"barOne":"MAG_bar1_test_subcon"}
x-timer: S1702390978.060274,VS0,VE181
vary: x-nyt-country, x-nyt-user-status, x-nyt-cmots-purr-ad-conf, x-nyt-device, X-NYT-Currency, x-nyt-last-known-type, Accept-Encoding, Fastly-SSL, Origin
access-control-allow-methods: GET, PUT, POST, DELETE, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.nytimes.com
x-cloud-trace-context: 7657d2eb798bce1846918eb1204d4c46
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-nyt-route: mwcm-muassets
x-nyt-edge-cache: MISS
accept-ranges: bytes
access-control-allow-headers: Content-Type, x-requested-by, *
x-cache-hits: 0

GET
H2 200 client Show response
accounts.google.com/gsi/ 206 KB
79 KB 616ms
122ms Script
application/javascript 142.251.12.84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.google.com/gsi/client

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi-ip.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.12.84 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f84.1e100.net

Software

ESF /

Resource Hash

fc52743549708cdc656d9176cfd25f27236ce029a5caf4c738c29aa29c446a12

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, script-src 'report-sample' 'nonce-aFNgh9zYIC9VqtqgcfG_ww' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 14:22:58 GMT
content-security-policy: require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, script-src 'report-sample' 'nonce-aFNgh9zYIC9VqtqgcfG_ww' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
x-frame-options: SAMEORIGIN
report-to: {"group":"coop_dd7de8473bddc59c6b748810a67a39b1","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/dd7de8473bddc59c6b748810a67a39b1"}]}
content-type: application/javascript; charset=utf-8
cache-control: private, max-age=1800
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="coop_dd7de8473bddc59c6b748810a67a39b1"
expires: Tue, 12 Dec 2023 14:22:58 GMT

GET
H/1.1

200
OK

iu3 Show response
s.amazon-adsystem.com/ Frame 0C4F
Redirect Chain

https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-index_pm-db5_rbd_n-vmg_n-MediaNet_ox-db5_an-db5_3lift
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-index_pm-db5_rbd_n-vmg_n-MediaNet_ox-db5_an-db5_3lift&dcc=t

320 B
1 KB

271ms
271ms

Document
text/html

52.46.155.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-index_pm-db5_rbd_n-vmg_n-MediaNet_ox-db5_an-db5_3lift&dcc=t

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi-ip.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.46.155.104 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

9863e497691733db74131fb61099b6d3aad4198f442b261fd589ab6a96ab13d9

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Referer: https://www.nytimes.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 320
Content-Type: text/html;charset=ISO-8859-1
Date: Tue, 12 Dec 2023 14:22:58 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Server: Server
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Vary: Content-Type,Accept-Encoding,User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
x-amz-rid: 88QR18RDEB4CF9NMB3J5

Redirect headers

Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 0
Date: Tue, 12 Dec 2023 14:22:58 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-index_pm-db5_rbd_n-vmg_n-MediaNet_ox-db5_an-db5_3lift&dcc=t
Pragma: no-cache
Server: Server
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Vary: Content-Type,Accept-Encoding,User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
x-amz-rid: 76YSY8RQ63DBSFD6F7C9

GET
H2

200

activityi;dc_pre=COOto8yMioMDFV9HwgUd99gGjg;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=963752085070;auiddc=829376863.1702390978;u17=https%3A%2F%2Fwww.nytimes.com%2Fsection%2Fmovies;u5=;u18=anon;g... Show response
5290727.fls.doubleclick.net/ Frame F67F
Redirect Chain

https://5290727.fls.doubleclick.net/activityi;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=963752085070;auiddc=829376863.1702390978;u17=https%3A%2F%2Fwww.nytimes.com%2Fsection%2Fmovies;u5=;u18=anon...
https://5290727.fls.doubleclick.net/activityi;dc_pre=COOto8yMioMDFV9HwgUd99gGjg;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=963752085070;auiddc=829376863.1702390978;u17=https%3A%2F%2Fwww.nytimes.c...

652 B
518 B

142ms
141ms

Document
text/html

142.251.221.70
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://5290727.fls.doubleclick.net/activityi;dc_pre=COOto8yMioMDFV9HwgUd99gGjg;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=963752085070;auiddc=829376863.1702390978;u17=https%3A%2F%2Fwww.nytimes.com%2Fsection%2Fmovies;u5=;u18=anon;gtm=45He3bt0v72703797;gcd=11l1l1l1l1;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.nytimes.com%2Fsection%2Fmovies?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P528B3&gtm_auth=tfAzqo1rYDLgYhmTnSjPqw&gtm_preview=env-130&gtm_cookies_win=x

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.221.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s31-in-f6.1e100.net

Software

cafe /

Resource Hash

bd3f7700f1c1bf3d0b53e8d08f2e7a4382d02bba0abc674029ee1e59dd7bc58a

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nytimes.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 342
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 12 Dec 2023 14:22:58 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 12 Dec 2023 14:22:58 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://5290727.fls.doubleclick.net/activityi;dc_pre=COOto8yMioMDFV9HwgUd99gGjg;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=963752085070;auiddc=829376863.1702390978;u17=https%3A%2F%2Fwww.nytimes.com%2Fsection%2Fmovies;u5=;u18=anon;gtm=45He3bt0v72703797;gcd=11l1l1l1l1;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.nytimes.com%2Fsection%2Fmovies?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 chartbeat_video.js Show response
static.chartbeat.com/js/ 70 KB
24 KB 373ms
3ms Script
application/x-javascript 18.67.107.130
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.chartbeat.com/js/chartbeat_video.js
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/section/movies
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.67.107.130 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-67-107-130.syd62.r.cloudfront.net
Software: nginx /
Resource Hash: ff18779bb7f76122171e9faa51b7af30bc0239d361c926489b02032bb5bccb54

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 00:33:06 GMT
content-encoding: gzip
via: 1.1 dc7f2062b70b5b710c1b09d21b43f900.cloudfront.net (CloudFront)
last-modified: Thu, 16 Nov 2023 02:00:16 GMT
server: nginx
x-amz-cf-pop: SYD62-P2
age: 49792
etag: W/"655577b0-1197e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/x-javascript
cache-control: max-age=86400
cross-origin-resource-policy: cross-origin
x-amz-cf-id: jaBRXAyCpct7s--23ptXb1Yojv8KFRR6ZHafoIvl4cEGgBLfF75kJQ==
expires: Wed, 13 Dec 2023 00:33:06 GMT

GET
H2 200 show-ads.js Show response
a1.nyt.com/analytics/ 45 B
369 B 147ms
141ms Script
text/javascript 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://a1.nyt.com/analytics/show-ads.js

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/section/movies

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

8aa1e610b22079cb84a89491850b86860036e3f2c9750a367d839b9a6a63d306

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

expires: Tue, 02 May 2023 12:58:21 GMT
date: Tue, 12 Dec 2023 14:22:58 GMT
content-encoding: gzip
via: 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 34616
x-guploader-uploadid: ADPycdvWNj2fxFjQja_CpFvVq3rfWG4iEypjj9zr0PrCFEydrU8LFcAZ7n3AFoykrz6-3XrxqWxtgCyoYokjlYVWNev8vkYH716e
x-cache: HIT
x-goog-storage-class: REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 65
x-served-by: cache-bfi-kbfi7400042-BFI
last-modified: Wed, 22 Dec 2021 23:30:41 GMT
server: UploadServer
x-timer: S1702390978.274447,VS0,VE0
etag: "1d291da792456bd015b664ee1119a5e0"
vary: Accept-Encoding
x-goog-generation: 1640215841852360
x-goog-hash: crc32c=nM1/Pw==, md5=HSkdp5JFa9AVtmTuERml4A==
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public, max-age=86400
access-control-allow-methods: GET, OPTIONS
x-goog-stored-content-length: 45
accept-ranges: bytes
x-nyt-pagetype: nyt-dti-analytic
timing-allow-origin: *
x-cache-hits: 808

GET
H2 200 comscore-streaming.js Show response
a1.nyt.com/analytics/ 103 KB
19 KB 145ms
140ms Script
text/javascript 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://a1.nyt.com/analytics/comscore-streaming.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P528B3&gtm_auth=tfAzqo1rYDLgYhmTnSjPqw&gtm_preview=env-130&gtm_cookies_win=x

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

fe8d5a6f12533884b6896dd290e422c830e86e0228d45dbe97ac03c6e86a5b5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

expires: Thu, 17 Mar 2022 08:24:07 GMT
date: Tue, 12 Dec 2023 14:22:58 GMT
content-encoding: gzip
via: 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 7505
x-guploader-uploadid: ADPycdtDhTiMd5wb0c_d1F-brtOcUxR1GKXg7ahx-M9FiiVHkofi9xteXuHgM9CYfMekWOL9kISOjYDJtnnRmhAXShA
x-cache: HIT
x-goog-storage-class: REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 18717
x-served-by: cache-bfi-kbfi7400042-BFI
last-modified: Wed, 22 Dec 2021 23:30:41 GMT
server: UploadServer
x-timer: S1702390978.274288,VS0,VE0
etag: "04e0b9556a78ce5cedf86a34e5483036"
vary: Accept-Encoding
x-goog-generation: 1640215841902856
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
x-goog-hash: crc32c=XkdIyw==, md5=BOC5VWp4zlzt+Go05UgwNg==
access-control-expose-headers: Content-Type
cache-control: public, max-age=86400
access-control-allow-methods: GET, OPTIONS
x-goog-stored-content-length: 105675
accept-ranges: bytes
x-nyt-pagetype: nyt-dti-analytic
timing-allow-origin: *
x-cache-hits: 313

GET
H2 200 nyt.js Show response
cdn.brandmetrics.com/tag/85a1ebf79602421aa1c2c2f24d32cb6c/ 5 KB
2 KB 324ms
11ms Script
text/javascript 104.26.13.18
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.brandmetrics.com/tag/85a1ebf79602421aa1c2c2f24d32cb6c/nyt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P528B3&gtm_auth=tfAzqo1rYDLgYhmTnSjPqw&gtm_preview=env-130&gtm_cookies_win=x
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.13.18 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a6a464e55b66da4ea128368c807cf47f6b05c8e939c8ca27a01e30e41f57a914

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 14:22:58 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Tue, 12 Dec 2023 13:31:58 GMT
server: cloudflare
age: 3060
cf-polished: origSize=4821
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lyiBGA80SeIXVz%2FGz1urJcAK2o71adl8Cl7v48SeshbAggJimaN%2F7ClnLvnIDeNvk%2FIYw909%2BnvwL3qUzyOyg2%2B3zr2UOjZszHqeJKrodVRoxr9XLpEGJOlG5S5oTcPVN%2FuTGZ66"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript;charset=utf-8
cache-control: public, max-age=3600
cf-ray: 83469f5fbbe3a979-SYD
request-context: appId=cid-v1:5c986aee-9723-4541-b38e-d4ac73c46937

GET
H2

200

cksync
hb.yahoo.net/
Redirect Chain

https://insight.adsrvr.org/track/pxl/?adv=bomn82o&ct=0:s2f54xh&fmt=3&ttl=43200&gtmcb=1249826272
https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=97c7f663-a8ae-4388-a348-f00d2a750605&gdpr=0&gdpr_consent=&expires=30&next=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Frubicon
https://match.adsrvr.org/track/cmf/rubicon?gdpr=0
https://cm.g.doubleclick.net/pixel?google_nid=TheTradeDesk&google_cm&google_sc&google_hm=OTdjN2Y2NjMtYThhZS00Mzg4LWEzNDgtZjAwZDJhNzUwNjA1&gdpr=0&gdpr_consent=&ttd_tdid=97c7f663-a8ae-4388-a348-f00d2...
https://match.adsrvr.org/track/cmf/google?g_uuid=&gdpr=0&gdpr_consent=&ttd_tdid=97c7f663-a8ae-4388-a348-f00d2a750605&google_gid=CAESEPXnB7Rh5iVDi0a-s92wGto&google_cver=1
https://ups.analytics.yahoo.com/ups/55953/sync?uid=97c7f663-a8ae-4388-a348-f00d2a750605&_origin=1&redir=true&gdpr=0&gdpr_consent=&redir=true
https://ups.analytics.yahoo.com/ups/55953/sync?uid=97c7f663-a8ae-4388-a348-f00d2a750605&_origin=1&redir=true&gdpr=0&gdpr_consent=&redir=true&verify=true
https://ups.analytics.yahoo.com/ups/58824/sync?_origin=0&dpid=55953&ovsid=97c7f663-a8ae-4388-a348-f00d2a750605&gdpr=0&redir=true
https://hb.yahoo.net/cksync?cs=63&axid_e=eS0xdzZObzZCRTJ1RTdmUklZaS5ESHFUWHh2Y2M3VWNTLn5B&gdpr=0&ovsid=97c7f663-a8ae-4388-a348-f00d2a750605&dpid=55953

57 B
663 B

321ms
20ms

Image
image/gif

23.206.242.194
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://hb.yahoo.net/cksync?cs=63&axid_e=eS0xdzZObzZCRTJ1RTdmUklZaS5ESHFUWHh2Y2M3VWNTLn5B&gdpr=0&ovsid=97c7f663-a8ae-4388-a348-f00d2a750605&dpid=55953

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/section/movies

Protocol

Server

23.206.242.194 Sydney, Australia, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-206-242-194.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

ed079d77ba54a8e4bfc931029de75b1f5128fcae45e274d53aca95f8ab17b438

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400 ; includeSubDomains, max-age=604800

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=86400 ; includeSubDomains, max-age=604800
date: Tue, 12 Dec 2023 14:23:00 GMT
server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
content-length: 57
x-mnet-hl2: E
expires: Tue, 12 Dec 2023 14:23:00 GMT

Redirect headers

location: https://hb.yahoo.net/cksync?cs=63&axid_e=eS0xdzZObzZCRTJ1RTdmUklZaS5ESHFUWHh2Y2M3VWNTLn5B&gdpr=0&ovsid=97c7f663-a8ae-4388-a348-f00d2a750605&dpid=55953
date: Tue, 12 Dec 2023 14:23:00 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.94
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

POST
H2 200 track
a.et.nytimes.com/ 0
0 248ms
248ms Ping
text/plain 50.112.118.45
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://a.et.nytimes.com/track
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/section/movies
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 50.112.118.45 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-50-112-118-45.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.nytimes.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

GET
H2 200 65568.js Show response
cdn.brandmetrics.com/scripts/bundle/ 60 KB
17 KB 10ms
9ms Script
text/javascript 104.26.13.18
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.brandmetrics.com/scripts/bundle/65568.js?sid=4486dfe2-780e-4dfa-a60a-2a948887658f&toploc=www.nytimes.com
Requested by: Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi-ip.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.13.18 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3dd9c8deec417c77b8b70e299a2de0746a2f264a8a1594f2edbc5d01840f875f

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 14:22:58 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Tue, 12 Dec 2023 13:31:58 GMT
server: cloudflare
age: 3060
cf-polished: origSize=62706
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pgE0CpGBecm04W53YWsrSuKi4xVeRnwUe5rxGViedCB9vpFmpzVbYa9Ni3XFYUtNASXdil%2BmxIqIWtSB8Mj89y%2BQ8W4u2DCR82V%2BZepqclnQ6JWfAa079epwsozL4v7b%2Fy4C0VNj"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript;charset=utf-8
cache-control: public, max-age=3600
cf-ray: 83469f5fdbeba979-SYD
request-context: appId=cid-v1:5c986aee-9723-4541-b38e-d4ac73c46937

GET
H2 200 c.js Show response
collector.brandmetrics.com/ 0
143 B 769ms
254ms Script
text/javascript 20.50.2.28
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://collector.brandmetrics.com/c.js?siteid=4486dfe2-780e-4dfa-a60a-2a948887658f&toploc=www.nytimes.com&rnd=1332643
Requested by: Host: cdn.brandmetrics.com
URL: https://cdn.brandmetrics.com/scripts/bundle/65568.js?sid=4486dfe2-780e-4dfa-a60a-2a948887658f&toploc=www.nytimes.com
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.50.2.28 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

request-context: appId=cid-v1:5c986aee-9723-4541-b38e-d4ac73c46937
date: Tue, 12 Dec 2023 14:22:59 GMT
content-length: 0
content-type: text/javascript;charset=utf-8

GET
H2 200 ping
pnytimes.chartbeat.net/ 43 B
201 B 635ms
209ms Image
image/gif 3.226.96.146
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pnytimes.chartbeat.net/ping?h=nytimes.com&p=nytimes.com%2Fsection%2Fmovies&u=DW4reLDaLajUBrifY9&d=nytimes.com&g=16698&g0=movies%2Cculture_desk&g1=No%20Author&n=1&f=00001&c=0&x=0&m=0&y=4476&o=1600&w=1200&j=45&R=1&W=0&I=0&E=0&e=0&r=&PA=https%3A%2F%2Fwww.nytimes.com%2Fsection%2Fmovies&b=3438&t=fbE6xQF89dBc8cL_DZgkQxCNh1hI&V=141&i=Movies%20-%20The%20New%20York%20Times&tz=-480&_acct=anon&sn=1&sv=D3IW7JBUDONMBWlvj0xPADuC31bzk&sd=1&im=06679ff3&_
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/section/movies
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.226.96.146 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-226-96-146.compute-1.amazonaws.com
Software: /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Tue, 12 Dec 2023 14:22:59 GMT
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-length: 43
expires: 0

GET
H2 200 dc_pre=COOto8yMioMDFV9HwgUd99gGjg;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=963752085070;auiddc=829376863.1702390978;u17=https%3A%2F%2Fwww.nytimes.com%2Fsection%2Fmovies;u5=;u18=anon;gtm=45He3bt... Show response
adservice.google.com/ddm/fls/i/ Frame 3AD5 655 B
719 B 542ms
142ms Document
text/html 142.251.221.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/ddm/fls/i/dc_pre=COOto8yMioMDFV9HwgUd99gGjg;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=963752085070;auiddc=829376863.1702390978;u17=https%3A%2F%2Fwww.nytimes.com%2Fsection%2Fmovies;u5=;u18=anon;gtm=45He3bt0v72703797;gcd=11l1l1l1l1;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.nytimes.com%2Fsection%2Fmovies

Requested by

Host: 5290727.fls.doubleclick.net
URL: https://5290727.fls.doubleclick.net/activityi;dc_pre=COOto8yMioMDFV9HwgUd99gGjg;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=963752085070;auiddc=829376863.1702390978;u17=https%3A%2F%2Fwww.nytimes.com%2Fsection%2Fmovies;u5=;u18=anon;gtm=45He3bt0v72703797;gcd=11l1l1l1l1;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.nytimes.com%2Fsection%2Fmovies?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.221.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s31-in-f2.1e100.net

Software

cafe /

Resource Hash

2f1442acf0c26c27edd582bcc4a22eec08ffbd952599be0af9bcfccbae871e68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://5290727.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 344
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 12 Dec 2023 14:22:59 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 style
accounts.google.com/gsi/ 533 B
585 B 108ms
108ms Stylesheet
text/css 142.251.12.84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.google.com/gsi/style

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi-ip.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.12.84 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f84.1e100.net

Software

ESF /

Resource Hash

1c4e7e389d73c6acf7f19cc812514e71230740791fde8a018c1d7edccf1590ae

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, script-src 'report-sample' 'nonce-DmsLryGi8SG9beVhdn9WGw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 14:22:58 GMT
content-security-policy: require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, script-src 'report-sample' 'nonce-DmsLryGi8SG9beVhdn9WGw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
x-frame-options: SAMEORIGIN
report-to: {"group":"coop_dd7de8473bddc59c6b748810a67a39b1","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/dd7de8473bddc59c6b748810a67a39b1"}]}
content-type: text/css; charset=utf-8
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="coop_dd7de8473bddc59c6b748810a67a39b1"
expires: Tue, 12 Dec 2023 14:22:58 GMT

GET
H2 200 status Show response
accounts.google.com/gsi/ 40 B
526 B 113ms
113ms XHR
application/json 142.251.12.84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.google.com/gsi/status?client_id=1005640118348-amh5tgkq641oru4fbhr3psm3gt2tcc94.apps.googleusercontent.com&as=7BQwb4jer%2FMtYPa9R8Mfcg

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/us1/v4/datadog-rum.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.12.84 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f84.1e100.net

Software

ESF /

Resource Hash

7d58f0b8cd6862e6585a29e79cb427601671844d4e2f2f790623cd32a186c779

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-3EcvL5sMSVL-IXoGadTaGQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 14:22:58 GMT
content-security-policy: script-src 'report-sample' 'nonce-3EcvL5sMSVL-IXoGadTaGQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
x-content-type-options: nosniff
content-encoding: gzip
content-disposition: attachment; filename="json.txt"; filename*=UTF-8''json.txt
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
server: ESF
x-frame-options: SAMEORIGIN
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.nytimes.com
report-to: {"group":"coop_dd7de8473bddc59c6b748810a67a39b1","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/dd7de8473bddc59c6b748810a67a39b1"}]}
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
cross-origin-opener-policy-report-only: same-origin; report-to="coop_dd7de8473bddc59c6b748810a67a39b1"
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame BB09 6 KB
3 KB 5ms
3ms Document
text/html 142.250.204.1
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi-ip.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.204.1 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s25-in-f1.1e100.net

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nytimes.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 12 Dec 2023 14:22:58 GMT
expires: Wed, 11 Dec 2024 14:22:58 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 grumi.js Show response
rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/ Frame BB09 273 KB
88 KB 7ms
5ms Script
text/javascript 18.67.93.81
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi.js
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/section/movies
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.67.93.81 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-67-93-81.syd62.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 21b9e0f4cf193d980500358ef342b8fe7a0e4b4fbcddf247f6dd1d45bbfa27b9

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 14:21:57 GMT
x-amz-version-id: 6fepN.VNWz0MWP4kDwf2Irob35V_9YW7
content-encoding: br
last-modified: Tue, 12 Dec 2023 14:01:30 GMT
server: AmazonS3
via: 1.1 909f00169c0be43b0eae99ab8e7a6126.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD62-P1
etag: W/"96a87dd5f2afc11b78052816807e8711"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding, Origin
x-cache: Hit from cloudfront
content-type: text/javascript
cache-control: public,max-age=3600,stale-while-revalidate=3600,immutable,must-revalidate
age: 63
x-amz-cf-id: oUaOOjWrlP3seapylOn4mZ56l5V6mh1f57jNKHRx5KLxo-xFqcdZkQ==

GET
H/1.1 200
OK pr Show response
s.amazon-adsystem.com/v3/ Frame 066A 2 KB
3 KB 213ms
211ms Document
text/html 52.46.155.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://s.amazon-adsystem.com/v3/pr?exlist=n-index_pm-db5_rbd_n-vmg_n-MediaNet_ox-db5_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3

Requested by

Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-index_pm-db5_rbd_n-vmg_n-MediaNet_ox-db5_an-db5_3lift&dcc=t

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.46.155.104 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

f79b8d8264eaf4ab002526e742f9c06603f3e80f095e9ae5569c6ce6257928ab

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Referer: https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-index_pm-db5_rbd_n-vmg_n-MediaNet_ox-db5_an-db5_3lift&dcc=t
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 2112
Content-Type: text/html;charset=ISO-8859-1
Date: Tue, 12 Dec 2023 14:22:59 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Server: Server
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Vary: Content-Type,Accept-Encoding,User-Agent
x-amz-rid: XXKAFG25QXSBN9KQS33N

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 0F81 624 B
556 B 107ms
106ms Document
text/html 142.250.204.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CIMDELCB_MIEGP689PkBMAE&v=APEucNXj5bldZgWcX5eQjh7GLE4KG3x6XdFFsEkjp0u6ErJT9Tc1Cf4i741sAOqQnXQJFM0xNnB8heolBdqbgL-Llik-oNv_NQ

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.204.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s25-in-f2.1e100.net

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 12 Dec 2023 14:22:59 GMT
expires: Tue, 12 Dec 2023 14:22:59 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 skeleton.js Show response
fw.adsafeprotected.com/rjss/st/1703769/75569295/ Frame BB09 46 KB
12 KB 19ms
9ms Script
application/javascript 54.79.148.68
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/st/1703769/75569295/skeleton.js
Requested by: Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.79.148.68 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-79-148-68.ap-southeast-2.compute.amazonaws.com
Software: /
Resource Hash: 7e7a1c54060752586b61ede881eb42f005b535a0b986792e6ab99c63a9c18129

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Dec 2023 14:22:59 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame BB09 111 KB
39 KB 411ms
4ms Script
text/javascript 142.250.204.6
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.204.6 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s25-in-f6.1e100.net

Software

sffe /

Resource Hash

1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com/
Origin: https://68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 16:20:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 79349
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39806
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:44:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 12 Dec 2023 16:20:30 GMT

GET
H2 200 omrhp_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20231207/r20110914/elements/html/ Frame BB09 7 KB
3 KB 411ms
4ms Script
text/javascript 142.250.66.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231207/r20110914/elements/html/omrhp_fy2021.js

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.66.226 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s15-in-f2.1e100.net

Software

cafe /

Resource Hash

c4b813f7aa04eca20be469b259cca2779799f58e280d73488bd7386940d2d146

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 03:18:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 39845
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3071
x-xss-protection: 0
server: cafe
etag: 10674441169935035545
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 26 Dec 2023 03:18:54 GMT

GET
H2 200 abg_lite_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20231207/r20110914/ Frame BB09 24 KB
9 KB 406ms
5ms Script
text/javascript 142.250.66.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231207/r20110914/abg_lite_fy2021.js

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.66.226 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s15-in-f2.1e100.net

Software

cafe /

Resource Hash

c8fffb0b438b7f9403ccd47fddc2de355f2f685fe2f59ac9d4c15f82854d79b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 02:24:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 43133
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9318
x-xss-protection: 0
server: cafe
etag: 3562968281324141506
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 26 Dec 2023 02:24:06 GMT

GET
H2 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame BB09 41 KB
14 KB 7ms
3ms Script
text/javascript 142.250.204.1
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.204.1 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s25-in-f1.1e100.net

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 12:45:24 GMT
content-encoding: br
x-content-type-options: nosniff
age: 351455
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 07 Dec 2024 12:45:24 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame BB09 3 KB
1 KB 6ms
2ms Script
text/javascript 142.250.204.1
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/window_focus_fy2021.js

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.204.1 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s25-in-f1.1e100.net

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 01:53:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 44970
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 26 Dec 2023 01:53:29 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame BB09 20 KB
9 KB 5ms
1ms Script
text/javascript 142.250.204.1
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.204.1 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s25-in-f1.1e100.net

