urlscan.io logo urlscan.io
SecurityTrails logo

www.baltimoresun.com Open in urlscan Pro
2600:141b:13::17d7:822b  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://t.co/sWUTVYxdMM
Effective URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Submission: On December 30 via manual from GB — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 196 IPs in 13 countries across 157 domains to perform 852 HTTP transactions. The main IP is 2600:141b:13::17d7:822b, located in New York, United States and belongs to AKAMAI-ASN1, NL. The main domain is www.baltimoresun.com.
TLS certificate: Issued by R3 on November 3rd 2021. Valid for: 3 months.
This is the only time www.baltimoresun.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 104.244.42.197 13414 (TWITTER)
1 23 2600:141b:13:... 20940 (AKAMAI-ASN1)
3 151.101.129.194 54113 (FASTLY)
39 142.250.72.98 15169 (GOOGLE)
6 54.192.160.42 16509 (AMAZON-02)
9 2607:f8b0:400... 15169 (GOOGLE)
6 2606:4700::68... 13335 (CLOUDFLAR...)
1 36 151.101.193.44 54113 (FASTLY)
2 13.225.210.98 16509 (AMAZON-02)
1 54.230.162.112 16509 (AMAZON-02)
3 50.17.208.58 14618 (AMAZON-AES)
2 13.225.210.64 16509 (AMAZON-02)
2 2600:9000:210... 16509 (AMAZON-02)
2 2607:f8b0:400... 15169 (GOOGLE)
2 2600:1400:d:2... 20940 (AKAMAI-ASN1)
3 23.217.25.136 16625 (AKAMAI-AS)
5 13.226.31.111 16509 (AMAZON-02)
2 2600:1400:d:5... 20940 (AKAMAI-ASN1)
18 2607:f8b0:400... 15169 (GOOGLE)
1 2606:4700:10:... 13335 (CLOUDFLAR...)
2 13.226.31.61 16509 (AMAZON-02)
6 2607:f8b0:400... 15169 (GOOGLE)
2 7 13.226.31.94 16509 (AMAZON-02)
1 44.239.174.197 16509 (AMAZON-02)
1 54.230.162.5 16509 (AMAZON-02)
5 21 23.52.162.21 16625 (AKAMAI-AS)
7 23.52.161.180 16625 (AKAMAI-AS)
1 54.230.162.49 16509 (AMAZON-02)
4 54.230.162.121 16509 (AMAZON-02)
1 2600:9000:210... 16509 (AMAZON-02)
1 54.230.162.106 16509 (AMAZON-02)
10 21 68.67.160.114 29990 (ASN-APPNEX)
3 2602:803:c002... 26667 (RUBICONPR...)
3 54.175.69.37 14618 (AMAZON-AES)
3 35.211.165.199 15169 (GOOGLE)
1 13.225.58.39 16509 (AMAZON-02)
1 2600:9000:21d... 16509 (AMAZON-02)
1 13.226.31.85 16509 (AMAZON-02)
1 2607:f8b0:400... 15169 (GOOGLE)
5 52.73.153.177 14618 (AMAZON-AES)
2 104.36.115.98 62713 (AS-PUBMATIC)
2 34.120.155.137 15169 (GOOGLE)
1 3.95.140.237 14618 (AMAZON-AES)
14 15 3.33.220.150 16509 (AMAZON-02)
1 2600:9000:21e... 16509 (AMAZON-02)
1 2 107.178.250.234 15169 (GOOGLE)
1 8 2607:f8b0:400... 15169 (GOOGLE)
17 2607:f8b0:400... 15169 (GOOGLE)
3 2607:f8b0:400... 15169 (GOOGLE)
9 2607:f8b0:400... 15169 (GOOGLE)
3 2606:4700::68... 13335 (CLOUDFLAR...)
22 13.226.31.90 16509 (AMAZON-02)
7 100.25.5.11 14618 (AMAZON-AES)
1 52.205.167.202 14618 (AMAZON-AES)
1 104.18.12.242 13335 (CLOUDFLAR...)
3 23.41.169.52 16625 (AKAMAI-AS)
6 2607:f8b0:400... 15169 (GOOGLE)
2 34.228.250.212 14618 (AMAZON-AES)
1 13.225.63.128 16509 (AMAZON-02)
8 2607:f8b0:400... 15169 (GOOGLE)
8 2607:f8b0:400... 15169 (GOOGLE)
1 2600:9000:21d... 16509 (AMAZON-02)
4 2606:4700::68... 13335 (CLOUDFLAR...)
3 35.201.103.212 15169 (GOOGLE)
5 34.197.95.142 14618 (AMAZON-AES)
2 8.28.7.81 62713 (AS-PUBMATIC)
1 54.82.87.39 14618 (AMAZON-AES)
1 12 209.54.180.144 16509 (AMAZON-02)
1 3.236.169.69 14618 (AMAZON-AES)
3 50.17.207.51 14618 (AMAZON-AES)
2 34.195.91.69 14618 (AMAZON-AES)
18 2607:f8b0:400... 15169 (GOOGLE)
1 2600:1400:d:1... 20940 (AKAMAI-ASN1)
4 5 185.167.164.39 198622 (ADFORM)
3 3 151.101.2.49 54113 (FASTLY)
2 22 104.36.115.109 62713 (AS-PUBMATIC)
3 6 54.236.195.76 14618 (AMAZON-AES)
19 32 142.250.65.162 15169 (GOOGLE)
4 5 35.190.60.146 15169 (GOOGLE)
2 2 107.178.254.65 15169 (GOOGLE)
2 2 35.174.233.127 14618 (AMAZON-AES)
1 107.20.198.59 14618 (AMAZON-AES)
7 7 216.200.232.249 30419 (MEDIAMATH...)
2 104.36.115.114 62713 (AS-PUBMATIC)
8 8.28.7.83 62713 (AS-PUBMATIC)
2 2 75.126.248.142 36351 (SOFTLAYER)
3 3 2620:112:f006... 6336 (TURN-US-ASN)
7 8 52.45.33.138 14618 (AMAZON-AES)
1 3 2600:1f18:4e9... 14618 (AMAZON-AES)
32 2607:f8b0:400... 15169 (GOOGLE)
1 2607:f8b0:402... 15169 (GOOGLE)
1 104.18.8.110 13335 (CLOUDFLAR...)
2 52.207.202.199 14618 (AMAZON-AES)
1 2600:9000:21d... 16509 (AMAZON-02)
22 2607:f8b0:400... 15169 (GOOGLE)
1 2607:f8b0:400... 15169 (GOOGLE)
3 209.54.177.91 16509 (AMAZON-02)
6 23.52.164.7 16625 (AKAMAI-AS)
2 18.209.139.57 14618 (AMAZON-AES)
4 14 23.73.244.44 16625 (AKAMAI-AS)
2 6 34.98.64.218 15169 (GOOGLE)
1 35.174.248.175 14618 (AMAZON-AES)
3 11 52.223.22.214 16509 (AMAZON-02)
2 15 151.101.66.137 54113 (FASTLY)
16 17 35.211.178.172 15169 (GOOGLE)
2 2 2620:116:800b... 14618 (AMAZON-AES)
3 3.208.244.38 14618 (AMAZON-AES)
2 2 52.200.181.105 14618 (AMAZON-AES)
4 5 198.148.27.139 19189 (PULSEPOINT)
3 52.203.157.37 14618 (AMAZON-AES)
3 4 207.198.113.169 13768 (COGECO-PEER1)
1 1 3.217.216.1 14618 (AMAZON-AES)
1 3 34.233.103.61 14618 (AMAZON-AES)
1 3 13.225.210.86 16509 (AMAZON-02)
1 3 184.50.205.90 16625 (AKAMAI-AS)
1 54.159.192.110 14618 (AMAZON-AES)
3 4 8.43.72.98 26667 (RUBICONPR...)
1 3.230.62.22 14618 (AMAZON-AES)
4 2607:f8b0:400... 15169 (GOOGLE)
6 2600:1400:d:5... 20940 (AKAMAI-ASN1)
5 2607:f8b0:400... 15169 (GOOGLE)
1 2606:4700:303... 13335 (CLOUDFLAR...)
1 1 3.208.105.70 14618 (AMAZON-AES)
26 18.220.25.210 16509 (AMAZON-02)
5 10 8.43.72.97 26667 (RUBICONPR...)
2 8.28.7.84 62713 (AS-PUBMATIC)
1 2001:4998:14:... 14777 (YAHOO)
7 151.101.194.137 54113 (FASTLY)
3 3 68.67.179.90 29990 (ASN-APPNEX)
4 4 192.35.249.127 11742 (SPOTX-IAD)
25 34.226.87.209 14618 (AMAZON-AES)
1 204.154.111.120 36062 (DOUBLE-VE...)
7 2607:f8b0:400... 15169 (GOOGLE)
2 204.154.111.116 36062 (DOUBLE-VE...)
5 2606:ae80:145... 25751 (VALUECLICK)
1 2 2620:100:a001::c 19750 (AS-CRITEO)
2 178.250.0.157 44788 (ASN-CRITE...)
8 199.127.204.162 26120 (RHYTHMONE)
1 142.250.65.230 15169 (GOOGLE)
1 2 74.119.119.150 19750 (AS-CRITEO)
1 169.197.150.7 398989 (DEEPINTENT)
2 2 173.231.178.77 29791 (VOXEL-DOT...)
1 2 2606:4700::68... 13335 (CLOUDFLAR...)
2 2 34.225.18.44 14618 (AMAZON-AES)
2 2 69.90.254.78 13768 (COGECO-PEER1)
1 1 104.45.178.220 8075 (MICROSOFT...)
2 2 23.219.95.182 16625 (AKAMAI-AS)
7 7 199.127.204.142 26120 (RHYTHMONE)
1 38.27.122.158 174 (COGENT-174)
1 2 52.20.156.159 14618 (AMAZON-AES)
1 1 139.162.78.222 63949 (LINODE-AP...)
1 1 23.88.75.189 24940 (HETZNER-AS)
1 195.5.165.20 44968 (IPROM-AS)
2 3 51.79.83.225 16276 (OVH)
2 4 34.229.3.43 14618 (AMAZON-AES)
2 2 35.201.96.126 15169 (GOOGLE)
1 162.248.18.10 62713 (AS-PUBMATIC)
1 2 54.83.242.41 14618 (AMAZON-AES)
2 3.222.216.135 14618 (AMAZON-AES)
1 1 2606:ae80:145... 25751 (VALUECLICK)
1 1 34.203.25.60 14618 (AMAZON-AES)
1 2 38.67.14.233 174 (COGENT-174)
2 2 35.210.53.219 19527 (GOOGLE-2)
1 1 45.35.192.162 40676 (AS40676)
1 1 34.102.253.54 15169 (GOOGLE)
1 1 159.65.196.12 14061 (DIGITALOC...)
1 3.223.11.104 14618 (AMAZON-AES)
2 142.250.65.226 15169 (GOOGLE)
10 204.154.110.88 36062 (DOUBLE-VE...)
1 2600:141b:13:... 20940 (AKAMAI-ASN1)
1 1 38.67.14.224 174 (COGENT-174)
2 51.178.20.140 16276 (OVH)
1 1 52.3.54.123 14618 (AMAZON-AES)
4 35.190.38.143 15169 (GOOGLE)
11 104.17.209.240 13335 (CLOUDFLAR...)
2 151.101.65.181 54113 (FASTLY)
1 34.120.253.250 15169 (GOOGLE)
1 1 34.102.163.6 15169 (GOOGLE)
1 2620:1ec:21::14 8068 (MICROSOFT...)
2 2 52.5.237.191 14618 (AMAZON-AES)
1 2620:1ec:c11:... 8068 (MICROSOFT...)
2 2 70.42.32.95 13789 (INTERNAP-...)
1 2 23.55.166.115 20940 (AKAMAI-ASN1)
1 2 2600:141b:13:... 20940 (AKAMAI-ASN1)
2 34.98.72.95 15169 (GOOGLE)
1 2600:9000:21d... 16509 (AMAZON-02)
1 35.190.31.44 15169 (GOOGLE)
1 35.186.193.0 15169 (GOOGLE)
1 35.190.65.91 15169 (GOOGLE)
1 2 192.173.29.77 13360 (TRITONDIG...)
1 3.248.104.197 16509 (AMAZON-02)
13 3.127.201.35 16509 (AMAZON-02)
4 34.102.142.228 15169 (GOOGLE)
2 199.250.166.129 26459 (TTD-ASN-01)
10 192.173.29.75 13360 (TRITONDIG...)
1 23.41.168.170 16625 (AKAMAI-AS)
1 34.107.191.194 15169 (GOOGLE)
11 18 52.49.183.91 16509 (AMAZON-02)
1 34.149.130.207 15169 (GOOGLE)
1 1 13.225.210.122 16509 (AMAZON-02)
1 208.80.55.209 13360 (TRITONDIG...)
2 13.225.68.201 16509 (AMAZON-02)
2 28 141.226.224.48 200478 (TABOOLA-AS)
5 7 54.230.162.36 16509 (AMAZON-02)
1 34.117.4.53 15169 (GOOGLE)
1 44.242.34.37 16509 (AMAZON-02)
2 23.52.160.130 16625 (AKAMAI-AS)
1 2600:1f18:66e... 14618 (AMAZON-AES)
2 2607:f8b0:402... 15169 (GOOGLE)
1 2600:9000:210... 16509 (AMAZON-02)
2 2600:1f18:612... 14618 (AMAZON-AES)
1 1 204.62.13.72 46636 (NATCOWEB)
1 1 47.252.78.131 45102 (CNNIC-ALI...)
1 3 2600:1f18:66e... 14618 (AMAZON-AES)
1 1 52.55.72.211 14618 (AMAZON-AES)
1 1 13.225.210.40 16509 (AMAZON-02)
1 13.225.210.108 16509 (AMAZON-02)
1 1 8.28.7.82 62713 (AS-PUBMATIC)
2 2606:4700:10:... 13335 (CLOUDFLAR...)
1 35.190.90.30 15169 (GOOGLE)
1 1 2600:9000:21d... 16509 (AMAZON-02)
1 64.19.224.203 14332 (SHOPZILLA)
2 3 34.194.166.233 14618 (AMAZON-AES)
1 2600:1f18:444... 14618 (AMAZON-AES)
1 2 23.92.190.68 10913 (INTERNAP-BLK)
2 2 44.238.90.180 16509 (AMAZON-02)
1 199.187.193.185 47043 (SMARTADSE...)
2 3 23.23.88.115 14618 (AMAZON-AES)
2 2 52.45.80.111 14618 (AMAZON-AES)
1 52.3.109.58 14618 (AMAZON-AES)
1 1 192.132.33.46 18568 (BIDTELLECT)
1 2600:1901:0:2... 15169 (GOOGLE)
2 2 35.207.24.140 15169 (GOOGLE)
2 2 88.212.252.22 7979 (SERVERS-COM)
1 195.244.31.10 63140 (IGUANA-WO...)
1 2a04:4e42:200... 54113 (FASTLY)
1 141.226.224.32 200478 (TABOOLA-AS)
2 2 54.147.68.28 14618 (AMAZON-AES)
1 1 150.136.156.92 ()
1 52.24.171.117 ()
852 196
1    104.244.42.197 (United States)

ASN13414 (TWITTER, US)
t.co
23    2600:141b:13::17d7:822b (New York, United States)

ASN20940 (AKAMAI-ASN1, NL)
www.baltimoresun.com
3    151.101.129.194 (United States)

ASN54113 (FASTLY, US)
confiant-integrations.global.ssl.fastly.net
39    142.250.72.98 (United States)

ASN15169 (GOOGLE, US)
PTR: lga34s32-in-f2.1e100.net
securepubads.g.doubleclick.net
pubads.g.doubleclick.net
6    54.192.160.42 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-54-192-160-42.ewr53.r.cloudfront.net
c.amazon-adsystem.com
9    2607:f8b0:4006:81d::200a (United States)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
6    2606:4700::6810:9540 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.cookielaw.org
36    151.101.193.44 (United States)

ASN54113 (FASTLY, US)
cdn.taboola.com
trc.taboola.com
match.taboola.com
15.taboola.com
vidstat.taboola.com
imprnjmp.taboola.com
2    13.225.210.98 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-210-98.ewr50.r.cloudfront.net
assets.zephr.com
1    54.230.162.112 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-54-230-162-112.ewr53.r.cloudfront.net
tribune-baltimoresunclassic.zeustechnology.com
3    50.17.208.58 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-50-17-208-58.compute-1.amazonaws.com
embed.sendtonews.com
2    13.225.210.64 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-210-64.ewr50.r.cloudfront.net
tags.remixd.com
2    2600:9000:210b:3800:e:f240:cc80:21 (United States)

ASN16509 (AMAZON-02, US)
d3mmnnn9s2dcmq.cloudfront.net
2    2607:f8b0:4006:822::2008 (United States)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
2    2600:1400:d:29c::11a6 (New York, United States)

ASN20940 (AKAMAI-ASN1, NL)
c.go-mpulse.net
3    23.217.25.136 (New York, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-217-25-136.deploy.static.akamaitechnologies.com
ssor.tribdss.com
www.tribdss.com
5    13.226.31.111 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-31-111.ewr53.r.cloudfront.net
zephr.baltimoresun.com
2    2600:1400:d:5a5::11a6 (New York, United States)

ASN20940 (AKAMAI-ASN1, NL)
s.go-mpulse.net
173bf108.akstat.io
18    2607:f8b0:4006:823::2003 (United States)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
1    2606:4700:10::6814:b844 (United States)

ASN13335 (CLOUDFLARENET, US)
geolocation.onetrust.com
2    13.226.31.61 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-31-61.ewr53.r.cloudfront.net
player.sendtonews.com
6    2607:f8b0:4006:81f::200e (United States)

ASN15169 (GOOGLE, US)
www.google-analytics.com
7    13.226.31.94 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-31-94.ewr53.r.cloudfront.net
sb.scorecardresearch.com
1    44.239.174.197 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-44-239-174-197.us-west-2.compute.amazonaws.com
authenticate.baltimoresun.com
1    54.230.162.5 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-54-230-162-5.ewr53.r.cloudfront.net
check.analytics.rlcdn.com
21    23.52.162.21 (New York, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-52-162-21.deploy.static.akamaitechnologies.com
js-sec.indexww.com
as-sec.casalemedia.com
ssum-sec.casalemedia.com
dsum-sec.casalemedia.com
ssum.casalemedia.com
dsum.casalemedia.com
7    23.52.161.180 (New York, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-52-161-180.deploy.static.akamaitechnologies.com
ads.pubmatic.com
1    54.230.162.49 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-54-230-162-49.ewr53.r.cloudfront.net
ib.3lift.com
4    54.230.162.121 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-54-230-162-121.ewr53.r.cloudfront.net
tags.crwdcntrl.net
1    2600:9000:210b:f400:5:82fd:2500:21 (United States)

ASN16509 (AMAZON-02, US)
dyv1bugovvq1g.cloudfront.net
1    54.230.162.106 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-54-230-162-106.ewr53.r.cloudfront.net
insights.zeustechnology.com
21    68.67.160.114 (New York, United States)

ASN29990 (ASN-APPNEX, US)
PTR: 672.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
ib.adnxs.com
3    2602:803:c002:200::32 (United States)

ASN26667 (RUBICONPROJECT, US)
fastlane.rubiconproject.com
3    54.175.69.37 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-175-69-37.compute-1.amazonaws.com
tlx.3lift.com
3    35.211.165.199 (North Charleston, United States)

ASN15169 (GOOGLE, US)
PTR: 199.165.211.35.bc.googleusercontent.com
grid.bidswitch.net
1    13.225.58.39 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-58-39.ewr53.r.cloudfront.net
cdn.parsely.com
1    2600:9000:21da:7000:11:b309:9100:21 (United States)

ASN16509 (AMAZON-02, US)
d15kdpgjg3unno.cloudfront.net
1    13.226.31.85 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-31-85.ewr53.r.cloudfront.net
ats.rlcdn.com
1    2607:f8b0:4006:80b::200e (United States)

ASN15169 (GOOGLE, US)
ampcid.google.com
5    52.73.153.177 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-73-153-177.compute-1.amazonaws.com
bcp.crwdcntrl.net
2    104.36.115.98 (United States)

ASN62713 (AS-PUBMATIC, US)
hbopenbid.pubmatic.com
2    34.120.155.137 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 137.155.120.34.bc.googleusercontent.com
api.rlcdn.com
1    3.95.140.237 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-95-140-237.compute-1.amazonaws.com
idx.liadm.com
15    3.33.220.150 (United States)

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com
match.adsrvr.org
1    2600:9000:21ea:c400:9:7c30:be80:21 (United States)

ASN16509 (AMAZON-02, US)
d1n00d49gkbray.cloudfront.net
2    107.178.250.234 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 234.250.178.107.bc.googleusercontent.com
js.matheranalytics.com
8    2607:f8b0:4006:807::2004 (United States)

ASN15169 (GOOGLE, US)
www.google.com
17    2607:f8b0:4006:822::2002 (United States)

ASN15169 (GOOGLE, US)
adservice.google.com
3    2607:f8b0:4006:821::2001 (United States)

ASN15169 (GOOGLE, US)
76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com
9    2607:f8b0:4006:809::200a (United States)

ASN15169 (GOOGLE, US)
imasdk.googleapis.com
3    2606:4700::6810:125e (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
22    13.226.31.90 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-31-90.ewr53.r.cloudfront.net
d29xw9s9x32j3w.cloudfront.net
7    100.25.5.11 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-100-25-5-11.compute-1.amazonaws.com
s2l.sendtonews.com
1    52.205.167.202 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-205-167-202.compute-1.amazonaws.com
p1.parsely.com
1    104.18.12.242 (None, )

ASN13335 (CLOUDFLARENET, US)
cdn.resonate.com
3    23.41.169.52 (Edison, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-41-169-52.deploy.static.akamaitechnologies.com
a.teads.tv
6    2607:f8b0:4006:816::2002 (United States)

ASN15169 (GOOGLE, US)
www.googletagservices.com
2    34.228.250.212 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-228-250-212.compute-1.amazonaws.com
protected-by.clarium.io
1    13.225.63.128 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-63-128.ewr53.r.cloudfront.net
geo.privacymanager.io
8    2607:f8b0:4006:822::2003 (United States)

ASN15169 (GOOGLE, US)
www.gstatic.com
8    2607:f8b0:4006:816::200e (United States)

ASN15169 (GOOGLE, US)
news.google.com
1    2600:9000:21da:e000:18:1fcd:34f:cdc1 (United States)

ASN16509 (AMAZON-02, US)
static.chartbeat.com
4    2606:4700::6812:e134 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.onesignal.com
onesignal.com
3    35.201.103.212 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 212.103.201.35.bc.googleusercontent.com
smoggysnakes.com
5    34.197.95.142 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-197-95-142.compute-1.amazonaws.com
tr2.smarterhq.io
2    8.28.7.81 (United States)

ASN62713 (AS-PUBMATIC, US)
image6.pubmatic.com
1    54.82.87.39 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-82-87-39.compute-1.amazonaws.com
id.sv.rkdms.com
12    209.54.180.144 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
s.amazon-adsystem.com
1    3.236.169.69 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-236-169-69.compute-1.amazonaws.com
sqs.us-east-1.amazonaws.com
3    50.17.207.51 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-50-17-207-51.compute-1.amazonaws.com
timber.sendtonews.com
2    34.195.91.69 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-195-91-69.compute-1.amazonaws.com
www.i.matheranalytics.com
18    2607:f8b0:4006:823::2006 (United States)

ASN15169 (GOOGLE, US)
s0.2mdn.net
1    2600:1400:d:188::26e5 (New York, United States)

ASN20940 (AKAMAI-ASN1, NL)
s8t.teads.tv
5    185.167.164.39 (Denmark)

ASN198622 (ADFORM, DK)
c1.adform.net
3    151.101.2.49 (United States)

ASN54113 (FASTLY, US)
sync-tm.everesttech.net
22    104.36.115.109 (United States)

ASN62713 (AS-PUBMATIC, US)
simage2.pubmatic.com
6    54.236.195.76 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-236-195-76.compute-1.amazonaws.com
match.prod.bidr.io
32    142.250.65.162 (United States)

ASN15169 (GOOGLE, US)
PTR: lga25s71-in-f2.1e100.net
cm.g.doubleclick.net
ade.googlesyndication.com
5    35.190.60.146 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 146.60.190.35.bc.googleusercontent.com
idsync.rlcdn.com
id.rlcdn.com
2    107.178.254.65 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 65.254.178.107.bc.googleusercontent.com
pippio.com
2    35.174.233.127 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-174-233-127.compute-1.amazonaws.com
usermatch.krxd.net
1    107.20.198.59 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-107-20-198-59.compute-1.amazonaws.com
beacon.krxd.net
7    216.200.232.249 (United States)

ASN30419 (MEDIAMATH-INC, US)
sync.mathtag.com
2    104.36.115.114 (United States)

ASN62713 (AS-PUBMATIC, US)
image4.pubmatic.com
8    8.28.7.83 (United States)

ASN62713 (AS-PUBMATIC, US)
image2.pubmatic.com
2    75.126.248.142 (United States)

ASN36351 (SOFTLAYER, US)
PTR: 8e.f8.7e4b.ip4.static.sl-reverse.com
um.simpli.fi
3    2620:112:f006:bbbb::12 (United States)

ASN6336 (TURN-US-ASN, US)
ad.turn.com
8    52.45.33.138 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-45-33-138.compute-1.amazonaws.com
ups.analytics.yahoo.com
3    2600:1f18:4e9:5a05:cbbe:ce00:264f:b9b8 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
pr-bh.ybp.yahoo.com
32    2607:f8b0:4006:81c::2002 (United States)

ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com
1    2607:f8b0:4023:1404::9c (Columbus, United States)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
1    104.18.8.110 (None, )

ASN13335 (CLOUDFLARENET, US)
ds.reson8.com
2    52.207.202.199 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-207-202-199.compute-1.amazonaws.com
ping.chartbeat.net
1    2600:9000:21dd:b400:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)
static.adsafeprotected.com
22    2607:f8b0:4006:809::2001 (United States)

ASN15169 (GOOGLE, US)
tpc.googlesyndication.com
1    2607:f8b0:4006:807::2003 (United States)

ASN15169 (GOOGLE, US)
www.google.co.uk
3    209.54.177.91 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
aax.amazon-adsystem.com
6    23.52.164.7 (New York, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-52-164-7.deploy.static.akamaitechnologies.com
t.teads.tv
2    18.209.139.57 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-209-139-57.compute-1.amazonaws.com
sync-amz.ads.yieldmo.com
sync-pp.ads.yieldmo.com
14    23.73.244.44 (Edison, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-73-244-44.deploy.static.akamaitechnologies.com
eus.rubiconproject.com
secure-assets.rubiconproject.com
6    34.98.64.218 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 218.64.98.34.bc.googleusercontent.com
u.openx.net
us-u.openx.net
1    35.174.248.175 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-174-248-175.compute-1.amazonaws.com
crb.kargo.com
11    52.223.22.214 (United States)

ASN16509 (AMAZON-02, US)
PTR: afb83dd09526a6517.awsglobalaccelerator.com
eb2.3lift.com
15    151.101.66.137 (United States)

ASN54113 (FASTLY, US)
cd.connatix.com
cds.connatix.com
img.connatix.com
cks.connatix.com
ck.connatix.com
17    35.211.178.172 (North Charleston, United States)

ASN15169 (GOOGLE, US)
PTR: 172.178.211.35.bc.googleusercontent.com
x.bidswitch.net
2    2620:116:800b:21:ea23:7677:128a:8c9c (United States)

ASN14618 (AMAZON-AES, US)
pixel.quantserve.com
3    3.208.244.38 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-208-244-38.compute-1.amazonaws.com
ads.yieldmo.com
2    52.200.181.105 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-200-181-105.compute-1.amazonaws.com
sync.srv.stackadapt.com
5    198.148.27.139 (New York, United States)

ASN19189 (PULSEPOINT, US)
bh.contextweb.com
3    52.203.157.37 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-203-157-37.compute-1.amazonaws.com
sync.crwdcntrl.net
4    207.198.113.169 (Herndon, United States)

ASN13768 (COGECO-PEER1, CA)
pixel-sync.sitescout.com
1    3.217.216.1 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-217-216-1.compute-1.amazonaws.com
jadserve.postrelease.com
3    34.233.103.61 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-233-103-61.compute-1.amazonaws.com
ml314.com
3    13.225.210.86 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-210-86.ewr50.r.cloudfront.net
aa.agkn.com
3    184.50.205.90 (Edison, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a184-50-205-90.deploy.static.akamaitechnologies.com
tags.bluekai.com
stags.bluekai.com
1    54.159.192.110 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-159-192-110.compute-1.amazonaws.com
thrtle.com
4    8.43.72.98 (United States)

ASN26667 (RUBICONPROJECT, US)
token.rubiconproject.com
1    3.230.62.22 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-230-62-22.compute-1.amazonaws.com
ps.eyeota.net
4    2607:f8b0:4006:80b::2002 (United States)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
6    2600:1400:d:598::4469 (New York, United States)

ASN20940 (AKAMAI-ASN1, NL)
cdn.doubleverify.com
5    2607:f8b0:4006:81c::2001 (United States)

ASN15169 (GOOGLE, US)
cdn.ampproject.org
1    2606:4700:3039::6815:c0a7 (United States)

ASN13335 (CLOUDFLARENET, US)
ad4m.at
1    3.208.105.70 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-208-105-70.compute-1.amazonaws.com
nep.advangelists.com
26    18.220.25.210 (Columbus, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-220-25-210.us-east-2.compute.amazonaws.com
capi.connatix.com
10    8.43.72.97 (United States)

ASN26667 (RUBICONPROJECT, US)
pixel-us-east.rubiconproject.com
pixel.rubiconproject.com
2    8.28.7.84 (United States)

ASN62713 (AS-PUBMATIC, US)
simage4.pubmatic.com
1    2001:4998:14:800::1001 (Ashburn, United States)

ASN14777 (YAHOO, US)
ads.yahoo.com
7    151.101.194.137 (United States)

ASN54113 (FASTLY, US)
vid.connatix.com
ins.connatix.com
3    68.67.179.90 (Secaucus, United States)

ASN29990 (ASN-APPNEX, US)
PTR: 568.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
secure.adnxs.com
4    192.35.249.127 (Ashburn, United States)

ASN11742 (SPOTX-IAD, US)
sync.search.spotxchange.com
25    34.226.87.209 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-226-87-209.compute-1.amazonaws.com
s.srvsynd.com
1    204.154.111.120 (United States)

ASN36062 (DOUBLE-VERIFY, US)
PTR: nycp-hlb17.doubleverify.com
rtb0.doubleverify.com
7    2607:f8b0:4006:806::200e (United States)

ASN15169 (GOOGLE, US)
play.google.com
2    204.154.111.116 (United States)

ASN36062 (DOUBLE-VERIFY, US)
PTR: nycp-hlb13.doubleverify.com
tps628.doubleverify.com
5    2606:ae80:1451:11::2100 (United States)

ASN25751 (VALUECLICK, US)
direct.ad.cpe.dotomi.com
2    2620:100:a001::c (United States)

ASN19750 (AS-CRITEO, US)
gum.criteo.com
2    178.250.0.157 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
mug.criteo.com
8    199.127.204.162 (United States)

ASN26120 (RHYTHMONE, US)
tag.1rx.io
1    142.250.65.230 (United States)

ASN15169 (GOOGLE, US)
PTR: lga25s73-in-f6.1e100.net
ad.doubleclick.net
2    74.119.119.150 (United States)

ASN19750 (AS-CRITEO, US)
dis.criteo.com
1    169.197.150.7 (United States)

ASN398989 (DEEPINTENT, US)
PTR: g.deepintent.com
match.deepintent.com
2    173.231.178.77 (United States)

ASN29791 (VOXEL-DOT-NET, US)
cm.adgrx.com
2    2606:4700::6812:c05 (United States)

ASN13335 (CLOUDFLARENET, US)
a.tribalfusion.com
s.tribalfusion.com
2    34.225.18.44 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-225-18-44.compute-1.amazonaws.com
pm.w55c.net
2    69.90.254.78 (Herndon, United States)

ASN13768 (COGECO-PEER1, CA)
ums.acuityplatform.com
1    104.45.178.220 (Tappahannock, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
mweb.ck.inmobi.com
2    23.219.95.182 (New York, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-219-95-182.deploy.static.akamaitechnologies.com
px.owneriq.net
7    199.127.204.142 (United States)

ASN26120 (RHYTHMONE, US)
sync.1rx.io
sync.targeting.unrulymedia.com
1    38.27.122.158 (United States)

ASN174 (COGENT-174, US)
match.bnmla.com
2    52.20.156.159 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-20-156-159.compute-1.amazonaws.com
beacon.lynx.cognitivlabs.com
1    139.162.78.222 (Tokyo, Japan)

ASN63949 (LINODE-AP Linode, LLC, US)
PTR: li1558-222.members.linode.com
gocm.c.appier.net
1    23.88.75.189 (Gunzenhausen, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.189.75.88.23.clients.your-server.de
csync.loopme.me
1    195.5.165.20 (Slovenia)

ASN44968 (IPROM-AS, SI)
core.iprom.net
3    51.79.83.225 (Beauharnois, Canada)

ASN16276 (OVH, FR)
PTR: pikafka-5.cloudy.ovh
pixel.onaudience.com
4    34.229.3.43 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-229-3-43.compute-1.amazonaws.com
loada.exelator.com
loadm.exelator.com
2    35.201.96.126 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 126.96.201.35.bc.googleusercontent.com
visitor.fiftyt.com
1    162.248.18.10 (United States)

ASN62713 (AS-PUBMATIC, US)
aud.pubmatic.com
2    54.83.242.41 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-83-242-41.compute-1.amazonaws.com
io.narrative.io
2    3.222.216.135 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-222-216-135.compute-1.amazonaws.com
rtb.adentifi.com
1    2606:ae80:1451:12::1720 (United States)

ASN25751 (VALUECLICK, US)
pubmatic-match.dotomi.com
1    34.203.25.60 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-203-25-60.compute-1.amazonaws.com
sync.ipredictive.com
2    38.67.14.233 (United States)

ASN174 (COGENT-174, US)
pmp.mxptint.net
2    35.210.53.219 (Brussels, Belgium)

ASN19527 (GOOGLE-2, US)
PTR: 219.53.210.35.bc.googleusercontent.com
pool.admedo.com
1    45.35.192.162 (United States)

ASN40676 (AS40676, US)
sync.resetdigital.co
1    34.102.253.54 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 54.253.102.34.bc.googleusercontent.com
ads.playground.xyz
1    159.65.196.12 (Amsterdam, Netherlands)

ASN14061 (DIGITALOCEAN-ASN, US)
match.adsby.bidtheatre.com
1    3.223.11.104 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-223-11-104.compute-1.amazonaws.com
rtb.gumgum.com
2    142.250.65.226 (United States)

ASN15169 (GOOGLE, US)
PTR: lga25s73-in-f2.1e100.net
googleads4.g.doubleclick.net
10    204.154.110.88 (United States)

ASN36062 (DOUBLE-VERIFY, US)
PTR: nycp-phlb118.doubleverify.com
tps.doubleverify.com
tpsc-nyc.doubleverify.com
1    2600:141b:13::b833:92c9 (New York, United States)

ASN20940 (AKAMAI-ASN1, NL)
code.createjs.com
1    38.67.14.224 (United States)

ASN174 (COGENT-174, US)
aep.mxptint.net
2    51.178.20.140 (France)

ASN16276 (OVH, FR)
PTR: ns31193670.ip-51-178-20.eu
c.eu1.dyntrk.com
gu.dyntrk.com
1    52.3.54.123 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-3-54-123.compute-1.amazonaws.com
match.sharethrough.com
4    35.190.38.143 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 143.38.190.35.bc.googleusercontent.com
pubcast-files.remixd.com
player-files.remixd.com
11    104.17.209.240 (None, )

ASN13335 (CLOUDFLARENET, US)
znbkhvqf0zrgtvrlt-tribune.siteintercept.qualtrics.com
siteintercept.qualtrics.com
2    151.101.65.181 (United States)

ASN54113 (FASTLY, US)
widget.perfectmarket.com
1    34.120.253.250 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 250.253.120.34.bc.googleusercontent.com
tag.wknd.ai
1    34.102.163.6 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 6.163.102.34.bc.googleusercontent.com
ad.mrtnsvr.com
1    2620:1ec:21::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
px.ads.linkedin.com
2    52.5.237.191 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-5-237-191.compute-1.amazonaws.com
ads.creative-serving.com
1    2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
c.bing.com
2    70.42.32.95 (United States)

ASN13789 (INTERNAP-BLK3, US)
PTR: ny.outbrain.com
b1sync.zemanta.com
2    23.55.166.115 (Edison, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-55-166-115.deploy.static.akamaitechnologies.com
trial-eum-clientnsv4-s.akamaihd.net
fx5bs3qxg6thgyonxl7q-p2hmtf-b2a56155f-clientnsv4-s.akamaihd.net
2    2600:141b:13::17d7:82da (New York, United States)

ASN20940 (AKAMAI-ASN1, NL)
trial-eum-clienttons-s.akamaihd.net
fif7gbaea4aaajqacqnqaeyaabq43ox7-p2hmtf-4de565b37-clienttons-s.akamaihd.net
2    34.98.72.95 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 95.72.98.34.bc.googleusercontent.com
assets.bounceexchange.com
1    2600:9000:21da:9a00:1:a3fa:7cc0:93a1 (United States)

ASN16509 (AMAZON-02, US)
cdn.jwplayer.com
1    35.190.31.44 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 44.31.190.35.bc.googleusercontent.com
data.cdnbasket.net
1    35.186.193.0 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 0.193.186.35.bc.googleusercontent.com
page.cdnbasket.net
1    35.190.65.91 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 91.65.190.35.bc.googleusercontent.com
view.cdnbasket.net
2    192.173.29.77 (Canada)

ASN13360 (TRITONDIGITAL, CA)
playerservices.live.streamtheworld.com
1    3.248.104.197 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-248-104-197.eu-west-1.compute.amazonaws.com
synchrobox.adswizz.com
13    3.127.201.35 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-127-201-35.eu-central-1.compute.amazonaws.com
geo.ads.audio.thisisdax.com
4    34.102.142.228 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 228.142.102.34.bc.googleusercontent.com
exchange.remixd.com
2    199.250.166.129 (United States)

ASN26459 (TTD-ASN-01, US)
direct.adsrvr.org
10    192.173.29.75 (Canada)

ASN13360 (TRITONDIGITAL, CA)
yield-op-idsync.live.streamtheworld.com
1    23.41.168.170 (Edison, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-41-168-170.deploy.static.akamaitechnologies.com
ca1.qualtrics.com
1    34.107.191.194 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 194.191.107.34.bc.googleusercontent.com
ids.cdnwidget.com
18    52.49.183.91 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-49-183-91.eu-west-1.compute.amazonaws.com
synchroscript.deliveryengine.adswizz.com
1    34.149.130.207 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 207.130.149.34.bc.googleusercontent.com
pd.cdnwidget.com
1    13.225.210.122 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-210-122.ewr50.r.cloudfront.net
cm.smadex.com
1    208.80.55.209 (Canada)

ASN13360 (TRITONDIGITAL, CA)
cmod.live.streamtheworld.com
2    13.225.68.201 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-68-201.ewr53.r.cloudfront.net
v.adsrvr.org
28    141.226.224.48 (United States)

ASN200478 (TABOOLA-AS, IL)
us-trc-events.taboola.com
us-match.taboola.com
us-vid-events.taboola.com
sync-t1.taboola.com
sync.taboola.com
7    54.230.162.36 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-54-230-162-36.ewr53.r.cloudfront.net
delivery-cdn-cf.adswizz.com
sync.intentiq.com
sync1.intentiq.com
1    34.117.4.53 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 53.4.117.34.bc.googleusercontent.com
api.bounceexchange.com
1    44.242.34.37 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-44-242-34-37.us-west-2.compute.amazonaws.com
id.sharedid.org
2    23.52.160.130 (New York, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-52-160-130.deploy.static.akamaitechnologies.com
acdn.adnxs.com
1    2600:1f18:66e7:fb11:ec89:9d10:70e:2fef (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
vast.extremereach.io
2    2607:f8b0:4023:c0b::78 (Las Vegas, United States)

ASN15169 (GOOGLE, US)
csi.gstatic.com
1    2600:9000:210b:200:1d:e9ba:f480:93a1 (United States)

ASN16509 (AMAZON-02, US)
cdn1.extremereach.io
2    2600:1f18:612b:4232:542e:84b1:1361:c28e (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
taboola-supply-partners.tremorhub.com
1    204.62.13.72 (Clifton, United States)

ASN46636 (NATCOWEB, US)
inv-nets.admixer.net
1    47.252.78.131 (United States)

ASN45102 (CNNIC-ALIBABA-US-NET-AP Alibaba US Technology Co., Ltd., CN)
event.clientgear.com
3    2600:1f18:66e7:fb10:6760:55cb:2555:7ffa (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
beacons.extremereach.io
1    52.55.72.211 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-55-72-211.compute-1.amazonaws.com
beacons-ipv4.extremereach.io
1    13.225.210.40 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-210-40.ewr50.r.cloudfront.net
pixel.pointmediatracker.com
1    13.225.210.108 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-210-108.ewr50.r.cloudfront.net
cdn.blisspointmedia.com
1    8.28.7.82 (United States)

ASN62713 (AS-PUBMATIC, US)
image8.pubmatic.com
2    2606:4700:10::ac43:db6 (United States)

ASN13335 (CLOUDFLARENET, US)
mwzeom.zeotap.com
1    35.190.90.30 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 30.90.190.35.bc.googleusercontent.com
odr.mookie1.com
1    2600:9000:21da:3000:19:fc2c:a140:93a1 (United States)

ASN16509 (AMAZON-02, US)
d.agkn.com
1    64.19.224.203 (United States)

ASN14332 (SHOPZILLA, US)
pxl.connexity.net
3    34.194.166.233 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-194-166-233.compute-1.amazonaws.com
i.liadm.com
1    2600:1f18:444a:4602:2c20:3113:5c28:1366 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
i6.liadm.com
2    23.92.190.68 (United States)

ASN10913 (INTERNAP-BLK, US)
ce.lijit.com
2    44.238.90.180 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-44-238-90-180.us-west-2.compute.amazonaws.com
www.storygize.net
1    199.187.193.185 (Canada)

ASN47043 (SMARTADSERVER, CA)
rtb-csync.smartadserver.com
3    23.23.88.115 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-23-23-88-115.compute-1.amazonaws.com
e1.emxdgt.com
cs.emxdgt.com
2    52.45.80.111 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-45-80-111.compute-1.amazonaws.com
pixel.advertising.com
1    52.3.109.58 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-3-109-58.compute-1.amazonaws.com
in.treasuredata.com
1    192.132.33.46 (United States)

ASN18568 (BIDTELLECT, US)
PTR: 46.bidtellect.com
bttrack.com
1    2600:1901:0:240a:: (Kansas City, United States)

ASN15169 (GOOGLE, US)
gixel.gnetwork.me
2    35.207.24.140 (North Charleston, United States)

ASN15169 (GOOGLE, US)
PTR: 140.24.207.35.bc.googleusercontent.com
rtb.mfadsrvr.com
2    88.212.252.22 (Russian Federation)

ASN7979 (SERVERS-COM, US)
ads.betweendigital.com
1    195.244.31.10 (Newark, United States)

ASN63140 (IGUANA-WORLDWIDE, US)
visitor.omnitagjs.com
1    2a04:4e42:200::300 (United States)

ASN54113 (FASTLY, US)
pips.taboola.com
1    141.226.224.32 (United States)

ASN200478 (TABOOLA-AS, IL)
cds.taboola.com
2    54.147.68.28 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-147-68-28.compute-1.amazonaws.com
ad.360yield.com
1    150.136.156.92 (None, )

ASN- ()
sync.technoratimedia.com
1    52.24.171.117 (None, )

