www.nytimes.com Open in urlscan Pro
151.101.1.164 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.nytimes.com/2020/02/21/your-money/fake-check-scam.html
Submission: On October 20 via manual (October 20th 2021, 3:49:27 pm UTC) from US — Scanned from DE

Summary HTTP 136 Redirects Links 19 Behaviour Indicators

Summary

This website contacted 28 IPs in 4 countries across 18 domains to perform 136 HTTP transactions. The main IP is 151.101.1.164, located in United States and belongs to FASTLY, US. The main domain is www.nytimes.com.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on January 3rd 2020. Valid for: 2 years.

This is the only time www.nytimes.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
29	151.101.1.164 151.101.1.164	54113 (FASTLY) (FASTLY)
1	142.250.185.104 142.250.185.104	15169 (GOOGLE) (GOOGLE)
2	104.111.214.229 104.111.214.229	16625 (AKAMAI-AS) (AKAMAI-AS)
19	172.217.18.115 172.217.18.115	15169 (GOOGLE) (GOOGLE)
8	142.250.184.206 142.250.184.206	15169 (GOOGLE) (GOOGLE)
12	142.250.185.98 142.250.185.98	15169 (GOOGLE) (GOOGLE)
1	35.244.188.62 35.244.188.62	15169 (GOOGLE) (GOOGLE)
11	151.101.193.164 151.101.193.164	54113 (FASTLY) (FASTLY)
2	143.204.98.114 143.204.98.114	16509 (AMAZON-02) (AMAZON-02)
1	142.250.185.194 142.250.185.194	15169 (GOOGLE) (GOOGLE)
4	142.250.186.162 142.250.186.162	15169 (GOOGLE) (GOOGLE)
2	142.250.185.129 142.250.185.129	15169 (GOOGLE) (GOOGLE)
1	35.241.35.241 35.241.35.241	15169 (GOOGLE) (GOOGLE)
4	142.250.185.163 142.250.185.163	15169 (GOOGLE) (GOOGLE)
3	142.250.185.142 142.250.185.142	15169 (GOOGLE) (GOOGLE)
3 6	142.250.185.70 142.250.185.70	15169 (GOOGLE) (GOOGLE)
1	143.204.98.142 143.204.98.142	16509 (AMAZON-02) (AMAZON-02)
1	34.241.169.143 34.241.169.143	16509 (AMAZON-02) (AMAZON-02)
2	142.250.186.74 142.250.186.74	15169 (GOOGLE) (GOOGLE)
6	142.250.181.225 142.250.181.225	15169 (GOOGLE) (GOOGLE)
2	142.250.186.163 142.250.186.163	15169 (GOOGLE) (GOOGLE)
1	52.45.183.189 52.45.183.189	14618 (AMAZON-AES) (AMAZON-AES)
2	2.18.232.109 2.18.232.109	16625 (AKAMAI-AS) (AKAMAI-AS)
7	142.250.185.238 142.250.185.238	15169 (GOOGLE) (GOOGLE)
3	213.254.244.17 213.254.244.17	3257 (GTT-BACKB...) (GTT-BACKBONE GTT)
5	172.67.199.199 172.67.199.199	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	142.250.184.196 142.250.184.196	15169 (GOOGLE) (GOOGLE)
136	28

29 151.101.1.164 (United States)

ASN54113 (FASTLY, US)

www.nytimes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
g1.nyt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
static01.nyt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
samizdat-graphql.nytimes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
myaccount.nytimes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mwcm.nytimes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
a1.nyt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
static01.nytimes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mwcm.nyt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.104 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.111.214.229 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-214-229.deploy.static.akamaitechnologies.com

s.go-mpulse.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.go-mpulse.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 172.217.18.115 (United States)

ASN15169 (GOOGLE, US)
PTR: zrh04s05-in-f115.1e100.net

a.et.nytimes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
purr.nytimes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
a.nytimes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 142.250.184.206 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f14.1e100.net

news.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 142.250.185.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.188.62 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: 62.188.244.35.bc.googleusercontent.com

als-svc.nytimes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 151.101.193.164 (United States)

ASN54113 (FASTLY, US)

g1.nyt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 143.204.98.114 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-114.fra50.r.cloudfront.net

dd.nytimes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f2.1e100.net

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.186.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f2.1e100.net

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.129 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f1.1e100.net

a1e3f65b35dc087d2bb1afe2b62255a6.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.241.35.241 (Ascension Island)

ASN15169 (GOOGLE, US)
PTR: 241.35.241.35.bc.googleusercontent.com

meter-svc.nytimes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.185.163 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f3.1e100.net

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.185.142 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f14.1e100.net

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.185.70 (United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f6.1e100.net

5290727.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.98.142 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-142.fra50.r.cloudfront.net

static.chartbeat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.241.169.143 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-241-169-143.eu-west-1.compute.amazonaws.com

insight.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.74 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f10.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.181.225 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f1.1e100.net

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.163 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f3.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.45.183.189 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-45-183-189.compute-1.amazonaws.com

pnytimes.chartbeat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.18.232.109 (Ascension Island)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-232-109.deploy.static.akamaitechnologies.com

cdn.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 142.250.185.238 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f14.1e100.net

play.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 213.254.244.17 (Ireland)

ASN3257 (GTT-BACKBONE GTT, US)

tps.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
tps20222.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 172.67.199.199 (United States)

ASN13335 (CLOUDFLARENET, US)

platform.iteratehq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
iteratehq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.184.196 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
46	nytimes.com www.nytimes.com samizdat-graphql.nytimes.com a.et.nytimes.com als-svc.nytimes.com myaccount.nytimes.com dd.nytimes.com meter-svc.nytimes.com purr.nytimes.com a.nytimes.com mwcm.nytimes.com static01.nytimes.com	1 MB
19	google.com news.google.com adservice.google.com play.google.com www.google.com	71 KB
17	nyt.com g1.nyt.com static01.nyt.com a1.nyt.com mwcm.nyt.com	412 KB
13	googlesyndication.com a1e3f65b35dc087d2bb1afe2b62255a6.safeframe.googlesyndication.com tpc.googlesyndication.com pagead2.googlesyndication.com	347 KB
13	doubleclick.net 3 redirects securepubads.g.doubleclick.net 5290727.fls.doubleclick.net ad.doubleclick.net	165 KB
6	gstatic.com www.gstatic.com fonts.gstatic.com	142 KB
5	iteratehq.com platform.iteratehq.com iteratehq.com	272 KB
5	doubleverify.com cdn.doubleverify.com tps.doubleverify.com tps20222.doubleverify.com	95 KB
3	google-analytics.com www.google-analytics.com	20 KB
2	googleapis.com fonts.googleapis.com	2 KB
2	go-mpulse.net s.go-mpulse.net c.go-mpulse.net	50 KB
1	chartbeat.net pnytimes.chartbeat.net	201 B
1	googletagservices.com www.googletagservices.com	38 KB
1	adsrvr.org insight.adsrvr.org	261 B
1	chartbeat.com static.chartbeat.com	14 KB
1	google.de adservice.google.de	853 B
1	googletagmanager.com www.googletagmanager.com	95 KB
0	sumologic.com Failed collectors.sumologic.com Failed
136	18

	Domain	Requested by
16	a.et.nytimes.com	www.nytimes.com
12	g1.nyt.com	www.nytimes.com g1.nyt.com
11	www.nytimes.com	www.nytimes.com
8	news.google.com	www.nytimes.com news.google.com www.gstatic.com
7	play.google.com	www.gstatic.com
7	securepubads.g.doubleclick.net	www.nytimes.com securepubads.g.doubleclick.net a1e3f65b35dc087d2bb1afe2b62255a6.safeframe.googlesyndication.com www.googletagservices.com
6	tpc.googlesyndication.com	a1e3f65b35dc087d2bb1afe2b62255a6.safeframe.googlesyndication.com securepubads.g.doubleclick.net tpc.googlesyndication.com
6	samizdat-graphql.nytimes.com	www.nytimes.com
5	pagead2.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
4	5290727.fls.doubleclick.net	2 redirects www.googletagmanager.com
4	www.gstatic.com	news.google.com www.gstatic.com
3	platform.iteratehq.com	www.nytimes.com platform.iteratehq.com
3	mwcm.nyt.com	www.nytimes.com
3	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com www.nytimes.com
3	adservice.google.com	securepubads.g.doubleclick.net 5290727.fls.doubleclick.net
3	myaccount.nytimes.com	www.nytimes.com myaccount.nytimes.com
2	tps20222.doubleverify.com	cdn.doubleverify.com
2	iteratehq.com	platform.iteratehq.com
2	cdn.doubleverify.com	a1e3f65b35dc087d2bb1afe2b62255a6.safeframe.googlesyndication.com www.nytimes.com
2	static01.nytimes.com	a1e3f65b35dc087d2bb1afe2b62255a6.safeframe.googlesyndication.com
2	fonts.gstatic.com	news.google.com fonts.googleapis.com
2	ad.doubleclick.net	1 redirects a1e3f65b35dc087d2bb1afe2b62255a6.safeframe.googlesyndication.com
2	fonts.googleapis.com	client a1e3f65b35dc087d2bb1afe2b62255a6.safeframe.googlesyndication.com
2	a.nytimes.com	www.nytimes.com mwcm.nyt.com
2	a1e3f65b35dc087d2bb1afe2b62255a6.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	dd.nytimes.com	www.nytimes.com dd.nytimes.com
1	www.google.com	tpc.googlesyndication.com
1	tps.doubleverify.com	cdn.doubleverify.com
1	pnytimes.chartbeat.net	www.nytimes.com
1	www.googletagservices.com	a1e3f65b35dc087d2bb1afe2b62255a6.safeframe.googlesyndication.com
1	insight.adsrvr.org	www.nytimes.com
1	a1.nyt.com	www.nytimes.com
1	static.chartbeat.com	www.nytimes.com
1	mwcm.nytimes.com	www.nytimes.com
1	c.go-mpulse.net	s.go-mpulse.net
1	purr.nytimes.com	www.nytimes.com
1	meter-svc.nytimes.com	www.nytimes.com
1	adservice.google.de	securepubads.g.doubleclick.net
1	als-svc.nytimes.com	www.nytimes.com
1	s.go-mpulse.net	www.nytimes.com
1	www.googletagmanager.com	www.nytimes.com
1	static01.nyt.com	www.nytimes.com
0	collectors.sumologic.com Failed	mwcm.nyt.com
136	43

This site contains links to these domains. Also see Links.

Domain
myaccount.nytimes.com
www.facebook.com
api.whatsapp.com
twitter.com
help.nytimes.com
www.nytco.com
nytmediakit.com
www.tbrandstudio.com
nytimes.com

Subject Issuer	Validity	Valid
nytimes.com Sectigo RSA Domain Validation Secure Server CA	`2020-01-03` - `2022-04-06`	2 years	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-10-04` - `2021-12-27`	3 months	crt.sh
akstat.io DigiCert SHA2 Secure Server CA	`2021-06-08` - `2022-06-13`	a year	crt.sh
a.et.nytimes.com GTS CA 1D4	`2021-09-28` - `2021-12-27`	3 months	crt.sh
*.news.google.com GTS CA 1C3	`2021-10-04` - `2021-12-27`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-10-04` - `2021-12-27`	3 months	crt.sh
dd.nytimes.com Sectigo RSA Domain Validation Secure Server CA	`2021-03-04` - `2022-04-03`	a year	crt.sh
*.google.com GTS CA 1C3	`2021-10-04` - `2021-12-27`	3 months	crt.sh
*.google.de GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
purr.nytimes.com GTS CA 1D4	`2021-09-24` - `2021-12-23`	3 months	crt.sh
a.nytimes.com GTS CA 1D4	`2021-09-14` - `2021-12-13`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-10-04` - `2021-12-27`	3 months	crt.sh
*.chartbeat.com Thawte RSA CA 2018	`2021-05-20` - `2022-06-03`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2021-03-18` - `2022-04-19`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
*.chartbeat.net Thawte RSA CA 2018	`2020-12-01` - `2021-12-30`	a year	crt.sh
*.doubleverify.com DigiCert SHA2 Secure Server CA	`2021-01-10` - `2022-01-17`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-07-04` - `2022-07-03`	a year	crt.sh
www.google.com GTS CA 1C3	`2021-10-04` - `2021-12-27`	3 months	crt.sh

This page contains 10 frames:

Primary Page: https://www.nytimes.com/2020/02/21/your-money/fake-check-scam.html
Frame ID: 39260EB1B3F5C8A4754AEC9541166C89
Requests: 83 HTTP requests in this frame

Frame: https://myaccount.nytimes.com/auth/prefetch-assets
Frame ID: A44D53C71474605B8958DB43CE50C6CC
Requests: 3 HTTP requests in this frame

Frame: https://news.google.com/swg/_/ui/v1/serviceiframe?_=454095
Frame ID: 001F9EA6CE60EBCB28B5C46C67EEAC76
Requests: 13 HTTP requests in this frame

Frame: https://a1e3f65b35dc087d2bb1afe2b62255a6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: F277F1AD41D29FA6824CBB678731A822
Requests: 1 HTTP requests in this frame

Frame: https://a1e3f65b35dc087d2bb1afe2b62255a6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 507DADA081EADEDA2CC862DC8E941B0D
Requests: 17 HTTP requests in this frame

Frame: https://5290727.fls.doubleclick.net/activityi;dc_pre=COHm_MWr2fMCFejAUQodNucKcA;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=8169318318570;gtm=2wgai0;auiddc=1062748651.1634744962;u17=https%3A%2F%2Fwww.nytimes.com%2F2020%2F02%2F21%2Fyour-money%2Ffake-check-scam.html;~oref=https%3A%2F%2Fwww.nytimes.com%2F2020%2F02%2F21%2Fyour-money%2Ffake-check-scam.html
Frame ID: 372DCD0AF5017E68BB339D12FC68BF2A
Requests: 2 HTTP requests in this frame

Frame: https://cdn.doubleverify.com/dv-measurements1800.js
Frame ID: 2E3A0CF4E9C786716863E3475E5B9CF3
Requests: 4 HTTP requests in this frame

Frame: https://5290727.fls.doubleclick.net/activityi;dc_pre=CKD6nMar2fMCFVwcBgAdHhwOlQ;src=5290727;type=remar0;cat=gatew0;ord=1;num=6902454173006;gtm=2wgai0;auiddc=1062748651.1634744962;u17=https%3A%2F%2Fwww.nytimes.com%2F2020%2F02%2F21%2Fyour-money%2Ffake-check-scam.html;~oref=https%3A%2F%2Fwww.nytimes.com%2F2020%2F02%2F21%2Fyour-money%2Ffake-check-scam.html
Frame ID: 7FB4FCE487EFDFF4554C743BDC68A657
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: 305D9C641DB37A0671A959B27C1A2519
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: FAC97441AE17808F18EA1BF3EA53426B
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Got an Unexpected Check in the Mail? It May Be Fake - The New York TimesThe New York Times: Digital and Home Delivery Subscriptionsplus-iconcheck

Detected technologies

Chartbeat (Analytics) Expand

Overall confidence: 100%
Detected patterns

chartbeat\.js

Datadome (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

tpc\.googlesyndication\.com/safeframe

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js

Page Statistics

136
Requests

99 %
HTTPS

0 %
IPv6

18
Domains

43
Subdomains

28
IPs

4
Countries

2890 kB
Transfer

8491 kB
Size

32
Cookies

19 Outgoing links

These are links going to different origins than the main page.

URL: https://myaccount.nytimes.com/auth/login?response_type=cookie&client_id=vi&redirect_uri=https%3A%2F%2Fwww.nytimes.com%2Fsubscription%2Fmultiproduct%2Flp8KQUS.html%3FcampaignId%3D7JFJX%26EXIT_URI%3Dhttps%253A%252F%252Fwww.nytimes.com%252F2020%252F02%252F21%252Fyour-money%252Ffake-check-scam.html&asset=masthead
Title: Log in

Search URL Search Domain Scan URL

URL: https://www.facebook.com/dialog/feed?app_id=9869919170&link=https%3A%2F%2Fwww.nytimes.com%2F2020%2F02%2F21%2Fyour-money%2Ffake-check-scam.html%3Fsmid%3Dfb-share&name=Got%20an%20Unexpected%20Check%20in%20the%20Mail%3F%20It%20May%20Be%20Fake&redirect_uri=https%3A%2F%2Fwww.facebook.com%2F

Search URL Search Domain Scan URL

URL: https://api.whatsapp.com/send?text=Got%20an%20Unexpected%20Check%20in%20the%20Mail%3F%20It%20May%20Be%20Fake%20https%3A%2F%2Fwww.nytimes.com%2F2020%2F02%2F21%2Fyour-money%2Ffake-check-scam.html%3Fsmid%3Dwa-share

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?url=https%3A%2F%2Fwww.nytimes.com%2F2020%2F02%2F21%2Fyour-money%2Ffake-check-scam.html%3Fsmid%3Dtw-share&text=Got%20an%20Unexpected%20Check%20in%20the%20Mail%3F%20It%20May%20Be%20Fake

Search URL Search Domain Scan URL

URL: https://help.nytimes.com/hc/en-us/articles/115014792127-Copyright-notice
Title: © 2021 The New York Times Company

Search URL Search Domain Scan URL

URL: https://www.nytco.com/
Title: NYTCo

Search URL Search Domain Scan URL

URL: https://help.nytimes.com/hc/en-us/articles/115015385887-Contact-Us
Title: Contact Us

Search URL Search Domain Scan URL

URL: https://help.nytimes.com/hc/en-us/articles/115015727108-Accessibility
Title: Accessibility

Search URL Search Domain Scan URL

URL: https://www.nytco.com/careers/
Title: Work with us

Search URL Search Domain Scan URL

URL: https://nytmediakit.com/
Title: Advertise

Search URL Search Domain Scan URL

URL: http://www.tbrandstudio.com/
Title: T Brand Studio

Search URL Search Domain Scan URL

URL: https://help.nytimes.com/hc/en-us/articles/115014893428-Terms-of-service
Title: Terms of Service

Search URL Search Domain Scan URL

URL: https://help.nytimes.com/hc/en-us/articles/115014893968-Terms-of-sale
Title: Terms of Sale

Search URL Search Domain Scan URL

URL: https://help.nytimes.com/hc/en-us
Title: Help

Search URL Search Domain Scan URL

URL: https://myaccount.nytimes.com/get-started?o=1281e5fc-d028-11ea-a072-340cee6a52b6&campaignId=9WJRH
Title: SUBSCRIBE NOW

Search URL Search Domain Scan URL

URL: https://help.nytimes.com/hc/en-us/articles/115014893968-Terms-of-sale#cancel
Title: Cancellation and Refund Policy

Search URL Search Domain Scan URL

URL: https://help.nytimes.com/hc/en-us/articles/115015385887-Contact-Us?redir=myacc
Title: Feedback

Search URL Search Domain Scan URL

URL: https://nytimes.com/cookie-policy
Title: view our Cookie Policy.

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 67

https://5290727.fls.doubleclick.net/activityi;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=8169318318570;gtm=2wgai0;auiddc=1062748651.1634744962;u17=https%3A%2F%2Fwww.nytimes.com%2F2020%2F02%2F21%2Fyour-money%2Ffake-check-scam.html;~oref=https%3A%2F%2Fwww.nytimes.com%2F2020%2F02%2F21%2Fyour-money%2Ffake-check-scam.html HTTP 302
https://5290727.fls.doubleclick.net/activityi;dc_pre=COHm_MWr2fMCFejAUQodNucKcA;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=8169318318570;gtm=2wgai0;auiddc=1062748651.1634744962;u17=https%3A%2F%2Fwww.nytimes.com%2F2020%2F02%2F21%2Fyour-money%2Ffake-check-scam.html;~oref=https%3A%2F%2Fwww.nytimes.com%2F2020%2F02%2F21%2Fyour-money%2Ffake-check-scam.html

Request Chain 76

https://ad.doubleclick.net/ddm/trackimp/N510001.6440THENEWYORKTIMESCOMP5/B25621311.314865394;dc_trk_aid=507951462;dc_trk_cid=158420696;ord=864284281;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd= HTTP 302
https://ad.doubleclick.net/ddm/trackimp/N510001.6440THENEWYORKTIMESCOMP5/B25621311.314865394;dc_pre=CLHc_cWr2fMCFXKDgwcdWOgKMw;dc_trk_aid=507951462;dc_trk_cid=158420696;ord=864284281;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=

Request Chain 112

https://5290727.fls.doubleclick.net/activityi;src=5290727;type=remar0;cat=gatew0;ord=1;num=6902454173006;gtm=2wgai0;auiddc=1062748651.1634744962;u17=https%3A%2F%2Fwww.nytimes.com%2F2020%2F02%2F21%2Fyour-money%2Ffake-check-scam.html;~oref=https%3A%2F%2Fwww.nytimes.com%2F2020%2F02%2F21%2Fyour-money%2Ffake-check-scam.html HTTP 302
https://5290727.fls.doubleclick.net/activityi;dc_pre=CKD6nMar2fMCFVwcBgAdHhwOlQ;src=5290727;type=remar0;cat=gatew0;ord=1;num=6902454173006;gtm=2wgai0;auiddc=1062748651.1634744962;u17=https%3A%2F%2Fwww.nytimes.com%2F2020%2F02%2F21%2Fyour-money%2Ffake-check-scam.html;~oref=https%3A%2F%2Fwww.nytimes.com%2F2020%2F02%2F21%2Fyour-money%2Ffake-check-scam.html

136 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request fake-check-scam.html Show response
www.nytimes.com/2020/02/21/your-money/ 366 KB
75 KB 154ms
97ms Document
text/html 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nytimes.com/2020/02/21/your-money/fake-check-scam.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

4995cbee2ebbb8e787b80a4c65474aabd9ec2af43e1bb606e3389c7822149481

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
Strict-Transport-Security	max-age=63072000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.nytimes.com
:scheme: https
:path: /2020/02/21/your-money/fake-check-scam.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

server: nginx
content-type: text/html; charset=utf-8
x-nyt-data-last-modified: Wed, 20 Oct 2021 15:48:29 GMT
last-modified: Wed, 20 Oct 2021 15:48:29 GMT
x-scoop-last-modified: 2020-02-22T06:35:55.673Z
x-pagetype: vi-story
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-encoding: gzip
cache-control: s-maxage=300,no-cache
x-nyt-route: vi-story
x-datadome-timer: S1634744960.981377,VS0,VE5
x-origin-time: 2021-10-20 15:49:20 UTC
fastly-restarts: 1
accept-ranges: bytes
date: Wed, 20 Oct 2021 15:49:20 GMT
age: 50
x-served-by: cache-lga21920-LGA, cache-fra19158-FRA
x-cache: HIT, MISS
x-cache-hits: 1, 0
x-timer: S1634744960.981377,VS0,VE89
vary: Accept-Encoding, Fastly-SSL
set-cookie: nyt-a=pvdMTDYvXcDONPAECZdEkJ; Expires=Thu, 20 Oct 2022 15:49:20 GMT; Path=/; Domain=.nytimes.com; SameSite=none; Secure datadome=XHV6OBY7nZJ0OzSPzzwacD1jD0yS71J6~zeseiN9_ez5NmgakP~gghUQ7I7xF1GilB.cRGTNuIL3VJEjSRIqP.IhmgDDtucKV-TajSEYj3; Max-Age=31536000; Domain=.nytimes.com; Path=/; Secure; SameSite=Lax nyt-gdpr=1; Expires=Wed, 20 Oct 2021 21:49:20 GMT; Path=/; Domain=.nytimes.com nyt-purr=cfhspnahhud; Expires=Thu, 20 Oct 2022 15:49:20 GMT; Path=/; Domain=.nytimes.com; SameSite=Lax; Secure nyt-us=0; Expires=Wed, 20 Oct 2021 21:49:20 GMT; Path=/; Domain=.nytimes.com nyt-geo=DE; Expires=Wed, 20 Oct 2021 21:49:20 GMT; Path=/; Domain=.nytimes.com nyt-b3-traceid=82bd4a45d3a640e1a1d058c77fcb683e; Path=/; Domain=.nytimes.com; SameSite=none; Secure
x-datadome: protected
x-gdpr: 1
x-frame-options: DENY
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/2020/02/21/your-money/fake-check-scam.html
x-api-version: F-F-VI
content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
strict-transport-security: max-age=63072000; preload
x-nyt-edge-cache: HIT-MISS
content-length: 75361

GET
H2 200 web-fonts.b1c035e4560e0216caf8f03326e0430712b61041.css
g1.nyt.com/fonts/css/ 60 KB
10 KB 21ms
7ms Stylesheet
text/css 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://g1.nyt.com/fonts/css/web-fonts.b1c035e4560e0216caf8f03326e0430712b61041.css
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/2020/02/21/your-money/fake-check-scam.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.1.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 6de706923eaa7411b5bc9dfcc2de58c8950a85454fc1aa386f3537b19f861d5a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-goog-hash: crc32c=i0q+3Q==, md5=Gy5SJh6FIQsSa1B2q6k1mw==
date: Wed, 20 Oct 2021 15:49:20 GMT
content-encoding: gzip
content-type: text/css; charset=utf-8
age: 11461329
x-guploader-uploadid: ABg5-UyBp8dD7jijPXIyd6RzettY1GKD33NP3qnIdhMXY9G6YI9PPOR6oiFF1Hnu1DuGHNpeSqg44ErSMMjJCZLEBTlHBu3i8Q
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
content-length: 9775
via: 1.1 varnish
x-served-by: cache-fra19158-FRA
accept-ranges: bytes
expires: Fri, 10 Jun 2022 00:07:09 GMT
last-modified: Tue, 06 Apr 2021 21:11:51 GMT
server: UploadServer
x-timer: S1634744960.113908,VS0,VE0
etag: "1b2e52261e85210b126b5076aba9359b"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
x-goog-generation: 1617743511910294
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
x-goog-stored-content-length: 9775
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 34887

GET
H2 200 global-2c70a72e6a867f256c6ccdf508c13728.css
www.nytimes.com/vi-assets/static-assets/ 6 KB
3 KB 7ms
7ms Stylesheet
text/css 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nytimes.com/vi-assets/static-assets/global-2c70a72e6a867f256c6ccdf508c13728.css

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2020/02/21/your-money/fake-check-scam.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

5e6830dc42fc6683f7735d4f8d270095d7d5e39bb8e172968f9ed97841cfe8d3

Security Headers

Name

Value

Content-Security-Policy

upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;