Software

cafe /

Resource Hash

8d6679c1ce1ac8605f5c410f30d1b06713479732043b75e81130cbe21b60e579

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 01:53:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 44970
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8571
x-xss-protection: 0
server: cafe
etag: 5853369240893788875
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 26 Dec 2023 01:53:29 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame BB09 203 KB
65 KB 470ms
117ms Script
text/javascript 142.250.66.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.66.194 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s23-in-f2.1e100.net

Software

sffe /

Resource Hash

9129c3cb5b3b6d486d719614ef0e64508258a9d15de6c8bfab167e3da9dd87f3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 14:22:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65486
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1702315402350014"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 12 Dec 2023 14:22:59 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame BB09 42 B
173 B 531ms
139ms Image
image/gif 142.250.66.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DMcdT-P3b-xMTQGL1VTunl2_p8wQkCMSa7l58BGBYEcATvRF2wOKp1eTQBAGKx93EqrCk5tMk4VX7Szvp7sQhWBlg22ViHZfs88zZyux0ci1JG6HM

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.66.226 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s15-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Dec 2023 14:22:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 main.19.8.464.js Show response
static.adsafeprotected.com/ Frame BB09 213 KB
67 KB 786ms
173ms Script
application/javascript 18.244.214.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/main.19.8.464.js
Requested by: Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.244.214.85 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-244-214-85.sfo53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e580b888ec2ff667515810611d279b0a9ccba891e80dbeb183ac6eea7e5526e1

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 20:14:57 GMT
x-amz-version-id: UVhHGORh2DNEUMNNkt_WUa02s5tqiqCw
content-encoding: gzip
via: 1.1 09a6126b061d0cdf434b3e3d2aab0c6c.cloudfront.net (CloudFront)
x-amz-cf-pop: SFO53-P4
age: 410883
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Thu, 07 Dec 2023 18:46:00 GMT
server: AmazonS3
etag: W/"abf69ba4c667ac44b2f9c28f5047f6bd"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: EVEYGnJYcg-fPuLHtZToY7L8NPMoTb-16H9zaeyGti0yAafTv_ybhw==

GET
DATA 200
OK truncated
/ Frame BB09 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 38bc16a58459956bdbcc193e12187c769004be470b56764fdcc348374313005b

Request headers

accept-language: en-AU,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 04CB 38 KB
13 KB 5ms
3ms Document
text/html 142.250.204.1
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.204.1 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s25-in-f1.1e100.net

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

accept-ranges: bytes
age: 352495
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 08 Dec 2023 12:28:04 GMT
expires: Sat, 07 Dec 2024 12:28:04 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame BB09 0
58 B 482ms
140ms Image
image/gif 142.250.66.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodarir&v=44&d=1&s=1&f=0.01&bgai=BuiWjwmx4ZYNF5Iiaww_i0KXIBwAAAAA4AeAEAg

Requested by

Host: 68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com
URL: https://68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.66.226 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s15-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Dec 2023 14:22:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_pre=COOto8yMioMDFV9HwgUd99gGjg;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=963752085070;auiddc=829376863.1702390978;u17=https%3A%2F%2Fwww.nytimes.com%2Fsection%2Fmovies;u5=;u18=anon;gtm=45He3bt... Show response
adservice.google.com.au/ddm/fls/i/ Frame 81E2 194 B
303 B 144ms
143ms Document
text/html 142.251.221.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com.au/ddm/fls/i/dc_pre=COOto8yMioMDFV9HwgUd99gGjg;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=963752085070;auiddc=829376863.1702390978;u17=https%3A%2F%2Fwww.nytimes.com%2Fsection%2Fmovies;u5=;u18=anon;gtm=45He3bt0v72703797;gcd=11l1l1l1l1;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.nytimes.com%2Fsection%2Fmovies

Requested by

Host: adservice.google.com
URL: https://adservice.google.com/ddm/fls/i/dc_pre=COOto8yMioMDFV9HwgUd99gGjg;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=963752085070;auiddc=829376863.1702390978;u17=https%3A%2F%2Fwww.nytimes.com%2Fsection%2Fmovies;u5=;u18=anon;gtm=45He3bt0v72703797;gcd=11l1l1l1l1;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.nytimes.com%2Fsection%2Fmovies

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.221.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s31-in-f2.1e100.net

Software

cafe /

Resource Hash

05978957c6c8b028f2785dc77271c286bfac76e30b7bcd7e835c2927fbe897cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 85
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 12 Dec 2023 14:22:59 GMT
expires: Tue, 12 Dec 2023 14:22:59 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 0F81
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED3wIzJO4noV7Wol-NXKLkM&google_cver=1

43 B
738 B

140ms
140ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED3wIzJO4noV7Wol-NXKLkM&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIMDELCB_MIEGP689PkBMAE&v=APEucNXj5bldZgWcX5eQjh7GLE4KG3x6XdFFsEkjp0u6ErJT9Tc1Cf4i741sAOqQnXQJFM0xNnB8heolBdqbgL-Llik-oNv_NQ
Protocol: H3
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Dec 2023 14:22:59 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WsSnArI9QrDVdeNU8l9L%2BUgNAelvxj5AqrgAuDd92KYAurCXK%2Bgsz4DuQikfvybgAO%2BkMMqsEOQEwWvLStG%2FT3JkRLSxBmi30gd0n0eMpQqb7gkv3keHKZyEgavDDPlRU%2FqjzgZJNhmVvw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 83469f655ff65c07-SYD
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 12 Dec 2023 14:22:59 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED3wIzJO4noV7Wol-NXKLkM&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 0F81
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZXhsw0O-dECp2dSN19ffEQAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED3wIzJO4noV7Wol-NXKLkM&google_cver=1

43 B
734 B

145ms
145ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED3wIzJO4noV7Wol-NXKLkM&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIMDELCB_MIEGP689PkBMAE&v=APEucNXj5bldZgWcX5eQjh7GLE4KG3x6XdFFsEkjp0u6ErJT9Tc1Cf4i741sAOqQnXQJFM0xNnB8heolBdqbgL-Llik-oNv_NQ
Protocol: H3
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Dec 2023 14:22:59 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RBv7HC2Jjt12gOfPc%2B3MUWq4aKVQjcPL%2B%2FYqDKjN8MucPS%2FpSxQDZD2hrcIfgHvdI0JqkzZbfglSuzy1eIcOjZCJsCZ9tCyp48F9qx628izAdHRga3DSLnkeYwDsnKmT2hnExiD7dbpl1A%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 83469f66185c5c07-SYD
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 12 Dec 2023 14:22:59 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED3wIzJO4noV7Wol-NXKLkM&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame 0F81
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESENQzOYRzBeRxFFpens_f7Og&google_cver=1

43 B
842 B

181ms
180ms

Image
image/gif

103.43.89.4
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESENQzOYRzBeRxFFpens_f7Og&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIMDELCB_MIEGP689PkBMAE&v=APEucNXj5bldZgWcX5eQjh7GLE4KG3x6XdFFsEkjp0u6ErJT9Tc1Cf4i741sAOqQnXQJFM0xNnB8heolBdqbgL-Llik-oNv_NQ

Protocol

Server

103.43.89.4 Singapore, Singapore, ASN29990 (ASN-APPNEX, US),

Reverse DNS

839.bm-nginx-loadbalancer.mgmt.sin3.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Dec 2023 14:22:59 GMT
an-x-request-uuid: 17d54e9b-770c-44fd-828e-fe9f374d9cb1
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 66.203.112.165; 66.203.112.165; 839.bm-nginx-loadbalancer.mgmt.sin3.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 12 Dec 2023 14:22:59 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESENQzOYRzBeRxFFpens_f7Og&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 0F81
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjA5NDI5NzczNzgzNDI2NDI1Mw%3D%3D

170 B
243 B

102ms
102ms

Image
image/png

142.251.221.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjA5NDI5NzczNzgzNDI2NDI1Mw%3D%3D

Requested by

Protocol

Server

142.251.221.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s31-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Dec 2023 14:22:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 12 Dec 2023 14:22:59 GMT
an-x-request-uuid: 6942508d-9086-4d72-acbd-d6ff6c8715de
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjA5NDI5NzczNzgzNDI2NDI1Mw%3D%3D
x-proxy-origin: 66.203.112.165; 66.203.112.165; 839.bm-nginx-loadbalancer.mgmt.sin3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame 04CB 39 KB
15 KB 299ms
5ms Script
text/javascript 142.250.66.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.66.226 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s15-in-f2.1e100.net

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 16:20:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 79348
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 10 Dec 2024 16:20:31 GMT

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame 066A
Redirect Chain

https://cs.media.net/cksync?cs=31&type=tam&redirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dmedia.net%26id%3D%3Cvsid%3E
https://s.amazon-adsystem.com/ecm3?ex=media.net&id=3453925792890142000V10

43 B
479 B

213ms
213ms

Image
image/gif

52.46.155.104
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=media.net&id=3453925792890142000V10

Requested by

Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-index_pm-db5_rbd_n-vmg_n-MediaNet_ox-db5_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3

Protocol

HTTP/1.1

Server

52.46.155.104 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-AU,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 12 Dec 2023 14:22:59 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: WN3R31BCQAQ1GPYTSE9Z
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 12 Dec 2023 14:22:59 GMT
Server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
Location: https://s.amazon-adsystem.com/ecm3?ex=media.net&id=3453925792890142000V10
Content-Type: text/html
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 154
x-mnet-hl2: E
Expires: Tue, 12 Dec 2023 14:22:59 GMT

GET
H3

200

usermatch Show response
ssum-sec.casalemedia.com/ Frame FA5A
Redirect Chain

https://ssum-sec.casalemedia.com/usermatch?s=192259&cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID
https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1

2 KB
1 KB

112ms
110ms

Document
text/html

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
Requested by: Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-index_pm-db5_rbd_n-vmg_n-MediaNet_ox-db5_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 502e2d3d603625c036ca116dd1971b073ed08c0d2160399225df5ca6140d40ed

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-cache
cf-cache-status: DYNAMIC
cf-ray: 83469f652fda5c07-SYD
content-encoding: br
content-type: text/html
date: Tue, 12 Dec 2023 14:22:59 GMT
expires: 0
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Yp2%2B4m9FlPp2UsOMlWqaD%2FgGV9x1t6tWTyDP2WSs%2FkGz0jjNi46hvSdJVkU1yvMfHq9DzZ5TnvNE3Q9%2F%2ByXwNfa3bx61YXovAxNnGULQvWaRJV6ScC2NJ8uqZkcp09p%2B%2FAJSACNDAVarMw%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

Redirect headers

alt-svc: h3=":443"; ma=86400
cache-control: no-cache
cf-cache-status: DYNAMIC
cf-ray: 83469f6469cfa947-SYD
content-length: 0
date: Tue, 12 Dec 2023 14:22:59 GMT
expires: 0
location: /usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x%2FFTo7JYzs43ZXuHdOSx49T1yKMGkDff9KW240iQwTHQJVaRrahkJwfRvt2mBFlyw5y%2FTrDalYPfMI5CfBhOt%2BV9yJ0AY9Gthmwz2Y3A7hzEv9SmoaISaKYPloFfpDh0jcgng%2FuIij0a2w%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 03B0 16 KB
6 KB 16ms
4ms Document
text/html 23.198.59.89
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3DPM_UID
Requested by: Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-index_pm-db5_rbd_n-vmg_n-MediaNet_ox-db5_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.198.59.89 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-198-59-89.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 8e53e50181b7a9e2caa94173c37fcd9de8fa75750764a2ad8ad02fac3306d652

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=58743
content-encoding: gzip
content-length: 5622
content-type: text/html
date: Tue, 12 Dec 2023 14:22:59 GMT
expires: Wed, 13 Dec 2023 06:42:02 GMT
last-modified: Thu, 16 Nov 2023 09:11:44 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame 7A11 281 B
554 B 19ms
2ms Document
text/html 23.202.170.74
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east
Requested by: Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-index_pm-db5_rbd_n-vmg_n-MediaNet_ox-db5_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.202.170.74 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-202-170-74.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Tue, 12 Dec 2023 14:22:59 GMT
ETag: "20525-119-60930cbd3cec0"
Last-Modified: Thu, 02 Nov 2023 19:57:23 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

GET
H/1.1

200
OK

ecm3 Show response
s.amazon-adsystem.com/ Frame 5FCA
Redirect Chain

https://ups.analytics.yahoo.com/ups/58251/sync?redir=true
https://ups.analytics.yahoo.com/ups/58251/sync?redir=true&verify=true
https://s.amazon-adsystem.com/ecm3?ex=vmg.com&id=eS0yemlBOWpORTJ1SjMybVNTbTNwSHR6dTBRWHd2RWNNQX5B

43 B
479 B

217ms
216ms

Document
image/gif

52.46.155.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://s.amazon-adsystem.com/ecm3?ex=vmg.com&id=eS0yemlBOWpORTJ1SjMybVNTbTNwSHR6dTBRWHd2RWNNQX5B

Requested by

Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-index_pm-db5_rbd_n-vmg_n-MediaNet_ox-db5_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.46.155.104 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif
Date: Tue, 12 Dec 2023 14:23:00 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Server: Server
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Vary: Content-Type,Accept-Encoding,User-Agent
x-amz-rid: EX4F7Z5FJHTH7JWEGW93

Redirect headers

age: 0
content-length: 0
date: Tue, 12 Dec 2023 14:23:00 GMT
location: https://s.amazon-adsystem.com/ecm3?ex=vmg.com&id=eS0yemlBOWpORTJ1SjMybVNTbTNwSHR6dTBRWHd2RWNNQX5B
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
server: ATS/9.1.10.94
strict-transport-security: max-age=31536000

GET
H2

200

cm Show response
u.openx.net/w/1.0/ Frame 5459
Redirect Chain

https://u.openx.net/w/1.0/cm?id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D
https://u.openx.net/w/1.0/cm?cc=1&id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX...

583 B
687 B

104ms
103ms

Document
text/html

35.244.159.8
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://u.openx.net/w/1.0/cm?cc=1&id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D
Requested by: Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-index_pm-db5_rbd_n-vmg_n-MediaNet_ox-db5_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 6ddb5ed1f5b14c409a096ed3d748233c17491a4fde156df67524df6a681f6336

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-length: 363
content-type: text/html
date: Tue, 12 Dec 2023 14:22:59 GMT
p3p: CP="CUR ADM OUR NOR STA NID"
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
via: 1.1 google

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Tue, 12 Dec 2023 14:22:59 GMT
location: https://u.openx.net/w/1.0/cm?cc=1&id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D
p3p: CP="CUR ADM OUR NOR STA NID"
server: OXGW/0.0.0
via: 1.1 google

GET
H/1.1

200
OK

ecm3 Show response
s.amazon-adsystem.com/ Frame 3F33
Redirect Chain

https://ib.adnxs.com/getuid?https://s.amazon-adsystem.com/ecm3?id=$UID&ex=appnexus.com
https://s.amazon-adsystem.com/ecm3?id=6094297737834264253&ex=appnexus.com

43 B
479 B

257ms
216ms

Document
image/gif

52.46.155.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://s.amazon-adsystem.com/ecm3?id=6094297737834264253&ex=appnexus.com

Requested by

Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-index_pm-db5_rbd_n-vmg_n-MediaNet_ox-db5_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.46.155.104 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif
Date: Tue, 12 Dec 2023 14:22:59 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Server: Server
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Vary: Content-Type,Accept-Encoding,User-Agent
x-amz-rid: X8AH6A93709V5S4E8ZEF

Redirect headers

accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
access-control-allow-credentials: true
access-control-allow-origin: *
an-x-request-uuid: 45367395-4f8a-4278-8eb7-f7b305525191
cache-control: no-store, no-cache, private
content-length: 0
content-type: text/html; charset=utf-8
date: Tue, 12 Dec 2023 14:22:59 GMT
expires: Sat, 15 Nov 2008 16:00:00 GMT
location: https://s.amazon-adsystem.com/ecm3?id=6094297737834264253&ex=appnexus.com
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
pragma: no-cache
server: nginx/1.23.4
x-proxy-origin: 66.203.112.165; 66.203.112.165; 839.bm-nginx-loadbalancer.mgmt.sin3.adnexus.net; adnxs.com
x-xss-protection: 0

GET
H/1.1

200
OK

ecm3 Show response
s.amazon-adsystem.com/ Frame 26C6
Redirect Chain

https://eb2.3lift.com/getuid?redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3D3lift.com%26id%3D%24UID
https://s.amazon-adsystem.com/ecm3?ex=3lift.com&id=4563082581659851557982

43 B
479 B

384ms
213ms

Document
image/gif

52.46.155.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://s.amazon-adsystem.com/ecm3?ex=3lift.com&id=4563082581659851557982

Requested by

Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-index_pm-db5_rbd_n-vmg_n-MediaNet_ox-db5_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.46.155.104 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif
Date: Tue, 12 Dec 2023 14:22:59 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Server: Server
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Vary: Content-Type,Accept-Encoding,User-Agent
x-amz-rid: YTTWHS4Z0EBQ5PKE4VY1

Redirect headers

cache-control: no-cache, no-store, must-revalidate
content-length: 0
date: Tue, 12 Dec 2023 14:22:59 GMT
location: https://s.amazon-adsystem.com/ecm3?ex=3lift.com&id=4563082581659851557982
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame 03B0 2 KB
2 KB 546ms
181ms Script
text/html 67.199.150.81
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=76895133&p=156011&s=165626&a=0&ptask=ALL&np=0&fp=0&rp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3DPM_UID
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 67.199.150.81 Singapore, Singapore, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: /
Resource Hash: 5be89ad241b600411c56e2f681a6aa952768a04a0d679d7ba5507dfe32ef3b43

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date: Tue, 12 Dec 2023 14:22:59 GMT
content-length: 1672
content-type: text/html; charset=UTF-8

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 7A11 46 KB
13 KB 178ms
178ms Script
text/html 23.202.170.74
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.202.170.74 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-202-170-74.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 9d29bd3d743d6136eeaaa2f19ea175e6679f5c5d897c3b5c5c5caa7c265e3b2b

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date: Tue, 12 Dec 2023 14:22:59 GMT
Content-Encoding: gzip
Last-Modified: Mon, 11 Dec 2023 20:47:39 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=23018
Connection: keep-alive
Content-Length: 13232
Expires: Tue, 12 Dec 2023 20:46:37 GMT

GET
H2 200 container.html Show response
68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 1E66 6 KB
3 KB 4ms
3ms Document
text/html 142.250.204.1
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi-ip.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.204.1 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s25-in-f1.1e100.net

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nytimes.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 12 Dec 2023 14:22:58 GMT
expires: Wed, 11 Dec 2024 14:22:58 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 grumi.js Show response
rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/ Frame 1E66 273 KB
88 KB 5ms
5ms Script
text/javascript 18.67.93.81
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi.js
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/section/movies
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.67.93.81 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-67-93-81.syd62.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 21b9e0f4cf193d980500358ef342b8fe7a0e4b4fbcddf247f6dd1d45bbfa27b9

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 14:21:57 GMT
x-amz-version-id: 6fepN.VNWz0MWP4kDwf2Irob35V_9YW7
content-encoding: br
last-modified: Tue, 12 Dec 2023 14:01:30 GMT
server: AmazonS3
via: 1.1 909f00169c0be43b0eae99ab8e7a6126.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD62-P1
etag: W/"96a87dd5f2afc11b78052816807e8711"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding, Origin
x-cache: Hit from cloudfront
content-type: text/javascript
cache-control: public,max-age=3600,stale-while-revalidate=3600,immutable,must-revalidate
age: 63
x-amz-cf-id: GJbRu_KKqEkIbSKtkAfcfhUuQcquVusKfwDeQ7UpZ9UL8ale3iE_wA==

GET
H2 200 654cd2bf713fffd7c94db202 Show response
c.bannerflow.net/a/ Frame 1E66 58 KB
20 KB 456ms
142ms Script
application/javascript 104.17.202.110
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://c.bannerflow.net/a/654cd2bf713fffd7c94db202?did=5d6fb28839d71e0001cd1a9f&deeplink=on&responsive=off&redirecturl=https://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DCl5Zbwmx4ZYjLM-u1msMPtcOCoAnXuPHBcsKCtJ-rEqTPm3kQASDI1vUZYKWAgICQAaABn-PizAPIAQmpAnFU_MewG7I-4AIAqAMByAMCqgTAAk_QdZTksoTxgIUgblFLCcnLx4y5KlKSJfGwUAPdyfF4C7T2f8C-GEfR15SqtuhkwvdxGq9iF2pPNk73qoNu9tR5-HrBhChEzNf8d0iw2x_ArFxumXNrC8nDv0VdwElENr_F7tAihubcGd9zsPq-FL2nir2COEkAaz20UQtSUIyuqb0H_2pkbIGe6aKr4XOk5NdtyncdYiYFyLu2wi8LyZ_CjjxZq2vU4M27sJn1y5U6FFAvMT430e1T_y_Bn2O8aiYXKKQ45ZvptrdaPSu93sJbHjRVcJYPGTeh_VdWHZ0Gr9rVbhNZtZJpC--rnFIROcq226lHtsgmCai5Tnbu0UBvU0KcnvoJPiPG1yetNKia0lBtriUiUaGRG8mno_lQGduWp875L-4lqk8PjV-sR6U7BI-GsxH3Xr6NRElyZ2Y2wATEhIG-jATgBAGIBaHY5_g-oAYRgAfJnJ0zqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAqgHyqmxAqgH66WxAtgHANIIHwiAYRABGB0yAooCOgSAQIBASL39wTpY8KiNzIyKgwOACgOYCwHICwGADAGiDBgqFgoU5LSxAu61sQK1uLECrLqxAru7sQLaDBEKCxDA56OcuefInJcBEgIBA6oNAkFVyA0B4g0TCNXcjcyMioMDFeuaZgIdtaEAlNgTDdAVAZgWAfgWAYAXAQ%26ase%3D2%26gclid%3DEAIaIQobChMIiLTAzIyKgwMV65pmAh21oQCUEAEYASAAEgKqDvD_BwE%26num%3D1%26cid%3DCAQSTwDICaaNLmA6kW6fxPD0z5m3Cf23boMj5ApznIw63mt996QF8FLHZvwMeTzGCG6vlT7xm3H6slOUZW6bnwHuyDcr4PQHOIIh1BQM3ST2k8gYAQ%26sig%3DAOD64_0a8xg11fhTWY2___LdunyAgoplig%26client%3Dca-pub-4177862836555934%26adurl%3D&cb=2131564902
Requested by: Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.202.110 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3f824ce0ed2523da296824e9a9ddd80594be0dfb2f1fb07fea8f178ac771cb98

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 14:22:59 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Tue, 12 Dec 2023 14:22:59 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, s-maxage=10
cf-ray: 83469f679e7aaaf0-SYD
request-context: appId=cid-v1:1a5f66bd-0229-467a-a946-b3753e659ecb

GET
H2 200 m_js_controller_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame 1E66 36 KB
14 KB 9ms
5ms Script
text/javascript 142.250.204.1
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/m_js_controller_fy2021.js

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.204.1 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s25-in-f1.1e100.net

Software

cafe /

Resource Hash

ce44d9d3620877fb90e5a0dc690fb51323242adfd601d2d327e623488f94c67d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 05:08:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 33250
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14395
x-xss-protection: 0
server: cafe
etag: 62258312933698035
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 26 Dec 2023 05:08:49 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame 1E66 3 KB
1 KB 6ms
3ms Script
text/javascript 142.250.204.1
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/window_focus_fy2021.js

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.204.1 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s25-in-f1.1e100.net

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 01:53:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 44970
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 26 Dec 2023 01:53:29 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame 1E66 20 KB
8 KB 5ms
2ms Script
text/javascript 142.250.204.1
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.204.1 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s25-in-f1.1e100.net

Software

cafe /

Resource Hash

8d6679c1ce1ac8605f5c410f30d1b06713479732043b75e81130cbe21b60e579

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 01:53:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 44970
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8571
x-xss-protection: 0
server: cafe
etag: 5853369240893788875
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 26 Dec 2023 01:53:29 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 1E66 203 KB
64 KB 335ms
332ms Script
text/javascript 142.250.66.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.66.194 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s23-in-f2.1e100.net

Software

sffe /

Resource Hash

9129c3cb5b3b6d486d719614ef0e64508258a9d15de6c8bfab167e3da9dd87f3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 14:22:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65486
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1702315402350014"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 12 Dec 2023 14:22:59 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/ Frame 1E66 24 KB
9 KB 7ms
4ms Script
text/javascript 142.250.204.1
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/abg_lite_fy2021.js

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.204.1 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s25-in-f1.1e100.net

Software

cafe /

Resource Hash

c8fffb0b438b7f9403ccd47fddc2de355f2f685fe2f59ac9d4c15f82854d79b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 21:16:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 61614
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9318
x-xss-protection: 0
server: cafe
etag: 3562968281324141506
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 25 Dec 2023 21:16:05 GMT

GET
DATA 200
OK truncated
/ Frame 1E66 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d74f3acd42f70d94250e0f86315476a34fff26ddf8c3d3db17caef3bf92fced2

Request headers

accept-language: en-AU,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK ecm3
s.amazon-adsystem.com/ Frame 5459 43 B
479 B 625ms
224ms Image
image/gif 52.46.155.104
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=openx.com&id=e87b0110-83c4-8d8c-9947-0f8f35e1dc85

Requested by

Host: u.openx.net
URL: https://u.openx.net/w/1.0/cm?cc=1&id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.46.155.104 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 12 Dec 2023 14:23:00 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: NZVB2A5KZE67197EHRGQ
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1

200
OK

syncd
x.bidswitch.net/ Frame 5459
Redirect Chain

https://match.adsrvr.org/track/cmf/openx?oxid=b0ad7d6d-9f6e-3676-5949-8d185dd21765&gdpr=0
https://x.bidswitch.net/syncd?dsp_id=93&user_group=1&user_id=97c7f663-a8ae-4388-a348-f00d2a750605&expires=30&redir=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Fgeneric%3Fttd_pid%3Dbidswitch

43 B
235 B

318ms
104ms

Image
image/gif

35.213.12.39
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/syncd?dsp_id=93&user_group=1&user_id=97c7f663-a8ae-4388-a348-f00d2a750605&expires=30&redir=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Fgeneric%3Fttd_pid%3Dbidswitch
Requested by: Host: u.openx.net
URL: https://u.openx.net/w/1.0/cm?cc=1&id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D
Protocol: HTTP/1.1
Server: 35.213.12.39 Tokyo, Japan, ASN15169 (GOOGLE, US),
Reverse DNS: 39.12.213.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date: Tue, 12 Dec 2023 14:22:59 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