ASN- ()
dmp.brand-display.com
Apex Domain
Subdomains		 Transfer
78 doubleclick.net
securepubads.g.doubleclick.net
cm.g.doubleclick.net
stats.g.doubleclick.net
googleads.g.doubleclick.net
ad.doubleclick.net
googleads4.g.doubleclick.net
pubads.g.doubleclick.net
299 KB
66 taboola.com
cdn.taboola.com
trc.taboola.com
match.taboola.com
15.taboola.com
us-trc-events.taboola.com
vidstat.taboola.com
imprnjmp.taboola.com
us-match.taboola.com
us-vid-events.taboola.com
sync-t1.taboola.com
sync.taboola.com
pips.taboola.com
cds.taboola.com
338 KB
58 googlesyndication.com
76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com
pagead2.googlesyndication.com
tpc.googlesyndication.com
ade.googlesyndication.com
360 KB
48 connatix.com
cd.connatix.com
cds.connatix.com
capi.connatix.com
vid.connatix.com
img.connatix.com
cks.connatix.com
ins.connatix.com
ck.connatix.com
447 KB
47 pubmatic.com
ads.pubmatic.com
hbopenbid.pubmatic.com
image6.pubmatic.com
simage2.pubmatic.com
image4.pubmatic.com
image2.pubmatic.com
simage4.pubmatic.com
aud.pubmatic.com
image8.pubmatic.com
66 KB
41 google.com
ampcid.google.com
www.google.com
adservice.google.com
news.google.com
play.google.com
90 KB
31 rubiconproject.com
fastlane.rubiconproject.com
eus.rubiconproject.com
token.rubiconproject.com
pixel-us-east.rubiconproject.com
pixel.rubiconproject.com
secure-assets.rubiconproject.com
67 KB
29 baltimoresun.com
www.baltimoresun.com
zephr.baltimoresun.com
authenticate.baltimoresun.com
208 KB
28 gstatic.com
fonts.gstatic.com
www.gstatic.com
csi.gstatic.com
842 KB
27 cloudfront.net
d3mmnnn9s2dcmq.cloudfront.net
dyv1bugovvq1g.cloudfront.net
d15kdpgjg3unno.cloudfront.net
d1n00d49gkbray.cloudfront.net
d29xw9s9x32j3w.cloudfront.net
783 KB
26 adnxs.com
ib.adnxs.com
secure.adnxs.com
acdn.adnxs.com
62 KB
25 srvsynd.com
s.srvsynd.com
54 KB
21 adswizz.com
synchrobox.adswizz.com
synchroscript.deliveryengine.adswizz.com
delivery-cdn-cf.adswizz.com
38 KB
21 amazon-adsystem.com
c.amazon-adsystem.com
s.amazon-adsystem.com
aax.amazon-adsystem.com
53 KB
20 bidswitch.net
grid.bidswitch.net
x.bidswitch.net
9 KB
19 doubleverify.com
cdn.doubleverify.com
rtb0.doubleverify.com
tps628.doubleverify.com
tps.doubleverify.com
tpsc-nyc.doubleverify.com
226 KB
19 casalemedia.com
as-sec.casalemedia.com
ssum-sec.casalemedia.com
dsum-sec.casalemedia.com
ssum.casalemedia.com
dsum.casalemedia.com
21 KB
19 adsrvr.org
match.adsrvr.org
direct.adsrvr.org
v.adsrvr.org Failed
11 KB
18 2mdn.net
s0.2mdn.net
200 KB
18 googleapis.com
fonts.googleapis.com
imasdk.googleapis.com
2 MB
15 3lift.com
ib.3lift.com
tlx.3lift.com
eb2.3lift.com
6 KB
15 sendtonews.com
embed.sendtonews.com
player.sendtonews.com
s2l.sendtonews.com
timber.sendtonews.com
114 KB
13 thisisdax.com
geo.ads.audio.thisisdax.com
7 KB
13 streamtheworld.com
playerservices.live.streamtheworld.com
yield-op-idsync.live.streamtheworld.com
cmod.live.streamtheworld.com
11 KB
12 qualtrics.com
znbkhvqf0zrgtvrlt-tribune.siteintercept.qualtrics.com
siteintercept.qualtrics.com
ca1.qualtrics.com
91 KB
12 1rx.io
tag.1rx.io
sync.1rx.io
4 KB
12 yahoo.com
ups.analytics.yahoo.com
pr-bh.ybp.yahoo.com
ads.yahoo.com
7 KB
12 crwdcntrl.net
tags.crwdcntrl.net
bcp.crwdcntrl.net
sync.crwdcntrl.net
30 KB
10 teads.tv
a.teads.tv
s8t.teads.tv
t.teads.tv
136 KB
10 remixd.com
tags.remixd.com
pubcast-files.remixd.com
player-files.remixd.com
exchange.remixd.com
57 KB
9 rlcdn.com
check.analytics.rlcdn.com
ats.rlcdn.com
api.rlcdn.com
idsync.rlcdn.com
id.rlcdn.com
37 KB
7 mathtag.com
sync.mathtag.com
4 KB
7 scorecardresearch.com
sb.scorecardresearch.com
3 KB
6 extremereach.io
vast.extremereach.io
cdn1.extremereach.io
beacons.extremereach.io
beacons-ipv4.extremereach.io
3 MB
6 criteo.com
gum.criteo.com
mug.criteo.com
dis.criteo.com
2 KB
6 dotomi.com
direct.ad.cpe.dotomi.com
pubmatic-match.dotomi.com
2 KB
6 openx.net
u.openx.net
us-u.openx.net
563 B
6 bidr.io
match.prod.bidr.io
3 KB
6 googletagservices.com
www.googletagservices.com
168 KB
6 google-analytics.com
www.google-analytics.com
55 KB
6 cookielaw.org
cdn.cookielaw.org
126 KB
5 intentiq.com
sync.intentiq.com
sync1.intentiq.com
5 KB
5 ampproject.org
cdn.ampproject.org
103 KB
5 contextweb.com
bh.contextweb.com
4 KB
5 yieldmo.com
sync-amz.ads.yieldmo.com
ads.yieldmo.com
sync-pp.ads.yieldmo.com
3 KB
5 adform.net
c1.adform.net
2 KB
5 smarterhq.io
tr2.smarterhq.io
2 KB
5 liadm.com
idx.liadm.com
i.liadm.com
i6.liadm.com
3 KB
4 akamaihd.net
trial-eum-clientnsv4-s.akamaihd.net
fx5bs3qxg6thgyonxl7q-p2hmtf-b2a56155f-clientnsv4-s.akamaihd.net
trial-eum-clienttons-s.akamaihd.net
fif7gbaea4aaajqacqnqaeyaabq43ox7-p2hmtf-4de565b37-clienttons-s.akamaihd.net
1 KB
4 exelator.com
loada.exelator.com
loadm.exelator.com
3 KB
4 spotxchange.com
sync.search.spotxchange.com
3 KB
4 agkn.com
aa.agkn.com
d.agkn.com
3 KB
4 sitescout.com
pixel-sync.sitescout.com
1 KB
4 onesignal.com
cdn.onesignal.com
onesignal.com
82 KB
4 matheranalytics.com
js.matheranalytics.com
www.i.matheranalytics.com
43 KB
3 emxdgt.com
e1.emxdgt.com
cs.emxdgt.com
733 B
3 cdnbasket.net
data.cdnbasket.net
page.cdnbasket.net
view.cdnbasket.net
1 KB
3 bounceexchange.com
assets.bounceexchange.com
api.bounceexchange.com
154 KB
3 mxptint.net
pmp.mxptint.net
aep.mxptint.net
2 KB
3 onaudience.com
pixel.onaudience.com
1 KB
3 unrulymedia.com
sync.targeting.unrulymedia.com
2 KB
3 bluekai.com
tags.bluekai.com
stags.bluekai.com
2 KB
3 ml314.com
ml314.com
1 KB
3 turn.com
ad.turn.com
1 KB
3 krxd.net
usermatch.krxd.net
beacon.krxd.net
662 B
3 everesttech.net
sync-tm.everesttech.net
874 B
3 smoggysnakes.com
smoggysnakes.com
27 KB
3 cloudflare.com
cdnjs.cloudflare.com
139 KB
3 tribdss.com
ssor.tribdss.com
www.tribdss.com
36 KB
3 go-mpulse.net
c.go-mpulse.net
s.go-mpulse.net
100 KB
3 fastly.net
confiant-integrations.global.ssl.fastly.net
99 KB
2 360yield.com
ad.360yield.com
442 B
2 betweendigital.com
ads.betweendigital.com
1 KB
2 mfadsrvr.com
rtb.mfadsrvr.com
779 B
2 advertising.com
pixel.advertising.com
716 B
2 storygize.net
www.storygize.net
810 B
2 lijit.com
ce.lijit.com
1018 B
2 zeotap.com
mwzeom.zeotap.com
665 B
2 tremorhub.com
taboola-supply-partners.tremorhub.com
365 B
2 cdnwidget.com
ids.cdnwidget.com
pd.cdnwidget.com
1 KB
2 zemanta.com
b1sync.zemanta.com
1 KB
2 creative-serving.com
ads.creative-serving.com
1 KB
2 perfectmarket.com
widget.perfectmarket.com
33 KB
2 dyntrk.com
c.eu1.dyntrk.com
gu.dyntrk.com
430 B
2 admedo.com
pool.admedo.com
718 B
2 adentifi.com
rtb.adentifi.com
176 B
2 narrative.io
io.narrative.io
643 B
2 fiftyt.com
visitor.fiftyt.com
1 KB
2 cognitivlabs.com
beacon.lynx.cognitivlabs.com
575 B
2 owneriq.net
px.owneriq.net
1 KB
2 acuityplatform.com
ums.acuityplatform.com
1 KB
2 w55c.net
pm.w55c.net
1 KB
2 tribalfusion.com
a.tribalfusion.com
s.tribalfusion.com
1 KB
2 adgrx.com
cm.adgrx.com
1 KB
2 stackadapt.com
sync.srv.stackadapt.com
880 B
2 quantserve.com
pixel.quantserve.com
960 B
2 chartbeat.net
ping.chartbeat.net
401 B
2 simpli.fi
um.simpli.fi
1 KB
2 pippio.com
pippio.com
854 B
2 clarium.io
protected-by.clarium.io
674 B
2 parsely.com
cdn.parsely.com
p1.parsely.com
21 KB
2 indexww.com
js-sec.indexww.com
40 KB
2 googletagmanager.com
www.googletagmanager.com
93 KB
2 zeustechnology.com
tribune-baltimoresunclassic.zeustechnology.com
insights.zeustechnology.com
54 KB
2 zephr.com
assets.zephr.com
40 KB
1 brand-display.com
dmp.brand-display.com
261 B
1 technoratimedia.com
sync.technoratimedia.com
631 B
1 omnitagjs.com
visitor.omnitagjs.com
235 B
1 gnetwork.me
gixel.gnetwork.me
1 bttrack.com
bttrack.com
674 B
1 treasuredata.com
in.treasuredata.com
448 B
1 smartadserver.com
rtb-csync.smartadserver.com
697 B
1 connexity.net
pxl.connexity.net
510 B
1 mookie1.com
odr.mookie1.com
610 B
1 blisspointmedia.com
cdn.blisspointmedia.com
1 KB
1 pointmediatracker.com
pixel.pointmediatracker.com
555 B
1 clientgear.com
event.clientgear.com
262 B
1 admixer.net
inv-nets.admixer.net
583 B
1 sharedid.org
id.sharedid.org
218 B
1 smadex.com
cm.smadex.com
525 B
1 akstat.io
173bf108.akstat.io
206 B
1 jwplayer.com
cdn.jwplayer.com
39 KB
1 bing.com
c.bing.com
674 B
1 linkedin.com
px.ads.linkedin.com
706 B
1 mrtnsvr.com
ad.mrtnsvr.com
216 B
1 wknd.ai
tag.wknd.ai
207 KB
1 sharethrough.com
match.sharethrough.com
356 B
1 createjs.com
code.createjs.com
63 KB
1 gumgum.com
rtb.gumgum.com
238 B
1 bidtheatre.com
match.adsby.bidtheatre.com
534 B
1 playground.xyz
ads.playground.xyz
462 B
1 resetdigital.co
sync.resetdigital.co
485 B
1 ipredictive.com
sync.ipredictive.com
522 B
1 iprom.net
core.iprom.net
279 B
1 loopme.me
csync.loopme.me
217 B
1 appier.net
gocm.c.appier.net
395 B
1 bnmla.com
match.bnmla.com
114 B
1 inmobi.com
mweb.ck.inmobi.com
348 B
1 deepintent.com
match.deepintent.com
223 B
1 advangelists.com
nep.advangelists.com
232 B
1 ad4m.at
ad4m.at
1 eyeota.net
ps.eyeota.net
344 B
1 thrtle.com
thrtle.com
1 postrelease.com
jadserve.postrelease.com
536 B
1 kargo.com
crb.kargo.com
435 B
1 google.co.uk
www.google.co.uk
501 B
1 adsafeprotected.com
static.adsafeprotected.com
483 B
1 reson8.com
ds.reson8.com
426 B
1 amazonaws.com
sqs.us-east-1.amazonaws.com
658 B
1 rkdms.com
id.sv.rkdms.com
353 B
1 chartbeat.com
static.chartbeat.com
14 KB
1 privacymanager.io
geo.privacymanager.io
596 B
1 resonate.com
cdn.resonate.com
47 KB
1 onetrust.com
geolocation.onetrust.com
387 B
1 t.co
t.co
685 B
0 hgrtb.com Failed
sync.hgrtb.com Failed
0 targetspot.com Failed
nodeny.targetspot.com Failed
852 157
Domain Requested by
32 pagead2.googlesyndication.com srcdoc
76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com
tpc.googlesyndication.com
www.googletagservices.com
ad.doubleclick.net
www.baltimoresun.com
securepubads.g.doubleclick.net
31 cm.g.doubleclick.net 19 redirects bcp.crwdcntrl.net
eus.rubiconproject.com
googleads.g.doubleclick.net
76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com
eb2.3lift.com
26 capi.connatix.com cd.connatix.com
eus.rubiconproject.com
ads.pubmatic.com
25 s.srvsynd.com cd.connatix.com
s.srvsynd.com
23 www.baltimoresun.com 1 redirects t.co
www.baltimoresun.com
cdn.taboola.com
22 tpc.googlesyndication.com t.co
76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com
www.baltimoresun.com
googleads.g.doubleclick.net
tpc.googlesyndication.com
securepubads.g.doubleclick.net
22 simage2.pubmatic.com 2 redirects ads.pubmatic.com
22 d29xw9s9x32j3w.cloudfront.net player.sendtonews.com
www.baltimoresun.com
cdnjs.cloudflare.com
21 pubads.g.doubleclick.net imasdk.googleapis.com
player.sendtonews.com
www.baltimoresun.com
21 ib.adnxs.com 10 redirects tribune-baltimoresunclassic.zeustechnology.com
sync-amz.ads.yieldmo.com
googleads.g.doubleclick.net
cds.connatix.com
acdn.adnxs.com
18 synchroscript.deliveryengine.adswizz.com 11 redirects delivery-cdn-cf.adswizz.com
synchroscript.deliveryengine.adswizz.com
18 trc.taboola.com 1 redirects cdn.taboola.com
srcdoc
eus.rubiconproject.com
18 s0.2mdn.net imasdk.googleapis.com
t.co
s0.2mdn.net
76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com
www.baltimoresun.com
18 fonts.gstatic.com fonts.googleapis.com
news.google.com
www.google.com
18 securepubads.g.doubleclick.net www.baltimoresun.com
securepubads.g.doubleclick.net
t.co
www.googletagservices.com
cd.connatix.com
imasdk.googleapis.com
17 sync.taboola.com 2 redirects srcdoc
ssum-sec.casalemedia.com
17 x.bidswitch.net 16 redirects
17 adservice.google.com securepubads.g.doubleclick.net
imasdk.googleapis.com
15 match.adsrvr.org 14 redirects js-sec.indexww.com
13 geo.ads.audio.thisisdax.com t.co
13 cdn.taboola.com www.baltimoresun.com
cdn.taboola.com
12 s.amazon-adsystem.com 1 redirects c.amazon-adsystem.com
s.amazon-adsystem.com
sync-amz.ads.yieldmo.com
ssum-sec.casalemedia.com
eus.rubiconproject.com
eb2.3lift.com
11 dsum-sec.casalemedia.com 2 redirects ssum-sec.casalemedia.com
googleads.g.doubleclick.net
11 eb2.3lift.com 3 redirects ib.3lift.com
eb2.3lift.com
10 yield-op-idsync.live.streamtheworld.com playerservices.live.streamtheworld.com
t.co
10 siteintercept.qualtrics.com znbkhvqf0zrgtvrlt-tribune.siteintercept.qualtrics.com
siteintercept.qualtrics.com
10 eus.rubiconproject.com s.amazon-adsystem.com
eus.rubiconproject.com
cd.connatix.com
t.co
srcdoc
9 imasdk.googleapis.com player.sendtonews.com
imasdk.googleapis.com
cd.connatix.com
9 fonts.googleapis.com www.baltimoresun.com
player.sendtonews.com
client
confiant-integrations.global.ssl.fastly.net
tpc.googlesyndication.com
t.co
8 tpsc-nyc.doubleverify.com www.baltimoresun.com
cdn.doubleverify.com
8 tag.1rx.io cds.connatix.com
8 ups.analytics.yahoo.com 7 redirects
8 image2.pubmatic.com ads.pubmatic.com
8 news.google.com www.baltimoresun.com
news.google.com
t.co
www.gstatic.com
8 www.gstatic.com www.google.com
news.google.com
www.gstatic.com
8 www.google.com 1 redirects www.baltimoresun.com
www.gstatic.com
t.co
www.google.com
tpc.googlesyndication.com
7 sync-t1.taboola.com srcdoc
7 play.google.com www.gstatic.com
7 pixel.rubiconproject.com 2 redirects eus.rubiconproject.com
7 sync.mathtag.com 7 redirects
7 s2l.sendtonews.com www.baltimoresun.com
7 ads.pubmatic.com tribune-baltimoresunclassic.zeustechnology.com
ads.pubmatic.com
s.amazon-adsystem.com
cd.connatix.com
7 sb.scorecardresearch.com 2 redirects cdn.taboola.com
www.baltimoresun.com
6 cks.connatix.com www.baltimoresun.com
6 cdn.doubleverify.com 76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com
cdn.doubleverify.com
t.co
s0.2mdn.net
6 t.teads.tv www.baltimoresun.com
6 match.prod.bidr.io 3 redirects ads.pubmatic.com
cd.connatix.com
ssum-sec.casalemedia.com
6 www.googletagservices.com t.co
76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com
cdn.doubleverify.com
www.googletagservices.com
6 www.google-analytics.com www.baltimoresun.com
www.google-analytics.com
6 cdn.cookielaw.org www.baltimoresun.com
cdn.cookielaw.org
6 c.amazon-adsystem.com www.baltimoresun.com
c.amazon-adsystem.com
5 direct.ad.cpe.dotomi.com cd.connatix.com
5 ins.connatix.com cd.connatix.com
5 cdn.ampproject.org confiant-integrations.global.ssl.fastly.net
5 bh.contextweb.com 4 redirects
5 ssum-sec.casalemedia.com 2 redirects s.amazon-adsystem.com
ssum-sec.casalemedia.com
srcdoc
5 c1.adform.net 4 redirects ads.pubmatic.com
5 tr2.smarterhq.io d1n00d49gkbray.cloudfront.net
www.baltimoresun.com
5 bcp.crwdcntrl.net tags.crwdcntrl.net
ssum-sec.casalemedia.com
5 zephr.baltimoresun.com assets.zephr.com
4 sync1.intentiq.com 4 redirects
4 exchange.remixd.com eus.rubiconproject.com
4 sync.1rx.io 4 redirects
4 sync.search.spotxchange.com 4 redirects
4 secure-assets.rubiconproject.com 4 redirects
4 img.connatix.com www.baltimoresun.com
4 googleads.g.doubleclick.net 76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com
t.co
4 token.rubiconproject.com 3 redirects bcp.crwdcntrl.net
4 pixel-sync.sitescout.com 3 redirects bcp.crwdcntrl.net
4 u.openx.net 1 redirects s.amazon-adsystem.com
4 idsync.rlcdn.com 4 redirects
4 tags.crwdcntrl.net tribune-baltimoresunclassic.zeustechnology.com
tags.crwdcntrl.net
cdn.taboola.com
3 i.liadm.com 2 redirects
3 beacons.extremereach.io 1 redirects www.baltimoresun.com
3 player-files.remixd.com
3 pixel.onaudience.com 2 redirects ads.pubmatic.com
3 sync.targeting.unrulymedia.com 3 redirects
3 secure.adnxs.com 3 redirects
3 pixel-us-east.rubiconproject.com 3 redirects
3 aa.agkn.com 1 redirects bcp.crwdcntrl.net
ads.pubmatic.com
3 ml314.com 1 redirects bcp.crwdcntrl.net
3 sync.crwdcntrl.net bcp.crwdcntrl.net
3 ads.yieldmo.com sync-amz.ads.yieldmo.com
3 cds.connatix.com www.baltimoresun.com
cd.connatix.com
3 aax.amazon-adsystem.com www.baltimoresun.com
3 pr-bh.ybp.yahoo.com 1 redirects ads.pubmatic.com
ssum-sec.casalemedia.com
3 ad.turn.com 3 redirects
3 sync-tm.everesttech.net 3 redirects
3 timber.sendtonews.com player.sendtonews.com
3 smoggysnakes.com www.baltimoresun.com
smoggysnakes.com
3 a.teads.tv t.co
s8t.teads.tv
3 cdnjs.cloudflare.com player.sendtonews.com
3 76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com securepubads.g.doubleclick.net
confiant-integrations.global.ssl.fastly.net
3 grid.bidswitch.net tribune-baltimoresunclassic.zeustechnology.com
3 tlx.3lift.com tribune-baltimoresunclassic.zeustechnology.com
3 fastlane.rubiconproject.com tribune-baltimoresunclassic.zeustechnology.com
3 embed.sendtonews.com www.baltimoresun.com
player.sendtonews.com
3 confiant-integrations.global.ssl.fastly.net www.baltimoresun.com
confiant-integrations.global.ssl.fastly.net
2 cs.emxdgt.com 2 redirects
2 ad.360yield.com 2 redirects
2 ads.betweendigital.com 2 redirects
2 rtb.mfadsrvr.com 2 redirects
2 pixel.advertising.com 2 redirects
2 www.storygize.net 2 redirects
2 ce.lijit.com 1 redirects
2 us-u.openx.net 1 redirects
2 mwzeom.zeotap.com
2 loadm.exelator.com synchroscript.deliveryengine.adswizz.com
2 taboola-supply-partners.tremorhub.com srcdoc
2 csi.gstatic.com imasdk.googleapis.com
2 acdn.adnxs.com cds.connatix.com
2 delivery-cdn-cf.adswizz.com t.co
synchroscript.deliveryengine.adswizz.com
2 us-trc-events.taboola.com
2 v.adsrvr.org imasdk.googleapis.com
2 direct.adsrvr.org imasdk.googleapis.com
2 playerservices.live.streamtheworld.com 1 redirects
2 assets.bounceexchange.com tag.wknd.ai
assets.bounceexchange.com
2 b1sync.zemanta.com 2 redirects
2 ads.creative-serving.com 2 redirects
2 widget.perfectmarket.com cdn.taboola.com
widget.perfectmarket.com
2 tps.doubleverify.com cdn.doubleverify.com
2 googleads4.g.doubleclick.net t.co
2 pool.admedo.com 2 redirects
2 pmp.mxptint.net 1 redirects ads.pubmatic.com
2 rtb.adentifi.com ads.pubmatic.com
2 io.narrative.io 1 redirects ads.pubmatic.com
2 visitor.fiftyt.com 2 redirects
2 loada.exelator.com 2 redirects
2 match.taboola.com ads.pubmatic.com
2 beacon.lynx.cognitivlabs.com 1 redirects ads.pubmatic.com
2 px.owneriq.net 2 redirects
2 ums.acuityplatform.com 2 redirects
2 pm.w55c.net 2 redirects
2 cm.adgrx.com 2 redirects
2 dis.criteo.com 1 redirects ads.pubmatic.com
2 mug.criteo.com www.baltimoresun.com
2 gum.criteo.com 1 redirects
2 tps628.doubleverify.com cdn.doubleverify.com
76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com
2 vid.connatix.com cd.connatix.com
2 simage4.pubmatic.com ads.pubmatic.com
2 tags.bluekai.com bcp.crwdcntrl.net
2 sync.srv.stackadapt.com 2 redirects
2 pixel.quantserve.com 2 redirects
2 onesignal.com cdn.onesignal.com
2 ping.chartbeat.net www.baltimoresun.com
2 um.simpli.fi 2 redirects
2 image4.pubmatic.com ads.pubmatic.com
2 usermatch.krxd.net 2 redirects
2 pippio.com 2 redirects
2 www.i.matheranalytics.com www.baltimoresun.com
2 image6.pubmatic.com ads.pubmatic.com
2 cdn.onesignal.com www.baltimoresun.com
cdn.onesignal.com
2 protected-by.clarium.io www.baltimoresun.com
76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com
2 js.matheranalytics.com 1 redirects www.baltimoresun.com
2 www.tribdss.com www.baltimoresun.com
2 api.rlcdn.com js-sec.indexww.com
tribune-baltimoresunclassic.zeustechnology.com
2 hbopenbid.pubmatic.com tribune-baltimoresunclassic.zeustechnology.com
2 js-sec.indexww.com tribune-baltimoresunclassic.zeustechnology.com
player.sendtonews.com
2 player.sendtonews.com embed.sendtonews.com
player.sendtonews.com
2 c.go-mpulse.net www.baltimoresun.com
c.go-mpulse.net
2 www.googletagmanager.com www.baltimoresun.com
2 d3mmnnn9s2dcmq.cloudfront.net www.baltimoresun.com
d3mmnnn9s2dcmq.cloudfront.net
2 tags.remixd.com www.baltimoresun.com
tags.remixd.com
2 assets.zephr.com www.baltimoresun.com
1 ade.googlesyndication.com
1 dmp.brand-display.com ssum-sec.casalemedia.com
1 dsum.casalemedia.com ssum-sec.casalemedia.com
1 sync.technoratimedia.com 1 redirects
1 cds.taboola.com cdn.taboola.com
1 pips.taboola.com cdn.taboola.com
1 visitor.omnitagjs.com
1 gixel.gnetwork.me
1 bttrack.com 1 redirects
1 in.treasuredata.com
1 e1.emxdgt.com
1 rtb-csync.smartadserver.com
1 i6.liadm.com
1 pxl.connexity.net
1 d.agkn.com 1 redirects
1 odr.mookie1.com
1 image8.pubmatic.com 1 redirects
1 sync.intentiq.com 1 redirects
1 cdn.blisspointmedia.com www.baltimoresun.com
1 pixel.pointmediatracker.com 1 redirects
1 beacons-ipv4.extremereach.io 1 redirects
1 event.clientgear.com 1 redirects
1 inv-nets.admixer.net 1 redirects
1 us-vid-events.taboola.com
1 us-match.taboola.com vidstat.taboola.com
1 imprnjmp.taboola.com vidstat.taboola.com
1 cdn1.extremereach.io www.baltimoresun.com
1 vast.extremereach.io imasdk.googleapis.com
1 id.sharedid.org cds.connatix.com
1 vidstat.taboola.com cdn.taboola.com
1 api.bounceexchange.com assets.bounceexchange.com
1 15.taboola.com cdn.taboola.com
1 gu.dyntrk.com
1 cmod.live.streamtheworld.com
1 cm.smadex.com 1 redirects
1 pd.cdnwidget.com assets.bounceexchange.com
1 173bf108.akstat.io c.go-mpulse.net
1 ids.cdnwidget.com assets.bounceexchange.com
1 ca1.qualtrics.com
1 synchrobox.adswizz.com t.co
1 view.cdnbasket.net assets.bounceexchange.com
1 page.cdnbasket.net assets.bounceexchange.com
1 data.cdnbasket.net assets.bounceexchange.com
1 cdn.jwplayer.com tags.remixd.com
1 fif7gbaea4aaajqacqnqaeyaabq43ox7-p2hmtf-4de565b37-clienttons-s.akamaihd.net
1 trial-eum-clienttons-s.akamaihd.net 1 redirects
1 fx5bs3qxg6thgyonxl7q-p2hmtf-b2a56155f-clientnsv4-s.akamaihd.net
1 trial-eum-clientnsv4-s.akamaihd.net 1 redirects
1 stags.bluekai.com 1 redirects
1 c.bing.com eb2.3lift.com
1 px.ads.linkedin.com eb2.3lift.com
1 ad.mrtnsvr.com 1 redirects
1 tag.wknd.ai t.co
1 znbkhvqf0zrgtvrlt-tribune.siteintercept.qualtrics.com t.co
1 pubcast-files.remixd.com tags.remixd.com
1 match.sharethrough.com 1 redirects
1 c.eu1.dyntrk.com 76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com
1 aep.mxptint.net 1 redirects
1 code.createjs.com s0.2mdn.net
1 rtb.gumgum.com ads.pubmatic.com
1 match.adsby.bidtheatre.com 1 redirects
1 ads.playground.xyz 1 redirects
1 sync.resetdigital.co 1 redirects
1 sync.ipredictive.com 1 redirects
1 pubmatic-match.dotomi.com 1 redirects
1 aud.pubmatic.com ads.pubmatic.com
1 core.iprom.net ads.pubmatic.com
1 csync.loopme.me 1 redirects
1 gocm.c.appier.net 1 redirects
1 match.bnmla.com ads.pubmatic.com
1 mweb.ck.inmobi.com 1 redirects
1 s.tribalfusion.com ads.pubmatic.com
1 a.tribalfusion.com 1 redirects
1 match.deepintent.com ads.pubmatic.com
1 ad.doubleclick.net www.googletagservices.com
1 ck.connatix.com 1 redirects
1 rtb0.doubleverify.com cdn.doubleverify.com
1 ssum.casalemedia.com 1 redirects
1 id.rlcdn.com eus.rubiconproject.com
1 ads.yahoo.com eus.rubiconproject.com
1 nep.advangelists.com 1 redirects
1 ad4m.at ssum-sec.casalemedia.com
1 ps.eyeota.net bcp.crwdcntrl.net
1 thrtle.com bcp.crwdcntrl.net
1 jadserve.postrelease.com 1 redirects
1 sync-pp.ads.yieldmo.com sync-amz.ads.yieldmo.com
1 cd.connatix.com 1 redirects
1 crb.kargo.com s.amazon-adsystem.com
1 sync-amz.ads.yieldmo.com s.amazon-adsystem.com
1 www.google.co.uk www.baltimoresun.com
1 static.adsafeprotected.com www.baltimoresun.com
1 as-sec.casalemedia.com js-sec.indexww.com
1 ds.reson8.com cdn.resonate.com
1 stats.g.doubleclick.net www.google-analytics.com
1 beacon.krxd.net ads.pubmatic.com
1 s8t.teads.tv a.teads.tv
1 sqs.us-east-1.amazonaws.com d15kdpgjg3unno.cloudfront.net
1 id.sv.rkdms.com js-sec.indexww.com
1 static.chartbeat.com www.baltimoresun.com
1 geo.privacymanager.io ats.rlcdn.com
1 cdn.resonate.com player.sendtonews.com
1 p1.parsely.com www.baltimoresun.com
1 d1n00d49gkbray.cloudfront.net www.baltimoresun.com
1 idx.liadm.com js-sec.indexww.com
1 ampcid.google.com www.google-analytics.com
1 ats.rlcdn.com t.co
1 d15kdpgjg3unno.cloudfront.net tribune-baltimoresunclassic.zeustechnology.com
1 cdn.parsely.com www.googletagmanager.com
1 insights.zeustechnology.com tribune-baltimoresunclassic.zeustechnology.com
1 dyv1bugovvq1g.cloudfront.net tribune-baltimoresunclassic.zeustechnology.com
1 ib.3lift.com tribune-baltimoresunclassic.zeustechnology.com
1 check.analytics.rlcdn.com tribune-baltimoresunclassic.zeustechnology.com
1 authenticate.baltimoresun.com www.baltimoresun.com
1 geolocation.onetrust.com cdn.cookielaw.org
1 s.go-mpulse.net www.baltimoresun.com
1 ssor.tribdss.com www.baltimoresun.com
1 tribune-baltimoresunclassic.zeustechnology.com www.baltimoresun.com
1 t.co
0 sync.hgrtb.com Failed
0 nodeny.targetspot.com Failed
852 284
Subject Issuer Validity Valid
t.co
DigiCert TLS RSA SHA256 2020 CA1		 2021-03-24 -
2022-03-23		 a year crt.sh
tronc2.web.arc-cdn.net
R3		 2021-11-03 -
2022-02-01		 3 months crt.sh
*.freetls.fastly.net
GlobalSign Atlas R3 DV TLS CA 2020		 2021-04-27 -
2022-05-29		 a year crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2021-11-29 -
2022-02-21		 3 months crt.sh
c.amazon-adsystem.com
Amazon		 2021-07-06 -
2022-06-27		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2021-11-29 -
2022-02-21		 3 months crt.sh
cookielaw.org
Cloudflare Inc ECC CA-3		 2021-06-01 -
2022-05-31		 a year crt.sh
*.taboola.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-11-28 -
2022-12-29		 a year crt.sh
assets.zephr.com
Amazon		 2021-05-28 -
2022-06-26		 a year crt.sh
*.zeustechnology.com
Amazon		 2021-05-15 -
2022-06-13		 a year crt.sh
*.sendtonews.com
Amazon		 2021-06-17 -
2022-07-16		 a year crt.sh
*.remixd.com
Amazon		 2021-04-10 -
2022-05-09		 a year crt.sh
*.cloudfront.net
Amazon		 2021-03-19 -
2022-03-17		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2021-11-29 -
2022-02-21		 3 months crt.sh
akstat.io
DigiCert SHA2 Secure Server CA		 2021-06-08 -
2022-06-13		 a year crt.sh
www.trbimg.com
DigiCert SHA2 Secure Server CA		 2021-08-10 -
2022-06-02		 10 months crt.sh
zephr.baltimoresun.com
Amazon		 2021-01-07 -
2022-02-05		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2021-11-29 -
2022-02-21		 3 months crt.sh
onetrust.com
Cloudflare Inc ECC CA-3		 2021-02-12 -
2022-02-11		 a year crt.sh
*.scorecardresearch.com
Amazon		 2021-02-28 -
2022-03-29		 a year crt.sh
authenticate.baltimoresun.com
Amazon		 2021-10-12 -
2022-11-09		 a year crt.sh
analytics.rlcdn.com
Amazon		 2021-08-26 -
2022-09-24		 a year crt.sh
san.casalemedia.com
GeoTrust RSA CA 2018		 2021-12-12 -
2022-12-13		 a year crt.sh
*.pubmatic.com
DigiCert SHA2 Secure Server CA		 2021-03-30 -
2022-04-04		 a year crt.sh
*.3lift.com
Amazon		 2021-06-12 -
2022-07-11		 a year crt.sh
*.crwdcntrl.net
Go Daddy Secure Certificate Authority - G2		 2021-04-29 -
2022-05-31		 a year crt.sh
*.adnxs.com
GeoTrust ECC CA 2018		 2021-03-05 -
2022-02-19		 a year crt.sh
*.rubiconproject.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-03-30 -
2022-04-04		 a year crt.sh
*.bidswitch.net
Sectigo RSA Domain Validation Secure Server CA		 2020-04-23 -
2022-05-04		 2 years crt.sh
*.parsely.com
Amazon		 2021-07-05 -
2022-08-03		 a year crt.sh
*.rlcdn.com
Sectigo RSA Domain Validation Secure Server CA		 2021-02-25 -
2022-03-28		 a year crt.sh
*.google.com
GTS CA 1C3		 2021-11-29 -
2022-02-21		 3 months crt.sh
*.liadm.com
Amazon		 2021-10-31 -
2022-11-28		 a year crt.sh
*.adsrvr.org
GlobalSign GCC R3 DV TLS CA 2020		 2021-03-18 -
2022-04-19		 a year crt.sh
www.google.com
GTS CA 1C3		 2021-11-29 -
2022-02-21		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-09-21 -
2022-09-20		 a year crt.sh
teads.tv
R3		 2021-11-03 -
2022-02-01		 3 months crt.sh
protected-by.clarium.io
Gandi Standard SSL CA 2		 2020-04-03 -
2022-04-26		 2 years crt.sh
*.privacymanager.io
Amazon		 2021-09-25 -
2022-10-24		 a year crt.sh
*.news.google.com
GTS CA 1C3		 2021-11-29 -
2022-02-21		 3 months crt.sh
*.chartbeat.com
Thawte RSA CA 2018		 2021-05-20 -
2022-06-03		 a year crt.sh
smoggysnakes.com
R3		 2021-12-26 -
2022-03-26		 3 months crt.sh
smarterhq.io
Amazon		 2021-10-20 -
2022-11-17		 a year crt.sh
securedvisit.com
Amazon		 2021-11-30 -
2022-12-27		 a year crt.sh
s.amazon-adsystem.com
Amazon		 2021-07-14 -
2022-06-27		 a year crt.sh
queue.amazonaws.com
Amazon		 2021-10-15 -
2022-10-07		 a year crt.sh
www.i.matheranalytics.com
Sectigo RSA Domain Validation Secure Server CA		 2020-01-28 -
2022-01-27		 2 years crt.sh
*.doubleclick.net
GTS CA 1C3		 2021-11-29 -
2022-02-21		 3 months crt.sh
track.adform.net
DigiCert TLS RSA SHA256 2020 CA1		 2021-09-06 -
2022-10-07		 a year crt.sh
*.match.prod.bidr.io
Amazon		 2021-02-26 -
2022-03-27		 a year crt.sh
*.ybp.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2021-08-24 -
2022-02-16		 6 months crt.sh
*.chartbeat.net
Thawte RSA CA 2018		 2021-12-01 -
2022-12-30		 a year crt.sh
static.adsafeprotected.com
Amazon		 2021-09-05 -
2022-10-04		 a year crt.sh
tpc.googlesyndication.com
GTS CA 1C3		 2021-11-29 -
2022-02-21		 3 months crt.sh
www.google.co.uk
GTS CA 1C3		 2021-11-29 -
2022-02-21		 3 months crt.sh
aax-us-east.amazon-adsystem.com
Amazon		 2021-09-13 -
2022-09-12		 a year crt.sh
*.ads.yieldmo.com
Amazon		 2021-05-25 -
2022-06-23		 a year crt.sh
*.openx.net
GeoTrust RSA CA 2018		 2021-07-08 -
2022-08-08		 a year crt.sh
*.app.kargo.com
Amazon		 2021-01-21 -
2022-02-19		 a year crt.sh
*.sitescout.com
GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1		 2021-12-15 -
2023-01-15		 a year crt.sh
*.ml314.com
Amazon		 2021-12-17 -
2023-01-14		 a year crt.sh
*.agkn.com
RapidSSL RSA CA 2018		 2020-07-25 -
2022-09-18		 2 years crt.sh
odc-pixel-prod-01.oracle.com
DigiCert SHA2 Secure Server CA		 2021-11-24 -
2022-04-26		 5 months crt.sh
*.thrtle.com
Go Daddy Secure Certificate Authority - G2		 2021-03-22 -
2022-04-23		 a year crt.sh
*.eyeota.net
R3		 2021-10-26 -
2022-01-24		 3 months crt.sh
*.doubleverify.com
DigiCert SHA2 Secure Server CA		 2021-12-23 -
2022-12-23		 a year crt.sh
misc-sni.google.com
GTS CA 1C3		 2021-11-29 -
2022-02-21		 3 months crt.sh
*.connatix.com
Go Daddy Secure Certificate Authority - G2		 2021-08-20 -
2022-09-21		 a year crt.sh
srvsynd.com
R3		 2021-12-03 -
2022-03-03		 3 months crt.sh
ad.cpe.dotomi.com
GlobalSign RSA OV SSL CA 2018		 2021-07-13 -
2022-06-25		 a year crt.sh
*.criteo.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2021-12-01 -
2022-02-26		 3 months crt.sh
*.1rx.io
Sectigo RSA Domain Validation Secure Server CA		 2021-06-01 -
2022-07-02		 a year crt.sh
*.deepintent.com
Go Daddy Secure Certificate Authority - G2		 2020-04-09 -
2022-06-08		 2 years crt.sh
*.bnmla.com
Go Daddy Secure Certificate Authority - G2		 2021-01-06 -
2022-02-07		 a year crt.sh
beacon.lynx.cognitivlabs.com
Amazon		 2021-04-28 -
2022-05-27		 a year crt.sh
*.iprom.net
R3		 2021-12-29 -
2022-03-29		 3 months crt.sh
adentifi.com
Amazon		 2021-09-04 -
2022-10-03		 a year crt.sh
*.gumgum.com
Amazon		 2021-10-15 -
2022-11-12		 a year crt.sh
tls.adobe.com
DigiCert SHA2 Secure Server CA		 2020-06-01 -
2022-06-06		 2 years crt.sh
c.eu1.dyntrk.com
R3		 2021-12-07 -
2022-03-07		 3 months crt.sh
pubcast-files.remixd.com
GTS CA 1D4		 2021-12-19 -
2022-03-19		 3 months crt.sh
*.qualtrics.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-09-24 -
2022-09-24		 a year crt.sh
widget.perfectmarket.com
GlobalSign Atlas R3 DV TLS CA H2 2021		 2021-12-24 -
2023-01-25		 a year crt.sh
tag.wknd.ai
R3		 2021-11-23 -
2022-02-21		 3 months crt.sh
www.linkedin.com
DigiCert SHA2 Secure Server CA		 2021-12-06 -
2022-06-06		 6 months crt.sh
www.bing.com
Microsoft RSA TLS CA 01		 2021-12-22 -
2022-06-22		 6 months crt.sh
assets.bounceexchange.com
GTS CA 1D4		 2021-12-21 -
2022-03-21		 3 months crt.sh
jwplayer.com
Amazon		 2021-12-29 -
2023-01-25		 a year crt.sh
*.cdnbasket.net
Go Daddy Secure Certificate Authority - G2		 2021-09-27 -
2022-09-27		 a year crt.sh
*.adswizz.com
Amazon		 2021-08-21 -
2022-09-19		 a year crt.sh
*.ads.audio.thisisdax.com
Sectigo RSA Domain Validation Secure Server CA		 2020-06-11 -
2022-06-11		 2 years crt.sh
player-files.remixd.com
GTS CA 1D4		 2021-12-20 -
2022-03-20		 3 months crt.sh
*.live.streamtheworld.com
Go Daddy Secure Certificate Authority - G2		 2020-03-11 -
2022-05-10		 2 years crt.sh
ids.cdnwidget.com
R3		 2021-12-14 -
2022-03-14		 3 months crt.sh
exchange.remixd.com
GTS CA 1D4		 2021-12-18 -
2022-03-18		 3 months crt.sh
pd.cdnwidget.com
R3		 2021-11-14 -
2022-02-12		 3 months crt.sh
*.dyntrk.com
R3		 2021-12-22 -
2022-03-22		 3 months crt.sh
*.wunderkind.co
R3		 2021-12-16 -
2022-03-16		 3 months crt.sh
*.deliveryengine.adswizz.com
Amazon		 2021-03-16 -
2022-04-14		 a year crt.sh
id.sharedid.org
Amazon		 2021-12-09 -
2023-01-06		 a year crt.sh
cdn.adnxs.com
GeoTrust RSA CA 2018		 2021-03-11 -
2022-02-07		 a year crt.sh
*.extremereach.io
Amazon		 2021-11-04 -
2022-12-02		 a year crt.sh
*.tremorhub.com
Amazon		 2021-06-27 -
2022-07-26		 a year crt.sh
*.exelator.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-06-02 -
2022-06-07		 a year crt.sh
*.mookie1.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-02-22 -
2022-03-25		 a year crt.sh
*.connexity.net
Sectigo RSA Domain Validation Secure Server CA		 2021-06-17 -
2022-07-17		 a year crt.sh
*.contextweb.com
DigiCert SHA2 Secure Server CA		 2020-05-07 -
2022-05-12		 2 years crt.sh
*.smartadserver.com
DigiCert ECC Secure Server CA		 2020-01-30 -
2022-02-03		 2 years crt.sh
*.emxdgt.com
Go Daddy Secure Certificate Authority - G2		 2021-05-18 -
2022-06-19		 a year crt.sh
*.treasuredata.com
Amazon		 2021-09-17 -
2022-10-16		 a year crt.sh
gixel.gnetwork.me
GTS CA 1D4		 2021-12-21 -
2022-03-21		 3 months crt.sh
omnitagjs.com
Sectigo RSA Domain Validation Secure Server CA		 2021-05-24 -
2022-06-23		 a year crt.sh
*.knorex.com
Amazon		 2021-08-26 -
2022-09-24		 a year crt.sh

This page contains 96 frames:

Primary Page: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Frame ID: C0D34595E1082D4996F7982E3AE9FCD4
Requests: 262 HTTP requests in this frame

Frame: https://c.go-mpulse.net/boomerang/9E52W-759Q8-QRNWG-5DBLH-ZFZGZ
Frame ID: 595C4BC37BBB32ED2BEA0081243EB626
Requests: 4 HTTP requests in this frame

Frame: https://player.sendtonews.com/player7/player/65.21.10/player.js
Frame ID: FCD2FB44DC646496726210F4CA3EC103
Requests: 59 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=159890&s=&predirect=&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&
Frame ID: 4E6207185C63ABF3863F4EA9005CF381
Requests: 14 HTTP requests in this frame

Frame: https://76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: E27A40DA6EF90A5EA8F97E709CEC9468
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstMqukvfSm5hsoxMwrCwynnyjIi5Jjup7dNNUjXNq-kGoX5V83YrDVkCNNNozKfqGnZ8ECCXOv3-5TkQYIxEatPYzsgs67eg2Bi0mtxhlVZQHlGqtxmUe5IwnHv4NCD9EVHBwOfbtNfuiilaC93y3eCpLIF2Wq9WYo49qHcPKMljwu5xC_HhIaqeI3X86iFGH1Am417jHlSRQqgnsW2UqaMzAA_cv9nM-O_tMrKrRlloXvRAuXRtPszrfRX0gNzEswvsuRHQX5m3rZfjwU0Ui2JJfFwvAQIAWet-eDnzFVW_XRfCs5pfozp3MolYro7KGTMizzhHMQOPE6KsiRv&sai=AMfl-YRjexUWnh3j1J38V1OGnEBGOgVjM2Ya6_M1amHUHGs-Xt_flSXNhiHCp9eW2UoDWILelAwiEIfzfnL9qYjIJt3vNbRn2DVdhhL5ZFsATlG0heoFeuh4xC4TQOvXuc0&sig=Cg0ArKJSzDBRsW7dbavNEAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: 8460A2BF16712967FEBABEE12A9F93C0
Requests: 5 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-index_pm-db5_ym_rbd_n-vmg_ox-db5_kg_an-db5_3lift&dcc=t
Frame ID: 69216CCD5DD0F9ACD5E7B62759954E68
Requests: 1 HTTP requests in this frame

Frame: https://tags.crwdcntrl.net/lt/shared/2/lt.iframe.html?c=13200
Frame ID: 2B9D7A823DE9787260B891AE61398F0E
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html
Frame ID: 1BF5686EA2D3453402147BD4C024BF6E
Requests: 26 HTTP requests in this frame

Frame: https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=9AEF885A-3E04-4A8E-9A29-6FFBCF07119E
Frame ID: 3EB4193F37A87F3ED5D99BF95074F7A1
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=Yc26_gABy-th-QAF&gdpr=0&gdpr_consent=&_test=Yc26_gABy-th-QAF
Frame ID: A0A57D4FF6A18939755A20791C79103F
Requests: 1 HTTP requests in this frame

Frame: https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=pp%2Csyn%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1
Frame ID: 54F53681EB959B0FE278DECABCA3C7FB
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 9813F70631B9E05C690D453550BF2FD3
Requests: 1 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/v3/pr?exlist=n-index_pm-db5_ym_rbd_n-vmg_ox-db5_kg_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1
Frame ID: 6CEC21A6608700AFD03F868BF6FDB0D3
Requests: 1 HTTP requests in this frame

Frame: https://news.google.com/swg/_/ui/v1/serviceiframe?_=455797
Frame ID: 122E9D96ACEA34DEE1F197A31E2073AF
Requests: 13 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Le9ZMIUAAAAAI5fS3P2dp4pUibhIqYeRd01EJ_Q&co=aHR0cHM6Ly93d3cuYmFsdGltb3Jlc3VuLmNvbTo0NDM.&hl=en&v=VZKEDW9wslPbEc9RmzMqaOAP&size=invisible&cb=kflfkc3f1ggu
Frame ID: C82C5573C9797B8D496ADC4F5B7C245F
Requests: 7 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuiybz8fh9kgIMk7Qk9m3dySpeuC1rsRAGviiJL6K5FOJJBAchdxaEAIgPleWmzNfujkQTXNCwJyb6HPKkYoKRmxSNET_7iZ6ZBAzewFEo23MPBPq3ASquPxo2ww2sleo1S2fU6y1WiSjCgpjSyT0uynwviZKiDNXUj95kpI2qNnKZtAfJY6X8OyGV3MxE3ox3H10cnSfaEYRef-_1lKYc5SbK_OA_aNVji70cFaGjdbHqXsRgKrGxL6m7uif1m5oIMe1vyWjlM6UyMGsQ8XwS2mFtY-W3aETr8CT59vUwQwEOJdkp77iliOE1xXR5b4En3PabLkDLRlyJ2&sig=Cg0ArKJSzPGvhMhDuD8bEAE&uach_m=[UACH]&adurl=
Frame ID: 4D8CF04704731CCC589830A85E17191E
Requests: 8 HTTP requests in this frame

Frame: https://76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 2A418A8B4FE8A4C99D0EB709EB894551
Requests: 9 HTTP requests in this frame

Frame: https://76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: E013F8B2FFAA32F06014E02919538831
Requests: 23 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
Frame ID: F6B4D3BA3EBB6C31DC46E05542E39EC7
Requests: 10 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fid%3DPM_UID%26ex%3Dpubmatic.com&userIdMacro=PM_UID
Frame ID: EF49890A80259FBA32BA8FEC57A06992
Requests: 1 HTTP requests in this frame

Frame: https://sync-amz.ads.yieldmo.com/tamptsync?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dym.com%26id%3D%24UID
Frame ID: FD6467B00A043326C5ADBFE3ABD22642
Requests: 7 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east
Frame ID: 8E453D7DD760AB492CD40E3A8936B72C
Requests: 11 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/ecm3?ex=vmg.com&id=eS1TZFNVaUxKRTJ1TFYwUmpIdmxMZ2h2anlXRGVhN0FlUX5B
Frame ID: 16E189E78AB769B80B1A248DA1658B16
Requests: 1 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/cm?id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D
Frame ID: 71D8B02A9FF3DAED530F60A6ABBAECB8
Requests: 1 HTTP requests in this frame

Frame: https://crb.kargo.com/api/v1/dinitsync?partners=A9
Frame ID: AF2760AA115C529C937D4F0402E52AAE
Requests: 1 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/ecm3?id=3183875922675690167&ex=appnexus.com
Frame ID: 6ED16878B25EF6AD9A77DBB5D1B7D1F7
Requests: 1 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/ecm3?ex=3lift.com&id=9865506846252392651
Frame ID: 4CFD388B4647A9E6EF15724EFA53A8C6
Requests: 1 HTTP requests in this frame

Frame: https://cds.connatix.com/p/143023/connatix.player.js
Frame ID: E1DD5254CBA3107DAC05DDC867638C6C
Requests: 64 HTTP requests in this frame

Frame: https://bcp.crwdcntrl.net/pixels?s=22%2C67%2C33%2C86%2C61%2C8%2C12%2C125%2C31%2C49&c=13200
Frame ID: 40EC83ACB016F8571B45B2F1B41AA9B4
Requests: 11 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4341884288908283729/index.html
Frame ID: 90A62D48F4BD48BBA5D6EFB3FD8C5A05
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJbEPhDG_rKdAhjViZi0ATAB&v=APEucNXprwrbt6gTRQVNL6nwsOu6RZ7reLThYJbC0GUFuh48AqOmCAtatiFbIT2n-XJ71zAwErRcsbGJMbt3CVPvcmNi4Oj-5w
Frame ID: 889C1F6CCC60A1AC26ACA9CE54F4365C
Requests: 5 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012111011823000/amp4ads-v0.mjs
Frame ID: D3FA8023312D0190F0CF6162AF4DF2FA
Requests: 16 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=19564_2&endpoint=us-east
Frame ID: 5753E58C57A763A1597DE4D19887D1C7
Requests: 3 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 571A4984C7D884F4BCCE91F32A09993D
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 6AC62E35D8D82AFA383136181A7A1E9A
Requests: 3 HTTP requests in this frame

Frame: https://cds.connatix.com/p/plugins/prebid4.43.0-4.js
Frame ID: 3B1B9C06AD9FBEFC668142810949A079
Requests: 13 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html
Frame ID: 60AFAE05EDF3FD1E29F870D06FABC30F
Requests: 5 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html
Frame ID: 85587DA2E9858390EDAA8F6F9EAB88A2
Requests: 5 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html
Frame ID: 0AEA58A0DC47902C7EB5BFA949C09A30
Requests: 6 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html
Frame ID: 29CC952BEB485B8C801E5633007F5140
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html
Frame ID: D0CB131D8C4D0FC1239B1E8DFA5FE4CF
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html
Frame ID: DC7719E874C96A2A911F2BB53A51FA8E
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=156592&s=&predirect=https%3A%2F%2Fcapi.connatix.com%2Fcore%2Fus%3FDemandPartner%3D2%26UserId%3Df1a7817fe20f4597938371768ad6be84%26DemandPartnerName%3DPubmatic%26DemandPartnerUserId%3D&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&
Frame ID: EFD1D742B89C2BE811212AF167EF5158
Requests: 20 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=156592&s=&predirect=https%3A%2F%2Fcapi.connatix.com%2Fcore%2Fus%3FDemandPartner%3D2%26UserId%3Df1a7817fe20f4597938371768ad6be84%26DemandPartnerName%3DPubmatic%26DemandPartnerUserId%3D&userIdMacro=&gdpr_consent=&gdpr=1&us_privacy=&
Frame ID: FA0A075684B2749DE03926E0A8BBDDEB
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 6DADF7F152718870510E8B9F67F4709B
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 511DC073CC221C2B99A5F4A4B10A6784
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: CFFF299E3FE401C52EDC3CEFDD30635E
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 0524E8C72594963F5562C9FDC8AC0AFE
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: F9BB2113BFEBA2025D9E73764002BF0B
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 5044EC9E2FA002C8AB608B761A092E82
Requests: 1 HTTP requests in this frame

Frame: https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
Frame ID: 70AD5590774E46AAFDBE901EB8339788
Requests: 1 HTTP requests in this frame

Frame: https://match.deepintent.com/usersync/141?gdpr=0&gdpr_consent=
Frame ID: B57617021B5025E0AE3402A426F801A9
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDEmdGw9MTI5NjAw&piggybackCookie=8cc640ec-6978-11ec-9f00-7928b90ff49e
Frame ID: D3E330D5A1F51B00BF85C9B683B8DB67
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=zMocoBWdTUFFZe1obrBfIS36GW4
Frame ID: 2A6700369467726D136E8654DC215A8B
Requests: 1 HTTP requests in this frame

Frame: https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
Frame ID: B5BAF01AD2EF6B505CC8AF03507604F7
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:Ev34cJ1d1N2VWK5&gdpr=0&gdpr_consent=
Frame ID: D9A09AC4CB6DECD3BE0B0008618D07C9
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI5NDcmdGw9MTI5NjAw&piggybackCookie=635661617131
Frame ID: DEF4708B1801F45948918220DF19632D
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA==&piggybackCookie=5bb3797a-fc9f-4495-909a-e7dc4c592013
Frame ID: EC4C80281837F4EFF361E25CA48541B1
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzMmdGw9MTI5NjAw&piggybackCookie=Q6941591021453854449
Frame ID: 350E315B456F3F034B7CDE5CBECAB35F
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-c726f1b5-f2ac-41a2-bd61-14d6eda8e3c6-005
Frame ID: 8B6352193C5A8531AABDEADC70F2CEB9
Requests: 1 HTTP requests in this frame

Frame: https://match.bnmla.com/usersync?sspid=10738&redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI3NzUmdGw9MTI5NjAw%26piggybackCookie%3D%5BUUID%5D
Frame ID: AFD06FAD18B0016FF0F68C0657137ED0
Requests: 1 HTTP requests in this frame

Frame: https://beacon.lynx.cognitivlabs.com/pbmtc.gif?puid=9AEF885A-3E04-4A8E-9A29-6FFBCF07119E
Frame ID: 838283A4F878235DEF710BABA75EE2B9
Requests: 1 HTTP requests in this frame

Frame: https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
Frame ID: 44E307BD9FE056B1685DC81185243ED9
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=4YvWuSrvAdGO0tDJ_rrNYQ
Frame ID: F9A84631F469C5DC9869EAC9A5DC1C29
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0
Frame ID: F4024D9BCA4DD38277AB504890566C8F
Requests: 1 HTTP requests in this frame

Frame: https://core.iprom.net/cookiesync
Frame ID: 0781D86975399036078C605C40FF012E
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:7C30F16DB53846EBADAE183D17DE974E
Frame ID: A53061B323F4450A0E806B06EF72B279
Requests: 1 HTTP requests in this frame

Frame: https://capi.connatix.com/core/us?DemandPartner=2&UserId=f1a7817fe20f4597938371768ad6be84&DemandPartnerName=Pubmatic&DemandPartnerUserId=9AEF885A-3E04-4A8E-9A29-6FFBCF07119E
Frame ID: 8A4E4E02D1B08195AC5575605D83761B
Requests: 1 HTTP requests in this frame

Frame: blob://https://www.baltimoresun.com/b88abba9-87da-45ee-be74-1a3fa0274b63
Frame ID: 6EF91403D30E8578C0DD2EBF86205C92
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 3060016B11735D2D03BDB0520CB56B1D
Requests: 3 HTTP requests in this frame

Frame: https://cdn.doubleverify.com/dv-measurements1953.js
Frame ID: AD864C8C9435B61F40B69119EF4A921A
Requests: 6 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: E117C4DA8C1695831F5A5883A694BE34
Requests: 9 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/17569883881679332434/adc_RET_makemoney_300x250_HTML5/adc_RET_makemoney_300x250_HTML5.html
Frame ID: D1499E3DFEFF6899E4187D72B59AD1FB
Requests: 15 HTTP requests in this frame

Frame: https://cdn.doubleverify.com/dv-measurements1953.js
Frame ID: B9AD4F6FA92961D796A41378148A33DC
Requests: 6 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync
Frame ID: CF84A2EF4C0C84E32DD5B1ACC82043C6
Requests: 11 HTTP requests in this frame

Frame: data://truncated
Frame ID: 2C83DC2649AB597BCD00C7B8DAA42F86
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 0AD38A18398EC1D24EF0EF9AD69EC9C4
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: DA7C974723DDC07FEBCF371767D0EACC
Requests: 2 HTTP requests in this frame

Frame: https://cdn.jwplayer.com/libraries/FUtg69tL.js
Frame ID: 95EEF7DD8DCF780FA1D0FD65C6736AA0
Requests: 41 HTTP requests in this frame

Frame: https://assets.bounceexchange.com/assets/bounce/local_storage_frame16.min.html
Frame ID: 50C6EFA2E3DFBE2684520B1E8BA95A4A
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=22106&endpoint=us-east&gdpr=&gdpr_consent=&us_privacy=
Frame ID: 9A569FF24B467FB5A2E0AA0A2C209C46
Requests: 3 HTTP requests in this frame

Frame: https://synchroscript.deliveryengine.adswizz.com/www/delivery/afr.php?zoneid=9&aw_0_req.gdpr=false
Frame ID: 07D87D59A3F8C967640AFEE79255F43F
Requests: 9 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: C403CA03924E37295509FF54DB3237BA
Requests: 3 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 52E5FA32F9835DDE5AA2166B29A4A789
Requests: 3 HTTP requests in this frame

Frame: https://imprnjmp.taboola.com/st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=8016157&crid=5318825&dast=V7upYCFgM4AJf1LkDriwQ4AJf1LkDriwUAAAAGBvQHHEWYzDYb0oxBY00Wg81sN1pMZrvNYjdbDIbAUYTJbLMhzRg01mQx2Mx2m8VmthpuZpvBbAofxnKZDGqBxGX2-94Ky-npMbvcoqPrbfH8G5QOG-jQdDp8rnu97ve7Sxxm09Ptt7w8r7td43f7NX7L3-6wPS2vz1_ieatNbtHl9fI4LC-37uj0nM4ui9nve1neksFksZhMlmvV5m-zTI6nu-1muDpNY6_nM3i9nY6Taa05_S3Pu9D0NtsBAAAA4AEgCiUV4gcQACACAAAAQAIAAACAIqDi30LgAgAAAAADoCCrTgNgnINh_Gaz0-65Pc1mlz8AAB4UQAAABDBIAATKB0sAPHDeTwAAAAAAAAAAWP7___9jAPSiOmQAPrzSegAefAAeiAjsihgBAAAAtOhnuB1N6oTKogoAgCDdCuAKACDAb0E0bzUMAABAQExNsy7m113rcGyBHha_3-ywa_xulwEAAAAAAAAAmP2f_aMJaQg_pgnP1g-r_QICAKz9AgIAsKkbAMCbAFzINaDpdPhc93rRXeP3i86AFrPhYLU6AtpsBrMDAAAAuPv____HU9Osi_l11zrUAzGLyTBcTlYew8I0m3hcE89ysbCsJrPVcDazGAbb6-dK3o7SHvXsCxGX2e97Kyynp8fscouOrrfF829QOgTxQcOwnAyC-U3YYrSaTDbL4Wy5mAyGo-FotD-BnA1wIgbL5WSymOxWo9VoM9yNZoMFCsRgghQtGkxWo9FkMRmuRpPVbLnY7TZI0arVbLQZDFezyWy3Ww0Hw-VohBO2GK0mk81yOFsuJoPhaDgaDRGmTB6XZWExrWWelW8t2m0Ma-HKuFvLbCPLYDTx2CazzVr0-piOG99osFtZ8WA-Lue-duGiYADcXgQX6UR0eVpcd5fJ6XOaHma3xGE2Pd1-y8vzulvEEs3JIp3ILvuaxWQYLicrj2Fhmk08rolnuVhYVpPZajibWQyDfcvkcVkWFtNa5ln51qLdxrAWroy7tcw2sgxGE49tMtusRa-P6bjxjQa7lb8xGw2Gu8lusNk3ZqPBcDfZDTb7Do_vqHz-zh2VcnmaPDsz80HhMti806JF2jocfUaVMylxrf7O6XNi9VksXoPCc_CYDsKX5bS6Waezic57MCpiieB0kU5EL-PpIpZInhbpRLiy2Eye2Wq3GQwXo-FisFhZXDbLYDjcrBwmj2silihNF-lEr_Fb_naH7Wl5ff4Sz1ttcosur5fHYXm5dUen53R2Wcx-38vylgwmi8VkslyrNn-bZXI83W03w9VpGns9n8Hr7XScTGvN6W953oWmt9mi_mMDreaS1WAuWc0Vi8EqAQAAAAAAAAAsYcq8CQAAAMBpEMPlcLJbLsBDmYsuMAgAAAAAAMCuQ2h6LncUv0Zx48cbdHlaXHeXyelzmh5mt8RhNj3dfsvL87pbGeChjIV5s2eCWKvVsgYAABjABgAACODWzVsgySQH!&cmcv=&pix=undefined&cb=1640872705145&uv=3093&tms=1640872705145&abt=adh5c-1_vA!ftp1_vB!iiqd1_vB!iiqd2_vB!iiqd5_vB!rv1adimptmot1_vD!scec9_vB!t45!t45!ufm_vC&ru=https://t.co/&ft=0&su=2&unm=FEED_MANAGER&aure=false&agl=1&cirid=E0263C4FAF521036741267317610&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1
Frame ID: 3222EB5220AA552A7606964BF39989B2
Requests: 1 HTTP requests in this frame

Frame: https://us-match.taboola.com/sync?dast=V7upYCFgM4AJf1LkDriwQ4AJf1LkDriwUAAAAGBvQHHEWYzDYb0oxBY00Wg81sN1pMZrvNYjdbDIbAUYTJbLMhzRg01mQx2Mx2m8VmthpuZpvBbAofxnKZDGqBxGX2-94Ky-npMbvcoqPrbfH8G5QOG-jQdDp8rnu97ve7Sxxm09Ptt7w8r7td43f7NX7L3-6wPS2vz1_ieatNbtHl9fI4LC-37uj0nM4ui9nve1neksFksZhMlmvV5m-zTI6nu-1muDpNY6_nM3i9nY6Taa05_S3Pu9D0NtsBAAAA4AEgCiUV4gcQACACAAAAQAIAAACAIqDi30LgAgAAAAADoCCrTgNgnINh_Gaz0-65Pc1mlz8AAB4UQAAABDBIAATKB0sAPHDeTwAAAAAAAAAAWP7___9jAPSiOmQAPrzSegAefAAeiAjsihgBAAAAtOhnuB1N6oTKogoAgCDdCuAKACDAb0E0bzUMAABAQExNsy7m113rcGyBHha_3-ywa_xulwEAAAAAAAAAmP2f_aMJaQg_pgnP1g-r_QICAKz9AgIAsKkbAMCbAFzINaDpdPhc93rRXeP3i86AFrPhYLU6AtpsBrMDAAAAuPv____HU9Osi_l11zrUAzGLyTBcTlYew8I0m3hcE89ysbCsJrPVcDazGAbb6-dK3o7SHvXsCxGX2e97Kyynp8fscouOrrfF829QOgTxQcOwnAyC-U3YYrSaTDbL4Wy5mAyGo-FotD-BnA1wIgbL5WSymOxWo9VoM9yNZoMFCsRgghQtGkxWo9FkMRmuRpPVbLnY7TZI0arVbLQZDFezyWy3Ww0Hw-VohBO2GK0mk81yOFsuJoPhaDgaDRGmTB6XZWExrWWelW8t2m0Ma-HKuFvLbCPLYDTx2CazzVr0-piOG99osFtZ8WA-Lue-duGiYADcXgQX6UR0eVpcd5fJ6XOaHma3xGE2Pd1-y8vzulvEEs3JIp3ILvuaxWQYLicrj2Fhmk08rolnuVhYVpPZajibWQyDfcvkcVkWFtNa5ln51qLdxrAWroy7tcw2sgxGE49tMtusRa-P6bjxjQa7lb8xGw2Gu8lusNk3ZqPBcDfZDTb7Do_vqHz-zh2VcnmaPDsz80HhMti806JF2jocfUaVMylxrf7O6XNi9VksXoPCc_CYDsKX5bS6Waezic57MCpiieB0kU5EL-PpIpZInhbpRLiy2Eye2Wq3GQwXo-FisFhZXDbLYDjcrBwmj2silihNF-lEr_Fb_naH7Wl5ff4Sz1ttcosur5fHYXm5dUen53R2Wcx-38vylgwmi8VkslyrNn-bZXI83W03w9VpGns9n8Hr7XScTGvN6W953oWmt9mi_mMDreaS1WAuWc0Vi8EqAQAAAAAAAAAsYcq8CQAAAMBpEMPlcLJbLsBDmYsuMAgAAAAAAMCuQ2h6LncUv0Zx48cbdHlaXHeXyelzmh5mt8RhNj3dfsvL87pbGeChjIV5s2eCWKvVsgYAABjABgAACODWzVsgySQH!&excid=22&docw=0&cijs=1&nlb=true
Frame ID: C90270CFBC6027524EC391D08E7B6149
Requests: 1 HTTP requests in this frame

Frame: https://trc.taboola.com/sg/thetradedesk-network/1/rtb-h/?taboola_hm=e0abe75f-a4ea-4fff-b6a5-5da8b250c6e4
Frame ID: 202904AAD65A6A13D4D4A71FF7A50E61
Requests: 4 HTTP requests in this frame