Strict-Transport-Security

max-age=63072000; preload

Request headers

:path: /vi-assets/static-assets/global-2c70a72e6a867f256c6ccdf508c13728.css
pragma: no-cache
cookie: nyt-a=pvdMTDYvXcDONPAECZdEkJ; datadome=XHV6OBY7nZJ0OzSPzzwacD1jD0yS71J6~zeseiN9_ez5NmgakP~gghUQ7I7xF1GilB.cRGTNuIL3VJEjSRIqP.IhmgDDtucKV-TajSEYj3; nyt-gdpr=1; nyt-purr=cfhspnahhud; nyt-us=0; nyt-geo=DE; nyt-b3-traceid=82bd4a45d3a640e1a1d058c77fcb683e
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: www.nytimes.com
referer: https://www.nytimes.com/2020/02/21/your-money/fake-check-scam.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/2020/02/21/your-money/fake-check-scam.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-encoding: gzip
age: 161221
x-guploader-uploadid: ADPycduheer7-C979lTfL3JEWDoZJGD3rh8Eq6AAyYCroL65gOUDo830aMeJPtpd2hHqedeWVgHEDBQl3toKJokMspQ
x-goog-stored-content-encoding: identity
x-origin-time: 2021-10-18 19:02:19 UTC
x-served-by: cache-fra19158-FRA
x-timer: S1634744960.100134,VS0,VE1
etag: "5c80476286383482a44ebbe191fe2c6d"
vary: Accept-Encoding, Fastly-SSL
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/global-2c70a72e6a867f256c6ccdf508c13728.css
content-type: text/css; charset=utf-8
cache-control: public,max-age=31536000
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 3866
date: Wed, 20 Oct 2021 15:49:20 GMT
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
content-length: 1977
last-modified: Mon, 18 Oct 2021 18:52:22 GMT
server: UploadServer
strict-transport-security: max-age=63072000; preload
x-goog-hash: crc32c=sOu9tA== md5=XIBHYoY4NIKkTrvhkf4sbQ==
x-goog-generation: 1634583142677650
expires: Tue, 18 Oct 2022 19:02:19 GMT
x-gdpr: 1
x-goog-stored-content-length: 5668
set-cookie: nyt-gdpr=1; Expires=Wed, 20 Oct 2021 21:49:20 GMT; Path=/; Domain=.nytimes.com
accept-ranges: bytes

GET
H2 200 adslot-9ed1668273f5efb92524.js Show response
www.nytimes.com/vi-assets/static-assets/ 19 KB
7 KB 8ms
7ms Script
application/javascript 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nytimes.com/vi-assets/static-assets/adslot-9ed1668273f5efb92524.js

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2020/02/21/your-money/fake-check-scam.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

6ffc01509034ff1699612910412f4711b94ebb845d7f129431671e34a4727e3d

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=63072000; preload

Request headers

:path: /vi-assets/static-assets/adslot-9ed1668273f5efb92524.js
pragma: no-cache
cookie: nyt-a=pvdMTDYvXcDONPAECZdEkJ; datadome=XHV6OBY7nZJ0OzSPzzwacD1jD0yS71J6~zeseiN9_ez5NmgakP~gghUQ7I7xF1GilB.cRGTNuIL3VJEjSRIqP.IhmgDDtucKV-TajSEYj3; nyt-gdpr=1; nyt-purr=cfhspnahhud; nyt-us=0; nyt-geo=DE; nyt-b3-traceid=82bd4a45d3a640e1a1d058c77fcb683e
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.nytimes.com
referer: https://www.nytimes.com/2020/02/21/your-money/fake-check-scam.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/2020/02/21/your-money/fake-check-scam.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-encoding: gzip
age: 5983
x-guploader-uploadid: ADPycduHLEM2zQAxcNCSyKjwJq356sc5xJIUpfOjra2WUNlZLpoNHUtXYaLy17iQ5RcPGHS0XN3aKaptSF3c_9zFoz4
x-goog-stored-content-encoding: identity
x-origin-time: 2021-10-20 14:09:36 UTC
x-served-by: cache-fra19158-FRA
x-timer: S1634744960.111005,VS0,VE1
etag: "8b58f4a31256c1dee2f6eecc327c83e4"
vary: Accept-Encoding, Fastly-SSL
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/adslot-9ed1668273f5efb92524.js
content-type: application/javascript
cache-control: public,max-age=31536000
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 195
date: Wed, 20 Oct 2021 15:49:20 GMT
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
content-length: 6880
last-modified: Wed, 20 Oct 2021 13:51:52 GMT
server: UploadServer
strict-transport-security: max-age=63072000; preload
x-goog-hash: crc32c=S5MU7A== md5=i1j0oxJWwd7i9u7MMnyD5A==
x-goog-generation: 1634737912330325
expires: Thu, 20 Oct 2022 14:09:36 GMT
x-gdpr: 1
x-goog-stored-content-length: 19497
set-cookie: nyt-gdpr=1; Expires=Wed, 20 Oct 2021 21:49:20 GMT; Path=/; Domain=.nytimes.com
accept-ranges: bytes

GET
H2 200 21adviser-illo-jumbo.jpg
static01.nyt.com/images/2020/02/21/business/21adviser-illo/ 44 KB
45 KB 126ms
102ms Image
image/webp 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static01.nyt.com/images/2020/02/21/business/21adviser-illo/21adviser-illo-jumbo.jpg?quality=75&auto=webp
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/2020/02/21/your-money/fake-check-scam.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.1.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 292fc72a8512ef4763aae77bb5ab330c74b8fee5f63c49697a3eee0de4263e69

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 15:49:20 GMT
via: 1.1 varnish, 1.1 varnish
age: 547822
x-guploader-uploadid: ADPycdsoLkVEd4chSYRZd7goGPY4c1y-3Ks9vtUig1xRZzd-1xpwWPIvawU8gZujW6LwzS8W2qsGtDeFkzAqGYU1378
x-cache: HIT, MISS
fastly-io-info: ifsz=113887 idim=1024x854 ifmt=jpeg ofsz=45360 odim=1024x854 ofmt=webp
x-goog-storage-class: MULTI_REGIONAL
fastly-stats: io=1
content-length: 45360
x-served-by: cache-bwi5151-BWI, cache-fra19158-FRA
x-nyt-gcs-bucket: cms-gke-prd-publish-images-storage
server: UploadServer
x-timer: S1634744960.144795,VS0,VE91
etag: "Zfj2kLPvpbKPT27Hws8xaZiFd3lwB2mJ4Gs8CIWuTQY"
vary: Accept
x-goog-hash: crc32c=Zz1UDQ==, md5=QbPMNSy8yvkjnxKvz6o9Wg==
content-type: image/webp
access-control-allow-origin: *
expires: Thu, 07 Oct 2021 07:15:28 GMT
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 1, 0

GET
H2 200 vendor-16c0ed8d57f729e175f0.js Show response
www.nytimes.com/vi-assets/static-assets/ 253 KB
77 KB 9ms
9ms Script
application/javascript 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nytimes.com/vi-assets/static-assets/vendor-16c0ed8d57f729e175f0.js

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2020/02/21/your-money/fake-check-scam.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

63dcf74b8d941b8f413c68e514bea4aabcbadcc4ca6bfb0d5fba5501f611e85e

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=63072000; preload

Request headers

:path: /vi-assets/static-assets/vendor-16c0ed8d57f729e175f0.js
pragma: no-cache
cookie: nyt-a=pvdMTDYvXcDONPAECZdEkJ; datadome=XHV6OBY7nZJ0OzSPzzwacD1jD0yS71J6~zeseiN9_ez5NmgakP~gghUQ7I7xF1GilB.cRGTNuIL3VJEjSRIqP.IhmgDDtucKV-TajSEYj3; nyt-gdpr=1; nyt-purr=cfhspnahhud; nyt-us=0; nyt-geo=DE; nyt-b3-traceid=82bd4a45d3a640e1a1d058c77fcb683e
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.nytimes.com
referer: https://www.nytimes.com/2020/02/21/your-money/fake-check-scam.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/2020/02/21/your-money/fake-check-scam.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-encoding: gzip
age: 607001
x-guploader-uploadid: ADPycdtB-9qt7ekTgV2cMEOHRrLdZeOPrTRaO7swZ338Sid1EnjNxMjM3Hg7H4Dt2dTcWWgIX7nJucyPyzSTWQ9QDJg
x-goog-stored-content-encoding: identity
x-origin-time: 2021-10-13 15:12:45 UTC
x-served-by: cache-fra19158-FRA
x-timer: S1634744960.122333,VS0,VE1
etag: "72e67d5a0d0004fb382ad069cbe009e1"
vary: Accept-Encoding, Fastly-SSL
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/vendor-16c0ed8d57f729e175f0.js
content-type: application/javascript
cache-control: public,max-age=31536000
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 17258
date: Wed, 20 Oct 2021 15:49:20 GMT
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
content-length: 77676
last-modified: Wed, 13 Oct 2021 14:58:34 GMT
server: UploadServer
strict-transport-security: max-age=63072000; preload
x-goog-hash: crc32c=TuIofw== md5=cuZ9Wg0ABPs4KtBpy+AJ4Q==
x-goog-generation: 1634137114052216
expires: Thu, 13 Oct 2022 15:12:45 GMT
x-gdpr: 1
x-goog-stored-content-length: 258723
set-cookie: nyt-gdpr=1; Expires=Wed, 20 Oct 2021 21:49:20 GMT; Path=/; Domain=.nytimes.com
accept-ranges: bytes

GET
H2 200 story-30f37309fa4713b563be.js Show response
www.nytimes.com/vi-assets/static-assets/ 1 MB
293 KB 17ms
16ms Script
application/javascript 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nytimes.com/vi-assets/static-assets/story-30f37309fa4713b563be.js

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2020/02/21/your-money/fake-check-scam.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

5eb5d9115f25c6debe6263501ed232f0a812d09fd864e24fda9189bdfb6802f3

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=63072000; preload

Request headers

:path: /vi-assets/static-assets/story-30f37309fa4713b563be.js
pragma: no-cache
cookie: nyt-a=pvdMTDYvXcDONPAECZdEkJ; datadome=XHV6OBY7nZJ0OzSPzzwacD1jD0yS71J6~zeseiN9_ez5NmgakP~gghUQ7I7xF1GilB.cRGTNuIL3VJEjSRIqP.IhmgDDtucKV-TajSEYj3; nyt-gdpr=1; nyt-purr=cfhspnahhud; nyt-us=0; nyt-geo=DE; nyt-b3-traceid=82bd4a45d3a640e1a1d058c77fcb683e
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.nytimes.com
referer: https://www.nytimes.com/2020/02/21/your-money/fake-check-scam.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/2020/02/21/your-money/fake-check-scam.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-encoding: gzip
age: 72702
x-guploader-uploadid: ADPycduncEvgQvBjNoGiDhmicfM7HetGhxN_Rryh7bCX5jtweN5Hb99PhScqQ2GyOtJQdTQdDK761-FGQFdF8-4qMuI
x-goog-stored-content-encoding: identity
x-origin-time: 2021-10-19 19:37:37 UTC
x-served-by: cache-fra19158-FRA
x-timer: S1634744960.141893,VS0,VE1
etag: "d095f75a8abfb32feec67e4249b7c487"
vary: Accept-Encoding, Fastly-SSL
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/story-30f37309fa4713b563be.js
content-type: application/javascript
cache-control: public,max-age=31536000
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 20
date: Wed, 20 Oct 2021 15:49:20 GMT
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
content-length: 299171
last-modified: Tue, 19 Oct 2021 19:24:34 GMT
server: UploadServer
strict-transport-security: max-age=63072000; preload
x-goog-hash: crc32c=aKRcwg== md5=0JX3Woq/sy/uxn5CSbfEhw==
x-goog-generation: 1634671474797598
expires: Wed, 19 Oct 2022 19:37:37 GMT
x-gdpr: 1
x-goog-stored-content-length: 1124922
set-cookie: nyt-gdpr=1; Expires=Wed, 20 Oct 2021 21:49:20 GMT; Path=/; Domain=.nytimes.com
accept-ranges: bytes

GET
H2 200 main-3be339164c1f116bbbc1.js Show response
www.nytimes.com/vi-assets/static-assets/ 1 MB
357 KB 9ms
9ms Script
application/javascript 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nytimes.com/vi-assets/static-assets/main-3be339164c1f116bbbc1.js

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2020/02/21/your-money/fake-check-scam.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

2ce2c18a9c0c30af2ee73be714d0aa483257473ffafdf0e4d739bc24a184f363

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=63072000; preload

Request headers

:path: /vi-assets/static-assets/main-3be339164c1f116bbbc1.js
pragma: no-cache
cookie: nyt-a=pvdMTDYvXcDONPAECZdEkJ; datadome=XHV6OBY7nZJ0OzSPzzwacD1jD0yS71J6~zeseiN9_ez5NmgakP~gghUQ7I7xF1GilB.cRGTNuIL3VJEjSRIqP.IhmgDDtucKV-TajSEYj3; nyt-gdpr=1; nyt-purr=cfhspnahhud; nyt-us=0; nyt-geo=DE; nyt-b3-traceid=82bd4a45d3a640e1a1d058c77fcb683e
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.nytimes.com
referer: https://www.nytimes.com/2020/02/21/your-money/fake-check-scam.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/2020/02/21/your-money/fake-check-scam.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-encoding: gzip
age: 80325
x-guploader-uploadid: ADPycdss5QdQboqwVpjOL64YbRxTj265goWkMaJtd7SZRKZ485bqaamGnsBYSzUJ0T2Q7P6CZ4nyCz8vN043fwDoVv0
x-goog-stored-content-encoding: identity
x-origin-time: 2021-10-19 17:30:35 UTC
x-served-by: cache-fra19158-FRA
x-timer: S1634744960.142024,VS0,VE1
etag: "d8a16f29426dd2775f2d21d49d471d21"
vary: Accept-Encoding, Fastly-SSL
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/main-3be339164c1f116bbbc1.js
content-type: application/javascript
cache-control: public,max-age=31536000
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 23
date: Wed, 20 Oct 2021 15:49:20 GMT
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
content-length: 364653
last-modified: Tue, 19 Oct 2021 17:10:24 GMT
server: UploadServer
strict-transport-security: max-age=63072000; preload
x-goog-hash: crc32c=Cp5P7w== md5=2KFvKUJt0ndfLSHUnUcdIQ==
x-goog-generation: 1634663424442141
expires: Wed, 19 Oct 2022 17:30:35 GMT
x-gdpr: 1
x-goog-stored-content-length: 1258719
set-cookie: nyt-gdpr=1; Expires=Wed, 20 Oct 2021 21:49:20 GMT; Path=/; Domain=.nytimes.com
accept-ranges: bytes

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 358 KB
95 KB 79ms
45ms Script
application/javascript 142.250.185.104
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-P528B3&gtm_auth=tfAzqo1rYDLgYhmTnSjPqw&gtm_preview=env-130&gtm_cookies_win=x

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2020/02/21/your-money/fake-check-scam.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.104 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

a297c2828666a9d269df380c9429bc2d9ef916ba4931b011b4ec58de82256473

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 15:49:20 GMT
content-encoding: br
vary: *
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 97089
x-xss-protection: 0
pragma: no-cache
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 01 Jan 1990 00:00:00 GMT

OPTIONS
H2 200 v2
samizdat-graphql.nytimes.com/graphql/ Frame 0
0 59ms
26ms Preflight 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://samizdat-graphql.nytimes.com/graphql/v2
Protocol: H2
Server: 151.101.1.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: samizdat-graphql-8db0f6f /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,nyt-app-type,nyt-app-version,nyt-token
Origin: https://www.nytimes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

cache-control: max-age=30
access-control-allow-methods: GET, POST
access-control-max-age: 300
access-control-allow-headers: content-type, nyt-app-type, nyt-app-version, nyt-token
access-control-allow-origin: https://www.nytimes.com
server: samizdat-graphql-8db0f6f
access-control-allow-credentials: true
via: 1.1 google, 1.1 varnish
accept-ranges: bytes
date: Wed, 20 Oct 2021 15:49:20 GMT
age: 1
x-nyt-meridiem: PM
x-nyt-continent: EU
x-nyt-country: DE
x-nyt-region: BW
x-nyt-audience-target-flat: EU:PM
x-samizdat-query-exe-id: 9b69b33712df6a33
samizdat-x-instance: 93590547
samizdat-x-canary: false
x-served-by: cache-hhn4073-HHN
x-cache: HIT
x-cache-hits: 1
x-timer: S1634744960.169185,VS0,VE1
vary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers
timing-allow-origin: *
content-length: 0

GET
H2 200 ATH8A-MAMN8-XPXCH-N5KAX-8D239 Show response
s.go-mpulse.net/boomerang/ 205 KB
49 KB 52ms
21ms Script
application/javascript 104.111.214.229
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.go-mpulse.net/boomerang/ATH8A-MAMN8-XPXCH-N5KAX-8D239
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/2020/02/21/your-money/fake-check-scam.html
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 104.111.214.229 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-214-229.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 09ebd7f407439990aac227e70da23e1a819e8e30282928e324370805f480bec4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 15:49:20 GMT
content-encoding: br
last-modified: Wed, 29 Sep 2021 17:04:32 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=604800
timing-allow-origin: *
content-length: 50393

POST
H2 200 track
a.et.nytimes.com/ 0
0 162ms
107ms Ping
application/json 172.217.18.115
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://a.et.nytimes.com/track
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/2020/02/21/your-money/fake-check-scam.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.217.18.115 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: zrh04s05-in-f115.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.nytimes.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://www.nytimes.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, x-requested-by, *
access-control-allow-methods: GET, PUT, POST, DELETE, OPTIONS

POST
H2 200 v2 Show response
samizdat-graphql.nytimes.com/graphql/ 148 B
671 B 27ms
27ms XHR
application/json 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://samizdat-graphql.nytimes.com/graphql/v2
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/2020/02/21/your-money/fake-check-scam.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.1.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: samizdat-graphql-8db0f6f /
Resource Hash: 1a4921877a651d0873db28503f132aed42da17b71b686c676d5067d239b1e389

Request headers

Referer: https://www.nytimes.com/
nyt-app-version: 0.0.5
nyt-token: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs+/oUCTBmD/cLdmcecrnBMHiU/pxQCn2DDyaPKUOXxi4p0uUSZQzsuq1pJ1m5z1i0YGPd1U1OeGHAChWtqoxC7bFMCXcwnE1oyui9G1uobgpm1GdhtwkR7ta7akVTcsF8zxiXx7DNXIPd2nIJFH83rmkZueKrC4JVaNzjvD+Z03piLn5bHWU6+w+rA+kyJtGgZNTXKyPh6EC6o5N+rknNMG5+CdTq35p8f99WjFawSvYgP9V64kgckbTbtdJ6YhVP58TnuYgr12urtwnIqWP9KSJ1e5vmgf3tunMqWNm6+AnsqNj8mCLdCuc5cEB74CwUeQcP2HQQmbCddBy2y0mEwIDAQAB
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
nyt-app-type: project-vi
Content-Type: application/json

Response headers

x-samizdat-query-sup-code
date: Wed, 20 Oct 2021 15:49:20 GMT
content-encoding: gzip
x-nyt-meridiem: PM
age: 5
x-cache: HIT
samizdat-x-instance: 72f6f1f1
x-samizdat-query-field-errors: 0
x-cache-hits: 1
x-samizdat-query-exe-id: 7c11db6cecf55112
content-length: 123
samizdat-x-canary: false
access-control-allow-origin: https://www.nytimes.com
x-nyt-region: BW
server: samizdat-graphql-8db0f6f
x-timer: S1634744960.196203,VS0,VE0
x-nyt-continent: EU
x-served-by: cache-fra19158-FRA
vary: Accept-Encoding, Samizdat-X-Personalize, x-nyt-is-anonymous, Origin
content-type: application/json
via: 1.1 google, 1.1 varnish
x-nyt-audience-target-flat: EU:PM
cache-control: max-age=30
access-control-allow-credentials: true
x-nyt-country: DE
accept-ranges: bytes
timing-allow-origin: *
access-control-expose-headers: x-nyt-audience-target-flat, x-nyt-continent, x-nyt-country, x-nyt-region, x-nyt-meridiem, x-nyt-gmt-offset

GET
H2 200 swg.js Show response
news.google.com/swg/js/v1/ 154 KB
46 KB 114ms
22ms Script
text/javascript 142.250.184.206
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://news.google.com/swg/js/v1/swg.js

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2020/02/21/your-money/fake-check-scam.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.206 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f14.1e100.net

Software

sffe /

Resource Hash

9b263413d42aec24185f55a510d45bd7b51c2bd455e3738378cc1a083b2268aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 15:49:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 13
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/news-frontend
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 46911
x-xss-protection: 0
last-modified: Thu, 14 Oct 2021 00:20:01 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"news-frontend","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/news-frontend"}]}
content-type: text/javascript
cache-control: public, max-age=3000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="news-frontend"
expires: Wed, 20 Oct 2021 16:39:07 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 80 KB
27 KB 78ms
41ms Script
text/javascript 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2020/02/21/your-money/fake-check-scam.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

sffe /

Resource Hash

170426b1ccbf16d163b36333bb291cebb26c5288224706ed42bec87e72eb972f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 15:49:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1019 / 55 of 1000 / last-modified: 1634727954"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 27181
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 20 Oct 2021 15:49:20 GMT

GET
H2 200 als Show response
als-svc.nytimes.com/ 2 KB
3 KB 328ms
234ms XHR
application/json 35.244.188.62
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://als-svc.nytimes.com/als?uri=nyt%3A%2F%2Farticle%2Fb7b79807-5504-5860-9d99-c2422edf811c&typ=&prop=nyt&plat=web
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/2020/02/21/your-money/fake-check-scam.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.188.62 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 62.188.244.35.bc.googleusercontent.com
Software: /
Resource Hash: 3852a6df650a24b80f848e200bb8f74503478411ccbf8a9d83b9d819bbc8c261

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 15:49:20 GMT
via: 1.1 google
access-control-allow-headers: DNT, X-CustomHeader, Keep-Alive, User-Agent, X-Requested-With, If-Modified-Since, Cache-Control, Content-Type, Cookie, Accept, x-requested-by, x-api-key, nyt-a
access-control-allow-methods: GET, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.nytimes.com
cache-control: private, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
alt-svc: clear

GET
H2 200 .status
a.et.nytimes.com// 0
0 151ms
108ms Fetch
application/json 172.217.18.115
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://a.et.nytimes.com//.status
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/2020/02/21/your-money/fake-check-scam.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.217.18.115 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: zrh04s05-in-f115.1e100.net
Software: /
Resource Hash

Request headers

accept: */*
Referer: https://www.nytimes.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
content-type: text/plain;charset=UTF-8

Response headers

GET
H2 200 icon-whatsapp-17x17-000-eb3ac0d36c11bd5a497046cb82515de2.svg
www.nytimes.com/vi-assets/static-assets/ 1 KB
1 KB 71ms
70ms Image
image/svg+xml 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.nytimes.com/vi-assets/static-assets/icon-whatsapp-17x17-000-eb3ac0d36c11bd5a497046cb82515de2.svg

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2020/02/21/your-money/fake-check-scam.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

6980dd89438ca9eddd7b94b191e66619511bc01e3a03af49a8c331ccc5d56d54

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=63072000; preload

Request headers

:path: /vi-assets/static-assets/icon-whatsapp-17x17-000-eb3ac0d36c11bd5a497046cb82515de2.svg
pragma: no-cache
cookie: nyt-a=pvdMTDYvXcDONPAECZdEkJ; datadome=XHV6OBY7nZJ0OzSPzzwacD1jD0yS71J6~zeseiN9_ez5NmgakP~gghUQ7I7xF1GilB.cRGTNuIL3VJEjSRIqP.IhmgDDtucKV-TajSEYj3; nyt-gdpr=1; nyt-purr=cfhspnahhud; nyt-us=0; nyt-geo=DE; nyt-b3-traceid=82bd4a45d3a640e1a1d058c77fcb683e
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.nytimes.com
referer: https://www.nytimes.com/2020/02/21/your-money/fake-check-scam.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/2020/02/21/your-money/fake-check-scam.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-encoding: gzip
age: 88728
x-guploader-uploadid: ADPycdtJN07lvAfeJpzlGtj-9rlteqKNPc0EA5Ek_C_vBJYSArDTW7-nvxeFmYDiqyVSOa17kbLuJVTeJWA0xN0F9gs
x-goog-stored-content-encoding: identity
x-origin-time: 2021-10-19 15:10:31 UTC
x-served-by: cache-fra19158-FRA
x-timer: S1634744960.151550,VS0,VE1
etag: "f5e6ba8f0613f5244e1e8ba2c4f8dd1a"
vary: Accept-Encoding, Fastly-SSL
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/icon-whatsapp-17x17-000-eb3ac0d36c11bd5a497046cb82515de2.svg
content-type: image/svg+xml
cache-control: public,max-age=31536000
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 903
date: Wed, 20 Oct 2021 15:49:20 GMT
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
content-length: 645
last-modified: Tue, 19 Oct 2021 15:01:41 GMT
server: UploadServer
strict-transport-security: max-age=63072000; preload
x-goog-hash: crc32c=GTQy+Q== md5=9ea6jwYT9SROHouixPjdGg==
x-goog-generation: 1634655700978853
expires: Wed, 19 Oct 2022 15:10:31 GMT
x-gdpr: 1
x-goog-stored-content-length: 1162
set-cookie: nyt-gdpr=1; Expires=Wed, 20 Oct 2021 21:49:20 GMT; Path=/; Domain=.nytimes.com
accept-ranges: bytes

GET
H2 200 franklin-normal-500.d6c06a3d84a57100edad5bf9b84ff739.woff2
g1.nyt.com/fonts/family/franklin/ 19 KB
20 KB 73ms
23ms Font
application/octet-stream 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://g1.nyt.com/fonts/family/franklin/franklin-normal-500.d6c06a3d84a57100edad5bf9b84ff739.woff2
Requested by: Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.b1c035e4560e0216caf8f03326e0430712b61041.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 1c7536005d0e28de66f559cbd59e83e9c5c4301553668cbbb8cb0dfa753e33c6

Request headers

Referer: https://g1.nyt.com/fonts/css/web-fonts.b1c035e4560e0216caf8f03326e0430712b61041.css
Origin: https://www.nytimes.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-goog-hash: crc32c=ImeYUg==, md5=1sBqPYSlcQDtrVv5uE/3OQ==
date: Wed, 20 Oct 2021 15:49:20 GMT
via: 1.1 varnish
content-type: application/octet-stream
age: 7829201
x-guploader-uploadid: ADPycdsugOIJB18XpxkAqPP5XvtQ2RhDcZIg3X6Uh1efHxA7lslajjC1Ui7OeR0nzdXr67dTvsaAKYGN1H9XsfmRhTc
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 19836
x-served-by: cache-hhn4058-HHN
accept-ranges: bytes
expires: Fri, 22 Jul 2022 01:02:37 GMT
last-modified: Wed, 21 Jul 2021 17:23:54 GMT
server: UploadServer
x-timer: S1634744960.202330,VS0,VE0
etag: "d6c06a3d84a57100edad5bf9b84ff739"
access-control-allow-methods: GET, OPTIONS
x-goog-generation: 1626888234324155
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
x-goog-stored-content-length: 19836
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 43541