Redirect headers

location: https://x.bidswitch.net/syncd?dsp_id=93&user_group=1&user_id=97c7f663-a8ae-4388-a348-f00d2a750605&expires=30&redir=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Fgeneric%3Fttd_pid%3Dbidswitch
date: Tue, 12 Dec 2023 14:22:59 GMT
server: Kestrel
content-length: 413

GET
H3

200

sd
jp-u.openx.net/w/1.0/ Frame 5459
Redirect Chain

https://tg.socdm.com/rtb/sync_before?proto=openx
https://jp-u.openx.net/w/1.0/sd?id=537072335&val=ZXhsxMCo8X0AABYCj-gAAAAA

43 B
61 B

100ms
97ms

Image
image/gif

35.244.159.8
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://jp-u.openx.net/w/1.0/sd?id=537072335&val=ZXhsxMCo8X0AABYCj-gAAAAA
Requested by: Host: u.openx.net
URL: https://u.openx.net/w/1.0/cm?cc=1&id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D
Protocol: H3
Server: 35.244.159.8 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Dec 2023 14:23:00 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

X-SO-Cluster-ID: 0
Date: Tue, 12 Dec 2023 14:23:00 GMT
X-SO-LB-Data: {"ban":false,"clean_query":"\/rtb\/sync_before?proto=openx","cluster_id":0,"gdpr":false,"ipv4":"66.203.112.165","key":"ZXhsxMCo8X0AABYCj-gAAAAA","privacy_sensitive":false,"uid":"","upstream_id":"a-ad40325"}
X-SO-Key: ZXhsxMCo8X0AABYCj-gAAAAA
Server: nginx
X-SO-Upstream-ID: a-ad40325
P3P: CP="See also http://www.scaleout.jp/privacy/"
Location: https://jp-u.openx.net/w/1.0/sd?id=537072335&val=ZXhsxMCo8X0AABYCj-gAAAAA
Cache-Control: private
X-SO-HostName: a-ad40325.dc2p.scaleout.jp
Connection: keep-alive
X-SO-Ads-Time: 4
Content-Length: 0
X-SO-LB-Hostname: m-tgng25.dc4p.scaleout.jp
X-SO-IP: 66.203.112.165

GET
H2

200

sd
jp-u.openx.net/w/1.0/ Frame 5459
Redirect Chain

https://cr-p3.ladsp.com/cookiesender/3
https://cr-p3.ladsp.com/cookiesender/3?cr=true
https://jp-u.openx.net/w/1.0/sd?id=537072451&val=AcOq2b-h6QVcks8AED41tPFQ2s8AAAGMXmjcWQ

43 B
97 B

100ms
97ms

Image
image/gif

35.244.159.8
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://jp-u.openx.net/w/1.0/sd?id=537072451&val=AcOq2b-h6QVcks8AED41tPFQ2s8AAAGMXmjcWQ
Requested by: Host: u.openx.net
URL: https://u.openx.net/w/1.0/cm?cc=1&id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D
Protocol: H2
Server: 35.244.159.8 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Dec 2023 14:22:59 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 12 Dec 2023 14:22:59 GMT
via: 1.1 59c28089b3545e4c431888bcebce405c.cloudfront.net (CloudFront)
server: Logicad
x-amz-cf-pop: SYD1-C2
x-cache: Miss from cloudfront
p3p: CP="NOI DEVo TAIo PSAo PSDo OUR IND UNI NAV", policyref="http://cd.ladsp.com/xml/w3c/p3p.xml"
location: https://jp-u.openx.net/w/1.0/sd?id=537072451&val=AcOq2b-h6QVcks8AED41tPFQ2s8AAAGMXmjcWQ
cache-control: no-cache
content-length: 0
x-amz-cf-id: id6yy9v-_ZqfnPcYp1jHxqsCvvWn62bKGHRSyCbpfhvO0q3cmXyqLw==
expires: -1

GET
H2 200 pixel
cm.g.doubleclick.net/ Frame 5459 170 B
232 B 104ms
104ms Image
image/png 142.251.221.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=OWNjMmFlYTctNTYxOS02OGQyLTRjYTktZDdhMTk3MzBkOTA1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.221.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s31-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Dec 2023 14:22:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 5459
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEHTK4lwGuBUScyGnIwz27fc&google_cver=1

43 B
171 B

103ms
99ms

Image
image/gif

35.244.159.8
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEHTK4lwGuBUScyGnIwz27fc&google_cver=1
Requested by: Host: u.openx.net
URL: https://u.openx.net/w/1.0/cm?cc=1&id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D
Protocol: H2
Server: 35.244.159.8 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Dec 2023 14:22:59 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 12 Dec 2023 14:22:59 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEHTK4lwGuBUScyGnIwz27fc&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK khaos.json Show response
token.rubiconproject.com/ Frame 7A11 7 B
778 B 1375ms
182ms XHR
application/json 69.173.158.64
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://token.rubiconproject.com/khaos.json?
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 69.173.158.64 Singapore, Singapore, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: a1dd48c657971696c2087f2a6beb489ee65b25320b763222f10718dd93e9149e

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://eus.rubiconproject.com
Cache-Control: no-cache,no-store,must-revalidate
access-control-allow-credentials: true
content-length: 7
X-RPHost: 94869a3d6d62a785bc2a9351b08a70bb
Expires: 0

GET
H3

200

crum
dsum-sec.casalemedia.com/ Frame FA5A
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=ZXhsw9hMmxDOyEbVTzghIgAA
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESED3wIzJO4noV7Wol-NXKLkM&google_cver=1

43 B
739 B

110ms
109ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESED3wIzJO4noV7Wol-NXKLkM&google_cver=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
Protocol: H3
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Dec 2023 14:22:59 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G0LJfQ4ThSxb3xw6tjMXMQY3ZQzd35GAQGXJGv%2BVr10t8d%2FFXSvUEyBoTOMw3Rruv3fc3bhzw%2FDVWXjAdzyWX2wh%2F9Br4lde93qzyjc34Qpm3ckLzjW%2B91QcNt4wVQUau1P1FZEZ%2BTAHTg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 83469f67790d5c07-SYD
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 12 Dec 2023 14:22:59 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESED3wIzJO4noV7Wol-NXKLkM&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 314
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

usermatchredir
ssum-sec.casalemedia.com/ Frame FA5A
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=ZXhsw9hMmxDOyEbVTzghIgAAEqcAAAIB&gdpr_consent=&us_privacy=&gdpr=&gpp=&gpp_sid=
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&gpp=&gpp_sid=&google_gid=CAESECiaucvMMo7L1XRYtmxNOFM&google_cver=1

43 B
736 B

110ms
110ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&gpp=&gpp_sid=&google_gid=CAESECiaucvMMo7L1XRYtmxNOFM&google_cver=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
Protocol: H3
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Dec 2023 14:22:59 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=joQ%2FhijV1NsYGs55n2%2BMoXEY3PEwiEMWLxSW0zVgpGS9slJjVVNKW76Wpwcyl%2FnAiThetNY2lLtFX4fYgFB6Ttb0ETgB1OjjURxoIZlc9%2FiOumG7erxpGG5UElTj6ZBpO%2FcK%2FolamoK3DA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 83469f66a8b15c07-SYD
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 12 Dec 2023 14:22:59 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&gpp=&gpp_sid=&google_gid=CAESECiaucvMMo7L1XRYtmxNOFM&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 364
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK dcm
s.amazon-adsystem.com/ Frame FA5A 43 B
855 B 626ms
217ms Image
image/gif 52.46.155.104
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZXhsw9hMmxDOyEbVTzghIgAAEqcAAAIB&gpp=&gpp_sid=

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.46.155.104 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 12 Dec 2023 14:23:00 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: 09WH6H5N69CTQJKE3EMJ
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: image/gif
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

362358.gif
idsync.rlcdn.com/ Frame FA5A
Redirect Chain

https://i.liadm.com/s/31327?bidder_id=14481&bidder_uuid=ZXhsw9hMmxDOyEbVTzghIgAA%264775&gpdr=&gdpr_consent=&us_privacy=&gpp=&gpp_sid=
https://i.liadm.com/s/31327?gdpr_consent=&bidder_id=14481&gpp=&bidder_uuid=ZXhsw9hMmxDOyEbVTzghIgAA%264775&_li_chk=true&gpp_sid=&us_privacy=&gpdr=&previous_uuid=b549779f7bc64f959de8ed9bba8c1e0e
https://d.turn.com/r/dd/id/L21rdC8xOTcxL2NpZC8xNzQ5ODczMjc1L3QvMg/url/https://i.liadm.com/s/53233?bidder_id=183658&bidder_uuid=$!%7BTURN_UUID%7D
https://i.liadm.com/s/53233?bidder_id=183658&bidder_uuid=8000979015355519534
https://live.rezync.com/sync?c=0aa2530f29e4f4a05b5d5d9bb35d60c2&p=93c1662463a616a7155169889dd99651&pid=b549779f-7bc6-4f95-9de8-ed9bba8c1e0e
https://p.rfihub.com/cm?pub=39342&in=1&userid=6fa7c272-8cc4-4735-a419-82b4fcca0c88%3A1702390982.615638&forward=https%3A//idsync.rlcdn.com/501709.gif%3Fpartner_uid%3D6fa7c272-8cc4-4735-a419-82b4fcca...
https://live.rezync.com/pixel?c=bd8618c307ae9885a12561b7191e2cea&cid=1978557985136605531&referrer={encSite}&forward=https%3A%2F%2Fidsync.rlcdn.com%2F501709.gif%3Fpartner_uid%3D6fa7c272-8cc4-4735-a4...
https://idsync.rlcdn.com/501709.gif?partner_uid=6fa7c272-8cc4-4735-a419-82b4fcca0c88%3A1702390982.615638&_=1702390982.6183689
https://cm.g.doubleclick.net/pixel?google_nid=epsilon&google_cm
https://idsync.rlcdn.com/362358.gif?google_gid=CAESEHlb-HlBUT3TURiuVk0ZG7Q&google_cver=1

42 B
60 B

183ms
182ms

Image
image/gif

35.244.154.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/362358.gif?google_gid=CAESEHlb-HlBUT3TURiuVk0ZG7Q&google_cver=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
Protocol: H3
Server: 35.244.154.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.154.244.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 14:23:04 GMT
via: 1.1 google
content-type: image/gif
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

Redirect headers

pragma: no-cache
date: Tue, 12 Dec 2023 14:23:03 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://idsync.rlcdn.com/362358.gif?google_gid=CAESEHlb-HlBUT3TURiuVk0ZG7Q&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 289
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

demconf.jpg
dpm.demdex.net/ Frame FA5A
Redirect Chain

https://dpm.demdex.net/ibs:dpid=23728&dpuuid=ZXhsw9hMmxDOyEbVTzghIgAA%264775?gdpr_consent=&us_privacy=&gdpr=&gpp=&gpp_sid=
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=23728&dpuuid=ZXhsw9hMmxDOyEbVTzghIgAA%264775

42 B
716 B

212ms
211ms

Image
image/gif

34.234.28.111
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=23728&dpuuid=ZXhsw9hMmxDOyEbVTzghIgAA%264775

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1

Protocol

Server

34.234.28.111 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-234-28-111.compute-1.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

dcs: dcs-prod-va6-2-v053-0d1df410a.edge-va6.demdex.com 1 ms
pragma: no-cache
date: Tue, 12 Dec 2023 14:23:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-encoding: gzip
x-tid: /tXxGFD6TJE=
content-type: image/gif
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-length: 59
expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

dcs: dcs-prod-va6-2-v053-06db94d21.edge-va6.demdex.com 0 ms
pragma: no-cache
date: Tue, 12 Dec 2023 14:23:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-tid: ++wkoRvRSwQ=
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=23728&dpuuid=ZXhsw9hMmxDOyEbVTzghIgAA%264775
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-length: 0
expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2

200

ZXhsw9hMmxDOyEbVTzghIgAAEqcAAAIB
pr-bh.ybp.yahoo.com/sync/casale/ Frame FA5A
Redirect Chain

https://ups.analytics.yahoo.com/ups/55940/sync?_origin=1&redir2=true&uid=ZXhsw9hMmxDOyEbVTzghIgAAEqcAAAIB&gdpr_consent=&us_privacy=&gdpr=&gpp=&gpp_sid=
https://ups.analytics.yahoo.com/ups/55940/sync?_origin=1&redir2=true&uid=ZXhsw9hMmxDOyEbVTzghIgAAEqcAAAIB&gdpr_consent=&us_privacy=&gdpr=&gpp=&gpp_sid=&verify=true
https://pr-bh.ybp.yahoo.com/sync/casale/ZXhsw9hMmxDOyEbVTzghIgAAEqcAAAIB

43 B
602 B

696ms
191ms

Image
image/gif

54.255.162.48
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/casale/ZXhsw9hMmxDOyEbVTzghIgAAEqcAAAIB

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1

Protocol

Server

54.255.162.48 Singapore, Singapore, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-255-162-48.ap-southeast-1.compute.amazonaws.com

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Content-Security-Policy	sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 14:23:00 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
content-type: image/gif
content-length: 43

Redirect headers

location: https://pr-bh.ybp.yahoo.com/sync/casale/ZXhsw9hMmxDOyEbVTzghIgAAEqcAAAIB
date: Tue, 12 Dec 2023 14:22:59 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.94
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame FA5A
Redirect Chain

https://match.adsrvr.org/track/cmf/casale
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=97c7f663-a8ae-4388-a348-f00d2a750605&expiration=1704982979&gdpr=0&gdpr_consent=

43 B
737 B

110ms
109ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=97c7f663-a8ae-4388-a348-f00d2a750605&expiration=1704982979&gdpr=0&gdpr_consent=
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
Protocol: H3
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Dec 2023 14:22:59 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ih4uemnbXRFo52cge7KpRko5RgmpB%2FwziBRwJK0cGJXIJxZjKACHUojlLWfyzt8BbMKu43Oewzmm5OOwa%2F%2BsII4An9f%2FC1kpBhvep%2FmpUuLqfO0KaTWc5qbefykD4c8bO2z7i2aQMjH%2FSg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 83469f65f84d5c07-SYD
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=97c7f663-a8ae-4388-a348-f00d2a750605&expiration=1704982979&gdpr=0&gdpr_consent=
date: Tue, 12 Dec 2023 14:22:59 GMT
server: Kestrel
content-length: 323

GET
H2

200

crum
dsum.casalemedia.com/ Frame FA5A
Redirect Chain

https://dmp.brand-display.com/cm/api/index?cm_dsp_id=191&cm_user_id=%3cIndex_user_id%3e
https://dsum.casalemedia.com/crum?cm_dsp_id=191&external_user_id=8d0e630b-e327-4f5a-60adf172

43 B
330 B

151ms
148ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum.casalemedia.com/crum?cm_dsp_id=191&external_user_id=8d0e630b-e327-4f5a-60adf172
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
Protocol: H2
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Dec 2023 14:22:59 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q0YyCuTCusuMO72YwjC77TR7d7O57HnRg%2BdvuTkfVfWrNOZct2kTmeKUpnfeS6c8P8lO97oLzFuxkEr9X5%2B7RU4%2FUylobkAkIc%2F9fdpgglUEGYxSqOxakA5vnPop8y1skxxZZEZw"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 83469f676b16a947-SYD
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

date: Tue, 12 Dec 2023 14:22:59 GMT
via: 1.1 google
server: nginx/1.24.0
p3p: CP='This is not a P3P policy!'
access-control-allow-origin: *
location: https://dsum.casalemedia.com/crum?cm_dsp_id=191&external_user_id=8d0e630b-e327-4f5a-60adf172
content-type: text/html; charset=utf-8
cache-control: max-age=3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 119

GET
H/1.1 200
OK ecm3
s.amazon-adsystem.com/ Frame FA5A 43 B
479 B 628ms
214ms Image
image/gif 52.46.155.104
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=index.com&id=ZXhsw9hMmxDOyEbVTzghIgAAEqcAAAIB

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.46.155.104 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 12 Dec 2023 14:23:00 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: EDSZCFKS32KTD3VN30XV
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 index.html Show response
s0.2mdn.net/sadbundle/10992030431410607268/ Frame 8221 27 KB
8 KB 305ms
3ms Document
text/html 142.250.204.6
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/10992030431410607268/index.html?ev=01_250

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.204.6 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s25-in-f6.1e100.net

Software

sffe /

Resource Hash

b728959cc185ca5740ab862ff3cd8e9a6527df90eb19d45d373e9f7a9e3c8e09

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 558108
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 7460
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Wed, 06 Dec 2023 03:21:11 GMT
expires: Thu, 05 Dec 2024 03:21:11 GMT
last-modified: Fri, 06 Oct 2023 12:17:53 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
ad.doubleclick.net/pcs/ Frame BB09 0
0 251ms
147ms Fetch
image/gif 142.250.204.6
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/pcs/view?xai=AKAOjsvbft7G5Pyppdle2CDJe0dplKI5YaBQtKjPISpCa-XpCB2qJi19CKDxZDsv1foSRuZnC-jvg6k672lJp4HR20vTcBYp-0_0Fa6BnRg43pFGxG7QFMKS7PVKFumZ4YmAWufvIebBl_mqwASWioP_Jon58XUbTHkY_H--ac2w1Oyd7WfB61cYXUrMK1vmet0B0Wv65CPr9oK1xDZQ-m90Xu-zlp2q7wxIDqecdcKSRe4PdBJ6TBMuWruM20snT6XTLoOzdtiPbyJYLIvRG60brnPq3gaFqKKXDSktoaFz_Rww1LkxlsMkXO-_fRgjFdBrtfRh-kSmpCShS4uYRIMKWouRuCaBrtPv0Rtq2EPBJlGtYDAwWWhIlcyV4ZuR-kdGy4jGq2Sk9rhsAzqnRekqSM8pUP9eZQMNE5BjONbcTGmfR96-WvqV4TDCXBYKF_v0-IXIve4b4Y7EnzvWc6m8uI9Mr-x6f0hwz7S5MdAWtVhA3_jV3VzzOIijMBx4v7V3dVIe2Ll-85DxfpJubLf8LlJNCScRWi5jo_T2IAPpkfC41cq65ms40lo6SAMM8Yw5nvE6ZzZAAXtHMWXWMIeP7MIFEBDdqxQ-xoKKhsqIC6U16qR-PSRSd1ZaOg5SNyjbNSACinOMimhk72-_bQV-_Qsfr0G1KC0MbSOVNJ85E9S6Or5CJQ5EU0KL5_m9XJr_G7z4DMEH6q0ojdxxjPGQDHqvvjxAA2-y5R20gbL_KC9QgP2JAAHmztZQspXhcrlRGmm6m5vfXLsrPHftcscJ-bY6TOIIO7LUVq41S9UlCDrbBlj-U7qHk9uO_UfqVHp1gKgOQkNyzBHoMizTXRJ69NAew-Xo5bM0AqrwT4v8Q2GJcQb1uwQMzWVpn9fx-O2SF8Tvh-PoJ7eNIeFUescQSZcymmz86CmfVIBxjGT35SJmw08jdeXaFsQWhgejuDMmqjVY1EGxOJ_BVcIC4izOYOkdlPsxHx3H5MG_9lzJsqDyxn_J3IdWq49VQVl38cYvYOPdCNKd9Nu0E1SShY-LNghFIaYR2aEHMmOrAtScD8c2bl9Os1B9kLZAUQcLMsz_i_kCsZcNeBGon8POzP20MtDVivYuzNWvkuG2McdEHEmhIL0u3YMU4Ne-DS4o78wiEogbvUIUpBlm0lQ-wm8l2h91yFKOEpObxu8W-Y5KSOWmqigJpcEYmdInYn5XiIhdRPAwB686Xof5LlhnoPF4oNHW-mfADo0ChidBop2ZLsmDlL0ybPbfnhinGz-bBES8RZl-KH1HgeTPyUE4oNGt364-I1bL4n6dXt-VkgUPSL6CZYzo8NCfzTm9NcubjGs1hG2-26XRVktnbQSoMl-c_kCDnqEyVZ3gX3ITMhwdayqMGyXfOEMuPn1cbbRiBPTJUaEcdm3Q9BkRjlYt6LuvafUmXygmSpYRyAuA7SNrVZOi2u74Y_CEvAQQryxbtKHPWEMn8bXNro_bBg0_3XpykYus6O7BEX4R-8UDjuvZtuzb9pdHCW52GFKmxWyMTxQWfwUHwg&sai=AMfl-YQTETCjFEHHgiXaXuFy6XEm0O0UZQl-eXSGB6Q_X4QaAP7Ms8a19hAlwyuZghw9ZZnzOXuqRyyxHLwgtNTfAa_h_TC83fQvMGOH7Mc7jd16Z1zOQnmOglq3Tw_VBJyAnYCQnwksSfB3CuXFHUgvX9DoMmaq3a_h3SbHO6K6A4pBHLF8qylh3gWF0cI2ZOgdwo9EDh2VEHlQThYOjZ9IfnGfI6KXc55ud3puzHRWWdAF2G2VILmLf4QmVXDLO6hFwQOqmWN3UzpOALC42gV5WTkaopH1Lq5glxiywlfx1xe4R1sFcQnDGf6E-Pt5OKk_2wygSx3YYE0pAH6YUOXNsSB8ZsfJ67wWzqxIuwzIaJvOpatMNMcR53leCSFp0cwwgERN7fbJEky9mYmnpODGqzTmENp2W7sNUwJ5TXcYDRR7UIw6YEmF3lmskWPoeARqdMbvh0mpQw63eDAWZLgJFbwyL8Y9bKopcXbeoLyw4ZIfbdYh4pTu11DRlLh31vtqKWTPrCEO3KiR1A&sig=Cg0ArKJSzHQ97qyNdUuLEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&crd=aHR0cHM6Ly9sYW5kcm92ZXIuY29tLmF1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=450&cbvp=1&cstd=442&cisv=r20231207.55454&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.204.6 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s25-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 12 Dec 2023 14:22:59 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 04CB 0
56 B 141ms
140ms Image
image/gif 142.250.66.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BuiWjwmx4ZYNF5Iiaww_i0KXIBwAAAAA4AeAEAg&bg=!8POl87zNAAY3kmNgF5I7ADQBe5WfONroyrji6fjS_ppalekBEvkqxYTXOrf10ZdH-YVptQ87Y0SBa8iPutTi5U7s5-mZAgAAAFxSAAAAAmgBBwoAMlEMfiPGU247j4B_1rIXyK7vU5ZPySg16wcyaa8rxwNSaTIzv4aeonJ65KZh2J_Fr8BumQM26xfrXGS58i2EItCUh-0oLBXOBfwHM9VoTkzZsCEC0f985u9vh1Qkp0-P_6K_pRlPHuqKKeBR1uXlgSAnPBma69ho0wGWkdcN23vyltecEZ3-13RpoepcBVNRn8nimltoikVkiL_w_YHbLkA-W-c3hxrKzqBiry670zg3SeORu7eEod1geKN29BLnH6p9vQ52RT8-yu89sG9ArvIbaYsWAYTwiVtnL8K2AiabjzcAGKjbsE577HEq3L-_J6YChNeoSogp6kGdKDemoFoPPpTGFJ9zhmS1bU6wdnAAIh9jDm4_Gzox_8zRDNQqGb4ahdbxkxq4zvAjXlW9Fol35OyqHhYRiiyBIhYjxzktFrtRUkH2gp44pHzTQw5lFfTy5Jbjh35OMrrKKPmmOTWx3sa2Hs9tps6kaw8ICyLZVD60UdlucgAgi3RCvyJ9TjTKXV0VPG7jwLNrI07l1e9_k3AlHU6tSJ9pBLqW4MaACPlX_upo_vFxvcotDP4DvoC1_U1b-3ySpGwbjLOrQKq_qAhmSq4wfIAC_hLdtUZ67UzazV6HGh8FqHGWnvAQXYZ94_MT95iZRsfbVW9D3bMDqyI-WvrHTsr1AYHt0sgIee-U2BHX37bJZlAdcm8yk6K26ZRYBA1YPIlFQE0Mb3BshqQNYpNS6qSzFiOx83BH-dQssg130LVCeRGzm0Fk0ojzlaIEP3rQtviRB70XJUPfB_qSkeof65phhlqxImGGGtNFAiYzEkkb8U0EA0XcV6fz_KRbH0GHQFRj8i7saEgl1iNzQd-M-PF9ARd8B3dXNLBqqw5kbc3-Vr_HRnI3L-ObVHgROWqAl9dFVawNjB5SwtT5ovX52Z6H0wGBnxqKrLDtXYitL3tF3NFEChR6ETDxTfltbZ6slbuafGMDl0SKVAEyCDyhmiESY37LV5YU8B7tDulqKIV4ZldCK4sZqncSPLNhlV-j-00eETWW0lrKpJ6rRX4I2Abv2gXQbStABZ8scg2QnNCifjcDZdiB_fX1yNPspxYbESNQdbYVNtQFV5Wz2V2ZMA13SUnpWSemlk4Bozr2lNnkziUjE3j0J9JRHpPmXZg7LunW

Requested by

Host: 68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com
URL: https://68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.66.226 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s15-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Dec 2023 14:22:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 init Show response
gw.geoedge.be/api/ Frame BB09 0
215 B 960ms
200ms XHR
text/plain 13.35.151.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://gw.geoedge.be/api/init
Requested by: Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.151.118 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-151-118.syd1.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: *
date: Tue, 12 Dec 2023 14:23:00 GMT
via: 1.1 d0c0855de58a470001e3701ff4871f82.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD1-C1
content-length: 0
x-amz-cf-id: M7dUhFChy4Jtszse00eSKVA0Op81ic41b69BpDXvvofgSIptFE-qmw==
x-cache: Miss from cloudfront

GET img
sync.mathtag.com/sync/ Frame B27E 0
0

GET
H/1.1 200
OK ecm3 Show response
s.amazon-adsystem.com/ Frame 96C8 43 B
479 B 215ms
215ms Document
image/gif 52.46.155.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://s.amazon-adsystem.com/ecm3?ex=pubmatic.com&id=PM_UIDB53FFD96-3FCD-48AE-AECE-02D31DCFA16D

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3DPM_UID

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.46.155.104 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif
Date: Tue, 12 Dec 2023 14:23:00 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Server: Server
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Vary: Content-Type,Accept-Encoding,User-Agent
x-amz-rid: JKV5PC1HFF6Y5391PHE8

GET
H2

200

user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 03B0
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=tT_9lj_NSK6uzgLTHc-hbQ%3D%3D&gdpr=0&gdpr_consent=
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=

16 KB
16 KB

3ms
2ms

Image
text/html

23.198.59.89
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3DPM_UID
Protocol: H2
Server: 23.198.59.89 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-198-59-89.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 14:22:59 GMT
content-encoding: gzip
last-modified: Thu, 16 Nov 2023 09:11:44 GMT
server: Apache
vary: Accept-Encoding
content-type: text/html
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: max-age=58743
accept-ranges: bytes
content-length: 5622
expires: Wed, 13 Dec 2023 06:42:02 GMT