Frame: https://taboola-supply-partners.tremorhub.com/sync?UISTB=%3CtaboolaUserId%3E&gdpr=0&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Ftelaria-rtb-network%2F1%2Frtb-h%2F%3Fgdpr%3D0%26us_privacy%3D1---%26taboola_hm%3D%5BTVUSER_ID%5D%26orig%3Dvideo
Frame ID: D0D8DAD3AADB334BD9BCF1BC1FEC33DE
Requests: 4 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?gdpr=0&p=15414&us_privacy=1---&endpoint=
Frame ID: 1061CDFA9370F5A1983241BD87AE14A6
Requests: 3 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?gdpr=0&p=15414&us_privacy=1---&endpoint=
Frame ID: EBA1137A4E666232FA2D16F98C41DB6F
Requests: 2 HTTP requests in this frame

Frame: https://trc.taboola.com/sg/rubicon-network-display/1/rtb-h/?taboola_hm=KXT18KCV-1V-9YVP
Frame ID: B53737A6D55E7B99B6304EF12B54CEEB
Requests: 42 HTTP requests in this frame

Frame: https://sync.taboola.com/sg/yahoosspus-network/1/rtb-h/?taboola_hm=y-V6oCjw5E2uE7.n9GAK.irzWNcjZGBIUsCgU4DAE-~A
Frame ID: F487A90920E121C473EF4C0AC293E59B
Requests: 4 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?gdpr=0&s=183756&us_privacy=1---&cb=https%3A%2F%2Fsync.taboola.com%2Fsg%2Fcasale-network%2F1%2Frtb-h%2F%3Ftaboola_hm%3D%5Bpartner_user_id%5D%26orig%3Dvideo%26us_privacy%3D1---
Frame ID: 21D71C0886AB217AEEE08726E9187D9E
Requests: 10 HTTP requests in this frame

Frame: https://sync.taboola.com/sg/yahoosspus-network/1/rtb-h/?taboola_hm=y-V6oCjw5E2uE7.n9GAK.irzWNcjZGBIUsCgU4DAE-~A
Frame ID: 44C07F389AF6C9ABBFFB4B617A849AED
Requests: 4 HTTP requests in this frame

Frame: https://sync-t1.taboola.com/sg/openxrtb-network/1/rtb-h/?gdpr=0&us_privacy=1---&orig=video&taboola_hm=c2756fd5-2f8f-4926-adc4-8d6470932b22
Frame ID: DC0DDF70E031C0C803B10169AF4C432B
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Whistleblower alleges Maryland health officials failed to alert hundreds of patients of potentially spoiled vaccines - Baltimore SunBack ButtonSearch IconFilter IconGroup 3Group 3Group 3Group 3

Page URL History Show full URLs

  1. https://t.co/sWUTVYxdMM Page URL
  2. https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link rel="amphtml"
Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)
Overall confidence: 100%
Detected patterns
  • chartbeat\.js
Overall confidence: 100%
Detected patterns
  • 2mdn\.net
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
  • 2mdn\.net
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
Overall confidence: 100%
Detected patterns
  • cdn\.onesignal\.com
Overall confidence: 100%
Detected patterns
  • cdn\.cookielaw\.org
  • otSDKStub\.js
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.openx\.net
Overall confidence: 100%
Detected patterns
  • /prebid\.js
  • adnxs\.com/[^"]*(?:prebid|/pb\.js)
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.pubmatic\.com
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.rubiconproject\.com
Overall confidence: 100%
Detected patterns
  • swfobject.*\.js
Overall confidence: 100%
Detected patterns
  • <iframe[^>]* (?:id="comscore"|scr=[^>]+comscore)|\.scorecardresearch\.com/beacon\.js|COMSCORE\.beacon
  • \.scorecardresearch\.com/beacon\.js|COMSCORE\.beacon
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • /recaptcha/api\.js

Page Statistics

852
Requests

82 %
HTTPS

25 %
IPv6

157
Domains

284
Subdomains

196
IPs

13
Countries

11372 kB
Transfer

27911 kB
Size

277
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://t.co/sWUTVYxdMM Page URL
  2. https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 60
  • https://sb.scorecardresearch.com/b?c1=2&c2=6036462&ns__t=1640872697297&ns_c=UTF-8&c8=Whistleblower%20alleges%20Maryland%20health%20officials%20failed%20to%20alert%20hundreds%20of%20patients%20of%20potentially%20spoiled%20vaccines%20-%20Baltimore%20Sun&c7=https%3A%2F%2Fwww.baltimoresun.com%2Fcoronavirus%2Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&c9=https%3A%2F%2Ft.co%2F HTTP 302
  • https://sb.scorecardresearch.com/b2?c1=2&c2=6036462&ns__t=1640872697297&ns_c=UTF-8&c8=Whistleblower%20alleges%20Maryland%20health%20officials%20failed%20to%20alert%20hundreds%20of%20patients%20of%20potentially%20spoiled%20vaccines%20-%20Baltimore%20Sun&c7=https%3A%2F%2Fwww.baltimoresun.com%2Fcoronavirus%2Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&c9=https%3A%2F%2Ft.co%2F
Request Chain 79
  • https://js.matheranalytics.com/s/ma89701/197837615/all/sp.js?cb=1586 HTTP 301
  • https://js.matheranalytics.com/static/ltm/ma89701/all/15/ml.br.js
Request Chain 81
  • https://www.baltimoresun.com/api/v2/render/feature?name=breaking-news-bar&uri=/zzz-breaking-news/&wrapper=false HTTP 301
  • https://www.baltimoresun.com/api/v2/render/feature/?name=breaking-news-bar&uri=/zzz-breaking-news/&wrapper=false
Request Chain 125
  • https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-index_pm-db5_ym_rbd_n-vmg_ox-db5_kg_an-db5_3lift HTTP 302
  • https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-index_pm-db5_ym_rbd_n-vmg_ox-db5_kg_an-db5_3lift&dcc=t
Request Chain 163
  • https://c1.adform.net/serving/cookie/match?party=14&cid=9AEF885A-3E04-4A8E-9A29-6FFBCF07119E HTTP 302
  • https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=9AEF885A-3E04-4A8E-9A29-6FFBCF07119E
Request Chain 164
  • https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%26gdpr%3D0%26gdpr_consent%3D HTTP 302
  • https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%26gdpr%3D0%26gdpr_consent%3D&_test=Yc26_gABy-th-QAF HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=Yc26_gABy-th-QAF&gdpr=0&gdpr_consent=&_test=Yc26_gABy-th-QAF
Request Chain 165
  • https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent= HTTP 303
  • https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=?_bee_ppp=1 HTTP 303
  • https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFGUG9rN0RtM1lBQUVCaU5BRU02Zw&bee_sync_partners=pp%2Csyn%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1 HTTP 302
  • https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=pp%2Csyn%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1
Request Chain 166
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=mu-IWj4ESo6aKW_7zwcRng%3D%3D HTTP 302
  • https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
Request Chain 167
  • https://idsync.rlcdn.com/420486.gif?partner_uid=9AEF885A-3E04-4A8E-9A29-6FFBCF07119E HTTP 307
  • https://idsync.rlcdn.com/1000.gif?memo=CIbVGRIwCiwIARCMowEaJDlBRUY4ODVBLTNFMDQtNEE4RS05QTI5LTZGRkJDRjA3MTE5RRAAGg0I-vW2jgYSBQjoBxAAQgBKAA HTTP 307
  • https://pippio.com/api/sync?pid=5324&it=1&iv=10f0cea427a19c859dee1b8caf9e1ba80b00bea03b126a5e0b55b610b7a84a77791426b5417dce21&_=2 HTTP 307
  • https://cm.g.doubleclick.net/pixel?google_nid=pippio_dmp&google_cm&google_no_sc&m=CMwpElsKVwgBEJInGlAxMGYwY2VhNDI3YTE5Yzg1OWRlZTFiOGNhZjllMWJhODBiMDBiZWEwM2IxMjZhNWUwYjU1YjYxMGI3YTg0YTc3NzkxNDI2YjU0MTdkY2UyMRAAGgwI-_W2jgYSBAgCEABCAEoA HTTP 302
  • https://pippio.com/api/sync/ddp?pid=2&m=CMwpElsKVwgBEJInGlAxMGYwY2VhNDI3YTE5Yzg1OWRlZTFiOGNhZjllMWJhODBiMDBiZWEwM2IxMjZhNWUwYjU1YjYxMGI3YTg0YTc3NzkxNDI2YjU0MTdkY2UyMRAAGgwI-_W2jgYSBAgCEABCAEoA&google_gid=CAESEGRtb2yc4A7TQEB3FJoQ3aw&google_cver=1 HTTP 307
  • https://usermatch.krxd.net/um/v2?partner=liveramp_identity HTTP 302
  • https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=liveramp_identity
Request Chain 168
  • https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D HTTP 302
  • https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=0fbd61cd-bafa-4b00-bc7c-02e51cbb1cdc
Request Chain 169
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=OUFFRjg4NUEtM0UwNC00QThFLTlBMjktNkZGQkNGMDcxMTlF&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Request Chain 170
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEGOo8OJLKvneWC3c1z0FTvU&google_cver=1
Request Chain 171
  • https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:7C30F16DB53846EBADAE183D17DE974E
Request Chain 172
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=e0abe75f-a4ea-4fff-b6a5-5da8b250c6e4
Request Chain 173
  • https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=8053738013470830884&gdpr=0&gdpr_consent=&us_privacy=
Request Chain 174
  • https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3Duid%3A%5BMM_UUID%5D HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:486e61cd-bafa-4300-ae81-e0c2b6322ca6&gdpr=0&gdpr_consent=
Request Chain 175
  • https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=9AEF885A-3E04-4A8E-9A29-6FFBCF07119E&redir=true&gdpr=0&gdpr_consent= HTTP 302
  • https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=9AEF885A-3E04-4A8E-9A29-6FFBCF07119E&redir=true&gdpr=0&gdpr_consent=&verify=true HTTP 302
  • https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-dezVlIJE2uVdDtAD73OpOmNWkddaZCY-~A&gdpr=0&gdpr_consent=
Request Chain 231
  • https://ssum-sec.casalemedia.com/usermatch?s=192259&cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID HTTP 302
  • https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
Request Chain 235
  • https://ups.analytics.yahoo.com/ups/58251/sync?redir=true HTTP 302
  • https://s.amazon-adsystem.com/ecm3?ex=vmg.com&id=eS1TZFNVaUxKRTJ1TFYwUmpIdmxMZ2h2anlXRGVhN0FlUX5B
Request Chain 238
  • https://ib.adnxs.com/getuid?https://s.amazon-adsystem.com/ecm3?id=$UID&ex=appnexus.com HTTP 302
  • https://s.amazon-adsystem.com/ecm3?id=3183875922675690167&ex=appnexus.com
Request Chain 239
  • https://eb2.3lift.com/getuid?redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3D3lift.com%26id%3D%24UID HTTP 302
  • https://eb2.3lift.com/getuid?ld=1&gdpr=0&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3D3lift.com%26id%3D%24UID HTTP 302
  • https://s.amazon-adsystem.com/ecm3?ex=3lift.com&id=9865506846252392651
Request Chain 240
  • https://cd.connatix.com/connatix.player.js HTTP 302
  • https://cds.connatix.com/p/143023/connatix.player.js
Request Chain 256
  • https://ib.adnxs.com/getuid?&https://ads.yieldmo.com/v000/sync?userid=$UID&pn_id=an HTTP 302
  • https://ib.adnxs.com/&https://ads.yieldmo.com/v000/sync?userid=3183875922675690167&pn_id=an
Request Chain 257
  • https://x.bidswitch.net/sync?&ssp=yieldmo HTTP 302
  • https://x.bidswitch.net/ul_cb/sync?&ssp=yieldmo HTTP 302
  • https://pixel.quantserve.com/pixel/p-zLwwakwy-hZw3.gif?idmatch=0&ssp=yieldmo&gdpr=&gdpr_consent= HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=76&user_group=2&ssp=yieldmo&gdpr=0&user_id=xxaSoZNGl6bcHpL9yBXcpMhCkvPcF5KmyRYnsrJb HTTP 302
  • https://ads.yieldmo.com/sync?userid=84efc425-6b61-4040-bd22-124692c6664b&pn_id=bsw&extinit=0&gdpr=0&gdpr_consent=
Request Chain 258
  • https://match.adsrvr.org/track/cmf/generic?&ttd_pid=yieldmo HTTP 302
  • https://ads.yieldmo.com/v000/sync?tdid=e0abe75f-a4ea-4fff-b6a5-5da8b250c6e4
Request Chain 259
  • https://sync.srv.stackadapt.com/sync?&nid=21 HTTP 302
  • https://ads.yieldmo.com/sync?pn_id=stk&userid=zMocoBWdTUFFZe1obrBfIS36GW4
Request Chain 260
  • https://bh.contextweb.com/bh/rtset?&pid=561118&ev=1&rurl=https://sync-pp.ads.yieldmo.com/sync?userid=%%VGUID%%&pn_id=pp HTTP 302
  • https://sync-pp.ads.yieldmo.com/sync?userid=EZ2yaDDdi7BZ&ev=1&pn_id=pp&pid=561118
Request Chain 262
  • https://ssum-sec.casalemedia.com/usermatchredir?s=183715&cb=https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D6725%2Ftp%3DINDX%2Ftpid%3D__UID__ HTTP 302
  • https://sync.crwdcntrl.net/map/c=6725/tp=INDX/tpid=Yc26.8PaJt5j23F1hnB8aQAA%26410
Request Chain 264
  • https://jadserve.postrelease.com/dmp/5?vk=d1f7c93abf4490836d860b8505530287&ntv_r=https://sync.crwdcntrl.net/map/c=8157/tp=NLDN/tpid=NTV_USER_ID HTTP 302
  • https://sync.crwdcntrl.net/map/c=8157/tp=NLDN/tpid=a26991cd-42eb-489d-b616-8596ebb2ccaf
Request Chain 298
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=Yc26-8PaJt5j23F1hnB8aQAAAZoAAAAB&gdpr_consent=&us_privacy=&gdpr= HTTP 302
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&google_gid=CAESEJxQV7hI1iBbVIijPff9ipw&google_cver=1
Request Chain 299
  • https://match.adsrvr.org/track/cmf/casale HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=e0abe75f-a4ea-4fff-b6a5-5da8b250c6e4&expiration=1643464700&gdpr=0&gdpr_consent=
Request Chain 301
  • https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=Yc26.8PaJt5j23F1hnB8aQAA HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEMWc9KIl89nheglcBUToqGw&google_cver=1&google_hm=2
Request Chain 304
  • https://nep.advangelists.com/xp/user-sync?acctid=405&redirect=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D195%26external_user_id%3D%7BPARTNER_VISITOR_ID%7D%0A HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=195&external_user_id=av-ceed50e2-8809-4021-87e0-b392520bb386
Request Chain 305
  • https://c1.adform.net/serving/cookie/match?party=29 HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=111&external_user_id=3938217731362747973&expiration=1642082300
Request Chain 310
  • https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=a9us&khaos=KXT18KCV-1V-9YVP HTTP 302
  • https://s.amazon-adsystem.com/ecm3?id=KXT18KCV-1V-9YVP&ex=d-rubiconproject.com&status=ok
Request Chain 321
  • https://token.rubiconproject.com/token?pid=2249&pt=n HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=MTliOTAzOTJmYTk4MjA5N2Y1ZTRiY2UwZjU3NWMzNDM4YzNhMDQ3OQ
Request Chain 322
  • https://token.rubiconproject.com/token?pid=25470 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1hUMThLQ1YtMVYtOVlWUA==
Request Chain 323
  • https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=Yc26_gABy-th-QAF
Request Chain 324
  • https://token.rubiconproject.com/token?pid=26594 HTTP 302
  • https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=KXT18KCV-1V-9YVP&sigv=1&esig=2~f9941affe2d1a53d6cec67e38ab6e43bc8fd4522
Request Chain 325
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEA75zPdGNYeDtkUPy4C7K60&google_cver=1
Request Chain 326
  • https://sync.mathtag.com/sync/img?mt_exid=9&redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D4222%26nid%3D1512%26put%3D%5BMM_UUID%5D HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=486e61cd-bafa-4300-ae81-e0c2b6322ca6&expires=28
Request Chain 328
  • https://match.adsrvr.org/track/cmf/rubicon HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=e0abe75f-a4ea-4fff-b6a5-5da8b250c6e4&gdpr=0&gdpr_consent=&expires=30
Request Chain 329
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMWc9KIl89nheglcBUToqGw&google_cver=1
Request Chain 330
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Yc26.8PaJt5j23F1hnB8aQAA HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMWc9KIl89nheglcBUToqGw&google_cver=1&google_hm=2
Request Chain 331
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
  • https://ib.adnxs.com/setuid?entity=101&code=CAESEM5H-YBcqdeUy1X45cmljVM&google_cver=1
Request Chain 332
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzE4Mzg3NTkyMjY3NTY5MDE2Nw%3D%3D
Request Chain 339
  • https://ssum.casalemedia.com/usermatchredir?s=190549&cb=https%3a%2f%2fcks.connatix.com%2fcks%3fpid%3d17%26ev%3df1a7817fe20f4597938371768ad6be84%26pname%3dIndex%26uid%3d HTTP 302
  • https://cks.connatix.com/cks?pid=17&ev=f1a7817fe20f4597938371768ad6be84&pname=Index&uid=Yc26.8PaJt5j23F1hnB8aQAA%26410
Request Chain 341
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=gapzaid&ttd_tpi=1 HTTP 302
  • https://cks.connatix.com/cks?pid=19&uid=e0abe75f-a4ea-4fff-b6a5-5da8b250c6e4&ttl=1643464700
Request Chain 342
  • https://ad.turn.com/r/cs?pid=67&redir=https%3a%2f%2fcks.connatix.com%2fcks%3fpid%3d21%26ev%3df1a7817fe20f4597938371768ad6be84%26pname%3dAmobee%26uid%3D%23USER_ID%23 HTTP 302
  • https://cks.connatix.com/cks?pid=21&ev=f1a7817fe20f4597938371768ad6be84&pname=Amobee&uid=8053738013470830884
Request Chain 343
  • https://secure.adnxs.com/getuid?https%3a%2f%2fcks.connatix.com%2fcks%3fpid%3d6%26ev%3df1a7817fe20f4597938371768ad6be84%26pname%3dAppNexus%26uid%3d%24UID HTTP 302
  • https://cks.connatix.com/cks?pid=6&ev=f1a7817fe20f4597938371768ad6be84&pname=AppNexus&uid=3183875922675690167
Request Chain 344
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=19564_2&endpoint=us-east HTTP 301
  • https://eus.rubiconproject.com/usync.html?p=19564_2&endpoint=us-east
Request Chain 346
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=105&redir=https%3a%2f%2fcks.connatix.com%2fcks%3fpid%3d9%26ev%3df1a7817fe20f4597938371768ad6be84%26pname%3dCentro%26uid%3d{userId} HTTP 302
  • https://cks.connatix.com/cks?pid=9&ev=f1a7817fe20f4597938371768ad6be84&pname=Centro&uid=no-consent
Request Chain 347
  • https://sync.search.spotxchange.com/partner?adv_id=8600&redir=https%3a%2f%2fcks.connatix.com%2fcks%3fpid%3d10%26ev%3df1a7817fe20f4597938371768ad6be84%26pname%3dSpotX%26uid%3d%24SPOTX_USER_ID HTTP 302
  • https://sync.search.spotxchange.com/partner?adv_id=8600&redir=https%3a%2f%2fcks.connatix.com%2fcks%3fpid%3d10%26ev%3df1a7817fe20f4597938371768ad6be84%26pname%3dSpotX%26uid%3d%24SPOTX_USER_ID&__user_check__=1&sync_id=8c0ce1c7-6978-11ec-90a6-12f84cd00503 HTTP 302
  • https://cks.connatix.com/cks?pid=10&ev=f1a7817fe20f4597938371768ad6be84&pname=SpotX&uid=8c0ce14d-6978-11ec-90a6-12f84cd00503
Request Chain 387
  • https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=19564_2&khaos=KXT18KCV-1V-9YVP HTTP 302
  • https://ck.connatix.com/cks?pid=11&uid=KXT18KCV-1V-9YVP HTTP 302
  • https://capi.connatix.com/core/us?DemandPartner=11&DemandPartnerUserId=KXT18KCV-1V-9YVP&UserId=
Request Chain 404
  • https://cm.g.doubleclick.net/pixel?google_nid=doubleverify_ddp&google_ula=7327243&google_hm=**&google_redir=https%3A%2F%2Ftps628.doubleverify.com%2Fbsevent.gif%3Fimpid%3Ddd8e5c5dd4e44ed680f5192e5aaa6445%26dvpx_gfbc%3D1&cbust=1640872701521798 HTTP 302
  • https://tps628.doubleverify.com/bsevent.gif?impid=dd8e5c5dd4e44ed680f5192e5aaa6445&dvpx_gfbc=1&cbust=1640872701521798&google_hm=2&google_ula=7327243,0
Request Chain 415
  • https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwww.baltimoresun.com%2F&domain=www.baltimoresun.com&cw=1&lsw=1 HTTP 302
  • https://mug.criteo.com/sid?cpp=oU1uEXw4M0ExTldXS0Y2a3B1UFZyejhMenpYTE4wYTZJRmI1NGRlejhvejBGeGpUZ0hGV1ExRk82MXpua0pXVFZSdC9VNEFoUEM3ZXRobGFFQVdTVExsUTNVTkhxQkIwczVDSkdlTFE2UnJpbjlzWFdXQW1nK3I2UkpLa1ZaM0crTDFNb1FvSXVxaGtPMTczOFRZck9ueXRaWkR0VEltcHhqaXZvekZzQmpZSzFuRFEwd0VUSWd1eHA3MkZ4cDlIZHRDS2NNbHhzMDlEQ2VIblBaY0lKV0Q4QkFZTXFJMnpidk9adUpoc0dTWFUzeVBQdEp4R29ndW1xbHZwNmZOQjYzaGtVfA&cppv=2
Request Chain 422
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Request Chain 437
  • https://cm.adgrx.com/bridge?AG_PID=pubmatic&AG_SETCOOKIE&gdpr=0&gdpr_consent= HTTP 302
  • https://cm.adgrx.com/bridge.gif?AG_PID=pubmatic&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDEmdGw9MTI5NjAw&piggybackCookie=8cc640ec-6978-11ec-9f00-7928b90ff49e
Request Chain 438
  • https://sync.srv.stackadapt.com/sync?nid=11 HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=zMocoBWdTUFFZe1obrBfIS36GW4
Request Chain 439
  • https://a.tribalfusion.com/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID} HTTP 302
  • https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
Request Chain 440
  • https://pm.w55c.net/ping_match.gif?ei=PUBMATIC&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:_wfivefivec_&gdpr=0&gdpr_consent= HTTP 302
  • https://pm.w55c.net/ping_match.gif?scc=1&ei=PUBMATIC&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:_wfivefivec_&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:Ev34cJ1d1N2VWK5&gdpr=0&gdpr_consent=
Request Chain 441
  • https://ums.acuityplatform.com/tum?umid=6 HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI5NDcmdGw9MTI5NjAw&piggybackCookie=635661617131
Request Chain 442
  • https://mweb.ck.inmobi.com/sync/15?redirect=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA%3D%3D%26piggybackCookie%3D%24DSP_CKID HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA==&piggybackCookie=5bb3797a-fc9f-4495-909a-e7dc4c592013
Request Chain 443
  • https://px.owneriq.net/epm?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzMmdGw9MTI5NjAw&piggybackCookie=$UID HTTP 302
  • https://px.owneriq.net/ecc?redir=https%3a%2f%2fsimage2.pubmatic.com%2fAdServer%2fPug%3fvcode%3dbz0yJnR5cGU9MSZjb2RlPTMwNzMmdGw9MTI5NjAw%26piggybackCookie%3dQ6941591021453854449&uid=Q6941591021453854449&ref=%2Fepm HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzMmdGw9MTI5NjAw&piggybackCookie=Q6941591021453854449
Request Chain 444
  • https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent= HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=1413777693 HTTP 302
  • https://sync.1rx.io/usersync/tradedesk/e0abe75f-a4ea-4fff-b6a5-5da8b250c6e4 HTTP 302
  • https://sync.targeting.unrulymedia.com/csync/RX-c726f1b5-f2ac-41a2-bd61-14d6eda8e3c6-005?redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA%3D%26piggybackCookie%3DRX-c726f1b5-f2ac-41a2-bd61-14d6eda8e3c6-005 HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-c726f1b5-f2ac-41a2-bd61-14d6eda8e3c6-005
Request Chain 446
  • https://beacon.lynx.cognitivlabs.com/pbmtc.gif?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0xJnR5cGU9MSZjb2RlPTM0MzkmdGw9MTI5NjAw&piggybackCookie=$UID HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0xJnR5cGU9MSZjb2RlPTM0MzkmdGw9MTI5NjAw&piggybackCookie=5d5a98bc-20aa-4663-b0c6-8b234992b77d&r=https://beacon.lynx.cognitivlabs.com/pbmtc.gif?puid=${PUBMATIC_UID} HTTP 302
  • https://beacon.lynx.cognitivlabs.com/pbmtc.gif?puid=9AEF885A-3E04-4A8E-9A29-6FFBCF07119E
Request Chain 447
  • https://trc.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw&piggybackCookie=uid:$UID HTTP 302
  • https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
Request Chain 448
  • https://gocm.c.appier.net/pubmatic HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=4YvWuSrvAdGO0tDJ_rrNYQ
Request Chain 449
  • https://csync.loopme.me/?redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie={device_id}&gdpr=0&gdpr_consent= HTTP 307
  • https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0
Request Chain 451
  • https://um.simpli.fi/pm_match?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:$UID HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:7C30F16DB53846EBADAE183D17DE974E
Request Chain 453
  • https://pixel.onaudience.com/?partner=214&mapped=9AEF885A-3E04-4A8E-9A29-6FFBCF07119E HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=xksw9la&ttd_tpi=1 HTTP 302
  • https://pixel.onaudience.com/?partner=147&mapped=e0abe75f-a4ea-4fff-b6a5-5da8b250c6e4&icm HTTP 302
  • https://loada.exelator.com/load/?p=1164&g=1&j=r&ru=https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D161%26icm%26cver%26mapped%3D%25%25UID%25%25 HTTP 302
  • https://loada.exelator.com/load/?p=1164&g=1&j=r&ru=https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D161%26icm%26cver%26mapped%3D%25%25UID%25%25&xl8blockcheck=1 HTTP 302
  • https://pixel.onaudience.com/?partner=161&icm&cver&mapped=1d905505bb6df16f493cc0ee5b2b8040
Request Chain 454
  • https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=9AEF885A-3E04-4A8E-9A29-6FFBCF07119E&gdpr= HTTP 302
  • https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=9AEF885A-3E04-4A8E-9A29-6FFBCF07119E&gdpr=&fbounce=1 HTTP 302
  • https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=9AEF885A-3E04-4A8E-9A29-6FFBCF07119E&addseg=10,33,39
Request Chain 456
  • https://io.narrative.io/?companyId=673&id=pubmatic_id:9AEF885A-3E04-4A8E-9A29-6FFBCF07119E HTTP 302
  • https://io.narrative.io/?io.narrative.guid.v2=8cc7a950-6978-11ec-b070-0a4515f2e365&companyId=673&id=pubmatic_id:9AEF885A-3E04-4A8E-9A29-6FFBCF07119E
Request Chain 458
  • https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=3183875922675690167&gdpr=0&gdpr_consent=
Request Chain 459
  • https://pubmatic-match.dotomi.com/match/bounce/current?networkId=17100&version=1&nuid=9AEF885A-3E04-4A8E-9A29-6FFBCF07119E&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTQ2MSZ0bD0xMDA4MA==&piggybackCookie=AQEI5WSSLymbeQI88T8DAQEBAQE&expiration=1640959102&nuid=9AEF885A-3E04-4A8E-9A29-6FFBCF07119E&gdpr_consent=&gdpr=0
Request Chain 460
  • https://sync.ipredictive.com/d/sync/cookie/generic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=${ADELPHIC_CUID}&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=8cc511ca-6978-11ec-8e12-35e553acf2fa&gdpr=0&gdpr_consent=
Request Chain 461
  • https://pmp.mxptint.net/sn.ashx?&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjc0NCZ0bD0xNTc2ODAw&piggybackCookie=R1D530_E8E99346_C4E563D7&r=https://pmp.mxptint.net/sn.ashx?ak=1 HTTP 302
  • https://pmp.mxptint.net/sn.ashx?ak=1
Request Chain 462
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=3&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=no-consent&gdpr=1&gdpr_consent=
Request Chain 463
  • https://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=IREE-HVBAf86GQSkLhJK_S5FBKo6EAT_LxFm1fGr
Request Chain 464
  • https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent= HTTP 302
  • https://pool.admedo.com/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic&bsw_custom_parameter=84efc425-6b61-4040-bd22-124692c6664b HTTP 302
  • https://pool.admedo.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic&bsw_custom_parameter=84efc425-6b61-4040-bd22-124692c6664b HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=23&expires=14&user_id=90bd4d5f-4394-4386-8714-56dd400fa3a8&user_group=1&ssp=pubmatic&bsw_param=84efc425-6b61-4040-bd22-124692c6664b HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=84efc425-6b61-4040-bd22-124692c6664b&gdpr=&gdpr_consent=&gdpr_pd=
Request Chain 465
  • https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=3938217731362747973
Request Chain 466
  • https://sync.resetdigital.co:10001/csync/pubmatic HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MTgmdGw9NzIwMA==&piggybackCookie=00000092C5414FF6
Request Chain 467
  • https://ads.playground.xyz/usersync/apn?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID HTTP 302
  • https://secure.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=3183875922675690167
Request Chain 468
  • https://match.adsby.bidtheatre.com/pubmaticmatch?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:a794a797-b9f7-4081-ae4a-618e8dd0e9da&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
Request Chain 491
  • https://aep.mxptint.net/sn.ashx?google_gid=CAESEFHlWJCQL-3oG-2fABAS6Bg&google_cver=1&google_push=AYg5qPJdWZfGZJFg-pFNIFrRKdWi5zcYkTGpSSvukmDljML1Qd0nOypFxe92yE-VkUYH663-kKPTuraxne_jEgnzX_DYK-9RMAAP4w HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=pf8b3zh4kyw&google_push=AYg5qPJdWZfGZJFg-pFNIFrRKdWi5zcYkTGpSSvukmDljML1Qd0nOypFxe92yE-VkUYH663-kKPTuraxne_jEgnzX_DYK-9RMAAP4w&google_hm=UjFENTMwX0U4RTk5MzQ2X0M0RTU2M0Q3
Request Chain 492
  • https://match.adsrvr.org/track/cmf/google?google_gid=CAESEB508fCLIBITC2slII6EGS0&google_cver=1&google_push=AYg5qPK_FQD4PbNO0DQdMfrBKhSmaO8Rfp9_cYYx018LgNKwDqAYhIETjwyXZy9vJEhQVqj5GHpZaaosajZvc-RiXP5G34d8YQMNBw HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=TheTradeDesk&google_hm=ZTBhYmU3NWYtYTRlYS00ZmZmLWI2YTUtNWRhOGIyNTBjNmU0&google_push&gdpr=0&gdpr_consent=&ttd_tdid=e0abe75f-a4ea-4fff-b6a5-5da8b250c6e4
Request Chain 495
  • https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEPsMfp3Y-2CyMDEIXZRvNA8&google_cver=1&google_push=AYg5qPKMrtDI5cttzwB5kUtnY8Wj6Etkru61hTzUwRHP1fSg7rBWlctRcUkN09tMGEFdOJquuLjGpULCROjH9gq2an3yILZ7nHq0Ew HTTP 302
  • https://sync.targeting.unrulymedia.com/csync/RX-c726f1b5-f2ac-41a2-bd61-14d6eda8e3c6-005?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAYg5qPKMrtDI5cttzwB5kUtnY8Wj6Etkru61hTzUwRHP1fSg7rBWlctRcUkN09tMGEFdOJquuLjGpULCROjH9gq2an3yILZ7nHq0Ew%26google_hm%3DBccm8bXyrEGivWEU1u2o48Y HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPKMrtDI5cttzwB5kUtnY8Wj6Etkru61hTzUwRHP1fSg7rBWlctRcUkN09tMGEFdOJquuLjGpULCROjH9gq2an3yILZ7nHq0Ew&google_hm=Bccm8bXyrEGivWEU1u2o48Y
Request Chain 496
  • https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEHO31S7kSVTq1HJtCvwhvts&google_cver=1&google_push=AYg5qPLNZOhgidZw7H5TP-fhxJn6OCUevwkg0O83q95b01wquemib_zLjqFNWLrIQkTyOAH4BS4O_QIlHLiBMJg5yoNkOaCZA2ZIzYM HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1Za0tnZVdoRTJ1RzVxaGtTdTYySmhmWG40QXBDajU4dX5B&google_push=AYg5qPLNZOhgidZw7H5TP-fhxJn6OCUevwkg0O83q95b01wquemib_zLjqFNWLrIQkTyOAH4BS4O_QIlHLiBMJg5yoNkOaCZA2ZIzYM
Request Chain 497
  • https://match.sharethrough.com/E4rooAtA/v1?google_gid=CAESEM3TlyaRZS6Vk8tulMpm2ug&google_cver=1&google_push=AYg5qPKHzhAvMmWusnn15qnxNtoymmywiecVz0TD5Mk9OcuQO5eq2XBFk6ywIpDrI4zhQAbQ1jOym51_qNa24KxmWY7FCZYVSNcLHAc HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=sharethrough_ob&google_hm=ZWRiMDFlMGItODIzNS00MTI0LWE1ZjMtN2IxMjFjYTFmYzQy&google_push=AYg5qPKHzhAvMmWusnn15qnxNtoymmywiecVz0TD5Mk9OcuQO5eq2XBFk6ywIpDrI4zhQAbQ1jOym51_qNa24KxmWY7FCZYVSNcLHAc
Request Chain 509
  • https://cm.g.doubleclick.net/pixel?google_nid=doubleverify_ddp&google_ula=7327243&google_hm=**&google_redir=https%3A%2F%2Ftpsc-nyc.doubleverify.com%2Fevent.png%3Fimpid%3D8a2c5f08dfc64973914014fc5f5902e0%26gdpr%3D%26gdpr_consent%3D%26dvpx_gfbc%3D1&cbust=1640872703129776 HTTP 302
  • https://tpsc-nyc.doubleverify.com/event.png?impid=8a2c5f08dfc64973914014fc5f5902e0&gdpr=&gdpr_consent=&dvpx_gfbc=1&cbust=1640872703129776&google_hm=2&google_ula=7327243,0
Request Chain 510
  • https://cm.g.doubleclick.net/pixel?google_nid=doubleverify_ddp&google_ula=7327243&google_hm=**&google_redir=https%3A%2F%2Ftpsc-nyc.doubleverify.com%2Fevent.png%3Fimpid%3D9f183a764c2f4219b774735c3f0f7e61%26gdpr%3D%26gdpr_consent%3D%26dvpx_gfbc%3D1&cbust=1640872703135994 HTTP 302
  • https://tpsc-nyc.doubleverify.com/event.png?impid=9f183a764c2f4219b774735c3f0f7e61&gdpr=&gdpr_consent=&dvpx_gfbc=1&cbust=1640872703135994&google_hm=2&google_ula=7327243,0
Request Chain 520
  • https://sb.scorecardresearch.com/c2/6036462/cs.js HTTP 302
  • https://sb.scorecardresearch.com/internal-c2/default/cs.js
Request Chain 526
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=svx9t50&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
  • https://eb2.3lift.com/xuid?mid=3658&xuid=e0abe75f-a4ea-4fff-b6a5-5da8b250c6e4&dongle=0cfd
Request Chain 527
  • https://ad.mrtnsvr.com/sync/triplelift HTTP 302
  • https://eb2.3lift.com/xuidmid=7976&xuid=WPai8rs4M&dongle=u6nf
Request Chain 528
  • https://cm.g.doubleclick.net/pixel?google_nid=triplelift&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
  • https://eb2.3lift.com/xuid?mid=5989&xuid=CAESENSGDZ9yW8ZjIo6Rd-iHTcQ&dongle=c627&gdpr=0&gdpr_consent=&google_cver=1
Request Chain 529
  • https://eb2.3lift.com/sync/google/demand?sync=1&gdpr=0&gdpr_consent= HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=0&gdpr_consent=&us_privacy=&google_hm=OTg2NTUwNjg0NjI1MjM5MjY1MQ%3D%3D
Request Chain 531
  • https://pr-bh.ybp.yahoo.com/sync/triplelift/9865506846252392651?gdpr=0&gdpr_consent= HTTP 302
  • https://eb2.3lift.com/xuid?mid=2662&xuid=y-Me1qqhBE2oRwoIr.FbVh4obSv45srJ96iUT8lm66ow--~A&dongle=0883
Request Chain 532
  • https://x.bidswitch.net/sync?ssp=triplelift&user_id=9865506846252392651&gdpr=0&gdpr_consent= HTTP 302
  • https://ads.creative-serving.com/bsw_sync?bidswitch_ssp_id=triplelift&bsw_custom_parameter=84efc425-6b61-4040-bd22-124692c6664b HTTP 302
  • https://ads.creative-serving.com/ul_cb/bsw_sync?bidswitch_ssp_id=triplelift&bsw_custom_parameter=84efc425-6b61-4040-bd22-124692c6664b HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=4&user_id=7b1da402-1df4-49d2-a432-a3660ada85a3&ssp=triplelift&expires=30&user_group=5&bsw_param=84efc425-6b61-4040-bd22-124692c6664b HTTP 302
  • https://eb2.3lift.com/xuid?mid=2409&xuid=84efc425-6b61-4040-bd22-124692c6664b&dongle=d3d3&gdpr=&gdpr_consent=&gdpr_pd=
Request Chain 535
  • https://b1sync.zemanta.com/usersync/triplelift?gdpr=0&gdpr_consent= HTTP 302
  • https://stags.bluekai.com/site/23178?id=uSv0OrXHcTHKOKS0Nm2e&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS6ZLCGIXDG3DJMZ2C4Y3PNUXXQ5LJMQ7WI33OM5WGKPLEMJQTQJTFPBRWQYLOM5ST25DSNFYGYZLMNFTHIJTHMRYHEPJQEZWWSZB5GI2DMMBGPB2WSZB5OVJXMMCPOJMEQY2UJBFU6S2TGBHG2MTF&gdpr=0 HTTP 302
  • https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS6ZLCGIXDG3DJMZ2C4Y3PNUXXQ5LJMQ7WI33OM5WGKPLEMJQTQJTFPBRWQYLOM5ST25DSNFYGYZLMNFTHIJTHMRYHEPJQEZWWSZB5GI2DMMBGPB2WSZB5OVJXMMCPOJMEQY2UJBFU6S2TGBHG2MTF HTTP 302
  • https://eb2.3lift.com/xuid?dongle=dba8&gdpr=0&mid=2460&xuid=uSv0OrXHcTHKOKS0Nm2e
Request Chain 546
  • https://trial-eum-clientnsv4-s.akamaihd.net/eum/getdns.txt?c=p2hmtflvb HTTP 302
  • https://fx5bs3qxg6thgyonxl7q-p2hmtf-b2a56155f-clientnsv4-s.akamaihd.net/eum/results.txt
Request Chain 547
  • https://trial-eum-clienttons-s.akamaihd.net/eum/getdns.txt?c=p2hmtflvb HTTP 302
  • https://fif7gbaea4aaajqacqnqaeyaabq43ox7-p2hmtf-4de565b37-clienttons-s.akamaihd.net/eum/results.txt
Request Chain 567
  • https://playerservices.live.streamtheworld.com/api/idsync.js?stationId=297663&gdpr=&gdpr_consent=&us_privacy= HTTP 302
  • https://playerservices.live.streamtheworld.com/api/idsync.js?stationId=297663&gdpr=&gdpr_consent=&us_privacy=&bounce=true
Request Chain 568
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=22106&endpoint=us-east&gdpr=&gdpr_consent=&us_privacy= HTTP 301
  • https://eus.rubiconproject.com/usync.html?p=22106&endpoint=us-east&gdpr=&gdpr_consent=&us_privacy=
Request Chain 593
  • https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=22106&gdpr=&gdpr_consent=&us_privacy=&khaos=KXT18KCV-1V-9YVP HTTP 302
  • https://exchange.remixd.com/setuid?bidder=rubicon&uid=KXT18KCV-1V-9YVP
Request Chain 601
  • https://synchroscript.deliveryengine.adswizz.com/getUID?curl=https%3A%2F%2Fgeo.ads.audio.thisisdax.com%2Fsync%3Ftp_id%3D766%26dsp_dax_listenerid=%24%7BUID%7D HTTP 302
  • https://geo.ads.audio.thisisdax.com/sync?tp_id=766&dsp_dax_listenerid=938da2495b23f9add6ca968d1acf11bd
Request Chain 602
  • https://synchroscript.deliveryengine.adswizz.com/getUID?curl=https%3A%2F%2Fgeo.ads.audio.thisisdax.com%2Fsync%3Ftp_id%3D764%26dsp_dax_listenerid=%24%7BUID%7D HTTP 302
  • https://geo.ads.audio.thisisdax.com/sync?tp_id=764&dsp_dax_listenerid=938da2495b23f9add6ca968d1acf11bd
Request Chain 603
  • https://synchroscript.deliveryengine.adswizz.com/getUID?curl=https%3A%2F%2Fgeo.ads.audio.thisisdax.com%2Fsync%3Ftp_id%3D765%26dsp_dax_listenerid=%24%7BUID%7D HTTP 302
  • https://geo.ads.audio.thisisdax.com/sync?tp_id=765&dsp_dax_listenerid=938da2495b23f9add6ca968d1acf11bd
Request Chain 604
  • https://synchroscript.deliveryengine.adswizz.com/getUID?curl=https%3A%2F%2Fgeo.ads.audio.thisisdax.com%2Fsync%3Ftp_id%3D777%26dsp_dax_listenerid=%24%7BUID%7D HTTP 302
  • https://geo.ads.audio.thisisdax.com/sync?tp_id=777&dsp_dax_listenerid=938da2495b23f9add6ca968d1acf11bd
Request Chain 605
  • https://synchroscript.deliveryengine.adswizz.com/getUID?curl=https%3A%2F%2Fgeo.ads.audio.thisisdax.com%2Fsync%3Ftp_id%3D773%26dsp_dax_listenerid=%24%7BUID%7D HTTP 302
  • https://geo.ads.audio.thisisdax.com/sync?tp_id=773&dsp_dax_listenerid=938da2495b23f9add6ca968d1acf11bd
Request Chain 606
  • https://x.bidswitch.net/sync?ssp=daxaudio HTTP 302
  • https://sync.mathtag.com/sync/img?mt_exid=46&redir=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D80%26user_id%3D%5BUUID%5D%26expires%3D30%26ssp%3Ddaxaudio%26bsw_param%3D84efc425-6b61-4040-bd22-124692c6664b&gdpr=&gdpr_consent= HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=80&user_id=486e61cd-bafa-4300-ae81-e0c2b6322ca6&expires=30&ssp=daxaudio&bsw_param=84efc425-6b61-4040-bd22-124692c6664b&gdpr=&gdpr_consent=
Request Chain 607
  • https://synchroscript.deliveryengine.adswizz.com/getUID?curl=https%3A%2F%2Fgeo.ads.audio.thisisdax.com%2Fsync%3Ftp_id%3D771%26dsp_dax_listenerid=%24%7BUID%7D HTTP 302
  • https://geo.ads.audio.thisisdax.com/sync?tp_id=771&dsp_dax_listenerid=938da2495b23f9add6ca968d1acf11bd
Request Chain 608
  • https://synchroscript.deliveryengine.adswizz.com/getUID?curl=https%3A%2F%2Fgeo.ads.audio.thisisdax.com%2Fsync%3Ftp_id%3D769%26dsp_dax_listenerid=%24%7BUID%7D HTTP 302
  • https://geo.ads.audio.thisisdax.com/sync?tp_id=769&dsp_dax_listenerid=938da2495b23f9add6ca968d1acf11bd
Request Chain 609
  • https://synchroscript.deliveryengine.adswizz.com/getUID?curl=https%3A%2F%2Fgeo.ads.audio.thisisdax.com%2Fsync%3Ftp_id%3D768%26dsp_dax_listenerid=%24%7BUID%7D HTTP 302
  • https://geo.ads.audio.thisisdax.com/sync?tp_id=768&dsp_dax_listenerid=938da2495b23f9add6ca968d1acf11bd
Request Chain 610
  • https://synchroscript.deliveryengine.adswizz.com/getUID?curl=https%3A%2F%2Fgeo.ads.audio.thisisdax.com%2Fsync%3Ftp_id%3D770%26dsp_dax_listenerid=%24%7BUID%7D HTTP 302
  • https://geo.ads.audio.thisisdax.com/sync?tp_id=770&dsp_dax_listenerid=938da2495b23f9add6ca968d1acf11bd
Request Chain 611
  • https://synchroscript.deliveryengine.adswizz.com/getUID?curl=https%3A%2F%2Fgeo.ads.audio.thisisdax.com%2Fsync%3Ftp_id%3D774%26dsp_dax_listenerid=%24%7BUID%7D HTTP 302
  • https://geo.ads.audio.thisisdax.com/sync?tp_id=774&dsp_dax_listenerid=938da2495b23f9add6ca968d1acf11bd
Request Chain 612
  • https://ib.adnxs.com/getuidnb?https://geo.ads.audio.thisisdax.com/sync?tp_id=763&dsp_dax_listenerid=$UID HTTP 302
  • https://geo.ads.audio.thisisdax.com/sync?tp_id=763&dsp_dax_listenerid=3183875922675690167
Request Chain 613
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=6kjs2rf&ttd_tpi=1 HTTP 302
  • https://geo.ads.audio.thisisdax.com/sync?tp_id=762&dsp_dax_listenerid=e0abe75f-a4ea-4fff-b6a5-5da8b250c6e4
Request Chain 620
  • https://ib.adnxs.com/getuid?https://yield-op-idsync.live.streamtheworld.com/pixel.gif?partner=an&uid=$UID&pubId=41773 HTTP 302
  • https://yield-op-idsync.live.streamtheworld.com/pixel.gif?partner=an&uid=3183875922675690167&pubId=41773
Request Chain 622
  • https://x.bidswitch.net/sync?ssp=triton&stn=REMIXD HTTP 302
  • https://cm.smadex.com/sync?sm_did=bds&bds_ssp_id=triton&bds_param=84efc425-6b61-4040-bd22-124692c6664b HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=340&user_id=9822fc74-ae5d-4703-8bca-6b52b296d10d&expires=10&ssp=triton&bsw_param=84efc425-6b61-4040-bd22-124692c6664b HTTP 302
  • https://yield-op-idsync.live.streamtheworld.com/pixel.gif?partner=bsw&uid=84efc425-6b61-4040-bd22-124692c6664b&stn=REMIXD
Request Chain 623
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=tpqk5an&ttd_puid=REMIXD&gdpr_consent HTTP 302
  • https://yield-op-idsync.live.streamtheworld.com/pixel.gif?partner=ttd&uid=e0abe75f-a4ea-4fff-b6a5-5da8b250c6e4&stn=REMIXD
Request Chain 624
  • https://synchroscript.deliveryengine.adswizz.com/getUID?curl=https%3A%2F%2Fyield-op-idsync.live.streamtheworld.com%2Fpixel.gif%3Fpartner%3Daw%26uid%3D%24%7BUID%7D%26pubId%3D41773 HTTP 302
  • https://yield-op-idsync.live.streamtheworld.com/pixel.gif?partner=aw&uid=938da2495b23f9add6ca968d1acf11bd&pubId=41773
Request Chain 625
  • https://ums.acuityplatform.com/tum?umid=133&uid=8722167b-8ba9-4542-b427-8761e06085ee&rurl=https%3A%2F%2Fyield-op-idsync.live.streamtheworld.com%2Fpixel.gif%3Fpartner%3Dacu%26uid%3D___AUID___%26pubId%3D41773 HTTP 302
  • https://yield-op-idsync.live.streamtheworld.com/pixel.gif?partner=acu&uid=635661617131&pubId=41773
Request Chain 627
  • https://sync.mathtag.com/sync/img?mt_exid=70&redir=https%3A%2F%2Fyield-op-idsync.live.streamtheworld.com%2Fpixel.gif%3Fpartner%3Dmm%26uid%3D%5BMM_UUID%5D%26pubId%3D41773 HTTP 302
  • https://yield-op-idsync.live.streamtheworld.com/pixel.gif?partner=mm&uid=486e61cd-bafa-4300-ae81-e0c2b6322ca6&pubId=41773
Request Chain 628
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=107&gdpr_consent&redir=https%3A%2F%2Fyield-op-idsync.live.streamtheworld.com%2Fpixel.gif%3Fpartner%3Dcto%26uid%3D%7BuserId%7D%26pubId%3D41773 HTTP 302
  • https://yield-op-idsync.live.streamtheworld.com/pixel.gif?partner=cto&uid=no-consent&pubId=41773
Request Chain 629
  • https://cm.g.doubleclick.net/pixel?google_nid=triton&google_sc&google_cm&stn=REMIXD HTTP 302
  • https://cmod.live.streamtheworld.com/cookiesync/pixel.gif?partner=dbm&uid=CAESEOWJqg3Fk4LhR3KB135xjDs&stn=REMIXD&google_cver=1
Request Chain 631
  • https://ad.turn.com/r/cs?pid=58&redir=https%3A%2F%2Fyield-op-idsync.live.streamtheworld.com%2Fpixel.gif%3Fpartner%3Damb%26uid%3D%23USER_ID%23%26pubId%3D41773 HTTP 302
  • https://yield-op-idsync.live.streamtheworld.com/pixel.gif?partner=amb&uid=8053738013470830884&pubId=41773
Request Chain 697
  • https://match.adsrvr.org/track/cmf/generic?gdpr=0&ttd_pid=054f32o&us_privacy=1---&ttd_tpi=1 HTTP 302
  • https://trc.taboola.com/sg/thetradedesk-network/1/rtb-h/?taboola_hm=e0abe75f-a4ea-4fff-b6a5-5da8b250c6e4
Request Chain 699
  • https://sync.search.spotxchange.com/partner?gdpr=0&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D0%26 HTTP 302
  • https://sync-t1.taboola.com/sg/spotx-rtb-network/1/rtb-h?taboola_hm=8c0ce14d-6978-11ec-90a6-12f84cd00503&orig=video&us_privacy=1---gdpr=0&
Request Chain 700
  • https://x.bidswitch.net/sync?gdpr=0&us_privacy=1---&ssp=taboola HTTP 302
  • https://inv-nets.admixer.net/adxcm.aspx?ssp=D41B0D84-4DB7-4D9C-81CC-3A497DB5D0A6&rurl=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D354%26user_id%3D%24%24visitor_cookie%24%24%26ssp%3Dtaboola%26bsw_param%3D84efc425-6b61-4040-bd22-124692c6664b%26gdpr%3D0%26consent%3D%26gdpr_pd%3D%26expires%3D7 HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=354&user_id=a5dabb708b24436a802a9a0ca6b4a427&ssp=taboola&bsw_param=84efc425-6b61-4040-bd22-124692c6664b&gdpr=0&consent=&gdpr_pd=&expires=7 HTTP 302
  • https://sync-t1.taboola.com/sg/bidswitch-network/1/rtb-h?taboola_hm=84efc425-6b61-4040-bd22-124692c6664b
Request Chain 705
  • https://match.adsrvr.org/track/cmf/generic?gdpr=0&ttd_pid=054f32o&us_privacy=1---&ttd_tpi=1 HTTP 302
  • https://trc.taboola.com/sg/thetradedesk-network/1/rtb-h/?taboola_hm=e0abe75f-a4ea-4fff-b6a5-5da8b250c6e4
Request Chain 706
  • https://sync.search.spotxchange.com/partner?gdpr=0&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D0%26 HTTP 302
  • https://sync-t1.taboola.com/sg/spotx-rtb-network/1/rtb-h?taboola_hm=8c0ce14d-6978-11ec-90a6-12f84cd00503&orig=video&us_privacy=1---gdpr=0&
Request Chain 707
  • https://x.bidswitch.net/sync?gdpr=0&us_privacy=1---&ssp=taboola HTTP 302
  • https://event.clientgear.com/cookie/bidswitch?partner=bidswitch&bidswitch_ssp_id=taboola&bsw_custom_parameter=84efc425-6b61-4040-bd22-124692c6664b HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=257&user_id=mk441c9ae4-4e00-4b3f-8579-89c4bf39aa31&expires=7&user_group=5&ssp=taboola&bsw_param=84efc425-6b61-4040-bd22-124692c6664b HTTP 302
  • https://sync-t1.taboola.com/sg/bidswitch-network/1/rtb-h?taboola_hm=84efc425-6b61-4040-bd22-124692c6664b
Request Chain 710
  • https://beacons.extremereach.io/cp-imp?cid=221992&creative_id=24269490&line_item=15671012&companion_id=0&er_ts=1640872705&session_id=PgVKMrIQmy0LKjpQhpc23E1640872705&er_fp=b342ca5fce51f581&subid1=novpaid&er_pm=ap&er_pt=0&us_privacy=%24%7BUS_PRIVACY%7D&gdpr_consent=&gdpr=&hasIpSync=1&hasBpmBidr=1& HTTP 302
  • https://beacons-ipv4.extremereach.io/ip-sync?fp=b342ca5fce51f58141905902281b481e&forwardto=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%2Fblisspoint%3Fbuyer_user_id%3D1-61cdbb01-77ee6d4e7997585a5473ad20.221992 HTTP 302
  • https://match.prod.bidr.io/cookie-sync/blisspoint?buyer_user_id=1-61cdbb01-77ee6d4e7997585a5473ad20.221992 HTTP 303
  • https://pixel.pointmediatracker.com/bsync?beeswax_id=AAFPok7Dm3YAAEBiNAEM6g&buyer_user_id=1-61cdbb01-77ee6d4e7997585a5473ad20.221992 HTTP 302
  • https://cdn.blisspointmedia.com/assets/img/pixel.gif
Request Chain 720
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?gdpr=0&p=15414&us_privacy=1---&endpoint= HTTP 301
  • https://eus.rubiconproject.com/usync.html?gdpr=0&p=15414&us_privacy=1---&endpoint=
Request Chain 722
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?gdpr=0&p=15414&us_privacy=1---&endpoint= HTTP 301
  • https://eus.rubiconproject.com/usync.html?gdpr=0&p=15414&us_privacy=1---&endpoint=
Request Chain 724
  • https://sync.1rx.io/usersync2/adswizz HTTP 302
  • https://sync.targeting.unrulymedia.com/csync/RX-c726f1b5-f2ac-41a2-bd61-14d6eda8e3c6-005?redir=https%3A%2F%2Fsynchroscript.deliveryengine.adswizz.com%2FsyncMe%3FpartnerDomain%3Drhythmxchange.com%26idType%3Dcookie%26partnerUserId%3DRX-c726f1b5-f2ac-41a2-bd61-14d6eda8e3c6-005 HTTP 302
  • https://synchroscript.deliveryengine.adswizz.com/syncMe?partnerDomain=rhythmxchange.com&idType=cookie&partnerUserId=RX-c726f1b5-f2ac-41a2-bd61-14d6eda8e3c6-005
Request Chain 728
  • https://pixel.rubiconproject.com/exchange/sync.php?p=15414&gdpr=0&us_privacy=1---&gdpr=0&us_privacy=1---&khaos=KXT18KCV-1V-9YVP HTTP 302
  • https://trc.taboola.com/sg/rubiconvideo-network/1/rtb-h/?taboola_hm=KXT18KCV-1V-9YVP&gdpr=0&us_privacy=1---
Request Chain 746
  • https://pixel.rubiconproject.com/exchange/sync.php?p=16698 HTTP 302
  • https://trc.taboola.com/sg/rubicon-network-display/1/rtb-h/?taboola_hm=KXT18KCV-1V-9YVP
Request Chain 747
  • https://bh.contextweb.com/bh/rtset?pid=562107&ev=1&rurl=https%3A%2F%2Fsync.taboola.com/sg/pulsepointrtb-network/1/rtb-h/?taboola_hm=%%VGUID%%&orig=trc HTTP 302
  • https://sync.taboola.com/sg/pulsepointrtb-network/1/rtb-h/?taboola_hm=EZ2yaDDdi7BZ&ev=1&orig=trc&pid=562107
Request Chain 748
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=359446293&pcid=edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e&is_fpcid=false HTTP 302
  • https://sync1.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=359446293&pcid=edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e&is_fpcid=false&ckls=true&ci=ycvoscIWvK&nc=false&trid=816819087 HTTP 302
  • https://image8.pubmatic.com/AdServer/ImgSync?p=156872&pu=https%3A%2F%2Fsync1.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26dpi%3D1402230080%26mi%3D10%26csh%3D359446293%26rnd%3D493460157%26pcid%3D%23PMUID HTTP 302
  • https://sync1.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=1402230080&mi=10&csh=359446293&rnd=493460157&pcid=9AEF885A-3E04-4A8E-9A29-6FFBCF07119E HTTP 302
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fsync1.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26dpi%3D1709765917%26mi%3D10%26csh%3D359446293%3B1402230080%26rnd%3D1279058907&pcid=$UID HTTP 302
  • https://sync1.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=1709765917&mi=10&csh=359446293;1402230080&rnd=1279058907&pcid=3183875922675690167 HTTP 302
  • https://sync.mathtag.com/sync/img?mt_exid=10019&redir=https%3A%2F%2Fsync1.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26dpi%3D1678944572%26mi%3D10%26csh%3D359446293%3B1402230080%3B1709765917%26rnd%3D-2009563315%26pcid=[MM_UUID] HTTP 302
  • https://sync1.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=1678944572&mi=10&csh=359446293;1402230080;1709765917&rnd=-2009563315&pcid=486e61cd-bafa-4300-ae81-e0c2b6322ca6 HTTP 302
  • https://u.openx.net/w/1.0/cm?id=476b50d3-5ccf-49a1-89b8-1ddf8ea18042&r=https%3A%2F%2Fsync1.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26dpi%3D1486637409%26mi%3D10%26csh%3D359446293%3B1402230080%3B1709765917%3B1678944572%26rnd%3D-655220293%26pcid%3D
Request Chain 752
  • https://aa.agkn.com/adscores/g.pixel?sid=9212237748&puid=edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e HTTP 302
  • https://d.agkn.com/pixel/10751/?che=1640872706426&ip=45.250.25.110&l1=https%3A%2F%2Ftrc.taboola.com%2Fsg%2Fneustar%2F1%2Fcm%3Ftaboola_hm%3D163850504016007010113 HTTP 302
  • https://trc.taboola.com/sg/neustar/1/cm?taboola_hm=163850504016007010113
Request Chain 754
  • https://i.liadm.com/s/32441?bidder_id=88068&bidder_uuid=edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e HTTP 303
  • https://i.liadm.com/s/64716?md5=&sha1=&sha2=&bidder_id=88068&bidder_uuid=edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e&previous_uuid=4496c83974014f90b4c0d1681ef92254 HTTP 303
  • https://i6.liadm.com/s/64716?sha1=&bidder_id=88068&sha2=&bidder_uuid=edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e&md5=
Request Chain 755
  • https://ib.adnxs.com/getuidnb?https://sync.taboola.com/sg/appnexus-network/1/rtb-h/?taboola_hm=$UID&orig=trc HTTP 302
  • https://sync.taboola.com/sg/appnexus-network/1/rtb-h/?taboola_hm=3183875922675690167&orig=trc
Request Chain 756
  • https://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_cm&google_sc HTTP 302
  • https://trc.taboola.com/sg/google-network/1/rtb-h/?taboola_hm=CAESEGV28zS88ltdfa6-GRMtgUs&google_cver=1
Request Chain 757
  • https://idsync.rlcdn.com/382399.gif?partner_uid=edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e&gdpr=0&gdpr_consent= HTTP 307
  • https://us-u.openx.net/w/1.0/cm?id=e508c905-ddce-4732-92a4-0b0f5b72a28f&r=https%3A%2F%2Fidsync.rlcdn.com%2F396846.gif%3Fserved_by%3Devergreen%26partner_uid%3D
Request Chain 759
  • https://ml314.com/utsync.ashx?eid=50077&et=0&fp=edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e&gdpr=0&gdpr_consent=&return=https%3a%2f%2fidsync.rlcdn.com%2f395886.gif%3fpartner_uid%3d%5bPersonID%5d HTTP 302
  • https://idsync.rlcdn.com/395886.gif?partner_uid=3624068251975680020 HTTP 307
  • https://ml314.com/csync.ashx?fp=774ccc348ceec109a7d4b0f8103331090bdbe392113a14d1a3ec7c204a5a26f7f4cb09cee1a4f8eb&person_id=3624068251975680020&eid=50082
Request Chain 760
  • https://sync.taboola.com/sg/google-network/1/rtb?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dtaboola_dbm%26google_sc%26gdpr%3D0%26gdpr_consent%3D&orig=trc HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_sc&gdpr=0&gdpr_consent=&google_hm=edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e
Request Chain 761
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=054f32o&ttd_tpi=1 HTTP 302
  • https://trc.taboola.com/sg/thetradedesk-network/1/rtb-h/?taboola_hm=e0abe75f-a4ea-4fff-b6a5-5da8b250c6e4
Request Chain 762
  • https://ce.lijit.com/merge?pid=42&3pid=edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e&us_privacy=&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=42&3pid=edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e&us_privacy=&gdpr=0&gdpr_consent=&dnr=1
Request Chain 764
  • https://www.storygize.net/ccm/4b560cdd-91f9-422b-adb7-e9dff26bc3ad?u=edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e HTTP 302
  • https://www.storygize.net/csr?r=https%3A%2F%2Fsync.taboola.com%2Fsg%2Fstorygize-network%2F1%2Frtb-h%3Ftaboola_hm%3D6cb39ed4-8fd5-4385-942a-b7d5ffd397fb HTTP 302
  • https://sync.taboola.com/sg/storygize-network/1/rtb-h?taboola_hm=6cb39ed4-8fd5-4385-942a-b7d5ffd397fb
Request Chain 768
  • https://dis.criteo.com/dis/usersync.aspx?r=29&p=282&cp=taboolaortb&cu=1&url=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fcriteortb-network%2F1%2Frtb-h%2F%3Ftaboola_hm%3D%40%40CRITEO_USERID%40%40 HTTP 302
  • https://sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/?taboola_hm=5d9efba0-4461-4c54-9e76-024563ed93ab
Request Chain 770
  • https://id5-sync.com/s/464/9.gif?puid=edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e&gdpr=0&gdpr_consent=&callback=https%3A%2F%2Fsync.taboola.com%2Fsg%2Fid5-network%2F1%2Frtb-h%2F%3Ftaboola_hm%3D%7BID5UID%7D HTTP 302
  • https://id5-sync.com/c/464/464/7/1.gif?puid=edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e&gdpr=0&gdpr_consent= HTTP 302
  • https://ib.adnxs.com/getuid?https://id5-sync.com/c/464/2/6/2.gif?puid=$UID&gdpr=0&gdpr_consent= HTTP 302
  • https://id5-sync.com/c/464/2/6/2.gif?puid=3183875922675690167&gdpr=0&gdpr_consent= HTTP 302
  • https://sync.mathtag.com/sync/img?mt_exid=10089&mt_exuid=ID5-ZHMOzsv5HH53hIx_1wPceJ0NfToMZAl8Btr34YiP2w&redir=https%3A%2F%2Fid5-sync.com%2Fc%2F464%2F3%2F5%2F3.gif%3Fpuid%3D%5BUUID%5D%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_consent= HTTP 302
  • https://id5-sync.com/c/464/3/5/3.gif?puid=486e61cd-bafa-4300-ae81-e0c2b6322ca6&gdpr=0&gdpr_consent= HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=8h9u11h&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
  • https://id5-sync.com/k/264.gif?puid=e0abe75f-a4ea-4fff-b6a5-5da8b250c6e4&ttl=%%TTL%% HTTP 302
  • https://cookie-matching.mediarithmics.com/v1/get_user_agent_id?dom_token=id517&sd=Y2FzY2FkZXNSZW1haW5pbmc9MyZjYXNjYWRlc0RvbmU9NSZpbml0aWF0aW5nUGFydG5lcj00NjQmZm9ybWF0PWdpZiY HTTP 303
  • https://cookie-matching.mediarithmics.com/v1/get_or_create?sd=Y2FzY2FkZXNSZW1haW5pbmc9MyZjYXNjYWRlc0RvbmU9NSZpbml0aWF0aW5nUGFydG5lcj00NjQmZm9ybWF0PWdpZiY&domid=1033 HTTP 303
  • https://cm.g.doubleclick.net/pixel?google_nid=medr&google_cm&key=GOO&sd=Y2FzY2FkZXNSZW1haW5pbmc9MyZjYXNjYWRlc0RvbmU9NSZpbml0aWF0aW5nUGFydG5lcj00NjQmZm9ybWF0PWdpZiY&action=GET_ID&opid=goo&etid=&domid=1033&ops=apx HTTP 302
  • https://cookie-matching.mediarithmics.com/input?key=GOO&key=GOO&sd=Y2FzY2FkZXNSZW1haW5pbmc9MyZjYXNjYWRlc0RvbmU9NSZpbml0aWF0aW5nUGFydG5lcj00NjQmZm9ybWF0PWdpZiY&action=GET_ID&opid=goo&etid=&domid=1033&ops=apx&google_gid=CAESEKHs4uVdYGATEGFhyfEoU5k&google_cver=1 HTTP 303
  • https://ib.adnxs.com/getuid?https://cookie-matching.mediarithmics.com/input?key=APX&apx_uid=$UID&opid=apx&ops=&utidl=tech:goo:CAESEKHs4uVdYGATEGFhyfEoU5k&sd=Y2FzY2FkZXNSZW1haW5pbmc9MyZjYXNjYWRlc0RvbmU9NSZpbml0aWF0aW5nUGFydG5lcj00NjQmZm9ybWF0PWdpZiY&action=GET_ID&etid=&domid=1033 HTTP 302
  • https://cookie-matching.mediarithmics.com/input?key=APX&apx_uid=3183875922675690167&opid=apx&ops=&utidl=tech:goo:CAESEKHs4uVdYGATEGFhyfEoU5k&sd=Y2FzY2FkZXNSZW1haW5pbmc9MyZjYXNjYWRlc0RvbmU9NSZpbml0aWF0aW5nUGFydG5lcj00NjQmZm9ybWF0PWdpZiY&action=GET_ID&etid=&domid=1033 HTTP 303
  • https://id5-sync.com/qp/18.gif?puid=vec%3A24013968869&sd=Y2FzY2FkZXNSZW1haW5pbmc9MyZjYXNjYWRlc0RvbmU9NSZpbml0aWF0aW5nUGFydG5lcj00NjQmZm9ybWF0PWdpZiY HTTP 302
  • https://ice.360yield.com/match?publisher_dsp_id=313&dsp_callback=1&external_user_id=ID5-ZHMOzsv5HH53hIx_1wPceJ0NfToMZAl8Btr34YiP2w&r=https%3A%2F%2Fid5-sync.com%2Fcq%2F464%2F916%2F2%2F6.gif%3Fpuid%3D%7BPUB_USER_ID%7D%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_consent= HTTP 302
  • https://ice.360yield.com/ul_cb/match?publisher_dsp_id=313&dsp_callback=1&external_user_id=ID5-ZHMOzsv5HH53hIx_1wPceJ0NfToMZAl8Btr34YiP2w&r=https%3A%2F%2Fid5-sync.com%2Fcq%2F464%2F916%2F2%2F6.gif%3Fpuid%3D%7BPUB_USER_ID%7D%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_consent= HTTP 302
  • https://id5-sync.com/cq/464/916/2/6.gif?puid=ee79c2a0-d18c-489d-9b60-44a222537d47&gdpr=0&gdpr_consent=&gdpr=0&gdpr_consent= HTTP 302
  • https://match.prod.bidr.io/cookie-sync/id5 HTTP 303
  • https://id5-sync.com/k/155.gif?id5AccountNum=155&numCascadesAllowed=9&puid=AAFPok7Dm3YAAEBiNAEM6g HTTP 302
  • https://sync.ipredictive.com/d/sync/cookie/generic?partner=id5&cspid=18&cb=&redirect=https%3A%2F%2Fid5-sync.com%2Fc%2F464%2F796%2F0%2F8.gif%3Fpuid%3D%24%7BADELPHIC_CUID%7D%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_consent=
Request Chain 771
  • https://pixel.advertising.com/ups/55973/sync?uid=edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e&_origin=1 HTTP 302
  • https://pixel.advertising.com/ups/55973/sync?uid=edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e&_origin=1&verify=true HTTP 302
  • https://ups.analytics.yahoo.com/ups/55973/sync?uid=edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e&_origin=1&apid=UP8f6eadce-6978-11ec-8109-02a123991559
Request Chain 773
  • https://bttrack.com/pixel/cookiesync?source=14b8c562-d12b-418b-b680-ad517d5839ec HTTP 302
  • https://sync.taboola.com/sg/bidtellectrtb-network/1/rtb-h?taboola_hm=f71e59a5-4380-468e-8ae7-4e9a544a02cd
Request Chain 775
  • https://x.bidswitch.net/sync?ssp=taboola&gdpr=0&gdpr_consent= HTTP 302
  • https://c1.adform.net/serving/cookie/match/?party=24&bidswitch_ssp_id=taboola HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=70&user_id=3938217731362747973&ssp=taboola HTTP 302
  • https://sync-t1.taboola.com/sg/bidswitch-network/1/rtb-h?taboola_hm=84efc425-6b61-4040-bd22-124692c6664b
Request Chain 777
  • https://rtb.mfadsrvr.com/sync?ssp=taboola HTTP 302
  • https://rtb.mfadsrvr.com/ul_cb/sync?ssp=taboola HTTP 302
  • https://sync.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=8d5f73aa-5fab-48ec-ad58-73e0411837e4 HTTP 302
  • https://match.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=8d5f73aa-5fab-48ec-ad58-73e0411837e4&tbid=edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e&query=taboola_hm%3D8d5f73aa-5fab-48ec-ad58-73e0411837e4&isDirect=0
Request Chain 778
  • https://u.openx.net/w/1.0/sd?id=543998486&val=edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e&gdpr=0&gdpr_consent= HTTP 302
  • https://u.openx.net/w/1.0/sd?cc=1&id=543998486&val=edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e&gdpr=0&gdpr_consent=
Request Chain 779
  • https://usermatch.krxd.net/um/v2?partner=taboola HTTP 302
  • https://trc.taboola.com/sg/salesforce/1/cm?taboola_hm=Okl69tJd
Request Chain 780
  • https://ads.betweendigital.com/match?bidder_id=43957&callback_url=https%3A%2F%2Fsync.taboola.com%2Fsg%2Fbetweenxrtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24%7BUSER_ID%7D HTTP 302
  • https://ads.betweendigital.com/match?bidder_id=43957&callback_url=https%3A%2F%2Fsync.taboola.com%2Fsg%2Fbetweenxrtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24%7BUSER_ID%7D&crf=1 HTTP 302
  • https://sync.taboola.com/sg/betweenxrtb-network/1/rtb-h?taboola_hm=f29d89c3-678f-516c-89b6-bbf7e87b00f5
Request Chain 782
  • https://cm.g.doubleclick.net/pixel?google_nid=taboolacom_ltd&google_sc&google_hm=r87uYfxHRL2OybblurZa3Q&google_redir=https%3A%2F%2Fsync.taboola.com%2Fsg%2Fadxxscod-network%2F1%2Frtb-h%2F%3Ftaboola_hm%3Dedce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e%26ui%3Dr87uYfxHRL2OybblurZa3Q HTTP 302
  • https://sync.taboola.com/sg/adxxscod-network/1/rtb-h/?taboola_hm=edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e&ui=r87uYfxHRL2OybblurZa3Q
Request Chain 815
  • https://ups.analytics.yahoo.com/ups/58534/occ HTTP 302
  • https://sync.taboola.com/sg/yahoosspus-network/1/rtb-h/?taboola_hm=y-V6oCjw5E2uE7.n9GAK.irzWNcjZGBIUsCgU4DAE-~A
Request Chain 816
  • https://ad.360yield.com/server_match?partner_id=1577gdpr=0&r=https%3A%2F%2Fsync.taboola.com%2Fsg%2Fimprovedigitalrtb-network%2F1%2Frtb-h%2F%3Ftaboola_hm%3D%7BPUB_USER_ID%7D HTTP 302
  • https://sync.taboola.com/sg/improvedigitalrtb-network/1/rtb-h/?taboola_hm=ee79c2a0-d18c-489d-9b60-44a222537d47
Request Chain 817
  • https://sync.technoratimedia.com/services?srv=cs&pid=70&cb=https%3A%2F%2Fsync.taboola.com%2Fsg%2Fsynacorrtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%5BUSER_ID%5D HTTP 307
  • https://sync.taboola.com/sg/synacorrtb-network/1/rtb-h?taboola_hm=1345D2117A8B4805B34CFE2437A6617D
Request Chain 818
  • https://ups.analytics.yahoo.com/ups/58533/occ HTTP 302
  • https://sync.taboola.com/sg/yahoossplatam-network/1/rtb-h/?taboola_hm=y-V6oCjw5E2uE7.n9GAK.irzWNcjZGBIUsCgU4DAE-~A
Request Chain 820
  • https://ups.analytics.yahoo.com/ups/58534/occ HTTP 302
  • https://sync.taboola.com/sg/yahoosspus-network/1/rtb-h/?taboola_hm=y-V6oCjw5E2uE7.n9GAK.irzWNcjZGBIUsCgU4DAE-~A
Request Chain 821
  • https://cs.emxdgt.com/um?redirect=https%3A%2F%2Fsync.taboola.com%2Fsg%2Femxdigitalrtb-network%2F1%2Frtb-h%2F%3Ftaboola_hm%3D%24UID HTTP 302
  • https://ib.adnxs.com/getuid?https://cs.emxdgt.com/umcheck?apnxid=$UID&redirect=https%3A%2F%2Fsync.taboola.com%2Fsg%2Femxdigitalrtb-network%2F1%2Frtb-h%2F%3Ftaboola_hm%3D%24EMXUID&b64_redirect=aHR0cHM6Ly9zeW5jLnRhYm9vbGEuY29tL3NnL2VteGRpZ2l0YWxydGItbmV0d29yay8xL3J0Yi1oLz90YWJvb2xhX2htPSRFTVhVSUQ= HTTP 302
  • https://cs.emxdgt.com/umcheck?apnxid=3183875922675690167&redirect=https://sync.taboola.com/sg/emxdigitalrtb-network/1/rtb-h/?taboola_hm=$EMXUID&b64_redirect=aHR0cHM6Ly9zeW5jLnRhYm9vbGEuY29tL3NnL2VteGRpZ2l0YWxydGItbmV0d29yay8xL3J0Yi1oLz90YWJvb2xhX2htPSRFTVhVSUQ= HTTP 302
  • https://sync.taboola.com/sg/emxdigitalrtb-network/1/rtb-h/?taboola_hm=3183875922675690167brt66701640872710284159bd
Request Chain 822
  • https://bh.contextweb.com/bh/rtset?gdpr=0&pid=560382&ev=1&us_privacy=1---&rurl=https%3A%2F%2Fsync.taboola.com%2Fsg%2Frtb-pulsepoint-network%2F1%2Frtb-h%2F%3Fgdpr%3D0%26taboola_hm%3D%25%25VGUID%25%25%26orig%3Dvideo%26us_privacy%3D1--- HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=contextweb&google_cm&google_sc&google_hm=X1J4Z0V6RUVNSUxoUW90ejVVa21Xdw&gdpr=&gdpr_consent= HTTP 302
  • https://bh.contextweb.com/bh/rtset?do=add&pid=547259&gdpr=&gdpr_consent=&ev=CAESEG-mr-CjVYVaQkQ6cdXDsqs&google_cver=1 HTTP 302
  • https://sync.taboola.com/sg/rtb-pulsepoint-network/1/rtb-h/?gdpr=0&taboola_hm=EZ2yaDDdi7BZ&orig=video&us_privacy=1---&ev=1&us_privacy=1---&pid=560382&gdpr=0
Request Chain 823
  • https://ad.360yield.com/server_match?partner_id=1577gdpr=0&r=https%3A%2F%2Fsync.taboola.com%2Fsg%2Fimprovedigitalrtb-network%2F1%2Frtb-h%2F%3Ftaboola_hm%3D%7BPUB_USER_ID%7D HTTP 302
  • https://sync.taboola.com/sg/improvedigitalrtb-network/1/rtb-h/?taboola_hm=ee79c2a0-d18c-489d-9b60-44a222537d47
Request Chain 825
  • https://secure.adnxs.com/getuid?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=$UID&us_privacy=1--- HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=3183875922675690167&us_privacy=1---
Request Chain 827
  • https://sync.mathtag.com/sync/img?mt_exid=15&redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D3%26external_user_id%3D%5BMM_UUID%5D&us_privacy=1--- HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=486e61cd-bafa-4300-ae81-e0c2b6322ca6
Request Chain 829
  • https://ib.adnxs.com/getuid?https://dsum.casalemedia.com/crum?cm_dsp_id=190&external_user_id=$UID&us_privacy=1--- HTTP 302
  • https://dsum.casalemedia.com/crum?cm_dsp_id=190&external_user_id=3183875922675690167&us_privacy=1---
Request Chain 833
  • https://us-u.openx.net/w/1.0/cm?gdpr=0&us_privacy=1---&id=37f45540-fa88-4005-bf73-8a7ac39467e3&r=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fopenxrtb-network%2F1%2Frtb-h%2F%3Fgdpr%3D0%26us_privacy%3D1---%26orig%3Dvideo%26taboola_hm%3D HTTP 302
  • https://sync-t1.taboola.com/sg/openxrtb-network/1/rtb-h/?gdpr=0&us_privacy=1---&orig=video&taboola_hm=c2756fd5-2f8f-4926-adc4-8d6470932b22