GET
H2 200 franklin-normal-700.b44c88f09ca7ce914b836d4ae72891b8.woff2
g1.nyt.com/fonts/family/franklin/ 20 KB
20 KB 90ms
40ms Font
application/octet-stream 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://g1.nyt.com/fonts/family/franklin/franklin-normal-700.b44c88f09ca7ce914b836d4ae72891b8.woff2
Requested by: Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.b1c035e4560e0216caf8f03326e0430712b61041.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 156f9b4a184dd0f31c929ce45c89e94a07148f97fc371cc7fde39ff04b706b57

Request headers

Referer: https://g1.nyt.com/fonts/css/web-fonts.b1c035e4560e0216caf8f03326e0430712b61041.css
Origin: https://www.nytimes.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-goog-hash: crc32c=PQVxAw==, md5=tEyI8JynzpFLg21K5yiRuA==
date: Wed, 20 Oct 2021 15:49:20 GMT
via: 1.1 varnish
content-type: application/octet-stream
age: 3595637
x-guploader-uploadid: ADPycduWoxgzqq-tTTRMt_5rfs1pw50xmgsNXtiDyjau-iFp8aCZ6uDV7uJDa7Ns_jLG4CWSaMhMLJQH30UQA9ihtus
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 20312
x-served-by: cache-hhn4058-HHN
accept-ranges: bytes
expires: Fri, 09 Sep 2022 01:02:02 GMT
last-modified: Wed, 21 Jul 2021 17:23:54 GMT
server: UploadServer
x-timer: S1634744960.202857,VS0,VE0
etag: "b44c88f09ca7ce914b836d4ae72891b8"
access-control-allow-methods: GET, OPTIONS
x-goog-generation: 1626888234435894
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
x-goog-stored-content-length: 20312
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 43111

GET
H2 200 cheltenham-normal-400.a3ed7afe3eaa0a873f3fbd379f8c491b.woff2
g1.nyt.com/fonts/family/cheltenham/ 28 KB
29 KB 72ms
22ms Font
application/octet-stream 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://g1.nyt.com/fonts/family/cheltenham/cheltenham-normal-400.a3ed7afe3eaa0a873f3fbd379f8c491b.woff2
Requested by: Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.b1c035e4560e0216caf8f03326e0430712b61041.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 48c17df8a89e5c3acb4127a265cce50218716f0dfdf7ad265267d4a013f01b2f

Request headers

Referer: https://g1.nyt.com/fonts/css/web-fonts.b1c035e4560e0216caf8f03326e0430712b61041.css
Origin: https://www.nytimes.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-goog-hash: crc32c=qrdFGQ==, md5=o+16/j6qCoc/P703n4xJGw==
date: Wed, 20 Oct 2021 15:49:20 GMT
via: 1.1 varnish
content-type: application/octet-stream
age: 5128504
x-guploader-uploadid: ADPycduWewO8INHWShUuSlcqHSBkJA4-_JP2G-iiGmI3ZpQUHH9LMPyPLOXQN_5_yY5dQXt8vBNLq0XQj2wOuABqPhOkE6CsCA
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 29076
x-served-by: cache-hhn4058-HHN
accept-ranges: bytes
expires: Mon, 22 Aug 2022 07:14:15 GMT
last-modified: Wed, 21 Jul 2021 17:23:53 GMT
server: UploadServer
x-timer: S1634744960.202502,VS0,VE0
etag: "a3ed7afe3eaa0a873f3fbd379f8c491b"
access-control-allow-methods: GET, OPTIONS
x-goog-generation: 1626888233197339
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
x-goog-stored-content-length: 29076
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 28185

GET
H2 200 cheltenham-small-normal-400.108ce298d451197b23fefceb3e36959f.woff2
g1.nyt.com/fonts/family/cheltenham-small/ 20 KB
20 KB 90ms
40ms Font
font/woff2 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://g1.nyt.com/fonts/family/cheltenham-small/cheltenham-small-normal-400.108ce298d451197b23fefceb3e36959f.woff2
Requested by: Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.b1c035e4560e0216caf8f03326e0430712b61041.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 7e600a56d48ef1c596bf57dab35afecd2d31a8d2672b045efdde1fec1a0f0f07

Request headers

Referer: https://g1.nyt.com/fonts/css/web-fonts.b1c035e4560e0216caf8f03326e0430712b61041.css
Origin: https://www.nytimes.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-goog-hash: crc32c=jpfQKQ==, md5=EIzimNRRGXsj/vzrPjaVnw==
date: Wed, 20 Oct 2021 15:49:20 GMT
via: 1.1 varnish
content-type: font/woff2
age: 8610272
x-guploader-uploadid: ADPycdsgqMmwwuQ9Cio_j-du_R2MtI2plPY8V4UxrJLKWz4ZKAbyBhzu1A2wqG0zMPcPQVtqmhc3hvz4eQYC8EiHIZw
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 20136
x-served-by: cache-hhn4058-HHN
accept-ranges: bytes
expires: Wed, 13 Jul 2022 00:04:48 GMT
last-modified: Tue, 06 Apr 2021 21:11:52 GMT
server: UploadServer
x-timer: S1634744960.202932,VS0,VE0
etag: "108ce298d451197b23fefceb3e36959f"
access-control-allow-methods: GET, OPTIONS
x-goog-generation: 1617743512330182
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
x-goog-stored-content-length: 20136
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 24476

GET
H2 200 franklin-normal-300.bc7be4c5d8cacb780f896c5cbe0c0d7f.woff2
g1.nyt.com/fonts/family/franklin/ 20 KB
20 KB 105ms
55ms Font
application/octet-stream 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://g1.nyt.com/fonts/family/franklin/franklin-normal-300.bc7be4c5d8cacb780f896c5cbe0c0d7f.woff2
Requested by: Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.b1c035e4560e0216caf8f03326e0430712b61041.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 254043432874ecaf0cf3d6d69907109b373057290d615453060544935d1cb8b9

Request headers

Referer: https://g1.nyt.com/fonts/css/web-fonts.b1c035e4560e0216caf8f03326e0430712b61041.css
Origin: https://www.nytimes.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-goog-hash: crc32c=XjpPGQ==, md5=vHvkxdjKy3gPiWxcvgwNfw==
date: Wed, 20 Oct 2021 15:49:20 GMT
via: 1.1 varnish
content-type: application/octet-stream
age: 2991097
x-guploader-uploadid: ADPycdtA5qf1miKHQKw3DLbR2msQlAHb9KQxXvuN0fQN94Q7QilUNrpiQ7oc8c5IQFGUbg1K5krqS15lTWf0gmca7Q
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 20172
x-served-by: cache-hhn4058-HHN
accept-ranges: bytes
expires: Fri, 16 Sep 2022 00:57:43 GMT
last-modified: Wed, 15 Sep 2021 19:43:04 GMT
server: UploadServer
x-timer: S1634744960.223427,VS0,VE0
etag: "bc7be4c5d8cacb780f896c5cbe0c0d7f"
access-control-allow-methods: GET, OPTIONS
x-goog-generation: 1631734983906454
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
x-goog-stored-content-length: 20172
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 40059

GET
H2 200 cheltenham-italic-700.f99a0459024509f157a3352e5de4f873.woff2
g1.nyt.com/fonts/family/cheltenham/ 28 KB
28 KB 90ms
41ms Font
application/octet-stream 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://g1.nyt.com/fonts/family/cheltenham/cheltenham-italic-700.f99a0459024509f157a3352e5de4f873.woff2
Requested by: Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.b1c035e4560e0216caf8f03326e0430712b61041.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 2ccd0ce11738369585c6f39ed2cde7b3b3b1c25c12fc30047218aa201d6add76

Request headers

Referer: https://g1.nyt.com/fonts/css/web-fonts.b1c035e4560e0216caf8f03326e0430712b61041.css
Origin: https://www.nytimes.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-goog-hash: crc32c=4NwmFQ==, md5=+ZoEWQJFCfFXozUuXeT4cw==
date: Wed, 20 Oct 2021 15:49:20 GMT
via: 1.1 varnish
content-type: application/octet-stream
age: 3597831
x-guploader-uploadid: ADPycdvVqMC_ClhCDAHXgGeakEaPFWWLHZ_7_MLrPml7Uqzhe_p47eZ714dqR3JmayewlZOziKSNcSCK6WySIEmRjs0
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 28620
x-served-by: cache-hhn4058-HHN
accept-ranges: bytes
expires: Fri, 09 Sep 2022 00:25:28 GMT
last-modified: Wed, 21 Jul 2021 17:23:53 GMT
server: UploadServer
x-timer: S1634744960.202748,VS0,VE0
etag: "f99a0459024509f157a3352e5de4f873"
access-control-allow-methods: GET, OPTIONS
x-goog-generation: 1626888233270606
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
x-goog-stored-content-length: 28620
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 20129

GET
H2 200 cheltenham-normal-300.7ea91ebd036309e1fe756ee3aab272da.woff2
g1.nyt.com/fonts/family/cheltenham/ 27 KB
27 KB 71ms
22ms Font
application/octet-stream 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://g1.nyt.com/fonts/family/cheltenham/cheltenham-normal-300.7ea91ebd036309e1fe756ee3aab272da.woff2
Requested by: Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.b1c035e4560e0216caf8f03326e0430712b61041.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: UploadServer /
Resource Hash: e444fdaa833e612d239cf21a335b8322ad8cb7c7ba697ec978bdb454f5059519

Request headers

Referer: https://g1.nyt.com/fonts/css/web-fonts.b1c035e4560e0216caf8f03326e0430712b61041.css
Origin: https://www.nytimes.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-goog-hash: crc32c=rNQ9pA==, md5=fqkevQNjCeH+dW7jqrJy2g==
date: Wed, 20 Oct 2021 15:49:20 GMT
via: 1.1 varnish
content-type: application/octet-stream
age: 4200769
x-guploader-uploadid: ADPycdtW9wjzk1I0ThJCwvdo1W_hSoQUOEU3hUZ8n4Hjmx3BUcRyAck1Wms8sudOh2UhXrUC3p5Z2elcXjX_lJR3rpo
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 27260
x-served-by: cache-hhn4058-HHN
accept-ranges: bytes
expires: Fri, 02 Sep 2022 00:56:31 GMT
last-modified: Wed, 21 Jul 2021 17:23:53 GMT
server: UploadServer
x-timer: S1634744960.202606,VS0,VE0
etag: "7ea91ebd036309e1fe756ee3aab272da"
access-control-allow-methods: GET, OPTIONS
x-goog-generation: 1626888233214820
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
x-goog-stored-content-length: 27260
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 24271

GET
H2 200 imperial-normal-400.6131cd77b6e216c7693ed925f4309ffc.woff2
g1.nyt.com/fonts/family/imperial/ 26 KB
26 KB 89ms
41ms Font
application/octet-stream 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://g1.nyt.com/fonts/family/imperial/imperial-normal-400.6131cd77b6e216c7693ed925f4309ffc.woff2
Requested by: Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.b1c035e4560e0216caf8f03326e0430712b61041.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: UploadServer /
Resource Hash: b32e3879c83af441e675efa49587cb894bdd3c10420475f79879fbfb7a69766b

Request headers

Referer: https://g1.nyt.com/fonts/css/web-fonts.b1c035e4560e0216caf8f03326e0430712b61041.css
Origin: https://www.nytimes.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-goog-hash: crc32c=ZzOuxA==, md5=YTHNd7biFsdpPtkl9DCf/A==
date: Wed, 20 Oct 2021 15:49:20 GMT
via: 1.1 varnish
content-type: application/octet-stream
age: 5124827
x-guploader-uploadid: ADPycdsOEhNYHbUTCev2465DTra35ITrlZci-gHQ9l3pgGfxe9Q8waORVOqwxTU8ibHoRyaCksj6uWCTOvbLsH8rKFl2PbHtuA
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 26504
x-served-by: cache-hhn4058-HHN
accept-ranges: bytes
expires: Mon, 22 Aug 2022 08:15:33 GMT
last-modified: Wed, 21 Jul 2021 17:23:54 GMT
server: UploadServer
x-timer: S1634744960.202775,VS0,VE0
etag: "6131cd77b6e216c7693ed925f4309ffc"
access-control-allow-methods: GET, OPTIONS
x-goog-generation: 1626888234863093
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
x-goog-stored-content-length: 26504
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 41571

GET
H2 200 imperial-normal-700.024693f96c8f2c457e4a6a8d02a636b7.woff2
g1.nyt.com/fonts/family/imperial/ 25 KB
26 KB 70ms
23ms Font
application/octet-stream 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://g1.nyt.com/fonts/family/imperial/imperial-normal-700.024693f96c8f2c457e4a6a8d02a636b7.woff2
Requested by: Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.b1c035e4560e0216caf8f03326e0430712b61041.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: UploadServer /
Resource Hash: a931fed0c94dffa9e7b8c2211bbef72da62d20b73cd718be5d515bd8962cf078

Request headers

Referer: https://g1.nyt.com/fonts/css/web-fonts.b1c035e4560e0216caf8f03326e0430712b61041.css
Origin: https://www.nytimes.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-goog-hash: crc32c=VQvFEQ==, md5=AkaT+WyPLEV+SmqNAqY2tw==
date: Wed, 20 Oct 2021 15:49:20 GMT
via: 1.1 varnish
content-type: application/octet-stream
age: 2388925
x-guploader-uploadid: ADPycdtpTwngcckBPmLoV9cyLEieZ80u7t1Z7KUkF0fidQNaVXPEVQWwEqTEX1aibD_hveAklZ8FM2CjjXgO9D_bvWY
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 25680
x-served-by: cache-hhn4058-HHN
accept-ranges: bytes
expires: Fri, 23 Sep 2022 00:13:55 GMT
last-modified: Wed, 15 Sep 2021 19:43:04 GMT
server: UploadServer
x-timer: S1634744960.202438,VS0,VE0
etag: "024693f96c8f2c457e4a6a8d02a636b7"
access-control-allow-methods: GET, OPTIONS
x-goog-generation: 1631734984530255
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
x-goog-stored-content-length: 25680
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 3363

GET
H2 200 prefetch-assets Show response
myaccount.nytimes.com/auth/ Frame A44D 393 B
693 B 26ms
12ms Document
text/html 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://myaccount.nytimes.com/auth/prefetch-assets

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2020/02/21/your-money/fake-check-scam.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Google Frontend / Express

Resource Hash

e985c629d36a906a63f77f4e2e666eb3bd353036f1534cc29d404a6eeb4142cb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

:method: GET
:authority: myaccount.nytimes.com
:scheme: https
:path: /auth/prefetch-assets
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.nytimes.com/
accept-encoding: gzip, deflate, br
cookie: nyt-a=pvdMTDYvXcDONPAECZdEkJ; datadome=XHV6OBY7nZJ0OzSPzzwacD1jD0yS71J6~zeseiN9_ez5NmgakP~gghUQ7I7xF1GilB.cRGTNuIL3VJEjSRIqP.IhmgDDtucKV-TajSEYj3; nyt-gdpr=1; nyt-purr=cfhspnahhud; nyt-us=0; nyt-geo=DE; nyt-b3-traceid=82bd4a45d3a640e1a1d058c77fcb683e
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/

Response headers

content-type: text/html; charset=utf-8
x-powered-by: Express
x-datadog-trace-id: 6610174104830063852
x-datadog-parent-id: 6610174104830063852
x-datadog-sampled: 0
x-datadog-sampling-priority: -1
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=600
x-nyt-backend: lire-ui
etag: W/"189-IPM6i4aQzwBj7irxwWT1lx4B5kw"
content-encoding: gzip
x-cloud-trace-context: ec626565e73056a777a1a3867d2f14f3
server: Google Frontend
x-datadome-timer: (null),VE135
accept-ranges: bytes
date: Wed, 20 Oct 2021 15:49:20 GMT
via: 1.1 varnish
age: 434
x-served-by: cache-fra19158-FRA
x-cache: HIT
x-cache-hits: 16
vary: Accept-Encoding
x-api-version: F-X
content-length: 277

GET
H2 200 pubads_impl_2021101201.js Show response
securepubads.g.doubleclick.net/gpt/ 361 KB
122 KB 23ms
23ms Script
text/javascript 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101201.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

sffe /

Resource Hash

3739f7e3f233afefaaf897a2c109cd3dcce3799125f58957b4a622b610511a63

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 15:49:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 124532
x-xss-protection: 0
last-modified: Tue, 12 Oct 2021 08:35:04 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 20 Oct 2021 15:49:20 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 1 KB
360 B 47ms
28ms XHR
application/json 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.nytimes.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

d9a8e1ffd210a98a7fa8cdba97e31707b3c849968385527dbeb934f279ae83d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 20 Oct 2021 15:49:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 335
x-xss-protection: 0
expires: Wed, 20 Oct 2021 15:49:20 GMT

GET
H2 200 vendors~answerpage~audio~bestsellers~byline~capsule~collections~explainer~home~hubpage~liveblog~mark~58f33aa8-4fc076d5a06b0d1f46b8.js Show response
www.nytimes.com/vi-assets/static-assets/ 42 KB
15 KB 9ms
8ms Script
application/javascript 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nytimes.com/vi-assets/static-assets/vendors~answerpage~audio~bestsellers~byline~capsule~collections~explainer~home~hubpage~liveblog~mark~58f33aa8-4fc076d5a06b0d1f46b8.js

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2020/02/21/your-money/fake-check-scam.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

c19daf8b6f7b2541c5fadb52358a06c94ce326505e347984e9a329dfbe4c4911

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=63072000; preload

Request headers

:path: /vi-assets/static-assets/vendors~answerpage~audio~bestsellers~byline~capsule~collections~explainer~home~hubpage~liveblog~mark~58f33aa8-4fc076d5a06b0d1f46b8.js
pragma: no-cache
cookie: nyt-a=pvdMTDYvXcDONPAECZdEkJ; datadome=XHV6OBY7nZJ0OzSPzzwacD1jD0yS71J6~zeseiN9_ez5NmgakP~gghUQ7I7xF1GilB.cRGTNuIL3VJEjSRIqP.IhmgDDtucKV-TajSEYj3; nyt-gdpr=1; nyt-purr=cfhspnahhud; nyt-us=0; nyt-geo=DE; nyt-b3-traceid=82bd4a45d3a640e1a1d058c77fcb683e
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.nytimes.com
referer: https://www.nytimes.com/2020/02/21/your-money/fake-check-scam.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/2020/02/21/your-money/fake-check-scam.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-encoding: gzip
age: 5984
x-guploader-uploadid: ADPycdulnsX_Y8AGIKirWriTOaIbtRv9CPzJNoKf9IyTMTtnaIOLTAYKu6KGdVtXhbzAY9lwAVwVPNoDQtlnAU55_LM
x-goog-stored-content-encoding: identity
x-origin-time: 2021-10-20 14:09:36 UTC
x-served-by: cache-fra19158-FRA
x-timer: S1634744960.406901,VS0,VE1
etag: "137fff188002b5e73e7b748f4133cb5a"
vary: Accept-Encoding, Fastly-SSL
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/vendors~answerpage~audio~bestsellers~byline~capsule~collections~explainer~home~hubpage~liveblog~mark~58f33aa8-4fc076d5a06b0d1f46b8.js
content-type: application/javascript
cache-control: public,max-age=31536000
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 196
date: Wed, 20 Oct 2021 15:49:20 GMT
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
content-length: 13669
last-modified: Wed, 20 Oct 2021 13:51:54 GMT
server: UploadServer
strict-transport-security: max-age=63072000; preload
x-goog-hash: crc32c=E1cVng== md5=E3//GIACtec+e3SPQTPLWg==
x-goog-generation: 1634737913854271
expires: Thu, 20 Oct 2022 14:09:36 GMT
x-gdpr: 1
x-goog-stored-content-length: 42859
set-cookie: nyt-gdpr=1; Expires=Wed, 20 Oct 2021 21:49:20 GMT; Path=/; Domain=.nytimes.com
accept-ranges: bytes

GET
H2 200 vendors~audio~byline~capsule~clientSideCapsule~collections~explainer~liveblog~paidpost~programmables~9b4c8899-6d70cec79fe43e72d2fb.js Show response
www.nytimes.com/vi-assets/static-assets/ 62 KB
14 KB 11ms
10ms Script
application/javascript 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nytimes.com/vi-assets/static-assets/vendors~audio~byline~capsule~clientSideCapsule~collections~explainer~liveblog~paidpost~programmables~9b4c8899-6d70cec79fe43e72d2fb.js

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2020/02/21/your-money/fake-check-scam.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

6b28e77ff72ebf6d93187f498cccd4c295f7199b7a73beb6bd4739e3581d4522

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=63072000; preload

Request headers

:path: /vi-assets/static-assets/vendors~audio~byline~capsule~clientSideCapsule~collections~explainer~liveblog~paidpost~programmables~9b4c8899-6d70cec79fe43e72d2fb.js
pragma: no-cache
cookie: nyt-a=pvdMTDYvXcDONPAECZdEkJ; datadome=XHV6OBY7nZJ0OzSPzzwacD1jD0yS71J6~zeseiN9_ez5NmgakP~gghUQ7I7xF1GilB.cRGTNuIL3VJEjSRIqP.IhmgDDtucKV-TajSEYj3; nyt-gdpr=1; nyt-purr=cfhspnahhud; nyt-us=0; nyt-geo=DE; nyt-b3-traceid=82bd4a45d3a640e1a1d058c77fcb683e
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.nytimes.com
referer: https://www.nytimes.com/2020/02/21/your-money/fake-check-scam.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/2020/02/21/your-money/fake-check-scam.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-encoding: gzip
age: 3014572
x-guploader-uploadid: ADPycdsYDak6XhWd0yaMV34x2uN4N6VP4dOBYy0wReV3H55zBV6IuGSJ5MgacEp3gAbu7y5b1X1CBbBiXdE5TPqSqYdhuZCJJg
x-goog-stored-content-encoding: identity
x-origin-time: 2021-09-15 18:26:28 UTC
x-served-by: cache-fra19158-FRA
x-timer: S1634744960.407011,VS0,VE1
etag: "4235e04e207adc8ebfa35c000e0db29b"
vary: Accept-Encoding, Fastly-SSL
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/vendors~audio~byline~capsule~clientSideCapsule~collections~explainer~liveblog~paidpost~programmables~9b4c8899-6d70cec79fe43e72d2fb.js
content-type: application/javascript
cache-control: public,max-age=31536000
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 39144
date: Wed, 20 Oct 2021 15:49:20 GMT
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
content-length: 12730
last-modified: Wed, 15 Sep 2021 18:24:08 GMT
server: UploadServer
strict-transport-security: max-age=63072000; preload
x-goog-hash: crc32c=cU8yzw== md5=QjXgTiB63I6/o1wADg2ymw==
x-goog-generation: 1631730248788838
expires: Thu, 15 Sep 2022 18:26:27 GMT
x-gdpr: 1
x-goog-stored-content-length: 63650
set-cookie: nyt-gdpr=1; Expires=Wed, 20 Oct 2021 21:49:20 GMT; Path=/; Domain=.nytimes.com
accept-ranges: bytes

GET
H2 200 vendors~audio~capsule~clientSideCapsule~collections~explainer~home~liveblog~paidpost~story~trending~video-49f6b47368220904224b.js Show response
www.nytimes.com/vi-assets/static-assets/ 21 KB
5 KB 10ms
9ms Script
application/javascript 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nytimes.com/vi-assets/static-assets/vendors~audio~capsule~clientSideCapsule~collections~explainer~home~liveblog~paidpost~story~trending~video-49f6b47368220904224b.js

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2020/02/21/your-money/fake-check-scam.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

5a009ad2e9deb05c64b5db72b1858dcdbf2ba69011b6977f66acc9db9984f51d

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=63072000; preload

Request headers

:path: /vi-assets/static-assets/vendors~audio~capsule~clientSideCapsule~collections~explainer~home~liveblog~paidpost~story~trending~video-49f6b47368220904224b.js
pragma: no-cache
cookie: nyt-a=pvdMTDYvXcDONPAECZdEkJ; datadome=XHV6OBY7nZJ0OzSPzzwacD1jD0yS71J6~zeseiN9_ez5NmgakP~gghUQ7I7xF1GilB.cRGTNuIL3VJEjSRIqP.IhmgDDtucKV-TajSEYj3; nyt-gdpr=1; nyt-purr=cfhspnahhud; nyt-us=0; nyt-geo=DE; nyt-b3-traceid=82bd4a45d3a640e1a1d058c77fcb683e
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.nytimes.com
referer: https://www.nytimes.com/2020/02/21/your-money/fake-check-scam.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/2020/02/21/your-money/fake-check-scam.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-encoding: gzip
age: 607001
x-guploader-uploadid: ADPycds8SJ4pAt9AiYcsrytQ6dNlhnmEr9K_DYK9eMWpTS1HrRPueK6qXaEZ5ZiYEhZh-wTm_JBP7zByHFmiVrRBhrc
x-goog-stored-content-encoding: identity
x-origin-time: 2021-10-13 15:12:46 UTC
x-served-by: cache-fra19158-FRA
x-timer: S1634744960.407085,VS0,VE1
etag: "fa1b8ad0bcf85ea31e464403f45c25df"
vary: Accept-Encoding, Fastly-SSL
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/vendors~audio~capsule~clientSideCapsule~collections~explainer~home~liveblog~paidpost~story~trending~video-49f6b47368220904224b.js
content-type: application/javascript
cache-control: public,max-age=31536000
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 16048
date: Wed, 20 Oct 2021 15:49:20 GMT
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
content-length: 5013
last-modified: Wed, 13 Oct 2021 14:58:34 GMT
server: UploadServer
strict-transport-security: max-age=63072000; preload
x-goog-hash: crc32c=mfp5Bw== md5=+huK0Lz4XqMeRkQD9Fwl3w==
x-goog-generation: 1634137113971865
expires: Thu, 13 Oct 2022 15:12:46 GMT
x-gdpr: 1
x-goog-stored-content-length: 21996
set-cookie: nyt-gdpr=1; Expires=Wed, 20 Oct 2021 21:49:20 GMT; Path=/; Domain=.nytimes.com
accept-ranges: bytes

POST
H2 200 track
a.et.nytimes.com/ 0
0 107ms
106ms Ping
application/json 172.217.18.115
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://a.et.nytimes.com/track
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/2020/02/21/your-money/fake-check-scam.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.217.18.115 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: zrh04s05-in-f115.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.nytimes.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://www.nytimes.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, x-requested-by, *
access-control-allow-methods: GET, PUT, POST, DELETE, OPTIONS

POST
H2 200 track
a.et.nytimes.com/ 0
0 102ms
102ms Ping
application/json 172.217.18.115
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://a.et.nytimes.com/track
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/2020/02/21/your-money/fake-check-scam.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.217.18.115 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: zrh04s05-in-f115.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.nytimes.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://www.nytimes.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, x-requested-by, *
access-control-allow-methods: GET, PUT, POST, DELETE, OPTIONS