Redirect headers

pragma: no-cache
date: Tue, 12 Dec 2023 14:22:59 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 301
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

receive
pixel.tapad.com/idsync/ex/ Frame 03B0
Redirect Chain

https://pixel.tapad.com/idsync/ex/receive?partner_id=3371&partner_device_id=B53FFD96-3FCD-48AE-AECE-02D31DCFA16D
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3371&partner_device_id=B53FFD96-3FCD-48AE-AECE-02D31DCFA16D
https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=10e0fb2e-34c0-4e4b-95c1-9a17e5716ff2%252C%252C&gdpr=0&gdpr_consent=
https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=97c7f663-a8ae-4388-a348-f00d2a750605&ttd_puid=10e0fb2e-34c0-4e4b-95c1-9a17e5716ff2%2C%2C

95 B
124 B

138ms
138ms

Image
image/png

34.111.113.62
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=97c7f663-a8ae-4388-a348-f00d2a750605&ttd_puid=10e0fb2e-34c0-4e4b-95c1-9a17e5716ff2%2C%2C

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3DPM_UID

Protocol

Server

34.111.113.62 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

62.113.111.34.bc.googleusercontent.com

Software

Jetty(11.0.13) /

Resource Hash

3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 14:23:00 GMT
strict-transport-security: max-age=31536000
via: 1.1 google
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: Jetty(11.0.13)
content-type: image/png
access-control-allow-origin: *
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 95

Redirect headers

location: https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=97c7f663-a8ae-4388-a348-f00d2a750605&ttd_puid=10e0fb2e-34c0-4e4b-95c1-9a17e5716ff2%2C%2C
date: Tue, 12 Dec 2023 14:23:00 GMT
server: Kestrel
content-length: 359

GET
H2

200

qmap
sync.crwdcntrl.net/ Frame 03B0
Redirect Chain

https://sync.crwdcntrl.net/qmap?c=240&tp=PUBM&tpid=B53FFD96-3FCD-48AE-AECE-02D31DCFA16D&gdpr=0&gdpr_consent=
https://sync.crwdcntrl.net/qmap?c=240&tp=PUBM&tpid=B53FFD96-3FCD-48AE-AECE-02D31DCFA16D&gdpr=0&gdpr_consent=&ct=y

49 B
543 B

187ms
186ms

Image
image/gif

54.251.155.38
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.crwdcntrl.net/qmap?c=240&tp=PUBM&tpid=B53FFD96-3FCD-48AE-AECE-02D31DCFA16D&gdpr=0&gdpr_consent=&ct=y
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3DPM_UID
Protocol: H2
Server: 54.251.155.38 Singapore, Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-251-155-38.ap-southeast-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Dec 2023 14:23:00 GMT
server: Jetty(9.4.38.v20210224)
content-type: image/gif
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: *
cache-control: no-cache
x-server: 10.42.12.111
content-length: 49
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 12 Dec 2023 14:23:00 GMT
server: Jetty(9.4.38.v20210224)
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
location: https://sync.crwdcntrl.net/qmap?c=240&tp=PUBM&tpid=B53FFD96-3FCD-48AE-AECE-02D31DCFA16D&gdpr=0&gdpr_consent=&ct=y
cache-control: no-cache
x-server: 10.42.3.127
content-length: 0
expires: 0

GET
H/1.1

200
OK

info2
uipglob.semasio.net/pubmatic/1/ Frame 03B0
Redirect Chain

https://uipglob.semasio.net/pubmatic/1/info?sType=sync&sExtCookieId=B53FFD96-3FCD-48AE-AECE-02D31DCFA16D&sInitiator=external&gdpr=0&gdpr_consent=
https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=B53FFD96-3FCD-48AE-AECE-02D31DCFA16D&sInitiator=external&gdpr=0&gdpr_consent=

42 B
570 B

163ms
162ms

Image
image/gif

119.9.108.180
RACKSPACE-AP Rack...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=B53FFD96-3FCD-48AE-AECE-02D31DCFA16D&sInitiator=external&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3DPM_UID
Protocol: HTTP/1.1
Server: 119.9.108.180 , Hong Kong, ASN45187 (RACKSPACE-AP Rackspace IT Hosting AS IT Hosting Provider Hong Kong, HK),
Reverse DNS
Software: /
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Dec 2023 14:22:21 GMT
frontend-id: 0
p3p: policyref="http://uip.semasio.net/w3c/p3p.xml", CP="NOI PSAa PSDa OUR IND UNI CNT"
content-type: image/gif
uip-response-status: Ok
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length: 42
routing-server-id: 1
expires: Sat, 01 Jan 2011 12:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 12 Dec 2023 14:22:20 GMT
frontend-id: 0
p3p: policyref="http://uip.semasio.net/w3c/p3p.xml", CP="NOI PSAa PSDa OUR IND UNI CNT"
location: /pubmatic/1/info2?sType=sync&sExtCookieId=B53FFD96-3FCD-48AE-AECE-02D31DCFA16D&sInitiator=external&gdpr=0&gdpr_consent=
uip-response-status: Ok
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length: 0
routing-server-id: 1
expires: Sat, 01 Jan 2011 12:00:00 GMT

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame 03B0
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=QjUzRkZEOTYtM0ZDRC00OEFFLUFFQ0UtMDJEMzFEQ0ZBMTZE&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=

42 B
95 B

730ms
184ms

Image
image/gif

207.65.33.82
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3DPM_UID
Protocol: H2
Server: 207.65.33.82 Saint Joseph, United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Tue, 12 Dec 2023 08:59:02 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Tue, 12 Dec 2023 14:22:59 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame 03B0
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEJfXm496VJXDyraA2ISk7n0&google_cver=1

42 B
496 B

729ms
183ms

Image
image/gif

207.65.33.82
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEJfXm496VJXDyraA2ISk7n0&google_cver=1
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3DPM_UID
Protocol: H2
Server: 207.65.33.82 Saint Joseph, United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Tue, 12 Dec 2023 11:17:44 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Tue, 12 Dec 2023 14:22:59 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEJfXm496VJXDyraA2ISk7n0&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 379
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame 03B0
Redirect Chain

https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:525C936CB87B4D8E8003A94C1DA24957

42 B
401 B

184ms
180ms

Image
image/gif

207.65.33.82
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:525C936CB87B4D8E8003A94C1DA24957
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3DPM_UID
Protocol: H2
Server: 207.65.33.82 Saint Joseph, United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Tue, 12 Dec 2023 06:38:38 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

date: Tue, 12 Dec 2023 14:23:00 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:525C936CB87B4D8E8003A94C1DA24957
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Mon, 11 Dec 2023 14:23:00 GMT

GET
H2 200 B53FFD96-3FCD-48AE-AECE-02D31DCFA16D
pr-bh.ybp.yahoo.com/sync/pubmatic/ Frame 03B0 43 B
603 B 856ms
187ms Image
image/gif 54.255.162.48
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/pubmatic/B53FFD96-3FCD-48AE-AECE-02D31DCFA16D?gdpr=0&gdpr_consent=

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3DPM_UID

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.255.162.48 Singapore, Singapore, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-255-162-48.ap-southeast-1.compute.amazonaws.com

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Content-Security-Policy	sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 14:23:00 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
content-type: image/gif
content-length: 43

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 03B0
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=97c7f663-a8ae-4388-a348-f00d2a750605&gdpr=0&gdpr_consent=

42 B
542 B

832ms
180ms

Image
image/gif

67.199.150.86
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=97c7f663-a8ae-4388-a348-f00d2a750605&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3DPM_UID
Protocol: H2
Server: 67.199.150.86 Singapore, Singapore, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Tue, 12 Dec 2023 14:23:00 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=97c7f663-a8ae-4388-a348-f00d2a750605&gdpr=0&gdpr_consent=
date: Tue, 12 Dec 2023 14:22:59 GMT
server: Kestrel
content-length: 355

GET
H2 200 preload.jpg
c.bannerflow.net/accounts/framery/63b6d97abd3a31bb5822c898/published/6146278/7996655/ Frame 1E66 27 KB
27 KB 10ms
9ms Image
image/jpeg 104.17.202.110
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.bannerflow.net/accounts/framery/63b6d97abd3a31bb5822c898/published/6146278/7996655/preload.jpg
Requested by: Host: 68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com
URL: https://68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.202.110 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d8d927ccd0c0ce5c6cb2ce7e7a1330fd09ae3e5a1d743678820f4184aa6beecf

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 12 Dec 2023 14:22:59 GMT
cf-cache-status: HIT
content-md5: lfsgQDnJO5FxOlnRM1GusA==
age: 636298
content-length: 27355
x-ms-lease-status: unlocked
cf-bgj: h2pri
last-modified: Mon, 20 Nov 2023 12:32:36 GMT
server: cloudflare
etag: "0x8DBE9C4C709AB6A"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
x-ms-request-id: ed7646cd-101e-0033-3a3d-278a78000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Accept-Ranges,Content-Length,Date,Transfer-Encoding
cache-control: public,max-age=31536000,immutable
x-ms-version: 2011-08-18
accept-ranges: bytes
cf-ray: 83469f689ef4aaf0-SYD

POST
H2 200 /
c.bannerflow.net/tr/v2/pixel/ Frame 1E66 0
103 B 109ms
108ms Ping
text/plain 104.17.202.110
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://c.bannerflow.net/tr/v2/pixel/
Requested by: Host: c.bannerflow.net
URL: https://c.bannerflow.net/a/654cd2bf713fffd7c94db202?did=5d6fb28839d71e0001cd1a9f&deeplink=on&responsive=off&redirecturl=https://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DCl5Zbwmx4ZYjLM-u1msMPtcOCoAnXuPHBcsKCtJ-rEqTPm3kQASDI1vUZYKWAgICQAaABn-PizAPIAQmpAnFU_MewG7I-4AIAqAMByAMCqgTAAk_QdZTksoTxgIUgblFLCcnLx4y5KlKSJfGwUAPdyfF4C7T2f8C-GEfR15SqtuhkwvdxGq9iF2pPNk73qoNu9tR5-HrBhChEzNf8d0iw2x_ArFxumXNrC8nDv0VdwElENr_F7tAihubcGd9zsPq-FL2nir2COEkAaz20UQtSUIyuqb0H_2pkbIGe6aKr4XOk5NdtyncdYiYFyLu2wi8LyZ_CjjxZq2vU4M27sJn1y5U6FFAvMT430e1T_y_Bn2O8aiYXKKQ45ZvptrdaPSu93sJbHjRVcJYPGTeh_VdWHZ0Gr9rVbhNZtZJpC--rnFIROcq226lHtsgmCai5Tnbu0UBvU0KcnvoJPiPG1yetNKia0lBtriUiUaGRG8mno_lQGduWp875L-4lqk8PjV-sR6U7BI-GsxH3Xr6NRElyZ2Y2wATEhIG-jATgBAGIBaHY5_g-oAYRgAfJnJ0zqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAqgHyqmxAqgH66WxAtgHANIIHwiAYRABGB0yAooCOgSAQIBASL39wTpY8KiNzIyKgwOACgOYCwHICwGADAGiDBgqFgoU5LSxAu61sQK1uLECrLqxAru7sQLaDBEKCxDA56OcuefInJcBEgIBA6oNAkFVyA0B4g0TCNXcjcyMioMDFeuaZgIdtaEAlNgTDdAVAZgWAfgWAYAXAQ%26ase%3D2%26gclid%3DEAIaIQobChMIiLTAzIyKgwMV65pmAh21oQCUEAEYASAAEgKqDvD_BwE%26num%3D1%26cid%3DCAQSTwDICaaNLmA6kW6fxPD0z5m3Cf23boMj5ApznIw63mt996QF8FLHZvwMeTzGCG6vlT7xm3H6slOUZW6bnwHuyDcr4PQHOIIh1BQM3ST2k8gYAQ%26sig%3DAOD64_0a8xg11fhTWY2___LdunyAgoplig%26client%3Dca-pub-4177862836555934%26adurl%3D&cb=2131564902
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.202.110 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Tue, 12 Dec 2023 14:23:00 GMT
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 83469f68cf08aaf0-SYD
content-length: 0
request-context: appId=cid-v1:2080cc18-71b2-4e5d-992c-a3d1331a0b3e

POST
H2 200 init Show response
gw.geoedge.be/api/ Frame 1E66 0
215 B 946ms
396ms XHR
text/plain 13.35.151.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://gw.geoedge.be/api/init
Requested by: Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.151.118 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-151-118.syd1.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: *
date: Tue, 12 Dec 2023 14:23:00 GMT
via: 1.1 d0c0855de58a470001e3701ff4871f82.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD1-C1
content-length: 0
x-amz-cf-id: wZd5iHo9XaTfaW1OGWKIJPTNJxoIEkNIcB8He47skHZGezfb93SkmA==
x-cache: Miss from cloudfront

GET
H2 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 1E66 0
0 147ms
146ms Fetch
text/html 142.250.204.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/adview?ai=Caq6pwmx4ZYjLM-u1msMPtcOCoAnXuPHBcsKCtJ-rEqTPm3kQASDI1vUZYKWAgICQAaABn-PizAPIAQmpAnFU_MewG7I-4AIAqAMByAMCqgS9Ak_QdZTksoTxgIUgblFLCcnLx4y5KlKSJfGwUAPdyfF4C7T2f8C-GEfR15SqtuhkwvdxGq9iF2pPNk73qoNu9tR5-HrBhChEzNf8d0iw2x_ArFxumXNrC8nDv0VdwElENr_F7tAihubcGd9zsPq-FL2nir2COEkAaz20UQtSUIyuqb0H_2pkbIGe6aKr4XOk5NdtyncdYiYFyLu2wi8LyZ_CjjxZq2vU4M27sJn1y5U6FFAvMT430e1T_y_Bn2O8aiYXKKQ45ZvptrdaPSu93sJbHjRVcJYPGTeh_VdWHZ0Gr9rVbhNZtZJpC--rnFIROcq226lHtsgmCai5Tnbu0UBvU0KcnvoJPiPG1yetNKia0lBtriUiUeOTOltGeUdV9mXdGE7Qo0YHjUWph3G06gijLQMkNzzbRl1y4kydwATEhIG-jATgBAGIBaHY5_g-kgUECAQYAZIFBAgFGASgBhGAB8mcnTOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G9gHAPIHBBCEyhvSCB8IgGEQARgdMgKKAjoEgECAQEi9_cE6WPCojcyMioMDgAoDyAsBogwYKhYKFOS0sQLutbECtbixAqy6sQK7u7EC2gwRCgsQwOejnLnnyJyXARICAQPiDRMI1dyNzIyKgwMV65pmAh21oQCU2BMN0BUBmBYBgBcBshceChwIABIUcHViLTk1NDIxMjY0MjY5OTM3MTQYnucV&sigh=KWzukQFRksQ&uach_m=%5BUACH%5D&ase=2&nis=4&cid=CAQSTwDICaaNLmA6kW6fxPD0z5m3Cf23boMj5ApznIw63mt996QF8FLHZvwMeTzGCG6vlT7xm3H6slOUZW6bnwHuyDcr4PQHOIIh1BQM3ST2k8gYAQ&cbvp=2&vis=1

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.204.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s25-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com/
Attribution-Reporting-Eligible: event-source
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 12 Dec 2023 14:23:00 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 rum.js Show response
securepubads.g.doubleclick.net/pagead/js/ Frame 1E66 64 KB
24 KB 4ms
3ms Script
text/javascript 142.250.204.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/js/rum.js

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.204.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s25-in-f2.1e100.net

Software

cafe /

Resource Hash

61fccfdc6707e6432998da73d67d285fad858d68d59c9eb2657930772fb2cbd9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 13:39:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2582
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24502
x-xss-protection: 0
server: cafe
etag: 8172479049841164170
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Tue, 12 Dec 2023 14:39:58 GMT

GET
H2

200

skeleton.js Show response
static.adsafeprotected.com/ Frame BB09
Redirect Chain

https://fw.adsafeprotected.com/rfw/st/1703769/75569295/skeleton.js?adsafe_url=https%3A%2F%2Fwww.nytimes.com&adsafe_type=y&adsafe_url=https%3A%2F%2Fwww.nytimes.com%2F&adsafe_type=e&adsafe_url=https%...
https://static.adsafeprotected.com/skeleton.js

17 B
463 B

151ms
150ms

Script
application/javascript

18.244.214.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/skeleton.js
Requested by: Host: 68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com
URL: https://68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Server: 18.244.214.85 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-244-214-85.sfo53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: bdeed1e1c0751610c8f3dc2a5c78c93f841c366b36a7f7a54f5e6752c2656c05

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Sep 2023 02:11:42 GMT
x-amz-version-id: nylqTweorRThFHMBJSrf_fHcWx3KVKN3
via: 1.1 09a6126b061d0cdf434b3e3d2aab0c6c.cloudfront.net (CloudFront)
x-amz-cf-pop: SFO53-P4
age: 7906279
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 17
last-modified: Mon, 17 Aug 2020 23:54:35 GMT
server: AmazonS3
etag: "53fab767ecbd3bf07990b10246befbd4"
content-type: application/javascript
cache-control: max-age=315360000
accept-ranges: bytes
x-amz-cf-id: KaCW0_2CPrJJ9xaii18hdok8YCX7mpSJFfeW4b1zXRQPCAzRBvBsCQ==

Redirect headers

pragma: no-cache
date: Tue, 12 Dec 2023 14:23:00 GMT
server: nginx
x-server-name: app01.au.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/skeleton.js
cache-control: no-cache
content-length: 0

GET
H2 200 sca.17.6.2.js Show response
static.adsafeprotected.com/ Frame 6845 91 KB
92 KB 168ms
167ms Script
application/javascript 18.244.214.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.6.2.js
Requested by: Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.244.214.85 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-244-214-85.sfo53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 10 Mar 2023 09:26:44 GMT
x-amz-version-id: go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
via: 1.1 09a6126b061d0cdf434b3e3d2aab0c6c.cloudfront.net (CloudFront)
x-amz-cf-pop: SFO53-P4
age: 23950577
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 93606
last-modified: Tue, 20 Sep 2022 19:21:34 GMT
server: AmazonS3
etag: "1f3488247c90bb5de253d3d0cb3b7458"
content-type: application/javascript
cache-control: max-age=315360000
accept-ranges: bytes
x-amz-cf-id: KZrztRJg7Cm6bYh1E1W5OCrKbCQ3o9GM_tpmSy7ylf6yBXWC0VYPYA==

GET
H2 200 dt
dt.adsafeprotected.com/ Frame BB09 43 B
216 B 758ms
153ms Image
image/gif 54.218.45.54
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1703769&asId=26213381-5893-e5a2-429b-39bd1f7ebc43&tv=%7Bc:wCJr4x,pingTime:-3,time:1089,type:v,clog:%5B%7Bpiv:0,vs:o,r:r,w:970,h:250,t:1058%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:1089,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:1058,wc:0.0.1600.1200,ac:NaN.NaN.970.250,am:sp,cc:0.0.970.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B104~0%5D,as:%5B104~970.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tYeD3Ag+11%7C12%7C1311%7C13121%7C13122%7C1313%7C1314%7C1315%7C1316%7C1317%7C1411%7C15*.1703769-75569295%7C151%7C152%7C153%7C16,idMap:15*,rmeas:1,rend:0,renddet:DIV,siq:1060%7D&br=c
Requested by: Host: 68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com
URL: https://68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.218.45.54 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-218-45-54.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Dec 2023 14:23:00 GMT
server: nginx
x-server-name: dt13.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame BB09 43 B
215 B 757ms
155ms Image
image/gif 54.218.45.54
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1703769&asId=26213381-5893-e5a2-429b-39bd1f7ebc43&tv=%7Bc:wCJr4y,pingTime:-6,time:1090,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:1090,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:1058,wc:0.0.1600.1200,ac:NaN.NaN.970.250,am:sp,cc:0.0.970.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B105~0%5D,as:%5B105~970.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tYeD3Ag+11%7C12%7C1311%7C13121%7C13122%7C1313%7C1314%7C1315%7C1316%7C1317%7C1411%7C15*.1703769-75569295%7C151%7C152%7C153%7C16,idMap:15*,rmeas:1,rend:0,renddet:DIV,siq:1060%7D&tpiLookup=ao:www.nytimes.com*&br=c
Requested by: Host: 68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com
URL: https://68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.218.45.54 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-218-45-54.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Dec 2023 14:23:00 GMT
server: nginx
x-server-name: dt12.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame BB09 43 B
215 B 751ms
154ms Image
image/gif 54.218.45.54
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1703769&asId=26213381-5893-e5a2-429b-39bd1f7ebc43&tv=%7Bc:wCJr4F,pingTime:-2,time:1097,type:a,im:%7Bsf:0,pom:1,prf:%7BbdA:93,bdZ:115,beA:134,beZ:139,mfA:1114,cmA:1115,inA:1115,inZ:1121,prA:1122,prZ:1187,si:1193,poA:1195,poZ:1211,cmZ:1211,mfZ:1211,loA:1224,loZ:1226,ltA:1230,ltZ:1230,mdA:140,mdZ:1095%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:970.250,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:970,h:250,t:1058%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:1097,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:1058,wc:0.0.1600.1200,ac:NaN.NaN.970.250,am:sp,cc:0.0.970.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B112~0%5D,as:%5B112~970.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tYeD3Ag+11%7C12%7C1311%7C13121%7C13122%7C1313%7C1314%7C1315%7C1316%7C1317%7C1411%7C15*.1703769-75569295%7C151%7C152%7C153%7C16,idMap:15*,pd:0YtC.internal-nacl-plugin,rmeas:1,rend:0,renddet:DIV,siq:1060,sinceFw:35,readyFired:true%7D&br=c
Requested by: Host: 68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com
URL: https://68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.218.45.54 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-218-45-54.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Dec 2023 14:23:00 GMT
server: nginx
x-server-name: dt14.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

OPTIONS
H2 204 adview
securepubads.g.doubleclick.net/pagead/ Frame 0
0 839ms
138ms Preflight
text/html 142.250.204.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.204.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s25-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 12 Dec 2023 14:23:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 createjs_2019.11.15_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 8221 236 KB
63 KB 173ms
173ms Script
text/javascript 142.250.204.6
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/createjs_2019.11.15_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10992030431410607268/index.html?ev=01_250

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.204.6 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s25-in-f6.1e100.net

Software

sffe /

Resource Hash

bc12347103da4da2ac30f8b4defd567679284e0bad691a54fad78ad804fc9c27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10992030431410607268/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 14:23:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 64275
x-xss-protection: 0
last-modified: Fri, 15 Nov 2019 19:16:20 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 12 Dec 2023 14:23:00 GMT

POST
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1E66 0
56 B 139ms
139ms Ping
image/gif 142.250.66.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=urind

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.66.226 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s15-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 12 Dec 2023 14:23:00 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame 1E66 0
225 B 876ms
191ms Ping
image/gif 64.233.185.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&puid=1~lq2fmvfw&e=21068133&ctx=2&qqid=CIi0wMyMioMDFeuaZgIdtaEAlA&met.4=fb.1n~lb.2f~ol.ii~idt.86~dt.-14u&met.3=492.1q_1~113.va_5~112.v9_6&met.1=1.lq2fmuko~6.0~7.0~8.0~9.0~10.0~12.2~13.4~14.5~15.h~16.y~17.y~18.y~19.1g~20.1h~21.1t&met.7=CBsQCBgBKAEwBjhCaAJwBXiJF4AB3RSIAZIwsAEBuAED~CBsQCiAiOAk~CBsQCiBAOMoD~CAoQChgBIEAoQDBMOAxoQ3BKeOdygAG7cIgBzqACsAEBuAED~CB4QChgBIEAoQDBJOAloQ3BIeIAMgAHUCYgBgRWwAQG4AQM~CBwQChgBIEEoQTBIOAdoQ3BHeKdFgAH7QogBsqIBsAEBuAED~CCoQChgBIEEoQTCKBDjKA2hDcJEDePqBBIABzv8DiAGD1gywAQG4AQM~CAkQChgBIEEoQTBKOAloQ3BJeJJLgAHmSIgBtbwBsAEBuAED~CBsQBiCWBDgL~CBsQASCxBDht~CCgQChgBIJoFKJoFMKEFOAdomwVwnwV44sEBgAG2vwGIAaaBBLABAbgBAw
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 64.233.185.94 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: yb-in-f94.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Dec 2023 14:23:01 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame BB09 43 B
215 B 285ms
156ms Image
image/gif 54.218.45.54
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1703769&asId=26213381-5893-e5a2-429b-39bd1f7ebc43&tv=%7Bc:wCJrcc,time:1564,type:e,im:%7Bimprf:%7Bttecl:1580,ecd:476,tsecr:3%7D%7D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:1564,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:1058,wc:0.0.1600.1200,ac:NaN.NaN.970.250,am:sp,cc:0.0.970.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B580~0%5D,as:%5B580~970.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tYeD3Ag+11%7C12%7C1311%7C13121%7C13122%7C1313%7C1314%7C1315%7C1316%7C1317%7C1411%7C15*.1703769-75569295%7C151%7C152%7C153%7C16,idMap:15*,rmeas:1,rend:0,renddet:svg.us,siq:1060,sis:1539%7D&br=c
Requested by: Host: 68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com
URL: https://68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.218.45.54 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-218-45-54.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Dec 2023 14:23:00 GMT
server: nginx
x-server-name: dt15.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 BG_970x250.jpg
s0.2mdn.net/sadbundle/10992030431410607268/ Frame 8221 89 KB
90 KB 4ms
1ms Image
image/jpeg 142.250.204.6
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/10992030431410607268/BG_970x250.jpg

Requested by

Host: 68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com
URL: https://68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.204.6 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s25-in-f6.1e100.net

Software

sffe /

Resource Hash

ce172f7a06f833a8a832bd30b436c5dd43f76f737177f2c737756aa300abd5da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10992030431410607268/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 03:41:11 GMT
x-content-type-options: nosniff
age: 384109
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 91611
x-xss-protection: 0
last-modified: Fri, 06 Oct 2023 12:17:53 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 07 Dec 2024 03:41:11 GMT