852 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
sWUTVYxdMM
t.co/ 		504 B
685 B 		Document
General
Check archive.org
Download Go to
Full URL
https://t.co/sWUTVYxdMM
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.197 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_b /
Resource Hash
a901e5e138e58fa2a82c2a70a6018b55f045a0ef2688d91681c2a519dfc588c3
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-US,en;q=0.9

Response headers

date
Thu, 30 Dec 2021 13:58:16 GMT
vary
Origin
server
tsa_b
expires
Thu, 30 Dec 2021 14:03:16 GMT
content-type
text/html; charset=utf-8
cache-control
private,max-age=300
content-length
250
content-encoding
gzip
x-xss-protection
0
strict-transport-security
max-age=0
x-response-time
12
x-connection-hash
ba26ddd80d1d67a8e534ef0820ec056f6e890652df825870e3883944ced7373a
Primary Request bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
www.baltimoresun.com/coronavirus/ 		368 KB
86 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Requested by
Host: t.co
URL: https://t.co/sWUTVYxdMM
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:13::17d7:822b New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
openresty /
Resource Hash
acd36ab0af49cbeda0afdc6b5dfc79d463b65e51a9785015b78a798f4a28744a
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-US,en;q=0.9
Referer
https://t.co/

Response headers

content-type
text/html;charset=UTF-8
server
openresty
last-modified
Thu, 30 Dec 2021 13:28:39 GMT
x-akamai-transformed
9 372354 0 pmb=mRUM,2
vary
Accept-Encoding
content-encoding
gzip
cache-control
private, max-age=60
expires
Thu, 30 Dec 2021 13:59:16 GMT
date
Thu, 30 Dec 2021 13:58:16 GMT
server-timing
cdn-cache; desc=HIT edge; dur=13
content-security-policy
upgrade-insecure-requests
config.js
confiant-integrations.global.ssl.fastly.net/iPNj4YuXevI1r0eINnXsONTfIbc/gpt_and_prebid/ 		86 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://confiant-integrations.global.ssl.fastly.net/iPNj4YuXevI1r0eINnXsONTfIbc/gpt_and_prebid/config.js
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.129.194 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e89fb1a3b569a78fcfe9dadea880aa997e17ad07255b823b61e02703abc60871

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 30 Dec 2021 13:58:16 GMT
Content-Encoding
gzip
Age
3033
X-Cache
HIT
Connection
keep-alive
Content-Length
19298
x-amz-id-2
vCQn0hicZTF3LXtaRngJIyLckLr3+j6EB/rLas8hfReWSCuEu/urrN/e/tffjteN+x8rJrk/5p4=
X-Served-By
cache-dca17768-DCA
Last-Modified
Thu, 30 Dec 2021 12:12:21 GMT
Server
AmazonS3
X-Timer
S1640872697.661524,VS0,VE0
ETag
"b852cf03232a25b38a6e722db7167f08"
x-amz-request-id
CWDT6562E7BXFNN0
Via
1.1 varnish
Cache-Control
public, max-age=900, stale-while-revalidate=3600
Accept-Ranges
bytes
Content-Type
text/javascript
X-Cache-Hits
18
gpt.js
securepubads.g.doubleclick.net/tag/js/ 		78 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.72.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s32-in-f2.1e100.net
Software
sffe /
Resource Hash
4cfab73f48ea3a2c03aa2520f0de01c65bb730a123b6966d3585a5627351e181
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1086 / 56 of 1000 / last-modified: 1639397097"
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
26908
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Thu, 30 Dec 2021 13:58:16 GMT
apstag.js
c.amazon-adsystem.com/aax2/ 		134 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/aax2/apstag.js
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.192.160.42 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-54-192-160-42.ewr53.r.cloudfront.net
Software
Server /
Resource Hash
d8c62b0d4ac621bedd0ca5a4e96b12a77118338d4166f94d65c15bb154d455aa

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id
xUeNBuEDRjo1_AuSe_XD.vIwQeNZ8qJr
content-encoding
gzip
etag
4da12c74ee926b2a11a4e43bfb72b2fd
age
16965
x-cache
Hit from cloudfront
server
Server
x-amz-rid
0SJBKRXK27PHMJ4K00HJ
date
Thu, 30 Dec 2021 09:15:31 GMT
vary
Accept-Encoding
content-type
application/javascript
via
1.1 b2406c07406aaa3fa3e9edc1125ffcf8.cloudfront.net (CloudFront)
cache-control
public, max-age=86400
x-amz-cf-pop
EWR53-C3
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
iKrzE-4rLEHmKEEWdOewhxfmjaMBty4_V2QFU1KiGBxhs_Z5rcl3Lg==
css2
fonts.googleapis.com/ 		4 KB
627 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Spectral:wght@400;500;700&display=swap
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81d::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
0263e1cae993e2ffc249131d904643bc99dfbaaac022fa762a34d9459af4c8f0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Thu, 30 Dec 2021 13:20:42 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Thu, 30 Dec 2021 13:58:16 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 30 Dec 2021 13:58:16 GMT
css2
fonts.googleapis.com/ 		8 KB
796 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Open+Sans:wght@400;700;800&display=swap
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81d::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
fd3f93f729909fd4b39390fbd69f6505503d7f9a0fab820907bd88c22f0853ca
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Thu, 30 Dec 2021 13:32:40 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Thu, 30 Dec 2021 13:58:16 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 30 Dec 2021 13:58:16 GMT
css2
fonts.googleapis.com/ 		2 KB
927 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Lato:wght@400;700;900&display=swap
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81d::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
5442f87efbd6d519174909df3299423a48540ab21842316daa021299fc65012f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Thu, 30 Dec 2021 13:49:35 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Thu, 30 Dec 2021 13:58:16 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 30 Dec 2021 13:58:16 GMT
balnews-framework1182ffa19d76d40ef0af.css
www.baltimoresun.com/pb/resources/gdist/1182ffa19d76d40ef0af/balnews/ 		37 KB
8 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.baltimoresun.com/pb/resources/gdist/1182ffa19d76d40ef0af/balnews/balnews-framework1182ffa19d76d40ef0af.css?v=299
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:13::17d7:822b New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
openresty /
Resource Hash
0cfd9cdfffcce403b6f36df8ae21ebb9d9734e049b5871e2c58f436ec46064be
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id
FyycXBvbri3h.SSGisJooygjJ3_NfEIM
content-encoding
gzip
etag
"bb30a4a28b6b5c6718ad15948d7beb40"
x-amz-request-id
TTJK7M08ESEPMH90
server-timing
cdn-cache; desc=HIT, edge; dur=1
content-length
7867
x-amz-id-2
8Ix5kYl/5pPN29yYv3GPd+jmSzZTRdtJEaxTJgQUwfotWKAONaVPxg38dAO02BqNNLftpswITf4=
last-modified
Thu, 09 Dec 2021 17:06:53 GMT
server
openresty
date
Thu, 30 Dec 2021 13:58:16 GMT
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
content-security-policy
upgrade-insecure-requests
accept-ranges
bytes
expires
Fri, 30 Dec 2022 13:58:16 GMT
balnews-features1182ffa19d76d40ef0af.css
www.baltimoresun.com/pb/resources/gdist/1182ffa19d76d40ef0af/balnews/ 		16 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.baltimoresun.com/pb/resources/gdist/1182ffa19d76d40ef0af/balnews/balnews-features1182ffa19d76d40ef0af.css?v=299
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:13::17d7:822b New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
openresty /
Resource Hash
a3bbe644b3d4224f5fa9818016c32de6d42adb32c432c7bfc15063ca7f40a4dc
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id
VntQp384afFjx1cDCRtAnyHjPG5keIEF
content-encoding
gzip
etag
"7401c5f6e34f1cdbd6703ddba3273af5"
x-amz-request-id
TTJMDPHR6D7V5C5Y
server-timing
cdn-cache; desc=HIT, edge; dur=1
content-length
3882
x-amz-id-2
prnEWNjt/vRO13hs/BVvyqOwi5S5onRT1/tMY7qxssL33y6xY201aEdJXDd5e4+kd6RO0rFrJ8w=
last-modified
Thu, 09 Dec 2021 17:06:53 GMT
server
openresty
date
Thu, 30 Dec 2021 13:58:16 GMT
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
content-security-policy
upgrade-insecure-requests
accept-ranges
bytes
expires
Fri, 30 Dec 2022 13:58:16 GMT
balnews-services1182ffa19d76d40ef0af.css
www.baltimoresun.com/pb/resources/gdist/1182ffa19d76d40ef0af/balnews/ 		17 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.baltimoresun.com/pb/resources/gdist/1182ffa19d76d40ef0af/balnews/balnews-services1182ffa19d76d40ef0af.css?v=299
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:13::17d7:822b New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
openresty /
Resource Hash
834148c265906aadbcc02bcaefe38a6ad8afb80bff27945a3e65000262ff2e35
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id
gwYyd9mnoBiL3om7TtmXu.Biwa28Xhth
content-encoding
gzip
etag
"5e6c2ea1b999e07cbb71cce376716fb6"
x-amz-request-id
TTJN52153FAR2G2F
server-timing
cdn-cache; desc=HIT, edge; dur=1
content-length
3432
x-amz-id-2
1fxWvVugji8t8fJyi5KSCJTqgZighzvxg9l2+BorYGd5PusEOCvbQNojDRupvz9PttHjcS965yI=
last-modified
Thu, 09 Dec 2021 17:06:53 GMT
server
openresty
date
Thu, 30 Dec 2021 13:58:16 GMT
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
content-security-policy
upgrade-insecure-requests
accept-ranges
bytes
expires
Fri, 30 Dec 2022 13:58:16 GMT
otSDKStub.js
cdn.cookielaw.org/scripttemplates/ 		19 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4d2a74d8b25e1ccd4b1294b0b937804bc24aeea7f46edad3f3c1f91604d2708c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 30 Dec 2021 13:58:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
BXRr8anumVFsMvgN5QlueA==
age
9054
vary
Accept-Encoding
content-length
6508
x-ms-lease-status
unlocked
last-modified
Fri, 17 Dec 2021 17:08:36 GMT
server
cloudflare
etag
0x8D9C17FDD6FB88D
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
3c71a11f-401e-0096-2a7b-f3bad2000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
6c5bc83218707f9e-IAD
loader.js
cdn.taboola.com/libtrc/tribunedigital-network/ 		1 MB
97 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.taboola.com/libtrc/tribunedigital-network/loader.js
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
8c1c9bcac701d914dce9b928a57bb65f59e23f30077d85e8fe907d93a35f3986

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id
rRTGRuDlvJyI7MswA3pAt7E04oGvDaTn
content-encoding
gzip
etag
"c774e2555e5aca65f25a34bcdfd0f709"
age
12216
x-cache
HIT
content-length
98955
x-amz-id-2
kwd1pRufwL8hVd/F3N13exCTEZ6ixilDRPF4Zi6Wc7K2Ow8onA2Xh7Nxm67DeiHVZzMZGAu+JWQ=
x-served-by
cache-dca17780-DCA
last-modified
Thu, 30 Dec 2021 10:32:21 GMT
server
AmazonS3
x-timer
S1640872697.787341,VS0,VE0
date
Thu, 30 Dec 2021 13:58:16 GMT
vary
Accept-Encoding
x-amz-request-id
0835NQA2WVPGB1FH
via
1.1 varnish
cache-control
private,max-age=14401
accept-ranges
bytes
content-type
application/javascript; charset=utf-8
abp
48
x-cache-hits
4
zephr-browser.umd.js
assets.zephr.com/zephr-browser/1.3.9/ 		39 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.zephr.com/zephr-browser/1.3.9/zephr-browser.umd.js
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.210.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-210-98.ewr50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
fcac0e1a4f11bbf64e60b1305ef1b935ff5c41e49d150c42ca8d8d6464dc240f

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 00:52:49 GMT
via
1.1 cb7f1fdf6954dd7324e8117a63207a3c.cloudfront.net (CloudFront)
last-modified
Tue, 27 Apr 2021 11:02:55 GMT
server
AmazonS3
age
47128
etag
"c531ce77a9ff6380e9671dee680a2102"
x-cache
Hit from cloudfront
content-type
application/javascript
x-amz-cf-pop
EWR50-C1
accept-ranges
bytes
content-length
40130
x-amz-cf-id
CtcOOuxrgBTSzkc9tCqS_Cd_MZFgchb6BugaggYIaAZve3EOJGdsaw==
zephr-minify.1.0.1.js
assets.zephr.com/tribune/ 		1 KB
929 B 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.zephr.com/tribune/zephr-minify.1.0.1.js
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.210.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-210-98.ewr50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
ed6b237b687782c7d85630dec9239d26965f826b0b1a64d2817b4dec65db486a

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 29 Dec 2021 23:53:50 GMT
content-encoding
br
last-modified
Mon, 19 Apr 2021 11:32:39 GMT
server
AmazonS3
age
50667
etag
W/"d9f4fec80c2b61c13ef9d38b99f5708c"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 cb7f1fdf6954dd7324e8117a63207a3c.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR50-C1
x-amz-cf-id
-h9_NboPLIot2_phl-zNvr3rP3-aN3yYk46pP6Bl6V6htwU48TbXJw==
main.js
tribune-baltimoresunclassic.zeustechnology.com/ 		237 KB
53 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tribune-baltimoresunclassic.zeustechnology.com/main.js
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.230.162.112 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-54-230-162-112.ewr53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
f504b556b358863cf0d102c645cd26f871033d8f2452103bcb12ccddcdd2a80d

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id
Wg_zm6UgZCRRbuYSFLhnlBx4k9y7Gguq
content-encoding
br
last-modified
Tue, 14 Dec 2021 21:13:21 GMT
server
AmazonS3
age
2549
etag
W/"bd011428bd0e742f32bc94359f4dc12b"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 df1151801209e878a7d395961b098b21.cloudfront.net (CloudFront)
cache-control
max-age=600,s-maxage=3600
date
Thu, 30 Dec 2021 13:15:48 GMT
x-amz-cf-pop
EWR53-C3
x-amz-cf-id
-tnVS0_EnTM-COCBz75OhMCG6W52LguAYjGANO2-a361QCogjmUolQ==
balnews-metrics1182ffa19d76d40ef0af.js
www.baltimoresun.com/pb/resources/gdist/1182ffa19d76d40ef0af/balnews/ 		35 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.baltimoresun.com/pb/resources/gdist/1182ffa19d76d40ef0af/balnews/balnews-metrics1182ffa19d76d40ef0af.js?v=299
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:13::17d7:822b New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
openresty /
Resource Hash
0f4d9e5596ab8d88f5cd68ea64b7cb3f4a7d6f47aa8830abe72f9cef6a19c758
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id
pIxNJv0oG0B3IXGPc14_a0so1GJHhkz5
content-encoding
gzip
etag
"7fecc13dd1b482e4f667dcc4d696eea5"
x-amz-request-id
TTJTC5J1H3BWRYRY
server-timing
cdn-cache; desc=HIT, edge; dur=1
content-length
11233
x-amz-id-2
M4AMiqH0QeWn2PPWDlT1k/f38S+XuP++GdDI8B1u7C9JVdD3Bj6vjXphLqcNmTyFcMgn1mWN2Z8=
last-modified
Thu, 09 Dec 2021 17:06:53 GMT
server
openresty
date
Thu, 30 Dec 2021 13:58:16 GMT
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
content-security-policy
upgrade-insecure-requests
accept-ranges
bytes
expires
Fri, 30 Dec 2022 13:58:16 GMT
balnews-lib1182ffa19d76d40ef0af.js
www.baltimoresun.com/pb/resources/gdist/1182ffa19d76d40ef0af/balnews/ 		118 KB
41 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.baltimoresun.com/pb/resources/gdist/1182ffa19d76d40ef0af/balnews/balnews-lib1182ffa19d76d40ef0af.js?v=299
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:13::17d7:822b New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
openresty /
Resource Hash
9d621880e1af103e6a169b83fe62ef53ceffa55f5217fb792172333c7cbacd74
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id
J9w3Sgh6hPKDFIEd7TnOymNFalGnbjGz
content-encoding
gzip
etag
"362119fc902fbc46f8fe404d724a9091"
x-amz-request-id
TTJPZYSDYFFEXMMH
date
Thu, 30 Dec 2021 13:58:16 GMT
server-timing
cdn-cache; desc=HIT, edge; dur=1
content-length
41465
x-amz-id-2
vezq2LG6BFP+te4HOn+NgC+2Ht29zZVM+d948UhsnYMRAzcX3BHaSzc5IqOOO7RYTrrSFCf+uIw=
last-modified
Thu, 09 Dec 2021 17:06:56 GMT
server
openresty
x-edgeconnect-cache-status
1
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
content-security-policy
upgrade-insecure-requests
accept-ranges
bytes
expires
Fri, 30 Dec 2022 13:58:16 GMT
balnews-index1182ffa19d76d40ef0af.js
www.baltimoresun.com/pb/resources/gdist/1182ffa19d76d40ef0af/balnews/ 		34 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.baltimoresun.com/pb/resources/gdist/1182ffa19d76d40ef0af/balnews/balnews-index1182ffa19d76d40ef0af.js?v=299
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:13::17d7:822b New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
openresty /
Resource Hash
dc51aa66c36a48c0dc54e8bec5b9752bb7b12ac4fbc89522b6a5e1f75f7cbc03
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id
ykr408MDJLeGdwUd3A4cujL39pFjRpur
content-encoding
gzip
etag
"ebcb31518777b3ba4f7370d34b58b501"
x-amz-request-id
TTJVEK72A34XN10M
server-timing
cdn-cache; desc=HIT, edge; dur=1
content-length
10138
x-amz-id-2
NVjnuph890vfDBkhXrFzjlVVUbNaGS44uzVXXmfvpsQPDwtFpj/q/mz53YjNpimCqCPcpZNv4u8=
last-modified
Thu, 09 Dec 2021 17:06:53 GMT
server
openresty
date
Thu, 30 Dec 2021 13:58:16 GMT
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
content-security-policy
upgrade-insecure-requests
accept-ranges
bytes
expires
Fri, 30 Dec 2022 13:58:16 GMT
tinygif.gif
www.baltimoresun.com/pb/resources/images/ 		26 B
441 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.baltimoresun.com/pb/resources/images/tinygif.gif?v=299
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:13::17d7:822b New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
openresty /
Resource Hash
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id
9T5taX9RwjHrNVNqwC0.yQG5VOUlx6w9
last-modified
Thu, 09 Dec 2021 17:06:55 GMT
server
openresty
x-amz-request-id
BNRQF62QZNW8773C
etag
"6a43099d5c8fe991a7aa7ebaca53069d"
content-type
image/gif
access-control-allow-origin
*
cache-control
max-age=31536000
date
Thu, 30 Dec 2021 13:58:16 GMT
content-security-policy
upgrade-insecure-requests
server-timing
cdn-cache; desc=HIT, edge; dur=1
accept-ranges
bytes
content-length
26
x-amz-id-2
MHPD1z9zMLTv5218uaJyMmvMB0sRG2l2MIn+V5Ujjw08jMchnywPk9TQ60xcbPvVrMcluPmQgbE=
expires
Fri, 30 Dec 2022 13:58:16 GMT
embedcode.php
embed.sendtonews.com/player3/ 		81 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://embed.sendtonews.com/player3/embedcode.php?fk=N2Hxdj0R&cid=4643&floatwidth=400&offsetx=0&offsety=50&floatposition=bottom-right
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
50.17.208.58 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-50-17-208-58.compute-1.amazonaws.com
Software
Apache /
Resource Hash
5b9e14d715735265ef2a440f07ea9bb0e0738028232e1579de99b13cbce91cc1

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 30 Dec 2021 13:58:16 GMT
Content-Encoding
gzip
Server
Apache
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=3600, no-cache="set-cookie"
Connection
keep-alive
Content-Length
26300
Expires
Thu, 30 Dec 2021 14:58:16 GMT
index.js
tags.remixd.com/player/v5/ 		31 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.remixd.com/player/v5/index.js
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.210.64 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-210-64.ewr50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
8a96447f6c2508fd5d0c5d3a3c7b279c012c6e8125c81847b2eae58daa09dbc9

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:00 GMT
content-encoding
gzip
last-modified
Mon, 06 Dec 2021 11:32:22 GMT
server
AmazonS3
age
20
etag
W/"37f89fc1234f602d3b0089ef7717459b"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
via
1.1 79f9fb603ee37517dbf3cd108c449392.cloudfront.net (CloudFront)
cache-control
public,max-age=1800
x-amz-cf-pop
EWR50-C1
x-amz-cf-id
kYsy-Mtrw91lDEECAmJHyMmXaKHlSMQNcM2vVUC_0h4wZRc3RQOzzA==
render.js
www.baltimoresun.com/pb/gr/p/default/rU2UvJ1o3l0yLs/ 		495 B
501 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.baltimoresun.com/pb/gr/p/default/rU2UvJ1o3l0yLs/render.js?v=299
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:13::17d7:822b New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
openresty /
Resource Hash
404b5ddfd751e54016ba4fdbc2578938191c4978d69f28d642b746d6e9f5b5cc
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:16 GMT
content-encoding
gzip
server
openresty
etag
"e6421"
vary
Accept-Encoding
content-type
application/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=31536000
content-security-policy
upgrade-insecure-requests
server-timing
cdn-cache; desc=HIT, edge; dur=1
content-length
242
expires
Fri, 30 Dec 2022 13:58:16 GMT
embed.js
d3mmnnn9s2dcmq.cloudfront.net/shim/ 		1 KB
922 B 		Script
General
Check archive.org
Download Go to
Full URL
https://d3mmnnn9s2dcmq.cloudfront.net/shim/embed.js
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:210b:3800:e:f240:cc80:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
ce9c6aa4e4eaacd6692a77ca792c8869240b0059248a69cdf947346444ec0cbc

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:43:30 GMT
content-encoding
gzip
age
886
x-cache
Hit from cloudfront
content-length
481
last-modified
Tue, 16 Nov 2021 22:20:08 GMT
server
Apache
etag
"4ec-5d0ef53f6d600-gzip"
vary
Accept-Encoding
content-type
application/javascript
via
1.1 b35f01abdb74e50c7c770d66cb11b73b.cloudfront.net (CloudFront)
cache-control
max-age=3600, no-cache="set-cookie"
x-amz-cf-pop
EWR53-C3
accept-ranges
bytes
x-amz-cf-id
Oyp2jIPDM-qAeYhFEjtoEKWLWH1gBBmtVBb-cV8AreVoyBFRJzDWIQ==
expires
Thu, 30 Dec 2021 14:43:30 GMT
c4360f6d-47c3-40fd-9b25-4217d297c6a7.json
cdn.cookielaw.org/consent/c4360f6d-47c3-40fd-9b25-4217d297c6a7/ 		3 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/c4360f6d-47c3-40fd-9b25-4217d297c6a7/c4360f6d-47c3-40fd-9b25-4217d297c6a7.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2ed6094272f4048fcfabf992dc7e1dd1fad5136e51b00ab32953d7e22de8d605
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 30 Dec 2021 13:58:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
L8tIrugZISNTM87WFFrbow==
age
5461
vary
Accept-Encoding
content-length
1149
x-ms-lease-status
unlocked
last-modified
Tue, 17 Nov 2020 17:41:51 GMT
server
cloudflare
etag
0x8D88B201146C149
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
1c608724-401e-0177-7d15-b61bf2000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
6c5bc8329cfa0597-IAD
expires
Thu, 30 Dec 2021 17:58:16 GMT
gtm.js
www.googletagmanager.com/ 		199 KB
62 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-TXB7PQT
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:822::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
da3995d7fc1c7f5c9d6878d3fcf56d59dc5f3e583caffb0be4bba9fc6ad805d0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:16 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
62778
x-xss-protection
0
last-modified
Thu, 30 Dec 2021 12:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Thu, 30 Dec 2021 13:58:16 GMT
gtm.js
www.googletagmanager.com/ 		81 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-KVL4WQC
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:822::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
812bfc20d3598295f995076ee01dd95a476cccd9b435ba224680ae3c6b949bc1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:16 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
32286
x-xss-protection
0
last-modified
Thu, 30 Dec 2021 12:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Thu, 30 Dec 2021 13:58:16 GMT
9E52W-759Q8-QRNWG-5DBLH-ZFZGZ
c.go-mpulse.net/boomerang/ Frame 595C 		205 KB
50 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.go-mpulse.net/boomerang/9E52W-759Q8-QRNWG-5DBLH-ZFZGZ
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2600:1400:d:29c::11a6 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Akamai Resource Optimizer /
Resource Hash
09ebd7f407439990aac227e70da23e1a819e8e30282928e324370805f480bec4

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 30 Dec 2021 13:58:16 GMT
Content-Encoding
br
Last-Modified
Mon, 25 Oct 2021 10:54:52 GMT
Server
Akamai Resource Optimizer
Vary
Accept-Encoding
Content-Type
application/javascript;charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
max-age=604800, s-maxage=604800
Connection
keep-alive
Timing-Allow-Origin
*
Content-Length
50393
baltarc.min.js
ssor.tribdss.com/reg/tribune/ 		27 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ssor.tribdss.com/reg/tribune/baltarc.min.js
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.217.25.136 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-217-25-136.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
35792cbd9b85c2c663c4b20dcbef025d89e58ae04c675782fe76f105a65932d9
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 30 Dec 2021 13:58:16 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Status
200 OK
Connection
keep-alive
Content-Length
10123
X-Request-Id
7bcf64d4d83930e5703f41cb3fa416c1
X-UA-Compatible
IE=Edge,chrome=1
X-Runtime
0.008284
X-Content-Digest
a8ca7286ab06cf48b7b351803c1ee759b91c5e64
Last-Modified
Thu, 16 Dec 2021 09:52:06 GMT
Server
Apache
X-Host-Info
93e7947657f5,; 10b56b3c04e04f39d873d36805a1d94aa5686820 (HEAD -> refs/heads/release/2112.1.1, refs/remotes/origin/release/2112.1.1) clear subData when c_mid cookie value not exists
ETag
13872187206196727241
Vary
Accept-Encoding
Content-Type
text/javascript; charset=utf-8
Cache-Control
public, must-revalidate, max-age=131
Httpd-Identifier
fee44ec5b2e9
X-Rack-Cache
fresh
features
zephr.baltimoresun.com/zephr/ 		3 KB
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://zephr.baltimoresun.com/zephr/features
Requested by
Host: assets.zephr.com
URL: https://assets.zephr.com/zephr-browser/1.3.9/zephr-browser.umd.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.31.111 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-31-111.ewr53.r.cloudfront.net
Software
/
Resource Hash
18977e2e60e3aa80ea2c0c96490ab192c47a4eb8334705da0eb41a938965c3bf

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:57:41 GMT
content-encoding
gzip
age
35
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://www.baltimoresun.com
cache-control
public, max-age=300
access-control-allow-credentials
true
x-amz-cf-pop
EWR53-C2
access-control-allow-headers
Accept,Origin,Keep-Alive,Content-Type,User-Agent,Referer,Accept-Language,Cookie,Authorization,Cache-Control,Expires,Access-Control-Request-Method,Access-Control-Request-Headers,Accept-Encoding
x-amz-cf-id
SqlBB6EkTY5l_rVtnkfdTmgH7kTTsoHMCR7uxUkHhZ0azxDoT5GGYA==
via
1.1 2ef71b29bcfbfc8755cad5f92a3c329b.cloudfront.net (CloudFront)
x-blaize-request
ffffffff888bd14a
9QU6Z-7BNQ8-E9TNM-DEQNV-AB6DG
s.go-mpulse.net/boomerang/ 		205 KB
49 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.go-mpulse.net/boomerang/9QU6Z-7BNQ8-E9TNM-DEQNV-AB6DG
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2600:1400:d:5a5::11a6 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
09ebd7f407439990aac227e70da23e1a819e8e30282928e324370805f480bec4

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:16 GMT
content-encoding
br
last-modified
Wed, 08 Dec 2021 23:15:35 GMT
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
max-age=604800
timing-allow-origin
*
content-length
50393
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v27/ 		44 KB
44 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v27/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Open+Sans:wght@400;700;800&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:823::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
88915cdc03fc5b9a20aec966fe93ee38aa3fd76bfef296e41d305271b3541c96
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.baltimoresun.com
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Mon, 27 Dec 2021 22:58:42 GMT
x-content-type-options
nosniff
age
226774
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
44656
x-xss-protection
0
last-modified
Thu, 28 Oct 2021 00:30:43 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Tue, 27 Dec 2022 22:58:42 GMT
config.js
confiant-integrations.global.ssl.fastly.net/iPNj4YuXevI1r0eINnXsONTfIbc/gpt_and_prebid/ 		86 KB
19 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://confiant-integrations.global.ssl.fastly.net/iPNj4YuXevI1r0eINnXsONTfIbc/gpt_and_prebid/config.js
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.129.194 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e89fb1a3b569a78fcfe9dadea880aa997e17ad07255b823b61e02703abc60871

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 30 Dec 2021 13:58:16 GMT
Content-Encoding
gzip
Age
3033
X-Cache
HIT
Connection
keep-alive
Content-Length
19298
x-amz-id-2
vCQn0hicZTF3LXtaRngJIyLckLr3+j6EB/rLas8hfReWSCuEu/urrN/e/tffjteN+x8rJrk/5p4=
X-Served-By
cache-dca17768-DCA
Last-Modified
Thu, 30 Dec 2021 12:12:21 GMT
Server
AmazonS3
X-Timer
S1640872697.815574,VS0,VE0
ETag
"b852cf03232a25b38a6e722db7167f08"
x-amz-request-id
CWDT6562E7BXFNN0
Via
1.1 varnish
Cache-Control
public, max-age=900, stale-while-revalidate=3600
Accept-Ranges
bytes
Content-Type
text/javascript
X-Cache-Hits
19
wrap.js
confiant-integrations.global.ssl.fastly.net/gptprebidnative/202112021159/ 		189 KB
61 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://confiant-integrations.global.ssl.fastly.net/gptprebidnative/202112021159/wrap.js
Requested by
Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/iPNj4YuXevI1r0eINnXsONTfIbc/gpt_and_prebid/config.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.129.194 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
80da370ad41bee2716b42d1583e139eac39f5c7c243c5fe6439b9754013116c6

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 30 Dec 2021 13:58:16 GMT
Content-Encoding
gzip
Age
659
X-Cache
HIT
Connection
keep-alive
Content-Length
61460
x-amz-id-2
7XG4Nmrdc+h5SMI7Z4JcpLLG38TFPAhN3IP8XQk6B/N50BpdeLh5ccMlmMHwIZMbH8L4CmZ7lWs=
X-Served-By
cache-dca17768-DCA
Last-Modified
Thu, 02 Dec 2021 17:00:39 GMT
Server
AmazonS3
X-Timer
S1640872697.835568,VS0,VE0
ETag
"0bad6e8b774e2623401e436c2a44f48e"
x-amz-request-id
Q46DD3X6FYAXZEW2
Via
1.1 varnish
Cache-Control
public, max-age=31536000
Accept-Ranges
bytes
Content-Type
application/javascript; charset=utf-8
X-Cache-Hits
350
aps_csm.js
c.amazon-adsystem.com/bao-csm/aps-comm/ 		6 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.192.160.42 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-54-192-160-42.ewr53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 01:45:28 GMT
content-encoding
gzip
vary
Accept-Encoding,Origin
age
43969
x-cache
Hit from cloudfront
access-control-allow-origin
*
last-modified
Wed, 22 Dec 2021 01:41:37 GMT
server
AmazonS3
etag
W/"a4d296427fc806b21335359e398c025c"
access-control-max-age
3000
access-control-allow-methods
GET
x-amz-version-id
L2_MRp8KwiUR7xIWXZFooLHRBfnaqY96
via
1.1 7dc3ea7fad289ec41f03744503a6b985.cloudfront.net (CloudFront)
cache-control
public, max-age=86400
x-amz-cf-pop
EWR53-C3
content-type
application/javascript
x-amz-cf-id
1PhdNDC-LKUul3-m7ONRUiZGjSBnye9NJjt5Fm0VxCyLqRLfScYOXQ==
location
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 		185 B
387 B 		Script
General
Check archive.org
Download Go to
Full URL
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:b844 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e1bc9147ffe0ec281f2e18f1196a5010e5e69fced49eda1851b1803459902105
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:16 GMT
content-encoding
gzip
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
strict-transport-security
max-age=31536000; includeSubDomains; preload
cf-ray
6c5bc8336d025db5-IAD
rnCr-xNNww_2s0amA9M5kng.woff2
fonts.gstatic.com/s/spectral/v7/ 		21 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/spectral/v7/rnCr-xNNww_2s0amA9M5kng.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Spectral:wght@400;500;700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:823::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4d46b9cf533d460ad479908c269a802f8bd08c5b44dfefccff56c0e327ae4ff2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.baltimoresun.com
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Sun, 26 Dec 2021 00:35:20 GMT
x-content-type-options
nosniff
age
393776
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
21820
x-xss-protection
0
last-modified
Thu, 01 Apr 2021 22:10:44 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Mon, 26 Dec 2022 00:35:20 GMT
pubads_impl_2021120601.js
securepubads.g.doubleclick.net/gpt/ 		348 KB
117 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.72.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s32-in-f2.1e100.net
Software
sffe /
Resource Hash
2d5ae5a515a688823dc98d032242c2ed6f490a74c4281bdd599567898f9fa675
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
119476
x-xss-protection
0
last-modified
Mon, 06 Dec 2021 09:34:20 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
private, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Thu, 30 Dec 2021 13:58:16 GMT
ppub_config
securepubads.g.doubleclick.net/pagead/ 		276 B
172 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.baltimoresun.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.72.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s32-in-f2.1e100.net
Software
cafe /
Resource Hash
59c25f997909b65945ed830593231305338180fbc6010e569f36cd7bc7c5f4ab
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 30 Dec 2021 13:58:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
147
x-xss-protection
0
expires
Thu, 30 Dec 2021 13:58:16 GMT
/
player.sendtonews.com/version/ 		208 B
559 B 		Script
General
Check archive.org
Download Go to
Full URL
https://player.sendtonews.com/version/?jsonp
Requested by
Host: embed.sendtonews.com
URL: https://embed.sendtonews.com/player3/embedcode.php?fk=N2Hxdj0R&cid=4643&floatwidth=400&offsetx=0&offsety=50&floatposition=bottom-right
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.31.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-31-61.ewr53.r.cloudfront.net
Software
Apache /
Resource Hash
ba1d4c816a3afc381c8b2883571e8cbdc8c982ccba7e977072722c881b69b40d