GET
H2 200 tags.js Show response
dd.nytimes.com/ 241 KB
36 KB 95ms
8ms Script
text/javascript 143.204.98.114
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dd.nytimes.com/tags.js

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2020/02/21/your-money/fake-check-scam.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.114 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-114.fra50.r.cloudfront.net

Software

Apache /

Resource Hash

a01793ea962d93284867afefc67e861cd2cd6566c37322aa99d2172638386378

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=15768000
content-encoding: gzip
etag: "3c518-5cec636d0d55b-gzip"
age: 1870
x-cache: Hit from cloudfront
content-length: 36518
access-control-allow-origin: *
last-modified: Wed, 20 Oct 2021 10:26:42 GMT
server: Apache
date: Wed, 20 Oct 2021 15:27:17 GMT
vary: Accept-Encoding
content-type: text/javascript
via: 1.1 a09186728c1bcdf0a561aedd92656804.cloudfront.net (CloudFront)
cache-control: max-age=3600, public
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
x-amz-cf-id: sHL-jjvU93gU8t_g414HvPOlcBX_D-IiBzxFustpDFiL4611JL04Rw==
expires: Wed, 20 Oct 2021 16:18:10 GMT

GET
H3 200 swg-button.css
news.google.com/swg/js/v1/ 21 KB
6 KB 51ms
16ms Stylesheet
text/css 142.250.184.206
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://news.google.com/swg/js/v1/swg-button.css

Requested by

Host: news.google.com
URL: https://news.google.com/swg/js/v1/swg.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.206 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f14.1e100.net

Software

sffe /

Resource Hash

58a037df6363b1c9619199cf7fdfad3a84469cd508cfa83320e2bedf64aadc8d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 15:02:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2805
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/news-frontend
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 6433
x-xss-protection: 0
last-modified: Wed, 18 Aug 2021 18:26:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"news-frontend","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/news-frontend"}]}
content-type: text/css
cache-control: public, max-age=3000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="news-frontend"
expires: Wed, 20 Oct 2021 15:52:35 GMT

GET
H3 200 serviceiframe Show response
news.google.com/swg/_/ui/v1/ Frame 001F 23 KB
7 KB 110ms
84ms Document
text/html 142.250.184.206
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://news.google.com/swg/_/ui/v1/serviceiframe?_=454095

Requested by

Host: news.google.com
URL: https://news.google.com/swg/js/v1/swg.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.206 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f14.1e100.net

Software

ESF /

Resource Hash

f47fab3f729315a026e973cfe371adda4d91e58ad230dc9ed42c72bef1fa0d79

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-j36VYda5xg4eWPiaVoLFow' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/SubscribewithgoogleClientUi/cspreport;worker-src 'self' script-src 'nonce-j36VYda5xg4eWPiaVoLFow' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com;report-uri /_/SubscribewithgoogleClientUi/cspreport require-trusted-types-for 'script';report-uri /_/SubscribewithgoogleClientUi/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: news.google.com
:scheme: https
:path: /swg/_/ui/v1/serviceiframe?_=454095
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.nytimes.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/

Response headers

content-type: text/html; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-ua-compatible: IE=edge
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 20 Oct 2021 15:49:20 GMT
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
strict-transport-security: max-age=31536000
cross-origin-resource-policy: same-site
content-security-policy: script-src 'report-sample' 'nonce-j36VYda5xg4eWPiaVoLFow' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/SubscribewithgoogleClientUi/cspreport;worker-src 'self' script-src 'nonce-j36VYda5xg4eWPiaVoLFow' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com;report-uri /_/SubscribewithgoogleClientUi/cspreport require-trusted-types-for 'script';report-uri /_/SubscribewithgoogleClientUi/cspreport
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
set-cookie: NID=511=TThvFUqGe5fDs2WNN1XXWcY5pd3HuvgVymqv2DiCsRJYRf9nUIm0ythwKou8YIErWJwJPTffSbTyQxd07cpAQMVCtkledJd1J3tLcAWFb9QQKBckvwRVk3TnUS9K5PNWHrJ0yEX7mgvOI_uB7j2tawS50XUgCJKc4ID92oKWYZI; expires=Thu, 21-Apr-2022 15:49:20 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000

GET
H3 200 loader.svg
news.google.com/swg/js/v1/ 0
1 KB 41ms
15ms Other
image/svg+xml 142.250.184.206
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://news.google.com/swg/js/v1/loader.svg

Requested by

Host: news.google.com
URL: https://news.google.com/swg/js/v1/swg.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.206 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f14.1e100.net

Software

sffe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 15:02:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2804
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/news-frontend
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 1049
x-xss-protection: 0
last-modified: Mon, 16 Mar 2020 18:14:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"news-frontend","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/news-frontend"}]}
content-type: image/svg+xml
cache-control: public, max-age=3000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="news-frontend"
expires: Wed, 20 Oct 2021 15:52:36 GMT

GET
H2 200 index.js Show response
myaccount.nytimes.com/lire_ui/js/common/abra/ Frame A44D 2 KB
2 KB 20ms
20ms Script
application/javascript 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://myaccount.nytimes.com/lire_ui/js/common/abra/index.js
Requested by: Host: myaccount.nytimes.com
URL: https://myaccount.nytimes.com/auth/prefetch-assets
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.1.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: 182331bf2d6618498776e7ea1d47fea5bc968c4ebcc0de38e1b2129f610b28e6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://myaccount.nytimes.com/auth/prefetch-assets
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 15:49:20 GMT
via: 1.1 varnish
x-api-version: F-X
age: 1
x-cache: HIT
x-cache-hits: 1
content-length: 2076
x-served-by: cache-fra19158-FRA
server: Google Frontend
etag: "iPQZGg"
content-type: application/javascript
x-cloud-trace-context: 94675b4315f1f38fe1523d16278c3957
cache-control: public, max-age=600
x-datadome-timer: (null),VE134
accept-ranges: bytes
x-nyt-backend: lire-ui
expires: Fri, 15 Oct 2021 18:45:02 GMT

GET
H2 200 unified-lire.bundle.js Show response
myaccount.nytimes.com/lire_ui/js/ Frame A44D 393 KB
133 KB 8ms
8ms Script
application/javascript 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://myaccount.nytimes.com/lire_ui/js/unified-lire.bundle.js?v=e652299
Requested by: Host: myaccount.nytimes.com
URL: https://myaccount.nytimes.com/auth/prefetch-assets
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.1.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: 70ac07a344cdbafad3e6c82c0aad7149c547e74cf74ac26928b5c101c54efb75

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://myaccount.nytimes.com/auth/prefetch-assets
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 15:49:20 GMT
content-encoding: gzip
x-api-version: F-X
age: 10
x-cache: HIT
x-cache-hits: 2
content-length: 136266
x-served-by: cache-fra19158-FRA
server: Google Frontend
etag: "iPQZGg"
content-type: application/javascript
via: 1.1 varnish
x-cloud-trace-context: 1df11bf19adcaf9a47ea89d522cc550a
cache-control: public, max-age=600
x-datadome-timer: (null),VE166
accept-ranges: bytes
x-nyt-backend: lire-ui
expires: Fri, 15 Oct 2021 18:41:51 GMT

GET
H3 200 entitlements Show response
news.google.com/swg/_/api/v1/publication/nytimes.com/ 2 B
58 B 122ms
100ms Fetch
application/json 142.250.184.206
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://news.google.com/swg/_/api/v1/publication/nytimes.com/entitlements

Requested by

Host: news.google.com
URL: https://news.google.com/swg/js/v1/swg.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.206 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f14.1e100.net

Software

ESF /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/SubscribewithgoogleClientHttp/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: text/plain, application/json
Referer: https://www.nytimes.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 15:49:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="json.txt"; filename*=UTF-8''json.txt
strict-transport-security: max-age=31536000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin
x-frame-options: SAMEORIGIN
access-control-allow-methods: GET, POST
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.nytimes.com
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-security-policy: require-trusted-types-for 'script';report-uri /_/SubscribewithgoogleClientHttp/cspreport
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
853 B 43ms
21ms Script
application/javascript 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.nytimes.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 20 Oct 2021 15:49:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
570 B 44ms
22ms Script
application/javascript 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.nytimes.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 20 Oct 2021 15:49:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 43 KB
13 KB 239ms
239ms XHR
text/plain 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3839715309992898&correlator=871556215785669&output=ldjh&impl=fif&eid=31063198%2C31062464%2C31062526&vrg=2021101201&ptt=17&npa=1&sc=1&sfv=1-0-38&ecs=20211020&iu_parts=29390238%2Cnyt%2Cyourmoney&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=320x50%7C728x90%7C970x90%7C970x250%7C1605x300&fluid=height&prev_scp=div%3Dtop%26pos%3Dtop%26request_time%3D451&cust_params=cookie%3Dprivate%26als_test_clientside%3Dweb_none_none_none_v3-1-18.437987937808554773_20211020154920%26mktg%3Dadv_1%252Cengagement_0%252Ctype_anon%252Cckgf%252Cdiggf%252Cfrmckf%252Cfrmcoref%252Cfrmeduf%252Cfrmhdf%252Cfrmxwf%252Cgatef%252Cgifteef%252Cgifterf%252Coptf%252Cxwgf%252Clogf%252Cabf%26sub%3Danon%26edn%3Dus%26test%3Dprojectvi%26ver%3Dvi%26template%3Darticle%26hasVideo%3Dfalse%26vp%3Dlarge%26als_test%3D1634744909327%26prop%3Dnyt%26plat%3Dweb%26brandsensitive%3Dfalse%26org%3Damericanbankersassn%252Cbetterbusinessbureaus%252Cfederaldepositinsurancecorp%252Cfederaltradecommission%252Cunitedstatespostalinspectionse%26des%3Dbankingandfinancialinstitution%252Cfraudsandswindling%252Ccounterfeitmoneyandfinancialin%252Cgiftcardsandcertificates%252Cpersonalfinances%26auth%3Danncarrns%26col%3Dyourmoneyadviser%26coll%3Dyourmoneyadviser%252Cyourmoney%252Cbusiness%252Csmarterliving%26artlen%3Dmedium%26ledemedsz%3Dnone%26typ%3Dart%26section%3Dyourmoney%26si_section%3Dyourmoney%26id%3D100000006990050%26pt%3Dnt12%252Cnt14%252Cnt18%252Cnt2%252Cnt4%252Cnt6%252Cnt8%252Cpt13%252Cpt17%26gscat%3Dneg_ibmtest%252Cneg_citi_aa%252Cneg_mastercard%252Cneg_capitalone%252Cneg_ms_safe%252Cneg_ibm%252Cneg_chanel%252Cneg_bofa%252Cneg_orep%252Cneg_rms%252Cneg_google%252Cneg_cathay%252Cgs_finance%252Cneg_bp%252Cneg_mtb%252Cgv_crime%252Cgs_shopping_misc%252Cneg_fidi%252Cneg_mktg_safe_q4_2019%252Cgs_finance_banking%252Cgs_shopping%252Cgs_education%252Cgs_politics_misc%252Cgs_t%26tt%3D41%26mt%3DMT3%252CMT7%26abra_dfp%3Ddfp_disp_incr_1_test%252Cdfp_adslot4v2_1_external%252Cdfp_als_home_1_als%252Cdfp_messaging_flexframe_ctr_0_control%252Cmkt_dfp_hd_paywall_zip_1_zip%252Cdfp_als_1_als%26sov%3D2%26page_view_id%3DOiosSSJmDKmH3CHUScVc_W9u%26uap%3Dbrowser%26aid%3DpvdMTDYvXcDONPAECZdEkJ%26purr%3Dnpa&cookie_enabled=1&bc=31&abxe=1&lmt=1634744909&dt=1634744960540&dlt=1634744960078&idt=437&frm=20&biw=1600&bih=1200&oid=2&adxs=0&adys=76&adks=3018143313&ucis=1&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.nytimes.com%2F2020%2F02%2F21%2Fyour-money%2Ffake-check-scam.html&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1600x90&msz=1600x0&ga_vid=1229719175.1634744961&ga_sid=1634744961&ga_hid=881290008&ga_fc=false&fws=4&ohw=1600&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101201.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

6c10cc257c4b6e11dcbf71223e97a6e61a59c60f466a96749eead269d230b3df

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 15:49:20 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 13095
x-xss-protection: 0
google-lineitem-id: 5716510264
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138366282649
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.nytimes.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
a1e3f65b35dc087d2bb1afe2b62255a6.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame F277 6 KB
4 KB 77ms
15ms Document
text/html 142.250.185.129
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a1e3f65b35dc087d2bb1afe2b62255a6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f1.1e100.net

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: a1e3f65b35dc087d2bb1afe2b62255a6.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.nytimes.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Wed, 20 Oct 2021 15:49:20 GMT
expires: Thu, 20 Oct 2022 15:49:20 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

OPTIONS
H2 200 v2
samizdat-graphql.nytimes.com/graphql/ Frame 0
0 7ms
7ms Preflight 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://samizdat-graphql.nytimes.com/graphql/v2
Protocol: H2
Server: 151.101.1.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: samizdat-graphql-8db0f6f /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,nyt-app-type,nyt-app-version,nyt-token
Origin: https://www.nytimes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

cache-control: max-age=30
access-control-allow-methods: GET, POST
access-control-max-age: 300
access-control-allow-headers: content-type, nyt-app-type, nyt-app-version, nyt-token
access-control-allow-origin: https://www.nytimes.com
server: samizdat-graphql-8db0f6f
access-control-allow-credentials: true
via: 1.1 google, 1.1 varnish
accept-ranges: bytes
date: Wed, 20 Oct 2021 15:49:20 GMT
age: 2
x-nyt-meridiem: PM
x-nyt-continent: EU
x-nyt-country: DE
x-nyt-region: BW
x-nyt-audience-target-flat: EU:PM
x-samizdat-query-exe-id: 8c63efcbda11db37
samizdat-x-instance: 93590547
samizdat-x-canary: false
x-served-by: cache-hhn4073-HHN
x-cache: HIT
x-cache-hits: 2
x-timer: S1634744961.966105,VS0,VE1
vary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers
timing-allow-origin: *
content-length: 0

OPTIONS
H2 200 v2
samizdat-graphql.nytimes.com/graphql/ Frame 0
0 7ms
7ms Preflight 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://samizdat-graphql.nytimes.com/graphql/v2
Protocol: H2
Server: 151.101.1.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: samizdat-graphql-8db0f6f /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,nyt-app-type,nyt-app-version,nyt-token
Origin: https://www.nytimes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

cache-control: max-age=30
access-control-allow-methods: GET, POST
access-control-max-age: 300
access-control-allow-headers: content-type, nyt-app-type, nyt-app-version, nyt-token
access-control-allow-origin: https://www.nytimes.com
server: samizdat-graphql-8db0f6f
access-control-allow-credentials: true
via: 1.1 google, 1.1 varnish
accept-ranges: bytes
date: Wed, 20 Oct 2021 15:49:21 GMT
age: 2
x-nyt-meridiem: PM
x-nyt-continent: EU
x-nyt-country: DE
x-nyt-region: BW
x-nyt-audience-target-flat: EU:PM
x-samizdat-query-exe-id: 940ebdfa55530a57
samizdat-x-instance: 93590547
samizdat-x-canary: false
x-served-by: cache-hhn4073-HHN
x-cache: HIT
x-cache-hits: 3
x-timer: S1634744961.013618,VS0,VE1
vary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers
timing-allow-origin: *
content-length: 0

GET
H2 200 meter.js Show response
meter-svc.nytimes.com/ 648 B
1 KB 218ms
178ms XHR
application/json 35.241.35.241
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://meter-svc.nytimes.com/meter.js?sourceApp=vi&url=https%3A%2F%2Fwww.nytimes.com%2F2020%2F02%2F21%2Fyour-money%2Ffake-check-scam.html&referer=https%3A%2F%2Fwww.nytimes.com%2F2020%2F02%2F21%2Fyour-money%2Ffake-check-scam.html&pageviewID=OiosSSJmDKmH3CHUScVc_W9u
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/vi-assets/static-assets/main-3be339164c1f116bbbc1.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.35.241 , Ascension Island, ASN15169 (GOOGLE, US),
Reverse DNS: 241.35.241.35.bc.googleusercontent.com
Software: /
Resource Hash: 1f2889d41ae38f8c5b7122c05a70663700e08e3d955b490bf34c06319b528c42

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 15:49:21 GMT
via: 1.1 google
access-control-allow-headers: DNT, X-CustomHeader, Keep-Alive, User-Agent, X-Requested-With, If-Modified-Since, Cache-Control, Content-Type, Cookie, Accept, x-requested-by, x-api-key, *
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, OPTIONS
content-type: application/json
access-control-allow-origin: https://www.nytimes.com
access-control-expose-headers: Set-Cookie
cache-control: private, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
alt-svc: clear
content-length: 648

POST
H2 200 v2 Show response
samizdat-graphql.nytimes.com/graphql/ 62 B
666 B 115ms
114ms XHR
application/json 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://samizdat-graphql.nytimes.com/graphql/v2
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/vi-assets/static-assets/main-3be339164c1f116bbbc1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.1.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: samizdat-graphql-8db0f6f /
Resource Hash: 078a5d6e227e8d58076090356e2b36a3999c610e88ca735fe3eceeeb72a4477c

Request headers

nyt-token: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs+/oUCTBmD/cLdmcecrnBMHiU/pxQCn2DDyaPKUOXxi4p0uUSZQzsuq1pJ1m5z1i0YGPd1U1OeGHAChWtqoxC7bFMCXcwnE1oyui9G1uobgpm1GdhtwkR7ta7akVTcsF8zxiXx7DNXIPd2nIJFH83rmkZueKrC4JVaNzjvD+Z03piLn5bHWU6+w+rA+kyJtGgZNTXKyPh6EC6o5N+rknNMG5+CdTq35p8f99WjFawSvYgP9V64kgckbTbtdJ6YhVP58TnuYgr12urtwnIqWP9KSJ1e5vmgf3tunMqWNm6+AnsqNj8mCLdCuc5cEB74CwUeQcP2HQQmbCddBy2y0mEwIDAQAB
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
nyt-app-type: project-vi
content-type: application/json
accept: */*
Referer: https://www.nytimes.com/
nyt-app-version: 0.0.5

Response headers

x-samizdat-query-sup-code
date: Wed, 20 Oct 2021 15:49:21 GMT
content-encoding: gzip
x-nyt-meridiem: PM
age: 0
x-cache: MISS
samizdat-x-instance: 72f6f1f1
x-samizdat-query-field-errors: 0
x-cache-hits: 0
x-samizdat-query-exe-id: 94721f72b1a8352d
content-length: 77
samizdat-x-canary: false
access-control-allow-origin: https://www.nytimes.com
x-nyt-region: BW
server: samizdat-graphql-8db0f6f
x-timer: S1634744961.976752,VS0,VE105
x-nyt-continent: EU
x-served-by: cache-fra19158-FRA
vary: Accept-Encoding, Samizdat-X-Personalize, x-nyt-is-anonymous, Origin
content-type: application/json
via: 1.1 google, 1.1 varnish
x-nyt-audience-target-flat: EU:PM
cache-control: max-age=30
access-control-allow-credentials: true
x-nyt-country: DE
accept-ranges: bytes
timing-allow-origin: *
access-control-expose-headers: x-nyt-audience-target-flat, x-nyt-continent, x-nyt-country, x-nyt-region, x-nyt-meridiem, x-nyt-gmt-offset

POST
H2 200 v2 Show response
samizdat-graphql.nytimes.com/graphql/ 42 KB
7 KB 166ms
166ms XHR
application/json 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://samizdat-graphql.nytimes.com/graphql/v2
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/vi-assets/static-assets/main-3be339164c1f116bbbc1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.1.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: samizdat-graphql-8db0f6f /
Resource Hash: cd43b50aba5518b147e61e1a40bf2ff2307baef1ab471ca9aa67dfb836ea28f8

Request headers

nyt-token: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs+/oUCTBmD/cLdmcecrnBMHiU/pxQCn2DDyaPKUOXxi4p0uUSZQzsuq1pJ1m5z1i0YGPd1U1OeGHAChWtqoxC7bFMCXcwnE1oyui9G1uobgpm1GdhtwkR7ta7akVTcsF8zxiXx7DNXIPd2nIJFH83rmkZueKrC4JVaNzjvD+Z03piLn5bHWU6+w+rA+kyJtGgZNTXKyPh6EC6o5N+rknNMG5+CdTq35p8f99WjFawSvYgP9V64kgckbTbtdJ6YhVP58TnuYgr12urtwnIqWP9KSJ1e5vmgf3tunMqWNm6+AnsqNj8mCLdCuc5cEB74CwUeQcP2HQQmbCddBy2y0mEwIDAQAB
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
nyt-app-type: project-vi
content-type: application/json
accept: */*
Referer: https://www.nytimes.com/
nyt-app-version: 0.0.5

Response headers

x-samizdat-query-sup-code
date: Wed, 20 Oct 2021 15:49:21 GMT
content-encoding: gzip
x-nyt-meridiem: PM
x-cache: MISS
samizdat-x-instance: 0da605b2
x-samizdat-query-field-errors: 0
x-cache-hits: 0
x-samizdat-query-exe-id: f137dd5727ec108e
via: 1.1 google, 1.1 varnish
samizdat-x-canary: false
x-nyt-region: BW
last-modified: Wed, 20 Oct 2021 15:49:21 GMT
server: samizdat-graphql-8db0f6f
x-timer: S1634744961.020826,VS0,VE159
x-nyt-continent: EU
x-served-by: cache-fra19158-FRA
vary: Accept-Encoding, Samizdat-X-Fastly-Unique-Id, Samizdat-X-Personalize, x-nyt-is-anonymous, Origin
content-type: application/json
access-control-allow-origin: https://www.nytimes.com
x-nyt-audience-target-flat: EU:PM
cache-control: private, no-store
access-control-allow-credentials: true
x-nyt-country: DE
accept-ranges: bytes
timing-allow-origin: *
access-control-expose-headers: x-nyt-audience-target-flat, x-nyt-continent, x-nyt-country, x-nyt-region, x-nyt-meridiem, x-nyt-gmt-offset

GET
H2 200 comments-92bc28e4e0c103d56f10.js Show response
www.nytimes.com/vi-assets/static-assets/ 50 KB
16 KB 8ms
8ms Script
application/javascript 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nytimes.com/vi-assets/static-assets/comments-92bc28e4e0c103d56f10.js

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2020/02/21/your-money/fake-check-scam.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

ee4f0a3e806f478d530494a73b4bb1a36fbb00893120c298bf54cea5358a9414

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=63072000; preload

Request headers

:path: /vi-assets/static-assets/comments-92bc28e4e0c103d56f10.js
pragma: no-cache
cookie: nyt-a=pvdMTDYvXcDONPAECZdEkJ; datadome=XHV6OBY7nZJ0OzSPzzwacD1jD0yS71J6~zeseiN9_ez5NmgakP~gghUQ7I7xF1GilB.cRGTNuIL3VJEjSRIqP.IhmgDDtucKV-TajSEYj3; nyt-gdpr=1; nyt-purr=cfhspnahhud; nyt-us=0; nyt-geo=DE; nyt-b3-traceid=82bd4a45d3a640e1a1d058c77fcb683e
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.nytimes.com
referer: https://www.nytimes.com/2020/02/21/your-money/fake-check-scam.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/2020/02/21/your-money/fake-check-scam.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-encoding: gzip
age: 514819
x-guploader-uploadid: ADPycdt-OoBDRANHmmW9qSD3OqxmXn0xFV8-Iy4yFGoGBKVdJE_o19nEwWPycUfMeCW_9K1fVhqc_I55X8-zN_Ke1Q
x-goog-stored-content-encoding: identity
x-origin-time: 2021-10-14 16:49:10 UTC
x-served-by: cache-fra19158-FRA
x-timer: S1634744961.019527,VS0,VE1
etag: "f72b50dacea286cd9bdcb1d472b4f1ab"
vary: Accept-Encoding, Fastly-SSL
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/comments-92bc28e4e0c103d56f10.js
content-type: application/javascript
cache-control: public,max-age=31536000
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 13206
date: Wed, 20 Oct 2021 15:49:21 GMT
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
content-length: 14991
last-modified: Thu, 14 Oct 2021 16:31:59 GMT
server: UploadServer
strict-transport-security: max-age=63072000; preload
x-goog-hash: crc32c=PJ+Ueg== md5=9ytQ2s6ihs2b3LHUcrTxqw==
x-goog-generation: 1634229119119420
expires: Fri, 14 Oct 2022 16:49:09 GMT
x-gdpr: 1
x-goog-stored-content-length: 51102
set-cookie: nyt-gdpr=1; Expires=Wed, 20 Oct 2021 21:49:21 GMT; Path=/; Domain=.nytimes.com
accept-ranges: bytes

GET
H2 200 purr-cache
purr.nytimes.com/v1/ 0
0 417ms
355ms Fetch
text/html 172.217.18.115
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://purr.nytimes.com/v1/purr-cache
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/vi-assets/static-assets/main-3be339164c1f116bbbc1.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.217.18.115 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: zrh04s05-in-f115.1e100.net
Software: Google Frontend /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 15:49:21 GMT
server: Google Frontend
vary: Origin
content-type: text/html
access-control-allow-origin: https://www.nytimes.com
x-cloud-trace-context: 4b05e9890b36a2a3722e1261721b9361
cache-control: private
access-control-allow-credentials: true
content-length: 0
expires: Wed, 20 Oct 2021 15:49:21 GMT

GET
H2 200 data-layer Show response
a.nytimes.com/svc/nyt/ 2 KB
2 KB 174ms
133ms XHR
application/json 172.217.18.115
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://a.nytimes.com/svc/nyt/data-layer?sourceApp=nyt-vi&referrer=&assetUrl=http%3A%2F%2Fwww.nytimes.com%2F2020%2F02%2F21%2Fyour-money%2Ffake-check-scam.html&jkcb=1634744961035
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/vi-assets/static-assets/main-3be339164c1f116bbbc1.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.217.18.115 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: zrh04s05-in-f115.1e100.net
Software: Google Frontend /
Resource Hash: 1d4c2c2e2e066129f0bb038bbc6d6ca3a13c8f234524433289fd882eb6a462a7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 15:49:21 GMT
content-encoding: gzip
x-appengine-log-flush-count: 1
server: Google Frontend
vary: Accept-Encoding
access-control-allow-methods: GET, PUT, POST, DELETE, OPTIONS
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.nytimes.com
x-cloud-trace-context: a0c42b126f52739643fa4e7279536868
cache-control: private
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, x-requested-by, *
content-length: 1095
expires: Wed, 20 Oct 2021 15:49:21 GMT