GET
H2 200 view
ad.doubleclick.net/pcs/ Frame BB09 0
0 143ms
141ms Fetch
image/gif 142.250.204.6
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/pcs/view?xai=AKAOjsvbft7G5Pyppdle2CDJe0dplKI5YaBQtKjPISpCa-XpCB2qJi19CKDxZDsv1foSRuZnC-jvg6k672lJp4HR20vTcBYp-0_0Fa6BnRg43pFGxG7QFMKS7PVKFumZ4YmAWufvIebBl_mqwASWioP_Jon58XUbTHkY_H--ac2w1Oyd7WfB61cYXUrMK1vmet0B0Wv65CPr9oK1xDZQ-m90Xu-zlp2q7wxIDqecdcKSRe4PdBJ6TBMuWruM20snT6XTLoOzdtiPbyJYLIvRG60brnPq3gaFqKKXDSktoaFz_Rww1LkxlsMkXO-_fRgjFdBrtfRh-kSmpCShS4uYRIMKWouRuCaBrtPv0Rtq2EPBJlGtYDAwWWhIlcyV4ZuR-kdGy4jGq2Sk9rhsAzqnRekqSM8pUP9eZQMNE5BjONbcTGmfR96-WvqV4TDCXBYKF_v0-IXIve4b4Y7EnzvWc6m8uI9Mr-x6f0hwz7S5MdAWtVhA3_jV3VzzOIijMBx4v7V3dVIe2Ll-85DxfpJubLf8LlJNCScRWi5jo_T2IAPpkfC41cq65ms40lo6SAMM8Yw5nvE6ZzZAAXtHMWXWMIeP7MIFEBDdqxQ-xoKKhsqIC6U16qR-PSRSd1ZaOg5SNyjbNSACinOMimhk72-_bQV-_Qsfr0G1KC0MbSOVNJ85E9S6Or5CJQ5EU0KL5_m9XJr_G7z4DMEH6q0ojdxxjPGQDHqvvjxAA2-y5R20gbL_KC9QgP2JAAHmztZQspXhcrlRGmm6m5vfXLsrPHftcscJ-bY6TOIIO7LUVq41S9UlCDrbBlj-U7qHk9uO_UfqVHp1gKgOQkNyzBHoMizTXRJ69NAew-Xo5bM0AqrwT4v8Q2GJcQb1uwQMzWVpn9fx-O2SF8Tvh-PoJ7eNIeFUescQSZcymmz86CmfVIBxjGT35SJmw08jdeXaFsQWhgejuDMmqjVY1EGxOJ_BVcIC4izOYOkdlPsxHx3H5MG_9lzJsqDyxn_J3IdWq49VQVl38cYvYOPdCNKd9Nu0E1SShY-LNghFIaYR2aEHMmOrAtScD8c2bl9Os1B9kLZAUQcLMsz_i_kCsZcNeBGon8POzP20MtDVivYuzNWvkuG2McdEHEmhIL0u3YMU4Ne-DS4o78wiEogbvUIUpBlm0lQ-wm8l2h91yFKOEpObxu8W-Y5KSOWmqigJpcEYmdInYn5XiIhdRPAwB686Xof5LlhnoPF4oNHW-mfADo0ChidBop2ZLsmDlL0ybPbfnhinGz-bBES8RZl-KH1HgeTPyUE4oNGt364-I1bL4n6dXt-VkgUPSL6CZYzo8NCfzTm9NcubjGs1hG2-26XRVktnbQSoMl-c_kCDnqEyVZ3gX3ITMhwdayqMGyXfOEMuPn1cbbRiBPTJUaEcdm3Q9BkRjlYt6LuvafUmXygmSpYRyAuA7SNrVZOi2u74Y_CEvAQQryxbtKHPWEMn8bXNro_bBg0_3XpykYus6O7BEX4R-8UDjuvZtuzb9pdHCW52GFKmxWyMTxQWfwUHwg&sai=AMfl-YQTETCjFEHHgiXaXuFy6XEm0O0UZQl-eXSGB6Q_X4QaAP7Ms8a19hAlwyuZghw9ZZnzOXuqRyyxHLwgtNTfAa_h_TC83fQvMGOH7Mc7jd16Z1zOQnmOglq3Tw_VBJyAnYCQnwksSfB3CuXFHUgvX9DoMmaq3a_h3SbHO6K6A4pBHLF8qylh3gWF0cI2ZOgdwo9EDh2VEHlQThYOjZ9IfnGfI6KXc55ud3puzHRWWdAF2G2VILmLf4QmVXDLO6hFwQOqmWN3UzpOALC42gV5WTkaopH1Lq5glxiywlfx1xe4R1sFcQnDGf6E-Pt5OKk_2wygSx3YYE0pAH6YUOXNsSB8ZsfJ67wWzqxIuwzIaJvOpatMNMcR53leCSFp0cwwgERN7fbJEky9mYmnpODGqzTmENp2W7sNUwJ5TXcYDRR7UIw6YEmF3lmskWPoeARqdMbvh0mpQw63eDAWZLgJFbwyL8Y9bKopcXbeoLyw4ZIfbdYh4pTu11DRlLh31vtqKWTPrCEO3KiR1A&sig=Cg0ArKJSzHQ97qyNdUuLEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&crd=aHR0cHM6Ly9sYW5kcm92ZXIuY29tLmF1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=1621&vt=11&dtpt=1171&dett=3&cstd=442&cisv=r20231207.55454&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.204.6 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s25-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 14:23:00 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame BB09 42 B
404 B 855ms
141ms Fetch
image/gif 142.250.66.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuXVwyCgPc8pzetXfF3Ya6sl_Ky6CpprD5b_9O1dzj2aO4_378DAa4vvn_dqLuGq--9zhWxtIM9mOYyQMoxbLMj6whMcXmOxjAcSxHyXafStcdwzTiPWPXNJ6rq3TvfFl_b8QSDtrkpqavK7t6BfFGTOTY6&sai=AMfl-YTPcj549E47sf3ZyEV6phdPI2Q2fntP7Utj1dgDz5-Dk-LbuQ0JbHeTFpDi0gtf5YlgdH1LSVpfQ9pmWmyKoCnJuT7vg4wZ9BzBDvA6wo8BFeLQnKHiDXw9O-tR6cyPxGgOjFqRGAXsaA1Fg3mHwg&sig=Cg0ArKJSzI6RTamowa4qEAE&cid=CAQSTwDICaaNRUAx1wO95MgsDWpvPo_lHcsgM928HB4atwBn8GJoB6fLQyeCQY90sNLTJ3zL5krVvidbSKIJ9r9JQc75c-stbuChUd36pwvg-gQYAQ&id=lidar2&mcvt=1000&p=75,315,325,1285&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20231211&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=845365794&rs=4&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1702390978998&rpt=735&isd=0&lsd=0&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.66.226 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s15-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Dec 2023 14:23:01 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame BB09 43 B
215 B 291ms
290ms Image
image/gif 54.218.45.54
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1703769&asId=26213381-5893-e5a2-429b-39bd1f7ebc43&tv=%7Bc:wCJreq,pingTime:-10,time:1702,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwtNDgwfHxNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTIwLjAuNjA5OS43MSBTYWZhcmkvNTM3LjM2fHwxfHwxfHxHb29nbGUgSW5jLnx8bg--,ch:n,fsc:17.6.2v222222220002222202222222220222222222202222222220222202000022000220222222220000222202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022220000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200022002220222202,asp:1702390980834%7C%7C51a20b3b9e278b718f3cbab9863117d3%7C%7C81fa84b75a8024ba76b34e57df459f31%7C%7C0eb86eca806fb9e14d383b649bf99736%7C%7Ccabf688d698228563cc1fb7c54f3bdcf%7C%7Caaa536c14ec6efbcdfa7584909ba3428%7C%7C28ca383174ed4d6c2e518a06ac4dcaf1%7C%7C2ecbd45559953fbd0cf906078db3c5f4%7C%7C1663701684%7D
Requested by: Host: 68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com
URL: https://68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.218.45.54 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-218-45-54.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Dec 2023 14:23:00 GMT
server: nginx
x-server-name: dt05.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame 7A11
Redirect Chain

https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=a9us&khaos=LQ2FMTGL-25-4S9A
https://s.amazon-adsystem.com/ecm3?id=LQ2FMTGL-25-4S9A&ex=d-rubiconproject.com&status=ok

43 B
479 B

216ms
216ms

Image
image/gif

52.46.155.104
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?id=LQ2FMTGL-25-4S9A&ex=d-rubiconproject.com&status=ok

Requested by

Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-index_pm-db5_rbd_n-vmg_n-MediaNet_ox-db5_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3

Protocol

HTTP/1.1

Server

52.46.155.104 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 12 Dec 2023 14:23:01 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: Z97P798YH72KKN9S11DP
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://s.amazon-adsystem.com/ecm3?id=LQ2FMTGL-25-4S9A&ex=d-rubiconproject.com&status=ok
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 0190a17a18f2299b1b85aeb1793e601c
Expires: 0

GET
H2 200 document.000000D8CDFA9C.js Show response
c.bannerflow.net/accounts/framery/63b6d97abd3a31bb5822c898/published/6146278/7996655/ Frame 1E66 21 KB
4 KB 11ms
10ms Script
application/javascript 104.17.202.110
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://c.bannerflow.net/accounts/framery/63b6d97abd3a31bb5822c898/published/6146278/7996655/document.000000D8CDFA9C.js
Requested by: Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.202.110 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2be9d3bae1b55648cdae07cb404809af051504c0f822ba0f89802d3c005ebd9e

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 12 Dec 2023 14:23:00 GMT
content-encoding: br
cf-cache-status: HIT
content-md5: 3CHfNwdraat2J10d+AooyQ==
age: 619504
cf-polished: origSize=23687
x-ms-lease-status: unlocked
cf-bgj: minify
last-modified: Mon, 20 Nov 2023 12:32:38 GMT
server: cloudflare
etag: W/"0x8DBE9C4C850C15A"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 99bcf536-a01e-0036-3c64-2758a3000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Accept-Ranges,Content-Length,Date,Transfer-Encoding
cache-control: public,max-age=31536000,immutable
x-ms-version: 2011-08-18
cf-ray: 83469f6edad8aaf0-SYD

GET
H2 200 animated-creative.381532d5d5de3962867f.js Show response
c.bannerflow.net/scripts/ Frame 1E66 156 KB
53 KB 14ms
13ms Script
application/javascript 104.17.202.110
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://c.bannerflow.net/scripts/animated-creative.381532d5d5de3962867f.js
Requested by: Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.202.110 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3399b722acf372fe61a7af76de270e97601a4a055f90f866d3cf66d1037964ba

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 12 Dec 2023 14:23:00 GMT
content-encoding: br
cf-cache-status: HIT
content-md5: 7/+J+TpFL/6K7/yG6MNwEg==
age: 1029123
cf-polished: origSize=159955
x-ms-lease-status: unlocked
cf-bgj: minify
last-modified: Tue, 14 Nov 2023 09:16:12 GMT
server: cloudflare
etag: W/"0x8DBE4F258FA183A"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: e7eb5d34-801e-0021-53aa-23f1a8000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Accept-Ranges,Content-Length,Date,Transfer-Encoding
cache-control: public,max-age=31536000,immutable
x-ms-version: 2011-08-18
cf-ray: 83469f6edad9aaf0-SYD

GET
H2

200

setuid
px.ads.linkedin.com/ Frame 7A11
Redirect Chain

https://token.rubiconproject.com/token?pid=36584
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LQ2FMTGL-25-4S9A

0
729 B

1188ms
726ms

Image
text/plain

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LQ2FMTGL-25-4S9A
Requested by: Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-index_pm-db5_rbd_n-vmg_n-MediaNet_ox-db5_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 14:23:01 GMT
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 5E1139B49D2F4FA9A91E434D71F55AD9 Ref B: SYD03EDGE1520 Ref C: 2023-12-12T14:23:01Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
x-li-fabric: prod-ltx1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYMUMnEKMtrw/i7SISBsQ==

Redirect headers

Location: https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LQ2FMTGL-25-4S9A
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: c80248407eff6cf595ce43a76c04e23f
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

tap.php
pixel.rubiconproject.com/ Frame 7A11
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEJRlMf5yoiXktxYqTW1XmW4&google_cver=1

42 B
844 B

449ms
182ms

Image
image/gif

69.173.158.64
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEJRlMf5yoiXktxYqTW1XmW4&google_cver=1
Requested by: Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-index_pm-db5_rbd_n-vmg_n-MediaNet_ox-db5_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3
Protocol: HTTP/1.1
Server: 69.173.158.64 Singapore, Singapore, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 42
X-RPHost: 0ed95c36ed1932be3ba76fc523a6e179
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

pragma: no-cache
date: Tue, 12 Dec 2023 14:23:01 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEJRlMf5yoiXktxYqTW1XmW4&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 326
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 7A11
Redirect Chain

https://token.rubiconproject.com/token?pid=2249&pt=n
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=NmE0ODM5NTczMGMyOWE0ZDhiNThhNzU5MzIzM2JjMDNkZDdjNWZiNg

170 B
188 B

99ms
98ms

Image
image/png

142.251.221.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=NmE0ODM5NTczMGMyOWE0ZDhiNThhNzU5MzIzM2JjMDNkZDdjNWZiNg

Requested by

Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-index_pm-db5_rbd_n-vmg_n-MediaNet_ox-db5_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3

Protocol

Server

142.251.221.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s31-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Dec 2023 14:23:01 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=NmE0ODM5NTczMGMyOWE0ZDhiNThhNzU5MzIzM2JjMDNkZDdjNWZiNg
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: d264e84c9dc1a645a3048554992c5d82
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

tap.php
pixel.rubiconproject.com/ Frame 7A11
Redirect Chain

https://match.adsrvr.org/track/cmf/rubicon
https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=97c7f663-a8ae-4388-a348-f00d2a750605&gdpr=0&gdpr_consent=&expires=30

42 B
844 B

359ms
181ms

Image
image/gif

69.173.158.64
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=97c7f663-a8ae-4388-a348-f00d2a750605&gdpr=0&gdpr_consent=&expires=30
Requested by: Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-index_pm-db5_rbd_n-vmg_n-MediaNet_ox-db5_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3
Protocol: HTTP/1.1
Server: 69.173.158.64 Singapore, Singapore, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 42
X-RPHost: 6690dc791bf02dde8c4051a04cfd7bb8
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

location: https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=97c7f663-a8ae-4388-a348-f00d2a750605&gdpr=0&gdpr_consent=&expires=30
date: Tue, 12 Dec 2023 14:23:00 GMT
server: Kestrel
content-length: 289

GET
H/1.1 200
OK dcm
aax-eu.amazon-adsystem.com/s/ Frame 7A11 43 B
855 B 1021ms
366ms Image
image/gif 52.94.223.167
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=

Requested by

Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-index_pm-db5_rbd_n-vmg_n-MediaNet_ox-db5_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.94.223.167 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 12 Dec 2023 14:23:01 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: D8XP9A9MGFAZQCH2ZBY5
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: image/gif
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 7A11
Redirect Chain

https://token.rubiconproject.com/token?pid=25470
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_cm&google_hm=TFEyRk1UR0wtMjUtNFM5QQ==
https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEH-gn0mRFqJuxcdchhvDYrQ&google_cver=1
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TFEyRk1UR0wtMjUtNFM5QQ==&google_push=

170 B
188 B

100ms
100ms

Image
image/png

142.251.221.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TFEyRk1UR0wtMjUtNFM5QQ==&google_push=

Requested by

Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-index_pm-db5_rbd_n-vmg_n-MediaNet_ox-db5_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3

Protocol

Server

142.251.221.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s31-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Dec 2023 14:23:01 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TFEyRk1UR0wtMjUtNFM5QQ==&google_push=
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 4b9b5fe4fdc8ed94e0f7cdc225df187a
Expires: 0

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame 7A11
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=a9us
https://s.amazon-adsystem.com/ecm3?id=LQ2FMTGL-25-4S9A&ex=d-rubiconproject.com&status=ok

43 B
479 B

217ms
216ms

Image
image/gif

52.46.155.104
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?id=LQ2FMTGL-25-4S9A&ex=d-rubiconproject.com&status=ok

Requested by

Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-index_pm-db5_rbd_n-vmg_n-MediaNet_ox-db5_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3

Protocol

HTTP/1.1

Server

52.46.155.104 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 12 Dec 2023 14:23:01 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: 96BERA20J4RY3GE8VTVC
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://s.amazon-adsystem.com/ecm3?id=LQ2FMTGL-25-4S9A&ex=d-rubiconproject.com&status=ok
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: dedf7fc216a5bbc739a54325e875a79f
Expires: 0

GET
H/1.1

200
OK

tap.php
pixel.rubiconproject.com/ Frame 7A11
Redirect Chain

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1
https://pr-bh.ybp.yahoo.com/sync/rubicon/Giz9XuHk56iu8ZB8g8LNYsn5EUdSAgOZEtemQ7w0kco?csrc=
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-VtFmjCpE2oIjAuB37D25dmGGbKDfoDmTg3GIcA--~A

42 B
844 B

184ms
183ms

Image
image/gif

69.173.158.64
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-VtFmjCpE2oIjAuB37D25dmGGbKDfoDmTg3GIcA--~A
Requested by: Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-index_pm-db5_rbd_n-vmg_n-MediaNet_ox-db5_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3
Protocol: HTTP/1.1
Server: 69.173.158.64 Singapore, Singapore, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 42
X-RPHost: 4b9b5fe4fdc8ed94e0f7cdc225df187a
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

date: Tue, 12 Dec 2023 14:23:01 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-VtFmjCpE2oIjAuB37D25dmGGbKDfoDmTg3GIcA--~A
content-length: 0

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame 7A11
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=KmHtP3QGShmiaFIp4M_kOg&rk=usync-na
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=KmHtP3QGShmiaFIp4M_kOg

43 B
479 B

224ms
223ms

Image
image/gif

52.46.155.104
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=KmHtP3QGShmiaFIp4M_kOg

Requested by

Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-index_pm-db5_rbd_n-vmg_n-MediaNet_ox-db5_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3

Protocol

HTTP/1.1

Server

52.46.155.104 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 12 Dec 2023 14:23:01 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: DTDRN79V11H650A9YMFW
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location: https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=KmHtP3QGShmiaFIp4M_kOg
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 0ed95c36ed1932be3ba76fc523a6e179
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

tap.php
pixel.rubiconproject.com/ Frame 7A11
Redirect Chain

https://match.prod.bidr.io/cookie-sync/rp?bee_sync_partners=rp
https://match.prod.bidr.io/cookie-sync/rp?bee_sync_partners=rp&_bee_ppp=1
https://pixel.rubiconproject.com/tap.php?v=183462&nid=4114&put=AAAlr07K8NoAABRNEyjRQw&expires=30

42 B
844 B

313ms
183ms

Image
image/gif

69.173.158.64
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=183462&nid=4114&put=AAAlr07K8NoAABRNEyjRQw&expires=30
Requested by: Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-index_pm-db5_rbd_n-vmg_n-MediaNet_ox-db5_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3
Protocol: HTTP/1.1
Server: 69.173.158.64 Singapore, Singapore, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 42
X-RPHost: 6690dc791bf02dde8c4051a04cfd7bb8
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

location: https://pixel.rubiconproject.com/tap.php?v=183462&nid=4114&put=AAAlr07K8NoAABRNEyjRQw&expires=30
Date: Tue, 12 Dec 2023 14:23:01 GMT
strict-transport-security: max-age=2592000; includeSubDomains
Server: gunicorn
Connection: keep-alive
Content-Length: 0

GET
H/1.1

200
OK

tap.php
pixel.rubiconproject.com/ Frame 7A11
Redirect Chain

https://sync.ipredictive.com/d/sync/cookie/generic?https://pixel.rubiconproject.com/tap.php?v=17149&nid=2861&put=${ADELPHIC_CUID}&expires=30
https://pixel.rubiconproject.com/tap.php?v=17149&nid=2861&put=65102b74-5207-4d0a-92d0-2a3a405f5420&expires=30

42 B
844 B

183ms
183ms

Image
image/gif

69.173.158.64
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=17149&nid=2861&put=65102b74-5207-4d0a-92d0-2a3a405f5420&expires=30
Requested by: Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-index_pm-db5_rbd_n-vmg_n-MediaNet_ox-db5_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3
Protocol: HTTP/1.1
Server: 69.173.158.64 Singapore, Singapore, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 42
X-RPHost: 548ddf114c6f6bfbb66a4cdeb6a219f4
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

Location: https://pixel.rubiconproject.com/tap.php?v=17149&nid=2861&put=65102b74-5207-4d0a-92d0-2a3a405f5420&expires=30
Date: Tue, 12 Dec 2023 14:23:02 GMT
Connection: keep-alive
X-CI-RTID: 30f95cf7-d8fd-45f2-97d2-95eab97c6c44
Content-Length: 144
Content-Type: text/html; charset=utf-8

GET
H2

200

setuid
ib.adnxs.com/prebid/ Frame 7A11
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=pbs-apn
https://ib.adnxs.com/prebid/setuid?bidder=rubicon&uid=LQ2FMTGL-25-4S9A

43 B
1 KB

181ms
180ms

Image
image/gif

103.43.89.4
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/prebid/setuid?bidder=rubicon&uid=LQ2FMTGL-25-4S9A

Requested by

Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-index_pm-db5_rbd_n-vmg_n-MediaNet_ox-db5_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3

Protocol

Server

103.43.89.4 Singapore, Singapore, ASN29990 (ASN-APPNEX, US),

Reverse DNS

839.bm-nginx-loadbalancer.mgmt.sin3.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Dec 2023 14:23:01 GMT
an-x-request-uuid: 8df0322f-9745-495e-b7c8-1b69b43a9e22
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 66.203.112.165; 66.203.112.165; 839.bm-nginx-loadbalancer.mgmt.sin3.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://ib.adnxs.com/prebid/setuid?bidder=rubicon&uid=LQ2FMTGL-25-4S9A
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: d264e84c9dc1a645a3048554992c5d82
Expires: 0

GET
H2

200

cksync
hb.yahoo.net/ Frame 7A11
Redirect Chain

https://token.rubiconproject.com/token?pid=26594
https://ups.analytics.yahoo.com/ups/58160/sync?_origin=1&uid=LQ2FMTGL-25-4S9A&redir=true
https://ups.analytics.yahoo.com/ups/58824/sync?_origin=0&dpid=58160&ovsid=LQ2FMTGL-25-4S9A&redir=true
https://hb.yahoo.net/cksync?cs=63&axid_e=eS0xdzZObzZCRTJ1RTdmUklZaS5ESHFUWHh2Y2M3VWNTLn5B&ovsid=LQ2FMTGL-25-4S9A&dpid=58160

57 B
484 B

21ms
20ms

Image
image/gif

23.206.242.194
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://hb.yahoo.net/cksync?cs=63&axid_e=eS0xdzZObzZCRTJ1RTdmUklZaS5ESHFUWHh2Y2M3VWNTLn5B&ovsid=LQ2FMTGL-25-4S9A&dpid=58160

Requested by

Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-index_pm-db5_rbd_n-vmg_n-MediaNet_ox-db5_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3

Protocol

Server

23.206.242.194 Sydney, Australia, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-206-242-194.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

ed079d77ba54a8e4bfc931029de75b1f5128fcae45e274d53aca95f8ab17b438

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400 ; includeSubDomains, max-age=604800

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=86400 ; includeSubDomains, max-age=604800
date: Tue, 12 Dec 2023 14:23:02 GMT
server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
content-length: 57
x-mnet-hl2: E
expires: Tue, 12 Dec 2023 14:23:02 GMT

Redirect headers

location: https://hb.yahoo.net/cksync?cs=63&axid_e=eS0xdzZObzZCRTJ1RTdmUklZaS5ESHFUWHh2Y2M3VWNTLn5B&ovsid=LQ2FMTGL-25-4S9A&dpid=58160
date: Tue, 12 Dec 2023 14:23:01 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.94
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2

200

ProfilesEngineServlet
sync1.intentiq.com/profiles_engine/ Frame 7A11
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=primis
https://live.primis.tech/live/liveCS.php?source=external&advId=100&advUuid=LQ2FMTGL-25-4S9A
https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=793790479&3rddpi=1725065545&3rdpcid=LQ2FMTGL-25-4S9A
https://sync1.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=793790479&3rddpi=1725065545&3rdpcid=LQ2FMTGL-25-4S9A&ckls=true&ci=xJvfvhhG22&nc=false&trid=-561359954

43 B
1 KB

207ms
205ms

Image
image/gif

13.35.147.46
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync1.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=793790479&3rddpi=1725065545&3rdpcid=LQ2FMTGL-25-4S9A&ckls=true&ci=xJvfvhhG22&nc=false&trid=-561359954
Requested by: Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-index_pm-db5_rbd_n-vmg_n-MediaNet_ox-db5_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3
Protocol: H2
Server: 13.35.147.46 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-147-46.syd1.r.cloudfront.net
Software: /
Resource Hash: caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Dec 2023 14:23:03 GMT
via: 1.1 3fb80f1162ff0374e396394904e92ee4.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD1-C1
x-cache: Miss from cloudfront
content-type: image/gif
p3p: CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3=":443"; ma=86400
content-length: 43
x-amz-cf-id: Pq0gKxj1UUA5fSJUHU2M9OgM7cZNWWJ9g8XCDFfXnZH1pEtKxuQH7w==
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 12 Dec 2023 14:23:03 GMT
via: 1.1 3fb80f1162ff0374e396394904e92ee4.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD1-C1
x-cache: Miss from cloudfront
p3p: CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
location: https://sync1.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=793790479&3rddpi=1725065545&3rdpcid=LQ2FMTGL-25-4S9A&ckls=true&ci=xJvfvhhG22&nc=false&trid=-561359954
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
patent: https://www.almondnet.com/ip
alt-svc: h3=":443"; ma=86400
content-length: 43
x-amz-cf-id: 4IQ7029aPKLgOrhpy-1YiyIXh-mIaNxB-oai7RXybtmVBib8RW31TA==
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

receive
pixel.tapad.com/idsync/ex/ Frame 7A11
Redirect Chain

https://token.rubiconproject.com/token?pid=37556&a=1
https://pixel.tapad.com/idsync/ex/receive?partner_id=3355&partner_device_id=LQ2FMTGL-25-4S9A

95 B
124 B

138ms
137ms

Image
image/png

34.111.113.62
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.tapad.com/idsync/ex/receive?partner_id=3355&partner_device_id=LQ2FMTGL-25-4S9A

Requested by

Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-index_pm-db5_rbd_n-vmg_n-MediaNet_ox-db5_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3

Protocol

Server

34.111.113.62 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

62.113.111.34.bc.googleusercontent.com

Software

Jetty(11.0.13) /

Resource Hash

3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 14:23:02 GMT
strict-transport-security: max-age=31536000
via: 1.1 google
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: Jetty(11.0.13)
content-type: image/png
access-control-allow-origin: *
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 95