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:51:30 GMT
content-encoding
gzip
server
Apache
age
406
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=600, no-cache="set-cookie"
x-amz-cf-pop
EWR53-C2
content-length
180
via
1.1 aa7679f2d01b23d9a66bfa6e92991b05.cloudfront.net (CloudFront)
x-amz-cf-id
GjA8zZQifyt8LsS4-UHT0o_apZcOvLOKBkYAhgzWQFWPPIWb8m5tXQ==
expires
Thu, 30 Dec 2021 14:01:30 GMT
analytics.js
www.google-analytics.com/ 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81f::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 02 Nov 2021 17:39:06 GMT
server
Golfe2
age
4638
date
Thu, 30 Dec 2021 12:40:59 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Thu, 30 Dec 2021 14:40:59 GMT
beacon.js
sb.scorecardresearch.com/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sb.scorecardresearch.com/beacon.js
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/tribunedigital-network/loader.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.31.94 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-31-94.ewr53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-server-side-encryption
AES256
date
Wed, 29 Dec 2021 17:02:47 GMT
content-encoding
gzip
last-modified
Fri, 26 Feb 2021 14:35:05 GMT
server
AmazonS3
age
75331
etag
W/"1827f116c73f319409b97f10b8a58ade"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 15b896d254f935ae71226074f7ea14b7.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR53-C2
x-amz-cf-id
tQIkHHBp6kewCf21CaTPvDgwqEcT90_p3wMoZwqeJwZjREf5YjtLMg==
feature-decisions
zephr.baltimoresun.com/zephr/ 		8 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://zephr.baltimoresun.com/zephr/feature-decisions
Requested by
Host: assets.zephr.com
URL: https://assets.zephr.com/zephr-browser/1.3.9/zephr-browser.umd.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.31.111 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-31-111.ewr53.r.cloudfront.net
Software
/
Resource Hash
721b19d22cfdf15fff3df982e879b138287adb2d85a729590fcbc9fafa8a14f5

Request headers

Accept
application/json
Referer
https://www.baltimoresun.com/
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/json

Response headers

date
Thu, 30 Dec 2021 13:58:17 GMT
content-encoding
gzip
x-amz-cf-pop
EWR53-C2
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://www.baltimoresun.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Accept,Origin,Keep-Alive,Content-Type,User-Agent,Referer,Accept-Language,Cookie,Authorization,Cache-Control,Expires,Access-Control-Request-Method,Access-Control-Request-Headers,Accept-Encoding
x-amz-cf-id
Y87foj5lP6Y7HPoB4lJ7cPABYGUgvZXifEHuwb81zEDsR1xRrAEgxw==
via
1.1 15b896d254f935ae71226074f7ea14b7.cloudfront.net (CloudFront)
x-blaize-request
353d26fd
feature-decisions
zephr.baltimoresun.com/zephr/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://zephr.baltimoresun.com/zephr/feature-decisions
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.31.111 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-31-111.ewr53.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
content-type
Origin
https://www.baltimoresun.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

content-length
0
date
Wed, 29 Dec 2021 23:06:49 GMT
access-control-allow-origin
https://www.baltimoresun.com
access-control-allow-methods
POST,PUT,PATCH,GET,DELETE,OPTIONS,HEAD
access-control-allow-headers
Accept,Origin,Keep-Alive,Content-Type,User-Agent,Referer,Accept-Language,Cookie,Authorization,Cache-Control,Expires,Access-Control-Request-Method,Access-Control-Request-Headers,Accept-Encoding
access-control-allow-credentials
true
x-cache
Hit from cloudfront
via
1.1 2ef71b29bcfbfc8755cad5f92a3c329b.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR53-C2
x-amz-cf-id
_Fp-o5nNp56C-1wSQUdgiG-rb0gM6SqHaxZPId8YY6bW0pZu6cDheg==
age
53488
read_auth
authenticate.baltimoresun.com/ 		99 B
672 B 		Script
General
Check archive.org
Download Go to
Full URL
https://authenticate.baltimoresun.com/read_auth?callback=jQuery331022077267959375013_1640872696966&product_code=baltarc&master_id=&_=1640872696967
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/pb/resources/gdist/1182ffa19d76d40ef0af/balnews/balnews-lib1182ffa19d76d40ef0af.js?v=299
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.239.174.197 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-44-239-174-197.us-west-2.compute.amazonaws.com
Software
Apache /
Resource Hash
b32f1dd7944a616684664938c47f70037874111f0167467ce74a65e32a8ab4a8
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200 OK
x-request-id
e95ce6ba167770b20fcb312c1cff9bc1
x-ua-compatible
IE=Edge,chrome=1
x-runtime
0.003668
server
Apache
x-host-info
959ff96d3f14,; 10b56b3c04e04f39d873d36805a1d94aa5686820 (HEAD -> refs/heads/release/2112.1.1, refs/remotes/origin/release/2112.1.1) clear subData when c_mid cookie value not exists
etag
"5c31561a0765968bf32176fd2f15a10e"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
must-revalidate, private, max-age=0
httpd-identifier
959ff96d3f14
x-rack-cache
miss
1436
check.analytics.rlcdn.com/check/ 		23 B
381 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://check.analytics.rlcdn.com/check/1436
Requested by
Host: tribune-baltimoresunclassic.zeustechnology.com
URL: https://tribune-baltimoresunclassic.zeustechnology.com/main.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.230.162.5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-54-230-162-5.ewr53.r.cloudfront.net
Software
/
Resource Hash
d0ef936654ba84031c1ef90617069aceaab3dac1dd0912b76ebd449f9a566e55

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:17 GMT
via
1.1 e3fb879a67c14c7a96059b2b777ccbc8.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR53-C3
x-amzn-requestid
a8c69f88-cb3a-43cc-9201-bff92f9ffbe0
x-cache
Miss from cloudfront
content-type
application/json
access-control-allow-origin
*
x-amzn-trace-id
Root=1-61cdbaf9-700256b50c4946ee093ec519
x-amz-apigw-id
LKom-GaUjoEFuYQ=
content-length
23
x-amz-cf-id
vxs4XJQISWOwtaZBeumT-zFF5oaBlVcMi52SQq4qVreAlQzaVkVv9Q==
184794-265482030798893.js
js-sec.indexww.com/ht/p/ 		86 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js-sec.indexww.com/ht/p/184794-265482030798893.js
Requested by
Host: tribune-baltimoresunclassic.zeustechnology.com
URL: https://tribune-baltimoresunclassic.zeustechnology.com/main.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.52.162.21 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-52-162-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
4daeb273f8c0e435cddd264f2326819bb4612ad2aa878169248386372abb0cce

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 30 Dec 2021 13:58:17 GMT
Content-Encoding
gzip
Last-Modified
Thu, 30 Dec 2021 13:41:41 GMT
Server
Apache
ETag
"da1658-158da-5d45d36e8a706"
Vary
Accept-Encoding
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=2790
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
text/javascript
Content-Length
26825
Expires
Thu, 30 Dec 2021 14:44:47 GMT
userSync.js
ads.pubmatic.com/AdServer/js/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/userSync.js
Requested by
Host: tribune-baltimoresunclassic.zeustechnology.com
URL: https://tribune-baltimoresunclassic.zeustechnology.com/main.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.52.161.180 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-52-161-180.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
5a49ffdeec0e61058ab6cdd783275b84a2c27a7a26b95a644f7764a78b510a7a

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:17 GMT
content-encoding
gzip
last-modified
Tue, 15 Jun 2021 06:08:14 GMT
server
Apache/2.2.15 (CentOS)
etag
"1300709-1af3-5c4c7cca9e573"
vary
Accept-Encoding
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
public, max-age=77435
accept-ranges
bytes
content-type
text/javascript
content-length
2267
expires
Fri, 31 Dec 2021 11:28:52 GMT
sync.js
ib.3lift.com/ 		275 B
574 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.3lift.com/sync.js
Requested by
Host: tribune-baltimoresunclassic.zeustechnology.com
URL: https://tribune-baltimoresunclassic.zeustechnology.com/main.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.230.162.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-54-230-162-49.ewr53.r.cloudfront.net
Software
/
Resource Hash
c815be0139a92202ff8f262cc335f6ae103594bb1d92c1c479ed604adf384a16

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:49:54 GMT
via
1.1 9dcf1f784090d97aac2d38aa49e628e3.cloudfront.net (CloudFront)
last-modified
Thu, 30 Dec 2021 13:49:54 GMT
age
503
x-cache
Hit from cloudfront
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=900
x-amz-cf-pop
EWR53-C3
content-length
275
x-amz-cf-id
K4I9-LLdQut0SolpSQTudQ6PhaCzgzyrK2DZN7C9FI-M3V6907TKTg==
lt.min.js
tags.crwdcntrl.net/lt/c/13200/ 		44 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.crwdcntrl.net/lt/c/13200/lt.min.js
Requested by
Host: tribune-baltimoresunclassic.zeustechnology.com
URL: https://tribune-baltimoresunclassic.zeustechnology.com/main.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.230.162.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-54-230-162-121.ewr53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
091ec084a0358833ca37c3555b08169ec1f856ddcb5d9257310a988b73bddcb1

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-server-side-encryption
AES256
date
Wed, 29 Dec 2021 23:21:24 GMT
content-encoding
gzip
last-modified
Tue, 23 Nov 2021 19:48:04 GMT
server
AmazonS3
age
52614
etag
W/"b43c246fbef50d70d57c3eed77fc1db5"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
via
1.1 6886c621d4716e156349149ba8d65b41.cloudfront.net (CloudFront)
cache-control
max-age: 86400
x-amz-cf-pop
EWR53-C3
x-amz-cf-id
sXarI2mclYbSNXMEHPZ7VtLTMK09bBBkarCTlm2xUj7wf4cfmYHE0A==
bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html.js
dyv1bugovvq1g.cloudfront.net/3/www.baltimoresun.com/coronavirus/ 		2 KB
1001 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://dyv1bugovvq1g.cloudfront.net/3/www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html.js
Requested by
Host: tribune-baltimoresunclassic.zeustechnology.com
URL: https://tribune-baltimoresunclassic.zeustechnology.com/main.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:210b:f400:5:82fd:2500:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ba8706cbb821cd94ce97f10e4b5934af52f5b1ffcfee48fceaba01c8ad2a216a

Request headers

Referer
https://www.baltimoresun.com/
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain

Response headers

date
Thu, 30 Dec 2021 13:56:16 GMT
content-encoding
gzip
vary
Origin,Access-Control-Request-Headers,Access-Control-Request-Method
age
122
x-cache
Hit from cloudfront
content-length
452
access-control-allow-origin
https://www.baltimoresun.com
last-modified
Thu, 30 Dec 2021 13:53:46 GMT
server
AmazonS3
etag
"ef60bda620fe1f60c090d171811ee0b0"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
via
1.1 37cc5671352ec3ac8f0d6d7b7c988e81.cloudfront.net (CloudFront)
cache-control
max-age=300
access-control-allow-credentials
true
x-amz-cf-pop
EWR53-C3
accept-ranges
bytes
x-amz-cf-id
p_RSJy3pXdLL6uFRxVm4wJ7hB-Zg6fWekAaIzJ_5BeCRbV5nNQ_oIA==
config
c.amazon-adsystem.com/cdn/prod/ 		797 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/cdn/prod/config?src=3503&u=https%3A%2F%2Fwww.baltimoresun.com
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.192.160.42 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-54-192-160-42.ewr53.r.cloudfront.net
Software
Server /
Resource Hash
2027db5d0eadd49f42a261c36b107d03af905139fd2b59367cd71e34895f8d96

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 12:53:42 GMT
via
1.1 b2406c07406aaa3fa3e9edc1125ffcf8.cloudfront.net (CloudFront)
server
Server
age
3875
x-cache
Hit from cloudfront
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://www.baltimoresun.com
cache-control
max-age=21550, s-maxage=21600
access-control-allow-credentials
true
x-amz-cf-pop
EWR53-C3
content-length
797
x-amz-cf-id
tCzrviVk2DY41SITI1oG5MXF_ERLNKoIOmmRzKkHTpRlbqWgzUIDOA==
otBannerSdk.js
cdn.cookielaw.org/scripttemplates/6.9.0/ 		341 KB
74 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/6.9.0/otBannerSdk.js
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6a13b93c05af6ec6255b737032aa3f5d1f4823ed2d57d12c0735bd2c4adc8efc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 30 Dec 2021 13:58:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
56jOXvghU3RiFIKiZ2Zh+g==
age
6270772
vary
Accept-Encoding
content-length
75725
x-ms-lease-status
unlocked
last-modified
Fri, 20 Nov 2020 16:34:12 GMT
server
cloudflare
etag
0x8D88D721D404CB2
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
eed562c0-e01e-005c-466c-c4291f000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
6c5bc835ceaa7f9e-IAD
1aba350b188aaea4e8e0095b3a496c455def805a
insights.zeustechnology.com/www.baltimoresun.com/ 		536 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://insights.zeustechnology.com/www.baltimoresun.com/1aba350b188aaea4e8e0095b3a496c455def805a?article_location=www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Requested by
Host: tribune-baltimoresunclassic.zeustechnology.com
URL: https://tribune-baltimoresunclassic.zeustechnology.com/main.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.230.162.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-54-230-162-106.ewr53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c11d6059d286b09f6cb6e6a17f8de7ddb36635ea34d0e3fc048e2d6a478cb87c

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 30 Dec 2021 13:16:26 GMT
Via
1.1 6379df80d5ecc173a4813b7bdfb4bbd4.cloudfront.net (CloudFront)
Vary
Origin
Age
3074
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
536
x-amz-expiration
expiry-date="Mon, 28 Feb 2022 00:00:00 GMT", rule-id="ArticleCleanup"
Last-Modified
Wed, 29 Dec 2021 17:55:02 GMT
Server
AmazonS3
ETag
"423f9631c5f997c1ab38ba5bf02aad1e"
Access-Control-Max-Age
180
Access-Control-Allow-Methods
GET, HEAD
Content-Type
binary/octet-stream
Access-Control-Allow-Origin
*
X-Amz-Cf-Pop
EWR53-C3
Accept-Ranges
bytes
X-Amz-Cf-Id
wWm-Gs0QJu-Wg_UkI4tDprm7uP5_sW3QH8OgLl4dAhH0gR1g-mECXA==
player.js
player.sendtonews.com/player7/player/65.21.10/ Frame FCD2 		240 KB
72 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://player.sendtonews.com/player7/player/65.21.10/player.js
Requested by
Host: embed.sendtonews.com
URL: https://embed.sendtonews.com/player3/embedcode.php?fk=N2Hxdj0R&cid=4643&floatwidth=400&offsetx=0&offsety=50&floatposition=bottom-right
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.31.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-31-61.ewr53.r.cloudfront.net
Software
Apache /
Resource Hash
e8ba6c25e1483b376da5f911cb5a9cda1cf892b3e3b6a6d193e564636343bf47

Request headers

Referer
https://www.baltimoresun.com/
Origin
https://www.baltimoresun.com
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:49:32 GMT
content-encoding
gzip
age
525
x-cache
Hit from cloudfront
access-control-allow-origin
*
last-modified
Wed, 08 Dec 2021 23:19:56 GMT
server
Apache
etag
"3bfc5-5d2aaba559f00-gzip"
vary
Accept-Encoding
content-type
application/javascript
via
1.1 dd50f5bdd8da1cdd9e698cc2d6f8e829.cloudfront.net (CloudFront)
cache-control
max-age=3600, no-cache="set-cookie"
x-amz-cf-pop
EWR53-C2
accept-ranges
bytes
x-robots-tag
noindex, nofollow
x-amz-cf-id
ob2vv9pDPXjXLVwRWDUXBetOgGx9AxeRLgplWpmIPveHjCsqJ2-i6w==
expires
Thu, 30 Dec 2021 14:49:32 GMT
prebid
ib.adnxs.com/ut/v3/ 		302 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: tribune-baltimoresunclassic.zeustechnology.com
URL: https://tribune-baltimoresunclassic.zeustechnology.com/main.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.160.114 New York, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
672.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
079da63fbcd217a3da18101e1b6277f27b2a30aadc0ed92fe1d89699b9669498
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.baltimoresun.com/
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
content-type
text/plain;charset=UTF-8

Response headers

Pragma
no-cache
Date
Thu, 30 Dec 2021 13:58:17 GMT
X-Proxy-Origin
45.250.25.110; 45.250.25.110; 672.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid
e9d7dd1d-5fb7-4b6e-a486-5be4d911557f
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://www.baltimoresun.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
302
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		345 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=7476&site_id=347134&tk_flint=custom&slots=2&size_id=15%3B15&alt_size_ids=%3B&zone_id=1838916%3B1838916&rp_floor=0.01
Requested by
Host: tribune-baltimoresunclassic.zeustechnology.com
URL: https://tribune-baltimoresunclassic.zeustechnology.com/main.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
2602:803:c002:200::32 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
1115425295037930ce44054590ef1becd0085a79e8292aa3125a165c2cbb86ef

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 30 Dec 2021 13:58:17 GMT
Server
nginx/1.16.0
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://www.baltimoresun.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
345
Expires
Wed, 17 Sep 1975 21:32:10 GMT
auction
tlx.3lift.com/header/ 		19 B
268 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tlx.3lift.com/header/auction?lib=zeus&v=1&referrer=www.baltimoresun.com&debug=false
Requested by
Host: tribune-baltimoresunclassic.zeustechnology.com
URL: https://tribune-baltimoresunclassic.zeustechnology.com/main.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.175.69.37 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-175-69-37.compute-1.amazonaws.com
Software
/
Resource Hash
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.baltimoresun.com/
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:17 GMT
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.baltimoresun.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
19
x-xss-protection
0
expires
Thu, 15 Oct 1992 20:10:00 GMT
hbjson
grid.bidswitch.net/ 		0
254 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://grid.bidswitch.net/hbjson?sp=trustx
Requested by
Host: tribune-baltimoresunclassic.zeustechnology.com
URL: https://tribune-baltimoresunclassic.zeustechnology.com/main.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.211.165.199 North Charleston, United States, ASN15169 (GOOGLE, US),
Reverse DNS
199.165.211.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.baltimoresun.com/
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.baltimoresun.com
Date
Thu, 30 Dec 2021 13:58:17 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
Server
nginx
Connection
keep-alive
bid
c.amazon-adsystem.com/e/dtb/ 		186 B
659 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/e/dtb/bid?src=3503&u=https%3A%2F%2Fwww.baltimoresun.com%2Fcoronavirus%2Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&pr=https%3A%2F%2Ft.co%2F&pid=6RqX7mJDnud4f&cb=0&ws=1600x1200&v=7.71.1&t=1000&slots=%5B%7B%22sd%22%3A%22zeus_c_893%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F4011%2Ftrb.baltimoresun%2Fcoronavirus%22%7D%2C%7B%22sd%22%3A%22zeus_c_261%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F4011%2Ftrb.baltimoresun%2Fcoronavirus%22%7D%5D&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.192.160.42 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-54-192-160-42.ewr53.r.cloudfront.net
Software
Server /
Resource Hash
e367417f5dbe0078f7412f5ae03652c31ed387fc2922e75f63b55e5747e1fc3a
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:17 GMT
via
1.1 b2406c07406aaa3fa3e9edc1125ffcf8.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
EWR53-C3
x-amz-rid
Y0VQRNV663D4CJV8QTJY
vary
Accept-Encoding,User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://www.baltimoresun.com
access-control-allow-credentials
true
permissions-policy
interest-cohort=()
strict-transport-security
max-age=47474747; includeSubDomains; preload
timing-allow-origin
*
content-length
186
x-amz-cf-id
YNXWMtXa5zPFbeiDZqdKiDTSKsb6blvH7f1azMOHS8nC0qvaFD8RkA==
p.js
cdn.parsely.com/keys/baltimoresun.com/ 		56 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.parsely.com/keys/baltimoresun.com/p.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TXB7PQT
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.58.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-58-39.ewr53.r.cloudfront.net
Software
nginx /
Resource Hash
3848dbc8ed944fa2d7d2953916e4898fa05ea4de8d4427d886253cf569b2adc6

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
public
date
Wed, 29 Dec 2021 22:23:15 GMT
content-encoding
gzip
last-modified
Thu, 09 Dec 2021 15:22:33 GMT
server
nginx
age
56102
etag
W/"61b21f39-df45"
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 2684a624055735139ca3901fdc6d3743.cloudfront.net (CloudFront)
cache-control
max-age=86400, public
x-amz-cf-pop
EWR53-C1
x-amz-cf-id
zlVBs_zh67ViCa6g4408gW3cywSdJptI5tUTIlkxn_-WcKmZ5Dd3Gg==
expires
Thu, 30 Dec 2021 22:23:15 GMT
b2
sb.scorecardresearch.com/
Redirect Chain
  • https://sb.scorecardresearch.com/b?c1=2&c2=6036462&ns__t=1640872697297&ns_c=UTF-8&c8=Whistleblower%20alleges%20Maryland%20health%20officials%20failed%20to%20alert%20hundreds%20of%20patients%20of%20...
  • https://sb.scorecardresearch.com/b2?c1=2&c2=6036462&ns__t=1640872697297&ns_c=UTF-8&c8=Whistleblower%20alleges%20Maryland%20health%20officials%20failed%20to%20alert%20hundreds%20of%20patients%20of%2...
0
224 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sb.scorecardresearch.com/b2?c1=2&c2=6036462&ns__t=1640872697297&ns_c=UTF-8&c8=Whistleblower%20alleges%20Maryland%20health%20officials%20failed%20to%20alert%20hundreds%20of%20patients%20of%20potentially%20spoiled%20vaccines%20-%20Baltimore%20Sun&c7=https%3A%2F%2Fwww.baltimoresun.com%2Fcoronavirus%2Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&c9=https%3A%2F%2Ft.co%2F
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H2
Server
13.226.31.94 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-31-94.ewr53.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:17 GMT
via
1.1 15b896d254f935ae71226074f7ea14b7.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR53-C2
etag
W/"0-2jmj7l5rSw0yVb/vlWAYkK/YBwk"
x-amz-cf-id
GdNRIpWE5yIRHhKgC686DSa307aUU0MYIoqE6keHhyYsxLtSY5RH9A==
x-cache
Miss from cloudfront

Redirect headers

date
Thu, 30 Dec 2021 13:58:17 GMT
via
1.1 15b896d254f935ae71226074f7ea14b7.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR53-C2
vary
Accept
x-cache
Miss from cloudfront
content-type
text/plain; charset=utf-8
location
https://sb.scorecardresearch.com/b2?c1=2&c2=6036462&ns__t=1640872697297&ns_c=UTF-8&c8=Whistleblower%20alleges%20Maryland%20health%20officials%20failed%20to%20alert%20hundreds%20of%20patients%20of%20potentially%20spoiled%20vaccines%20-%20Baltimore%20Sun&c7=https%3A%2F%2Fwww.baltimoresun.com%2Fcoronavirus%2Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&c9=https%3A%2F%2Ft.co%2F
content-length
429
x-amz-cf-id
8sMyCP9syPR2ZOMFI9e9JqKduP6GXj67vtrgas8Xg1pLgJte9spsOg==
oPS.js
d15kdpgjg3unno.cloudfront.net/ 		90 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d15kdpgjg3unno.cloudfront.net/oPS.js?cid=3
Requested by
Host: tribune-baltimoresunclassic.zeustechnology.com
URL: https://tribune-baltimoresunclassic.zeustechnology.com/main.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21da:7000:11:b309:9100:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d79d580ef6759a73a3510318a9fc97bf29ab12284c8b4fa878ecb3fc26710cd0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 29 Dec 2021 19:42:32 GMT
content-encoding
gzip
last-modified
Tue, 21 Dec 2021 18:12:20 GMT
server
AmazonS3
age
65746
etag
W/"3d993c0d7039fc2aca648bd59ccb0f98"
vary
Accept-Encoding
x-cache
Hit from cloudfront
x-amz-version-id
mPoSBVjnCFMvrdggFCasQa7x0nd7adr4
via
1.1 c9bef6d423a5d23e0ca5e2af8503331c.cloudfront.net (CloudFront)
cache-control
max-age=84600
x-amz-cf-pop
EWR53-C1
content-type
application/javascript
x-amz-cf-id
6U_KUysjWdpbiJ6PZ1dTgY1jsIX7BOZnVC9M5f8qdpOjOzRq70Yiwg==
ats.js
ats.rlcdn.com/ 		109 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ats.rlcdn.com/ats.js
Requested by
Host: t.co
URL: https://t.co/sWUTVYxdMM
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.31.85 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-31-85.ewr53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
72c5d10e99c6620a2561415895a84064b5b5616c2b1914602263886be4cdc229

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 01:55:08 GMT
content-encoding
br
age
43390
x-amz-server-side-encryption
AES256
x-amz-meta-codebuild-buildarn
arn:aws:codebuild:eu-west-1:469675294282:build/ATSLibrary-prod:6fbe2bf4-0d3f-4234-a84e-c584de5ecb5e
x-cache
Hit from cloudfront
x-amz-meta-codebuild-content-sha256
ae589a6335869a8948d0172dfafea0c42638763d87ea89591504c580a5c4f6c7
x-amz-meta-codebuild-content-md5
8c7650e47b7f894f6ae5a1fc4919cee6
last-modified
Thu, 16 Dec 2021 12:45:56 GMT
server
AmazonS3
etag
W/"d7dfa2940a5d5ce3beedd8774c961dd7"
vary
Accept-Encoding
x-amz-version-id
28x_tDvW9kJ.rWgfbdZIcgxbFDdgh9p3
via
1.1 98ff52bb9a3187350f3ea674f4110afa.cloudfront.net (CloudFront)
cache-control
must-revalidate,public,max-age=86400
x-amz-cf-pop
EWR53-C2
content-type
application/x-javascript
x-amz-cf-id
3jOhhTN1lzqPYYkNI8-uq4NnqyV__fgK3QHVz_UW3jtfxnoUZhzOfg==
publisher:getClientId
ampcid.google.com/v1/ 		3 B
465 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ampcid.google.com/v1/publisher:getClientId?key=AIzaSyA65lEHUEizIsNtlbNo-l2K18dT680nsaM
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80b::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.baltimoresun.com/
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain

Response headers

date
Thu, 30 Dec 2021 13:58:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
server
ESF
x-frame-options
SAMEORIGIN
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://www.baltimoresun.com
access-control-expose-headers
vary,vary,vary,content-encoding,date,server,content-length
cache-control
private
access-control-allow-credentials
true
vary
Origin, X-Origin, Referer
content-length
23
x-xss-protection
0
data
bcp.crwdcntrl.net/6/ 		643 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://bcp.crwdcntrl.net/6/data
Requested by
Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/13200/lt.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.73.153.177 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-73-153-177.compute-1.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
562ccf1a955dca2ab87a91b53b85411f17e69a1131abd4b3be9d1aaeda19b69b

Request headers

Referer
https://www.baltimoresun.com/
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:17 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
https://www.baltimoresun.com
cache-control
no-cache
x-server
10.40.45.90
access-control-allow-credentials
true
content-type
application/json;charset=utf-8
content-length
643
expires
0
prebid
ib.adnxs.com/ut/v3/ 		165 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: tribune-baltimoresunclassic.zeustechnology.com
URL: https://tribune-baltimoresunclassic.zeustechnology.com/main.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.160.114 New York, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
672.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
e2665953e1da948e9d31762386969a8b8ee6e6c057959c6580decb1568b94ea2
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.baltimoresun.com/
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
content-type
text/plain;charset=UTF-8

Response headers

Pragma
no-cache
Date
Thu, 30 Dec 2021 13:58:17 GMT
X-Proxy-Origin
45.250.25.110; 45.250.25.110; 672.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid
5fd559e6-ddc2-4b59-b2a3-2f8178e261d4
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://www.baltimoresun.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
165
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
translator
hbopenbid.pubmatic.com/ 		4 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=zeus_client
Requested by
Host: tribune-baltimoresunclassic.zeustechnology.com
URL: https://tribune-baltimoresunclassic.zeustechnology.com/main.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.36.115.98 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
2d244ab7abf2ef8a3b4b393211fb2ee0469290fc2f5daccb83b71177a4f27d5f

Request headers

Referer
https://www.baltimoresun.com/
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
content-type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
https://www.baltimoresun.com
date
Thu, 30 Dec 2021 13:58:17 GMT
content-encoding
gzip
x-openrtb-version
2.3
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-type
application/json
fastlane.json
fastlane.rubiconproject.com/a/api/ 		256 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=7476&site_id=347134&tk_flint=custom&slots=1&size_id=15&alt_size_ids=10&zone_id=1838918&rp_floor=0.01
Requested by
Host: tribune-baltimoresunclassic.zeustechnology.com
URL: https://tribune-baltimoresunclassic.zeustechnology.com/main.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
2602:803:c002:200::32 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
a0b549670f674169e0d1e6b360eb75caa61b1ce12dd1b0c766b24960a1a972f9

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 30 Dec 2021 13:58:17 GMT
Server
nginx/1.16.0
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://www.baltimoresun.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
256
Expires
Wed, 17 Sep 1975 21:32:10 GMT
auction
tlx.3lift.com/header/ 		19 B
267 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tlx.3lift.com/header/auction?lib=zeus&v=1&referrer=www.baltimoresun.com&debug=false
Requested by
Host: tribune-baltimoresunclassic.zeustechnology.com
URL: https://tribune-baltimoresunclassic.zeustechnology.com/main.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.175.69.37 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-175-69-37.compute-1.amazonaws.com
Software
/
Resource Hash
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.baltimoresun.com/
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:17 GMT
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.baltimoresun.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
19
x-xss-protection
0
expires
Thu, 15 Oct 1992 20:10:00 GMT
hbjson
grid.bidswitch.net/ 		0
254 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://grid.bidswitch.net/hbjson?sp=trustx
Requested by
Host: tribune-baltimoresunclassic.zeustechnology.com
URL: https://tribune-baltimoresunclassic.zeustechnology.com/main.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.211.165.199 North Charleston, United States, ASN15169 (GOOGLE, US),
Reverse DNS
199.165.211.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.baltimoresun.com/
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.baltimoresun.com
Date
Thu, 30 Dec 2021 13:58:17 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
Server
nginx
Connection
keep-alive
bid
c.amazon-adsystem.com/e/dtb/ 		186 B
660 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/e/dtb/bid?src=3503&u=https%3A%2F%2Fwww.baltimoresun.com%2Fcoronavirus%2Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&pr=https%3A%2F%2Ft.co%2F&pid=6RqX7mJDnud4f&cb=1&ws=1600x1200&v=7.71.1&t=1000&slots=%5B%7B%22sd%22%3A%22zeus_cc_865%22%2C%22s%22%3A%5B%22300x600%22%2C%22300x250%22%5D%2C%22sn%22%3A%22%2F4011%2Ftrb.baltimoresun%2Fcoronavirus%22%7D%5D&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.192.160.42 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-54-192-160-42.ewr53.r.cloudfront.net
Software
Server /
Resource Hash
d359aecf56b0cdaeeab7cee03d687618fff2b0b84412b442c48a7015ba6a8b7a
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:17 GMT
via
1.1 b2406c07406aaa3fa3e9edc1125ffcf8.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
EWR53-C3
x-amz-rid
F158174JEM0CTW4DZVC7
vary
Accept-Encoding,User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://www.baltimoresun.com
access-control-allow-credentials
true
permissions-policy
interest-cohort=()
strict-transport-security
max-age=47474747; includeSubDomains; preload
timing-allow-origin
*
content-length
186
x-amz-cf-id
JHOxlmYDIj-lfSp9JSLdQI8fvM0uBGkrdk1smxrynEbXMzX4e6Dk4A==
identity
api.rlcdn.com/api/ 		0
283 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.rlcdn.com/api/identity?pid=2&rt=envelope
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/184794-265482030798893.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.155.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
137.155.120.34.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.baltimoresun.com/
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Thu, 30 Dec 2021 13:58:17 GMT
via
1.1 google
access-control-allow-headers
Accept, Authorization, Content-Type, Cookie, Origin, X-Requested-With
access-control-allow-methods
GET, OPTIONS
access-control-allow-origin
https://www.baltimoresun.com
cache-control
no-cache, no-store
access-control-allow-credentials
true
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
any
idx.liadm.com/idex/ie/ 		206 B
692 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://idx.liadm.com/idex/ie/any
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/184794-265482030798893.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.95.140.237 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-95-140-237.compute-1.amazonaws.com
Software
/
Resource Hash
f28ff6ccc410c5a872459ac22e3d3145bc785744fe356eb6df8e0ef60ddac179
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.baltimoresun.com/
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

Date
Thu, 30 Dec 2021 13:58:16 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
application/json
Access-Control-Allow-Origin
https://www.baltimoresun.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
trace-id
04ce92f371c4172b
Content-Length
206
rid
match.adsrvr.org/track/ 		109 B
547 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://match.adsrvr.org/track/rid?ttd_pid=casale&fmt=json&p=184794
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/184794-265482030798893.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.33.220.150 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
/
Resource Hash
8795fc450592a67c97bef4c63e537c84507bd5279a45607e3486ec76f6fca1d1

Request headers

Referer
https://www.baltimoresun.com/
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Thu, 30 Dec 2021 13:58:17 GMT
x-aspnet-version
4.0.30319
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.baltimoresun.com
cache-control
private
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
content-length
109
expires
Sat, 29 Jan 2022 13:58:17 GMT
b
sb.scorecardresearch.com/ 		0
338 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sb.scorecardresearch.com/b?c1=7&c2=34354936&c3=1&ns__t=1640872697369&ns_c=UTF-8&cv=3.5&c8=Whistleblower%20alleges%20Maryland%20health%20officials%20failed%20to%20alert%20hundreds%20of%20patients%20of%20potentially%20spoiled%20vaccines%20-%20Baltimore%20Sun&c7=https%3A%2F%2Fwww.baltimoresun.com%2Fcoronavirus%2Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&c9=https%3A%2F%2Ft.co%2F
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.31.94 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-31-94.ewr53.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:17 GMT
via
1.1 15b896d254f935ae71226074f7ea14b7.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR53-C2
etag
W/"0-2jmj7l5rSw0yVb/vlWAYkK/YBwk"
x-amz-cf-id
jaksxpClVtiubvjxS7UWVaz58bbrVuLKzKwlG63e-k65NcL-XrnMDQ==
x-cache
Miss from cloudfront
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 4E62 		14 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=159890&s=&predirect=&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/userSync.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.52.161.180 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-52-161-180.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
2295c7a89c8ac4a19e2641283109be472d8f58bd78e42a38a0d16e34203e4bba

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/

Response headers

last-modified
Tue, 15 Jun 2021 06:08:03 GMT
etag
"1300708-3945-5c4c7cc02bd56"
server
Apache/2.2.15 (CentOS)
accept-ranges
bytes
content-encoding
gzip
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
5054
content-type
text/html; charset=UTF-8
cache-control
max-age=62366
expires
Fri, 31 Dec 2021 07:17:43 GMT
date
Thu, 30 Dec 2021 13:58:17 GMT
vary
Accept-Encoding
en.json
cdn.cookielaw.org/consent/c4360f6d-47c3-40fd-9b25-4217d297c6a7/48cdf60e-5f8a-4bff-abf0-f00d331cc410/ 		155 KB
28 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/c4360f6d-47c3-40fd-9b25-4217d297c6a7/48cdf60e-5f8a-4bff-abf0-f00d331cc410/en.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.9.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a08f1809f6eb14f16140d0791bd03278c203b2d010e83a438dbc4475515fd24d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 30 Dec 2021 13:58:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
HJulrGPn6Iecs2bT50y9kA==
age
5289
vary
Accept-Encoding
content-length
28816
x-ms-lease-status
unlocked
last-modified
Tue, 17 Nov 2020 17:42:06 GMT
server
cloudflare
etag
0x8D88B201A3CDD08
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
71b3c05c-e01e-0018-3415-b6f573000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
6c5bc836b9700597-IAD
expires
Thu, 30 Dec 2021 17:58:17 GMT
baltimoresun.js
d1n00d49gkbray.cloudfront.net/js/ 		75 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d1n00d49gkbray.cloudfront.net/js/baltimoresun.js
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21ea:c400:9:7c30:be80:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
52a1bcfe57d41720ea9ca3591ee85d582aae3f2ac61d865ae746bf3db06a3998

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-server-side-encryption
AES256
date
Thu, 30 Dec 2021 08:44:36 GMT
content-encoding
gzip
last-modified
Wed, 21 Jul 2021 14:10:56 GMT
server
AmazonS3
age
18822
etag
W/"71c5820ca0ddb712c402e7a1bc2be005"
vary
Accept-Encoding
x-cache
Hit from cloudfront
x-amz-version-id
dg.Y.FuvQMWKqMX26FGvQwHiRTeJia4x
via
1.1 f91b1dd39ce8309d7fc575add365607f.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR50-C1
content-type
application/javascript; charset=utf-8
x-amz-cf-id
wKs45UkVigP365ILh8sUOu8mDRNWSVtW_zNGKlKJkApI2f3ACAYI6Q==
baltarc.min.js
www.tribdss.com/meter/ 		34 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.tribdss.com/meter/baltarc.min.js
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.217.25.136 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-217-25-136.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
22ab320d4b6f39cc9f1cfc18b7e02b4da4b2e2143bed52742123b5f35fd652ce
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 30 Dec 2021 13:58:17 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Status
200 OK
Connection
keep-alive
Content-Length
11011
X-Request-Id
e81eee3db24597d07b6205521e122d21
X-UA-Compatible
IE=Edge,chrome=1
X-Runtime
0.009493
X-Content-Digest
b9876c795decb1ade65c4112cc55697f1faec069
Last-Modified
Thu, 09 Dec 2021 20:42:51 GMT
Server
Apache
X-Host-Info
6ecdbc2312d6,; afa9101b11ffee6808bc0856b70b40f132c85c98 (HEAD -> refs/heads/release/2111.1.1, refs/remotes/origin/release/2111.1.1) DSS-16578: upgraded tribune_recurly_api gem to 1.0.6
ETag
15723928629302374197
Vary
Accept-Encoding
Content-Type
text/javascript; charset=utf-8
Cache-Control
public, must-revalidate, max-age=369
Httpd-Identifier
6ecdbc2312d6
X-Rack-Cache
fresh
ml.br.js
js.matheranalytics.com/static/ltm/ma89701/all/15/
Redirect Chain
  • https://js.matheranalytics.com/s/ma89701/197837615/all/sp.js?cb=1586
  • https://js.matheranalytics.com/static/ltm/ma89701/all/15/ml.br.js
146 KB
43 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.matheranalytics.com/static/ltm/ma89701/all/15/ml.br.js
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H2
Server
107.178.250.234 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
234.250.178.107.bc.googleusercontent.com
Software
nginx /
Resource Hash
292bcd0551ee500b1cc5c1416ce840c056f16075b5f83fb84c3cbcbd422fa5ee

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 05:17:28 GMT
content-encoding
br
last-modified
Wed, 11 Aug 2021 04:39:34 GMT
server
nginx
age
31249
etag
"6d7605f5ee32490954d7a8f6534eaa33"
vary
Accept-Encoding
x-cache
HIT Wed, 11 Aug 2021 04:49:08 GMT
content-type
application/x-javascript
via
1.1 google
cache-control
public,max-age=3600
alt-svc
clear
content-length
43436

Redirect headers

date
Thu, 30 Dec 2021 13:58:17 GMT
via
1.1 google
server
nginx
vary
Accept-Encoding
location
https://js.matheranalytics.com/static/ltm/ma89701/all/15/ml.br.js
cache-control
public, max-age=269200
alt-svc
clear
x-served-by
7-gc-useast4-30926
api.js
www.google.com/recaptcha/ 		884 B
999 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api.js?render=6Le9ZMIUAAAAAI5fS3P2dp4pUibhIqYeRd01EJ_Q
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:807::2004 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
ede4e066ba6f7824c19c64988f43ad8becc156469b410eae92d59abe3151ad4b
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=300
cross-origin-resource-policy
cross-origin
content-security-policy
frame-ancestors 'self'
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
586
x-xss-protection
1; mode=block
expires
Thu, 30 Dec 2021 13:58:17 GMT
/
www.baltimoresun.com/api/v2/render/feature/
Redirect Chain
  • https://www.baltimoresun.com/api/v2/render/feature?name=breaking-news-bar&uri=/zzz-breaking-news/&wrapper=false
  • https://www.baltimoresun.com/api/v2/render/feature/?name=breaking-news-bar&uri=/zzz-breaking-news/&wrapper=false
1 KB
858 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.baltimoresun.com/api/v2/render/feature/?name=breaking-news-bar&uri=/zzz-breaking-news/&wrapper=false
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H2
Server
2600:141b:13::17d7:822b New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
openresty /
Resource Hash
c480ca0670c3ed371600aae00aa1ad3e325207ab04d57d55cdda72e541e78739
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:17 GMT
content-encoding
gzip
last-modified
Thu, 30 Dec 2021 13:57:01 GMT
server
openresty
vary
Accept-Encoding
content-type
application/json;charset=UTF-8
cache-control
private, max-age=60
content-security-policy
upgrade-insecure-requests
server-timing
cdn-cache; desc=HIT, edge; dur=1
content-length
533
expires
Thu, 30 Dec 2021 13:59:17 GMT

Redirect headers

date
Thu, 30 Dec 2021 13:58:17 GMT
server
openresty
content-type
text/html
location
/api/v2/render/feature/?name=breaking-news-bar&uri=/zzz-breaking-news/&wrapper=false
cache-control
private, max-age=73
content-security-policy
upgrade-insecure-requests
server-timing
cdn-cache; desc=HIT, edge; dur=1
content-length
166
expires
Thu, 30 Dec 2021 13:59:30 GMT
features
www.baltimoresun.com/pb/api/v2/async/ 		15 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.baltimoresun.com/pb/api/v2/async/features?rid=rU2UvJ1o3l0yLs&contentUri=/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:13::17d7:822b New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
openresty /
Resource Hash
0a35349b8f48d352d79805b7cc32b971b2ca08f2b9532c8b4f1d75cc3fab7b99
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:17 GMT
content-encoding
gzip
server
openresty
vary
Accept-Encoding
content-type
application/json;charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=60
content-security-policy
upgrade-insecure-requests
server-timing
cdn-cache; desc=HIT, edge; dur=8
content-length
3156
expires
Thu, 30 Dec 2021 13:59:17 GMT
integrator.js
adservice.google.com/adsid/ 		107 B
549 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=www.baltimoresun.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:822::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 30 Dec 2021 13:58:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/ 		19 KB
8 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2285181733356244&correlator=1370395119214235&output=ldjh&impl=fifs&eid=31063899%2C31063706%2C44742768%2C31062930&vrg=2021120601&ptt=17&sc=1&sfv=1-0-38&ecs=20211230&iu_parts=4011%2Ctrb.baltimoresun%2Ccoronavirus&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=5x1&prev_scp=pos%3D1%26cnsd%3Dpts_darc_p1_uad%26zeus_rendercount%3D1%26zeus_slot%3D.init.dsk%26optimera%3DNULL&eri=1&cust_params=zeus%3Dapplied%26zeus_4011%3Dwww.baltimoresun.com%26epvid%3D1640872696710_243452589%26euuid%3Dpre-cache-no-id-available%26ua%3Dd%26ss%3Dl%26ref%3Dexternal%26instart%3Dfalse%26adb%3Dfalse%26apfv%3Dfalse%26apv%3Dfalse%26refresh%3Dfalse%26ptype%3Ds%26site%3Dtrb.baltimoresun%26slug%3Dbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4%26cid%3D5SOF2RXTNVFPJI4LKS3PUMIQD4%26at%3DtaxonomyTags%26kw%3Dtruecare%252Cdepartment%252Cray%252Chealth%252Ccontract%252Ccomplaint%252CTrueCare%252Cvaccine%252Cemail%252Cstate%252Cagency%252Ccdc%252Cdose%252Creport%252Ctemperature%252Cjohnson%252CRay%252Cpeople%252Cvaccines%252Cshot%252Cseetoo%252Ccompany%252Cinterview%252Cinformation%252Cemployee%26tg%3DInsuranceIndustry%26design%3Darc%26nopulse%3Dtrue&cookie_enabled=1&bc=31&abxe=1&lmt=1640870919&dt=1640872697459&dlt=1640872696606&idt=659&frm=20&biw=1600&bih=1200&oid=2&adxs=-12245933&adys=-12245933&adks=1221927657&ucis=1&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.baltimoresun.com%2Fcoronavirus%2Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&ref=https%3A%2F%2Ft.co%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1x0&msz=0x0&ga_vid=1820711798.1640872697&ga_sid=1640872697&ga_hid=2101761687&ga_fc=false&fws=128&ohw=0&btvi=-1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.72.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s32-in-f2.1e100.net
Software
cafe /
Resource Hash
743a61c3d4903f8b453a8e4d022b477acb5ca21066402fa987842ad8483c5f22
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:17 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8636
x-xss-protection
0
google-lineitem-id
972676256
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
138275481022
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.baltimoresun.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
container.html
76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame E27A 		6 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:821::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin
*
content-length
3108
date
Thu, 30 Dec 2021 13:58:17 GMT
expires
Fri, 30 Dec 2022 13:58:17 GMT
cache-control
public, immutable, max-age=31536000
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
187621-164323601241456.js
js-sec.indexww.com/ht/p/ Frame FCD2 		39 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js-sec.indexww.com/ht/p/187621-164323601241456.js
Requested by
Host: player.sendtonews.com
URL: https://player.sendtonews.com/player7/player/65.21.10/player.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.52.162.21 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-52-162-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
f82f6cf1599100b7836d8b8aa4bd5394e997849487dd6110d70908440c97fa64

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 30 Dec 2021 13:58:17 GMT
Content-Encoding
gzip
Last-Modified
Thu, 30 Dec 2021 13:16:55 GMT
Server
Apache
ETag
"da4c42-9a4f-5d45cde571a6e"
Vary
Accept-Encoding
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=1310
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
text/javascript
Content-Length
13270
Expires
Thu, 30 Dec 2021 14:20:07 GMT
data_read.php
embed.sendtonews.com/player4/ Frame FCD2 		41 KB
9 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://embed.sendtonews.com/player4/data_read.php?cmd=loadInitial&session=9O-d6nHSVOcDf6XQ&instance=384664&version=65.21.10&age=211230&ESG_key=N2Hxdj0R&type=float&EXTREF=https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&REF=https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&ogSet=1
Requested by
Host: player.sendtonews.com
URL: https://player.sendtonews.com/player7/player/65.21.10/player.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
50.17.208.58 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-50-17-208-58.compute-1.amazonaws.com
Software
Apache /
Resource Hash
ac5a10cba3423ecfae3c965801dc3200c34383d15fbdf7b5e1bde63475d866f6

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 30 Dec 2021 13:58:17 GMT
Content-Encoding
gzip
Server
Apache
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
max-age=1, no-cache="set-cookie"
Connection
keep-alive
Content-Length
8599
Expires
Thu, 30 Dec 2021 13:58:18 GMT
ima3.js
imasdk.googleapis.com/js/sdkloader/ Frame FCD2 		375 KB
124 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/sdkloader/ima3.js
Requested by
Host: player.sendtonews.com
URL: https://player.sendtonews.com/player7/player/65.21.10/player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:809::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
92492a41ed7dbc02f64b8f399adef0bc87063f9011ea0dcf397d19a8d484bfa7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
126523
x-xss-protection
0
expires
Thu, 30 Dec 2021 13:58:17 GMT
video.min.js
cdnjs.cloudflare.com/ajax/libs/video.js/7.11.4/ Frame FCD2 		524 KB
121 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/video.js/7.11.4/video.min.js
Requested by
Host: player.sendtonews.com
URL: https://player.sendtonews.com/player7/player/65.21.10/player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f66c72eba2fc065baa8d7efee6e00af0dbc191d553f4bfa46369a0ee6be00020
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:17 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
1798077
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
123688
timing-allow-origin
*
last-modified
Tue, 26 Jan 2021 19:48:42 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"6010721a-8304e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QP3%2Fqkl5dWazia%2FY912YWmt4pDdujlNRcg3jLaKEX8zA5548kH0JicP4%2FsS17BOReJnGxi%2BX%2F22DetAojS%2F1aOtpA6j83t8epjL39tAMKNZRv2EQiFMk9Nwq2j7HyxZalpa9YNvk8EOX9QF6DWke58ZL"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
6c5bc8378b107fae-IAD
expires
Tue, 20 Dec 2022 13:58:17 GMT
iscroll.min.js
cdnjs.cloudflare.com/ajax/libs/iScroll/5.2.0/ Frame FCD2 		32 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/iScroll/5.2.0/iscroll.min.js
Requested by
Host: player.sendtonews.com
URL: https://player.sendtonews.com/player7/player/65.21.10/player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
95ea62b1500600dbaf8354a2a2a8f0f9e9d023217c53bb215a9aaa0524a44efb
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:17 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
166779
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
7559
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:11:10 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03e9e-80dc"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6M%2F0jjysZCrdtZrA3h0BbQaVAx0p2iA2SiTClIXFzos6N6XR8fGh9xxCOmyfNuJ0eOYDscN%2BZUS8yrVQi%2BvWMRbc178Db43bSsWn2RkN4vP10Zv0Z7DS6HGBCR2nFFib%2B6OIBZ%2FfaMagkJuDBhmf1%2Fi4"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
6c5bc8378b127fae-IAD
expires
Tue, 20 Dec 2022 13:58:17 GMT
comScore.gt.min.js
d29xw9s9x32j3w.cloudfront.net/players/library/streamsense/6.3.4.190424/ Frame FCD2 		335 KB
59 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d29xw9s9x32j3w.cloudfront.net/players/library/streamsense/6.3.4.190424/comScore.gt.min.js
Requested by
Host: player.sendtonews.com
URL: https://player.sendtonews.com/player7/player/65.21.10/player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.31.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-31-90.ewr53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
37da4f4e9645bcde259d1669db9d2548d9ff4f80e72bbe405232924129ae4db7

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 08:12:08 GMT
content-encoding
gzip
last-modified
Thu, 16 Jan 2020 23:25:25 GMT
server
AmazonS3
age
20770
etag
W/"4a51b8991a6b67323936c2eb62e3518e"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 80bad22a3308bca7ca55a6da6a46dad4.cloudfront.net (CloudFront)
cache-control
max-age=86400
x-amz-cf-pop
EWR53-C2
x-amz-cf-id
9MKNMCK2WLJNIMMxTpnegOwbkDX47MyWNrItPUNKWrJjjuAlPZW79w==
prebid.js
d29xw9s9x32j3w.cloudfront.net/players/library/prebid/4.13.0/ Frame FCD2 		230 KB
230 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d29xw9s9x32j3w.cloudfront.net/players/library/prebid/4.13.0/prebid.js
Requested by
Host: player.sendtonews.com
URL: https://player.sendtonews.com/player7/player/65.21.10/player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.31.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-31-90.ewr53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
7adc0e82d10de0c5af74d068b95973ff1528ff242d6e35390d3d5ef718291471

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 08:19:27 GMT
via
1.1 80bad22a3308bca7ca55a6da6a46dad4.cloudfront.net (CloudFront)
last-modified
Tue, 27 Oct 2020 16:52:33 GMT
server
AmazonS3
age
20331
etag
"0d9ef44ff3701f373f18205e7e1bc16a"
x-cache
Hit from cloudfront
content-type
application/javascript
x-amz-cf-pop
EWR53-C2
accept-ranges
bytes
content-length
235425
x-amz-cf-id
0MWbkcYz3h_I1Zuwu8vNlEUBiLyD63HLpldb9OBgXJqVqwFhzbo13A==
css
fonts.googleapis.com/ Frame FCD2 		5 KB
660 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Open+Sans:400,600
Requested by
Host: player.sendtonews.com
URL: https://player.sendtonews.com/player7/player/65.21.10/player.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81d::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
2c347d58c696d6e371b92485f7705ffe574ed5eff3758f6fd919e6241caf19f2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Thu, 30 Dec 2021 12:18:55 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Thu, 30 Dec 2021 13:58:17 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 30 Dec 2021 13:58:17 GMT
video-js.min.css
cdnjs.cloudflare.com/ajax/libs/video.js/7.11.4/ Frame FCD2 		39 KB
10 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/video.js/7.11.4/video-js.min.css
Requested by
Host: player.sendtonews.com
URL: https://player.sendtonews.com/player7/player/65.21.10/player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5da3370ea81bf9fec16d0edc044663f919e8662c07c1d9e1e346c139f3e3aa0d
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:17 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
1259787
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
9062
timing-allow-origin
*
last-modified
Tue, 26 Jan 2021 19:48:42 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"6010721a-9c87"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yKLaSRnyUqTsqTa%2BGIe%2Bq%2FNiNKF7S5tDMZ4CrmDWTkOCpPOzdp6WWoORmt40mWOhreBULczR25eKEQSi7GycaMQ9mAGdO74L8cRfOUwcKRVUQNrbpZR5Z1psrEkcXyHy8RxZ%2BowtXf%2B0L5A8bZSoqcha"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
6c5bc8378b0f7fae-IAD
expires
Tue, 20 Dec 2022 13:58:17 GMT
stn_trk.gif
s2l.sendtonews.com/ Frame FCD2 		26 B
187 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s2l.sendtonews.com/stn_trk.gif?session=9O-d6nHSVOcDf6XQ&instance=384664&version=65.21.10&age=211230&cmd=PRE_INIT&key=N2Hxdj0R&order=1&EXTREF=https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&REF=https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&canonical=https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
100.25.5.11 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-100-25-5-11.compute-1.amazonaws.com
Software
Apache/2.4.41 (Ubuntu) /
Resource Hash
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:17 GMT
last-modified
Wed, 23 Dec 2020 21:38:39 GMT
server
Apache/2.4.41 (Ubuntu)
accept-ranges
bytes
etag
"1a-5b72883b37f80"
content-length
26
content-type
image/gif
js
www.google-analytics.com/gtm/ 		91 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/gtm/js?id=GTM-KGPD2QB&t=trb&cid=1820711798.1640872697
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81f::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
2f314df0392b589afa4804f597a2d613c286614bcea09f91bd19a539c0ce34ab
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:17 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36173
x-xss-protection
0
expires
Thu, 30 Dec 2021 13:58:17 GMT
embedcode.php
d3mmnnn9s2dcmq.cloudfront.net/player3/ 		81 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d3mmnnn9s2dcmq.cloudfront.net/player3/embedcode.php?fk=N2Hxdj0R&cid=4643&floatwidth=400&offsetx=0&offsety=50&floatposition=bottom-right
Requested by
Host: d3mmnnn9s2dcmq.cloudfront.net
URL: https://d3mmnnn9s2dcmq.cloudfront.net/shim/embed.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:210b:3800:e:f240:cc80:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
5b9e14d715735265ef2a440f07ea9bb0e0738028232e1579de99b13cbce91cc1