POST
H2 200 track
a.et.nytimes.com/ 0
0 110ms
110ms Ping
application/json 172.217.18.115
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://a.et.nytimes.com/track
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/2020/02/21/your-money/fake-check-scam.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.217.18.115 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: zrh04s05-in-f115.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.nytimes.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://www.nytimes.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, x-requested-by, *
access-control-allow-methods: GET, PUT, POST, DELETE, OPTIONS

POST
H2 200 track
a.et.nytimes.com/ 0
0 106ms
105ms Ping
application/json 172.217.18.115
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://a.et.nytimes.com/track
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/2020/02/21/your-money/fake-check-scam.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.217.18.115 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: zrh04s05-in-f115.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.nytimes.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://www.nytimes.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, x-requested-by, *
access-control-allow-methods: GET, PUT, POST, DELETE, OPTIONS

POST
H2 200 track
a.et.nytimes.com/ 0
0 108ms
108ms Ping
application/json 172.217.18.115
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://a.et.nytimes.com/track
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/2020/02/21/your-money/fake-check-scam.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.217.18.115 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: zrh04s05-in-f115.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.nytimes.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://www.nytimes.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, x-requested-by, *
access-control-allow-methods: GET, PUT, POST, DELETE, OPTIONS

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 429 B
255 B 53ms
53ms XHR
text/plain 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3839715309992898&correlator=871556215785669&output=ldjh&impl=fif&eid=31063198%2C31062464%2C31062526&vrg=2021101201&ptt=17&npa=1&sc=1&sfv=1-0-38&ecs=20211020&iu_parts=29390238%2Cnyt%2Cyourmoney&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=150x50&prev_scp=div%3Dsponsor%26pos%3Dsponsor%26request_time%3D952&cust_params=cookie%3Dprivate%26als_test_clientside%3Dweb_none_none_none_v3-1-18.437987937808554773_20211020154920%26mktg%3Dadv_1%252Cengagement_0%252Ctype_anon%252Cckgf%252Cdiggf%252Cfrmckf%252Cfrmcoref%252Cfrmeduf%252Cfrmhdf%252Cfrmxwf%252Cgatef%252Cgifteef%252Cgifterf%252Coptf%252Cxwgf%252Clogf%252Cabf%26sub%3Danon%26edn%3Dus%26test%3Dprojectvi%26ver%3Dvi%26template%3Darticle%26hasVideo%3Dfalse%26vp%3Dlarge%26als_test%3D1634744909327%26prop%3Dnyt%26plat%3Dweb%26brandsensitive%3Dfalse%26org%3Damericanbankersassn%252Cbetterbusinessbureaus%252Cfederaldepositinsurancecorp%252Cfederaltradecommission%252Cunitedstatespostalinspectionse%26des%3Dbankingandfinancialinstitution%252Cfraudsandswindling%252Ccounterfeitmoneyandfinancialin%252Cgiftcardsandcertificates%252Cpersonalfinances%26auth%3Danncarrns%26col%3Dyourmoneyadviser%26coll%3Dyourmoneyadviser%252Cyourmoney%252Cbusiness%252Csmarterliving%26artlen%3Dmedium%26ledemedsz%3Dnone%26typ%3Dart%26section%3Dyourmoney%26si_section%3Dyourmoney%26id%3D100000006990050%26pt%3Dnt12%252Cnt14%252Cnt18%252Cnt2%252Cnt4%252Cnt6%252Cnt8%252Cpt13%252Cpt17%26gscat%3Dneg_ibmtest%252Cneg_citi_aa%252Cneg_mastercard%252Cneg_capitalone%252Cneg_ms_safe%252Cneg_ibm%252Cneg_chanel%252Cneg_bofa%252Cneg_orep%252Cneg_rms%252Cneg_google%252Cneg_cathay%252Cgs_finance%252Cneg_bp%252Cneg_mtb%252Cgv_crime%252Cgs_shopping_misc%252Cneg_fidi%252Cneg_mktg_safe_q4_2019%252Cgs_finance_banking%252Cgs_shopping%252Cgs_education%252Cgs_politics_misc%252Cgs_t%26tt%3D41%26mt%3DMT3%252CMT7%26abra_dfp%3Ddfp_disp_incr_1_test%252Cdfp_adslot4v2_1_external%252Cdfp_als_home_1_als%252Cdfp_messaging_flexframe_ctr_0_control%252Cmkt_dfp_hd_paywall_zip_1_zip%252Cdfp_als_1_als%26sov%3D2%26page_view_id%3DOiosSSJmDKmH3CHUScVc_W9u%26uap%3Dbrowser%26aid%3DpvdMTDYvXcDONPAECZdEkJ%26purr%3Dnpa%26bt%3D%26typ_materials%3D%2523news%2523&cookie_enabled=1&bc=31&abxe=1&lmt=1634744909&dt=1634744961388&dlt=1634744960078&idt=437&frm=20&biw=1600&bih=1200&oid=2&adxs=-12245933&adys=-12245933&adks=1725326309&ucis=2&ifi=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.nytimes.com%2F2020%2F02%2F21%2Fyour-money%2Ffake-check-scam.html&vis=1&dmc=8&scr_x=0&scr_y=0&psz=150x16&msz=0x0&ga_vid=1229719175.1634744961&ga_sid=1634744961&ga_hid=881290008&ga_fc=false&fws=132&ohw=1600&btvi=-1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101201.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

6d8c8460673f8f8b72f179599d131de186b5c9d43e0c572ea0776d881a67c20b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 15:49:21 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 224
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.nytimes.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 cspreport
news.google.com/_/SubscribewithgoogleClientUi/ Frame 001F 0
22 B 71ms
70ms Other
text/html 142.250.184.206
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://news.google.com/_/SubscribewithgoogleClientUi/cspreport

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2020/02/21/your-money/fake-check-scam.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.206 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f14.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-lSppvdJBzMq+Lv7xbuLg+g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/SubscribewithgoogleClientUi/cspreport;worker-src 'self', script-src 'nonce-lSppvdJBzMq+Lv7xbuLg+g' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com;report-uri /_/SubscribewithgoogleClientUi/cspreport, require-trusted-types-for 'script';report-uri /_/SubscribewithgoogleClientUi/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://news.google.com/swg/_/ui/v1/serviceiframe?_=454095
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: application/csp-report

Response headers

pragma: no-cache
date: Wed, 20 Oct 2021 15:49:21 GMT
x-content-type-options: nosniff
server: ESF
x-frame-options: SAMEORIGIN
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'report-sample' 'nonce-lSppvdJBzMq+Lv7xbuLg+g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/SubscribewithgoogleClientUi/cspreport;worker-src 'self', script-src 'nonce-lSppvdJBzMq+Lv7xbuLg+g' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com;report-uri /_/SubscribewithgoogleClientUi/cspreport, require-trusted-types-for 'script';report-uri /_/SubscribewithgoogleClientUi/cspreport
strict-transport-security: max-age=31536000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 container.html Show response
a1e3f65b35dc087d2bb1afe2b62255a6.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 507D 6 KB
3 KB 45ms
17ms Document
text/html 142.250.185.129
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a1e3f65b35dc087d2bb1afe2b62255a6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101201.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f1.1e100.net

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: a1e3f65b35dc087d2bb1afe2b62255a6.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.nytimes.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Wed, 20 Oct 2021 15:49:20 GMT
expires: Thu, 20 Oct 2022 15:49:20 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 track
a.et.nytimes.com/ 0
0 102ms
101ms Ping
application/json 172.217.18.115
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://a.et.nytimes.com/track
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/2020/02/21/your-money/fake-check-scam.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.217.18.115 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: zrh04s05-in-f115.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.nytimes.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://www.nytimes.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, x-requested-by, *
access-control-allow-methods: GET, PUT, POST, DELETE, OPTIONS

POST
H2 200 track
a.et.nytimes.com/ 0
0 113ms
112ms Ping
application/json 172.217.18.115
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://a.et.nytimes.com/track
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/2020/02/21/your-money/fake-check-scam.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.217.18.115 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: zrh04s05-in-f115.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.nytimes.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://www.nytimes.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, x-requested-by, *
access-control-allow-methods: GET, PUT, POST, DELETE, OPTIONS

GET
H/1.1 200
OK config.json Show response
c.go-mpulse.net/api/ 50 B
322 B 73ms
36ms XHR
application/json 104.111.214.229
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c.go-mpulse.net/api/config.json?key=ATH8A-MAMN8-XPXCH-N5KAX-8D239&d=www.nytimes.com&t=5449150&v=1.720.0&sl=0&si=50761ea3-a84c-4159-a626-70052456489b-r1a9a8&plugins=ConfigOverride,Continuity,PageParams,IFrameDelay,AutoXHR,SPA,History,Angular,Backbone,Ember,RT,CrossDomain,BW,PaintTiming,NavigationTiming,ResourceTiming,Memory,CACHE_RELOAD,Errors,TPAnalytics,UserTiming,Akamai,Early,EventTiming,LOGN&acao=
Requested by: Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/ATH8A-MAMN8-XPXCH-N5KAX-8D239
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 104.111.214.229 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-214-229.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: be02a900b9ca948ecd29a75a7f01aff05abbc7d3cfe7b90ee63dcaadb86cf2a7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 20 Oct 2021 15:49:21 GMT
Cache-Control: private, max-age=120, stale-while-revalidate=60, stale-if-error=120
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 50
Content-Type: application/json

GET
H3 200 swg-button.css
news.google.com/swg/js/v1/ Frame 001F 21 KB
6 KB 22ms
22ms Stylesheet
text/css 142.250.184.206
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://news.google.com/swg/js/v1/swg-button.css

Requested by

Host: news.google.com
URL: https://news.google.com/swg/_/ui/v1/serviceiframe?_=454095

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.206 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f14.1e100.net

Software

sffe /

Resource Hash

58a037df6363b1c9619199cf7fdfad3a84469cd508cfa83320e2bedf64aadc8d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://news.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 15:02:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2806
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/news-frontend
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 6433
x-xss-protection: 0
last-modified: Wed, 18 Aug 2021 18:26:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"news-frontend","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/news-frontend"}]}
content-type: text/css
cache-control: public, max-age=3000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="news-frontend"
expires: Wed, 20 Oct 2021 15:52:35 GMT

GET
H2 200 m=_b,_tp Show response
www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.asldQPglsEE.es5.O/am=AgAC/d=1/excm=_b,_tp,serviceiframeview/ed=1/dg=0/wt=2/esmo=1/rs=ABXT... Frame 001F 160 KB
57 KB 54ms
8ms Script
text/javascript 142.250.185.163
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.asldQPglsEE.es5.O/am=AgAC/d=1/excm=_b,_tp,serviceiframeview/ed=1/dg=0/wt=2/esmo=1/rs=ABXTjI6kQK1aYmggIVxmHWWKjmVaSn9aIQ/m=_b,_tp

Requested by

Host: news.google.com
URL: https://news.google.com/swg/_/ui/v1/serviceiframe?_=454095

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.163 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f3.1e100.net

Software

sffe /

Resource Hash

48c14482b8e4fbf42efb49c23032056a1aebfe04c2d4c4d851bd5674d69039de

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://news.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 19 Oct 2021 19:40:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 72560
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/subscribewithgoogle-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 57318
x-xss-protection: 0
last-modified: Tue, 19 Oct 2021 01:08:49 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/subscribewithgoogle-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/subscribewithgoogle-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="boq-infra/subscribewithgoogle-boq-js-css-signers"
expires: Wed, 19 Oct 2022 19:40:01 GMT

POST
H2 200 / Show response
dd.nytimes.com/js/ 210 B
546 B 50ms
20ms XHR
application/json 143.204.98.114
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dd.nytimes.com/js/
Requested by: Host: dd.nytimes.com
URL: https://dd.nytimes.com/tags.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.114 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-114.fra50.r.cloudfront.net
Software: DataDome /
Resource Hash: 64f10a9b5c34af0b4cc97106a32aaebfb9843216a695691541d74a78ffb1077a

Request headers

Referer: https://www.nytimes.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Wed, 20 Oct 2021 15:49:21 GMT
via: 1.1 d55780b776b171387055eca956ae29a9.cloudfront.net (CloudFront)
server: DataDome
x-amz-cf-pop: FRA50-C1
x-cache: Miss from cloudfront
content-type: application/json;charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
content-length: 210
x-amz-cf-id: rkF3QH_oBvXHvNTLQbvbyGPOyjK3FhENxOLTdw_wwRYEQqNgPRkyvg==
expires: 0

GET
H2 200 / Show response
mwcm.nytimes.com/capi/metered_assets/ 73 KB
16 KB 496ms
480ms Fetch
application/json 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://mwcm.nytimes.com/capi/metered_assets/?plat=web&mc=0&mr=0&ma=0&counted=false&granted=false&gwtype=PAYWALL&us=anon&context-type=&assettype=timebound&areas=barOne&areas=dock&areas=inlineUnit&areas=truncator&areas=gateway
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/vi-assets/static-assets/main-3be339164c1f116bbbc1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.1.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: 1984cebdb66af7ab4b36d0be6dba7e59e0ee55cacc919159310959a4f5c8e70c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/2020/02/21/your-money/fake-check-scam.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 15:49:22 GMT
content-encoding: gzip
access-control-allow-origin: https://www.nytimes.com
x-cache: MISS
x-served-by: cache-fra19158-FRA
expires: Wed, 20 Oct 2021 15:49:22 GMT
server: Google Frontend
x-cmots-campaign-names: {"barOne":"MAG_web_nonsub_all_monthly-sale","dock":"MAG_web_all_Monthly-Sale-dock","gateway":"MAG_web_nonsub_all_monthly-sale","inlineUnit":"MAG_web_nonsub_all_monthly-sale","truncator":"MAG-web_all_non-mobile-all_welcome-killset"}
x-timer: S1634744962.680387,VS0,VE474
vary: x-nyt-user-status, x-nyt-country, x-nyt-continent, x-nyt-device, X-NYT-Currency, x-nyt-ipsegments-edu-b2b, x-nyt-last-known-type, Accept-Encoding, Fastly-SSL, Origin
access-control-allow-methods: GET, PUT, POST, DELETE, OPTIONS
content-type: application/json; charset=utf-8
via: 1.1 varnish
x-cloud-trace-context: e22130c50b23506ac2bc79e7adcc725f
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-nyt-route: mwcm-muassets
accept-ranges: bytes
access-control-allow-headers: Content-Type, x-requested-by, *
x-cache-hits: 0

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 37ms
15ms Script
text/javascript 142.250.185.142
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P528B3&gtm_auth=tfAzqo1rYDLgYhmTnSjPqw&gtm_preview=env-130&gtm_cookies_win=x

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.142 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

fc27aed7787a4f63d2feba50e6bc6122ac3c5479456d40c0a445899a08ad92f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 19 Oct 2021 16:47:48 GMT
server: Golfe2
age: 3744
date: Wed, 20 Oct 2021 14:46:57 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19887
expires: Wed, 20 Oct 2021 16:46:57 GMT

GET
H3

200

activityi;dc_pre=COHm_MWr2fMCFejAUQodNucKcA;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=8169318318570;gtm=2wgai0;auiddc=1062748651.1634744962;u17=https%3A%2F%2Fwww.nytimes.com%2F2020%2F02%2F21%2Fy... Show response
5290727.fls.doubleclick.net/ Frame 372D
Redirect Chain

https://5290727.fls.doubleclick.net/activityi;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=8169318318570;gtm=2wgai0;auiddc=1062748651.1634744962;u17=https%3A%2F%2Fwww.nytimes.com%2F2020%2F02%2F21%2...
https://5290727.fls.doubleclick.net/activityi;dc_pre=COHm_MWr2fMCFejAUQodNucKcA;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=8169318318570;gtm=2wgai0;auiddc=1062748651.1634744962;u17=https%3A%2F%2F...

534 B
393 B

42ms
28ms

Document
text/html

142.250.185.70
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://5290727.fls.doubleclick.net/activityi;dc_pre=COHm_MWr2fMCFejAUQodNucKcA;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=8169318318570;gtm=2wgai0;auiddc=1062748651.1634744962;u17=https%3A%2F%2Fwww.nytimes.com%2F2020%2F02%2F21%2Fyour-money%2Ffake-check-scam.html;~oref=https%3A%2F%2Fwww.nytimes.com%2F2020%2F02%2F21%2Fyour-money%2Ffake-check-scam.html?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P528B3&gtm_auth=tfAzqo1rYDLgYhmTnSjPqw&gtm_preview=env-130&gtm_cookies_win=x

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f6.1e100.net

Software

cafe /

Resource Hash

a5a388a3237f4fdcf143677009a251e6674879d409b48e69d6eec1623dfcf41a

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 5290727.fls.doubleclick.net
:scheme: https
:path: /activityi;dc_pre=COHm_MWr2fMCFejAUQodNucKcA;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=8169318318570;gtm=2wgai0;auiddc=1062748651.1634744962;u17=https%3A%2F%2Fwww.nytimes.com%2F2020%2F02%2F21%2Fyour-money%2Ffake-check-scam.html;~oref=https%3A%2F%2Fwww.nytimes.com%2F2020%2F02%2F21%2Fyour-money%2Ffake-check-scam.html?
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.nytimes.com/
accept-encoding: gzip, deflate, br
cookie: IDE=AHWqTUnzLNzW_MRWynIsDQIr5iU86up15vff_FfqRdb_vNj3uJt-F0PIYpNsBqq7na8
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: about:blank

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 20 Oct 2021 15:49:21 GMT
expires: Wed, 20 Oct 2021 15:49:21 GMT
cache-control: private, max-age=0
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 370
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000

Redirect headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 20 Oct 2021 15:49:21 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
strict-transport-security: max-age=21600
location: https://5290727.fls.doubleclick.net/activityi;dc_pre=COHm_MWr2fMCFejAUQodNucKcA;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=8169318318570;gtm=2wgai0;auiddc=1062748651.1634744962;u17=https%3A%2F%2Fwww.nytimes.com%2F2020%2F02%2F21%2Fyour-money%2Ffake-check-scam.html;~oref=https%3A%2F%2Fwww.nytimes.com%2F2020%2F02%2F21%2Fyour-money%2Ffake-check-scam.html?
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000

GET
H2 200 chartbeat.js Show response
static.chartbeat.com/js/ 36 KB
14 KB 49ms
8ms Script
application/x-javascript 143.204.98.142
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.chartbeat.com/js/chartbeat.js
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/2020/02/21/your-money/fake-check-scam.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.142 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-142.fra50.r.cloudfront.net
Software: nginx /
Resource Hash: 612e6b00354d56a1726cd40dc9a28d83ffda033d63214eae704d1e61ef59b3b5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 15:18:13 GMT
content-encoding: gzip
last-modified: Fri, 09 Jul 2021 00:11:37 GMT
server: nginx
age: 1868
etag: W/"60e79439-8e96"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/x-javascript
via: 1.1 479d15a99f4dd073131fba1516541469.cloudfront.net (CloudFront)
cache-control: max-age=7200
cross-origin-resource-policy: cross-origin
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: fxq6qHYLAUg1PxLAjGyWgtlr2WbEYjMSOuZ5l8a888qKdYHPMKpxWA==
expires: Wed, 20 Oct 2021 17:18:13 GMT

GET
H2 200 show-ads.js Show response
a1.nyt.com/analytics/ 45 B
662 B 21ms
14ms Script
application/javascript 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://a1.nyt.com/analytics/show-ads.js
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/2020/02/21/your-money/fake-check-scam.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.1.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 8aa1e610b22079cb84a89491850b86860036e3f2c9750a367d839b9a6a63d306

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-goog-hash: crc32c=nM1/Pw==, md5=HSkdp5JFa9AVtmTuERml4A==
date: Wed, 20 Oct 2021 15:49:21 GMT
content-encoding: gzip
content-type: application/javascript
age: 54813
x-guploader-uploadid: ADPycdsGlzOhH_m2LyphPMn6GJaIpiYRji7U66VvBudBoCNwLMK8o0SJFwvVLj2-r0SepiIrpfCun_snBgs3hdsCppTP5nSClg
x-cache: HIT
x-goog-storage-class: REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
content-length: 65
via: 1.1 varnish
x-served-by: cache-fra19158-FRA
accept-ranges: bytes
expires: Fri, 01 Oct 2021 00:34:40 GMT
last-modified: Thu, 17 Dec 2020 21:19:35 GMT
server: UploadServer
x-timer: S1634744962.786606,VS0,VE0
etag: "1d291da792456bd015b664ee1119a5e0"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
x-goog-generation: 1608239975905841
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public,max-age=86400
x-goog-stored-content-length: 45
x-nyt-pagetype: nyt-dti-analytic
timing-allow-origin: *
x-cache-hits: 581

POST
H2 200 track
a.et.nytimes.com/ 0
0 116ms
116ms Ping
application/json 172.217.18.115
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://a.et.nytimes.com/track
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/2020/02/21/your-money/fake-check-scam.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.217.18.115 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: zrh04s05-in-f115.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.nytimes.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://www.nytimes.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, x-requested-by, *
access-control-allow-methods: GET, PUT, POST, DELETE, OPTIONS

GET
H2 200 /
insight.adsrvr.org/track/pxl/ 70 B
261 B 108ms
39ms Image
image/gif 34.241.169.143
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://insight.adsrvr.org/track/pxl/?adv=bomn82o&ct=0:s2f54xh&fmt=3&ttl=43200&gtmcb=707429114
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/2020/02/21/your-money/fake-check-scam.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.241.169.143 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-241-169-143.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 20 Oct 2021 15:49:21 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2 200 css
fonts.googleapis.com/ Frame 507D 7 KB
1 KB 47ms
15ms Stylesheet
text/css 142.250.186.74
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600,700&display=swap

Requested by

Host: client
URL: about:client

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.74 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f10.1e100.net

Software

ESF /

Resource Hash

bdc3839944a2b864c1337dbf248cbdd52f9b83018558e3d78a99f1e59adb3104

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://a1e3f65b35dc087d2bb1afe2b62255a6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 20 Oct 2021 15:33:39 GMT
server: ESF
date: Wed, 20 Oct 2021 15:49:21 GMT
x-frame-options: SAMEORIGIN
report-to: {"group":"AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU"}]}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cross-origin-opener-policy-report-only: same-origin; report-to="AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU"
expires: Wed, 20 Oct 2021 15:49:21 GMT

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame 507D 22 KB
7 KB 35ms
7ms Script
text/javascript 142.250.181.225
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: a1e3f65b35dc087d2bb1afe2b62255a6.safeframe.googlesyndication.com
URL: https://a1e3f65b35dc087d2bb1afe2b62255a6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.225 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f1.1e100.net

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://a1e3f65b35dc087d2bb1afe2b62255a6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 09:10:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 23918
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 20 Oct 2022 09:10:43 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 507D 6 KB
770 B 46ms
16ms Stylesheet
text/css 142.250.186.74
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600,700&lang=de

Requested by

Host: a1e3f65b35dc087d2bb1afe2b62255a6.safeframe.googlesyndication.com
URL: https://a1e3f65b35dc087d2bb1afe2b62255a6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.74 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f10.1e100.net

Software

ESF /

Resource Hash

ae62dd075f4359b389158ec0ce732971da832938b5d630a24eb2e89111b00e1b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://a1e3f65b35dc087d2bb1afe2b62255a6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 20 Oct 2021 14:20:11 GMT
server: ESF
date: Wed, 20 Oct 2021 15:49:21 GMT
x-frame-options: SAMEORIGIN
report-to: {"group":"AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU"}]}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cross-origin-opener-policy-report-only: same-origin; report-to="AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU"
expires: Wed, 20 Oct 2021 15:49:21 GMT

GET
H2 200 18266672517221693724
tpc.googlesyndication.com/simgad/ Frame 507D 15 KB
15 KB 36ms
8ms Image
image/png 142.250.181.225
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/18266672517221693724?

Requested by

Host: a1e3f65b35dc087d2bb1afe2b62255a6.safeframe.googlesyndication.com
URL: https://a1e3f65b35dc087d2bb1afe2b62255a6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.225 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f1.1e100.net

Software

sffe /

Resource Hash

c327f84410a9c0e23203de40b58cb757ba0f714cfdf1223af37d6ed60cd0f374

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://a1e3f65b35dc087d2bb1afe2b62255a6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sun, 17 Oct 2021 13:17:23 GMT
x-content-type-options: nosniff
age: 268318
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15343
x-xss-protection: 0
last-modified: Thu, 12 Mar 2020 10:15:34 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 17 Oct 2022 13:17:23 GMT

GET
H3

200

B25621311.314865394;dc_pre=CLHc_cWr2fMCFXKDgwcdWOgKMw;dc_trk_aid=507951462;dc_trk_cid=158420696;ord=864284281;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=
ad.doubleclick.net/ddm/trackimp/N510001.6440THENEWYORKTIMESCOMP5/ Frame 507D
Redirect Chain

https://ad.doubleclick.net/ddm/trackimp/N510001.6440THENEWYORKTIMESCOMP5/B25621311.314865394;dc_trk_aid=507951462;dc_trk_cid=158420696;ord=864284281;dc_lat=;dc_rdid=;tag_for_child_directed_treatmen...
https://ad.doubleclick.net/ddm/trackimp/N510001.6440THENEWYORKTIMESCOMP5/B25621311.314865394;dc_pre=CLHc_cWr2fMCFXKDgwcdWOgKMw;dc_trk_aid=507951462;dc_trk_cid=158420696;ord=864284281;dc_lat=;dc_rdi...

42 B
63 B

40ms
40ms

Image
image/gif

142.250.185.70
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/trackimp/N510001.6440THENEWYORKTIMESCOMP5/B25621311.314865394;dc_pre=CLHc_cWr2fMCFXKDgwcdWOgKMw;dc_trk_aid=507951462;dc_trk_cid=158420696;ord=864284281;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=?