Redirect headers

Location: https://pixel.tapad.com/idsync/ex/receive?partner_id=3355&partner_device_id=LQ2FMTGL-25-4S9A
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 4b9b5fe4fdc8ed94e0f7cdc225df187a
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2

204

magnite
prebid.a-mo.net/setuid/ Frame 7A11
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=pbs-adaptmx
https://prebid.a-mo.net/setuid/magnite?uid=LQ2FMTGL-25-4S9A

0
451 B

550ms
183ms

Image
text/plain

131.153.206.100
PHOENIXNAP-AS-SG1...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prebid.a-mo.net/setuid/magnite?uid=LQ2FMTGL-25-4S9A
Requested by: Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-index_pm-db5_rbd_n-vmg_n-MediaNet_ox-db5_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3
Protocol: H2
Server: 131.153.206.100 , United States, ASN59210 (PHOENIXNAP-AS-SG1 PhoenixNAP, SG),
Reverse DNS
Software: envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 14:23:01 GMT
cache-control: max-age=0, private, must-revalidate
x-envoy-upstream-service-time: 2
server: envoy
vary: Accept-Encoding

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://prebid.a-mo.net/setuid/magnite?uid=LQ2FMTGL-25-4S9A
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: beb52df1a5a4b2f2cb3f37642c514298
Expires: 0

POST
H2 200 stats Show response
gw.geoedge.be/api/ Frame BB09 0
216 B 208ms
207ms XHR
text/plain 13.35.151.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://gw.geoedge.be/api/stats
Requested by: Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.151.118 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-151-118.syd1.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: *
date: Tue, 12 Dec 2023 14:23:01 GMT
via: 1.1 d0c0855de58a470001e3701ff4871f82.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD1-C1
content-length: 0
x-amz-cf-id: 73-S-RZ-MIjo-1SVCr26tPM6LCPRUUhSuzY8dygNmOicBLhBIvNyRg==
x-cache: Miss from cloudfront

GET
H2 200 dt
dt.adsafeprotected.com/ Frame BB09 43 B
215 B 151ms
150ms Image
image/gif 54.218.45.54
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1703769&asId=26213381-5893-e5a2-429b-39bd1f7ebc43&tv=%7Bc:wCJrle,time:2124,type:e,im:%7Bpci:%7Btdr:1004%7D%7D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:28,o:2096,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:1058,wc:0.0.1600.1200,ac:NaN.NaN.970.250,am:sp,cc:0.0.970.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1111~0,0~100%5D,as:%5B1111~970.250%5D%7D%7D,%7Bsl:i,t:2096,wc:0.0.1600.1200,ac:NaN.NaN.970.250,am:sp,cc:0.0.970.250,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B28~100%5D,as:%5B28~970.250%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:296,fm:tYeD3Ag+11%7C12%7C1311%7C13121%7C13122%7C1313%7C1314%7C1315%7C1316%7C1317%7C1411%7C15*.1703769-75569295%7C151%7C152%7C153%7C16,idMap:15*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,siq:1060,sis:1539%7D&br=c
Requested by: Host: 68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com
URL: https://68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.218.45.54 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-218-45-54.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Dec 2023 14:23:01 GMT
server: nginx
x-server-name: dt13.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2

200

cksync.php
contextual.media.net/
Redirect Chain

https://dis.criteo.com/dis/usersync.aspx?r=115&p=226&cp=medianet&cu=1&gdpr=${GDPR}&gdpr_consent=${GDPR_CONSENT}&us_privacy=&gpp=${GPP_STRING_142}&gpp_sid=${GPP_SID}&url=https%3A%2F%2Fcontextual.med...
https://contextual.media.net/cksync.php?cs=1&type=crt&ovsid=108491ce-0083-467b-adbd-07a77e7a6bdb&gdpr=${GDPR}&gdpr_consent=${GDPR_CONSENT}&us_privacy=

57 B
618 B

45ms
34ms

Image
image/gif

23.202.170.128
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://contextual.media.net/cksync.php?cs=1&type=crt&ovsid=108491ce-0083-467b-adbd-07a77e7a6bdb&gdpr=${GDPR}&gdpr_consent=${GDPR_CONSENT}&us_privacy=

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/section/movies

Protocol

Server

23.202.170.128 Sydney, Australia, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-202-170-128.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

ed079d77ba54a8e4bfc931029de75b1f5128fcae45e274d53aca95f8ab17b438

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
date: Tue, 12 Dec 2023 14:23:01 GMT
server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
content-length: 57
x-mnet-hl2: E
expires: Tue, 12 Dec 2023 14:23:01 GMT

Redirect headers

pragma: no-cache
date: Tue, 12 Dec 2023 14:23:01 GMT
x-errorlevel: 0
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location: https://contextual.media.net/cksync.php?cs=1&type=crt&ovsid=108491ce-0083-467b-adbd-07a77e7a6bdb&gdpr=${GDPR}&gdpr_consent=${GDPR_CONSENT}&us_privacy=
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 1079592
content-length: 0
expires: Tue, 12 Dec 2023 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/
Redirect Chain

https://dsum.casalemedia.com/pbusermatch?origin=prebid&site_id=995821&p=1&i=0&gdpr=0&gdpr_consent=&us_privacy=
https://ad.turn.com/r/cs?pid=21
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=7785087708218446382

43 B
730 B

148ms
146ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=7785087708218446382
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/section/movies
Protocol: H3
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Dec 2023 14:23:02 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I5WFCS41161Yvkht19vgj3ECesRysqaC4bWcGxnRBLTgqp3bskO1o2Xr3FDgpHReCTlVnnboew7ZiDTKqXfMOAw8wurOUj04xX6DS%2FgEtU6h2ZfIj0pPpIc3tVuIKbQgd3tyTng%2FN1x8LQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 83469f758a055c07-SYD
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=7785087708218446382
pragma: no-cache
date: Tue, 12 Dec 2023 14:23:01 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

GET
H/1.1

200
OK

cksync.php
cs.media.net/
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=MEDIANET&rurl=https%3A%2F%2Fcs.media.net%2Fcksync.php%3Fcs%3D8%26type%3Ddxu%26ovsid%3D_wfivefivec_
https://pm.w55c.net/ping_match.gif?scc=1&ei=MEDIANET&rurl=https%3A%2F%2Fcs.media.net%2Fcksync.php%3Fcs%3D8%26type%3Ddxu%26ovsid%3D_wfivefivec_
https://cs.media.net/cksync.php?cs=8&type=dxu&ovsid=mTTU3yPJ1Rd3F35

53 B
631 B

49ms
49ms

Image
image/gif

23.52.225.82
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cs.media.net/cksync.php?cs=8&type=dxu&ovsid=mTTU3yPJ1Rd3F35
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/section/movies
Protocol: HTTP/1.1
Server: 23.52.225.82 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-52-225-82.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 9d96b2fe2d8d4a398a846ebee84e5e70ec37e0fc613b3e2a5aaa81b1bf2d8470

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 12 Dec 2023 14:23:02 GMT
Server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 53
x-mnet-hl2: E
Expires: Tue, 12 Dec 2023 14:23:02 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 12 Dec 2023 14:23:01 GMT
Strict-Transport-Security: max-age=2592000; includeSubDomains
Server: PingMatch/v2.0.30-795-gb641a57#rel-ec2-master i-0ad8138d56a9ec354@ap-southeast-1a@dxedge-app-ap-southeast-1-prod-asg
Location: https://cs.media.net/cksync.php?cs=8&type=dxu&ovsid=mTTU3yPJ1Rd3F35
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

xuid
eb2.3lift.com/
Redirect Chain

https://eb2.3lift.com/sync?px=1&src=prebid&
https://match.adsrvr.org/track/cmf/generic?ttd_pid=svx9t50&ttd_tpi=1&gdpr=0&gdpr_consent=
https://eb2.3lift.com/xuid?mid=3658&xuid=97c7f663-a8ae-4388-a348-f00d2a750605&dongle=0cfd&gdpr=0&gdpr_consent=

37 B
354 B

96ms
96ms

Image
image/gif

35.71.178.8
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?mid=3658&xuid=97c7f663-a8ae-4388-a348-f00d2a750605&dongle=0cfd&gdpr=0&gdpr_consent=
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/section/movies
Protocol: H2
Server: 35.71.178.8 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ade9ecc7904667038.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

content-type: image/gif
date: Tue, 12 Dec 2023 14:23:01 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 37
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location: https://eb2.3lift.com/xuid?mid=3658&xuid=97c7f663-a8ae-4388-a348-f00d2a750605&dongle=0cfd&gdpr=0&gdpr_consent=
date: Tue, 12 Dec 2023 14:23:01 GMT
server: Kestrel
content-length: 251

GET
H/1.1 200
OK cksync.php
cs.media.net/ 52 B
418 B 15ms
11ms Image
image/gif 23.52.225.82
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cs.media.net/cksync.php?cs=8
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/section/movies
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.52.225.82 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-52-225-82.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 5f20338b9aab2f5f33562eb3b0b23d999896ce426cacd2231b4123510571df4e

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 12 Dec 2023 14:23:01 GMT
Server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA"
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 52
x-mnet-hl2: E
Expires: Tue, 12 Dec 2023 14:23:01 GMT

GET
H/1.1

200
OK

cksync.php
cs.media.net/
Redirect Chain

https://medianet-match.dotomi.com/match/bounce/current?version=1&networkId=57734&gdpr=${GDPR}&gdpr_consent=${GDPR_CONSENT}&redir=https%3A%2F%2Fcs.media.net%2Fcksync.php%3Fcs%3D8%26type%3Dcon%26ovsi...
https://medianet-match.dotomi.com/match/bounce/current?DotomiTest=1867e518f41820bf&is_secure=true&version=1&networkId=57734&gdpr=%24%7BGDPR%7D&gdpr_consent=%24%7BGDPR_CONSENT%7D&redir=https%3A%2F%2...
https://cs.media.net/cksync.php?cs=8&type=con&ovsid=AAAL_TcoJe4jQgMKhUIiAAAAAAA&expiration=1702477382&is_secure=true&gdpr_consent=${GDPR_CONSENT}&gdpr=${GDPR}

53 B
643 B

33ms
32ms

Image
image/gif

23.52.225.82
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cs.media.net/cksync.php?cs=8&type=con&ovsid=AAAL_TcoJe4jQgMKhUIiAAAAAAA&expiration=1702477382&is_secure=true&gdpr_consent=${GDPR_CONSENT}&gdpr=${GDPR}
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/section/movies
Protocol: HTTP/1.1
Server: 23.52.225.82 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-52-225-82.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 9d96b2fe2d8d4a398a846ebee84e5e70ec37e0fc613b3e2a5aaa81b1bf2d8470

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 12 Dec 2023 14:23:02 GMT
Server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 53
x-mnet-hl2: E
Expires: Tue, 12 Dec 2023 14:23:02 GMT

Redirect headers

pragma: no-cache
date: Tue, 12 Dec 2023 14:23:02 GMT
server: nginx
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP NID OUR STP"
location: https://cs.media.net/cksync.php?cs=8&type=con&ovsid=AAAL_TcoJe4jQgMKhUIiAAAAAAA&expiration=1702477382&is_secure=true&gdpr_consent=${GDPR_CONSENT}&gdpr=${GDPR}
cache-control: no-cache, private, max-age=0, no-store
content-length: 0
expires: 0

GET
H2

200

SPug
image4.pubmatic.com/AdServer/
Redirect Chain

https://image8.pubmatic.com/AdServer/ImgSync?p=163427
https://ad.turn.com/r/cs?pid=1&gdpr=-1&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=4205292252947206702&gdpr=&gdpr_consent=&us_privacy=
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=&us_privacy=${US_PRIVACY}
https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=B53FFD96-3FCD-48AE-AECE-02D31DCFA16D&redir=true&gdpr=0&gdpr_consent=
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-7fbllLZE2uXQrV41VItAX0PJDkkJeXM-~A&gdpr=0

0
48 B

182ms
181ms

Image
text/plain

67.199.150.85
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-7fbllLZE2uXQrV41VItAX0PJDkkJeXM-~A&gdpr=0
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/section/movies
Protocol: H2
Server: 67.199.150.85 Singapore, Singapore, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 14:23:02 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location: https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-7fbllLZE2uXQrV41VItAX0PJDkkJeXM-~A&gdpr=0
date: Tue, 12 Dec 2023 14:23:02 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.94
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2 200 pd
nytimes-d.openx.net/w/1.0/ 43 B
114 B 112ms
106ms Image
image/gif 35.244.159.8
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nytimes-d.openx.net/w/1.0/pd
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/section/movies
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Dec 2023 14:23:01 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK sync
x.bidswitch.net/ 43 B
235 B 112ms
110ms Image
image/gif 35.213.12.39
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?ssp=medianet&gdpr=${GDPR}&gdpr_consent=${GDPR_CONSENT}&gdpr_pd=1
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/section/movies
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.213.12.39 Tokyo, Japan, ASN15169 (GOOGLE, US),
Reverse DNS: 39.12.213.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date: Tue, 12 Dec 2023 14:23:01 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
DATA 200
OK truncated
/ Frame 1E66 66 B
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b71c20271d9c80d1a71aa0ab9935281c4fa8ac404533f1a0747d7fb03fc68e79

Request headers

accept-language: en-AU,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Content-Type: image/webp

GET
BLOB 200
OK 32e1d9d9-6025-4c5b-9192-8eaf2459ee1c Show response
https://68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com/ Frame BFF4 668 B
0 Script
text/plain

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com/32e1d9d9-6025-4c5b-9192-8eaf2459ee1c
Requested by: Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi.js
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cda3c421b62828768ee2741a35bef36bcfdb1199ee3eb987269f7d1ce2dd8876

Request headers

accept-language: en-AU,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Content-Length: 668
Content-Type

GET
H2 200 font
c.bannerflow.net/fs/api/v2/ Frame 1E66 5 KB
6 KB 318ms
10ms Font
font/woff 104.17.202.110
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://c.bannerflow.net/fs/api/v2/font?u=https%3A%2F%2Ffontmanagerstorage.blob.core.windows.net%2Ffontmanagerfonts%2F63b6d8e8b41a4e150691dd6a%2F84b8bf7f-9b24-4385-92a6-ab1c056ff55d.woff&t=%20Gaeoqtu%E2%86%92
Requested by: Host: 68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com
URL: https://68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.202.110 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8908178caa6f0c4fde51b489de403b886e98c3738049f5121881b15e9d059db9

Request headers

Referer: https://68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com/
Origin: https://68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 14:23:01 GMT
cf-cache-status: HIT
last-modified: Tue, 05 Dec 2023 07:55:31 GMT
server: cloudflare
age: 628050
vary: Accept-Encoding
content-type: font/woff
access-control-allow-origin: *
cache-control: public, s-maxage=31536000, max-age=31536000, stale-if-error=86400, stale-while-revalidate=86400
content-disposition: attachment; filename=84b8bf7f-9b24-4385-92a6-ab1c056ff55d-subset.woff
cf-ray: 83469f7358dca7f5-SYD
expires: Wed, 04 Dec 2024 07:55:31 GMT

GET
H2 200 96fa84ab-1942-4385-b367-5e4511ce2f2c.svg
c.bannerflow.net/accounts/framery/63b6d97abd3a31bb5822c898/images/ Frame FFD0 2 KB
1 KB 13ms
10ms Image
image/svg+xml 104.17.202.110
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.bannerflow.net/accounts/framery/63b6d97abd3a31bb5822c898/images/96fa84ab-1942-4385-b367-5e4511ce2f2c.svg
Requested by: Host: 68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com
URL: https://68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.202.110 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1fe7c7fad29dbb17c0b81206b297b7b7c35c9eb05b00a1edada09b121e166a38

Request headers

accept-language: en-AU,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 12 Dec 2023 14:23:01 GMT
content-encoding: br
cf-cache-status: HIT
content-md5: 7SmJ0i+g283IqODg1hTYGQ==
age: 6995
x-ms-lease-status: unlocked
last-modified: Wed, 24 May 2023 11:46:08 GMT
server: cloudflare
etag: W/"0x8DB5C4C76D47C96"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: b61b7b53-f01e-0014-35c3-2c9dbc000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Accept-Ranges,Content-Length,Date,Transfer-Encoding
x-ms-version: 2011-08-18
cf-ray: 83469f73add8aaf0-SYD

GET
H2 200 optimize
c.bannerflow.net/io/api/image/ Frame FFD0 8 KB
8 KB 20ms
17ms Image
image/webp 104.17.202.110
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.bannerflow.net/io/api/image/optimize?u=https%3A%2F%2Fc.bannerflow.net%2Faccounts%2Fframery%2F63b6d97abd3a31bb5822c898%2Fimages%2F1e99b525-075e-4171-bebc-4391cc68aa3b.png&w=162&h=173&q=85&f=webp&rt=contain
Requested by: Host: 68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com
URL: https://68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.202.110 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 14513b9dd86ae005fa46e90d5cb049cd2439cb57ecb5c2b72df50d1447172f5e

Request headers

accept-language: en-AU,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 14:23:01 GMT
cf-cache-status: HIT
last-modified: Mon, 11 Dec 2023 14:54:21 GMT
api-supported-versions: 2.0
server: cloudflare
age: 84520
vary: Accept-Encoding
content-type: image/webp
cache-control: public, max-age=86400,stale-if-error=86400,stale-while-revalidate=86400
accept-ranges: bytes
cf-ray: 83469f73addeaaf0-SYD
content-length: 8196
request-context: appId=cid-v1:aa2d0cc3-fd7d-4ac0-80ca-1db03d937ce1

GET
H2 200 optimize
c.bannerflow.net/io/api/image/ Frame FFD0 11 KB
11 KB 13ms
11ms Image
image/webp 104.17.202.110
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.bannerflow.net/io/api/image/optimize?u=https%3A%2F%2Fc.bannerflow.net%2Faccounts%2Fframery%2F63b6d97abd3a31bb5822c898%2Fimages%2F46371264-b6a0-420a-8cb7-382cb4d0c3ef.jpg&w=168&h=176&q=85&f=webp&rt=cover&x1=454&y1=0&x2=2046&y2=1668
Requested by: Host: 68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com
URL: https://68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.202.110 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f96baa5f621a484608df22bb08ad90ad516c3db831e5e89442fd25ca3306b477

Request headers

accept-language: en-AU,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 14:23:01 GMT
cf-cache-status: HIT
last-modified: Mon, 11 Dec 2023 14:27:47 GMT
api-supported-versions: 2.0
server: cloudflare
age: 86114
vary: Accept-Encoding
content-type: image/webp
cache-control: public, max-age=86400,stale-if-error=86400,stale-while-revalidate=86400
accept-ranges: bytes
cf-ray: 83469f73ade2aaf0-SYD
content-length: 11556
request-context: appId=cid-v1:aa2d0cc3-fd7d-4ac0-80ca-1db03d937ce1

GET
H2 200 optimize
c.bannerflow.net/io/api/image/ Frame FFD0 8 KB
8 KB 14ms
13ms Image
image/webp 104.17.202.110
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.bannerflow.net/io/api/image/optimize?u=https%3A%2F%2Fc.bannerflow.net%2Faccounts%2Fframery%2F63b6d97abd3a31bb5822c898%2Fimages%2Fc9a60932-08d6-4823-b7a9-53b500928b17.jpg&w=162&h=173&q=85&f=webp&rt=cover&x1=56&y1=0&x2=992&y2=1000
Requested by: Host: 68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com
URL: https://68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.202.110 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f6289c6e8f30dea17a484bb92b9a0c9d3ea4fe733a24f83b63a79a37e0329463

Request headers

accept-language: en-AU,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 14:23:01 GMT
cf-cache-status: HIT
last-modified: Mon, 11 Dec 2023 14:54:21 GMT
api-supported-versions: 2.0
server: cloudflare
age: 84520
vary: Accept-Encoding
content-type: image/webp
cache-control: public, max-age=86400,stale-if-error=86400,stale-while-revalidate=86400
accept-ranges: bytes
cf-ray: 83469f73ade5aaf0-SYD
content-length: 7832
request-context: appId=cid-v1:aa2d0cc3-fd7d-4ac0-80ca-1db03d937ce1

GET
H2 200 optimize
c.bannerflow.net/io/api/image/ Frame FFD0 11 KB
11 KB 17ms
15ms Image
image/webp 104.17.202.110
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.bannerflow.net/io/api/image/optimize?u=https%3A%2F%2Fc.bannerflow.net%2Faccounts%2Fframery%2F63b6d97abd3a31bb5822c898%2Fimages%2F2f0c7338-15ff-47e0-b75e-59587146e352.jpg&w=168&h=176&q=85&f=webp&rt=cover&x1=21&y1=0&x2=879&y2=899
Requested by: Host: 68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com
URL: https://68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.202.110 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1f4331b939f323115346f3e400c9d5b4c275fdb5997e18aba79471d450730106

Request headers

accept-language: en-AU,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 14:23:01 GMT
cf-cache-status: HIT
last-modified: Mon, 11 Dec 2023 14:27:47 GMT
api-supported-versions: 2.0
server: cloudflare
age: 86114
vary: Accept-Encoding
content-type: image/webp
cache-control: public, max-age=86400,stale-if-error=86400,stale-while-revalidate=86400
accept-ranges: bytes
cf-ray: 83469f73ade7aaf0-SYD
content-length: 10794
request-context: appId=cid-v1:aa2d0cc3-fd7d-4ac0-80ca-1db03d937ce1

GET
H2 200 optimize
c.bannerflow.net/io/api/image/ Frame FFD0 5 KB
5 KB 16ms
15ms Image
image/webp 104.17.202.110
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.bannerflow.net/io/api/image/optimize?u=https%3A%2F%2Fc.bannerflow.net%2Faccounts%2Fframery%2F63b6d97abd3a31bb5822c898%2Fimages%2Fe605d849-e4ac-4ba0-88d2-81ebf7ec33bc.png&w=160&h=171&q=85&f=webp&rt=contain
Requested by: Host: 68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com
URL: https://68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.202.110 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f5cdb19b0a7d221d8c2c4787dd44d5c86b6462a23b1d42914722b52eaf9f2c14

Request headers

accept-language: en-AU,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 14:23:01 GMT
cf-cache-status: HIT
last-modified: Mon, 11 Dec 2023 14:54:21 GMT
api-supported-versions: 2.0
server: cloudflare
age: 84520
vary: Accept-Encoding
content-type: image/webp
cache-control: public, max-age=86400,stale-if-error=86400,stale-while-revalidate=86400
accept-ranges: bytes
cf-ray: 83469f73adeaaaf0-SYD
content-length: 4954
request-context: appId=cid-v1:aa2d0cc3-fd7d-4ac0-80ca-1db03d937ce1

GET
H2 200 optimize
c.bannerflow.net/io/api/image/ Frame FFD0 6 KB
6 KB 17ms
16ms Image
image/webp 104.17.202.110
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.bannerflow.net/io/api/image/optimize?u=https%3A%2F%2Fc.bannerflow.net%2Faccounts%2Fframery%2F63b6d97abd3a31bb5822c898%2Fimages%2F7e115cf5-3a16-4805-a6dd-a03a26283d9f.png&w=160&h=171&q=85&f=webp&rt=contain
Requested by: Host: 68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com
URL: https://68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.202.110 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 667520e658dbf05ac06b081b39507d1bd2d00ac79521847f631738b0094ebb03

Request headers

accept-language: en-AU,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 14:23:01 GMT
cf-cache-status: HIT
last-modified: Mon, 11 Dec 2023 14:27:47 GMT
api-supported-versions: 2.0
server: cloudflare
age: 86114
vary: Accept-Encoding
content-type: image/webp
cache-control: public, max-age=86400,stale-if-error=86400,stale-while-revalidate=86400
accept-ranges: bytes
cf-ray: 83469f73adebaaf0-SYD
content-length: 6094
request-context: appId=cid-v1:aa2d0cc3-fd7d-4ac0-80ca-1db03d937ce1

GET
H2 200 SPug Show response
simage4.pubmatic.com/AdServer/ Frame 03B0 0
260 B 544ms
180ms Script
text/plain 67.199.150.85
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://simage4.pubmatic.com/AdServer/SPug?partnerID=156011&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3DPM_UID
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 67.199.150.85 Singapore, Singapore, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 14:23:02 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2 200 dt
dt.adsafeprotected.com/ Frame BB09 43 B
215 B 151ms
150ms Image
image/gif 54.218.45.54
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1703769&asId=26213381-5893-e5a2-429b-39bd1f7ebc43&tv=%7Bc:wCJrAV,pingTime:1,time:3097,type:p,clog:%5B%7Bpiv:0,vs:o,r:r,w:970,h:250,t:1058%7D,%7Bpiv:100,vs:i,r:,t:2096%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:1001,o:2096,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:1058,wc:0.0.1600.1200,ac:NaN.NaN.970.250,am:sp,cc:0.0.970.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1111~0,0~100%5D,as:%5B1111~970.250%5D%7D%7D,%7Bsl:i,t:2096,wc:0.0.1600.1200,ac:NaN.NaN.970.250,am:sp,cc:0.0.970.250,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1001~100%5D,as:%5B1001~970.250%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:159,fm:tYeD3Ag+11%7C12%7C1311%7C13121%7C13122%7C1313%7C1314%7C1315%7C1316%7C1317%7C1411%7C15*.1703769-75569295%7C151%7C152%7C153%7C16,idMap:15*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,siq:1060,sis:1539%7D&br=c
Requested by: Host: 68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com
URL: https://68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.218.45.54 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-218-45-54.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Dec 2023 14:23:02 GMT
server: nginx
x-server-name: dt04.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame BB09 43 B
215 B 152ms
151ms Image
image/gif 54.218.45.54
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1703769&asId=26213381-5893-e5a2-429b-39bd1f7ebc43&tv=%7Bc:wCJrAV,pingTime:1,time:3097,type:pf,clog:%5B%7Bpiv:0,vs:o,r:r,w:970,h:250,t:1058%7D,%7Bpiv:100,vs:i,r:,t:2096%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:1001,o:2096,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:1058,wc:0.0.1600.1200,ac:NaN.NaN.970.250,am:sp,cc:0.0.970.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1111~0,0~100%5D,as:%5B1111~970.250%5D%7D%7D,%7Bsl:i,t:2096,wc:0.0.1600.1200,ac:NaN.NaN.970.250,am:sp,cc:0.0.970.250,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1001~100%5D,as:%5B1001~970.250%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:159,fm:tYeD3Ag+11%7C12%7C1311%7C13121%7C13122%7C1313%7C1314%7C1315%7C1316%7C1317%7C1411%7C15*.1703769-75569295%7C151%7C152%7C153%7C16,idMap:15*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,siq:1060,sis:1539%7D&br=c
Requested by: Host: 68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com
URL: https://68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.218.45.54 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-218-45-54.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Dec 2023 14:23:02 GMT
server: nginx
x-server-name: dt20.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame 03B0 1 KB
2 KB 181ms
180ms Script
text/html 67.199.150.81
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=2136137&p=156011&s=165626&a=0&ptask=ALL&np=0&fp=0&rp=1&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3DPM_UID
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 67.199.150.81 Singapore, Singapore, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: /
Resource Hash: 9df8b5a5e908369fc6b98e47b7be56da412855f03250ff1264a62943b2da62bb