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:17 GMT
content-encoding
gzip
server
Apache
x-amz-cf-pop
EWR53-C3
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/javascript
via
1.1 b35f01abdb74e50c7c770d66cb11b73b.cloudfront.net (CloudFront)
cache-control
max-age=3600, no-cache="set-cookie"
content-length
26300
x-amz-cf-id
X66FlKliTaslOeyrklovWiVXKTJpda8pv9GhXaz4iny0CqvPl7o0HQ==
expires
Thu, 30 Dec 2021 14:58:17 GMT
L3TX4QCNOVHBPL7ZYVF6PFKZYA.jpg
www.baltimoresun.com/resizer/PYRhrd4eCfZBEfQoVqgSCD7lwKE=/64x64/top/www.baltimoresun.com/resizer/YxfYj4zcy3m5-XmMZOiXLaNM_4s=/cloudfront-us-east-1.images.arcpublishing.com/tronc/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.baltimoresun.com/resizer/PYRhrd4eCfZBEfQoVqgSCD7lwKE=/64x64/top/www.baltimoresun.com/resizer/YxfYj4zcy3m5-XmMZOiXLaNM_4s=/cloudfront-us-east-1.images.arcpublishing.com/tronc/L3TX4QCNOVHBPL7ZYVF6PFKZYA.jpg
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:13::17d7:822b New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Akamai Image Manager /
Resource Hash
b3367b9bb32575edaee47af62f00bf91924bb4c54ac355ea1336fff9b9e2c19e
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:17 GMT
x-check-cacheable
YES
x-serial
922
etag
"20770ccabe8a1cd3636c6d184e163e47bf7600fc"
content-type
image/jpeg
cache-control
private, no-transform, max-age=31522791
last-modified
Thu, 30 Dec 2021 10:17:22 GMT
content-security-policy
upgrade-insecure-requests
server-timing
cdn-cache; desc=HIT, edge; dur=13
content-length
2936
server
Akamai Image Manager
expires
Fri, 30 Dec 2022 10:18:08 GMT
ZGGPOJ545JEPDOTY7TVRHWWJRI.jpg
www.baltimoresun.com/resizer/dqHRegvChdTCMUWI--AQ-Lw8fRY=/64x64/top/www.baltimoresun.com/resizer/79a5pTGllaV3B6QDfYWA3OgbtKw=/cloudfront-us-east-1.images.arcpublishing.com/tronc/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.baltimoresun.com/resizer/dqHRegvChdTCMUWI--AQ-Lw8fRY=/64x64/top/www.baltimoresun.com/resizer/79a5pTGllaV3B6QDfYWA3OgbtKw=/cloudfront-us-east-1.images.arcpublishing.com/tronc/ZGGPOJ545JEPDOTY7TVRHWWJRI.jpg
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:13::17d7:822b New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Akamai Image Manager /
Resource Hash
3cb4b4bb82f8d327fdb36e8f7df44603109ef4ad45689b9f3602970a2e0a7d1a
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:17 GMT
last-modified
Thu, 30 Dec 2021 10:28:06 GMT
server
Akamai Image Manager
etag
"1f93a0788f7329d1abfa247b7905f75683e81194"
content-type
image/jpeg
cache-control
private, no-transform, max-age=31523394
content-security-policy
upgrade-insecure-requests
server-timing
cdn-cache; desc=HIT, edge; dur=1
content-length
2005
expires
Fri, 30 Dec 2022 10:28:11 GMT
XWHMKZXVKBDY7CGTACZ3M7E4QU.jpg
www.baltimoresun.com/resizer/21V4iv7OgD07BdZw41vzL1cCqjQ=/64x64/top/www.baltimoresun.com/resizer/doiTOWchmZvWnPEzo4L40bp5fkY=/cloudfront-us-east-1.images.arcpublishing.com/tronc/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.baltimoresun.com/resizer/21V4iv7OgD07BdZw41vzL1cCqjQ=/64x64/top/www.baltimoresun.com/resizer/doiTOWchmZvWnPEzo4L40bp5fkY=/cloudfront-us-east-1.images.arcpublishing.com/tronc/XWHMKZXVKBDY7CGTACZ3M7E4QU.jpg
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:13::17d7:822b New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Akamai Image Manager /
Resource Hash
73a33835cc68bbeb09caab7383bd8c03b2b734a2f499dc04523ea54775dae7de
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:17 GMT
last-modified
Wed, 29 Dec 2021 18:15:36 GMT
server
Akamai Image Manager
etag
"06329048ca23f36dc1fcb1209bd8fdc700b5ce75"
content-type
image/jpeg
cache-control
private, no-transform, max-age=31465041
content-security-policy
upgrade-insecure-requests
server-timing
cdn-cache; desc=HIT, edge; dur=1
content-length
2019
expires
Thu, 29 Dec 2022 18:15:38 GMT
L3TX4QCNOVHBPL7ZYVF6PFKZYA.jpg
www.baltimoresun.com/resizer/0XPjXQ_j-XX8NuvWa7VnBACDieU=/72x72/top/cloudfront-us-east-1.images.arcpublishing.com/tronc/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.baltimoresun.com/resizer/0XPjXQ_j-XX8NuvWa7VnBACDieU=/72x72/top/cloudfront-us-east-1.images.arcpublishing.com/tronc/L3TX4QCNOVHBPL7ZYVF6PFKZYA.jpg
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:13::17d7:822b New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Akamai Image Manager /
Resource Hash
be1305021803860a3154678e54b963e877079a0a270950512b7b42f7e6ffe922
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:17 GMT
last-modified
Thu, 30 Dec 2021 10:06:54 GMT
server
Akamai Image Manager
etag
"67684e95a25f9ff980161996c0e46c8c92c071c1"
content-type
image/jpeg
cache-control
private, no-transform, max-age=31522166
content-security-policy
upgrade-insecure-requests
server-timing
cdn-cache; desc=HIT, edge; dur=6
content-length
3453
expires
Fri, 30 Dec 2022 10:07:43 GMT
SJU4AITZJRBQVMM4L2HY5ITRBA.jpg
www.baltimoresun.com/resizer/wbZ_78W2OwqvXpWPpbVn9p1CYZs=/64x64/top/www.baltimoresun.com/resizer/ku9heJFqPy47DTI_USHB8Dz1QAI=/cloudfront-us-east-1.images.arcpublishing.com/tronc/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.baltimoresun.com/resizer/wbZ_78W2OwqvXpWPpbVn9p1CYZs=/64x64/top/www.baltimoresun.com/resizer/ku9heJFqPy47DTI_USHB8Dz1QAI=/cloudfront-us-east-1.images.arcpublishing.com/tronc/SJU4AITZJRBQVMM4L2HY5ITRBA.jpg
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:13::17d7:822b New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Akamai Image Manager /
Resource Hash
2913e580b9b9ea178e0eb7797ced71471f7913cfe34b496ec09087d1d1ae8c0f
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:17 GMT
last-modified
Thu, 30 Dec 2021 11:14:48 GMT
server
Akamai Image Manager
etag
"043ccf7e8c167ef9f547c24e7d80d38881da3714"
content-type
image/jpeg
cache-control
private, no-transform, max-age=31526231
content-security-policy
upgrade-insecure-requests
server-timing
cdn-cache; desc=HIT, edge; dur=14
content-length
1745
expires
Fri, 30 Dec 2022 11:15:28 GMT
U43DKCTWM5DO7AM3OLMR2YRH3I.JPG
www.baltimoresun.com/resizer/eEMQdUjHiDunFeG17qOZQEBEqOA=/72x72/top/cloudfront-us-east-1.images.arcpublishing.com/tronc/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.baltimoresun.com/resizer/eEMQdUjHiDunFeG17qOZQEBEqOA=/72x72/top/cloudfront-us-east-1.images.arcpublishing.com/tronc/U43DKCTWM5DO7AM3OLMR2YRH3I.JPG
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:13::17d7:822b New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Akamai Image Manager /
Resource Hash
cdb8d65e43d8930b10e65e16b0a3cb96c597e644967bd8a9db45fb4b7bb1a89d
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:17 GMT
x-check-cacheable
YES
x-serial
937
etag
"7b3894c40a92c4b74fcfdb75125f1aca47a9b39c"
content-type
image/jpeg
cache-control
private, no-transform, max-age=31459054
last-modified
Wed, 29 Dec 2021 16:35:39 GMT
content-security-policy
upgrade-insecure-requests
server-timing
cdn-cache; desc=MISS, edge; dur=1, origin; dur=352
content-length
3519
server
Akamai Image Manager
expires
Thu, 29 Dec 2022 16:35:51 GMT
/
p1.parsely.com/plogger/ 		43 B
259 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://p1.parsely.com/plogger/?rand=1640872697613&plid=7309115&idsite=baltimoresun.com&url=https%3A%2F%2Fwww.baltimoresun.com%2Fcoronavirus%2Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&urlref=https%3A%2F%2Ft.co%2F&screen=1600x1200%7C1600x1200%7C24&data=%7B%7D&sid=1&surl=https%3A%2F%2Fwww.baltimoresun.com%2Fcoronavirus%2Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&sref=https%3A%2F%2Ft.co%2F&sts=1640872697600&slts=0&title=Whistleblower+alleges+Maryland+health+officials+failed+to+alert+hundreds+of+patients+of+potentially+spoiled+vaccines+-+Baltimore+Sun&date=Thu+Dec+30+2021+13%3A58%3A17+GMT%2B0000+(GMT)&action=pageview&pvid=25295982&u=pid%3Dee90289ea67d019d6050b44ace2bc40b
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.205.167.202 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-205-167-202.compute-1.amazonaws.com
Software
nginx /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 30 Dec 2021 13:58:17 GMT
Cache-Control
no-cache
Last-Modified
Thursday, 30-Dec-2021 13:58:17 GMT
Server
nginx
Connection
keep-alive
Content-Length
43
Content-Type
image/gif
data_read.php
embed.sendtonews.com/player4/ Frame FCD2 		20 KB
4 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://embed.sendtonews.com/player4/data_read.php?cmd=loadInitial&session=9O-d6nHSVOcDf6XQ&instance=384664&version=65.21.10&age=211230&ESG_key=f9GyrBkw&type=float&EXTREF=https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&REF=https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&ogSet=1
Requested by
Host: player.sendtonews.com
URL: https://player.sendtonews.com/player7/player/65.21.10/player.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
50.17.208.58 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-50-17-208-58.compute-1.amazonaws.com
Software
Apache /
Resource Hash
41d15bcac88d0a213dffe9a69c69cb84bf5d69ac5fc7045791d794c2db96a0d8

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 30 Dec 2021 13:58:17 GMT
Content-Encoding
gzip
Server
Apache
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
max-age=1, no-cache="set-cookie"
Connection
keep-alive
Content-Length
3397
Expires
Thu, 30 Dec 2021 13:58:18 GMT
stn_trk.gif
s2l.sendtonews.com/ Frame FCD2 		26 B
186 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s2l.sendtonews.com/stn_trk.gif?session=9O-d6nHSVOcDf6XQ&instance=384664&version=65.21.10&age=211230&cmd=PRE_INIT&key=N2Hxdj0R&order=2&EXTREF=https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&REF=https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&canonical=https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
100.25.5.11 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-100-25-5-11.compute-1.amazonaws.com
Software
Apache/2.4.41 (Ubuntu) /
Resource Hash
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:17 GMT
last-modified
Wed, 23 Dec 2020 21:38:39 GMT
server
Apache/2.4.41 (Ubuntu)
accept-ranges
bytes
etag
"1a-5b72883b37f80"
content-length
26
content-type
image/gif
0.js
player.sendtonews.com/bidderFiles/ Frame FCD2 		0
0
analytics.min.js
cdn.resonate.com/analytics.js/v1/200302733/ Frame FCD2 		185 KB
47 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.resonate.com/analytics.js/v1/200302733/analytics.min.js
Requested by
Host: player.sendtonews.com
URL: https://player.sendtonews.com/player7/player/65.21.10/player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.12.242 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9000ac6e87387641c9ef778db9586e320bf451e28815384c5e72b689876bcc90
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:17 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
server
cloudflare
age
12607339
etag
W/"551756787971b257da9f419bdc840bdf3a84e9696"
surrogate-control
max-age=63072000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type
application/javascript;charset=UTF-8
cache-control
max-age=3600
strict-transport-security
max-age=15552000
cf-ray
6c5bc83899910654-IAD
x-application-context
services-js-tag:default,prod:8089
view
securepubads.g.doubleclick.net/pcs/ Frame 8460 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstMqukvfSm5hsoxMwrCwynnyjIi5Jjup7dNNUjXNq-kGoX5V83YrDVkCNNNozKfqGnZ8ECCXOv3-5TkQYIxEatPYzsgs67eg2Bi0mtxhlVZQHlGqtxmUe5IwnHv4NCD9EVHBwOfbtNfuiilaC93y3eCpLIF2Wq9WYo49qHcPKMljwu5xC_HhIaqeI3X86iFGH1Am417jHlSRQqgnsW2UqaMzAA_cv9nM-O_tMrKrRlloXvRAuXRtPszrfRX0gNzEswvsuRHQX5m3rZfjwU0Ui2JJfFwvAQIAWet-eDnzFVW_XRfCs5pfozp3MolYro7KGTMizzhHMQOPE6KsiRv&sai=AMfl-YRjexUWnh3j1J38V1OGnEBGOgVjM2Ya6_M1amHUHGs-Xt_flSXNhiHCp9eW2UoDWILelAwiEIfzfnL9qYjIJt3vNbRn2DVdhhL5ZFsATlG0heoFeuh4xC4TQOvXuc0&sig=Cg0ArKJSzDBRsW7dbavNEAE&uach_m=[UACH]&urlfix=1&adurl=
Requested by
Host: t.co
URL: https://t.co/sWUTVYxdMM
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.72.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s32-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 30 Dec 2021 13:58:17 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
expires
Thu, 30 Dec 2021 13:58:17 GMT
tag
a.teads.tv/page/105056/ Frame 8460 		14 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://a.teads.tv/page/105056/tag
Requested by
Host: t.co
URL: https://t.co/sWUTVYxdMM
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.41.169.52 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-41-169-52.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
6a97efa44f7becd1edf3da18b9b332485c45ed390e5aa03833d5bd2fd7d7c4cf

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:17 GMT
content-encoding
gzip
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, must-revalidate, max-age=3600
access-control-allow-credentials
true
content-length
2278
expires
Thu, 30 Dec 2021 14:58:17 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 8460 		119 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: t.co
URL: https://t.co/sWUTVYxdMM
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:816::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37305
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1638461285297402"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Thu, 30 Dec 2021 13:58:17 GMT
pixel
protected-by.clarium.io/ Frame 8460 		68 B
345 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://protected-by.clarium.io/pixel?tag=wt_aVBOajRZdVhldkkxcjBlSU5uWHNPTlRmSWJjLzMwOTk0NzMzNjo1eDE=&v=5&s=v31fo5q4nrg&id=eyJkZnAiOnsiYWQiOjM0NTA4NTM3NiwiYyI6MTM4Mjc1NDgxMDIyLCJsIjo5NzI2NzYyNTYsIm8iOjMwOTk0NzMzNiwiQSI6Ii80MDExL3RyYi5iYWx0aW1vcmVzdW4vY29yb25hdmlydXMiLCJ5IjowLCJjbyI6MCwicyI6InpldXNfdGVhZHMifX0%3D&sb=undefined&cb=7468555&h=www.baltimoresun.com&d=eyJ3aCI6ImFWQk9halJaZFZobGRra3hjakJsU1U1dVdITlBUbFJtU1dKakx6TXdPVGswTnpNek5qbzFlREU9Iiwid2QiOnsibyI6MzA5OTQ3MzM2LCJ3IjoiNSIsImgiOiIxIn0sIndyIjoyfQ==
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.228.250.212 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-228-250-212.compute-1.amazonaws.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
69539b5b3777cffda28a66d7f2aa9b17c91ee1ec8fd50c00c442af91753a60f7

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 30 Dec 2021 13:58:17 GMT
Server
nginx/1.14.0 (Ubuntu)
Content-Type
image/png
Cache-Control
no-store, no-cache, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
68
Expires
Sat, 26 Jul 1997 05:00:00 GMT
/
geo.privacymanager.io/ 		30 B
596 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://geo.privacymanager.io/
Requested by
Host: ats.rlcdn.com
URL: https://ats.rlcdn.com/ats.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.63.128 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-63-128.ewr53.r.cloudfront.net
Software
/
Resource Hash
c4f5de2583549a064e85576592324508ba933122fe0adcc4ab03601fd61271b2

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 03:15:56 GMT
via
1.1 2b0c54ffe9876882253b010d44184bdd.cloudfront.net (CloudFront), 1.1 19f59f4851bd1754171a506ce0726a08.cloudfront.net (CloudFront)
age
38541
x-amzn-requestid
329fa6b8-84df-4146-ab28-a88793f86a57
access-control-allow-methods
DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
content-type
application/json
access-control-allow-origin
*
x-amzn-trace-id
Root=1-61cd246c-3a0871de38d8ad370f857258;Sampled=0
x-cache
Hit from cloudfront
x-amz-cf-pop
IAD89-P2, EWR53-C1
x-amz-apigw-id
LJKg6FjSjoEFw8g=
content-length
30
x-amz-cf-id
rjR_EBC2PS-hKSVjdWMEYpKfmotVMPqcxNtkTT2AIzAsTmEfqX0Jig==
access-control-allow-headers
Content-Type,Authorization,X-Amz-Date,X-Api-Key,X-Amz-Security-Token
recaptcha__en.js
www.gstatic.com/recaptcha/releases/VZKEDW9wslPbEc9RmzMqaOAP/ 		344 KB
135 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/VZKEDW9wslPbEc9RmzMqaOAP/recaptcha__en.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?render=6Le9ZMIUAAAAAI5fS3P2dp4pUibhIqYeRd01EJ_Q
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:822::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
de40f8e9a13821460fad3250442ee45458a1073661d67758f325b3a354995dd3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.baltimoresun.com/
Origin
https://www.baltimoresun.com
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 02:46:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
40308
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
137533
x-xss-protection
0
last-modified
Mon, 13 Dec 2021 05:04:24 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin-allow-popups; report-to="recaptcha"
expires
Fri, 30 Dec 2022 02:46:29 GMT
swg.js
news.google.com/swg/js/v1/ 		140 KB
44 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://news.google.com/swg/js/v1/swg.js
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/pb/resources/gdist/1182ffa19d76d40ef0af/balnews/balnews-lib1182ffa19d76d40ef0af.js?v=299
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:816::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8f6bf9f240f49eeb1c8ad27bdbf484cbc28286f040d5589c37d354b14d429deb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:42:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
975
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/news-frontend
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
44426
x-xss-protection
0
last-modified
Wed, 15 Dec 2021 19:34:45 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="news-frontend"
vary
Accept-Encoding
report-to
{"group":"news-frontend","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/news-frontend"}]}
content-type
text/javascript
cache-control
public, max-age=3000
accept-ranges
bytes
expires
Thu, 30 Dec 2021 14:32:02 GMT
baltarc-reaction-1q2w3-15079654087562583373.min.js
www.tribdss.com/meter/assets/ 		59 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.tribdss.com/meter/assets/baltarc-reaction-1q2w3-15079654087562583373.min.js
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/pb/resources/gdist/1182ffa19d76d40ef0af/balnews/balnews-lib1182ffa19d76d40ef0af.js?v=299
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.217.25.136 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-217-25-136.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
4483fd79fda349ebff0e396f6bff63c4c78628faa8eaa6fac607b7c1a3ec44f6
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 30 Dec 2021 13:58:17 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Status
200 OK
Connection
keep-alive
Content-Length
13121
X-Request-Id
be12fad81290312a6196eb13a3e88c90
X-UA-Compatible
IE=Edge,chrome=1
X-Runtime
0.007509
X-Content-Digest
1e18aea72fb60b61ca66a24eaf4c0f9aae051f0b
Last-Modified
Thu, 02 Dec 2021 17:04:44 GMT
Server
Apache
X-Host-Info
991d2021f252,; 3bce5a12c27b2f59d5a29616b34fdce86b5e138a (HEAD -> refs/heads/release/2111.1.1, refs/remotes/origin/release/2111.1.1) dss 16509 ftp host name changed to PROD route53 value
ETag
15079654087562583373
Vary
Accept-Encoding
Content-Type
text/javascript; charset=utf-8
Cache-Control
public, max-age=29127940
Httpd-Identifier
991d2021f252
X-Rack-Cache
miss, store
chartbeat.js
static.chartbeat.com/js/ 		36 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.chartbeat.com/js/chartbeat.js
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21da:e000:18:1fcd:34f:cdc1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
e2c28f3e8b6a2e5170859e67cff3e8240e6b888d02005306ef3d2129f5cbd74c

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:23:29 GMT
content-encoding
gzip
last-modified
Thu, 28 Oct 2021 00:27:20 GMT
server
nginx
age
2088
etag
W/"6179ee68-8e96"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/x-javascript
via
1.1 151ae48d84442f69dffa181fc68bc1da.cloudfront.net (CloudFront)
cache-control
max-age=7200
cross-origin-resource-policy
cross-origin
x-amz-cf-pop
EWR53-C1
x-amz-cf-id
2Glk-o1E2OmK68O4DdpFtkV7Ba8qOLde_f5C7malShuuuRKyhI0WyA==
expires
Thu, 30 Dec 2021 15:23:29 GMT
OneSignalSDK.js
cdn.onesignal.com/sdks/ 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.onesignal.com/sdks/OneSignalSDK.js
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:e134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
88522cca257c7b55886862e9549236b005c2fcbb1246bcd986621476739c2127

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:17 GMT
content-encoding
br
cf-cache-status
HIT
server
cloudflare
age
667
etag
W/"f138f96bdde8c4ff4dce4300db918980"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=259200
cf-ray
6c5bc839497681cf-IAD
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires
Sun, 02 Jan 2022 13:58:17 GMT
v2eemfb2--CI0VJ9xjYIcqOygppWEnXGap23S5PLx7ZNB4Lciz3BUGqe_grs5AINH
smoggysnakes.com/ 		89 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://smoggysnakes.com/v2eemfb2--CI0VJ9xjYIcqOygppWEnXGap23S5PLx7ZNB4Lciz3BUGqe_grs5AINH
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.201.103.212 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
212.103.201.35.bc.googleusercontent.com
Software
/
Resource Hash
8febc33037e91109f63df5b8e0a847bece52adb0ad7363ac3c781b1977b6f046
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; preload

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=15724800; preload
content-encoding
br
x-datacenter
gce-us-east1
etag
"4d7eafef60436c93308d16f57d11d72e2d35c6c94d2d83b030faed9a947dd5fe"
vary
Accept-Encoding, Accept-Language
x-hostname
c2e225f0
content-type
text/javascript; charset=utf-8
cache-control
private, must-revalidate, max-age=21600
date
Thu, 30 Dec 2021 13:58:17 GMT
timing-allow-origin
*
feature-decisions
zephr.baltimoresun.com/zephr/ 		26 KB
6 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://zephr.baltimoresun.com/zephr/feature-decisions
Requested by
Host: assets.zephr.com
URL: https://assets.zephr.com/zephr-browser/1.3.9/zephr-browser.umd.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.31.111 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-31-111.ewr53.r.cloudfront.net
Software
/
Resource Hash
dae36d368a9c9dac3efbec409d87a6254e793f221336a31e0bb159ec1258b7cb

Request headers

Accept
application/json
Referer
https://www.baltimoresun.com/
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/json

Response headers

date
Thu, 30 Dec 2021 13:58:17 GMT
content-encoding
gzip
x-amz-cf-pop
EWR53-C2
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://www.baltimoresun.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Accept,Origin,Keep-Alive,Content-Type,User-Agent,Referer,Accept-Language,Cookie,Authorization,Cache-Control,Expires,Access-Control-Request-Method,Access-Control-Request-Headers,Accept-Encoding
x-amz-cf-id
7u8QYUbg_POcO7bP_CXs0-17f37QFpszGHgejshlnKrh7OpDB_NWqA==
via
1.1 15b896d254f935ae71226074f7ea14b7.cloudfront.net (CloudFront)
x-blaize-request
7479db7
feature-decisions
zephr.baltimoresun.com/zephr/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://zephr.baltimoresun.com/zephr/feature-decisions
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.31.111 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-31-111.ewr53.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
content-type
Origin
https://www.baltimoresun.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

content-length
0
date
Wed, 29 Dec 2021 23:06:49 GMT
access-control-allow-origin
https://www.baltimoresun.com
access-control-allow-methods
POST,PUT,PATCH,GET,DELETE,OPTIONS,HEAD
access-control-allow-headers
Accept,Origin,Keep-Alive,Content-Type,User-Agent,Referer,Accept-Language,Cookie,Authorization,Cache-Control,Expires,Access-Control-Request-Method,Access-Control-Request-Headers,Accept-Encoding
access-control-allow-credentials
true
x-cache
Hit from cloudfront
via
1.1 2ef71b29bcfbfc8755cad5f92a3c329b.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR53-C2
x-amz-cf-id
ujstW6JLyAHUzPmkMsUFUqRBfhw9ROGBQWA30be6W_BdOknfgsqTtA==
age
53488
SmarterHandler.ashx
tr2.smarterhq.io/app1/ 		297 B
419 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tr2.smarterhq.io/app1/SmarterHandler.ashx?r=626994067&i=z0envlhhwy-1&cb=_smtr.postprocess&cu=true&bv=2.7.17&utc=0&pt=0&href=https%3A%2F%2Fwww.baltimoresun.com%2Fcoronavirus%2Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&hostn=www.baltimoresun.com&pathn=%2Fcoronavirus%2Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&ref=https%3A%2F%2Ft.co%2F
Requested by
Host: d1n00d49gkbray.cloudfront.net
URL: https://d1n00d49gkbray.cloudfront.net/js/baltimoresun.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.197.95.142 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-197-95-142.compute-1.amazonaws.com
Software
Kestrel /
Resource Hash
a7579b34641a4373479f073a7a2d5db0f9ee13d11b7a1e01a54d6eb2fa1f0ad7

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:17 GMT
cache-control
no-store,no-cache
server
Kestrel
content-length
297
content-type
text/javascript
PugMaster
image6.pubmatic.com/AdServer/ Frame 4E62 		2 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=31843931&p=159890&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=159890&s=&predirect=&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
8.28.7.81 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
65873c98a919ec2951e9a6634cf09bd7b4b96db870352f14795ad6d2305babd9

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:17 GMT
content-type
text/html; charset=UTF-8
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
/
id.sv.rkdms.com/identity/ Frame FCD2 		66 B
353 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://id.sv.rkdms.com/identity/?vendor=idsv2&sv_cid=5274_04512&sv_pubid=SENDTONEWS&sv_domain=www.baltimoresun.com
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/187621-164323601241456.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.82.87.39 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-82-87-39.compute-1.amazonaws.com
Software
nginx/1.20.1 /
Resource Hash
5c30ea983a08b3944d7e078647b151862d0df28c0a646aac568c53c6460ab408

Request headers

Referer
https://www.baltimoresun.com/
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

access-control-allow-origin
https://www.baltimoresun.com
date
Thu, 30 Dec 2021 13:58:17 GMT
access-control-allow-credentials
true
server
nginx/1.20.1
content-length
66
vary
Origin
content-type
application/json
iu3
s.amazon-adsystem.com/ Frame 6921
Redirect Chain
  • https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-index_pm-db5_ym_rbd_n-vmg_ox-db5_kg_an-db5_3lift
  • https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-index_pm-db5_ym_rbd_n-vmg_ox-db5_kg_an-db5_3lift&dcc=t
267 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-index_pm-db5_ym_rbd_n-vmg_ox-db5_kg_an-db5_3lift&dcc=t
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
209.54.180.144 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
9c67c6ca53fca0eef341d51edaec7d3e4111b3260bc0dfab22407901a9246ec3
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/

Response headers

Server
Server
Date
Thu, 30 Dec 2021 13:58:17 GMT
Content-Type
text/html;charset=ISO-8859-1
Content-Length
267
Connection
keep-alive
x-amz-rid
ZNQMEC17FH5153JQWSF2
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma
no-cache
Expires
Thu, 01 Jan 1970 00:00:00 GMT
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Permissions-Policy
interest-cohort=()

Redirect headers

Server
Server
Date
Thu, 30 Dec 2021 13:58:17 GMT
Content-Length
0
Connection
keep-alive
x-amz-rid
VZHMZX2Q78EGBYK3WF2M
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma
no-cache
Expires
Thu, 01 Jan 1970 00:00:00 GMT
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-index_pm-db5_ym_rbd_n-vmg_ox-db5_kg_an-db5_3lift&dcc=t
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Permissions-Policy
interest-cohort=()
otFloatingFlat.json
cdn.cookielaw.org/scripttemplates/6.9.0/assets/ 		9 KB
3 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/6.9.0/assets/otFloatingFlat.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.9.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
29726e833f4940e76823406599378dfda2812b5c91a6653cec78e722f1e40df8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 30 Dec 2021 13:58:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
jnIqF1I3VU9Tt9MWO4LDDw==
age
6270750
vary
Accept-Encoding
content-length
2709
x-ms-lease-status
unlocked
last-modified
Fri, 20 Nov 2020 16:34:04 GMT
server
cloudflare
etag
0x8D88D7217F82E19
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
7595dfc9-e01e-0031-306c-c48331000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
6c5bc8398c6c0597-IAD
otPcCenter.json
cdn.cookielaw.org/scripttemplates/6.9.0/assets/v2/ 		46 KB
11 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/6.9.0/assets/v2/otPcCenter.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.9.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f5dbd2985ef2d22745931d04bb5d212624b46d3f79458331e8625a7c2e61b287
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 30 Dec 2021 13:58:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
SyeN6ChPWcrwm5vVybzGmw==
age
6270750
vary
Accept-Encoding
content-length
11368
x-ms-lease-status
unlocked
last-modified
Fri, 20 Nov 2020 16:34:05 GMT
server
cloudflare
etag
0x8D88D721902A23F
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
f0f209df-201e-000e-106c-c434ed000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
6c5bc8398c6d0597-IAD
lt.iframe.html
tags.crwdcntrl.net/lt/shared/2/ Frame 2B9D 		2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tags.crwdcntrl.net/lt/shared/2/lt.iframe.html?c=13200
Requested by
Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/13200/lt.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.230.162.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-54-230-162-121.ewr53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
63cf7a38baaaaebc012cfc355797544949b60c040b5da57560f26d88502d1372

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/

Response headers

content-type
text/html
date
Wed, 29 Dec 2021 16:10:18 GMT
last-modified
Mon, 01 Feb 2021 20:35:17 GMT
etag
W/"6fcf4f5197ab24c92d090f6ac8d87e01"
x-amz-server-side-encryption
AES256
cache-control
max-age: 86400
server
AmazonS3
content-encoding
gzip
vary
Accept-Encoding
x-cache
Hit from cloudfront
via
1.1 6886c621d4716e156349149ba8d65b41.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR53-C3
x-amz-cf-id
XzPb_AgH9wvGXlrFCSDcVi8zBRI--l1gRuoxh-X10OElf94wtS7-kQ==
age
78480
Test_oPS_Script_Loads
sqs.us-east-1.amazonaws.com/397719490216/ 		378 B
658 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://sqs.us-east-1.amazonaws.com/397719490216/Test_oPS_Script_Loads?Action=SendMessage&MessageBody=cid%3D3%26bt%3Dnull
Requested by
Host: d15kdpgjg3unno.cloudfront.net
URL: https://d15kdpgjg3unno.cloudfront.net/oPS.js?cid=3
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.236.169.69 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-236-169-69.compute-1.amazonaws.com
Software
/
Resource Hash
b9b1bace72c2e9a6deb4ccf206cbfce43fcbd4016cfd553151681847ed29ee04

Request headers

Referer
https://www.baltimoresun.com/
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

Access-Control-Allow-Origin
*
Date
Thu, 30 Dec 2021 13:58:17 GMT
Access-Control-Expose-Headers
x-amzn-RequestId,x-amzn-ErrorType,x-amzn-ErrorMessage,Date
x-amzn-RequestId
b7914b16-14d9-5b99-af1e-1151a9e0c164
Content-Length
378
Content-Type
text/xml
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v27/ Frame FCD2 		44 KB
44 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v27/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:400,600
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:823::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
88915cdc03fc5b9a20aec966fe93ee38aa3fd76bfef296e41d305271b3541c96
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.baltimoresun.com
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Mon, 27 Dec 2021 22:58:42 GMT
x-content-type-options
nosniff
age
226775
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
44656
x-xss-protection
0
last-modified
Thu, 28 Oct 2021 00:30:43 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Tue, 27 Dec 2022 22:58:42 GMT
led5or6qk6basanc4h88aotofqriy51h.jpg
d29xw9s9x32j3w.cloudfront.net/videos/video_thumb/SM/ Frame FCD2 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d29xw9s9x32j3w.cloudfront.net/videos/video_thumb/SM/led5or6qk6basanc4h88aotofqriy51h.jpg
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.31.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-31-90.ewr53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
7fbe6dbf4ac7e741238f60512586f324d925ac691b726a24edf9722354863d84

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 29 Dec 2021 17:11:22 GMT
via
1.1 80bad22a3308bca7ca55a6da6a46dad4.cloudfront.net (CloudFront)
last-modified
Wed, 29 Dec 2021 17:09:46 GMT
server
AmazonS3
age
74816
etag
"20159650f79b50b30a9fab31c50c4cc4"
x-cache
Hit from cloudfront
content-type
image/jpeg
x-amz-storage-class
REDUCED_REDUNDANCY
content-disposition
attachment
x-amz-cf-pop
EWR53-C2
accept-ranges
bytes
content-length
2102
x-amz-cf-id
GSBkOVAddUfrtVSpiW6mtqeOmyQMR3_3sfNP2fKedOQTQV4C5WTvUg==
u29sn5ttse8n6rhdwo95eia94irwtq1t.jpg
d29xw9s9x32j3w.cloudfront.net/videos/video_thumb/SM/ Frame FCD2 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d29xw9s9x32j3w.cloudfront.net/videos/video_thumb/SM/u29sn5ttse8n6rhdwo95eia94irwtq1t.jpg
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.31.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-31-90.ewr53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
8a76c01fae94a20d97921ff32659e57cb8d566803422e70df351adeeaf56b515

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 12:45:11 GMT
via
1.1 80bad22a3308bca7ca55a6da6a46dad4.cloudfront.net (CloudFront)
last-modified
Thu, 30 Dec 2021 12:38:08 GMT
server
AmazonS3
age
4387
etag
"9ad10d8daed05b928115e09c3e3ac034"
x-cache
Hit from cloudfront
content-type
image/jpeg
x-amz-storage-class
REDUCED_REDUNDANCY
content-disposition
attachment
x-amz-cf-pop
EWR53-C2
accept-ranges
bytes
content-length
2123
x-amz-cf-id
8ZkabU2yRZePue_41QmKHy0OaIVmrCCloMv4Hb6KMIZYK7Uo6xIH_A==
4hu6ag73ur2oea60zyde6p0sgquto0ut.jpg
d29xw9s9x32j3w.cloudfront.net/videos/video_thumb/SM/ Frame FCD2 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d29xw9s9x32j3w.cloudfront.net/videos/video_thumb/SM/4hu6ag73ur2oea60zyde6p0sgquto0ut.jpg
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.31.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-31-90.ewr53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
ca68d0f659b4b3b019145f9d7287ea640924cc519d216fe0eaad8f09a4f6fe91

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 11:05:52 GMT
via
1.1 80bad22a3308bca7ca55a6da6a46dad4.cloudfront.net (CloudFront)
last-modified
Tue, 28 Dec 2021 10:58:05 GMT
server
AmazonS3
age
10346
etag
"b205e5027850a70e467efdfbd244f544"
x-cache
Hit from cloudfront
content-type
image/jpeg
x-amz-storage-class
REDUCED_REDUNDANCY
content-disposition
attachment
x-amz-cf-pop
EWR53-C2
accept-ranges
bytes
content-length
2000
x-amz-cf-id
flNFADN1qw7S23JKjTIYhd51PDbEbAWGSeqxy_v49VmZJOCtdl814Q==
jyn0te2met7ssat98vwshv8k2znyx0t9.jpg
d29xw9s9x32j3w.cloudfront.net/videos/video_thumb/SM/ Frame FCD2 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d29xw9s9x32j3w.cloudfront.net/videos/video_thumb/SM/jyn0te2met7ssat98vwshv8k2znyx0t9.jpg
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.31.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-31-90.ewr53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
da5d36db785b7ac5b15b9628b766d1943637d54d86fbaa184da34fe8be8cbfe9

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 12:32:26 GMT
via
1.1 80bad22a3308bca7ca55a6da6a46dad4.cloudfront.net (CloudFront)
last-modified
Wed, 29 Dec 2021 12:18:06 GMT
server
AmazonS3
age
5152
etag
"2302542611e681079e1ceb7ae369d3f1"
x-cache
Hit from cloudfront
content-type
image/jpeg
x-amz-storage-class
REDUCED_REDUNDANCY
content-disposition
attachment
x-amz-cf-pop
EWR53-C2
accept-ranges
bytes
content-length
2249
x-amz-cf-id
G5Rv3lvpS5HoDipBuCQapB1H_b5pFCpAjCF5TsxCykVBpoC_OLihAQ==
78rr1x3rp37o7820voqapovriwoaop1b.jpg
d29xw9s9x32j3w.cloudfront.net/videos/video_thumb/SM/ Frame FCD2 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d29xw9s9x32j3w.cloudfront.net/videos/video_thumb/SM/78rr1x3rp37o7820voqapovriwoaop1b.jpg
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.31.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-31-90.ewr53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
43f4ee1062cc29fb4768c1806575cee96768b541f19a3c25da4b1afb82b30652

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 10:52:54 GMT
via
1.1 80bad22a3308bca7ca55a6da6a46dad4.cloudfront.net (CloudFront)
last-modified
Wed, 29 Dec 2021 13:18:04 GMT
server
AmazonS3
age
11124
etag
"67abf99da21d4517f8842c53665ef84f"
x-cache
Hit from cloudfront
content-type
image/jpeg
x-amz-storage-class
REDUCED_REDUNDANCY
content-disposition
attachment
x-amz-cf-pop
EWR53-C2
accept-ranges
bytes
content-length
2329
x-amz-cf-id
4nAgfIO2iFxEoP_ZHIIiaNw9VkPqZ_q9Rq59jYwWGk9rQGt9DD_mww==
jvrpgwg5elgt4ibni6rd9syh70862nbv.jpg
d29xw9s9x32j3w.cloudfront.net/videos/video_thumb/SM/ Frame FCD2 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d29xw9s9x32j3w.cloudfront.net/videos/video_thumb/SM/jvrpgwg5elgt4ibni6rd9syh70862nbv.jpg
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.31.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-31-90.ewr53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c7c6c1d68b523a4aba708c558bf9cd24ba411667679c0501a1cb93f87f8aa7cf

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 00:34:38 GMT
via
1.1 80bad22a3308bca7ca55a6da6a46dad4.cloudfront.net (CloudFront)
last-modified
Tue, 28 Dec 2021 23:06:26 GMT
server
AmazonS3
age
48220
etag
"2853ad372d6d8f200e1291d2abafe518"
x-cache
Hit from cloudfront
content-type
image/jpeg
x-amz-storage-class
REDUCED_REDUNDANCY
content-disposition
attachment
x-amz-cf-pop
EWR53-C2
accept-ranges
bytes
content-length
2374
x-amz-cf-id
g0S2SR6ungLl6TqydJ0an2oQDb-IgXK9m8REBSOlmaX7fMwwOiLUbQ==
ieub72882vd3kf4z7u2ky6auyc90p1pq.jpg
d29xw9s9x32j3w.cloudfront.net/videos/video_thumb/SM/ Frame FCD2 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d29xw9s9x32j3w.cloudfront.net/videos/video_thumb/SM/ieub72882vd3kf4z7u2ky6auyc90p1pq.jpg
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.31.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-31-90.ewr53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
f1a597483f2d07201294970e0aa8995fe101948b7ce04f0820ddd33fdd8214ac

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 00:34:38 GMT
via
1.1 80bad22a3308bca7ca55a6da6a46dad4.cloudfront.net (CloudFront)
last-modified
Tue, 28 Dec 2021 21:49:37 GMT
server
AmazonS3
age
48220
etag
"d189fb1f77e2197381f5e7e6accbd9b9"
x-cache
Hit from cloudfront
content-type
image/jpeg
x-amz-storage-class
REDUCED_REDUNDANCY
content-disposition
attachment
x-amz-cf-pop
EWR53-C2
accept-ranges
bytes
content-length
2204
x-amz-cf-id
5j5Z1EmQ6NssiObrDQYggNdRHUz0v-fyLlS1qroYhB3TwAkp-XskWQ==
feih9k60ta86sbjzy0wa64ggvhonhiot.jpg
d29xw9s9x32j3w.cloudfront.net/videos/video_thumb/SM/ Frame FCD2 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d29xw9s9x32j3w.cloudfront.net/videos/video_thumb/SM/feih9k60ta86sbjzy0wa64ggvhonhiot.jpg
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.31.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-31-90.ewr53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b943311192171927b56d493e53b0dde02aa63b94e101ddce7576f2c7c7b04d5f

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 00:34:38 GMT
via
1.1 80bad22a3308bca7ca55a6da6a46dad4.cloudfront.net (CloudFront)
last-modified
Tue, 28 Dec 2021 23:46:05 GMT
server
AmazonS3
age
48220
etag
"12347d82ea23a5b3070a05fcf1af69f8"
x-cache
Hit from cloudfront
content-type
image/jpeg
x-amz-storage-class
REDUCED_REDUNDANCY
content-disposition
attachment
x-amz-cf-pop
EWR53-C2
accept-ranges
bytes
content-length
2444
x-amz-cf-id
Uc9ty7baVBZS9ac1oygtNzrQdiYbqEs1eRDDfAEoFVFHX7VEAkiaPg==
7s5yv8vl3nrxusnz4vyd5nkiup2wgojw.jpg
d29xw9s9x32j3w.cloudfront.net/videos/video_thumb/SM/ Frame FCD2 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d29xw9s9x32j3w.cloudfront.net/videos/video_thumb/SM/7s5yv8vl3nrxusnz4vyd5nkiup2wgojw.jpg
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.31.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-31-90.ewr53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c1f9cd1b1f00846dd43cd13beea1a075fa441da36f1da7f38ec4777472692724

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 00:36:44 GMT
via
1.1 80bad22a3308bca7ca55a6da6a46dad4.cloudfront.net (CloudFront)
last-modified
Mon, 27 Dec 2021 00:06:03 GMT
server
AmazonS3
age
48094
etag
"eaa9b0791d7fb21fc4c6d21c4ca383c0"
x-cache
Hit from cloudfront
content-type
image/jpeg
x-amz-storage-class
REDUCED_REDUNDANCY
content-disposition
attachment
x-amz-cf-pop
EWR53-C2
accept-ranges
bytes
content-length
1390
x-amz-cf-id
LEQmsbqdAI2inkCq_POODgmrjLm24jGA1hezbpKejqvYNHlE3zRbNQ==
v0igrtk6xl85m2ry5zj7nl060df69fqk.jpg
d29xw9s9x32j3w.cloudfront.net/videos/video_thumb/SM/ Frame FCD2 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d29xw9s9x32j3w.cloudfront.net/videos/video_thumb/SM/v0igrtk6xl85m2ry5zj7nl060df69fqk.jpg
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.31.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-31-90.ewr53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
9eb383d02057906872cb675627a821f045566072476a0a28f5ca94185b58a704

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:24:40 GMT
via
1.1 80bad22a3308bca7ca55a6da6a46dad4.cloudfront.net (CloudFront)
last-modified
Mon, 27 Dec 2021 15:40:07 GMT
server
AmazonS3
age
2018
etag
"d40347f63f3861ff7d95d1f08c3f03fe"
x-cache
Hit from cloudfront
content-type
image/jpeg
x-amz-storage-class
REDUCED_REDUNDANCY
content-disposition
attachment
x-amz-cf-pop
EWR53-C2
accept-ranges
bytes
content-length
2064
x-amz-cf-id
VxtnZbBJQFN9FgU8e8KM3YUZgMuN_zh3uZV_iEzG6QcxlkANObuB0Q==
truncated
/ Frame FCD2 		4 KB
4 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
aef991b2e0b693a95d41986576dd3901ea7ac03b379501b1caba966058753308

Request headers

Referer
Origin
https://www.baltimoresun.com
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type
application/font-woff;charset=utf-8
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v27/ Frame FCD2 		44 KB
44 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v27/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:400,600
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:823::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
88915cdc03fc5b9a20aec966fe93ee38aa3fd76bfef296e41d305271b3541c96
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.baltimoresun.com
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Mon, 27 Dec 2021 22:58:42 GMT
x-content-type-options
nosniff
age
226775
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
44656
x-xss-protection
0
last-modified
Thu, 28 Oct 2021 00:30:43 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Tue, 27 Dec 2022 22:58:42 GMT
data_stn_l.php
timber.sendtonews.com/timber/ Frame FCD2 		0
253 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://timber.sendtonews.com/timber/data_stn_l.php?CMD=GET&ESG_key=N2Hxdj0R&ES_key=N2Hxdj0R&ES_ID=25799&S_RKEY=0&USR_ID=213384664&ST_usrKey=9O-d6nHSVOcDf6XQ&SM_ID=0&C_ID=4643&C_companyName=Tribune%20-%20Baltimore%20Sun&version=650210100&sC_ID=0&AC_ID=2008&TYPE=FLOAT&EXTREF=https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&REF=https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&PLAYERWIDTH=740&PLAYERCODE=LVFPLN&OGSET=1&REFONLY=0&STRIPQUERY=1
Requested by
Host: player.sendtonews.com
URL: https://player.sendtonews.com/player7/player/65.21.10/player.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
50.17.207.51 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-50-17-207-51.compute-1.amazonaws.com
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 30 Dec 2021 13:58:18 GMT
Server
Apache
Content-Type
text/html; charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
max-age=1
Connection
keep-alive
Content-Length
0
Expires
Thu, 30 Dec 2021 13:58:19 GMT
stn_trk.gif
s2l.sendtonews.com/ Frame FCD2 		26 B
186 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s2l.sendtonews.com/stn_trk.gif?session=9O-d6nHSVOcDf6XQ&instance=213384664&version=65.21.10&age=211230&cmd=GET&key=N2Hxdj0R&c_id=4643&seq=0&order=3&EXTREF=https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&REF=https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&playerCfg=FL&canonical=https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
100.25.5.11 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-100-25-5-11.compute-1.amazonaws.com
Software
Apache/2.4.41 (Ubuntu) /
Resource Hash
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:17 GMT
last-modified
Wed, 23 Dec 2020 21:38:39 GMT
server
Apache/2.4.41 (Ubuntu)
accept-ranges
bytes
etag
"1a-5b72883b37f80"
content-length
26
content-type
image/gif
data_stn_l.php
timber.sendtonews.com/timber/ Frame FCD2 		0
253 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://timber.sendtonews.com/timber/data_stn_l.php?CMD=RTP&ESG_key=N2Hxdj0R&ES_key=N2Hxdj0R&ES_ID=25799&S_RKEY=0&USR_ID=213384664&ST_usrKey=9O-d6nHSVOcDf6XQ&SM_ID=0&C_ID=4643&C_companyName=Tribune%20-%20Baltimore%20Sun&version=650210100&sC_ID=0&AC_ID=2008&TYPE=FLOAT&EXTREF=https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&REF=https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&PLAYERWIDTH=740&PLAYERCODE=LVFPLN&OGSET=1&REFONLY=0&STRIPQUERY=1
Requested by
Host: player.sendtonews.com
URL: https://player.sendtonews.com/player7/player/65.21.10/player.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
50.17.207.51 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-50-17-207-51.compute-1.amazonaws.com
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 30 Dec 2021 13:58:18 GMT
Server
Apache
Content-Type
text/html; charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
max-age=1
Connection
keep-alive
Content-Length
0
Expires
Thu, 30 Dec 2021 13:58:19 GMT
stn_trk.gif
s2l.sendtonews.com/ Frame FCD2 		26 B
186 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s2l.sendtonews.com/stn_trk.gif?session=9O-d6nHSVOcDf6XQ&instance=213384664&version=65.21.10&age=211230&cmd=RTP&key=N2Hxdj0R&c_id=4643&seq=0&order=4&EXTREF=https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&REF=https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&playerCfg=FL&status=LVFPLNIY&ac_id=2008
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
100.25.5.11 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-100-25-5-11.compute-1.amazonaws.com
Software
Apache/2.4.41 (Ubuntu) /
Resource Hash
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:17 GMT
last-modified
Wed, 23 Dec 2020 21:38:39 GMT
server
Apache/2.4.41 (Ubuntu)
accept-ranges
bytes
etag
"1a-5b72883b37f80"
content-length
26
content-type
image/gif
i
www.i.matheranalytics.com/ 		43 B
245 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.i.matheranalytics.com/i?e=pv&page=Whistleblower%20alleges%20Maryland%20health%20officials%20failed%20to%20alert%20hundreds%20of%20patients%20of%20potentially%20spoiled%20vaccines%20-%20Baltimore%20Sun&wrdcnt=1311&sec=coronavirus&prem=metered&paracnt=32&ptype=story&pnum=1&hier=coronavirus&chrcnt=8425&auth=Taylor%20DeVille%7CMeredith%20Cohn%7CHallie%20Miller&artupt=1640800493&arttype=stories&artsrc=baltimore-sun&artpubt=1640800492&artid=5SOF2RXTNVFPJI4LKS3PUMIQD4&tv=js-3.0.138&tna=Mather&aid=v1&p=web&tz=Etc%2FUnknown&tzoff=0&lang=en-US&cs=UTF-8&navt=link&f_pdf=1&res=1600x1200&cd=24&cookie=1&f_jquery=1&f_es6=1&f_gears=2&tvltm=15&tvcfg=all&tid=b084bfd0-8117-4c37-b6ad-a39e8c5faba1&pid=3fd2ad8b-b4be-4d78-a81e-5ea5351195e5&dtm=1640872698050&qnm=_matherq&visible=1&tabid=707c5c94-999a-48bd-931a-818a6d9dff4e&refr=https%3A%2F%2Ft.co%2F&url=https%3A%2F%2Fwww.baltimoresun.com%2Fcoronavirus%2Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&vrefr=https%3A%2F%2Ft.co%2F&vp=1600x1200&ds=1600x6451&tofa=1640872698&vid=1&lvidt=1640872698&duid=ee5e6c871b747ff8&fp=401617179&cid=ma89701&mrk=197837615&cx=eyJwZXJmIjp7InN0YXJ0IjoiMTY0MDg3MjY5NjQzOSIsInJlZGlyQ250IjoiMCIsIm5hdlR5cGUiOiJsaW5rIiwiaGVhcFUiOiIxNi4xbWIiLCJoZWFwVCI6IjE3LjFtYiIsImZzdFBhaW50IjoiMzY1IiwiZmV0Y2hTIjoiMCIsImRvbWFpblMiOiIyIiwiZG9tYWluRSI6IjQ3IiwiY29ublMiOiI0NyIsImNvbm5FIjoiOTciLCJzc2xTIjoiNTUiLCJyZXF1UyI6Ijk3IiwicmVzcFMiOiIxNjQiLCJyZXNwRSI6IjE4MiIsImRvbUxvYWQiOiIxNjciLCJkb21JbnRlciI6Ijk3NSIsImRvbUxvYWRTIjoiOTc3IiwiZG9tTG9hZEUiOiI5OTQifSwiaWRlbnRpdGllcyI6W3sidHlwZSI6ImdhIiwiaWQiOiIxODIwNzExNzk4IiwicmVmVGltZSI6IjE2NDA4NzI2OTgwNDkifV19
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.195.91.69 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-195-91-69.compute-1.amazonaws.com
Software
/
Resource Hash
d6fbd6d46b0a1be6a3cdc49f712f83d661805a42fc37993340e2cc4493819adc

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 30 Dec 2021 13:58:18 GMT
Connection
keep-alive
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
Content-Length
43
Content-Type
image/gif
integrator.js
adservice.google.com/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=www.baltimoresun.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:822::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 30 Dec 2021 13:58:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/ 		46 KB
18 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2285181733356244&correlator=1370395119214235&output=ldjh&impl=fifs&eid=31063899%2C31063706%2C44742768%2C31062930&vrg=2021120601&ptt=17&sc=1&sfv=1-0-38&ecs=20211230&iu_parts=4011%2Ctrb.baltimoresun%2Ccoronavirus&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x600%7C300x250&prev_scp=slot%3Dzeus_cc_1%26pos%3D3%26cnsd%3Dpts_darc_p3_uad%26zeus_rendercount%3D1%26zeus_slot%3Dzeus_cc_1.init.dsk%26amznbid%3D2%26amznp%3D2%26optimera%3DZ%2CA6%2CSA1%2CM3%2CL7%2CL1%2CJ1%2CA5%2CA4%2CSA5%2CB3%2CM4%2CL8%2CL2%2CJ2%2CB2%2CB1%2CTH2%2CB%26zeus_pubmatic%3D5%26zeus_auctionid_pubmatic%3D170e60d2-1510-4e19-894f-73c793cfafcd&eri=1&cust_params=zeus%3Dapplied%26zeus_4011%3Dwww.baltimoresun.com%26epvid%3D1640872696710_243452589%26euuid%3Dpre-cache-no-id-available%26ua%3Dd%26ss%3Dl%26ref%3Dexternal%26instart%3Dfalse%26adb%3Dfalse%26apfv%3Dfalse%26apv%3Dfalse%26refresh%3Dfalse%26ptype%3Ds%26site%3Dtrb.baltimoresun%26slug%3Dbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4%26cid%3D5SOF2RXTNVFPJI4LKS3PUMIQD4%26at%3DtaxonomyTags%26kw%3Dtruecare%252Cdepartment%252Cray%252Chealth%252Ccontract%252Ccomplaint%252CTrueCare%252Cvaccine%252Cemail%252Cstate%252Cagency%252Ccdc%252Cdose%252Creport%252Ctemperature%252Cjohnson%252CRay%252Cpeople%252Cvaccines%252Cshot%252Cseetoo%252Ccompany%252Cinterview%252Cinformation%252Cemployee%26tg%3DInsuranceIndustry%26design%3Darc%26nopulse%3Dtrue%26zeus_insights%3D5f6%252C4s8%252C0bm%252Cjn8%252Caw9%252Cihp%252Cc9h%252Cv3s%252Cpxc%252C5fo%252Ckh5%252Ccoa%252Clqq%252Cmd6%252Cuib%252Cbs0%26ccaud%3Dall%252C680726%252C514644%252C465543%252C473081%26lpid%3Dd1f7c93abf4490836d860b8505530287&cookie=ID%3D1ab9841e9d635743-223b358e7c7b008d%3AT%3D1640872697%3AS%3DALNI_MaYG9GFWo08EokDjjS6afy_67MtiA&bc=31&abxe=1&lmt=1640870919&dt=1640872698081&dlt=1640872696606&idt=659&frm=20&biw=1600&bih=1200&oid=2&adxs=1206&adys=1123&adks=3388994698&ucis=2&ifi=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.baltimoresun.com%2Fcoronavirus%2Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&ref=https%3A%2F%2Ft.co%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x250&msz=1x0&psts=AGkb-H9zTguM7fb99lODeVzy0acCcl5qXnasvjH-aRVDuWlmcYPTi4-NhzFqIFXgzvEALa-WJKzOyypmnu0umh8k3D8O2TTVvw&ga_vid=1820711798.1640872697&ga_sid=1640872697&ga_hid=2101761687&ga_fc=true&fws=0&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.72.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s32-in-f2.1e100.net
Software
cafe /
Resource Hash
fd53d74d5d4ae2ab7af4fa2cf6ce001aefe68f524059fec089e596992020fa89
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:18 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18361
x-xss-protection
0
google-lineitem-id
5854367445
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
138374773773
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.baltimoresun.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
securepubads.g.doubleclick.net/gampad/ 		132 KB
43 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2285181733356244&correlator=1370395119214235&output=ldjh&impl=fifs&eid=31063899%2C31063706%2C44742768%2C31062930&vrg=2021120601&ptt=17&sc=1&sfv=1-0-38&ecs=20211230&iu_parts=4011%2Ctrb.baltimoresun%2Ccoronavirus&enc_prev_ius=%2F0%2F1%2F2%2C%2F0%2F1%2F2&prev_iu_szs=300x250%2C300x250&prev_scp=slot%3Dzeus_c_1%26pos%3D1%26cnsd%3Dpts_darc_p1_uad%26zeus_rendercount%3D1%26zeus_slot%3Dzeus_c_1.init.dsk%26amznbid%3D2%26amznp%3D2%26optimera%3DZ%2CA6%2CSA1%2CM3%2CL7%2CL1%2CJ1%2CTH0%2CB%7Cslot%3Dzeus_c_2%26zeus_rendercount%3D1%26zeus_slot%3Dzeus_c_2.init.dsk%26amznbid%3D2%26amznp%3D2%26pos%3D2%26cnsd%3Dpts_darc_p2_uad%26optimera%3DZ%2CA6%2CSA1%2CM3%2CL7%2CL1%2CJ1%2CA5%2CTH0%2CB&eri=1&cust_params=zeus%3Dapplied%26zeus_4011%3Dwww.baltimoresun.com%26epvid%3D1640872696710_243452589%26euuid%3Dpre-cache-no-id-available%26ua%3Dd%26ss%3Dl%26ref%3Dexternal%26instart%3Dfalse%26adb%3Dfalse%26apfv%3Dfalse%26apv%3Dfalse%26refresh%3Dfalse%26ptype%3Ds%26site%3Dtrb.baltimoresun%26slug%3Dbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4%26cid%3D5SOF2RXTNVFPJI4LKS3PUMIQD4%26at%3DtaxonomyTags%26kw%3Dtruecare%252Cdepartment%252Cray%252Chealth%252Ccontract%252Ccomplaint%252CTrueCare%252Cvaccine%252Cemail%252Cstate%252Cagency%252Ccdc%252Cdose%252Creport%252Ctemperature%252Cjohnson%252CRay%252Cpeople%252Cvaccines%252Cshot%252Cseetoo%252Ccompany%252Cinterview%252Cinformation%252Cemployee%26tg%3DInsuranceIndustry%26design%3Darc%26nopulse%3Dtrue%26zeus_insights%3D5f6%252C4s8%252C0bm%252Cjn8%252Caw9%252Cihp%252Cc9h%252Cv3s%252Cpxc%252C5fo%252Ckh5%252Ccoa%252Clqq%252Cmd6%252Cuib%252Cbs0%26ccaud%3Dall%252C680726%252C514644%252C465543%252C473081%26lpid%3Dd1f7c93abf4490836d860b8505530287&cookie=ID%3D1ab9841e9d635743-223b358e7c7b008d%3AT%3D1640872697%3AS%3DALNI_MaYG9GFWo08EokDjjS6afy_67MtiA&bc=31&abxe=1&lmt=1640870919&dt=1640872698092&dlt=1640872696606&idt=659&frm=20&biw=1600&bih=1200&oid=2&adxs=1206%2C1206&adys=499%2C811&adks=970833480%2C970006290&ucis=3%7C4&ifi=3&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.baltimoresun.com%2Fcoronavirus%2Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&ref=https%3A%2F%2Ft.co%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x250%7C300x250&msz=1x0%7C1x0&psts=AGkb-H9zTguM7fb99lODeVzy0acCcl5qXnasvjH-aRVDuWlmcYPTi4-NhzFqIFXgzvEALa-WJKzOyypmnu0umh8k3D8O2TTVvw&ga_vid=1820711798.1640872697&ga_sid=1640872697&ga_hid=2101761687&ga_fc=true&fws=0%2C0&ohw=0%2C0&btvi=0%7C0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.72.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s32-in-f2.1e100.net
Software
cafe /
Resource Hash
cd356dcb0cec4362656f5b5d96df98dd13fcb3bcae87b2a7d8a4018761b1e88b
Security Headers
Name Value
Content-Security-Policy child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4341884288908283729/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4341884288908283729/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CLXavZLXi_UCFYzA4QodIisFAA&gqi=&layout=/sadbundle/%24csp%253Der3%24/4341884288908283729/index.html
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy
child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4341884288908283729/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4341884288908283729/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CLXavZLXi_UCFYzA4QodIisFAA&gqi=&layout=/sadbundle/%24csp%253Der3%24/4341884288908283729/index.html
content-encoding
br
x-content-type-options
nosniff
google-creative-id
-1,-1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
43977
x-xss-protection
0
google-lineitem-id
-1,-1
pragma
no-cache
server
cafe
date
Thu, 30 Dec 2021 13:58:18 GMT
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.baltimoresun.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
bridge3.493.0_en.html
imasdk.googleapis.com/js/core/ Frame 1BF5 		598 KB
194 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:809::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ef447194c4f88706e59e91d4dd03aa925cd6f5d30ae87b863c8fe282153c2fbc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-length
198942
date
Sat, 25 Dec 2021 06:58:54 GMT
expires
Sun, 25 Dec 2022 06:58:54 GMT
last-modified
Wed, 15 Dec 2021 20:12:41 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
457164
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
client.js
s0.2mdn.net/instream/video/ Frame FCD2 		44 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/instream/video/client.js
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:823::2006 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
16746
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 30 Dec 2021 13:58:18 GMT
led5or6qk6basanc4h88aotofqriy51h.jpg
d29xw9s9x32j3w.cloudfront.net/videos/video_thumb/XL/ Frame FCD2 		24 KB
25 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d29xw9s9x32j3w.cloudfront.net/videos/video_thumb/XL/led5or6qk6basanc4h88aotofqriy51h.jpg
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.31.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-31-90.ewr53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
8dff895e37b835b6c8b61a53d2eb55ff2203292771138535b40767c401935a44