Requested by

Host: a1e3f65b35dc087d2bb1afe2b62255a6.safeframe.googlesyndication.com
URL: https://a1e3f65b35dc087d2bb1afe2b62255a6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f6.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://a1e3f65b35dc087d2bb1afe2b62255a6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 20 Oct 2021 15:49:21 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 20 Oct 2021 15:49:21 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
location: https://ad.doubleclick.net/ddm/trackimp/N510001.6440THENEWYORKTIMESCOMP5/B25621311.314865394;dc_pre=CLHc_cWr2fMCFXKDgwcdWOgKMw;dc_trk_aid=507951462;dc_trk_cid=158420696;ord=864284281;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=?
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
follow-only-when-prerender-shown: 1
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 507D 122 KB
38 KB 57ms
24ms Script
text/javascript 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: a1e3f65b35dc087d2bb1afe2b62255a6.safeframe.googlesyndication.com
URL: https://a1e3f65b35dc087d2bb1afe2b62255a6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

sffe /

Resource Hash

5ec6259ce93d1583fd116bc92baa687aacfdf415efabc596b398c1ebf27c680e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://a1e3f65b35dc087d2bb1afe2b62255a6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 15:49:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37884
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1634556853496587"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 20 Oct 2021 15:49:21 GMT

POST
H2 200 track
a.et.nytimes.com/ 0
0 106ms
105ms Ping
application/json 172.217.18.115
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://a.et.nytimes.com/track
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/2020/02/21/your-money/fake-check-scam.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.217.18.115 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: zrh04s05-in-f115.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.nytimes.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://www.nytimes.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, x-requested-by, *
access-control-allow-methods: GET, PUT, POST, DELETE, OPTIONS

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 001F 15 KB
15 KB 61ms
19ms Font
font/woff2 142.250.186.163
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: news.google.com
URL: https://news.google.com/swg/_/ui/v1/serviceiframe?_=454095

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.163 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f3.1e100.net

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://news.google.com/
Origin: https://news.google.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 18 Oct 2021 19:58:13 GMT
x-content-type-options: nosniff
age: 157868
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 18 Oct 2022 19:58:13 GMT

GET
H3 200 m=byfTOb,lsjVmc,LEikZe Show response
www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.asldQPglsEE.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi._Kp5qz4lG7w.L.B1... Frame 001F 37 KB
13 KB 34ms
19ms Script
text/javascript 142.250.185.163
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.asldQPglsEE.es5.O/am=AgAC/d=1/excm=_b,_tp,serviceiframeview/ed=1/dg=0/wt=2/esmo=1/rs=ABXTjI6kQK1aYmggIVxmHWWKjmVaSn9aIQ/m=_b,_tp

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.163 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f3.1e100.net

Software

sffe /

Resource Hash

9a9f9b082b21ecdb85cbff019648d7ef1acd43ea6fbc1aa0c1a624be6f39c911

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://news.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 19 Oct 2021 19:40:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 72560
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/subscribewithgoogle-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13623
x-xss-protection: 0
last-modified: Mon, 18 Oct 2021 23:52:04 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/subscribewithgoogle-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/subscribewithgoogle-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="boq-infra/subscribewithgoogle-boq-js-css-signers"
expires: Wed, 19 Oct 2022 19:40:01 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 1 B
21 B 44ms
21ms XHR
text/plain 142.250.185.142
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j94&a=881290008&t=pageview&_s=1&dl=http%3A%2F%2Fwww.nytimes.com%2F2020%2F02%2F21%2Fyour-money%2Ffake-check-scam.html&dr=&ul=en-us&de=UTF-8&dt=Got%20an%20Unexpected%20Check%20in%20the%20Mail%3F%20It%20May%20Be%20Fake%20-%20The%20New%20York%20Times&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YAhAAEABAAAAAC~&jid=166062467&gjid=2069989153&cid=1229719175.1634744961&tid=UA-58630905-2&_gid=1756339828.1634744962&_r=1&gtm=2wgai0P528B3&cg1=your-money&cg2=null&cg3=article&cg4=news&cd1=http%3A%2F%2Fwww.nytimes.com%2F2020%2F02%2F21%2Fyour-money%2Ffake-check-scam.html&cd2=https%3A%2F%2Fwww.nytimes.com%2F2020%2F02%2F21%2Fyour-money%2Ffake-check-scam.html&cd3=&cd4=Your%20Money&cd9=9&cd10=null&cd13=null&cd14=business_desk&cd15=earned&cd16=referring_links&cd17=100000006990050&cd18=ANN%20CARRNS&cd19=Got%20an%20Unexpected%20Check%20in%20the%20Mail%3F%20It%20May%20Be%20Fake&cd20=Your%20Money%20Adviser&cd21=Article&cd23=Your%20Money&cd26=2020&cd27=2020-02-21-09&cd28=Friday&cd29=09&cd30=1582353357000&cd32=adviser%2CYour%20Money%2CBusiness%2CSmarter%20Living&cd33=Standard%2CSECTION&cd34=NEWS&cd36=21adviser&cd37=1264&cd38=Business&cd42=nyt-vi&cd43=Banking%20and%20Financial%20Institutions%2CFrauds%20and%20Swindling%2CCounterfeit%20Money%20and%20Financial%20Instruments%2CGift%20Cards%20and%20Certificates%2CPersonal%20Finances&cd44=American%20Bankers%20Assn%2CBetter%20Business%20Bureaus%2CFederal%20Deposit%20Insurance%20Corp%2CFederal%20Trade%20Commission%2CUnited%20States%20Postal%20Inspection%20Service&cd48=February&cd49=long_1200_1600&cd51=nyt-vi&cd52=&cd53=Business&cd54=business_desk&cd55=0&cd56=anon&cd57=0&cd58=0&cd59=&cd60=&cd61=1&cd63=pvdMTDYvXcDONPAECZdEkJ&cd65=anon&cd67=0&cd95=&cd122=&cd123=&cd124=&cd125=&cd126=&cd127=&cd129=NaN&cd135=adviser&cd139=&cd141=&cd142=&cd162=&cd163=&cd164=pvdMTDYvXcDONPAECZdEkJ&z=162425898

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.142 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.nytimes.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 20 Oct 2021 15:49:21 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.nytimes.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 m=xUdipf,blwjVc,fKUV3e,aurFic,ws9Tlc,COQbmf,U0aPgd,zG9H6c,NwH0H,OmgaI,gychg,lfpdyf,ZfAoz,PQaYAf,lPKSwe,yDVVkb,KG2eXe,DfBslb Show response
www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.asldQPglsEE.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi._Kp5qz4lG7w.L.B1... Frame 001F 99 KB
34 KB 18ms
18ms Script
text/javascript 142.250.185.163
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.asldQPglsEE.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi._Kp5qz4lG7w.L.B1.O/am=AgAC/d=1/exm=LEikZe,_b,_tp,byfTOb,lsjVmc/excm=_b,_tp,serviceiframeview/esmo=1/ed=1/wt=2/rs=ABXTjI6DxiWDLd3mNmsQ1dlIcJIGFaVR5A/m=xUdipf,blwjVc,fKUV3e,aurFic,ws9Tlc,COQbmf,U0aPgd,zG9H6c,NwH0H,OmgaI,gychg,lfpdyf,ZfAoz,PQaYAf,lPKSwe,yDVVkb,KG2eXe,DfBslb

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.163 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f3.1e100.net

Software

sffe /

Resource Hash

6f648e0bac5f3a468ab2508743ea01518b320569910989089e4cc15e096fc97d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://news.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 19 Oct 2021 19:40:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 72560
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/subscribewithgoogle-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34722
x-xss-protection: 0
last-modified: Mon, 18 Oct 2021 23:52:04 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/subscribewithgoogle-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/subscribewithgoogle-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="boq-infra/subscribewithgoogle-boq-js-css-signers"
expires: Wed, 19 Oct 2022 19:40:01 GMT

GET
H2 200 ping
pnytimes.chartbeat.net/ 43 B
201 B 360ms
118ms Image
image/gif 52.45.183.189
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pnytimes.chartbeat.net/ping?h=nytimes.com&p=nytimes.com%2F2020%2F02%2F21%2Fyour-money%2Ffake-check-scam.html&u=BoyaH9DE_8uKBGI7G0&d=nytimes.com&g=16698&g0=your-money%2Cbusiness_desk&g1=ANN%20CARRNS&n=1&f=00001&c=0&x=0&m=0&y=1200&o=1600&w=1200&j=45&R=1&W=0&I=0&E=0&e=0&r=&b=1956&t=BdGuF-BuGx7VClBo4fdhNTRDYd7tn&V=128&i=Got%20an%20Unexpected%20Check%20in%20the%20Mail%3F%20It%20May%20Be%20Fake&tz=0&_acct=anon&sn=1&sv=CprFPRhC5bADfKBjyCK6M6UD2DeEk&sd=1&im=06679ff3&_
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/2020/02/21/your-money/fake-check-scam.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.45.183.189 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-45-183-189.compute-1.amazonaws.com
Software: /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 20 Oct 2021 15:49:22 GMT
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
content-length: 43
expires: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 507D 0
0 48ms
47ms Fetch
image/gif 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssFJR1dcHYg6gmcbE6VSuzEQ5SHeNei7ojiY3wfPf5jUNZxSEXEzWbP8H7hO6hFFGsjH4KEPfBfWN82QW47g0W3ml6tCsp4TIRV-sQX9y38w17T9yZGVb7D6R6xJKVHG8KfqmPFJAjqvbqt5rthE3o1GIcuFVpixuIsvGancAEO55IWpwICBEhc3NB1GtJhZJJle99KB8bu8fHIyEnQtmr2i_zcllKjH0YFwvYFDRdrmwuzKu8OmZ2W_2D3RYh2drM3OSRnLxma8e1M2wNJdgNZEAGEPzGFPgKh9Nt-UV2d9jpVlWha5z_MJ-wFE5n9WPc&sai=AMfl-YTWCX_L6PO7ttV9YVUOsQNnojo7zB-tGabjCIsMFqZFU9_wZ_9CUwrvILM8WHUM5WTxJAsWKXuRjuCVh7MsH666ebX1yAoE2sdEztMMuMGwtbtxoQm5_isS-iPBGJw_&sig=Cg0ArKJSzF6fFe0njVIfEAE&urlfix=1&adurl=

Requested by

Host: a1e3f65b35dc087d2bb1afe2b62255a6.safeframe.googlesyndication.com
URL: https://a1e3f65b35dc087d2bb1afe2b62255a6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://a1e3f65b35dc087d2bb1afe2b62255a6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 20 Oct 2021 15:49:21 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 11996499432599802368
tpc.googlesyndication.com/simgad/ Frame 507D 240 KB
240 KB 48ms
21ms Image
image/jpeg 142.250.181.225
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/11996499432599802368?

Requested by

Host: a1e3f65b35dc087d2bb1afe2b62255a6.safeframe.googlesyndication.com
URL: https://a1e3f65b35dc087d2bb1afe2b62255a6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.225 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f1.1e100.net

Software

sffe /

Resource Hash

93b29c8e9e0bf5bad09891ef09a90ca7fd0613edfe0df5db5677d50ef972b3f4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://a1e3f65b35dc087d2bb1afe2b62255a6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 18 Oct 2021 15:35:31 GMT
x-content-type-options: nosniff
age: 173630
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 245929
x-xss-protection: 0
last-modified: Fri, 24 Sep 2021 16:27:19 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 18 Oct 2022 15:35:31 GMT

GET
H3 200 837367948777454
tpc.googlesyndication.com/simgad/ Frame 507D 44 KB
44 KB 54ms
28ms Image
image/jpeg 142.250.181.225
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/837367948777454?

Requested by

Host: a1e3f65b35dc087d2bb1afe2b62255a6.safeframe.googlesyndication.com
URL: https://a1e3f65b35dc087d2bb1afe2b62255a6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.225 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f1.1e100.net

Software

sffe /

Resource Hash

058595dfd4505fbc419334063de47f0b2742e5925efad59af2959a4cf201286d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://a1e3f65b35dc087d2bb1afe2b62255a6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 13:42:35 GMT
x-content-type-options: nosniff
age: 7606
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 45153
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 15:13:11 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 20 Oct 2022 13:42:35 GMT

GET
H2 200 RBCDisplay-Regular.woff
static01.nytimes.com/ads/adsolutions/RBCCapitalMarkets/Fonts/ Frame 507D 38 KB
39 KB 32ms
11ms Font
application/font-woff 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static01.nytimes.com/ads/adsolutions/RBCCapitalMarkets/Fonts/RBCDisplay-Regular.woff
Requested by: Host: a1e3f65b35dc087d2bb1afe2b62255a6.safeframe.googlesyndication.com
URL: https://a1e3f65b35dc087d2bb1afe2b62255a6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.1.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 3ee7eb64beb041055cbabc925f8ce8810bdda853f6a2980bdbf97d363d7abe51

Request headers

Referer: https://a1e3f65b35dc087d2bb1afe2b62255a6.safeframe.googlesyndication.com/
Origin: https://a1e3f65b35dc087d2bb1afe2b62255a6.safeframe.googlesyndication.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 15:49:21 GMT
via: 1.1 varnish, 1.1 varnish
age: 51539
x-guploader-uploadid: ADPycdtIghGnWTm3yaaPYFnnVnLPHPFxOfHubsATnl0pjVH0AhsMzAK8yd3s2esFb5GRNtKdH5jSoiRzCdJu9DB28nI
x-cache: HIT, HIT
x-goog-storage-class: REGIONAL
content-length: 39188
x-served-by: cache-bwi5182-BWI, cache-hhn4073-HHN
x-nyt-gcs-bucket: nyt-ads-static-assets
last-modified: Wed, 11 Mar 2020 16:04:23 GMT
server: UploadServer
x-timer: S1634744962.917213,VS0,VE1
etag: "e1bb5dc4ff58b634124c164e84fe6248"
x-goog-hash: crc32c=UO5ykg==, md5=4btdxP9YtjQSTBZOhP5iSA==
content-type: application/font-woff
access-control-allow-origin: *
expires: Wed, 13 Oct 2021 01:30:20 GMT
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 1, 1

GET
H2 200 Roboto-Bold.woff
static01.nytimes.com/ads/adsolutions/RBCCapitalMarkets/Fonts/ Frame 507D 62 KB
62 KB 31ms
10ms Font
application/font-woff 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static01.nytimes.com/ads/adsolutions/RBCCapitalMarkets/Fonts/Roboto-Bold.woff
Requested by: Host: a1e3f65b35dc087d2bb1afe2b62255a6.safeframe.googlesyndication.com
URL: https://a1e3f65b35dc087d2bb1afe2b62255a6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.1.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 4487819c43207d32e0fd3ad87c7b992e174a98c801f83917a905c4afbb98a1c0

Request headers

Referer: https://a1e3f65b35dc087d2bb1afe2b62255a6.safeframe.googlesyndication.com/
Origin: https://a1e3f65b35dc087d2bb1afe2b62255a6.safeframe.googlesyndication.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 15:49:21 GMT
via: 1.1 varnish, 1.1 varnish
age: 466949
x-guploader-uploadid: ADPycdvvuIoeMwZEm9cmZf-TtZZrPUychl5wZHCi5J96QMlBLEuHkxDWtR3f6EaxiDkNc-w9F4omkDOkwozuf4S_7Fg
x-cache: HIT, HIT
x-goog-storage-class: REGIONAL
expires: Fri, 08 Oct 2021 14:05:14 GMT
content-length: 63096
x-served-by: cache-bwi5159-BWI, cache-hhn4073-HHN
x-nyt-gcs-bucket: nyt-ads-static-assets
last-modified: Wed, 07 Apr 2021 15:44:31 GMT
server: UploadServer
x-timer: S1634744962.917456,VS0,VE1
etag: "f116d19750b96b3c357134815b3f1a75"
x-goog-hash: crc32c=mmSNMQ==, md5=8RbRl1C5azw1cTSBWz8adQ==
content-type: application/font-woff
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 1, 1

GET
H3 200 6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
fonts.gstatic.com/s/sourcesanspro/v14/ Frame 507D 16 KB
16 KB 24ms
8ms Font
font/woff2 142.250.186.163
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v14/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600,700&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.163 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f3.1e100.net

Software

sffe /

Resource Hash

a9950fa5ca9cf47072770900d259bcf6778aa1119652d2e706d5eb92df254199

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://a1e3f65b35dc087d2bb1afe2b62255a6.safeframe.googlesyndication.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sun, 17 Oct 2021 11:16:30 GMT
x-content-type-options: nosniff
age: 275571
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16112
x-xss-protection: 0
last-modified: Tue, 15 Sep 2020 18:10:09 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Mon, 17 Oct 2022 11:16:30 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 507D 0
0 43ms
43ms Fetch
image/gif 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuoyqCbtvIb-xDHhi691INTWj64EHQ4zLFHe_I2ir7H7d6aODtVs5QQfxJM3ulDFoh08Rq86rJ8dXf0V5zkJ-mQDdcEG-oNvOf7slcb9IRrI0qTH3niwbfL9XCEi2uZlyPVsMS7QhWoKXVNwUezbH1ygRLCBvTZEPaiA0JMRLlfKqcCNuEMsNnghOgvJHFuc3LoOk0jOe0ASc0PBexn3r2WPy4OYOiikKFG8krlwx-_Ww5Iq-ENG4chPO8342SbvLnFaux1qH9z4DWsEO1vKsxdCsvjX7exdvTJjhYk-9pc2BiOQ5z_bg9j0gnShIugNoK_yw&sai=AMfl-YRGps7IFyM2XnQ0kadwta6BkkOEhveOT7jm5TQig1MvoeUHGchLzVRAqLEKBlCPM9PXtzZxfSGO5h4amN6LMcSAbmrKjj5v-5zXyCui1SkLmJdwh96U1PPzH0Bp02sy&sig=Cg0ArKJSzA0R5JbBWi3pEAE&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://a1e3f65b35dc087d2bb1afe2b62255a6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 20 Oct 2021 15:49:21 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
server: cafe
expires: Wed, 20 Oct 2021 15:49:21 GMT

GET
H/1.1 200
OK dvtp_src.js Show response
cdn.doubleverify.com/ Frame 507D 8 KB
4 KB 54ms
10ms Script
application/javascript 2.18.232.109
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dvtp_src.js
Requested by: Host: a1e3f65b35dc087d2bb1afe2b62255a6.safeframe.googlesyndication.com
URL: https://a1e3f65b35dc087d2bb1afe2b62255a6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.232.109 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-232-109.deploy.static.akamaitechnologies.com
Software: Microsoft-IIS/10.0 /
Resource Hash: 5dd139490465c0d5b42eb905451078a5ee84b5c220d6af5b143af49247a8ecf5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://a1e3f65b35dc087d2bb1afe2b62255a6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Wed, 20 Oct 2021 15:49:21 GMT
Content-Encoding: gzip
Last-Modified: Tue, 19 Oct 2021 15:58:26 GMT
Server: Microsoft-IIS/10.0
ETag: "0fda9262c5d71:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3288

GET
DATA 200
OK truncated
/ Frame 507D 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5f8d426c2ff8e493c937981b9c6626cc58f79ae5b0f943b85253728ceb75d2b8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 dc_pre=COHm_MWr2fMCFejAUQodNucKcA;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=8169318318570;gtm=2wgai0;auiddc=*;u17=https%3A%2F%2Fwww.nytimes.com%2F2020%2F02%2F21%2Fyour-money%2Ffake-check-scam.ht...
adservice.google.com/ddm/fls/z/ Frame 372D 42 B
63 B 92ms
63ms Image
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=COHm_MWr2fMCFejAUQodNucKcA;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=8169318318570;gtm=2wgai0;auiddc=*;u17=https%3A%2F%2Fwww.nytimes.com%2F2020%2F02%2F21%2Fyour-money%2Ffake-check-scam.html;~oref=https%3A%2F%2Fwww.nytimes.com%2F2020%2F02%2F21%2Fyour-money%2Ffake-check-scam.html

Requested by

Host: 5290727.fls.doubleclick.net
URL: https://5290727.fls.doubleclick.net/activityi;dc_pre=COHm_MWr2fMCFejAUQodNucKcA;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=8169318318570;gtm=2wgai0;auiddc=1062748651.1634744962;u17=https%3A%2F%2Fwww.nytimes.com%2F2020%2F02%2F21%2Fyour-money%2Ffake-check-scam.html;~oref=https%3A%2F%2Fwww.nytimes.com%2F2020%2F02%2F21%2Fyour-money%2Ffake-check-scam.html?

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://5290727.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 20 Oct 2021 15:49:22 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 batchexecute Show response
news.google.com/_/SubscribewithgoogleClientUi/data/ Frame 001F 448 B
327 B 39ms
39ms XHR
application/json 142.250.184.206
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://news.google.com/_/SubscribewithgoogleClientUi/data/batchexecute?rpcids=SlvRf&f.sid=2214571663782870232&bl=boq_subscribewithgoogleclientserver_20211018.08_p0&hl=de&soc-app=673&soc-platform=1&soc-device=1&_reqid=56962&rt=c

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.206 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f14.1e100.net

Software

ESF /

Resource Hash

49518ab29525b5b18c0520535dcb050f6db4868d987a1bf8a0b6faa3be153be9

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/SubscribewithgoogleClientUi/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

X-Same-Domain: 1
Referer: https://news.google.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Wed, 20 Oct 2021 15:49:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: same-site
content-disposition: attachment; filename="response.bin"; filename*=UTF-8''response.bin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
server: ESF
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: application/json; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-security-policy: require-trusted-types-for 'script';report-uri /_/SubscribewithgoogleClientUi/cspreport
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 m=Wt6vjf,hhhU8,FCpbqb,WhJNk Show response
www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.asldQPglsEE.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi._Kp5qz4lG7w.L.B1... Frame 001F 17 KB
7 KB 8ms
8ms Script
text/javascript 142.250.185.163
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.asldQPglsEE.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi._Kp5qz4lG7w.L.B1.O/am=AgAC/d=1/exm=COQbmf,DfBslb,KG2eXe,LEikZe,NwH0H,OmgaI,PQaYAf,U0aPgd,ZfAoz,_b,_tp,aurFic,blwjVc,byfTOb,fKUV3e,gychg,lPKSwe,lfpdyf,lsjVmc,ws9Tlc,xUdipf,yDVVkb,zG9H6c/excm=_b,_tp,serviceiframeview/esmo=1/ed=1/wt=2/rs=ABXTjI6DxiWDLd3mNmsQ1dlIcJIGFaVR5A/m=Wt6vjf,hhhU8,FCpbqb,WhJNk

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.163 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f3.1e100.net

Software

sffe /

Resource Hash

b2f312cdc01acb67eb977c49c21d0cf2363195132b717a0e4327da069dd48c0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://news.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 19 Oct 2021 19:40:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 72559
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/subscribewithgoogle-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7216
x-xss-protection: 0
last-modified: Mon, 18 Oct 2021 23:52:04 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/subscribewithgoogle-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/subscribewithgoogle-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="boq-infra/subscribewithgoogle-boq-js-css-signers"
expires: Wed, 19 Oct 2022 19:40:02 GMT

POST
H2 200 log Show response
play.google.com/ Frame 001F 131 B
541 B 79ms
53ms XHR
text/plain 142.250.185.238
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.238 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f14.1e100.net

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://news.google.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Wed, 20 Oct 2021 15:49:22 GMT
content-encoding: gzip
server: Playlog
access-control-allow-headers: X-Playlog-Web
x-frame-options: SAMEORIGIN
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://news.google.com
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0

GET
H/1.1 200
OK dv-measurements1800.js Show response
cdn.doubleverify.com/ Frame 2E3A 495 KB
90 KB 10ms
10ms Script
application/javascript 2.18.232.109
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dv-measurements1800.js
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/2020/02/21/your-money/fake-check-scam.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.232.109 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-232-109.deploy.static.akamaitechnologies.com
Software: Microsoft-IIS/10.0 /
Resource Hash: 3c2c5e8ce71da5f920b37260c35faad806880a17d60b6b93e35e1200763a6733

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://a1e3f65b35dc087d2bb1afe2b62255a6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Wed, 20 Oct 2021 15:49:22 GMT
Content-Encoding: gzip
Last-Modified: Wed, 06 Oct 2021 09:46:20 GMT
Server: Microsoft-IIS/10.0
ETag: "0fef5397bad71:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=946080900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 91601

POST
H3 200 log Show response
play.google.com/ Frame 001F 131 B
152 B 71ms
56ms XHR
text/plain 142.250.185.238
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.238 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f14.1e100.net

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://news.google.com/
X-Goog-AuthUser: 0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Wed, 20 Oct 2021 15:49:22 GMT
content-encoding: gzip
server: Playlog
access-control-allow-headers: X-Playlog-Web
x-frame-options: SAMEORIGIN
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://news.google.com
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0

OPTIONS
H2 200 log
play.google.com/ Frame 0
0 58ms
38ms Preflight
text/plain 142.250.185.238
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

Server

142.250.185.238 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f14.1e100.net

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-goog-authuser
Origin: https://news.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-origin: https://news.google.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
content-type: text/plain; charset=UTF-8
date: Wed, 20 Oct 2021 15:49:22 GMT
server: Playlog
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3 200 log Show response
play.google.com/ Frame 001F 131 B
152 B 72ms
57ms XHR
text/plain 142.250.185.238
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.238 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f14.1e100.net

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://news.google.com/
X-Goog-AuthUser: 0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Wed, 20 Oct 2021 15:49:22 GMT
content-encoding: gzip
server: Playlog
access-control-allow-headers: X-Playlog-Web
x-frame-options: SAMEORIGIN
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://news.google.com
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0

OPTIONS
H2 200 log
play.google.com/ Frame 0
0 57ms
38ms Preflight
text/plain 142.250.185.238
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

Server

142.250.185.238 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f14.1e100.net

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-goog-authuser
Origin: https://news.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-origin: https://news.google.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
content-type: text/plain; charset=UTF-8
date: Wed, 20 Oct 2021 15:49:22 GMT
server: Playlog
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3 200 log Show response
play.google.com/ Frame 001F 131 B
152 B 75ms
60ms XHR
text/plain 142.250.185.238
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.238 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f14.1e100.net

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://news.google.com/
X-Goog-AuthUser: 0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Wed, 20 Oct 2021 15:49:22 GMT
content-encoding: gzip
server: Playlog
access-control-allow-headers: X-Playlog-Web
x-frame-options: SAMEORIGIN
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://news.google.com
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0

OPTIONS
H2 200 log
play.google.com/ Frame 0
0 55ms
38ms Preflight
text/plain 142.250.185.238
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

Server

142.250.185.238 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f14.1e100.net