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date: Tue, 12 Dec 2023 14:23:02 GMT
content-length: 1146
content-type: text/html; charset=UTF-8

GET
H2

200

match Show response
c1.adform.net/serving/cookie/ Frame 650D
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=14&cid=B53FFD96-3FCD-48AE-AECE-02D31DCFA16D&gdpr=0&gdpr_consent=
https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=B53FFD96-3FCD-48AE-AECE-02D31DCFA16D&gdpr=0&gdpr_consent=

35 B
590 B

224ms
224ms

Document
image/gif

185.84.60.23

General

Check archive.org

Show headers Download Go to

Full URL

https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=B53FFD96-3FCD-48AE-AECE-02D31DCFA16D&gdpr=0&gdpr_consent=

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3DPM_UID

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.84.60.23 -, , ASN (),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: no-cache, no-store, must-revalidate, no-transform
content-type: image/gif
date: Tue, 12 Dec 2023 14:23:03 GMT
expires: -1
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains

Redirect headers

accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: no-cache, no-store, must-revalidate, no-transform
content-length: 0
date: Tue, 12 Dec 2023 14:23:03 GMT
expires: -1
location: https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=B53FFD96-3FCD-48AE-AECE-02D31DCFA16D&gdpr=0&gdpr_consent=
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains

GET
H2

204

ImgSync
image8.pubmatic.com/AdServer/ Frame E15A
Redirect Chain

https://ib.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=6094297737834264253&gdpr=0&gdpr_consent=
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=&us_privacy=${US_PRIVACY}

0
0

180ms
180ms

Document
text/plain

67.199.150.82
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=&us_privacy=${US_PRIVACY}
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3DPM_UID
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 67.199.150.82 Singapore, Singapore, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

date: Tue, 12 Dec 2023 14:23:03 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

cache-control: no-store, no-cache, private
date: Tue, 12 Dec 2023 11:20:35 GMT
location: https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=&us_privacy=${US_PRIVACY}
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

GET
H/1.1

200
OK

sync Show response
x.bidswitch.net/ Frame E675
Redirect Chain

https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent=&us_privacy=
https://x.bidswitch.net/ul_cb/sync?ssp=pubmatic&gdpr=0&gdpr_consent=&us_privacy=
https://sync.aralego.com/bsw_sync?ucf_nid=par-E2B44D84BBBDED8A0B297323E4B4A68&dsp_id=445&bidswitch_ssp_id=pubmatic&bsw_custom_parameter=a8253729-d409-460a-b0e5-033e0dd16f1d&gdpr=0&gdpr_consent=&gdp...
https://x.bidswitch.net/sync?dsp_id=445&user_id=2943f129-9419-38d5-b5e8-d44baa122c9c&ssp=pubmatic&bsw_param=a8253729-d409-460a-b0e5-033e0dd16f1d

43 B
235 B

105ms
104ms

Document
image/gif

35.213.12.39
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://x.bidswitch.net/sync?dsp_id=445&user_id=2943f129-9419-38d5-b5e8-d44baa122c9c&ssp=pubmatic&bsw_param=a8253729-d409-460a-b0e5-033e0dd16f1d
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3DPM_UID
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.213.12.39 Tokyo, Japan, ASN15169 (GOOGLE, US),
Reverse DNS: 39.12.213.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif
Date: Tue, 12 Dec 2023 14:23:03 GMT
Server: nginx

Redirect headers

Connection: close
Content-Length: 356
Content-Type: text/html; charset=utf-8
Date: Tue, 12 Dec 2023 14:23:03 GMT
Location: https://x.bidswitch.net/sync?dsp_id=445&user_id=2943f129-9419-38d5-b5e8-d44baa122c9c&ssp=pubmatic&bsw_param=a8253729-d409-460a-b0e5-033e0dd16f1d
Vary: Accept, Accept-Encoding

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame 3F64
Redirect Chain

https://cms.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=ccEYVXGXTFpqwRZdcJUCD3WRGQhqx0xVJpZFVCQ6

42 B
425 B

182ms
182ms

Document
image/gif

207.65.33.82
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=ccEYVXGXTFpqwRZdcJUCD3WRGQhqx0xVJpZFVCQ6
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3DPM_UID
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 207.65.33.82 Saint Joseph, United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Tue, 12 Dec 2023 14:23:03 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
date: Tue, 12 Dec 2023 14:23:03 GMT
expires: Fri, 04 Aug 1978 12:00:00 GMT
location: https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=ccEYVXGXTFpqwRZdcJUCD3WRGQhqx0xVJpZFVCQ6
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
pragma: no-cache
strict-transport-security: max-age=86400

GET

b9pj45k4
sync-tm.everesttech.net/ct/upi/pid/ Frame 6C2F
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=${TM_USER_ID}&gdpr=1&gdpr_con...
https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=${TM_USER_ID}&gdpr=1&gdpr_...

0
0

GET
H2

204

ImgSync
image8.pubmatic.com/AdServer/ Frame 222C
Redirect Chain

https://cm.ambientdsp.com/cm/send?vc=pmj
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQ0OSZ0bD00MzIwMA==&piggybackCookie=12okvn4lmvlu
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=&us_privacy=${US_PRIVACY}
https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COO...
https://c1.adform.net/serving/cookie/match?CC=1&party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&gdpr=0&gdpr_consent=&piggybackCookie=659307077908634591
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=&us_privacy=${US_PRIVACY}
https://pubmatic-match.dotomi.com/match/bounce/current?networkId=17100&version=1&nuid=B53FFD96-3FCD-48AE-AECE-02D31DCFA16D&gdpr=0&gdpr_consent=
https://pubmatic-match.dotomi.com/match/bounce/current?DotomiTest=16fc33cb672a20bf&is_secure=true&networkId=17100&version=1&nuid=B53FFD96-3FCD-48AE-AECE-02D31DCFA16D&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTQ2MSZ0bD0xMDA4MA==&piggybackCookie=AAALx-y8fmr1IQNbQzxRAAAAAAA&expiration=1702477384&nuid=B53FFD96-3FCD-48AE-AECE-02D31DCFA16D&...
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=&us_privacy=${US_PRIVACY}

0
0

181ms
181ms

Document
text/plain

67.199.150.82
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=&us_privacy=${US_PRIVACY}
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3DPM_UID
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 67.199.150.82 Singapore, Singapore, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

date: Tue, 12 Dec 2023 14:23:05 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

cache-control: no-store, no-cache, private
date: Tue, 12 Dec 2023 11:20:37 GMT
location: https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=&us_privacy=${US_PRIVACY}
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 87D9
Redirect Chain

https://sync.srv.stackadapt.com/sync?nid=11&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=0QJjteEPWOVyOHxktb2SCULLcKU&gdpr=0&gdpr_consent=

42 B
379 B

182ms
181ms

Document
image/gif

67.199.150.86
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=0QJjteEPWOVyOHxktb2SCULLcKU&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3DPM_UID
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 67.199.150.86 Singapore, Singapore, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Tue, 12 Dec 2023 14:23:03 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

Connection: keep-alive
Content-Length: 188
Content-Type: text/html; charset=utf-8
Date: Tue, 12 Dec 2023 14:23:03 GMT
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=0QJjteEPWOVyOHxktb2SCULLcKU&gdpr=0&gdpr_consent=

GET
H/1.1 200
OK ecm3 Show response
s.amazon-adsystem.com/ Frame CD33 43 B
479 B 215ms
215ms Document
image/gif 52.46.155.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://s.amazon-adsystem.com/ecm3?ex=pubmatic.com&id=PM_UIDB53FFD96-3FCD-48AE-AECE-02D31DCFA16D

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3DPM_UID

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.46.155.104 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif
Date: Tue, 12 Dec 2023 14:23:02 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Server: Server
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Vary: Content-Type,Accept-Encoding,User-Agent
x-amz-rid: 3JQ0R769HKE03G20M6X7

GET
H3

200

458249.gif
idsync.rlcdn.com/ Frame 03B0
Redirect Chain

https://idsync.rlcdn.com/420486.gif?partner_uid=B53FFD96-3FCD-48AE-AECE-02D31DCFA16D
https://idsync.rlcdn.com/1000.gif?memo=CIbVGRIwCiwIARCMowEaJEI1M0ZGRDk2LTNGQ0QtNDhBRS1BRUNFLTAyRDMxRENGQTE2RBAAGg0IxtnhqwYSBQjoBxAAQgBKAA
https://pippio.com/api/sync?pid=5324&it=1&iv=4a5905f20c5fe6350ae07696ed08a6074a111c8202aa939ea0aebafb6aa9bebe791426b5417dce21&_=2
https://cm.g.doubleclick.net/pixel?google_nid=pippio_dmp&google_cm&google_no_sc&m=CMwpElsKVwgBEJInGlA0YTU5MDVmMjBjNWZlNjM1MGFlMDc2OTZlZDA4YTYwNzRhMTExYzgyMDJhYTkzOWVhMGFlYmFmYjZhYTliZWJlNzkxNDI2YjU...
https://pippio.com/api/sync/ddp?pid=2&m=CMwpElsKVwgBEJInGlA0YTU5MDVmMjBjNWZlNjM1MGFlMDc2OTZlZDA4YTYwNzRhMTExYzgyMDJhYTkzOWVhMGFlYmFmYjZhYTliZWJlNzkxNDI2YjU0MTdkY2UyMRAAGgwIx9nhqwYSBAgCEABCAEoA&goog...
https://tags.rd.linksynergy.com/rcs?ns=lr&uid3=
https://idsync.rlcdn.com/458249.gif?partner_uid=f6ab34e2-1145-4aa7-b724-56146f712545

42 B
60 B

181ms
180ms

Image
image/gif

35.244.154.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/458249.gif?partner_uid=f6ab34e2-1145-4aa7-b724-56146f712545
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3DPM_UID
Protocol: H3
Server: 35.244.154.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.154.244.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 14:23:03 GMT
via: 1.1 google
content-type: image/gif
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

Redirect headers

date: Tue, 12 Dec 2023 14:23:03 GMT
via: 1.1 google
strict-transport-security: max-age=31536000
content-type: text/html; charset=utf-8
location: https://idsync.rlcdn.com/458249.gif?partner_uid=f6ab34e2-1145-4aa7-b724-56146f712545
x-samesite: secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 111

POST
H2 200 track
a.et.nytimes.com/ 0
0 244ms
244ms Ping
text/plain 50.112.118.45
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://a.et.nytimes.com/track
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/section/movies
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 50.112.118.45 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-50-112-118-45.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.nytimes.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

GET
H2 200 SPug Show response
simage4.pubmatic.com/AdServer/ Frame 03B0 0
128 B 181ms
181ms Script
text/plain 67.199.150.85
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://simage4.pubmatic.com/AdServer/SPug?partnerID=156011&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3DPM_UID
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 67.199.150.85 Singapore, Singapore, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 14:23:04 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: sync.mathtag.com
URL: https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA%3D%3D%26piggybackCookie%3Duid%3A%5BMM_UUID%5D

Domain: sync-tm.everesttech.net
URL: https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=${TM_USER_ID}&gdpr=1&gdpr_consent=&_test=ZXhsyAAGZN74JQBd

Verdicts & Comments Add Verdict or Comment

116 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

135 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.3lift.com/sync	1970-01-20 19:02:46	Name: sync Value: CgkIOhDJxaPzxTE=
i.liadm.com/s	1970-01-20 17:36:22	Name: _li_ss Value: ChAKBgjSARDbFgoGCKIBENsW
.nytimes.com/	1970-01-21 01:38:46	Name: nyt-a Value: aYNGHPrVtqsGVz6MMdXzZf
.nytimes.com/	1970-01-20 16:53:32	Name: nyt-gdpr Value: 0
.nytimes.com/	1970-01-21 01:38:46	Name: nyt-purr Value: cfhhcfhhhckfhdfsh
.nytimes.com/	1969-12-31 23:59:59	Name: nyt-b3-traceid Value: 45d5bb26a58c47cdbba4765d345c57a8
.et.nytimes.com/	1970-01-20 16:53:12	Name: sessionActive Value: true
.et.nytimes.com/	1970-01-21 01:38:46	Name: sessionIndex Value: 1\|1702390976723\|aYNGHPrVtqsGVz6MMdXzZf\|1702390976723
.et.nytimes.com/	1970-01-20 16:54:37	Name: et-ppvid Value: https://www.nytimes.com/section/movies=Nmzto2xnS7dut1kKI15JE621
.openx.net/	1970-01-21 01:38:46	Name: receive-cookie-deprecation Value: 1
.scorecardresearch.com/	1970-01-21 02:29:10	Name: UID Value: 1F40ebfefa4bc1edd898ec01702390977
.3lift.com/	1970-01-20 19:02:46	Name: tluid Value: 4563082581659851557982
.adnxs.com/	1970-01-20 19:02:46	Name: icu Value: ChgIkbx3EAoYASABKAEwwdnhqwY4AUABSAEQwdnhqwYYAA..
.adnxs.com/	1970-01-20 19:02:46	Name: uuid2 Value: 6094297737834264253
.www.nytimes.com/	1970-01-21 01:38:46	Name: datadome Value: rvfi3cj4LaNX~n6FlGTjt6QyHYndBfwdJASmdlvDHZ9YTwlpNA1l0KPs23vjVo_dzrka5~8V6x3DP6JyfDjvoiVtMSs1KxL_mkl4dvDXS48XPOjUHR7cWTNlbchBOxiH
.nytimes.com/	1970-01-21 02:22:40	Name: purr-cache Value: <K0<r<C_<G_<S0<a0<ua<T0
.nytimes.com/	1970-01-21 01:38:46	Name: nyt-jkidd Value: uid=0&lastRequest=1702390978042&activeDays=%5B0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C1%5D&adv=1&a7dv=1&a14dv=1&a21dv=1&lastKnownType=anon&newsStartDate=&entitlements=
a.nytimes.com/	1969-12-31 23:59:59	Name: jkidd-s Value: referrer=&landing=&start=1702390978042&isNew=1&pageIndex=1
a.nytimes.com/	1970-01-21 01:38:46	Name: jkidd-p Value: prevPage=&currPage=
.nytimes.com/	1970-01-20 16:53:45	Name: b2b_cig_opt Value: %7B%22isCorpUser%22%3Afalse%7D
.nytimes.com/	1970-01-20 16:53:45	Name: edu_cig_opt Value: %7B%22isEduUser%22%3Afalse%7D
.nytimes.com/	1970-01-20 19:02:46	Name: _gcl_au Value: 1.1.829376863.1702390978
.adsrvr.org/	1970-01-21 01:40:13	Name: TDID Value: 97c7f663-a8ae-4388-a348-f00d2a750605
.nytimes.com/	1970-01-21 02:21:58	Name: _cb Value: DW4reLDaLajUBrifY9
.nytimes.com/	1970-01-21 02:21:58	Name: _chartbeat2 Value: .1702390978579.1702390978579.1.D3IW7JBUDONMBWlvj0xPADuC31bzk.1
.nytimes.com/	1970-01-20 16:53:12	Name: _cb_svref Value: null
.amazon-adsystem.com/	1970-01-20 21:44:03	Name: ad-id Value: A0jGw5etPE1ep1pL9cKvWW0
.amazon-adsystem.com/	1970-01-21 02:29:10	Name: ad-privacy Value: 0
.doubleclick.net/	1970-01-21 02:29:10	Name: IDE Value: AHWqTUkoS8fgkXvQwb9lzubzbFn9oVvieQAoIbkyyYkzNsKR-mhpsX7jUWQmeITh
.media.net/	1970-01-21 01:38:46	Name: visitor-id Value: 3453925792890142000V10
.rubiconproject.com/	1970-01-21 01:38:46	Name: khaos Value: LQ2FMTGL-25-4S9A
.doubleclick.net/	1970-01-20 16:53:11	Name: test_cookie Value: CheckForPermission
.openx.net/	1970-01-21 01:38:46	Name: i Value: 63014234-36e9-0981-039f-45f039f52498\|1702390979
.nytimes.com/	1970-01-21 02:14:46	Name: __gads Value: ID=8d7e85fce9d15695:T=1702390978:RT=1702390978:S=ALNI_MaXWd_70CbulIcmdGAyJT_0EsauQw
.nytimes.com/	1970-01-21 02:14:46	Name: __gpi Value: UID=00000caac016fd61:T=1702390978:RT=1702390978:S=ALNI_Mab03_wTZiyFYm9nwM5rP9Xfkxo0Q
.casalemedia.com/	1970-01-20 19:02:46	Name: CMPS Value: 4944
.openx.net/	1970-01-20 17:14:46	Name: pd Value: v2\|1702390979\|jElYiuvOhI
.casalemedia.com/	1970-01-21 01:38:46	Name: CMID Value: ZXhsw9hMmxDOyEbVTzghIgAA
.casalemedia.com/	1970-01-20 19:02:46	Name: CMPRO Value: 4775
.ladsp.com/	1970-01-20 16:53:14	Name: cr Value: 1
.brand-display.com/	1970-01-21 02:29:10	Name: _knxq_ Value: 8d0e630b-e327-4f5a-60adf172.1702390979.0.1702390979.1702390979
.ladsp.com/	1970-01-21 02:29:10	Name: smn_uid Value: Veim92Q1rDhy7Mh8AZOCCRA-NbTxUNo
.ladsp.com/	1970-01-21 02:29:10	Name: lum Value: CNi4o_PFMRIFCAMQ0AU
.pubmatic.com/	1970-01-21 01:38:46	Name: KADUSERCOOKIE Value: B53FFD96-3FCD-48AE-AECE-02D31DCFA16D
.yahoo.com/	1970-01-21 01:39:08	Name: A3 Value: d=AQABBMNseGUCEMhlL40Z7YHFh6T4NQZNsVcFEgEBAQG-eWWCZdww0iMA_eMAAA&S=AQAAAqjV-vq0XgiW_UhXOf5frJ4
.hb.yahoo.net/	1970-01-20 21:12:22	Name: visitor-id Value: 3453925802890166000V10
.hb.yahoo.net/	1970-01-20 17:13:20	Name: data-ttd Value: 97c7f663-a8ae-4388-a348-f00d2a750605~~63
.tapad.com/	1970-01-20 18:19:34	Name: TapAd_TS Value: 1702390980573
.tapad.com/	1970-01-20 18:19:34	Name: TapAd_DID Value: 10e0fb2e-34c0-4e4b-95c1-9a17e5716ff2
.semasio.net/	1970-01-21 01:38:46	Name: SEUNCY Value: 3DA8353EEEB3685B
.pubmatic.com/	1970-01-20 19:02:46	Name: KRTBCOOKIE_80 Value: 22987-CAESEJfXm496VJXDyraA2ISk7n0&KRTB&23025-CAESEJfXm496VJXDyraA2ISk7n0&KRTB&23386-CAESEJfXm496VJXDyraA2ISk7n0
.pubmatic.com/	1970-01-20 19:02:46	Name: KRTBCOOKIE_377 Value: 6810-97c7f663-a8ae-4388-a348-f00d2a750605&KRTB&22918-97c7f663-a8ae-4388-a348-f00d2a750605&KRTB&22926-97c7f663-a8ae-4388-a348-f00d2a750605&KRTB&23031-97c7f663-a8ae-4388-a348-f00d2a750605
.simpli.fi/	1970-01-21 01:40:13	Name: suid Value: 525C936CB87B4D8E8003A94C1DA24957
.socdm.com/	1970-01-21 02:29:10	Name: SOSYNC Value: anNvbjp7Im9wZW54IjoxNzAyMzkwOTgwfQ
.demdex.net/	1970-01-20 21:12:22	Name: demdex Value: 17934080828682584163347802384102589218
.crwdcntrl.net/	1970-01-20 23:21:58	Name: _cc_dc Value: 2
.crwdcntrl.net/	1970-01-20 23:21:58	Name: _cc_id Value: d05c7930733c5a949589f596cfdefe3
.pubmatic.com/	1970-01-20 17:36:22	Name: KRTBCOOKIE_148 Value: 19421-uid:525C936CB87B4D8E8003A94C1DA24957&KRTB&23486-uid:525C936CB87B4D8E8003A94C1DA24957&KRTB&23489-uid:525C936CB87B4D8E8003A94C1DA24957&KRTB&23539-uid:525C936CB87B4D8E8003A94C1DA24957
.liadm.com/	1970-01-21 02:29:10	Name: lidid Value: b549779f-7bc6-4f95-9de8-ed9bba8c1e0e
.tapad.com/	1970-01-20 18:19:34	Name: TapAd_3WAY_SYNCS Value: 1!8318
.dpm.demdex.net/	1970-01-20 21:12:22	Name: dpm Value: 17934080828682584163347802384102589218
pixel.rubiconproject.com/	1970-01-20 19:02:46	Name: receive-cookie-deprecation Value: 1
.adsrvr.org/	1970-01-21 01:40:13	Name: TDCPM Value: CAESFgoHcnViaWNvbhILCJjAwY78yb08EAUSFQoGZ29vZ2xlEgsIgrKOgPzJvTwQBRIZCgpyaWdodG1lZGlhEgsIrNWOgPzJvTwQBRIYCgliaWRzd2l0Y2gSCwi2xqGA_Mm9PBAFEhUKBmNhc2FsZRILCLLWq4D8yb08EAUSFAoFdGFwYWQSCwii_suM_Mm9PBAFEhYKB3N2eDl0NTASCwjSsqqS_Mm9PBAFGAEgASgCMgsInqmtv5LKvTwQBTgBWgdzdng5dDUwYAI.
.bidr.io/	1970-01-21 02:21:40	Name: bito Value: AAAlr07K8NoAABRNEyjRQw
.bidr.io/	1970-01-21 02:21:40	Name: bitoIsSecure Value: ok
pixel-us-east.rubiconproject.com/	1970-01-20 19:02:46	Name: receive-cookie-deprecation Value: 1
.criteo.com/	1970-01-21 02:14:46	Name: uid Value: 108491ce-0083-467b-adbd-07a77e7a6bdb
.media.net/	1970-01-20 17:36:22	Name: data-c Value: 108491ce-0083-467b-adbd-07a77e7a6bdb~~1
.media.net/	1970-01-20 17:36:22	Name: data-c-ts Value: 1702390981
.adnxs.com/	1970-01-20 19:02:46	Name: anj Value: dTM7k!M40]D>6NRF']wIg2Hb=vA(QN!A#F8(<j<dINiYhTyXnfi8FW/3@nWe4<wBI58sG>][XP+6)TYF8D-7>h'nDU/X%W#.wLP6:R^]a013aRWNsOloS>=Uf)b2OK#X9M_b*@'s>TZ94sH
.adnxs.com/	1970-01-20 19:02:46	Name: uids Value: eyJ0ZW1wVUlEcyI6eyJydWJpY29uIjp7InVpZCI6IkxRMkZNVEdMLTI1LTRTOUEiLCJleHBpcmVzIjoiMjAyNC0wMy0xMVQxNDoyMzowMVoifX0sImJpcnRoZGF5IjoiMjAyMy0xMi0xMlQxNDoyMzowMVoifQ==
.w55c.net/	1970-01-21 02:24:51	Name: wfivefivec Value: mTTU3yPJ1Rd3F35
.turn.com/	1970-01-20 21:12:22	Name: uid Value: 4205292252947206702
.hb.yahoo.net/	1970-01-21 01:38:46	Name: data-mag Value: LQ2FMTGL-25-4S9A~~63
.ipredictive.com/	1970-01-21 01:38:46	Name: cu Value: 65102b74-5207-4d0a-92d0-2a3a405f5420\|1702390982026
.pubmatic.com/	1970-01-20 17:36:22	Name: KRTBCOOKIE_22 Value: 14911-4205292252947206702&KRTB&23150-4205292252947206702&KRTB&23527-4205292252947206702
.w55c.net/	1970-01-20 17:36:22	Name: matchmedianet Value: 5
.media.net/	1970-01-21 01:37:20	Name: data-xu Value: mTTU3yPJ1Rd3F35~~8
.rubiconproject.com/	1970-01-21 01:38:46	Name: audit Value: 1\|WD0cx+9RTMKE3W1M7UELK2svGr/qdDoV3ZuJ1R/a5Uijwlvovo7hcSfxpwkVc3OikrVAsT5szDDgcRgjl6EitZCbFpcyK9i+sqlSNZOaaDQ=
.linkedin.com/	1970-01-21 01:38:46	Name: bcookie Value: "v=2&90adce96-3253-4049-853a-11469d1178fd"
.linkedin.com/	1970-01-20 16:54:37	Name: lidc Value: "b=TGST08:s=T:r=T:a=T:p=T:g=2658:u=1:x=1:i=1702390982:t=1702477382:v=2:sig=AQE7B3uuKfVtIOqi_VIftb6J8tYrdRGt"
.pubmatic.com/	1970-01-20 17:36:22	Name: SPugT Value: 1702390982
.dotomi.com/	1970-01-20 16:53:11	Name: DotomiTest Value: 1867e518f41820bf
.ads.pubmatic.com/	1970-01-20 16:54:37	Name: KCCH Value: YES
.analytics.yahoo.com/	1970-01-21 01:38:46	Name: IDSYNC Value: "175w~2fke:19e0~2fke:18y3~2fke:18vk~2fke:18z8~2fke"
.pubmatic.com/	1970-01-20 19:02:46	Name: DPSync3 Value: 1703548800%3A201_245_226_197%7C1702425600%3A248%7C1702944000%3A164
.media.net/	1970-01-21 01:37:20	Name: data-co Value: AAAL_TcoJe4jQgMKhUIiAAAAAAA~~8
.prebid.a-mo.net/	1970-01-20 16:54:37	Name: _sv3_7 Value: 1
.a-mo.net/	1970-01-21 01:38:46	Name: amuid2 Value: 1cd187ed-34db-4846-93fb-0ef1bff881f4
.prebid.a-mo.net/	1970-01-21 01:38:46	Name: sd_amuid2 Value: 1cd187ed-34db-4846-93fb-0ef1bff881f4
.rezync.com/	1970-01-21 02:14:46	Name: zync-uuid Value: 6fa7c272-8cc4-4735-a419-82b4fcca0c88:1702390982.615638
.bidswitch.net/	1970-01-21 01:38:46	Name: tuuid Value: a8253729-d409-460a-b0e5-033e0dd16f1d
.bidswitch.net/	1970-01-21 01:38:46	Name: c Value: 1702390982
.bidswitch.net/	1970-01-21 01:38:46	Name: tuuid_lu Value: 1702390982
.pubmatic.com/	1970-01-20 19:02:46	Name: KRTBCOOKIE_57 Value: 22776-6094297737834264253&KRTB&23339-6094297737834264253
.rlcdn.com/	1970-01-20 18:19:34	Name: pxrc Value: CMbZ4asGEgUI6AcQABIFCOhHEAA=
www.nytimes.com/	1970-01-20 16:53:11	Name: _dd_s Value: rum=0&expire=1702391876068
.ambientdsp.com/	1970-01-20 16:54:37	Name: _aGeoIp Value: AU-Sydney
.ambientdsp.com/	1970-01-21 02:29:10	Name: _aUID Value: 12okvn4lmvlu
.primis.tech/	1970-01-20 17:29:10	Name: csuuid Value: 65786cc708fab
.pippio.com/	1970-01-21 01:38:46	Name: did Value: ZtSCagcicOAbWdk_
.pippio.com/	1970-01-21 01:38:46	Name: didts Value: 1702390983
.pippio.com/	1970-01-20 18:19:34	Name: nnls Value:
.pubmatic.com/	1970-01-20 17:36:22	Name: KRTBCOOKIE_1290 Value: 23368-12okvn4lmvlu
.intentiq.com/	1970-01-21 02:29:10	Name: intentIQ Value: xJvfvhhG22
.intentiq.com/	1970-01-21 02:29:10	Name: IQver Value: 1.9
sync.srv.stackadapt.com/	1970-01-21 01:38:46	Name: sa-user-id Value: s%3A0-d10263b5-e10f-58e5-7238-7c64b5bd9209.KynL6733sDNULQR6ZEg2HOrNU7qMw7BsPEGOW9hcWcE
.srv.stackadapt.com/	1970-01-21 01:38:46	Name: sa-user-id Value: s%3A0-d10263b5-e10f-58e5-7238-7c64b5bd9209.KynL6733sDNULQR6ZEg2HOrNU7qMw7BsPEGOW9hcWcE
sync.srv.stackadapt.com/	1970-01-21 01:38:46	Name: sa-user-id-v2 Value: s%3A0QJjteEPWOVyOHxktb2SCULLcKU.l%2F6%2FdIv3ILdKYxbmYdEtpCAayK8rBwhofrTetJDR%2B08
.srv.stackadapt.com/	1970-01-21 01:38:46	Name: sa-user-id-v2 Value: s%3A0QJjteEPWOVyOHxktb2SCULLcKU.l%2F6%2FdIv3ILdKYxbmYdEtpCAayK8rBwhofrTetJDR%2B08
sync.srv.stackadapt.com/	1970-01-21 01:38:46	Name: sa-user-id-v3 Value: s%3AAQAKINf-de3yIkJUyaxkBzOxDYJ2XhL841pNGHDANMz8cn-5EHwYBCDH2eGrBjABOgQtwj9GQgR4pqK4.5MGzYHX1nlZchPLARXNMnS80tNsrZvn29bbdUZyWtbc
.srv.stackadapt.com/	1970-01-21 01:38:46	Name: sa-user-id-v3 Value: s%3AAQAKINf-de3yIkJUyaxkBzOxDYJ2XhL841pNGHDANMz8cn-5EHwYBCDH2eGrBjABOgQtwj9GQgR4pqK4.5MGzYHX1nlZchPLARXNMnS80tNsrZvn29bbdUZyWtbc
.quantserve.com/	1970-01-20 19:02:46	Name: d Value: ELgBCwHSKvijAA
.quantserve.com/	1970-01-21 02:23:25	Name: mc Value: 65786cc7-5907a-b2e6e-3c8ab
.pippio.com/	1970-01-20 18:19:34	Name: pxrc Value: CMfZ4asGEgQIAhAAEgYI7OsBEAA=
.linksynergy.com/	1970-01-21 01:38:46	Name: rmuid Value: f6ab34e2-1145-4aa7-b724-56146f712545
.linksynergy.com/	1970-01-21 01:38:46	Name: icts Value: 2023-12-12T14:23:03Z
.pubmatic.com/	1970-01-20 19:02:46	Name: SyncRTB3 Value: 1703548800%3A56_7_21_3_54_8_247_233_71_22_13_220%7C1702944000%3A223_2%7C1703203200%3A63
.pubmatic.com/	1970-01-20 16:53:10	Name: ipc Value: 0^^2^0
.pubmatic.com/	1970-01-20 16:54:37	Name: pi Value: 0:3
.pubmatic.com/	1970-01-20 19:02:46	Name: chkChromeAb67Sec Value: 6
.rfihub.com/	1970-01-21 02:14:46	Name: rud Value: H4sIAAAAAAAA_-MSNrQ0tzA1Nbe0MDU0NjMzMDU1NhTiM9T1S87wDCpPq0gp8DICAFogBd4lAAAA
.rfihub.com/	1969-12-31 23:59:59	Name: euds Value: H4sIAAAAAAAA_wXByQ2AMAwEwA_tGPmKvaabsFIKoXJmvqvq7Ka3C8iU7Fiy00bgbx5yK4HHWj1GB36XrQr8EmtYrTkAAAA
.rfihub.com/	1969-12-31 23:59:59	Name: ruds Value: H4sIAAAAAAAA_-MSNrQ0tzA1Nbe0MDU0NjMzMDU1NhTiM9T1S87wDCpPq0gp8DICAFogBd4lAAAA
.rfihub.com/	1970-01-21 02:14:46	Name: eud Value: H4sIAAAAAAAA_1XIuQ2AMAwAwAmoMoeRfztsYyxlIEpKJqVDory7hvuqaA6G7FbQEINSmpB86uou7MyDAlkmzuTdyVzyHtt3omrP3_4C4tuzDFkAAAA
.intentiq.com/	1970-01-21 02:29:10	Name: IQPData Value: 1120628901#1702390983472#0#1702390983472
.intentiq.com/	1970-01-21 02:29:10	Name: intentIQCDate Value: 1702390983474
.intentiq.com/	1970-01-21 02:29:10	Name: ASDT Value: 0
.intentiq.com/	1970-01-21 02:29:10	Name: CSDT Value: UEQ6MTUxMDZfMCZUeUVkNGlM
.aralego.com/	1970-01-21 00:01:38	Name: sspid Value: 2943f129-9419-38d5-b5e8-d44baa122c9c
.pubmatic.com/	1970-01-20 19:02:46	Name: KRTBCOOKIE_860 Value: 16335-0QJjteEPWOVyOHxktb2SCULLcKU&KRTB&23334-0QJjteEPWOVyOHxktb2SCULLcKU&KRTB&23417-0QJjteEPWOVyOHxktb2SCULLcKU&KRTB&23426-0QJjteEPWOVyOHxktb2SCULLcKU
.pubmatic.com/	1970-01-20 17:36:22	Name: PugT Value: 1702390983
.pubmatic.com/	1970-01-20 19:02:46	Name: KRTBCOOKIE_153 Value: 1923-ccEYVXGXTFpqwRZdcJUCD3WRGQhqx0xVJpZFVCQ6&KRTB&19420-ccEYVXGXTFpqwRZdcJUCD3WRGQhqx0xVJpZFVCQ6&KRTB&22979-ccEYVXGXTFpqwRZdcJUCD3WRGQhqx0xVJpZFVCQ6&KRTB&23462-ccEYVXGXTFpqwRZdcJUCD3WRGQhqx0xVJpZFVCQ6
.rlcdn.com/	1970-01-21 01:38:46	Name: rlas3 Value: vngO5W28j+PcCjFn8lQ0iVDV7RcmMl9XUozGKwIEIZ8=
live.rezync.com/	1970-01-21 02:14:46	Name: sd-session-id Value: .eJwNylEOwiAMANC79HsYCpQWLrNgZQnRoRnzx2V3d58veQfMn7qtpde-Q963b51AX-3SgHzAaL-1PiEDJhYiTkLoY7REHuGcYNQx2rvP7XGduBRWx86IajCBPZkSMBlx97CoFqsiGdk6n2wSd4tI0Qucf4_DJX0.ZXhsxw.4EpC77z3Xsrjejvfu176wNZRynQ