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 29 Dec 2021 17:11:48 GMT
via
1.1 80bad22a3308bca7ca55a6da6a46dad4.cloudfront.net (CloudFront)
last-modified
Wed, 29 Dec 2021 17:09:46 GMT
server
AmazonS3
age
74791
etag
"0d07fd1265d3af3d97bef849aba8c4fb"
x-cache
Hit from cloudfront
content-type
image/jpeg
x-amz-storage-class
REDUCED_REDUNDANCY
content-disposition
attachment
x-amz-cf-pop
EWR53-C2
accept-ranges
bytes
content-length
24891
x-amz-cf-id
VRJBFNq4TmroPGO6XaLglNfGr0JMI67mRqCRSv5wcrlntWE_omn3Xw==
collect
www.google-analytics.com/j/ 		2 B
22 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j96&a=2101761687&t=pageview&_s=1&dl=https%3A%2F%2Fwww.baltimoresun.com%2Fcoronavirus%2Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&dr=https%3A%2F%2Ft.co%2F&ul=en-us&de=UTF-8&dt=Whistleblower%20alleges%20Maryland%20health%20officials%20failed%20to%20alert%20hundreds%20of%20patients%20of%20potentially%20spoiled%20vaccines%20-%20Baltimore%20Sun&sd=24&sr=1600x1200&vp=1600x1200&je=0&_u=6ChAAEADQAQCAC~&jid=1085314296&gjid=1304457110&cid=1820711798.1640872697&tid=UA-101870247-1&_gid=629856563.1640872698&_r=1&cd41=Portrait&cd44=%3E1224&cd140=false&cd142=(none)&cd1=baltimoresun&cd2=coronavirus&cd3=%2F4011%2Ftrb.baltimoresun%2Fcoronavirus&cd4=bs%3Acoronavirus%3Abs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4%3Astory.&cd5=arc&cd6=story&cd7=story&cd8=story&cd9=bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4&cd10=bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4&cd12=Whistleblower%20alleges%20Maryland%20health%20officials%20failed%20to%20alert%20hundreds%20of%20patients%20of%20potentially%20spoiled%20vaccines&cd13=Taylor%20DeVille%2CMeredith%20Cohn%2CHallie%20Miller&cd14=Taylor%20DeVille~Meredith%20Cohn~Hallie%20Miller&cd15=12-29-2021%2012%3A54&cd16=12-29-2021%2012%3A54&cd17=baltimore-sun&cd18=Baltimore%20Sun&cd19=5SOF2RXTNVFPJI4LKS3PUMIQD4&cd20=5SOF2RXTNVFPJI4LKS3PUMIQD4&cd21=(none)&cd22=(none)&cd29=(none)&cd30=8425&cd32=(none)&cd33=(none)&cd34=(none)&cd43=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F96.0.4664.93%20Safari%2F537.36&cd98=https%3A%2F%2Ft.co%2F&cd99=(none)&cd100=(none)&cd101=(none)&cd102=(none)&cd103=(none)&cd119=default&cd124=(none)&cd125=(none)&cd127=none&cd135=stories&cd31=1&cd97=0&cd95=(none)&cd96=signed-out&cd42=1200%20-%201299&cm81=1&cm5=3&z=1272831980
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81f::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.baltimoresun.com/
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:18 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.baltimoresun.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/ 		35 B
55 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/collect
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81f::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.baltimoresun.com/
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:18 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
https://www.baltimoresun.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT
config.json
c.go-mpulse.net/api/ Frame 595C 		780 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.go-mpulse.net/api/config.json?key=9QU6Z-7BNQ8-E9TNM-DEQNV-AB6DG&d=www.baltimoresun.com&t=5469576&v=1.720.0&if=&sl=0&si=3ca25014-2f87-4c5f-a936-a5161f85c4d8-r4xlh4&plugins=AK,ConfigOverride,Continuity,PageParams,IFrameDelay,AutoXHR,SPA,History,Angular,Backbone,Ember,RT,CrossDomain,BW,PaintTiming,NavigationTiming,ResourceTiming,Memory,CACHE_RELOAD,Errors,TPAnalytics,UserTiming,Akamai,Early,EventTiming,LOGN&acao=&ak.ai=514477
Requested by
Host: c.go-mpulse.net
URL: https://c.go-mpulse.net/boomerang/9E52W-759Q8-QRNWG-5DBLH-ZFZGZ
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2600:1400:d:29c::11a6 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
ec70d00afc372c7d6a4604a8484122c3080dd5b1db52e8cf4f160955c2e6d85d

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Thu, 30 Dec 2021 13:58:18 GMT
Cache-Control
private, max-age=300, stale-while-revalidate=60, stale-if-error=120
Connection
keep-alive
Timing-Allow-Origin
*
Content-Length
780
Content-Type
application/json
d867ac30-48d3-40ec-b689-d3d914b20852
https://www.baltimoresun.com/ Frame FCD2 		31 B
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://www.baltimoresun.com/d867ac30-48d3-40ec-b689-d3d914b20852
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
7725538fe2f71147bffeba7452b434c826aef9009666cb4360c605d0b2a91d1d

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Length
31
Content-Type
application/javascript
reddit.png
d29xw9s9x32j3w.cloudfront.net/images/social/ Frame FCD2 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d29xw9s9x32j3w.cloudfront.net/images/social/reddit.png
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.31.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-31-90.ewr53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
9861f51d1896f195c45f603bdc6b7f1455817966f5da945371c922a6f8797711

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 00:33:22 GMT
via
1.1 80bad22a3308bca7ca55a6da6a46dad4.cloudfront.net (CloudFront)
last-modified
Fri, 24 Apr 2020 20:07:21 GMT
server
AmazonS3
age
48297
etag
"cb93bb50e5d021cc38de445a672c18a2"
x-cache
Hit from cloudfront
content-type
image/png
x-amz-cf-pop
EWR53-C2
accept-ranges
bytes
content-length
1094
x-amz-cf-id
zudxUxlTvhUqZChM13FsEdeJ2DlRItM1x5u-UU46u_TGucqU06uwcg==
facebook.png
d29xw9s9x32j3w.cloudfront.net/images/social/ Frame FCD2 		322 B
639 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d29xw9s9x32j3w.cloudfront.net/images/social/facebook.png
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.31.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-31-90.ewr53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
0597ab745938c4a2cc0818fc2447beb211629e484fed0b4143bdd6fa5724be61

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 00:33:39 GMT
via
1.1 80bad22a3308bca7ca55a6da6a46dad4.cloudfront.net (CloudFront)
last-modified
Fri, 24 Apr 2020 20:07:21 GMT
server
AmazonS3
age
48280
etag
"311cf2edc46e82f2a6911332b7db54e1"
x-cache
Hit from cloudfront
content-type
image/png
x-amz-cf-pop
EWR53-C2
accept-ranges
bytes
content-length
322
x-amz-cf-id
JoY6FvMDJ8w2S8jPnrGEbykYdJSg8yYFZRt7XPmBLj_BGoVoxscayw==
twitter.png
d29xw9s9x32j3w.cloudfront.net/images/social/ Frame FCD2 		832 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d29xw9s9x32j3w.cloudfront.net/images/social/twitter.png
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.31.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-31-90.ewr53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
94a557b756089fc7dde1c857bb1a2f776dff6aeec3ceead5c2fa2304433b88ee

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 00:33:18 GMT
via
1.1 80bad22a3308bca7ca55a6da6a46dad4.cloudfront.net (CloudFront)
last-modified
Fri, 24 Apr 2020 20:07:21 GMT
server
AmazonS3
age
48301
etag
"8be584e844dabfe22970a0cb943c047e"
x-cache
Hit from cloudfront
content-type
image/png
x-amz-cf-pop
EWR53-C2
accept-ranges
bytes
content-length
832
x-amz-cf-id
JOPy5dJ5OYHgpRwEaSTse9gYTTnMOLBb1Ochk9zWksDWV3Kk7QZTuw==
email.png
d29xw9s9x32j3w.cloudfront.net/images/social/ Frame FCD2 		773 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d29xw9s9x32j3w.cloudfront.net/images/social/email.png
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.31.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-31-90.ewr53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
3b7f1a6aeceeb60c709478e55147a48f4031ac6617b3ab089210f1f1f59b7204

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 00:33:18 GMT
via
1.1 80bad22a3308bca7ca55a6da6a46dad4.cloudfront.net (CloudFront)
last-modified
Fri, 24 Apr 2020 20:07:21 GMT
server
AmazonS3
age
48301
etag
"4bd445ddc3f9d6101690e15cfc1a04f0"
x-cache
Hit from cloudfront
content-type
image/png
x-amz-cf-pop
EWR53-C2
accept-ranges
bytes
content-length
773
x-amz-cf-id
NqRcXjV_qO-KvHCs1co1KhBQ21gWIySyfarOKcyAD1LkSRXlkdYGHA==
teads-format.min.js
s8t.teads.tv/media/format/v3/ 		600 KB
132 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s8t.teads.tv/media/format/v3/teads-format.min.js
Requested by
Host: a.teads.tv
URL: https://a.teads.tv/page/105056/tag
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:d:188::26e5 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
12908fba830466a63d701246d2ab82c2728d680f333e7b32dd09eb8ad7b0a413

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:18 GMT
content-encoding
br
vary
Accept-Encoding
x-amz-request-id
S5M774X02VX6RY0M
content-length
134179
x-amz-id-2
TxN39USAdY8vu3wrxnGt+OtuH6PnrRMGWzT3YutIRUo8dh0swXZca2aA5ak3CS4qm0H0FKrw0E4=
last-modified
Thu, 16 Dec 2021 15:16:53 GMT
etag
"0f6efc47ad711e0c01b740309e970dbf"
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
text/javascript;charset=utf-8
access-control-allow-origin
*
cache-control
private, must-revalidate, max-age=1800, no-transform
access-control-allow-credentials
false
x-bucket
e
accept-ranges
bytes
access-control-allow-headers
*
expires
Thu, 30 Dec 2021 14:28:18 GMT
match
c1.adform.net/serving/cookie/ Frame 3EB4
Redirect Chain
  • https://c1.adform.net/serving/cookie/match?party=14&cid=9AEF885A-3E04-4A8E-9A29-6FFBCF07119E
  • https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=9AEF885A-3E04-4A8E-9A29-6FFBCF07119E
35 B
468 B 		Document
General
Check archive.org
Download Go to
Full URL
https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=9AEF885A-3E04-4A8E-9A29-6FFBCF07119E
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=159890&s=&predirect=&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.167.164.39 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-US,en;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
date
Thu, 30 Dec 2021 13:58:18 GMT
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate, no-transform
pragma
no-cache
expires
-1
access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods
GET
access-control-allow-origin
*
access-control-max-age
86400
strict-transport-security
max-age=31536000; includeSubDomains

Redirect headers

server
nginx
date
Thu, 30 Dec 2021 13:58:18 GMT
content-length
0
location
https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=9AEF885A-3E04-4A8E-9A29-6FFBCF07119E
cache-control
no-cache, no-store, must-revalidate, no-transform
pragma
no-cache
expires
-1
access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods
GET
access-control-allow-origin
*
access-control-max-age
86400
strict-transport-security
max-age=31536000; includeSubDomains
Pug
simage2.pubmatic.com/AdServer/ Frame A0A5
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%...
  • https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=Yc26_gABy-th-QAF&gdpr=0&gdpr_consent=&_test=Yc26_gABy-th-QAF
1 B
544 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=Yc26_gABy-th-QAF&gdpr=0&gdpr_consent=&_test=Yc26_gABy-th-QAF
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=159890&s=&predirect=&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.36.115.109 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-US,en;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
date
Thu, 30 Dec 2021 12:07:41 GMT
content-type
text/html; charset=utf-8
content-length
1
x-lat
njrpug024:0:569
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
no-store, no-cache, private

Redirect headers

server
Varnish
retry-after
0
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=Yc26_gABy-th-QAF&gdpr=0&gdpr_consent=&_test=Yc26_gABy-th-QAF
accept-ranges
bytes
date
Thu, 30 Dec 2021 13:58:18 GMT
via
1.1 varnish
x-served-by
cache-dca17777-DCA
x-cache
HIT
x-cache-hits
0
x-timer
S1640872698.397053,VS0,VE0
cache-control
no-cache
pragma
no-cache
content-length
0
adx
match.prod.bidr.io/cookie-sync/ Frame 54F5
Redirect Chain
  • https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=
  • https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=?_bee_ppp=1
  • https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFGUG9rN0RtM1lBQUVCaU5BRU02Zw&bee_sync_partners=pp%2Csyn%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&...
  • https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=pp%2Csyn%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1
43 B
430 B 		Document
General
Check archive.org
Download Go to
Full URL
https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=pp%2Csyn%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=159890&s=&predirect=&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.236.195.76 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-236-195-76.compute-1.amazonaws.com
Software
nginx /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-US,en;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

cache-control
no-cache, must-revalidate
content-type
image/gif
Date
Thu, 30 Dec 2021 13:58:18 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
p3p
CP="This is not a P3P policy! See https://beeswax.com/privacy for more info."
pragma
no-cache
Server
nginx
strict-transport-security
max-age=2592000; includeSubDomains
Content-Length
43
Connection
keep-alive

Redirect headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=pp%2Csyn%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1
date
Thu, 30 Dec 2021 13:58:18 GMT
pragma
no-cache
expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
server
HTTP server (unknown)
content-length
361
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 4E62
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=mu-IWj4ESo6aKW_7zwcRng%3D%3D
  • https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
14 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=159890&s=&predirect=&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&
Protocol
H2
Server
23.52.161.180 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-52-161-180.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:18 GMT
content-encoding
gzip
last-modified
Tue, 15 Jun 2021 06:08:03 GMT
server
Apache/2.2.15 (CentOS)
etag
"1300708-3945-5c4c7cc02bd56"
vary
Accept-Encoding
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
max-age=62365
accept-ranges
bytes
content-type
text/html; charset=UTF-8
content-length
5054
expires
Fri, 31 Dec 2021 07:17:43 GMT

Redirect headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:18 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
272
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
usermatch.gif
beacon.krxd.net/ Frame 4E62
Redirect Chain
  • https://idsync.rlcdn.com/420486.gif?partner_uid=9AEF885A-3E04-4A8E-9A29-6FFBCF07119E
  • https://idsync.rlcdn.com/1000.gif?memo=CIbVGRIwCiwIARCMowEaJDlBRUY4ODVBLTNFMDQtNEE4RS05QTI5LTZGRkJDRjA3MTE5RRAAGg0I-vW2jgYSBQjoBxAAQgBKAA
  • https://pippio.com/api/sync?pid=5324&it=1&iv=10f0cea427a19c859dee1b8caf9e1ba80b00bea03b126a5e0b55b610b7a84a77791426b5417dce21&_=2
  • https://cm.g.doubleclick.net/pixel?google_nid=pippio_dmp&google_cm&google_no_sc&m=CMwpElsKVwgBEJInGlAxMGYwY2VhNDI3YTE5Yzg1OWRlZTFiOGNhZjllMWJhODBiMDBiZWEwM2IxMjZhNWUwYjU1YjYxMGI3YTg0YTc3NzkxNDI2YjU...
  • https://pippio.com/api/sync/ddp?pid=2&m=CMwpElsKVwgBEJInGlAxMGYwY2VhNDI3YTE5Yzg1OWRlZTFiOGNhZjllMWJhODBiMDBiZWEwM2IxMjZhNWUwYjU1YjYxMGI3YTg0YTc3NzkxNDI2YjU0MTdkY2UyMRAAGgwI-_W2jgYSBAgCEABCAEoA&goog...
  • https://usermatch.krxd.net/um/v2?partner=liveramp_identity
  • https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=liveramp_identity
0
338 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=liveramp_identity
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=159890&s=&predirect=&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&
Protocol
H2
Server
107.20.198.59 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-107-20-198-59.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:20 GMT
cache-control
private, no-cache, no-store
x-request-time
D=158 t=1640872700
x-served-by
beacon-n037-ash-prod.krxd.net
p3p
policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location
https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=liveramp_identity
date
Thu, 30 Dec 2021 13:58:19 GMT
x-cache-hits
0
x-age
0
content-length
0
x-cache
MISS
x-served-by
usermatch-a002-ash-prod.krxd.net
SPug
image4.pubmatic.com/AdServer/ Frame 4E62
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D
  • https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=0fbd61cd-bafa-4b00-bc7c-02e51cbb1cdc
0
260 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=0fbd61cd-bafa-4b00-bc7c-02e51cbb1cdc
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=159890&s=&predirect=&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&
Protocol
H2
Server
104.36.115.114 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:17 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date
Thu, 30 Dec 2021 13:58:18 GMT
Server
MT3 4133 baa842e master ord-pixel-x58 config:1.0.0
Access-Control-Allow-Origin
*
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=0fbd61cd-bafa-4b00-bc7c-02e51cbb1cdc
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Thu, 30 Dec 2021 13:58:17 GMT
Pug
image2.pubmatic.com/AdServer/ Frame 4E62
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=OUFFRjg4NUEtM0UwNC00QThFLTlBMjktNkZGQkNGMDcxMTlF&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
42 B
111 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=159890&s=&predirect=&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&
Protocol
H2
Server
8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:18 GMT
cache-control
no-store, no-cache, private
x-lat
va1pug016:0:2629
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:18 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
Pug
image2.pubmatic.com/AdServer/ Frame 4E62
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEGOo8OJLKvneWC3c1z0FTvU&google_cver=1
42 B
592 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEGOo8OJLKvneWC3c1z0FTvU&google_cver=1
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=159890&s=&predirect=&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&
Protocol
H2
Server
8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:18 GMT
cache-control
no-store, no-cache, private
x-lat
va1pug017:0:519
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:18 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEGOo8OJLKvneWC3c1z0FTvU&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
379
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
Pug
image2.pubmatic.com/AdServer/ Frame 4E62
Redirect Chain
  • https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:7C30F16DB53846EBADAE183D17DE974E
42 B
226 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:7C30F16DB53846EBADAE183D17DE974E
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=159890&s=&predirect=&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&
Protocol
H2
Server
8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:18 GMT
cache-control
no-store, no-cache, private
x-lat
va1pug012:0:7907
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

date
Thu, 30 Dec 2021 13:58:18 GMT
x-content-type-options
nosniff
server
nginx
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:7C30F16DB53846EBADAE183D17DE974E
strict-transport-security
max-age=63072000; includeSubdomains; preload
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/html
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
138
expires
Wed, 29 Dec 2021 13:58:18 GMT
Pug
simage2.pubmatic.com/AdServer/ Frame 4E62
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=e0abe75f-a4ea-4fff-b6a5-5da8b250c6e4
42 B
468 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=e0abe75f-a4ea-4fff-b6a5-5da8b250c6e4
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=159890&s=&predirect=&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&
Protocol
H2
Server
104.36.115.109 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:18 GMT
cache-control
no-store, no-cache, private
x-lat
njrpug009:0:540
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:18 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=e0abe75f-a4ea-4fff-b6a5-5da8b250c6e4
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
313
Pug
simage2.pubmatic.com/AdServer/ Frame 4E62
Redirect Chain
  • https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=8053738013470830884&gdpr=0&gdpr_consent=&us_privacy=
0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=8053738013470830884&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=159890&s=&predirect=&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&
Protocol
H2
Server
104.36.115.109 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Redirect headers

location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=8053738013470830884&gdpr=0&gdpr_consent=&us_privacy=
pragma
no-cache
date
Thu, 30 Dec 2021 13:58:18 GMT
cache-control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length
0
p3p
policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Pug
simage2.pubmatic.com/AdServer/ Frame 4E62
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:486e61cd-bafa-4300-ae81-e0c2b6322ca6&gdpr=0&gdpr_consent=
42 B
337 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:486e61cd-bafa-4300-ae81-e0c2b6322ca6&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=159890&s=&predirect=&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&
Protocol
H2
Server
104.36.115.109 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:18 GMT
cache-control
no-store, no-cache, private
x-lat
njrpug002:0:526
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date
Thu, 30 Dec 2021 13:58:18 GMT
Server
MT3 4133 baa842e master ord-pixel-x27 config:1.0.0
Access-Control-Allow-Origin
*
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:486e61cd-bafa-4300-ae81-e0c2b6322ca6&gdpr=0&gdpr_consent=
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Thu, 30 Dec 2021 13:58:17 GMT
SPug
image4.pubmatic.com/AdServer/ Frame 4E62
Redirect Chain
  • https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=9AEF885A-3E04-4A8E-9A29-6FFBCF07119E&redir=true&gdpr=0&gdpr_consent=
  • https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=9AEF885A-3E04-4A8E-9A29-6FFBCF07119E&redir=true&gdpr=0&gdpr_consent=&verify=true
  • https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-dezVlIJE2uVdDtAD73OpOmNWkddaZCY-~A&gdpr=0&gdpr_consent=
0
128 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-dezVlIJE2uVdDtAD73OpOmNWkddaZCY-~A&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=159890&s=&predirect=&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&
Protocol
H2
Server
104.36.115.114 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:18 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-dezVlIJE2uVdDtAD73OpOmNWkddaZCY-~A&gdpr=0&gdpr_consent=
date
Thu, 30 Dec 2021 13:58:18 GMT
server
ATS/9.1.0.33
age
0
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
9AEF885A-3E04-4A8E-9A29-6FFBCF07119E
pr-bh.ybp.yahoo.com/sync/pubmatic/ Frame 4E62 		43 B
876 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pr-bh.ybp.yahoo.com/sync/pubmatic/9AEF885A-3E04-4A8E-9A29-6FFBCF07119E?gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=159890&s=&predirect=&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:4e9:5a05:cbbe:ce00:264f:b9b8 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:18 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
content-type
image/gif
x-xss-protection
1; mode=block
content-length
43
x-content-type-options
nosniff
view
securepubads.g.doubleclick.net/pcs/ Frame 8460 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsu1Z3M9RAURF8PBx6WBYli-NOl2a_-EckmEwZaXzge4kc8sRea0aTNEDdrrDweISqB9LlSQmy-NC_SQWE-rxFJpaTEjRkHP6WKBBHn_CP8HLlGYmh8OB2AnR5-uwS3xfph_2Lk_TwzI3D5_yXnqZcVO6B9VLUCDLg3JtY_Wy-bzJXFCcAANu26TJ9E_jYrajXuRbhn8sae0S6s0tY26-oFXVCzVVtXgVfSUFFhXTM7-Dv7qVG6-DEB-qzJisnmrBeV6N72Eh-7cOciBFchQcFQ8MpuUTp4amEkhrE7v2ecxx2Aw2gJ8cJ2B4mmLtSioKH2ISlmPbxLuFDKW_v8p9ds&sai=AMfl-YQdmVUtXbXDi2Nx_doaElRLrFeQt2HiZ3kVa4YWjKyq-PkVJbps2DutHfbvMtoCnywnWlzl77kVtnR00DB4VVKge6_X1ABsGuRojThapbRnjL8SklrTl14hwEkEyqE&sig=Cg0ArKJSzDIPP96c6rWyEAE&uach_m=[UACH]&urlfix=1&adurl=
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.72.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s32-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 30 Dec 2021 13:58:18 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
expires
Thu, 30 Dec 2021 13:58:18 GMT
omweb-v1.js
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 9813 		37 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 12:58:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
3563
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12861
x-xss-protection
0
last-modified
Tue, 26 Oct 2021 20:08:54 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="omsdk-team-release-policy"
vary
Accept-Encoding
report-to
{"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type
text/javascript
cache-control
public, max-age=3600
accept-ranges
bytes
expires
Thu, 30 Dec 2021 13:58:55 GMT
collect
stats.g.doubleclick.net/j/ 		7 B
449 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-101870247-1&cid=1820711798.1640872697&jid=1085314296&gjid=1304457110&_gid=629856563.1640872698&_u=6ChAAEACQAQCAC~&z=820114555
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4023:1404::9c Columbus, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
3c25b077a6d92cd9d3576660b68c4c0bd135b78b3cd3b66491ff2c7aa0eeaad3
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.baltimoresun.com/
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Thu, 30 Dec 2021 13:58:18 GMT
content-type
text/plain
access-control-allow-origin
https://www.baltimoresun.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7
expires
Fri, 01 Jan 1990 00:00:00 GMT
prebid
ib.adnxs.com/ut/v3/ 		17 KB
7 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: tribune-baltimoresunclassic.zeustechnology.com
URL: https://tribune-baltimoresunclassic.zeustechnology.com/main.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.160.114 New York, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
672.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
bdd7a5943bc66d3eacae8b7104d16f557de4dcfc7a981f2c5a4df825edb9e76a
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.baltimoresun.com/
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
content-type
text/plain;charset=UTF-8

Response headers

Date
Thu, 30 Dec 2021 13:58:18 GMT
Content-Encoding
gzip
Transfer-Encoding
chunked
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection
keep-alive
X-Proxy-Origin
45.250.25.110; 45.250.25.110; 672.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
X-XSS-Protection
0
Pragma
no-cache
AN-X-Request-Uuid
f8783986-e875-47ea-a5b3-a2e7dbaf2e98
Server
nginx/1.17.9
Vary
Accept-Encoding
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
https://www.baltimoresun.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Expires
Sat, 15 Nov 2008 16:00:00 GMT
translator
hbopenbid.pubmatic.com/ 		5 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=zeus_client
Requested by
Host: tribune-baltimoresunclassic.zeustechnology.com
URL: https://tribune-baltimoresunclassic.zeustechnology.com/main.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.36.115.98 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
4bce7b36ed85b24ae3b056cd1b83bbc9d82e0c915c14bab1f076e85a03374f93

Request headers

Referer
https://www.baltimoresun.com/
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
content-type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
https://www.baltimoresun.com
date
Thu, 30 Dec 2021 13:58:17 GMT
content-encoding
gzip
x-openrtb-version
2.3
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-type
application/json
fastlane.json
fastlane.rubiconproject.com/a/api/ 		258 B
719 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=7476&site_id=347134&tk_flint=custom&slots=1&size_id=2&alt_size_ids=55%2C57&zone_id=1838926&rp_floor=0.01
Requested by
Host: tribune-baltimoresunclassic.zeustechnology.com
URL: https://tribune-baltimoresunclassic.zeustechnology.com/main.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
2602:803:c002:200::32 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
724228d8c311c35307c0386a8a6ee6db86a8828a89f987689e796e0c3158cf20

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 30 Dec 2021 13:58:18 GMT
Server
nginx/1.16.0
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://www.baltimoresun.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
258
Expires
Wed, 17 Sep 1975 21:32:10 GMT
auction
tlx.3lift.com/header/ 		19 B
267 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tlx.3lift.com/header/auction?lib=zeus&v=1&referrer=www.baltimoresun.com&debug=false
Requested by
Host: tribune-baltimoresunclassic.zeustechnology.com
URL: https://tribune-baltimoresunclassic.zeustechnology.com/main.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.175.69.37 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-175-69-37.compute-1.amazonaws.com
Software
/
Resource Hash
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.baltimoresun.com/
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:18 GMT
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.baltimoresun.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
19
x-xss-protection
0
expires
Thu, 15 Oct 1992 20:10:00 GMT
hbjson
grid.bidswitch.net/ 		0
254 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://grid.bidswitch.net/hbjson?sp=trustx
Requested by
Host: tribune-baltimoresunclassic.zeustechnology.com
URL: https://tribune-baltimoresunclassic.zeustechnology.com/main.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.211.165.199 North Charleston, United States, ASN15169 (GOOGLE, US),
Reverse DNS
199.165.211.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.baltimoresun.com/
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.baltimoresun.com
Date
Thu, 30 Dec 2021 13:58:18 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
Server
nginx
Connection
keep-alive
bid
c.amazon-adsystem.com/e/dtb/ 		584 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/e/dtb/bid?src=3503&u=https%3A%2F%2Fwww.baltimoresun.com%2Fcoronavirus%2Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&pr=https%3A%2F%2Ft.co%2F&pid=6RqX7mJDnud4f&cb=2&ws=1600x1200&v=7.71.1&t=1000&slots=%5B%7B%22sd%22%3A%22zeus_mh_ldb_cbo_600%22%2C%22s%22%3A%5B%22970x250%22%2C%22970x90%22%2C%22728x90%22%5D%2C%22sn%22%3A%22%2F4011%2Ftrb.baltimoresun%2Fcoronavirus%22%7D%5D&cfgv=1&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.192.160.42 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-54-192-160-42.ewr53.r.cloudfront.net
Software
Server /
Resource Hash
afd023474f6847854b3c8c639ab202aeeb141e16694c0e9d6da502b051ba2fa9
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:18 GMT
via
1.1 b2406c07406aaa3fa3e9edc1125ffcf8.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
EWR53-C3
x-amz-rid
MBF2CDV8Y29CPVBDESR2
vary
Accept-Encoding,User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://www.baltimoresun.com
access-control-allow-credentials
true
permissions-policy
interest-cohort=()
strict-transport-security
max-age=47474747; includeSubDomains; preload
timing-allow-origin
*
content-length
584
x-amz-cf-id
YlwlrN6jX8xvKwo9R21oQ7-BKMiiXCOUvRZ29nUpL9N-sY2FOxoP2A==
t
ds.reson8.com/v1/ Frame FCD2 		18 B
426 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ds.reson8.com/v1/t
Requested by
Host: cdn.resonate.com
URL: https://cdn.resonate.com/analytics.js/v1/200302733/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.8.110 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
74df6a6e6baba23c158bc44b03c0e68cd743edffbf10942864e70e1414936b48
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Referer
https://www.baltimoresun.com/
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:18 GMT
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://www.baltimoresun.com
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
strict-transport-security
max-age=15552000
cf-ray
6c5bc83da92282c2-IAD
content-length
18
headerstats
as-sec.casalemedia.com/ Frame FCD2 		0
434 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://as-sec.casalemedia.com/headerstats?s=340102&u=https%3A%2F%2Fwww.baltimoresun.com%2Fcoronavirus%2Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&v=3
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/187621-164323601241456.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.52.162.21 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-52-162-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.baltimoresun.com/
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

Pragma
no-cache
Date
Thu, 30 Dec 2021 13:58:18 GMT
X-AK-INITIAL-GEO
CC:[US], RC:[VA], CN:[NA], CIP:[45.250.25.110], XFF:[]
Server
Apache
Access-Control-Allow-Origin
https://www.baltimoresun.com
X-CS-CLIENT-GEO
01
Cache-Control
max-age=0, no-cache, no-store
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
0
X-AK-CLIENT-GEO
01
Expires
Thu, 30 Dec 2021 13:58:18 GMT
OneSignalPageSDKES6.js
cdn.onesignal.com/sdks/ 		283 KB
68 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151512
Requested by
Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalSDK.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:e134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9e000e7805a03b275608d64f0ee40fc1140ea80bcb3daa6bc9a5406dd107f9d0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:18 GMT
content-encoding
br
cf-cache-status
HIT
server
cloudflare
age
3052
etag
W/"bade15bfdcba7ee19d22e61741b04b27"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=259200
cf-ray
6c5bc83d9c3957ae-IAD
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires
Sun, 02 Jan 2022 13:58:18 GMT
css2
fonts.googleapis.com/ 		2 KB
427 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Lato:wght@300;400;900&display=swap
Requested by
Host: client
URL: about:client
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81d::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
3be09b57f4ddbc74f8d4e72fea0807bf03ac934a74d71e841309558aefde7b0c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Thu, 30 Dec 2021 12:01:04 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Thu, 30 Dec 2021 13:58:18 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 30 Dec 2021 13:58:18 GMT
S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v20/ 		23 KB
23 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/lato/v20/S6uyw4BMUTPHjx4wXg.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Lato:wght@400;700;900&display=swap
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:823::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c3c0d3f472358aac78455515c4800771426770c22698e2486d39fdb5505634e1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.baltimoresun.com
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 29 Dec 2021 04:58:07 GMT
x-content-type-options
nosniff
age
118811
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
23484
x-xss-protection
0
last-modified
Tue, 10 Aug 2021 00:19:01 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 29 Dec 2022 04:58:07 GMT
S6u9w4BMUTPHh6UVSwiPGQ.woff2
fonts.gstatic.com/s/lato/v20/ 		22 KB
22 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/lato/v20/S6u9w4BMUTPHh6UVSwiPGQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Lato:wght@400;700;900&display=swap
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:823::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8d3ca80fa271e94b0c36cf3053b0f806b7a42bb3395b424c99dc0bd218f0ac20
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.baltimoresun.com
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Sun, 26 Dec 2021 00:38:10 GMT
x-content-type-options
nosniff
age
393608
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
22992
x-xss-protection
0
last-modified
Tue, 10 Aug 2021 00:18:57 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Mon, 26 Dec 2022 00:38:10 GMT
S6u9w4BMUTPHh50XSwiPGQ.woff2
fonts.gstatic.com/s/lato/v20/ 		22 KB
22 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/lato/v20/S6u9w4BMUTPHh50XSwiPGQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Lato:wght@400;700;900&display=swap
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:823::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7d4243c8e973ec0cfc707904891ae4e3efc03dbc8923acb9755f9a35c92269a6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.baltimoresun.com
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Sat, 25 Dec 2021 01:45:19 GMT
x-content-type-options
nosniff
age
475979
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
22572
x-xss-protection
0
last-modified
Tue, 10 Aug 2021 00:18:56 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Sun, 25 Dec 2022 01:45:19 GMT
SmarterHandler.ashx
tr2.smarterhq.io/app1/ 		297 B
418 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tr2.smarterhq.io/app1/SmarterHandler.ashx?r=1336186174&i=z0envlhhwy-1&cb=_smtr.postprocess&t=Whistleblower%20alleges%20Maryland%20health%20officials%20failed%20to%20alert%20hundreds%20of%20patients%20of%20potentially%20spoiled%20vaccines%20-%20B&cid=coronavirus&cn=baltimoresun&bv=2.7.17&utc=0&pt=3&href=https%3A%2F%2Fwww.baltimoresun.com%2Fcoronavirus%2Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&hostn=www.baltimoresun.com&pathn=%2Fcoronavirus%2Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&ref=https%3A%2F%2Ft.co%2F&modalc=637764694978401720^017e0ba2-5ff0-41bc-8fc3-69014979f115^017e0ba2-5ff0-43c6-add2-44e4ab491541^0^45.250.25.110
Requested by
Host: d1n00d49gkbray.cloudfront.net
URL: https://d1n00d49gkbray.cloudfront.net/js/baltimoresun.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.197.95.142 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-197-95-142.compute-1.amazonaws.com
Software
Kestrel /
Resource Hash
49384e3ae86358dc14b92e003f2b2da1bd50e6082057eff08176ae064afd234c

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:18 GMT
cache-control
no-store,no-cache
server
Kestrel
content-length
297
content-type
text/javascript
SmarterHandler.ashx
tr2.smarterhq.io/app1/ 		297 B
418 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tr2.smarterhq.io/app1/SmarterHandler.ashx?r=1995078575&i=z0envlhhwy-1&cb=_smtr.postprocess&t=Whistleblower%20alleges%20Maryland%20health%20officials%20failed%20to%20alert%20hundreds%20of%20patients%20of%20potentially%20spoiled%20vaccines%20-%20B&pid=70bd6d953f3fce924d083367ad89fd7c&bv=2.7.17&utc=0&pt=0&href=https%3A%2F%2Fwww.baltimoresun.com%2Fcoronavirus%2Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&hostn=www.baltimoresun.com&pathn=%2Fcoronavirus%2Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&ref=https%3A%2F%2Ft.co%2F&modalc=637764694978401720^017e0ba2-5ff0-41bc-8fc3-69014979f115^017e0ba2-5ff0-43c6-add2-44e4ab491541^0^45.250.25.110
Requested by
Host: d1n00d49gkbray.cloudfront.net
URL: https://d1n00d49gkbray.cloudfront.net/js/baltimoresun.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.197.95.142 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-197-95-142.compute-1.amazonaws.com
Software
Kestrel /
Resource Hash
1ccab59b5a632568cfd33c6e670e86e2494419fb365298b0baeef0cea9f227da

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:18 GMT
cache-control
no-store,no-cache
server
Kestrel
content-length
297
content-type
text/javascript
smtr1x1.gif
tr2.smarterhq.io/app1/ 		43 B
159 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tr2.smarterhq.io/app1/smtr1x1.gif?r=394685655&action=product_scrape&i=z0envlhhwy-1&modalc=637764694978401720%5E017e0ba2-5ff0-41bc-8fc3-69014979f115%5E017e0ba2-5ff0-43c6-add2-44e4ab491541%5E0%5E45.250.25.110&scraped_products=%5B%7B%22productId_scraped%22%3A%2270bd6d953f3fce924d083367ad89fd7c%22%2C%22percent_complete%22%3A0%2C%22article_slug%22%3A%22bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4%22%7D%5D&bv=2.7.17
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.197.95.142 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-197-95-142.compute-1.amazonaws.com
Software
Kestrel /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:18 GMT
cache-control
no-store,no-cache
server
Kestrel
content-length
43
content-type
image/gif
smtr1x1.gif
tr2.smarterhq.io/app1/ 		43 B
159 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tr2.smarterhq.io/app1/smtr1x1.gif?r=1015488299&action=campaign&i=z0envlhhwy-1&modalc=637764694978401720%5E017e0ba2-5ff0-41bc-8fc3-69014979f115%5E017e0ba2-5ff0-43c6-add2-44e4ab491541%5E0%5E45.250.25.110&pageId=0HMEAQJ7VDANN%3A00002693&ref=https%3A%2F%2Ft.co%2F&href=https%3A%2F%2Fwww.baltimoresun.com%2Fcoronavirus%2Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&bv=2.7.17
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.197.95.142 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-197-95-142.compute-1.amazonaws.com
Software
Kestrel /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:18 GMT
cache-control
no-store,no-cache
server
Kestrel
content-length
43
content-type
image/gif
ping
ping.chartbeat.net/ 		43 B
201 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ping.chartbeat.net/ping?h=baltimoresun.com&p=%2Fcoronavirus%2Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&u=DrDnugBQoAr_Cn-gBV&d=baltimoresun.com&g=45584&g0=coronavirus&g1=Taylor%20DeVille%2CMeredith%20Cohn%2CHallie%20Miller&n=1&f=00001&c=0&x=0&m=0&y=6739&o=1600&w=1200&j=45&R=1&W=0&I=0&E=0&e=0&r=https%3A%2F%2Ft.co%2F&b=2160&_s=%7B%22epvid%22%3A%221640872696710_243452589%22%7D&t=6qYwizA9_LQFkGfCgFPveDBKv_m&V=129&i=Whistleblower%20alleges%20Maryland%20health%20officials%20failed%20to%20alert%20hundreds%20of%20patients%20of%20potentially%20&tz=0&_acct=anon&sn=1&sv=D_Rt2suQWyEChDhUCrswbDBoXDVI&sr=https%3A%2F%2Ft.co%2F&sd=1&im=067b0ff3&_
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.207.202.199 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-207-202-199.compute-1.amazonaws.com
Software
/
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:18 GMT
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
content-length
43
expires
0
pr
s.amazon-adsystem.com/v3/ Frame 6CEC 		2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s.amazon-adsystem.com/v3/pr?exlist=n-index_pm-db5_ym_rbd_n-vmg_ox-db5_kg_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-index_pm-db5_ym_rbd_n-vmg_ox-db5_kg_an-db5_3lift&dcc=t
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
209.54.180.144 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
2b726738f3e7aded2bdbc9c57e27086583974f79f8da3e0ec4fea3889bb42468
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-US,en;q=0.9
Referer
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-index_pm-db5_ym_rbd_n-vmg_ox-db5_kg_an-db5_3lift&dcc=t

Response headers

Server
Server
Date
Thu, 30 Dec 2021 13:58:18 GMT
Content-Type
text/html;charset=ISO-8859-1
Content-Length
1970
Connection
keep-alive
x-amz-rid
RVQZAQQ19C7BEV73JYK7
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma
no-cache
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Permissions-Policy
interest-cohort=()
skeleton.gif
static.adsafeprotected.com/ 		43 B
483 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.adsafeprotected.com/skeleton.gif
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21dd:b400:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Fri, 09 Apr 2021 18:48:18 GMT
via
1.1 556ef92964692e27cf8626ac501230e4.cloudfront.net (CloudFront)
age
22878601
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
content-length
43
last-modified
Mon, 17 Aug 2020 23:55:15 GMT
server
AmazonS3
etag
"45cf913e5d9d3c9b2058033056d3dd23"
x-amz-version-id
iiN8XkcmZQdDIQeKkzAiegPwcD.5WPja
cache-control
max-age=315360000
x-amz-cf-pop
EWR53-C2
accept-ranges
bytes
content-type
image/gif
x-amz-cf-id
lvrGMvQJ5d8bKyzmX0J1qGW3px_4szrBIi-MYZJTQdINMaI1Jz4o9A==
swg-button.css
news.google.com/swg/js/v1/ 		21 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://news.google.com/swg/js/v1/swg-button.css
Requested by
Host: news.google.com
URL: https://news.google.com/swg/js/v1/swg.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:816::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
128921b242c2b1953c2a1691cfd681f716ecbe620ec1a2424a644b9487c23760
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:18:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
2368
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/news-frontend
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6439
x-xss-protection
0
last-modified
Wed, 03 Nov 2021 17:26:21 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="news-frontend"
vary
Accept-Encoding
report-to
{"group":"news-frontend","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/news-frontend"}]}
content-type
text/css
cache-control
public, max-age=3000
accept-ranges
bytes
expires
Thu, 30 Dec 2021 14:08:50 GMT
serviceiframe
news.google.com/swg/_/ui/v1/ Frame 122E 		23 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://news.google.com/swg/_/ui/v1/serviceiframe?_=455797
Requested by
Host: news.google.com
URL: https://news.google.com/swg/js/v1/swg.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:816::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
071e48f36d01127379244fb4189bbdd75bbe98190375981e8dc833e2cccea0c4
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-tpyV+WWD0/nqSuIBcGJ8NQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/SubscribewithgoogleClientUi/cspreport;worker-src 'self' script-src 'nonce-tpyV+WWD0/nqSuIBcGJ8NQ' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com;report-uri /_/SubscribewithgoogleClientUi/cspreport require-trusted-types-for 'script';report-uri /_/SubscribewithgoogleClientUi/cspreport
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/

Response headers

content-type
text/html; charset=utf-8
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-ua-compatible
IE=edge
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Thu, 30 Dec 2021 13:58:18 GMT
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
strict-transport-security
max-age=31536000
report-to
{"group":"SubscribewithgoogleClientUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/SubscribewithgoogleClientUi/external"}]}
cross-origin-resource-policy
same-site
content-security-policy
script-src 'report-sample' 'nonce-tpyV+WWD0/nqSuIBcGJ8NQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/SubscribewithgoogleClientUi/cspreport;worker-src 'self' script-src 'nonce-tpyV+WWD0/nqSuIBcGJ8NQ' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com;report-uri /_/SubscribewithgoogleClientUi/cspreport require-trusted-types-for 'script';report-uri /_/SubscribewithgoogleClientUi/cspreport
cross-origin-opener-policy-report-only
unsafe-none; report-to="SubscribewithgoogleClientUi"
content-encoding
gzip
server
ESF
x-xss-protection
0
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
loader.svg
news.google.com/swg/js/v1/ 		0
1 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://news.google.com/swg/js/v1/loader.svg
Requested by
Host: news.google.com
URL: https://news.google.com/swg/js/v1/swg.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:816::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:21:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
2214
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/news-frontend
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1049
x-xss-protection
0
last-modified
Mon, 16 Mar 2020 18:14:05 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="news-frontend"
vary
Accept-Encoding
report-to
{"group":"news-frontend","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/news-frontend"}]}
content-type
image/svg+xml
cache-control
public, max-age=3000
accept-ranges
bytes
expires
Thu, 30 Dec 2021 14:11:24 GMT
anchor
www.google.com/recaptcha/api2/ Frame C82C 		39 KB
20 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Le9ZMIUAAAAAI5fS3P2dp4pUibhIqYeRd01EJ_Q&co=aHR0cHM6Ly93d3cuYmFsdGltb3Jlc3VuLmNvbTo0NDM.&hl=en&v=VZKEDW9wslPbEc9RmzMqaOAP&size=invisible&cb=kflfkc3f1ggu
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/VZKEDW9wslPbEc9RmzMqaOAP/recaptcha__en.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:807::2004 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
aa23c6001a6930d81375f66e1095571652c7cfbf1607e5813078b40a032a392e
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-8qYFqaTQIvV4RaJ2APx/Ig' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/

Response headers

cross-origin-resource-policy
cross-origin
cross-origin-embedder-policy
require-corp
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Thu, 30 Dec 2021 13:58:18 GMT
content-security-policy
script-src 'report-sample' 'nonce-8qYFqaTQIvV4RaJ2APx/Ig' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
20223
server
GSE
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
view
securepubads.g.doubleclick.net/pcs/ Frame 4D8C 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuiybz8fh9kgIMk7Qk9m3dySpeuC1rsRAGviiJL6K5FOJJBAchdxaEAIgPleWmzNfujkQTXNCwJyb6HPKkYoKRmxSNET_7iZ6ZBAzewFEo23MPBPq3ASquPxo2ww2sleo1S2fU6y1WiSjCgpjSyT0uynwviZKiDNXUj95kpI2qNnKZtAfJY6X8OyGV3MxE3ox3H10cnSfaEYRef-_1lKYc5SbK_OA_aNVji70cFaGjdbHqXsRgKrGxL6m7uif1m5oIMe1vyWjlM6UyMGsQ8XwS2mFtY-W3aETr8CT59vUwQwEOJdkp77iliOE1xXR5b4En3PabLkDLRlyJ2&sig=Cg0ArKJSzPGvhMhDuD8bEAE&uach_m=[UACH]&adurl=
Requested by
Host: t.co
URL: https://t.co/sWUTVYxdMM
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.72.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s32-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 30 Dec 2021 13:58:18 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
abg_lite_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/ Frame 4D8C 		19 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/abg_lite_fy2019.js
Requested by
Host: t.co
URL: https://t.co/sWUTVYxdMM
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:809::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d9955b485ec10339d863941175c02572657bf9d4f6c5fa2e5603e7d803c1b8cf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:55:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
186
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7876
x-xss-protection
0
server
cafe
etag
5333878705136318229
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 13 Jan 2022 13:55:12 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 4D8C 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js
Requested by
Host: t.co
URL: https://t.co/sWUTVYxdMM
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:809::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:54:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
233
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1332
x-xss-protection
0
server
cafe
etag
3351516697335751560
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 13 Jan 2022 13:54:25 GMT
l
www.google.com/ads/measurement/ Frame 4D8C 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaTpVVWdo0wxVCCMOmgamCnInjhBRrJEdFL_D3M0p-eVEP68PaBeBbCgbIAQA-1j4S9dBxc0tfJCaxpnZZRgWwUcn7aCOA
Requested by
Host: t.co
URL: https://t.co/sWUTVYxdMM
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:807::2004 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 4D8C 		119 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: t.co
URL: https://t.co/sWUTVYxdMM
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:816::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37305
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1638461285297402"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Thu, 30 Dec 2021 13:58:18 GMT
16338030621118192026
tpc.googlesyndication.com/simgad/ Frame 4D8C 		18 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/16338030621118192026
Requested by
Host: t.co
URL: https://t.co/sWUTVYxdMM
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:809::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a1d8f1be2db6c31542850ac366d8f6791ec8037b0721340e4841500e2f12258a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Sun, 26 Dec 2021 07:18:59 GMT
x-content-type-options
nosniff
age
369559
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18380
x-xss-protection
0
last-modified
Fri, 10 Dec 2021 16:10:58 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/gif
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Mon, 26 Dec 2022 07:18:59 GMT
collect
www.google-analytics.com/ 		35 B
55 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/collect
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81f::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.baltimoresun.com/
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:18 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
https://www.baltimoresun.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.com/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-101870247-1&cid=1820711798.1640872697&jid=1085314296&_u=6ChAAEACQAQCAC~&z=1214486378
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:807::2004 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:18 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.co.uk/ads/ 		42 B
501 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.co.uk/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-101870247-1&cid=1820711798.1640872697&jid=1085314296&_u=6ChAAEACQAQCAC~&z=1214486378
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:807::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:18 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/ 		35 B
55 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/collect
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81f::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.baltimoresun.com/
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:18 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
https://www.baltimoresun.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT
entitlements
news.google.com/swg/_/api/v1/publication/baltimoresun.com/ 		2 B
55 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://news.google.com/swg/_/api/v1/publication/baltimoresun.com/entitlements
Requested by
Host: news.google.com
URL: https://news.google.com/swg/js/v1/swg.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:816::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/SubscribewithgoogleClientHttp/cspreport
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
text/plain, application/json
Referer
https://www.baltimoresun.com/
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-disposition
attachment; filename="json.txt"; filename*=UTF-8''json.txt
strict-transport-security
max-age=31536000
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
pragma
no-cache
server
ESF
cross-origin-opener-policy
same-origin; report-to="SubscribewithgoogleClientHttp"
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET, POST
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.baltimoresun.com
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
content-security-policy
require-trusted-types-for 'script';report-uri /_/SubscribewithgoogleClientHttp/cspreport
expires
Mon, 01 Jan 1990 00:00:00 GMT
%7B%22_type%22%3A%22libLatency%22%2C%22pid%22%3A%226RqX7mJDnud4f%22%2C%22ns%22%3A1640872696439%2C%22fs%22%3A190%2C%22re%22%3A267%2C%22c%22%3A0%2C%22tcc%22%3A77%2C%22_tl%22%3A%22aps-tag%22%2C%22src%...
aax.amazon-adsystem.com/x/px/p/PH/ 		43 B
457 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aax.amazon-adsystem.com/x/px/p/PH/%7B%22_type%22%3A%22libLatency%22%2C%22pid%22%3A%226RqX7mJDnud4f%22%2C%22ns%22%3A1640872696439%2C%22fs%22%3A190%2C%22re%22%3A267%2C%22c%22%3A0%2C%22tcc%22%3A77%2C%22_tl%22%3A%22aps-tag%22%2C%22src%22%3A%223503%22%2C%22lv%22%3A%227.71.1%22%7D
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
209.54.177.91 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 30 Dec 2021 13:58:19 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
4R0MW5F0H2B8SFBXEMK7
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Content-Type
image/gif
Cache-Control
no-cache
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
43
cspreport
news.google.com/_/SubscribewithgoogleClientUi/ Frame 122E 		0
24 B 		Other
General
Check archive.org
Download Go to
Full URL
https://news.google.com/_/SubscribewithgoogleClientUi/cspreport
Requested by
Host: t.co
URL: https://t.co/sWUTVYxdMM
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:816::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/SubscribewithgoogleClientUi/cspreport, script-src 'report-sample' 'nonce-vmjVE0Ohc5MY2pSy5fYOww' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/SubscribewithgoogleClientUi/cspreport;worker-src 'self', script-src 'nonce-vmjVE0Ohc5MY2pSy5fYOww' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com;report-uri /_/SubscribewithgoogleClientUi/cspreport
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://news.google.com/swg/_/ui/v1/serviceiframe?_=455797
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Thu, 30 Dec 2021 13:58:18 GMT
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
pragma
no-cache
server
ESF
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
report-to
{"group":"SubscribewithgoogleClientUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/SubscribewithgoogleClientUi/external"}]}
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-security-policy
require-trusted-types-for 'script';report-uri /_/SubscribewithgoogleClientUi/cspreport, script-src 'report-sample' 'nonce-vmjVE0Ohc5MY2pSy5fYOww' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/SubscribewithgoogleClientUi/cspreport;worker-src 'self', script-src 'nonce-vmjVE0Ohc5MY2pSy5fYOww' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com;report-uri /_/SubscribewithgoogleClientUi/cspreport
cross-origin-opener-policy-report-only
same-origin-allow-popups; report-to="SubscribewithgoogleClientUi"
expires
Mon, 01 Jan 1990 00:00:00 GMT
track
t.teads.tv/ 		23 B
113 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.teads.tv/track?action=placementCall&env=js-web&auctid=d4c6819b-e601-463e-b6e4-1924337b4e0b&pageId=105056&pid=113713&debug_metadata=K9f99gjVKH&fv=931&ts=1640872699366&f=1&referer=https%3A%2F%2Fwww.baltimoresun.com%2Fcoronavirus%2Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.52.164.7 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-52-164-7.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:19 GMT
cache-control
private, max-age=3666
content-length
23
content-type
image/gif
track
t.teads.tv/ 		23 B
143 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.teads.tv/track?action=slotAvailable&env=js-web&auctid=d4c6819b-e601-463e-b6e4-1924337b4e0b&pageId=105056&pid=113713&slot=native&fv=931&ts=1640872699374&f=1&referer=https%3A%2F%2Fwww.baltimoresun.com%2Fcoronavirus%2Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.52.164.7 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-52-164-7.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:19 GMT
cache-control
max-age=0, no-cache, no-store
expires
Sat, 26 Jul 1997 05:00:00 GMT
content-length
23
content-type
image/gif
track
t.teads.tv/ 		23 B
113 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.teads.tv/track?action=placementCall&env=js-web&auctid=d3e6f734-a253-4cec-9c45-292fc9023c79&pageId=105056&pid=113714&debug_metadata=jyJMedjnvd&fv=931&ts=1640872699380&f=1&referer=https%3A%2F%2Fwww.baltimoresun.com%2Fcoronavirus%2Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.52.164.7 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-52-164-7.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:19 GMT
cache-control
private, max-age=3666
content-length
23
content-type
image/gif
track
t.teads.tv/ 		23 B
143 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.teads.tv/track?action=slotAvailable&env=js-web&auctid=d3e6f734-a253-4cec-9c45-292fc9023c79&pageId=105056&pid=113714&slot=multislot&fv=931&ts=1640872699383&f=1&referer=https%3A%2F%2Fwww.baltimoresun.com%2Fcoronavirus%2Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.52.164.7 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-52-164-7.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:19 GMT
cache-control
max-age=0, no-cache, no-store
expires
Sat, 26 Jul 1997 05:00:00 GMT
content-length
23
content-type
image/gif
ad
a.teads.tv/page/105056/ 		540 B
709 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://a.teads.tv/page/105056/ad?windowWidth=1600&windowHeight=1200&windowDepth=1&pageReferrerUrl=https%3A%2F%2Ft.co&windowReferrerUrl=https%3A%2F%2Fwww.baltimoresun.com%2Fcoronavirus%2Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&page=%7B%22id%22%3A105056%2C%22placements%22%3A%5B%7B%22id%22%3A113713%2C%22validity%22%3A%7B%22status%22%3Atrue%2C%22reasons%22%3A%5B%5D%7D%2C%22player%22%3A%7B%22width%22%3A788%2C%22height%22%3A443%7D%2C%22slotType%22%3A%22native%22%7D%5D%2C%22gdpr_iab%22%3A%7B%22reason%22%3A220%2C%22status%22%3A22%2C%22consent%22%3A%22%22%2C%22apiVersion%22%3Anull%2C%22cmpId%22%3Anull%7D%2C%22segments%22%3A%7B%22permutive%22%3Anull%7D%2C%22first_party_data%22%3A%7B%22firstPartyCookieTeadsId%22%3Anull%2C%22sharedIds%22%3Anull%7D%7D&auctid=d4c6819b-e601-463e-b6e4-1924337b4e0b&formatVersion=931&env=js-web&netBw=10&ttfb=67
Requested by
Host: s8t.teads.tv
URL: https://s8t.teads.tv/media/format/v3/teads-format.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.41.169.52 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-41-169-52.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
202c65dbcb8456a7d52ae9d52909a15eb60894c08a15aef615f4e0955e090688