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-goog-authuser
Origin: https://news.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-origin: https://news.google.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
content-type: text/plain; charset=UTF-8
date: Wed, 20 Oct 2021 15:49:22 GMT
server: Playlog
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK visit.js Show response
tps.doubleverify.com/ Frame 2E3A 1 KB
1 KB 184ms
10ms Script
text/javascript 213.254.244.17
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://tps.doubleverify.com/visit.js?gdpr=&gdpr_consent=&ttmms=42&ttfrms=27&brid=3&brver=93.0.4577.63&bridua=3&bds=1&tstype=128&eparams=DC4FC%3Dl9EEADTbpTauTauHHH%5D%3FJE%3A%3E6D%5D4%40%3ETauU2%3F4r92%3A%3Fl9EEADTbpTauTauHHH%5D%3FJE%3A%3E6D%5D4%40%3ETar9EEADTbpTauTau2%606b7ed3bd54_gf5a33%60276a3eaadd2e%5DD2767C2%3E6%5D8%40%408%3D6DJ%3F5%3A42E%3A%40%3F%5D4%40%3EU2%26C%3Dl9EEADTbpTauTauHHH%5D%3FJE%3A%3E6D%5D4%40%3ETaua_a_Tau_aTaua%60TauJ%40FC%5C%3E%40%3F6JTau72%3C6%5C4964%3C%5CD42%3E%5D9E%3E%3D&srcurlD=0&aUrlD=-1&ssl=https:&uid=1634744962071219&jsCallback=dvCallback_1634744962071389&dvtagver=6.1.src&navUa=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F93.0.4577.63%20Safari%2F537.36&htmlmsging=1&chro=1&hist=2&winh=0&winw=1600&wouh=1200&wouw=1600&scah=1200&scaw=1600&jsver=1800&tgjsver=1800&lvvn=28&m1=13&refD=1&referrer=https%3A%2F%2Fa1e3f65b35dc087d2bb1afe2b62255a6.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&sfe=1&fcifrms=5&brh=2&sdf=2&dvp_epl=361&noc=4&ctx=20447730&cmp=DV432810&btreg=5716510264138366282649&btadsrv=5716510264138366282649&adsrv=104&unit=0x0&turl=https%3A%2F%2Fwww.nytimes.com%2F2020%2F02%2F21%2Fyour-money%2Ffake-check-scam.html&seltag=1&sadv=23703758&ord=2834375980&litm=5716510264&scrt=138366282649&splc=/29390238/nyt/yourmoney&adu=28674518&spos=top&errorURL=https://tps.doubleverify.com/visit.jpg&mib=0&dvp_scripthash=1&t2te=0&cb=791805044&dvp_rcp=2&dvp_htec=1&dvp_seem=2&dvp_tuk=1&dvp_sukv=131041748.90126315&dvp_tukv=234720823873.91254&dvp_uuid=465857985.2735155&dvp_strhd=0.5999999046325684&dvpx_strhd=0.5999999046325684&dvp_tuid=1607535997395
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements1800.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.254.244.17 , Ireland, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: /
Resource Hash: d9939f7026639b042a8c94ce231922c820349997ca54184aeb3fe82fa3fd0213

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://a1e3f65b35dc087d2bb1afe2b62255a6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 20 Oct 2021 15:49:22 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: text/javascript; charset=utf-8
Cache-Control: max-age=0
Transfer-Encoding: chunked
Expires: 10/19/2021 3:49:22 PM

GET
H2 200 main.css
mwcm.nyt.com/.resources/mkt-wcm/dist/templates/pages/lp/gbb3/css/ 103 KB
15 KB 15ms
8ms Stylesheet
text/css 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://mwcm.nyt.com/.resources/mkt-wcm/dist/templates/pages/lp/gbb3/css/main.css
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/vi-assets/static-assets/main-3be339164c1f116bbbc1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.1.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: c0ec4afe344c086bc95ae4593c092460b527a5a5c0704e1c05cef34b2b648000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 15:49:22 GMT
content-encoding: gzip
age: 532926
x-cache: HIT
content-length: 14690
x-served-by: cache-fra19158-FRA
access-control-allow-origin: *
last-modified: Wed, 06 Oct 2021 22:35:50 GMT
server: nginx
x-timer: S1634744962.183532,VS0,VE0
x-origin-server: mwcm-pub-est02.prd.iad1.nyt.net
vary: Accept-Encoding
content-type: text/css;charset=UTF-8
via: 1.1 varnish
cache-control: no-cache, must-revalidate
accept-ranges: bytes
x-cache-hits: 6494

GET
H2 200 common.js Show response
mwcm.nyt.com/.resources/mkt-wcm/dist/ 221 KB
69 KB 12ms
10ms Script
application/javascript 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://mwcm.nyt.com/.resources/mkt-wcm/dist/common.js
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/vi-assets/static-assets/main-3be339164c1f116bbbc1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.1.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 9d6ee608c8abae122a5b934a3381ab5c127d5b709507bd9f81242609b929019a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 15:49:22 GMT
content-encoding: gzip
age: 532926
x-cache: HIT
content-length: 70589
x-served-by: cache-fra19158-FRA
access-control-allow-origin: *
last-modified: Wed, 06 Oct 2021 22:35:50 GMT
server: nginx
x-timer: S1634744962.183797,VS0,VE0
x-origin-server: mwcm-pub-est05.prd.iad1.nyt.net
vary: Accept-Encoding
content-type: application/javascript;charset=UTF-8
via: 1.1 varnish
cache-control: no-cache, must-revalidate
accept-ranges: bytes
x-cache-hits: 6980

GET
H2 200 main.js Show response
mwcm.nyt.com/.resources/mkt-wcm/dist/templates/pages/lp/gbb3/js/src/ 23 KB
6 KB 12ms
11ms Script
application/javascript 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://mwcm.nyt.com/.resources/mkt-wcm/dist/templates/pages/lp/gbb3/js/src/main.js
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/vi-assets/static-assets/main-3be339164c1f116bbbc1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.1.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: d09b7b0c955ad436b296c77df5c697479e1ca306619ba3e065fcc9a1342bcc7f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 15:49:22 GMT
content-encoding: gzip
age: 532926
x-cache: HIT
content-length: 6090
x-served-by: cache-fra19158-FRA
access-control-allow-origin: *
last-modified: Wed, 06 Oct 2021 22:35:50 GMT
server: nginx
x-timer: S1634744962.183702,VS0,VE0
x-origin-server: mwcm-pub-est03.prd.iad1.nyt.net
vary: Accept-Encoding
content-type: application/javascript;charset=UTF-8
via: 1.1 varnish
cache-control: no-cache, must-revalidate
accept-ranges: bytes
x-cache-hits: 6481

POST
H2 200 track
a.et.nytimes.com/ 0
0 102ms
102ms Ping
application/json 172.217.18.115
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://a.et.nytimes.com/track
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/2020/02/21/your-money/fake-check-scam.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.217.18.115 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: zrh04s05-in-f115.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.nytimes.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://www.nytimes.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, x-requested-by, *
access-control-allow-methods: GET, PUT, POST, DELETE, OPTIONS

POST
H2 200 track
a.et.nytimes.com/ 0
0 102ms
102ms Ping
application/json 172.217.18.115
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://a.et.nytimes.com/track
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/2020/02/21/your-money/fake-check-scam.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.217.18.115 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: zrh04s05-in-f115.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.nytimes.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://www.nytimes.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, x-requested-by, *
access-control-allow-methods: GET, PUT, POST, DELETE, OPTIONS

GET
H2 200 franklin-normal-800.fdc7cad17deeec2db1fe2f9f8c0520ed.woff2
g1.nyt.com/fonts/family/franklin/ 24 KB
24 KB 17ms
17ms Font
application/octet-stream 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://g1.nyt.com/fonts/family/franklin/franklin-normal-800.fdc7cad17deeec2db1fe2f9f8c0520ed.woff2
Requested by: Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.b1c035e4560e0216caf8f03326e0430712b61041.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 1a48c22120ff01abb38156633970addec986b69af1e59bfaf9b8abb6673f78c7

Request headers

Referer: https://g1.nyt.com/fonts/css/web-fonts.b1c035e4560e0216caf8f03326e0430712b61041.css
Origin: https://www.nytimes.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-goog-hash: crc32c=b25SxA==, md5=/cfK0X3u7C2x/i+fjAUg7Q==
date: Wed, 20 Oct 2021 15:49:22 GMT
via: 1.1 varnish
content-type: application/octet-stream
age: 2992889
x-guploader-uploadid: ADPycdvRLtwSH49UEDLV0Qe5RTdbXp7qp9NkhYlRDWUNqiHF_yyC1h-p2jq1Nh4sSIZV5dq1-LySRjbxdjatEzyroB4
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 24184
x-served-by: cache-hhn4058-HHN
accept-ranges: bytes
expires: Fri, 16 Sep 2022 00:27:52 GMT
last-modified: Wed, 15 Sep 2021 19:43:04 GMT
server: UploadServer
x-timer: S1634744962.222251,VS0,VE0
etag: "fdc7cad17deeec2db1fe2f9f8c0520ed"
access-control-allow-methods: GET, OPTIONS
x-goog-generation: 1631734984069574
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
x-goog-stored-content-length: 24184
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 15607

GET
H2 200 data-layer Show response
a.nytimes.com/svc/nyt/ 950 B
956 B 234ms
233ms XHR
application/json 172.217.18.115
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://a.nytimes.com/svc/nyt/data-layer
Requested by: Host: mwcm.nyt.com
URL: https://mwcm.nyt.com/.resources/mkt-wcm/dist/common.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.217.18.115 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: zrh04s05-in-f115.1e100.net
Software: Google Frontend /
Resource Hash: 77e7db2e83e0c88e4acdb936b5246dd15da11c01e3165aa35db50c40aca36e88

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 15:49:22 GMT
content-encoding: gzip
x-appengine-log-flush-count: 1
server: Google Frontend
vary: Accept-Encoding
access-control-allow-methods: GET, PUT, POST, DELETE, OPTIONS
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.nytimes.com
x-cloud-trace-context: a2693ef22ecfac62415a2d777464ea86
cache-control: private
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, x-requested-by, *
content-length: 487
expires: Wed, 20 Oct 2021 15:49:22 GMT

GET
H3

200

activityi;dc_pre=CKD6nMar2fMCFVwcBgAdHhwOlQ;src=5290727;type=remar0;cat=gatew0;ord=1;num=6902454173006;gtm=2wgai0;auiddc=1062748651.1634744962;u17=https%3A%2F%2Fwww.nytimes.com%2F2020%2F02%2F21%2Fy... Show response
5290727.fls.doubleclick.net/ Frame 7FB4
Redirect Chain

https://5290727.fls.doubleclick.net/activityi;src=5290727;type=remar0;cat=gatew0;ord=1;num=6902454173006;gtm=2wgai0;auiddc=1062748651.1634744962;u17=https%3A%2F%2Fwww.nytimes.com%2F2020%2F02%2F21%2...
https://5290727.fls.doubleclick.net/activityi;dc_pre=CKD6nMar2fMCFVwcBgAdHhwOlQ;src=5290727;type=remar0;cat=gatew0;ord=1;num=6902454173006;gtm=2wgai0;auiddc=1062748651.1634744962;u17=https%3A%2F%2F...

534 B
396 B

29ms
28ms

Document
text/html

142.250.185.70
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://5290727.fls.doubleclick.net/activityi;dc_pre=CKD6nMar2fMCFVwcBgAdHhwOlQ;src=5290727;type=remar0;cat=gatew0;ord=1;num=6902454173006;gtm=2wgai0;auiddc=1062748651.1634744962;u17=https%3A%2F%2Fwww.nytimes.com%2F2020%2F02%2F21%2Fyour-money%2Ffake-check-scam.html;~oref=https%3A%2F%2Fwww.nytimes.com%2F2020%2F02%2F21%2Fyour-money%2Ffake-check-scam.html?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P528B3&gtm_auth=tfAzqo1rYDLgYhmTnSjPqw&gtm_preview=env-130&gtm_cookies_win=x

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f6.1e100.net

Software

cafe /

Resource Hash

5165fa48753a7fd3d38094702173f48b120de3f7532551b2a215e8e957e87391

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 5290727.fls.doubleclick.net
:scheme: https
:path: /activityi;dc_pre=CKD6nMar2fMCFVwcBgAdHhwOlQ;src=5290727;type=remar0;cat=gatew0;ord=1;num=6902454173006;gtm=2wgai0;auiddc=1062748651.1634744962;u17=https%3A%2F%2Fwww.nytimes.com%2F2020%2F02%2F21%2Fyour-money%2Ffake-check-scam.html;~oref=https%3A%2F%2Fwww.nytimes.com%2F2020%2F02%2F21%2Fyour-money%2Ffake-check-scam.html?
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.nytimes.com/
accept-encoding: gzip, deflate, br
cookie: IDE=AHWqTUnzLNzW_MRWynIsDQIr5iU86up15vff_FfqRdb_vNj3uJt-F0PIYpNsBqq7na8
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: about:blank

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 20 Oct 2021 15:49:22 GMT
expires: Wed, 20 Oct 2021 15:49:22 GMT
cache-control: private, max-age=0
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 373
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000

Redirect headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 20 Oct 2021 15:49:22 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
strict-transport-security: max-age=21600
location: https://5290727.fls.doubleclick.net/activityi;dc_pre=CKD6nMar2fMCFVwcBgAdHhwOlQ;src=5290727;type=remar0;cat=gatew0;ord=1;num=6902454173006;gtm=2wgai0;auiddc=1062748651.1634744962;u17=https%3A%2F%2Fwww.nytimes.com%2F2020%2F02%2F21%2Fyour-money%2Ffake-check-scam.html;~oref=https%3A%2F%2Fwww.nytimes.com%2F2020%2F02%2F21%2Fyour-money%2Ffake-check-scam.html?
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000

POST
H2 200 track
a.et.nytimes.com/ 0
0 109ms
109ms Ping
application/json 172.217.18.115
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://a.et.nytimes.com/track
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/2020/02/21/your-money/fake-check-scam.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.217.18.115 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: zrh04s05-in-f115.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.nytimes.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://www.nytimes.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, x-requested-by, *
access-control-allow-methods: GET, PUT, POST, DELETE, OPTIONS

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 7ms
7ms Image
image/gif 142.250.185.142
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j94&a=881290008&t=event&ni=1&_s=1&dl=http%3A%2F%2Fwww.nytimes.com%2F2020%2F02%2F21%2Fyour-money%2Ffake-check-scam.html&dr=&ul=en-us&de=UTF-8&dt=Got%20an%20Unexpected%20Check%20in%20the%20Mail%3F%20It%20May%20Be%20Fake%20-%20The%20New%20York%20Times&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=gateway&ea=impression&el=MAG_web_nonsub_all_monthly-sale&ev=0&_u=aAjAAEABAAAAAC~&jid=&gjid=&cid=1229719175.1634744961&tid=UA-58630905-2&_gid=1756339828.1634744962&gtm=2wgai0P528B3&cg1=your-money&cg2=null&cg3=article&cg4=news&cd1=http%3A%2F%2Fwww.nytimes.com%2F2020%2F02%2F21%2Fyour-money%2Ffake-check-scam.html&cd2=https%3A%2F%2Fwww.nytimes.com%2F2020%2F02%2F21%2Fyour-money%2Ffake-check-scam.html&cd3=&cd4=Your%20Money&cd9=9&cd10=null&cd13=null&cd14=business_desk&cd15=earned&cd16=referring_links&cd17=100000006990050&cd18=Ann%20Carrns&cd19=Got%20an%20Unexpected%20Check%20in%20the%20Mail%3F%20It%20May%20Be%20Fake&cd20=your%20money%20adviser&cd21=Article&cd23=Your%20Money&cd26=2020&cd27=2020-02-21-09&cd28=Friday&cd29=09&cd30=2020-02-22T06%3A35%3A55.673Z&cd32=Your%20Money%20Adviser%2CYour%20Money%2CBusiness%2CSmarter%20Living&cd33=COLUMN%2CSECTION&cd34=NEWS&cd36=21adviser&cd37=1264&cd38=Business&cd42=nyt-vi&cd43=Banking%20and%20Financial%20Institutions%2CFrauds%20and%20Swindling%2CCounterfeit%20Money%20and%20Financial%20Instruments%2CGift%20Cards%20and%20Certificates%2CPersonal%20Finances&cd44=American%20Bankers%20Assn%2CBetter%20Business%20Bureaus%2CFederal%20Deposit%20Insurance%20Corp%2CFederal%20Trade%20Commission%2CUnited%20States%20Postal%20Inspection%20Service&cd48=February&cd49=long_1200_1600&cd51=nyt-vi&cd52=&cd53=Business&cd54=business_desk&cd55=0&cd56=anon&cd57=0&cd58=0&cd59=&cd60=&cd61=1&cd63=pvdMTDYvXcDONPAECZdEkJ&cd65=anon&cd67=0&cd95=&cd122=&cd123=&cd124=&cd125=&cd126=&cd127=&cd129=NaN&cd135=adviser&cd139=&cd141=&cd142=&cd162=&cd163=&cd164=pvdMTDYvXcDONPAECZdEkJ&z=248651230

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2020/02/21/your-money/fake-check-scam.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.142 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 20 Oct 2021 14:54:14 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 3308
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cheltenham-normal-200.40ccfe2cc61a71e6617e56162d49b896.woff2
g1.nyt.com/fonts/family/cheltenham/ 26 KB
26 KB 20ms
19ms Font
application/octet-stream 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://g1.nyt.com/fonts/family/cheltenham/cheltenham-normal-200.40ccfe2cc61a71e6617e56162d49b896.woff2
Requested by: Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.b1c035e4560e0216caf8f03326e0430712b61041.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 4f837869b80c34ed1a128362a6ed24ff5ebdae743dc55eb3c183ae9c8b5f4ca3

Request headers

Referer: https://g1.nyt.com/fonts/css/web-fonts.b1c035e4560e0216caf8f03326e0430712b61041.css
Origin: https://www.nytimes.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-goog-hash: crc32c=kUZRqw==, md5=QMz+LMYaceZhflYWLUm4lg==
date: Wed, 20 Oct 2021 15:49:22 GMT
via: 1.1 varnish
content-type: application/octet-stream
age: 2390131
x-guploader-uploadid: ADPycdtwNi1a19s1K3BRrnfc1hxw1DgoAd9Q0Bk83FCu-xGdofdr6FjmAwJcNEqk_9qeRwklJwV7XoBU9o5RDrAwhoI
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 26448
x-served-by: cache-hhn4058-HHN
accept-ranges: bytes
expires: Thu, 22 Sep 2022 23:53:50 GMT
last-modified: Wed, 15 Sep 2021 19:43:02 GMT
server: UploadServer
x-timer: S1634744962.357521,VS0,VE0
etag: "40ccfe2cc61a71e6617e56162d49b896"
access-control-allow-methods: GET, OPTIONS
x-goog-generation: 1631734982612741
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
x-goog-stored-content-length: 26448
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 24585

GET
H3 200 dc_pre=CKD6nMar2fMCFVwcBgAdHhwOlQ;src=5290727;type=remar0;cat=gatew0;ord=1;num=6902454173006;gtm=2wgai0;auiddc=*;u17=https%3A%2F%2Fwww.nytimes.com%2F2020%2F02%2F21%2Fyour-money%2Ffake-check-scam.ht...
adservice.google.com/ddm/fls/z/ Frame 7FB4 42 B
63 B 59ms
59ms Image
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CKD6nMar2fMCFVwcBgAdHhwOlQ;src=5290727;type=remar0;cat=gatew0;ord=1;num=6902454173006;gtm=2wgai0;auiddc=*;u17=https%3A%2F%2Fwww.nytimes.com%2F2020%2F02%2F21%2Fyour-money%2Ffake-check-scam.html;~oref=https%3A%2F%2Fwww.nytimes.com%2F2020%2F02%2F21%2Fyour-money%2Ffake-check-scam.html

Requested by

Host: 5290727.fls.doubleclick.net
URL: https://5290727.fls.doubleclick.net/activityi;dc_pre=CKD6nMar2fMCFVwcBgAdHhwOlQ;src=5290727;type=remar0;cat=gatew0;ord=1;num=6902454173006;gtm=2wgai0;auiddc=1062748651.1634744962;u17=https%3A%2F%2Fwww.nytimes.com%2F2020%2F02%2F21%2Fyour-money%2Ffake-check-scam.html;~oref=https%3A%2F%2Fwww.nytimes.com%2F2020%2F02%2F21%2Fyour-money%2Ffake-check-scam.html?

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://5290727.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 20 Oct 2021 15:49:22 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 11 KB
9 KB 58ms
21ms XHR
application/json 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021101201&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

719e150e0b99414b226952ccedb8b004d20c63833421c03747cc319aa3eca066

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 20 Oct 2021 15:49:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 8585
x-xss-protection: 0

GET
H2 200 loader.js Show response
platform.iteratehq.com/ 2 KB
1 KB 84ms
30ms Script
application/javascript 172.67.199.199
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.iteratehq.com/loader.js
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/2020/02/21/your-money/fake-check-scam.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.199.199 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 56fbb3be30f1d8cc36d10c7fe4e2dc034a082c21fee607458d8d9da693d81572

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 15:49:22 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 33
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id: FH6RVQGXV58VBNQX
x-amz-id-2: Ml88vAPi6DN15omIPYBavNyRAB3mMOyQCDTrZaKz7ag85eR9Lb/ViskocLe5xi0tk4nw8DuFk80=
last-modified: Tue, 28 Sep 2021 16:17:41 GMT
server: cloudflare
etag: W/"44a62183cd055dec9bdaba53aa40a45c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IkCF7oUQ2568lO9lAB95w%2BOfBsFH%2Fvy7xf3Xv9%2BRmPoLHsqMrhdtp97KojfrKeS5oqDvX99s1nb%2BSDS8hU8yzcY7J74eTKrFLOW15KBg7Q3iRsaOWe4RJg2QFdTRmuyIbmo9uOfUyrJA"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=1800
cf-ray: 6a13654febb92778-PRG

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 25ms
25ms Script
text/javascript 142.250.181.225
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101201.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.225 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f1.1e100.net

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 15:49:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Wed, 20 Oct 2021 15:49:22 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame 305D 12 KB
5 KB 17ms
17ms Document
text/html 142.250.181.225
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.225 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f1.1e100.net

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/224/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.nytimes.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5029
date: Wed, 20 Oct 2021 13:54:11 GMT
expires: Thu, 20 Oct 2022 13:54:11 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 6911
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame FAC9 783 B
1 KB 75ms
30ms Document
text/html 142.250.184.196
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.196 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f4.1e100.net

Software

GSE /

Resource Hash

94291998c1942e88863ac3602016a2e868dec2e3acc17ce9e192f478ac8a88d7

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-uzpCycsMOohtiUSypfTgPQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.nytimes.com/
accept-encoding: gzip, deflate, br
cookie: NID=511=fqNmhmNBMSD8tYLgf9yyqQAPo-ksk1_5HHng5LqJayXjEbz2tALfOgEs5mXmU54gDUpcg8_ut9cGg-GRMPgtj2lqHr6JMDrKoooJn5o57qp6lZLWA9rS4CUlbYAnhgdup9P0r_Q3AuEISVUkV08NK2VagrYiUqyrVdNXsgdgwus
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy-report-only: require-corp; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Wed, 20 Oct 2021 15:49:22 GMT
date: Wed, 20 Oct 2021 15:49:22 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-uzpCycsMOohtiUSypfTgPQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 509
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000

GET
H3 200 sdk-prod-be5bb94f697bec436954.js Show response
platform.iteratehq.com/ 891 KB
258 KB 74ms
52ms Script
application/javascript 172.67.199.199
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.iteratehq.com/sdk-prod-be5bb94f697bec436954.js
Requested by: Host: platform.iteratehq.com
URL: https://platform.iteratehq.com/loader.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.199.199 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5a1a1c1d92c1a2009a50ea539ca754223afe3e3ac1b1fba1dadd4752f84a28a5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 15:49:22 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1898826
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id: YCS6FGHD1NF3K35E
x-amz-id-2: Q07vKr6qDsA3LBetB/3Vsm/LSDriMYc6CBS6dhJk/RVxssu1IG0fanl92Wm0K6oG1a8Kxfs3VTI=
last-modified: Tue, 28 Sep 2021 16:17:35 GMT
server: cloudflare
etag: W/"210db2fa39618c1b3ca648d8ae10edb6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TcML%2FDjcDhAR7j%2FHRQo%2FcHaCkwHFVda30azauIPdoTxByG%2FOHR53ja3YapXPUwGXkK1Ta0NWytzEJoQ1mCUmRQlN7wp5aIwFhwr91IXSZfdPXZZWstBm3rW4Pn0FP4IGZf1LRgZsGI4X"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=31536000
cf-ray: 6a1365503f3ff9d2-PRG

GET
H3 200 style-2bdbffb0210cc2e386f1.css
platform.iteratehq.com/ 130 KB
12 KB 57ms
36ms Stylesheet
text/css 172.67.199.199
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.iteratehq.com/style-2bdbffb0210cc2e386f1.css
Requested by: Host: platform.iteratehq.com
URL: https://platform.iteratehq.com/loader.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.199.199 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f348468a5b39755c98091989fdafd4be48ccdbfaf75273cd4fd87333e43a7fda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 15:49:22 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 6631038
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id: 025CWS92HWFFQMPG
x-amz-id-2: tHbyaDqXLr6cKd8Ly+VeqhpBvqGBiZcRhtitBzjGkSWtG+RBA0zhk5s4NoLM1/szHZii8QhtTIQ=
last-modified: Wed, 04 Aug 2021 21:51:28 GMT
server: cloudflare
etag: W/"4737fd744e2551cae9a2bc8884efd7ba"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Fmx1sUtUENd5fRUFQBMni2yPFfrt9vGeFWpscSp0Y7BAkWwIEI8H0SRIpK4PDnwV%2BPC7qDFQ5FnzX2XR0pDai1e0UG%2FwstacfsaI5SIIkK1FID9B48y7Vw4U78dyA2YtXoreywpaahdg"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31536000
cf-ray: 6a1365503f42f9d2-PRG

GET
H3 200 YBeW4A8KRQKaUXRhZhiUEBaonRmLgznW2QKT5Kp-z2M.js Show response
pagead2.googlesyndication.com/bg/ Frame 305D 35 KB
13 KB 8ms
7ms Script
text/javascript 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/YBeW4A8KRQKaUXRhZhiUEBaonRmLgznW2QKT5Kp-z2M.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

sffe /

Resource Hash

601796e00f0a45029a5174616618941016a89d198b8339d6d90293e4aa7ecf63

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 09:45:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21820
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 13430
x-xss-protection: 0
last-modified: Mon, 11 Oct 2021 11:08:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Thu, 20 Oct 2022 09:45:42 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame FAC9 0
0 67ms
66ms Image
text/html 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gpt_2021101201&jk=3839715309992898&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.185.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s49-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

POST
H3 200 embed Show response
iteratehq.com/api/v1/surveys/ 298 B
958 B 192ms
150ms Fetch
application/json 172.67.199.199
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://iteratehq.com/api/v1/surveys/embed
Requested by: Host: platform.iteratehq.com
URL: https://platform.iteratehq.com/sdk-prod-be5bb94f697bec436954.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.199.199 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d2c8348e5d30297e8c59fa13e8095af4a4a6b7479cd03bd32dab0dccc0999903

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Referer: https://www.nytimes.com/
Accept-Language: de-DE,de;q=0.9
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJjb21wYW55X2lkIjoiNWMwOThiM2QxNjU0YzEwMDAxMmM2OGY5IiwiaWF0IjoxNTQ0MTI5MzQxfQ.UI13nEXGs0udbZxhjyFLruAEed42XwFO4fZlCqOgY1o
Content-Type: application/json

Response headers

date: Wed, 20 Oct 2021 15:49:23 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R9ahPzmMXI4E5i%2BBznDqOEiNmqblmd%2BWkH0w3CybvlQf3E%2BXirG%2B1mHEpPeqheE2q0VP3FD%2FD%2FusP4JCo%2BJw3jjsi8yi2ygXU%2Bhet%2BHEdRqwu1yfHfhcLxseMsu3Gkg3"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache="set-cookie"
access-control-allow-credentials: true
cf-ray: 6a1365531f062798-PRG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