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	URL: https://www.nytimes.com/section/movies(Line 207) Message: document.domain mutation is ignored because the surrounding agent cluster is origin-keyed.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src data: https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

5290727.fls.doubleclick.net
68c8944912376a781e8f465ff6c854fd.safeframe.googlesyndication.com
a.et.nytimes.com
a.nytimes.com
a1.nyt.com
aax-eu.amazon-adsystem.com
aax.amazon-adsystem.com
accounts.google.com
ad.doubleclick.net
ad.turn.com
ads.pubmatic.com
adservice.google.com
adservice.google.com.au
als-svc.nytimes.com
c.amazon-adsystem.com
c.bannerflow.net
c1.adform.net
cdn.brandmetrics.com
cm.ambientdsp.com
cm.g.doubleclick.net
cms.quantserve.com
collector.brandmetrics.com
config.aps.amazon-adsystem.com
contextual.media.net
cr-p3.ladsp.com
cs.media.net
csi.gstatic.com
d.turn.com
dd.nytimes.com
dis.criteo.com
dmp.brand-display.com
dpm.demdex.net
dsum-sec.casalemedia.com
dsum.casalemedia.com
dt.adsafeprotected.com
eb2.3lift.com
eus.rubiconproject.com
fastlane.rubiconproject.com
fw.adsafeprotected.com
g1.nyt.com
googleads.g.doubleclick.net
gw.geoedge.be
hb.yahoo.net
hbopenbid.pubmatic.com
htlb.casalemedia.com
i.liadm.com
ib.adnxs.com
idsync.rlcdn.com
image2.pubmatic.com
image4.pubmatic.com
image6.pubmatic.com
image8.pubmatic.com
insight.adsrvr.org
jp-u.openx.net
live.primis.tech
live.rezync.com
match.adsrvr.org
match.prod.bidr.io
medianet-match.dotomi.com
movies.nytimes.com
mwcm.nytimes.com
nytimes-d.openx.net
p.rfihub.com
pagead2.googlesyndication.com
pippio.com
pixel-us-east.rubiconproject.com
pixel.rubiconproject.com
pixel.tapad.com
pm.w55c.net
pnytimes.chartbeat.net
pr-bh.ybp.yahoo.com
prebid.a-mo.net
prebid.media.net
pubmatic-match.dotomi.com
purr.nytimes.com
px.ads.linkedin.com
rtb.openx.net
rumcdn.geoedge.be
s.amazon-adsystem.com
s0.2mdn.net
samizdat-graphql.nytimes.com
sb.scorecardresearch.com
securepubads.g.doubleclick.net
simage2.pubmatic.com
simage4.pubmatic.com
ssum-sec.casalemedia.com
static.adsafeprotected.com
static.chartbeat.com
static01.nyt.com
sync-tm.everesttech.net
sync.aralego.com
sync.crwdcntrl.net
sync.intentiq.com
sync.ipredictive.com
sync.mathtag.com
sync.srv.stackadapt.com
sync1.intentiq.com
tags.rd.linksynergy.com
tg.socdm.com
tlx.3lift.com
token.rubiconproject.com
tpc.googlesyndication.com
u.openx.net
uipglob.semasio.net
um.simpli.fi
ups.analytics.yahoo.com
us-u.openx.net
www.datadoghq-browser-agent.com
www.googletagmanager.com
www.googletagservices.com
www.nytimes.com
x.bidswitch.net
sync-tm.everesttech.net
sync.mathtag.com
103.229.10.211
103.43.89.4
104.17.202.110
104.18.36.155
104.26.13.18
107.178.254.65
119.9.108.180
124.146.153.163
13.107.42.14
13.213.94.216
13.224.181.100
13.227.254.2
13.35.147.106
13.35.147.38
13.35.147.46
13.35.151.118
13.35.151.131
131.153.206.100
142.250.204.1
142.250.204.2
142.250.204.6
142.250.66.194
142.250.66.226
142.250.66.232
142.251.12.84
142.251.221.66
142.251.221.70
15.197.193.217
151.101.129.164
151.101.193.164
172.64.151.101
18.136.5.195
18.138.18.111
18.143.106.89
18.238.192.123
18.244.214.85
18.67.107.130
18.67.111.28
18.67.114.43
18.67.93.81
18.67.97.42
182.161.73.146
185.84.60.23
192.96.203.13
198.8.71.130
20.50.2.28
207.65.33.82
23.198.59.89
23.202.170.128
23.202.170.74
23.206.242.194
23.52.225.82
3.226.96.146
34.111.113.62
34.120.63.153
34.160.19.107
34.234.28.111
34.98.67.3
35.169.223.36
35.186.253.211
35.213.12.39
35.236.220.17
35.244.154.8
35.244.159.8
35.71.178.8
44.226.14.255
50.112.118.45
50.116.239.135
52.46.155.104
52.86.247.227
52.94.223.167
54.147.41.158
54.218.45.54
54.249.46.39
54.251.155.38
54.255.162.48
54.79.148.68
64.233.185.94
67.199.150.81
67.199.150.82
67.199.150.85
67.199.150.86
67.199.150.87
69.173.151.100
69.173.158.64
69.173.158.65
89.207.22.137
01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd
029fea4d8569b2bc1c939ff408bafc069c61748e42c85d876ce38989bfdfef52
05978957c6c8b028f2785dc77271c286bfac76e30b7bcd7e835c2927fbe897cf
0624d4a945f2c2079ae3046b3fa8440920828c2743f112c69f99d6085c985f88
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
09bff184ea094a06e46d7f26512fd7b245304078a27f1ba8084488cbcf7704de
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0b904723c5938b523c9ae329ba2b763681cb1de225c8f202d11012cbfd533f1f
0c443b91759dd30a5d3a0f34ab1fe5219052a1233922ce3f64909a22382bd430
0e6980668245ddf949ca2231afae205e62a0660d0ef73a97242941c74ee9c757
0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec
0f6c5dce22f32948222277096740ba2e7cb56b77a7feb3a9d37350672c588ac6
112f3b860b3119ca5423d480476d5b60cef7ae7468623201dde0376bb6131e0f
136b5c63e0ecd000667c1e627837e0b604bafef7f7338a5b57fe51ec5b1492c5
14513b9dd86ae005fa46e90d5cb049cd2439cb57ecb5c2b72df50d1447172f5e
1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002
1bdff12fc4f8e14a0f32bfb9aa0ecb447713dc8ce01f635fd7f582c71518fa68
1c4e7e389d73c6acf7f19cc812514e71230740791fde8a018c1d7edccf1590ae
1c5395f6205dc8e59a1869a8e3b4a38ee649e96f23907d907f4b9cc958aa5f76
1f4331b939f323115346f3e400c9d5b4c275fdb5997e18aba79471d450730106
1fe37d55e6324e8660e627fdf1cd545c9a84f80963bc07f3a564434043650a09
1fe7c7fad29dbb17c0b81206b297b7b7c35c9eb05b00a1edada09b121e166a38
21b9e0f4cf193d980500358ef342b8fe7a0e4b4fbcddf247f6dd1d45bbfa27b9
2872a6283f92a0e48691020c8f3b4d021f42c03a7e2d4354c6a33ff8da206fe5
293b602d0f7dddf0de912af3bf11ad62bb390b5159e5a8c44b4c3805e6834ab6
29a39b512e3a33aba1de7f9664a09621e6a7e6b351d13f9a3e3c4ab7bb124d0d
2af4b1fb066de4da4960940fcb990e1eab05732fe95480ffa7cf5f29f422218f
2be9d3bae1b55648cdae07cb404809af051504c0f822ba0f89802d3c005ebd9e
2e8d3d94804cb18f10af813e0ffec73594193d4ab6df11ff947c13e4f617a218
2f1442acf0c26c27edd582bcc4a22eec08ffbd952599be0af9bcfccbae871e68
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
307ec4276d520aa1731262647da82d9c2464f3fe4dd67ecba8912d015abe3d84
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
316e65b89469c80f64de0ee59a4c9f4ea6c5e79a9acf9c415b57a465d7f8f6aa
32ca19db6ff65e76a89d648378528c65251e6fe0e4aace4b2e87f47eab95a498
3399b722acf372fe61a7af76de270e97601a4a055f90f866d3cf66d1037964ba
3459a86a1a5a0ebefc38ba347c8eee86838664553d2732a9f0d75d9b474bab72
375158c1bf9b1fdfd7fb158bc931aab8a3cc3d0407065e804fcc80a04b6bdea2
38bc16a58459956bdbcc193e12187c769004be470b56764fdcc348374313005b
3b7df8039da00c48c5cf0ca207eb9a4a03d362e17176171c9c2ba75fcfbd6ca2
3dd9c8deec417c77b8b70e299a2de0746a2f264a8a1594f2edbc5d01840f875f
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
3f770f537145bf6ca53f22706f1befe600243936bd5eb48eb4b18456cfca5fb3
3f824ce0ed2523da296824e9a9ddd80594be0dfb2f1fb07fea8f178ac771cb98
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
42b02163b99f5f59d7f7e839ffa3933734c70e613f8d92f6cc4575bb97d1d489
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
4393afca1705a2ce3ed685ec428533f39710cf04adb2ffaa94282b4ff9e8d248
45263fcec38868af5a6ab765d2e941b6ab7010fdd2ce0234581af769c30fbc3d
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
48c17df8a89e5c3acb4127a265cce50218716f0dfdf7ad265267d4a013f01b2f
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4be3bad3d13ad8dcc3232eaf08560b691d426ef49592aa8e43a6cd88d11062a6
4dce82188087b5a879afaed84f7c41579a9ccd759994d30d908879edc355ca62
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f837869b80c34ed1a128362a6ed24ff5ebdae743dc55eb3c183ae9c8b5f4ca3
502e2d3d603625c036ca116dd1971b073ed08c0d2160399225df5ca6140d40ed
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
5632afc3acab8b36b1724af185ceb5dd236c4586598f05fd93b9b4d4e2fe41f1
57bc281be64ff5ec8e3c2258640df6097a32f08ac5a2c346f214300eb430f176
5be89ad241b600411c56e2f681a6aa952768a04a0d679d7ba5507dfe32ef3b43
5f20338b9aab2f5f33562eb3b0b23d999896ce426cacd2231b4123510571df4e
5fc1722631c279136d35b326ea4fee27c1f7da8cf3df37bb1aa7aec58827d023
61fccfdc6707e6432998da73d67d285fad858d68d59c9eb2657930772fb2cbd9
626fe07f8002e07eb5641ba6b6536c50367625e351cf157f9b5f24e7de0e040c
6292d47914f9b1671e0c7b3076ea35aa0127785ed01ae8df56f534171114b08a
641ce763bef7827c20830206189d4640b73383c7618079ec675abe18661db463
650a7f5042bb1691c47e2739b4addbb6073e65c00ec12350f8cbb6c9bb35cdd5
667520e658dbf05ac06b081b39507d1bd2d00ac79521847f631738b0094ebb03
677032f463161f7eb7bc3fc5216fc7f81b233ad8f2fe0a48506f4b3bf8a2d15d
68105f1407ddbb60d8759e83603ed8826f8696d113453d0eb3ae2c9b1d8ac9a8
6ddb5ed1f5b14c409a096ed3d748233c17491a4fde156df67524df6a681f6336
761030a5378e067b411705db758970243679c69413bb808e5bdaf5d1f200de02
770bee6f13fa88ea66aa20f957872838258a975bc7296652eefef496fa9d6492
7837207f1197c426c0551dcbead6be815beff78431f5c45e84014a94cfde09d5
78409fb2cff4656c59023442d3b9601e5b413fd24bfe43346824f5d7ad02fa4b
7d58f0b8cd6862e6585a29e79cb427601671844d4e2f2f790623cd32a186c779
7e7a1c54060752586b61ede881eb42f005b535a0b986792e6ab99c63a9c18129
81619079df55e825a05ee5c4560da97e35fcdfa62c7f4c06ffad6dd61ba1beed
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
844236314113f0997ba9146c0b71b329ea02b2551976c62134822ffacf24605d
84927937ae71e45d5246323b4b067c77915e8cd2bdb6bd549cfeecb31b693329
856aaced31ed8261b78a7aea881a732f46cc68ec9ff93861a99e8aed2100716e
8908178caa6f0c4fde51b489de403b886e98c3738049f5121881b15e9d059db9
8aa1e610b22079cb84a89491850b86860036e3f2c9750a367d839b9a6a63d306
8d6679c1ce1ac8605f5c410f30d1b06713479732043b75e81130cbe21b60e579
8db149554ca8da3ec8d27bcc17432052801e32f9f651b4030414a4aa93acaa1a
8e53e50181b7a9e2caa94173c37fcd9de8fa75750764a2ad8ad02fac3306d652
9129c3cb5b3b6d486d719614ef0e64508258a9d15de6c8bfab167e3da9dd87f3
9863e497691733db74131fb61099b6d3aad4198f442b261fd589ab6a96ab13d9
98933a92e36a9f02568cba0776c649efeee2aa7dd02cde8abf8a51ad88e2e326
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9d05ae9b253cab83099387db0d3a4ec1c2be203c3738e2dcb74927c1fd6bc626
9d29bd3d743d6136eeaaa2f19ea175e6679f5c5d897c3b5c5c5caa7c265e3b2b
9d96b2fe2d8d4a398a846ebee84e5e70ec37e0fc613b3e2a5aaa81b1bf2d8470
9df8b5a5e908369fc6b98e47b7be56da412855f03250ff1264a62943b2da62bb
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a1dd48c657971696c2087f2a6beb489ee65b25320b763222f10718dd93e9149e
a6a464e55b66da4ea128368c807cf47f6b05c8e939c8ca27a01e30e41f57a914
ab58c90a662cf700705e739676c14e82d7ab3e91ec18689f6f30daf88d8a2194
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b32e3879c83af441e675efa49587cb894bdd3c10420475f79879fbfb7a69766b
b5221e0636a97505ae38720d4ef182d35be5fb47d2628428db4fc918ab7ee30e
b71c20271d9c80d1a71aa0ab9935281c4fa8ac404533f1a0747d7fb03fc68e79
b728959cc185ca5740ab862ff3cd8e9a6527df90eb19d45d373e9f7a9e3c8e09
b78e47480c89dd9cff7f581de356397aa0be04220097068b611152a492396b1d
ba014b41e87e2deda011cf92146d1b1842133b416d5ce0be02719670c0d46e10
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bc12347103da4da2ac30f8b4defd567679284e0bad691a54fad78ad804fc9c27
bd0746450746c2e23310f91b52d3023a7ca760bbd022540556ec7395c148353a
bd3f7700f1c1bf3d0b53e8d08f2e7a4382d02bba0abc674029ee1e59dd7bc58a
bdeed1e1c0751610c8f3dc2a5c78c93f841c366b36a7f7a54f5e6752c2656c05
beb4f2cf4d77438d70f43bf4ddd4b44cc8b5a904bc9519065a56ac22a6012d04
c11d50a1918e615029f239580a1d4a1aa32328fdd6149225cc74e411c84db96e
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c4b813f7aa04eca20be469b259cca2779799f58e280d73488bd7386940d2d146
c4bbc583aaed302599700b32c627128eaf272499efdc8458f816b4cb7911e1c2
c54140eac6df64b97abf9bf21e88910bac89ddc973d871fcd33dca119b8b4c24
c8fffb0b438b7f9403ccd47fddc2de355f2f685fe2f59ac9d4c15f82854d79b1
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
cd2eef8e807f0e9a4d87ef688e2050d574f1371040dcef1df57c62a1aab5531d
cd5eb76033d96219a0c4fe45fb0df10202e1febcb4d086fb1305f1b3304a6b1a
cda3c421b62828768ee2741a35bef36bcfdb1199ee3eb987269f7d1ce2dd8876
ce172f7a06f833a8a832bd30b436c5dd43f76f737177f2c737756aa300abd5da
ce44d9d3620877fb90e5a0dc690fb51323242adfd601d2d327e623488f94c67d
cf270229e004cc9e09e49f17fd5f5de7b0785b9352875f7f9ce4338837b491dc
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d3a56f8b41b66ccd5d69973d233c4e106581454c0ff292ae2ece2df66f7a49cb
d6999b8277188f61786d4faf83e18d783360ccfaeb0483e748e7ddb306f8c819
d74f3acd42f70d94250e0f86315476a34fff26ddf8c3d3db17caef3bf92fced2
d8d927ccd0c0ce5c6cb2ce7e7a1330fd09ae3e5a1d743678820f4184aa6beecf
dd0464c1b94d39e8958ba7a4c594cec1c1625ec4c5c154aa9ffc51de38e04da6
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4f36ff5478faa26189d3c027452c4959c15cbaba110619e4ef8e210e9da555a
e580b888ec2ff667515810611d279b0a9ccba891e80dbeb183ac6eea7e5526e1
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
eccd98f60887db343dda1d6e742eae7c954c554ade7a3d815bddd734a029d3a2
ed079d77ba54a8e4bfc931029de75b1f5128fcae45e274d53aca95f8ab17b438
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f5cdb19b0a7d221d8c2c4787dd44d5c86b6462a23b1d42914722b52eaf9f2c14
f6289c6e8f30dea17a484bb92b9a0c9d3ea4fe733a24f83b63a79a37e0329463
f79b8d8264eaf4ab002526e742f9c06603f3e80f095e9ae5569c6ce6257928ab
f8018ac0d5ade5c992dccb83915d04af94d42283dadbe071b57f058c27d126ee
f873b046caf3f9312f75aa80873bbe267547a1814ae39e47181463416253a90c
f96baa5f621a484608df22bb08ad90ad516c3db831e5e89442fd25ca3306b477
fc52743549708cdc656d9176cfd25f27236ce029a5caf4c738c29aa29c446a12
fe8d5a6f12533884b6896dd290e422c830e86e0228d45dbe97ac03c6e86a5b5a
ff18779bb7f76122171e9faa51b7af30bc0239d361c926489b02032bb5bccb54

www.nytimes.com Open in urlscan Pro 151.101.129.164 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

250 Requests

78 %HTTPS

0 %IPv6

61 Domains

112 Subdomains

64 IPs

8 Countries

4093 kBTransfer

10823 kBSize

135 Cookies

17 Outgoing links

Page URL History

Redirected requests

250 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.nytimes.com Open in urlscan Pro
151.101.129.164 Public Scan

Screenshot
Live screenshot

Full Image

250
Requests

78 %
HTTPS

0 %
IPv6

61
Domains

112
Subdomains

64
IPs

8
Countries

4093 kB
Transfer

10823 kB
Size

135
Cookies

250 HTTP transactions
3 data transactions