OPTIONS
H2 200 embed
iteratehq.com/api/v1/surveys/ Frame 0
0 204ms
157ms Preflight 172.67.199.199
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://iteratehq.com/api/v1/surveys/embed
Protocol: H2
Server: 172.67.199.199 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: authorization,content-type
Origin: https://www.nytimes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Wed, 20 Oct 2021 15:49:22 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: POST
access-control-allow-origin: *
cache-control: no-cache="set-cookie"
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jj9qqDf4YnFGQ03wodnE84a5RU1VfFYJ6%2FI5QQC0Hn5EY9d2SZsRbQp62hlGa1zoHz9VJ630S90Zsbb0CYC0e5Lxw70mkflDGxjPEcw8u2fZZSmpeaXaw%2FaoQdFwZPdg"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6a136551de164119-PRG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 67ms
67ms Image
image/gif 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gpt_2021101201&jk=3839715309992898&bg=!UVKlUhbNAAao6lBpqOo7ACkAdvg8Wq7yNuzGoQNPtBwi9ss0c2s6t_fjf1g8Ofq2CetSZHChlMRX6AIAAADmUgAAAA1oAQcKAEp2as7IvQAqRqi7KwyFv5y6XGXszxf99vU4p8uGoIlhH0tplEjACegTJlx6DZkwbIww8iscPAhGbHIGrwmXdCQ0Mu42NFHZq3ZjbpkCq1k5dDcIOYK7oriQW1JFDvAP8-VedtNwitlGjS9hBDO49WF5GQiPJAw_qERCdt8Dfeszrxq3isT-LyF-B_MXR2QKUxO8AiSjGce4IbdoiRblDXH5M_4a5ZAlYI2rU8uRiJDFRkO3AyoQTsG5_yECtd_kpfo9nlKWUR1f4bz9_OS07YeQbsE3Zs7pnASJWp_52nm9pGNXidNZT78-DzTTuSUGN5P-3bI3d6mDqXpYaA8hegkv-O4bS8JaByb0ngZ7-jncjYGv57iMkPmyTpD7rKFtSt-lAGiN6CThCorTiQjDWTaNsYM7v0xkC5wGAoz79uXGO7qiHX9cn1vm1iYLw8vWxVBnhv5pWgXTlBuuuKhWIyxdoTx4o2hr46WC03WYE8MjLXBwxwAF3WBs1fqBCkeU0IONKQjatTcph0fQg3UTf0j7mHrLAHMnFSapSlRmpdXqgwLeYmtwOire6ACCE6R17fnPW6xyyLaBDssCSmUbN8OFlOy_SNPYj3o5rmuUf929cXWWzwGIhRbIazRUgKTgY_BesS3WW7Kr8ICk-r8MiLZ-lSTTFucjGzwQZnRXduGHRUAKXY-O1YQ_rBXe4YysFHNIY1MYCIP9QvAuGqKKsFiCRLoXTaNjsis1kErzbqKUBBmXDP3me-kXojDCzV4xfBcSv8PxYUPF5ghXELsmB05-n3swZa467WZURuHqwdKbDk70IGsQMx1ZM8d7fbYsuYdioqLp2cP52dc73myA7YQsh5W2PWpRYAkSkyZP3wlpC9cL9x2jBaucvgTw7phl695Lth3of13JB3oSsauMxfkt-omwe1uO68ZOHCelTFXYS1MsYU5RAgOF0CKuj0MbS2BqDm1ZxV9ajTUdTRbIcbvsswzqhTaeAi__Jyp7ninRInY1mkyi2tcT

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 20 Oct 2021 15:49:22 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 507D 42 B
64 B 40ms
40ms Fetch
image/gif 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvD-d9YmX0lr43jIr8Ke4DsdD37j1SfXNB1zN0OYPd-3lYTiHqRk2m17rrbX_EIWgSoQmySG2wchAuUgAunrfVRk5rqqxrCnALXMYg_BldoqF2i7k_Q&sig=Cg0ArKJSzCLBIGQ1YdiOEAE&id=lidar2&mcvt=1000&p=93,0,363,1600&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20211018&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=7&adk=3018143313&rs=4&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1634744961461&rpt=480&isd=0&lsd=0&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://a1e3f65b35dc087d2bb1afe2b62255a6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 20 Oct 2021 15:49:23 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK event.png
tps20222.doubleverify.com/ Frame 2E3A 67 B
465 B 65ms
10ms Ping
image/png 213.254.244.17
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://tps20222.doubleverify.com/event.png?impid=b2956f231bcb4a59b70d80e76e0fa1e5&gdpr=&gdpr_consent=&dvp_gdpr_Error=3&dvp_gdv2_Error=3&dvp_ealrgx=1&dvp_ealmp=1&dvp_ealslr=1&vdur=184&eoid=8&msrjs=1800&pltfrm=Linux%20x86_64&sdf=2&vit=2&isvelg=1&tltms=0&tetms=7&msltms=22&vltms=184&sei=290&vetms=98&engms=1&engisel=1&ttfurm=2308&cbust=1634744964354758
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements1800.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.254.244.17 , Ireland, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: /
Resource Hash: ebf4f635a17d10d6eb46ba680b70142419aa3220f228001a036d311a22ee9d2a

Request headers

Referer: https://a1e3f65b35dc087d2bb1afe2b62255a6.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Pragma: no-cache
Date: Wed, 20 Oct 2021 15:49:24 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: image/png
Access-Control-Allow-Origin: https://a1e3f65b35dc087d2bb1afe2b62255a6.safeframe.googlesyndication.com
Cache-Control: max-age=0
Access-Control-Allow-Credentials: true
Content-Length: 98
Expires: 10/19/2021 3:49:24 PM

POST
H/1.1 200
OK event.png
tps20222.doubleverify.com/ Frame 2E3A 67 B
465 B 36ms
36ms Ping
image/png 213.254.244.17
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://tps20222.doubleverify.com/event.png?impid=b2956f231bcb4a59b70d80e76e0fa1e5&gdpr=&gdpr_consent=&msrcanlm=262536&msrcannum=4&eoid=10&ismms=42&isumms=41&isvelg=1&nvr=6&isgmmims=42&isgmv4mims=42&elmtp=3&isbxdms=3042&b0=362&b11=2853&adhgt=270&adwdth=1600&engisel=1&vsos=23&dvp_vsosnmr=16&lftb=3215&sftb=3215&msrdp=1&naral=262144&vct=512&vphgt=1200&vpwdth=1600&chgt=270&cwdth=1600&invcs=false&scrhgt=1200&scrwdth=1600&strp=0&advisonl=false&isiabvms=1242&isuiabvms=1242&isgmpims=41&isgmv4dpims=1242&ispmxpms=1242&engalms=40&engscrlms=348&dvp_pageEng=true&dvp_dpr=1&cbust=1634744965355104
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements1800.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.254.244.17 , Ireland, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: /
Resource Hash: ebf4f635a17d10d6eb46ba680b70142419aa3220f228001a036d311a22ee9d2a

Request headers

Referer: https://a1e3f65b35dc087d2bb1afe2b62255a6.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Pragma: no-cache
Date: Wed, 20 Oct 2021 15:49:25 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: image/png
Access-Control-Allow-Origin: https://a1e3f65b35dc087d2bb1afe2b62255a6.safeframe.googlesyndication.com
Cache-Control: max-age=0
Access-Control-Allow-Credentials: true
Content-Length: 98
Expires: 10/19/2021 3:49:25 PM

POST
H2 200 track
a.et.nytimes.com/ 0
0 107ms
106ms Ping
application/json 172.217.18.115
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://a.et.nytimes.com/track
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/2020/02/21/your-money/fake-check-scam.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.217.18.115 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: zrh04s05-in-f115.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.nytimes.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://www.nytimes.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, x-requested-by, *
access-control-allow-methods: GET, PUT, POST, DELETE, OPTIONS

POST
H2 200 track
a.et.nytimes.com/ 0
0 105ms
104ms Ping
application/json 172.217.18.115
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://a.et.nytimes.com/track
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/2020/02/21/your-money/fake-check-scam.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.217.18.115 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: zrh04s05-in-f115.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.nytimes.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://www.nytimes.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, x-requested-by, *
access-control-allow-methods: GET, PUT, POST, DELETE, OPTIONS

POST ZaVnC4dhaV0-HeboJ6818lTuKxRBececk4jDqTCENG6P3EEnbph5RHWdBPvQT3HRVFQSGDmsPzXTyYrsnJS80IznOeaWt-m6EIiNmwnfwv6WiKXpRRMNYg==
collectors.sumologic.com/receiver/v1/http/ 0
0

OPTIONS ZaVnC4dhaV0-HeboJ6818lTuKxRBececk4jDqTCENG6P3EEnbph5RHWdBPvQT3HRVFQSGDmsPzXTyYrsnJS80IznOeaWt-m6EIiNmwnfwv6WiKXpRRMNYg==
collectors.sumologic.com/receiver/v1/http/ Frame 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: collectors.sumologic.com
URL: https://collectors.sumologic.com/receiver/v1/http/ZaVnC4dhaV0-HeboJ6818lTuKxRBececk4jDqTCENG6P3EEnbph5RHWdBPvQT3HRVFQSGDmsPzXTyYrsnJS80IznOeaWt-m6EIiNmwnfwv6WiKXpRRMNYg==?callback=logSent

Domain: collectors.sumologic.com
URL: https://collectors.sumologic.com/receiver/v1/http/ZaVnC4dhaV0-HeboJ6818lTuKxRBececk4jDqTCENG6P3EEnbph5RHWdBPvQT3HRVFQSGDmsPzXTyYrsnJS80IznOeaWt-m6EIiNmwnfwv6WiKXpRRMNYg==?callback=logSent

Verdicts & Comments Add Verdict or Comment

137 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

32 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.nytimes.com/2020/02/21/your-money	1969-12-31 23:59:59	Name: sumologic.logger.session Value: 6677fce9-5354-456f-9c0f-a46ccb08e3de
.nytimes.com/	1970-01-20 06:51:20	Name: nyt-a Value: pvdMTDYvXcDONPAECZdEkJ
.nytimes.com/	1970-01-19 22:06:06	Name: nyt-gdpr Value: 1
.nytimes.com/	1970-01-20 06:51:20	Name: nyt-purr Value: cfhspnahhud
.nytimes.com/	1970-01-19 22:06:06	Name: nyt-us Value: 0
.nytimes.com/	1970-01-19 22:06:06	Name: nyt-geo Value: DE
.nytimes.com/	1969-12-31 23:59:59	Name: nyt-b3-traceid Value: 82bd4a45d3a640e1a1d058c77fcb683e
.et.nytimes.com/	1970-01-19 22:05:46	Name: sessionActive Value: true
.et.nytimes.com/	1970-01-20 06:51:20	Name: sessionIndex Value: 1\|1634744960231\|pvdMTDYvXcDONPAECZdEkJ\|1634744960231
.et.nytimes.com/	1970-01-19 22:07:11	Name: et-ppvid Value: https://www.nytimes.com/2020/02/21/your-money/fake-check-scam.html=OiosSSJmDKmH3CHUScVc_W9u
.google.com/	1970-01-20 02:29:16	Name: NID Value: 511=fqNmhmNBMSD8tYLgf9yyqQAPo-ksk1_5HHng5LqJayXjEbz2tALfOgEs5mXmU54gDUpcg8_ut9cGg-GRMPgtj2lqHr6JMDrKoooJn5o57qp6lZLWA9rS4CUlbYAnhgdup9P0r_Q3AuEISVUkV08NK2VagrYiUqyrVdNXsgdgwus
.nytimes.com/	1970-01-21 17:55:11	Name: nyt-m Value: B3B069E7C449F8FC4240BDAD0857B7A8&rc=i.0&vr=l.4.0.0.0.0&iue=i.0&igf=i.0&e=i.1635753600&igd=i.1&ira=i.0&g=i.1&ft=i.0&cav=i.1&prt=i.0&iga=i.0&ird=i.0&n=i.2&pr=l.4.0.0.0.0&fv=i.0&imu=i.1&ica=i.0&uuid=s.e8cfd962-048d-4c67-b2b5-dce342bb5651&t=i.0&v=i.0&iub=i.0&ifv=i.0&er=i.1634744961&vp=i.0&igu=i.1&ier=i.0&imv=i.0&iru=i.1&iir=i.0&s=s.core
.a.nytimes.com/	1970-01-20 06:51:20	Name: jkidd-p Value: prevPage=&currPage=
.nytimes.com/	1970-01-19 22:06:14	Name: b2b_cig_opt Value: %7B%22isCorpUser%22%3Afalse%7D
.nytimes.com/	1970-01-19 22:06:14	Name: edu_cig_opt Value: %7B%22isEduUser%22%3Afalse%7D
.doubleclick.net/	1970-01-20 15:36:56	Name: IDE Value: AHWqTUnzLNzW_MRWynIsDQIr5iU86up15vff_FfqRdb_vNj3uJt-F0PIYpNsBqq7na8
.nytimes.com/	1970-01-20 07:35:14	Name: purr-cache Value: <K0<r<C_<G_<S0
.nytimes.com/	1970-01-20 07:27:20	Name: __gads Value: ID=e6ef3b413b590678:T=1634744961:S=ALNI_MaY3DAJOPy6qX2BgalTV-D7Eu9itA
.nytimes.com/	1970-01-20 00:15:20	Name: _gcl_au Value: 1.1.1062748651.1634744962
.nytimes.com/	1970-01-20 06:51:20	Name: datadome Value: OGwu_Q8OlJ0o6ONTTD67p1zy4D~nKu.fUpIYZnnKQX78dASaKB3opoEAsQCqQ7tz_UOOqTaJ~ck3EttVcy0GGHFs1VLXIv~xMg3GaB.ujk
.nytimes.com/	1970-01-20 15:36:56	Name: walley Value: GA1.2.1229719175.1634744961
.nytimes.com/	1970-01-19 22:07:11	Name: walley_gid Value: GA1.2.1756339828.1634744962
.nytimes.com/	1970-01-19 22:05:45	Name: _gat_UA-58630905-2 Value: 1
www.nytimes.com/	1970-01-20 07:34:32	Name: _cb_ls Value: 1
www.nytimes.com/	1970-01-20 07:34:32	Name: _cb Value: BoyaH9DE_8uKBGI7G0
www.nytimes.com/	1970-01-20 07:34:32	Name: _chartbeat2 Value: .1634744961862.1634744961862.1.CprFPRhC5bADfKBjyCK6M6UD2DeEk.1
www.nytimes.com/	1970-01-19 22:05:46	Name: _cb_svref Value: null
.nytimes.com/	1970-01-19 22:14:48	Name: nyt-cmots Value: eyJmcmVxdWVuY3kiOnsiMjg2NTI1OTkzIjp7ImlubGluZVVuaXQiOnsiZiI6MSwicyI6MSwiZmMiOjE2MzQ3NDQ5NjIsInNjIjoxNjM0NzQ0OTYyLCJjYSI6MTYzNDc0NDk2Mn19fX0=
.nytimes.com/	1970-01-19 22:15:49	Name: RT Value: "z=1&dm=nytimes.com&si=50761ea3-a84c-4159-a626-70052456489b&ss=kuzoxvvz&sl=1&tt=1yt&rl=1&ld=1yv"
.a.nytimes.com/	1969-12-31 23:59:59	Name: jkidd-s Value: referrer=&landing=&start=1634744961138&isNew=0&pageIndex=2
.nytimes.com/	1970-01-20 06:51:20	Name: nyt-jkidd Value: uid=0&lastRequest=1634744962340&activeDays=%5B0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C1%5D&adv=1&a7dv=1&a14dv=1&a21dv=1&lastKnownType=anon
.nytimes.com/	1970-01-23 13:41:44	Name: iter_id Value: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhaWQiOiI2MTcwM2E4MzhmODUyYzAwMDE2YmVhMjMiLCJjb21wYW55X2lkIjoiNWMwOThiM2QxNjU0YzEwMDAxMmM2OGY5IiwiaWF0IjoxNjM0NzQ0OTYzfQ.S-M2L6htuJmFIOaYrAk7yJkeP40Y6iUVd2YJK-c7ZAI

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	(Line 6) Message: This document requires 'TrustedScript' assignment.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
Strict-Transport-Security	max-age=63072000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

5290727.fls.doubleclick.net
a.et.nytimes.com
a.nytimes.com
a1.nyt.com
a1e3f65b35dc087d2bb1afe2b62255a6.safeframe.googlesyndication.com
ad.doubleclick.net
adservice.google.com
adservice.google.de
als-svc.nytimes.com
c.go-mpulse.net
cdn.doubleverify.com
collectors.sumologic.com
dd.nytimes.com
fonts.googleapis.com
fonts.gstatic.com
g1.nyt.com
insight.adsrvr.org
iteratehq.com
meter-svc.nytimes.com
mwcm.nyt.com
mwcm.nytimes.com
myaccount.nytimes.com
news.google.com
pagead2.googlesyndication.com
platform.iteratehq.com
play.google.com
pnytimes.chartbeat.net
purr.nytimes.com
s.go-mpulse.net
samizdat-graphql.nytimes.com
securepubads.g.doubleclick.net
static.chartbeat.com
static01.nyt.com
static01.nytimes.com
tpc.googlesyndication.com
tps.doubleverify.com
tps20222.doubleverify.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.nytimes.com
collectors.sumologic.com
104.111.214.229
142.250.181.225
142.250.184.196
142.250.184.206
142.250.185.104
142.250.185.129
142.250.185.142
142.250.185.163
142.250.185.194
142.250.185.238
142.250.185.70
142.250.185.98
142.250.186.162
142.250.186.163
142.250.186.74
143.204.98.114
143.204.98.142
151.101.1.164
151.101.193.164
172.217.18.115
172.67.199.199
2.18.232.109
213.254.244.17
34.241.169.143
35.241.35.241
35.244.188.62
52.45.183.189
058595dfd4505fbc419334063de47f0b2742e5925efad59af2959a4cf201286d
078a5d6e227e8d58076090356e2b36a3999c610e88ca735fe3eceeeb72a4477c
09ebd7f407439990aac227e70da23e1a819e8e30282928e324370805f480bec4
0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5
156f9b4a184dd0f31c929ce45c89e94a07148f97fc371cc7fde39ff04b706b57
170426b1ccbf16d163b36333bb291cebb26c5288224706ed42bec87e72eb972f
182331bf2d6618498776e7ea1d47fea5bc968c4ebcc0de38e1b2129f610b28e6
1984cebdb66af7ab4b36d0be6dba7e59e0ee55cacc919159310959a4f5c8e70c
1a48c22120ff01abb38156633970addec986b69af1e59bfaf9b8abb6673f78c7
1a4921877a651d0873db28503f132aed42da17b71b686c676d5067d239b1e389
1c7536005d0e28de66f559cbd59e83e9c5c4301553668cbbb8cb0dfa753e33c6
1d4c2c2e2e066129f0bb038bbc6d6ca3a13c8f234524433289fd882eb6a462a7
1f2889d41ae38f8c5b7122c05a70663700e08e3d955b490bf34c06319b528c42
254043432874ecaf0cf3d6d69907109b373057290d615453060544935d1cb8b9
292fc72a8512ef4763aae77bb5ab330c74b8fee5f63c49697a3eee0de4263e69
2ccd0ce11738369585c6f39ed2cde7b3b3b1c25c12fc30047218aa201d6add76
2ce2c18a9c0c30af2ee73be714d0aa483257473ffafdf0e4d739bc24a184f363
3739f7e3f233afefaaf897a2c109cd3dcce3799125f58957b4a622b610511a63
3852a6df650a24b80f848e200bb8f74503478411ccbf8a9d83b9d819bbc8c261
3c2c5e8ce71da5f920b37260c35faad806880a17d60b6b93e35e1200763a6733
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
3ee7eb64beb041055cbabc925f8ce8810bdda853f6a2980bdbf97d363d7abe51
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4487819c43207d32e0fd3ad87c7b992e174a98c801f83917a905c4afbb98a1c0
48c14482b8e4fbf42efb49c23032056a1aebfe04c2d4c4d851bd5674d69039de
48c17df8a89e5c3acb4127a265cce50218716f0dfdf7ad265267d4a013f01b2f
49518ab29525b5b18c0520535dcb050f6db4868d987a1bf8a0b6faa3be153be9
4995cbee2ebbb8e787b80a4c65474aabd9ec2af43e1bb606e3389c7822149481
4f837869b80c34ed1a128362a6ed24ff5ebdae743dc55eb3c183ae9c8b5f4ca3
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358
5165fa48753a7fd3d38094702173f48b120de3f7532551b2a215e8e957e87391
56fbb3be30f1d8cc36d10c7fe4e2dc034a082c21fee607458d8d9da693d81572
58a037df6363b1c9619199cf7fdfad3a84469cd508cfa83320e2bedf64aadc8d
5a009ad2e9deb05c64b5db72b1858dcdbf2ba69011b6977f66acc9db9984f51d
5a1a1c1d92c1a2009a50ea539ca754223afe3e3ac1b1fba1dadd4752f84a28a5
5dd139490465c0d5b42eb905451078a5ee84b5c220d6af5b143af49247a8ecf5
5e6830dc42fc6683f7735d4f8d270095d7d5e39bb8e172968f9ed97841cfe8d3
5eb5d9115f25c6debe6263501ed232f0a812d09fd864e24fda9189bdfb6802f3
5ec6259ce93d1583fd116bc92baa687aacfdf415efabc596b398c1ebf27c680e
5f8d426c2ff8e493c937981b9c6626cc58f79ae5b0f943b85253728ceb75d2b8
601796e00f0a45029a5174616618941016a89d198b8339d6d90293e4aa7ecf63
612e6b00354d56a1726cd40dc9a28d83ffda033d63214eae704d1e61ef59b3b5
63dcf74b8d941b8f413c68e514bea4aabcbadcc4ca6bfb0d5fba5501f611e85e
64f10a9b5c34af0b4cc97106a32aaebfb9843216a695691541d74a78ffb1077a
6980dd89438ca9eddd7b94b191e66619511bc01e3a03af49a8c331ccc5d56d54
6b28e77ff72ebf6d93187f498cccd4c295f7199b7a73beb6bd4739e3581d4522
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6c10cc257c4b6e11dcbf71223e97a6e61a59c60f466a96749eead269d230b3df
6d8c8460673f8f8b72f179599d131de186b5c9d43e0c572ea0776d881a67c20b
6de706923eaa7411b5bc9dfcc2de58c8950a85454fc1aa386f3537b19f861d5a
6f648e0bac5f3a468ab2508743ea01518b320569910989089e4cc15e096fc97d
6ffc01509034ff1699612910412f4711b94ebb845d7f129431671e34a4727e3d
70ac07a344cdbafad3e6c82c0aad7149c547e74cf74ac26928b5c101c54efb75
719e150e0b99414b226952ccedb8b004d20c63833421c03747cc319aa3eca066
77e7db2e83e0c88e4acdb936b5246dd15da11c01e3165aa35db50c40aca36e88
7e600a56d48ef1c596bf57dab35afecd2d31a8d2672b045efdde1fec1a0f0f07
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8aa1e610b22079cb84a89491850b86860036e3f2c9750a367d839b9a6a63d306
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
93b29c8e9e0bf5bad09891ef09a90ca7fd0613edfe0df5db5677d50ef972b3f4
94291998c1942e88863ac3602016a2e868dec2e3acc17ce9e192f478ac8a88d7
9a9f9b082b21ecdb85cbff019648d7ef1acd43ea6fbc1aa0c1a624be6f39c911
9b263413d42aec24185f55a510d45bd7b51c2bd455e3738378cc1a083b2268aa
9d6ee608c8abae122a5b934a3381ab5c127d5b709507bd9f81242609b929019a
a01793ea962d93284867afefc67e861cd2cd6566c37322aa99d2172638386378
a297c2828666a9d269df380c9429bc2d9ef916ba4931b011b4ec58de82256473
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5a388a3237f4fdcf143677009a251e6674879d409b48e69d6eec1623dfcf41a
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a931fed0c94dffa9e7b8c2211bbef72da62d20b73cd718be5d515bd8962cf078
a9950fa5ca9cf47072770900d259bcf6778aa1119652d2e706d5eb92df254199
ae62dd075f4359b389158ec0ce732971da832938b5d630a24eb2e89111b00e1b
b2f312cdc01acb67eb977c49c21d0cf2363195132b717a0e4327da069dd48c0e
b32e3879c83af441e675efa49587cb894bdd3c10420475f79879fbfb7a69766b
bdc3839944a2b864c1337dbf248cbdd52f9b83018558e3d78a99f1e59adb3104
be02a900b9ca948ecd29a75a7f01aff05abbc7d3cfe7b90ee63dcaadb86cf2a7
c0ec4afe344c086bc95ae4593c092460b527a5a5c0704e1c05cef34b2b648000
c19daf8b6f7b2541c5fadb52358a06c94ce326505e347984e9a329dfbe4c4911
c327f84410a9c0e23203de40b58cb757ba0f714cfdf1223af37d6ed60cd0f374
cd43b50aba5518b147e61e1a40bf2ff2307baef1ab471ca9aa67dfb836ea28f8
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d09b7b0c955ad436b296c77df5c697479e1ca306619ba3e065fcc9a1342bcc7f
d2c8348e5d30297e8c59fa13e8095af4a4a6b7479cd03bd32dab0dccc0999903
d9939f7026639b042a8c94ce231922c820349997ca54184aeb3fe82fa3fd0213
d9a8e1ffd210a98a7fa8cdba97e31707b3c849968385527dbeb934f279ae83d8
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e444fdaa833e612d239cf21a335b8322ad8cb7c7ba697ec978bdb454f5059519
e985c629d36a906a63f77f4e2e666eb3bd353036f1534cc29d404a6eeb4142cb
ebf4f635a17d10d6eb46ba680b70142419aa3220f228001a036d311a22ee9d2a
ee4f0a3e806f478d530494a73b4bb1a36fbb00893120c298bf54cea5358a9414
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f348468a5b39755c98091989fdafd4be48ccdbfaf75273cd4fd87333e43a7fda
f47fab3f729315a026e973cfe371adda4d91e58ad230dc9ed42c72bef1fa0d79
fc27aed7787a4f63d2feba50e6bc6122ac3c5479456d40c0a445899a08ad92f3

www.nytimes.com Open in urlscan Pro 151.101.1.164 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

136 Requests

99 %HTTPS

0 %IPv6

18 Domains

43 Subdomains

28 IPs

4 Countries

2890 kBTransfer

8491 kBSize

32 Cookies

19 Outgoing links

Redirected requests

136 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.nytimes.com Open in urlscan Pro
151.101.1.164 Public Scan

Screenshot
Live screenshot

Full Image

136
Requests

99 %
HTTPS

0 %
IPv6

18
Domains

43
Subdomains

28
IPs

4
Countries

2890 kB
Transfer

8491 kB
Size

32
Cookies

136 HTTP transactions
1 data transactions