Request headers

Accept
application/json; charset=UTF-8
Referer
https://www.baltimoresun.com/
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:19 GMT
content-encoding
gzip
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://www.baltimoresun.com
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
383
expires
Thu, 30 Dec 2021 13:58:19 GMT
ad
a.teads.tv/page/105056/ 		540 B
704 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://a.teads.tv/page/105056/ad?windowWidth=1600&windowHeight=1200&windowDepth=1&pageReferrerUrl=https%3A%2F%2Ft.co&windowReferrerUrl=https%3A%2F%2Fwww.baltimoresun.com%2Fcoronavirus%2Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&page=%7B%22id%22%3A105056%2C%22placements%22%3A%5B%7B%22id%22%3A113714%2C%22validity%22%3A%7B%22status%22%3Atrue%2C%22reasons%22%3A%5B%5D%7D%2C%22player%22%3A%7B%22width%22%3A788%2C%22height%22%3A443%7D%2C%22slotType%22%3A%22multislot%22%7D%5D%2C%22gdpr_iab%22%3A%7B%22reason%22%3A220%2C%22status%22%3A22%2C%22consent%22%3A%22%22%2C%22apiVersion%22%3Anull%2C%22cmpId%22%3Anull%7D%2C%22segments%22%3A%7B%22permutive%22%3Anull%7D%2C%22first_party_data%22%3A%7B%22firstPartyCookieTeadsId%22%3Anull%2C%22sharedIds%22%3Anull%7D%7D&auctid=d3e6f734-a253-4cec-9c45-292fc9023c79&formatVersion=931&env=js-web&netBw=10&ttfb=67
Requested by
Host: s8t.teads.tv
URL: https://s8t.teads.tv/media/format/v3/teads-format.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.41.169.52 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-41-169-52.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
5b076b70e052b397f288229ec95ddae8407bff08f318c1c9d5f0a5f7e2a374cd

Request headers

Accept
application/json; charset=UTF-8
Referer
https://www.baltimoresun.com/
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:19 GMT
content-encoding
gzip
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://www.baltimoresun.com
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
378
expires
Thu, 30 Dec 2021 13:58:19 GMT
container.html
76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 2A41 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by
Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gptprebidnative/202112021159/wrap.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:821::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin
*
content-length
3108
date
Thu, 30 Dec 2021 13:58:17 GMT
expires
Fri, 30 Dec 2022 13:58:17 GMT
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, immutable, max-age=31536000
age
2
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
container.html
76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame E013 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by
Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gptprebidnative/202112021159/wrap.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:821::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin
*
content-length
3108
date
Thu, 30 Dec 2021 13:58:17 GMT
expires
Fri, 30 Dec 2022 13:58:17 GMT
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, immutable, max-age=31536000
age
2
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
truncated
/ Frame 4D8C 		212 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b23c6752d70d3d6014dc03ae00aedd0a546aa8f2ac3de923a3b88161a71124cd

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type
image/png
swg-button.css
news.google.com/swg/js/v1/ Frame 122E 		21 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://news.google.com/swg/js/v1/swg-button.css
Requested by
Host: news.google.com
URL: https://news.google.com/swg/_/ui/v1/serviceiframe?_=455797
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:816::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
128921b242c2b1953c2a1691cfd681f716ecbe620ec1a2424a644b9487c23760
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://news.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:18:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
2369
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/news-frontend
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6439
x-xss-protection
0
last-modified
Wed, 03 Nov 2021 17:26:21 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="news-frontend"
vary
Accept-Encoding
report-to
{"group":"news-frontend","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/news-frontend"}]}
content-type
text/css
cache-control
public, max-age=3000
accept-ranges
bytes
expires
Thu, 30 Dec 2021 14:08:50 GMT
m=_b,_tp
www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.en_US.b7T37FN4NJs.es5.O/am=AgAI/d=1/excm=_b,_tp,serviceiframeview/ed=1/dg=0/wt=2/esmo=1/rs=A... Frame 122E 		160 KB
56 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.en_US.b7T37FN4NJs.es5.O/am=AgAI/d=1/excm=_b,_tp,serviceiframeview/ed=1/dg=0/wt=2/esmo=1/rs=ABXTjI4rHbVn0l3HM6LNXxMt1G9MeF6B_w/m=_b,_tp
Requested by
Host: news.google.com
URL: https://news.google.com/swg/_/ui/v1/serviceiframe?_=455797
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:822::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4a1e0bd521509e9519ea02e47696488cd510c861cf33ed797227b18837c570b5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://news.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 19:04:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
586429
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/subscribewithgoogle-boq-js-css-signers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
57468
x-xss-protection
0
last-modified
Thu, 23 Dec 2021 01:49:13 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"boq-infra/subscribewithgoogle-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/subscribewithgoogle-boq-js-css-signers"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="boq-infra/subscribewithgoogle-boq-js-css-signers"
expires
Fri, 23 Dec 2022 19:04:30 GMT
v2nlffqHz_LhF7ftBU4zqSNp25w13IHxFmpoDpyFi9F7VGdtFOSIUO-YtZ0zERFDVcmVR9BS9l8eioAY83g
smoggysnakes.com/ 		201 B
599 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://smoggysnakes.com/v2nlffqHz_LhF7ftBU4zqSNp25w13IHxFmpoDpyFi9F7VGdtFOSIUO-YtZ0zERFDVcmVR9BS9l8eioAY83g
Requested by
Host: smoggysnakes.com
URL: https://smoggysnakes.com/v2eemfb2--CI0VJ9xjYIcqOygppWEnXGap23S5PLx7ZNB4Lciz3BUGqe_grs5AINH
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.201.103.212 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
212.103.201.35.bc.googleusercontent.com
Software
/
Resource Hash
fa8123b1150b7d62c2299ab431333d888d2af898b6e796d8bf7f3fbfb02b00dd
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; preload

Request headers

Referer
https://www.baltimoresun.com/
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

strict-transport-security
max-age=15724800; preload
x-datacenter
gce-us-east1
date
Thu, 30 Dec 2021 13:58:19 GMT
vary
Accept-Encoding, Origin
access-control-allow-methods
POST, OPTIONS
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.baltimoresun.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-hostname
c2e225f0
timing-allow-origin
*
access-control-allow-headers
DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie
content-length
201
expires
Thu, 30 Dec 2021 13:58:18 GMT
integrator.js
adservice.google.com/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=www.baltimoresun.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:822::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 30 Dec 2021 13:58:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/ 		57 KB
12 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2285181733356244&correlator=1370395119214235&output=ldjh&impl=fifs&eid=31063899%2C31063706%2C44742768%2C31062930&vrg=2021120601&ptt=17&sc=1&sfv=1-0-38&ecs=20211230&iu_parts=4011%2Ctrb.baltimoresun%2Ccoronavirus&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=320x50%7C970x250%7C970x90%7C728x90&fluid=height&prev_scp=slot%3Dzeus_mh_ldb_cbo_1%26pos%3D1%26cnsd%3Dpts_darc_p1_uad%26optimera%3DZ%2CI3%2CC0%2CD4%2CSA1%2CM6%2CM0%2CL4%2CJ5%2CE1%2CM7%2CM1%2CL5%2CJ6%2CTH6%2CJ0%2CE8%2CB%26zeus_rendercount%3D1%26zeus_slot%3Dzeus_mh_ldb_cbo_1.init.dsk%26amznbid%3Dx00we8%26amznp%3D1npfthc%26amzniid%3DIjFFN1A-y7A6PldBjSN8cEgAAAF-C6JjHwEAAA2vAXVkttc%26amznsz%3D970x250%26zeus_appnexus%3D43%26zeus_auctionid_appnexus%3D8290890748638077984%26zeus_pubmatic%3D34%26zeus_auctionid_pubmatic%3De64e15b3-7c52-4ff6-b149-b0e429b424f8&eri=1&cust_params=zeus%3Dapplied%26zeus_4011%3Dwww.baltimoresun.com%26epvid%3D1640872696710_243452589%26euuid%3Dpre-cache-no-id-available%26ua%3Dd%26ss%3Dl%26ref%3Dexternal%26instart%3Dfalse%26adb%3Dfalse%26apfv%3Dfalse%26apv%3Dfalse%26refresh%3Dfalse%26ptype%3Ds%26site%3Dtrb.baltimoresun%26slug%3Dbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4%26cid%3D5SOF2RXTNVFPJI4LKS3PUMIQD4%26at%3DtaxonomyTags%26kw%3Dtruecare%252Cdepartment%252Cray%252Chealth%252Ccontract%252Ccomplaint%252CTrueCare%252Cvaccine%252Cemail%252Cstate%252Cagency%252Ccdc%252Cdose%252Creport%252Ctemperature%252Cjohnson%252CRay%252Cpeople%252Cvaccines%252Cshot%252Cseetoo%252Ccompany%252Cinterview%252Cinformation%252Cemployee%26tg%3DInsuranceIndustry%26design%3Darc%26nopulse%3Dtrue%26zeus_insights%3D5f6%252C4s8%252C0bm%252Cjn8%252Caw9%252Cihp%252Cc9h%252Cv3s%252Cpxc%252C5fo%252Ckh5%252Ccoa%252Clqq%252Cmd6%252Cuib%252Cbs0%26ccaud%3Dall%252C680726%252C514644%252C465543%252C473081%26lpid%3Dd1f7c93abf4490836d860b8505530287&cookie=ID%3D1ab9841e9d635743%3AT%3D1640872697%3AS%3DALNI_Ma-Qe6UXEsGDRe5-rBnPwntAlRaoQ&bc=31&abxe=1&lmt=1640870919&dt=1640872699536&dlt=1640872696606&idt=659&frm=20&biw=1600&bih=1200&oid=2&adxs=800&adys=210&adks=556061319&ucis=5&ifi=5&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.baltimoresun.com%2Fcoronavirus%2Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&ref=https%3A%2F%2Ft.co%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1200x127&msz=1x0&psts=AGkb-H_hpxNgFa3x2A_H3V9yvCkJVWJFFZ6agJNl5GMCvXocoK0GNYR-LwoIhYVUTJ1YUDuUKpdr_ItroAWk%2CAGkb-H9zTguM7fb99lODeVzy0acCcl5qXnasvjH-aRVDuWlmcYPTi4-NhzFqIFXgzvEALa-WJKzOyypmnu0umh8k3D8O2TTVvw&ga_vid=1820711798.1640872697&ga_sid=1640872697&ga_hid=2101761687&ga_fc=true&fws=0&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.72.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s32-in-f2.1e100.net
Software
cafe /
Resource Hash
775f322cf3b9588f0dcc50a109cbf02dd4e6507546deb3da2af3694eb7f7c585
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:19 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12495
x-xss-protection
0
google-lineitem-id
-1
pragma
no-cache
server
cafe
google-creative-id
-1
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.baltimoresun.com
access-control-expose-headers
x-google-amp-ad-validated-version
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
usermatch
ssum-sec.casalemedia.com/ Frame F6B4
Redirect Chain
  • https://ssum-sec.casalemedia.com/usermatch?s=192259&cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID
  • https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
2 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-index_pm-db5_ym_rbd_n-vmg_ox-db5_kg_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.52.162.21 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-52-162-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
40eeab10551e93f9208a961f1981131a6022ff67126179e0dcf15599d67ff4df

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-US,en;q=0.9

Response headers

Server
Apache
Content-Type
text/html
Dropped-Udsids
230|39|241|45|5|221|195|111
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Vary
Is-Traffic-Usersync
Content-Length
1658
Expires
Thu, 30 Dec 2021 13:58:19 GMT
Cache-Control
max-age=0, no-cache, no-store
Pragma
no-cache
Date
Thu, 30 Dec 2021 13:58:19 GMT
Connection
keep-alive

Redirect headers

Server
Apache
Content-Length
324
Content-Type
text/html; charset=iso-8859-1
Location
https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Expires
Thu, 30 Dec 2021 13:58:19 GMT
Cache-Control
max-age=0, no-cache, no-store
Pragma
no-cache
Date
Thu, 30 Dec 2021 13:58:19 GMT
Connection
keep-alive
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame EF49 		14 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fid%3DPM_UID%26ex%3Dpubmatic.com&userIdMacro=PM_UID
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-index_pm-db5_ym_rbd_n-vmg_ox-db5_kg_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.52.161.180 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-52-161-180.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
2295c7a89c8ac4a19e2641283109be472d8f58bd78e42a38a0d16e34203e4bba

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-US,en;q=0.9

Response headers

last-modified
Tue, 15 Jun 2021 06:08:03 GMT
etag
"1300708-3945-5c4c7cc02bd56"
server
Apache/2.2.15 (CentOS)
accept-ranges
bytes
content-encoding
gzip
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
5054
content-type
text/html; charset=UTF-8
cache-control
max-age=62364
expires
Fri, 31 Dec 2021 07:17:43 GMT
date
Thu, 30 Dec 2021 13:58:19 GMT
vary
Accept-Encoding
tamptsync
sync-amz.ads.yieldmo.com/ Frame FD64 		886 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://sync-amz.ads.yieldmo.com/tamptsync?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dym.com%26id%3D%24UID
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-index_pm-db5_ym_rbd_n-vmg_ox-db5_kg_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.209.139.57 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-209-139-57.compute-1.amazonaws.com
Software
/
Resource Hash
9117e96954ff5f2423e161b42f9a0bae8706d1426f350fa9ecd6be3e2c8eff3b

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-US,en;q=0.9

Response headers

date
Thu, 30 Dec 2021 13:58:19 GMT
usync.html
eus.rubiconproject.com/ Frame 8E45 		281 B
554 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-index_pm-db5_ym_rbd_n-vmg_ox-db5_kg_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.73.244.44 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-73-244-44.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-US,en;q=0.9

Response headers

Server
Apache/2.2.15 (CentOS)
Last-Modified
Tue, 14 Dec 2021 23:07:59 GMT
ETag
"402b2-119-5d32342a551c0"
Accept-Ranges
bytes
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Thu, 30 Dec 2021 13:58:19 GMT
Connection
keep-alive
Vary
Accept-Encoding
ecm3
s.amazon-adsystem.com/ Frame 16E1
Redirect Chain
  • https://ups.analytics.yahoo.com/ups/58251/sync?redir=true
  • https://s.amazon-adsystem.com/ecm3?ex=vmg.com&id=eS1TZFNVaUxKRTJ1TFYwUmpIdmxMZ2h2anlXRGVhN0FlUX5B
43 B
556 B 		Document
General
Check archive.org
Download Go to
Full URL
https://s.amazon-adsystem.com/ecm3?ex=vmg.com&id=eS1TZFNVaUxKRTJ1TFYwUmpIdmxMZ2h2anlXRGVhN0FlUX5B
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-index_pm-db5_ym_rbd_n-vmg_ox-db5_kg_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
209.54.180.144 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-US,en;q=0.9

Response headers

Server
Server
Date
Thu, 30 Dec 2021 13:58:19 GMT
Content-Type
image/gif
Content-Length
43
Connection
keep-alive
x-amz-rid
FQVFFC0GXBKNRM3045E6
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma
no-cache
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Permissions-Policy
interest-cohort=()

Redirect headers

date
Thu, 30 Dec 2021 13:58:19 GMT
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
location
https://s.amazon-adsystem.com/ecm3?ex=vmg.com&id=eS1TZFNVaUxKRTJ1TFYwUmpIdmxMZ2h2anlXRGVhN0FlUX5B
age
0
server
ATS/9.1.0.33
cm
u.openx.net/w/1.0/ Frame 71D8 		0
177 B 		Document
General
Check archive.org
Download Go to
Full URL
https://u.openx.net/w/1.0/cm?id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-index_pm-db5_ym_rbd_n-vmg_ox-db5_kg_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/17.0.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-US,en;q=0.9

Response headers

vary
Accept, Accept-Encoding
server
OXGW/17.0.0
date
Thu, 30 Dec 2021 13:58:19 GMT
content-type
text/html
content-length
20
content-encoding
gzip
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
dinitsync
crb.kargo.com/api/v1/ Frame AF27 		0
435 B 		Document
General
Check archive.org
Download Go to
Full URL
https://crb.kargo.com/api/v1/dinitsync?partners=A9
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-index_pm-db5_ym_rbd_n-vmg_ox-db5_kg_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.174.248.175 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-174-248-175.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-US,en;q=0.9

Response headers

Cache-Control
no-cache, no-store, must-revalidate, private, max-age=0
Date
Thu, 30 Dec 2021 13:58:19 GMT
Expires
Thu, 01 Jan 1970 00:00:00 UTC
Pragma
no-cache
Vary
Origin
X-Accel-Expires
0
Content-Length
0
Connection
keep-alive
ecm3
s.amazon-adsystem.com/ Frame 6ED1
Redirect Chain
  • https://ib.adnxs.com/getuid?https://s.amazon-adsystem.com/ecm3?id=$UID&ex=appnexus.com
  • https://s.amazon-adsystem.com/ecm3?id=3183875922675690167&ex=appnexus.com
43 B
556 B 		Document
General
Check archive.org
Download Go to
Full URL
https://s.amazon-adsystem.com/ecm3?id=3183875922675690167&ex=appnexus.com
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-index_pm-db5_ym_rbd_n-vmg_ox-db5_kg_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
209.54.180.144 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-US,en;q=0.9

Response headers

Server
Server
Date
Thu, 30 Dec 2021 13:58:19 GMT
Content-Type
image/gif
Content-Length
43
Connection
keep-alive
x-amz-rid
Y6E4G109DE9HW2G3K1FP
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma
no-cache
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Permissions-Policy
interest-cohort=()

Redirect headers

Server
nginx/1.17.9
Date
Thu, 30 Dec 2021 13:58:19 GMT
Content-Type
text/html; charset=utf-8
Content-Length
0
Connection
keep-alive
Cache-Control
no-store, no-cache, private
Pragma
no-cache
Expires
Sat, 15 Nov 2008 16:00:00 GMT
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection
0
Access-Control-Allow-Credentials
true
Access-Control-Allow-Origin
*
Location
https://s.amazon-adsystem.com/ecm3?id=3183875922675690167&ex=appnexus.com
AN-X-Request-Uuid
e736d51f-4725-4a45-9794-7d04ac4c11be
X-Proxy-Origin
45.250.25.110; 45.250.25.110; 672.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
ecm3
s.amazon-adsystem.com/ Frame 4CFD
Redirect Chain
  • https://eb2.3lift.com/getuid?redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3D3lift.com%26id%3D%24UID
  • https://eb2.3lift.com/getuid?ld=1&gdpr=0&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3D3lift.com%26id%3D%24UID
  • https://s.amazon-adsystem.com/ecm3?ex=3lift.com&id=9865506846252392651
43 B
556 B 		Document
General
Check archive.org
Download Go to
Full URL
https://s.amazon-adsystem.com/ecm3?ex=3lift.com&id=9865506846252392651
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-index_pm-db5_ym_rbd_n-vmg_ox-db5_kg_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
209.54.180.144 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-US,en;q=0.9

Response headers

Server
Server
Date
Thu, 30 Dec 2021 13:58:19 GMT
Content-Type
image/gif
Content-Length
43
Connection
keep-alive
x-amz-rid
DYX8D3M8HX2A7SHA2BZ6
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma
no-cache
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Permissions-Policy
interest-cohort=()

Redirect headers

date
Thu, 30 Dec 2021 13:58:19 GMT
content-length
0
location
https://s.amazon-adsystem.com/ecm3?ex=3lift.com&id=9865506846252392651
cache-control
no-cache, no-store, must-revalidate
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
connatix.player.js
cds.connatix.com/p/143023/ Frame E1DD
Redirect Chain
  • https://cd.connatix.com/connatix.player.js
  • https://cds.connatix.com/p/143023/connatix.player.js
1 MB
236 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cds.connatix.com/p/143023/connatix.player.js
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H2
Server
151.101.66.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
34c7f5ae9616e6b04a053ebb5d16d7342c9b12901e5ffcbe47e464ffe1bf9257

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:19 GMT
content-encoding
br
last-modified
Fri, 17 Dec 2021 11:40:48 GMT
age
1131394
etag
"26ef747c9bce5d63087e3a98579095a0"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
access-control-max-age
86400
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
content-length
241041

Redirect headers

location
https://cds.connatix.com/p/143023/connatix.player.js
date
Thu, 30 Dec 2021 13:58:19 GMT
cache-control
no-cache, no-store, must-revalidate, max-age=0
server
Kestrel
accept-ranges
bytes
content-length
0
track
t.teads.tv/ 		23 B
143 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.teads.tv/track?action=passback-noAd&env=js-web&auctid=d4c6819b-e601-463e-b6e4-1924337b4e0b&pageId=105056&pid=113713&slot=native&vid=5d977c69-38cc-4251-882f-8556e831645f&fv=931&ts=1640872699569&f=1&referer=https%3A%2F%2Fwww.baltimoresun.com%2Fcoronavirus%2Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.52.164.7 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-52-164-7.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:19 GMT
cache-control
max-age=0, no-cache, no-store
expires
Sat, 26 Jul 1997 05:00:00 GMT
content-length
23
content-type
image/gif
styles__ltr.css
www.gstatic.com/recaptcha/releases/VZKEDW9wslPbEc9RmzMqaOAP/ Frame C82C 		51 KB
24 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/VZKEDW9wslPbEc9RmzMqaOAP/styles__ltr.css
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Le9ZMIUAAAAAI5fS3P2dp4pUibhIqYeRd01EJ_Q&co=aHR0cHM6Ly93d3cuYmFsdGltb3Jlc3VuLmNvbTo0NDM.&hl=en&v=VZKEDW9wslPbEc9RmzMqaOAP&size=invisible&cb=kflfkc3f1ggu
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:822::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f1ac5bc2d2f0c446b2d5bc135db7414a2662ade7b701bc199456d05f51bfc261
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Mon, 27 Dec 2021 06:38:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
285605
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
24152
x-xss-protection
0
last-modified
Mon, 13 Dec 2021 05:04:24 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/css
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin-allow-popups; report-to="recaptcha"
expires
Tue, 27 Dec 2022 06:38:14 GMT
recaptcha__en.js
www.gstatic.com/recaptcha/releases/VZKEDW9wslPbEc9RmzMqaOAP/ Frame C82C 		344 KB
134 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/VZKEDW9wslPbEc9RmzMqaOAP/recaptcha__en.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Le9ZMIUAAAAAI5fS3P2dp4pUibhIqYeRd01EJ_Q&co=aHR0cHM6Ly93d3cuYmFsdGltb3Jlc3VuLmNvbTo0NDM.&hl=en&v=VZKEDW9wslPbEc9RmzMqaOAP&size=invisible&cb=kflfkc3f1ggu
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:822::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
de40f8e9a13821460fad3250442ee45458a1073661d67758f325b3a354995dd3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 02:46:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
40310
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
137533
x-xss-protection
0
last-modified
Mon, 13 Dec 2021 05:04:24 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin-allow-popups; report-to="recaptcha"
expires
Fri, 30 Dec 2022 02:46:29 GMT
pixels
bcp.crwdcntrl.net/ Frame 40EC 		2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://bcp.crwdcntrl.net/pixels?s=22%2C67%2C33%2C86%2C61%2C8%2C12%2C125%2C31%2C49&c=13200
Requested by
Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/shared/2/lt.iframe.html?c=13200
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.73.153.177 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-73-153-177.compute-1.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
4bbb9c825577c27290906050a1617d27570fc84ee5970b3a777f3fc1e5d72fc8

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-US,en;q=0.9
Referer
https://tags.crwdcntrl.net/

Response headers

date
Thu, 30 Dec 2021 13:58:19 GMT
content-type
text/html
content-length
1841
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
cache-control
no-cache
pragma
no-cache
expires
0
x-server
10.40.2.207
server
Jetty(9.4.38.v20210224)
view
securepubads.g.doubleclick.net/pcs/ Frame 4D8C 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjss60163sKMjKIgz4CosOS7ZQCSwQnM0a_iaHV2ogk_JniFEmNjibYfWgPQsRD9ccUx12lOd29-jm-9SWhmOHEViy9hZsLZ6Ntj1FHeQP7UEz2zDMEDzr5wEt6KsKA-IKqomiCpq5FSBRNXsFAVuCLoe-ruEtBydhGrfr3SU4HVZFI4ejmHNhBLWoy-VM8JbOENzPAhR6UO8HEztoDOVpFTstqHZ-YPupmUpulcoLEaTgaLB4YLsdcMqZ9SgxWwHFtTDbRELcqM-tUuuvZtDRvBUmecZ7eVdEqNwDAwPkTWbUp7BqAEBGtjk4hM5WvziHGgC2uaWHQ0aeHdWMyw&sig=Cg0ArKJSzPUVNV5VFPShEAE&uach_m=[UACH]&adurl=
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.72.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s32-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 30 Dec 2021 13:58:19 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
expires
Thu, 30 Dec 2021 13:58:19 GMT
web
onesignal.com/api/v1/sync/58e422ee-b280-4b64-8972-f87904091504/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://onesignal.com/api/v1/sync/58e422ee-b280-4b64-8972-f87904091504/web?callback=__jp0
Requested by
Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151512
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:e134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fd05f0b1bbb84abffb401d97456a2c906a35bdc888651c5da28816896270d0e0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:19 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
3557
cf-polished
origSize=5436
status
200 OK
x-envoy-upstream-service-time
28
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-xss-protection
1; mode=block
x-request-id
116b2bab-16fb-4dc7-b0f3-370666af534d
x-runtime
0.026150
referrer-policy
strict-origin-when-cross-origin
cf-bgj
minify
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"e2cdfe1236060586a5b10277d6fe90d2"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=3600
cf-ray
6c5bc844dd6381cf-IAD
access-control-allow-headers
SDK-Version
expires
Thu, 30 Dec 2021 14:58:19 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 122E 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: news.google.com
URL: https://news.google.com/swg/_/ui/v1/serviceiframe?_=455797
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:823::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://news.google.com/
Origin
https://news.google.com
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 28 Dec 2021 15:59:51 GMT
x-content-type-options
nosniff
age
165508
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15344
x-xss-protection
0
last-modified
Mon, 16 Oct 2017 17:32:55 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Wed, 28 Dec 2022 15:59:51 GMT
track
t.teads.tv/ 		23 B
143 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.teads.tv/track?action=passback-noAd&env=js-web&auctid=d3e6f734-a253-4cec-9c45-292fc9023c79&pageId=105056&pid=113714&slot=multislot&vid=5533a106-2c9e-4c21-a485-5d52473e5396&fv=931&ts=1640872699794&f=1&referer=https%3A%2F%2Fwww.baltimoresun.com%2Fcoronavirus%2Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.52.164.7 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-52-164-7.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:19 GMT
cache-control
max-age=0, no-cache, no-store
expires
Sat, 26 Jul 1997 05:00:00 GMT
content-length
23
content-type
image/gif
logo_48.png
www.gstatic.com/recaptcha/api2/ Frame C82C 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.gstatic.com/recaptcha/api2/logo_48.png
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/VZKEDW9wslPbEc9RmzMqaOAP/styles__ltr.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:822::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.gstatic.com/recaptcha/releases/VZKEDW9wslPbEc9RmzMqaOAP/styles__ltr.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 17:24:45 GMT
x-content-type-options
nosniff
age
592414
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2228
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
image/png
cache-control
public, max-age=604800
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin-allow-popups; report-to="recaptcha"
expires
Thu, 30 Dec 2021 17:24:45 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame C82C 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Le9ZMIUAAAAAI5fS3P2dp4pUibhIqYeRd01EJ_Q&co=aHR0cHM6Ly93d3cuYmFsdGltb3Jlc3VuLmNvbTo0NDM.&hl=en&v=VZKEDW9wslPbEc9RmzMqaOAP&size=invisible&cb=kflfkc3f1ggu
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:823::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.google.com/
Origin
https://www.google.com
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 28 Dec 2021 15:59:51 GMT
x-content-type-options
nosniff
age
165508
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15344
x-xss-protection
0
last-modified
Mon, 16 Oct 2017 17:32:55 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Wed, 28 Dec 2022 15:59:51 GMT
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame C82C 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Le9ZMIUAAAAAI5fS3P2dp4pUibhIqYeRd01EJ_Q&co=aHR0cHM6Ly93d3cuYmFsdGltb3Jlc3VuLmNvbTo0NDM.&hl=en&v=VZKEDW9wslPbEc9RmzMqaOAP&size=invisible&cb=kflfkc3f1ggu
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:823::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.google.com/
Origin
https://www.google.com
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Fri, 24 Dec 2021 12:21:15 GMT
x-content-type-options
nosniff
age
524224
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15552
x-xss-protection
0
last-modified
Mon, 16 Oct 2017 17:33:02 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Sat, 24 Dec 2022 12:21:15 GMT
v2gwekJwmJbERk09-_1gu06ABVAiYAHHUyJj6_-2ZRdwvYnaeIVqqsexQa6Cf-BAYgYcrrF7HhMjoIuBvEg
smoggysnakes.com/ 		3 B
36 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://smoggysnakes.com/v2gwekJwmJbERk09-_1gu06ABVAiYAHHUyJj6_-2ZRdwvYnaeIVqqsexQa6Cf-BAYgYcrrF7HhMjoIuBvEg
Requested by
Host: smoggysnakes.com
URL: https://smoggysnakes.com/v2eemfb2--CI0VJ9xjYIcqOygppWEnXGap23S5PLx7ZNB4Lciz3BUGqe_grs5AINH
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.201.103.212 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
212.103.201.35.bc.googleusercontent.com
Software
/
Resource Hash
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; preload

Request headers

Referer
https://www.baltimoresun.com/
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

strict-transport-security
max-age=15724800; preload
x-datacenter
gce-us-east1
date
Thu, 30 Dec 2021 13:58:19 GMT
vary
Accept-Encoding, Origin
access-control-allow-methods
POST, OPTIONS
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.baltimoresun.com
access-control-allow-credentials
true
x-hostname
c2e225f0
timing-allow-origin
*
access-control-allow-headers
DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie
content-length
3
m=byfTOb,lsjVmc,LEikZe
www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.en_US.b7T37FN4NJs.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.8H2m-GzCKsQ.L... Frame 122E 		37 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.en_US.b7T37FN4NJs.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.8H2m-GzCKsQ.L.B1.O/am=AgAI/d=1/exm=_b,_tp/excm=_b,_tp,serviceiframeview/esmo=1/ed=1/wt=2/rs=ABXTjI4wtYYm0rpI1qK_odJC3edrEZbnyA/ee=cEt90b:ws9Tlc;uY49fb:COQbmf;Oj465e:KG2eXe;yxTchf:KUM7Z;qddgKe:xQtZb;wR5FRb:O1Gjze;iFQyKf:vfuNJf;dIoSBb:SpsfSb;NPKaK:SdcwHb;LBgRLc:SdcwHb;zxnPse:GkRiKb;NSEoX:lazG7b;nAFL3:NTMZac;oGtAuc:sOXFj;eBAeSb:zbML3c;io8t5d:yDVVkb;j7137d:KG2eXe;ul9GGd:JrBFQb;sP4Vbe:VwDzFe;kMFpHd:blwjVc;pXdRYb:MdUzUe;SNUn3:ZwDk9d/m=byfTOb,lsjVmc,LEikZe
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.en_US.b7T37FN4NJs.es5.O/am=AgAI/d=1/excm=_b,_tp,serviceiframeview/ed=1/dg=0/wt=2/esmo=1/rs=ABXTjI4rHbVn0l3HM6LNXxMt1G9MeF6B_w/m=_b,_tp
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:822::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
006928ad2f9831aa8e8e80d104ff2a0d1f69a35d3a6a1c0484a62d700be9f902
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://news.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 19:04:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
586421
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/subscribewithgoogle-boq-js-css-signers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13622
x-xss-protection
0
last-modified
Wed, 15 Dec 2021 23:17:51 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"boq-infra/subscribewithgoogle-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/subscribewithgoogle-boq-js-css-signers"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="boq-infra/subscribewithgoogle-boq-js-css-signers"
expires
Fri, 23 Dec 2022 19:04:38 GMT
usync.js
eus.rubiconproject.com/ Frame 8E45 		32 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.73.244.44 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-73-244-44.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
b6caa475a6e60a972a981cf3abeb5a2ff01c09bee551831d38f18ae2b28ccfe4

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 30 Dec 2021 13:58:19 GMT
Content-Encoding
gzip
Last-Modified
Wed, 15 Dec 2021 23:04:16 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=53225
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Content-Length
9702
Expires
Fri, 31 Dec 2021 04:45:24 GMT
ecm3
s.amazon-adsystem.com/ Frame FD64 		43 B
556 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/ecm3?ex=ym.com&id=g264bdcc93e25f50b49d
Requested by
Host: sync-amz.ads.yieldmo.com
URL: https://sync-amz.ads.yieldmo.com/tamptsync?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dym.com%26id%3D%24UID
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
209.54.180.144 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://sync-amz.ads.yieldmo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 30 Dec 2021 13:58:19 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
FBB19MWGB28E6QNJMCWN
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT
sync
ib.adnxs.com/&https://ads.yieldmo.com/v000/ Frame FD64
Redirect Chain
  • https://ib.adnxs.com/getuid?&https://ads.yieldmo.com/v000/sync?userid=$UID&pn_id=an
  • https://ib.adnxs.com/&https://ads.yieldmo.com/v000/sync?userid=3183875922675690167&pn_id=an
0
583 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ib.adnxs.com/&https://ads.yieldmo.com/v000/sync?userid=3183875922675690167&pn_id=an
Requested by
Host: sync-amz.ads.yieldmo.com
URL: https://sync-amz.ads.yieldmo.com/tamptsync?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dym.com%26id%3D%24UID
Protocol
HTTP/1.1
Server
68.67.160.114 New York, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
672.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://sync-amz.ads.yieldmo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 30 Dec 2021 13:58:20 GMT
X-Proxy-Origin
45.250.25.110; 45.250.25.110; 672.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid
753e2309-34a7-48a7-8bcc-df5859aef37e
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Thu, 30 Dec 2021 13:58:19 GMT
X-Proxy-Origin
45.250.25.110; 45.250.25.110; 672.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid
37c84ac7-aabb-4203-92d2-8f4d89eb5fb9
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
&https://ads.yieldmo.com/v000/sync?userid=3183875922675690167&pn_id=an
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
sync
ads.yieldmo.com/ Frame FD64
Redirect Chain
  • https://x.bidswitch.net/sync?&ssp=yieldmo
  • https://x.bidswitch.net/ul_cb/sync?&ssp=yieldmo
  • https://pixel.quantserve.com/pixel/p-zLwwakwy-hZw3.gif?idmatch=0&ssp=yieldmo&gdpr=&gdpr_consent=
  • https://x.bidswitch.net/sync?dsp_id=76&user_group=2&ssp=yieldmo&gdpr=0&user_id=xxaSoZNGl6bcHpL9yBXcpMhCkvPcF5KmyRYnsrJb
  • https://ads.yieldmo.com/sync?userid=84efc425-6b61-4040-bd22-124692c6664b&pn_id=bsw&extinit=0&gdpr=0&gdpr_consent=
43 B
639 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.yieldmo.com/sync?userid=84efc425-6b61-4040-bd22-124692c6664b&pn_id=bsw&extinit=0&gdpr=0&gdpr_consent=
Requested by
Host: sync-amz.ads.yieldmo.com
URL: https://sync-amz.ads.yieldmo.com/tamptsync?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dym.com%26id%3D%24UID
Protocol
H2
Server
3.208.244.38 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-208-244-38.compute-1.amazonaws.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://sync-amz.ads.yieldmo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

access-control-allow-origin
*
pragma
no-cache
date
Thu, 30 Dec 2021 13:58:20 GMT
content-type
image/gif
content-length
43
access-control-allow-methods
GET, OPTIONS
access-control-request-headers
Cache-Control, Pragma

Redirect headers

Location
//ads.yieldmo.com/sync?userid=84efc425-6b61-4040-bd22-124692c6664b&pn_id=bsw&extinit=0&gdpr=0&gdpr_consent=
Date
Thu, 30 Dec 2021 13:58:20 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
0
sync
ads.yieldmo.com/v000/ Frame FD64
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?&ttd_pid=yieldmo
  • https://ads.yieldmo.com/v000/sync?tdid=e0abe75f-a4ea-4fff-b6a5-5da8b250c6e4
43 B
329 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.yieldmo.com/v000/sync?tdid=e0abe75f-a4ea-4fff-b6a5-5da8b250c6e4
Requested by
Host: sync-amz.ads.yieldmo.com
URL: https://sync-amz.ads.yieldmo.com/tamptsync?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dym.com%26id%3D%24UID
Protocol
H2
Server
3.208.244.38 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-208-244-38.compute-1.amazonaws.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://sync-amz.ads.yieldmo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

access-control-allow-origin
*
pragma
no-cache
date
Thu, 30 Dec 2021 13:58:20 GMT
content-type
image/gif
content-length
43
access-control-allow-methods
GET, OPTIONS
access-control-request-headers
Cache-Control, Pragma

Redirect headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:20 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://ads.yieldmo.com/v000/sync?tdid=e0abe75f-a4ea-4fff-b6a5-5da8b250c6e4
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
181
sync
ads.yieldmo.com/ Frame FD64
Redirect Chain
  • https://sync.srv.stackadapt.com/sync?&nid=21
  • https://ads.yieldmo.com/sync?pn_id=stk&userid=zMocoBWdTUFFZe1obrBfIS36GW4
43 B
528 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.yieldmo.com/sync?pn_id=stk&userid=zMocoBWdTUFFZe1obrBfIS36GW4
Requested by
Host: sync-amz.ads.yieldmo.com
URL: https://sync-amz.ads.yieldmo.com/tamptsync?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dym.com%26id%3D%24UID
Protocol
H2
Server
3.208.244.38 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-208-244-38.compute-1.amazonaws.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://sync-amz.ads.yieldmo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

access-control-allow-origin
*
pragma
no-cache
date
Thu, 30 Dec 2021 13:58:20 GMT
content-type
image/gif
content-length
43
access-control-allow-methods
GET, OPTIONS
access-control-request-headers
Cache-Control, Pragma

Redirect headers

Location
https://ads.yieldmo.com/sync?pn_id=stk&userid=zMocoBWdTUFFZe1obrBfIS36GW4
Date
Thu, 30 Dec 2021 13:58:20 GMT
Connection
keep-alive
Content-Length
100
Content-Type
text/html; charset=utf-8
sync
sync-pp.ads.yieldmo.com/ Frame FD64
Redirect Chain
  • https://bh.contextweb.com/bh/rtset?&pid=561118&ev=1&rurl=https://sync-pp.ads.yieldmo.com/sync?userid=%%VGUID%%&pn_id=pp
  • https://sync-pp.ads.yieldmo.com/sync?userid=EZ2yaDDdi7BZ&ev=1&pn_id=pp&pid=561118
43 B
422 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync-pp.ads.yieldmo.com/sync?userid=EZ2yaDDdi7BZ&ev=1&pn_id=pp&pid=561118
Requested by
Host: sync-amz.ads.yieldmo.com
URL: https://sync-amz.ads.yieldmo.com/tamptsync?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dym.com%26id%3D%24UID
Protocol
H2
Server
18.209.139.57 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-209-139-57.compute-1.amazonaws.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://sync-amz.ads.yieldmo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

access-control-allow-origin
*
pragma
no-cache
date
Thu, 30 Dec 2021 13:58:20 GMT
content-type
image/gif
content-length
43
access-control-allow-methods
GET, OPTIONS
access-control-request-headers
Cache-Control, Pragma

Redirect headers

strict-transport-security
max-age=15768000
server
Jetty(9.4.14.v20181114)
p3p
policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
content-language
en-US
location
https://sync-pp.ads.yieldmo.com/sync?userid=EZ2yaDDdi7BZ&ev=1&pn_id=pp&pid=561118
cache-control
private, max-age=0, no-cache, no-store
cw-server
bh-deployment-685df6f7b9-fhw5j
expires
-1
pixel
cm.g.doubleclick.net/ Frame 40EC 		170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=lotame_dmp&google_hm=${base64_profileid}
Requested by
Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/pixels?s=22%2C67%2C33%2C86%2C61%2C8%2C12%2C125%2C31%2C49&c=13200
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.65.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s71-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://bcp.crwdcntrl.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:19 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
tpid=Yc26.8PaJt5j23F1hnB8aQAA%26410
sync.crwdcntrl.net/map/c=6725/tp=INDX/ Frame 40EC
Redirect Chain
  • https://ssum-sec.casalemedia.com/usermatchredir?s=183715&cb=https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D6725%2Ftp%3DINDX%2Ftpid%3D__UID__
  • https://sync.crwdcntrl.net/map/c=6725/tp=INDX/tpid=Yc26.8PaJt5j23F1hnB8aQAA%26410
49 B
265 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.crwdcntrl.net/map/c=6725/tp=INDX/tpid=Yc26.8PaJt5j23F1hnB8aQAA%26410
Requested by
Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/pixels?s=22%2C67%2C33%2C86%2C61%2C8%2C12%2C125%2C31%2C49&c=13200
Protocol
H2
Server
52.203.157.37 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-203-157-37.compute-1.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://bcp.crwdcntrl.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:20 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
*
cache-control
no-cache
x-server
10.40.2.252
content-type
image/gif
content-length
49
expires
0

Redirect headers

Pragma
no-cache
Date
Thu, 30 Dec 2021 13:58:19 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location
https://sync.crwdcntrl.net/map/c=6725/tp=INDX/tpid=Yc26.8PaJt5j23F1hnB8aQAA%26410
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
text/html; charset=iso-8859-1
Content-Length
265
Expires
Thu, 30 Dec 2021 13:58:19 GMT
usersync
pixel-sync.sitescout.com/connectors/lotame/ Frame 40EC 		0
191 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel-sync.sitescout.com/connectors/lotame/usersync?redir=https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D1389%2Ftp%3DSTSC%2Ftpid%3D%24UUID
Requested by
Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/pixels?s=22%2C67%2C33%2C86%2C61%2C8%2C12%2C125%2C31%2C49&c=13200
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
207.198.113.169 Herndon, United States, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software
AC1.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://bcp.crwdcntrl.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:20 GMT
cache-control
max-age=0,no-cache,no-store
server
AC1.1
p3p
CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
expires
Tue, 11 Oct 1977 12:34:56 GMT
tpid=a26991cd-42eb-489d-b616-8596ebb2ccaf
sync.crwdcntrl.net/map/c=8157/tp=NLDN/ Frame 40EC
Redirect Chain
  • https://jadserve.postrelease.com/dmp/5?vk=d1f7c93abf4490836d860b8505530287&ntv_r=https://sync.crwdcntrl.net/map/c=8157/tp=NLDN/tpid=NTV_USER_ID
  • https://sync.crwdcntrl.net/map/c=8157/tp=NLDN/tpid=a26991cd-42eb-489d-b616-8596ebb2ccaf
49 B
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.crwdcntrl.net/map/c=8157/tp=NLDN/tpid=a26991cd-42eb-489d-b616-8596ebb2ccaf
Requested by
Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/pixels?s=22%2C67%2C33%2C86%2C61%2C8%2C12%2C125%2C31%2C49&c=13200
Protocol
H2
Server
52.203.157.37 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-203-157-37.compute-1.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://bcp.crwdcntrl.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:20 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
*
cache-control
no-cache
x-server
10.40.42.37
content-type
image/gif
content-length
49
expires
0

Redirect headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:20 GMT
server
nginx/1.12.1
location
https://sync.crwdcntrl.net/map/c=8157/tp=NLDN/tpid=a26991cd-42eb-489d-b616-8596ebb2ccaf
p3p
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length
0
expires
Mon, 1 Jan 1990 12:00:00 GMT
utsync.ashx
ml314.com/ Frame 40EC 		43 B
517 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ml314.com/utsync.ashx?eid=50146&et=0&fp=d1f7c93abf4490836d860b8505530287&gdpr=0
Requested by
Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/pixels?s=22%2C67%2C33%2C86%2C61%2C8%2C12%2C125%2C31%2C49&c=13200
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.233.103.61 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-103-61.compute-1.amazonaws.com
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://bcp.crwdcntrl.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 30 Dec 2021 13:58:19 GMT
Server
Microsoft-IIS/10.0
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
p3P
CP="NON DSP COR ADMo PSAo DEVo BUS COM UNI NAV DEM STA"
Cache-Control
private
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
0,Fri, 31 Dec 2021 08:58:20 GMT
g.json
aa.agkn.com/adscores/ Frame 40EC 		103 B
723 B 		Script
General
Check archive.org
Download Go to
Full URL
https://aa.agkn.com/adscores/g.json?sid=9202507693
Requested by
Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/pixels?s=22%2C67%2C33%2C86%2C61%2C8%2C12%2C125%2C31%2C49&c=13200
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.210.86 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-210-86.ewr50.r.cloudfront.net
Software
AAWebServer /
Resource Hash
e1ce17fd79478fbb0830c687ff4046c86993acb5fd14fc35b4fd29bed00ce94a

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://bcp.crwdcntrl.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:20 GMT
via
1.1 d50f0ffd76e03cff5d1f6328069e44e0.cloudfront.net (CloudFront)
server
AAWebServer
x-amz-cf-pop
EWR50-C1
access-control-allow-methods
GET, POST, OPTIONS
p3p
policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
x-cache
Miss from cloudfront
content-type
application/json
access-control-allow-headers
accept, cache-control, origin, x-requested-with, x-file-name, content-type
content-length
103
x-amz-cf-id
ImE2xmOoxkQgg6AjDRO3d3hql1CVQl0BH3I4Ie2JUqUUxfEk_XFGLQ==
expires
0
5907
tags.bluekai.com/site/ Frame 40EC 		62 B
615 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tags.bluekai.com/site/5907?limit=0&id=25cba74edadcdfb1e6cfe9123f15837c
Requested by
Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/pixels?s=22%2C67%2C33%2C86%2C61%2C8%2C12%2C125%2C31%2C49&c=13200
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
184.50.205.90 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-50-205-90.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://bcp.crwdcntrl.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 30 Dec 2021 13:58:20 GMT
Connection
keep-alive
P3P
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Content-Length
62
Content-Type
image/gif
insync
thrtle.com/ Frame 40EC 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://thrtle.com/insync?vxii_pid=10014&vxii_pdid=d1f7c93abf4490836d860b8505530287
Requested by
Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/pixels?s=22%2C67%2C33%2C86%2C61%2C8%2C12%2C125%2C31%2C49&c=13200
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.159.192.110 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-159-192-110.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://bcp.crwdcntrl.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers
token
token.rubiconproject.com/ Frame 40EC 		0
472 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://token.rubiconproject.com/token?pid=7&puid=d1f7c93abf4490836d860b8505530287&gdpr=0
Requested by
Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/pixels?s=22%2C67%2C33%2C86%2C61%2C8%2C12%2C125%2C31%2C49&c=13200
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
8.43.72.98 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://bcp.crwdcntrl.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
X-RPHost
ace9692b4e77bdf741ff63add80edaca
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
match
ps.eyeota.net/ Frame 40EC 		0
344 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ps.eyeota.net/match?bid=51mdg9u&uid=d1f7c93abf4490836d860b8505530287
Requested by
Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/pixels?s=22%2C67%2C33%2C86%2C61%2C8%2C12%2C125%2C31%2C49&c=13200
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
3.230.62.22 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-230-62-22.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://bcp.crwdcntrl.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 30 Dec 2021 13:58:20 GMT
Content-Length
0
P3P
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"
index.html
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4341884288908283729/ Frame 90A6 		11 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4341884288908283729/index.html
Requested by
Host: t.co
URL: https://t.co/sWUTVYxdMM
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:809::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6e1c86552cf292a8f63431402d68873f7c979c46f07fb9a98f804d85543cd298
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-US,en;q=0.9
Referer
https://76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-type
text/html
access-control-allow-origin
*
content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
timing-allow-origin
*
content-length
3249
date
Mon, 27 Dec 2021 12:07:06 GMT
expires
Tue, 27 Dec 2022 12:07:06 GMT
last-modified
Wed, 10 Nov 2021 14:07:31 GMT
x-content-type-options
nosniff
x-dns-prefetch-control
off
content-encoding
gzip
server
sffe
x-xss-protection
0
age
265874
cache-control
public, max-age=31536000
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
adview
securepubads.g.doubleclick.net/pagead/ Frame 2A41 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/adview?ai=C0Lzu-rrNYbX1GIyBhwei1hSnnMnOZvqqqvORD4_MsKADEAEgtM6VCGDJ3pWM0KTcEaABsc74ogPIAQngAgCoAwHIAwiqBPICT9DHPxBaXDCvgt5p7fogt_XDWhihL-Ekt6yPlhJxMtaHYGXoO_cNC-0JkwD_42ETuPgEskxGcdRtQ73oiBSd-MBavdv8XlFq3HVcy9CuST0DNjewCgjuYKV1LUgqoJZGqg4HfR4KFEK_965aRaxhJpKHrP9lLGn-OE8z0uQhj3MBRMKmaeSgsmrMUMoi-xWBUkxlc4MCiisnqvOPM58zrV2kqRVOxV-OEcsaC-VIP1bddP5MZ3_PxMypw_TB5aP808hqeAIH4YlF5TNtPVRR-tOvW_pyv2nNXcDUZc6YSOQzX2lJL8xL6YSmpKlRWaoNSI6-o2muS5v0erbhyO7-B9P34lzpTuen7FqRXEruqsPKRxasg5RaWMhUDIAlwNW9AU8xW0saC2GNlqOXtinR5ZdY8TmteV6BFMtSj7VfIkb_u6QWHKdakTTP_LwKt1XidqFKGD60LK0ZWVFF4ZG-yQAmhMBeVSVKemH5HkRyLMvitsAEofTf_oID4AQBkgUECAQYAZIFBAgFGASgBi6AB7exh12oB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G9gHAPIHBBC1zhrSCAcIgGEQARgfgAoDyAsB2BMC0BUBgBcBshceChwIABIUcHViLTUxOTA5MzU2NTMzNzM3MzkYwIYQ&sigh=OHAk1vjet18&uach_m=[UACH]&template_id=419
Requested by
Host: t.co
URL: https://t.co/sWUTVYxdMM
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.72.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s32-in-f2.1e100.net
Software
/
Resource Hash

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers
abg_lite_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/ Frame 2A41 		19 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/abg_lite_fy2019.js
Requested by
Host: 76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com
URL: https://76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:809::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d9955b485ec10339d863941175c02572657bf9d4f6c5fa2e5603e7d803c1b8cf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:55:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
188
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7876
x-xss-protection
0
server
cafe
etag
5333878705136318229
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 13 Jan 2022 13:55:12 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 2A41 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js
Requested by
Host: 76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com
URL: https://76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:809::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:54:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
235
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1332
x-xss-protection
0
server
cafe
etag
3351516697335751560
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 13 Jan 2022 13:54:25 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 2A41 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: 76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com
URL: https://76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:809::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:55:48 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
152
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6464
x-xss-protection
0
server
cafe
etag
15715955993838318253
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 13 Jan 2022 13:55:48 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 2A41 		119 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: 76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com
URL: https://76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:816::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37305
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1638461285297402"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Thu, 30 Dec 2021 13:58:20 GMT
pixel
protected-by.clarium.io/ Frame 2A41 		68 B
329 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://protected-by.clarium.io/pixel?tag=wt_aVBOajRZdVhldkkxcjBlSU5uWHNPTlRmSWJjLzIyMzY4MDY4ODA6MzAweDI1MA==&v=5&s=v31fo5q4q4s&id=eyJkZnAiOnsiYWQiOjE2OTcyMDE2LCJjIjpudWxsLCJsIjowLCJvIjoyMjM2ODA2ODgwLCJBIjoiLzQwMTEvdHJiLmJhbHRpbW9yZXN1bi9jb3JvbmF2aXJ1cyIsInkiOjExOTMyMCwiY28iOjAsInMiOiJ6ZXVzX2NfODkzIn19&sb=undefined&cb=9133533&h=www.baltimoresun.com&d=eyJ3aCI6ImFWQk9halJaZFZobGRra3hjakJsU1U1dVdITlBUbFJtU1dKakx6SXlNelk0TURZNE9EQTZNekF3ZURJMU1BPT0iLCJ3ZCI6eyJvIjoyMjM2ODA2ODgwLCJ3IjoiMzAwIiwiaCI6IjI1MCJ9LCJ3ciI6Mn0=
Requested by
Host: 76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com
URL: https://76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.228.250.212 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-228-250-212.compute-1.amazonaws.com
Software
nginx /
Resource Hash
69539b5b3777cffda28a66d7f2aa9b17c91ee1ec8fd50c00c442af91753a60f7

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 30 Dec 2021 13:58:20 GMT
Server
nginx
Content-Type
image/png
Cache-Control
no-store, no-cache, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
68
Expires
Sat, 26 Jul 1997 05:00:00 GMT
pixel
googleads.g.doubleclick.net/xbbe/ Frame 889C 		624 B
733 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CJbEPhDG_rKdAhjViZi0ATAB&v=APEucNXprwrbt6gTRQVNL6nwsOu6RZ7reLThYJbC0GUFuh48AqOmCAtatiFbIT2n-XJ71zAwErRcsbGJMbt3CVPvcmNi4Oj-5w
Requested by
Host: 76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com
URL: https://76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80b::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-US,en;q=0.9
Referer
https://76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
gzip
date
Thu, 30 Dec 2021 13:58:20 GMT
server
cafe
cache-control
private
content-length
276
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
ad
googleads.g.doubleclick.net/dbm/ Frame E013 		12 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Cccqjt5ev8K7hz-lkecX16j2AXWXAK7WPuhTGkC612kl-tQTDXY4FpwMIcZZdgNwoGi8CKSHmjr_JzxlzQO-I4sw0ZXZBVtOl8PrRh_y_AV6NpqWFpAP4EPSuuU3I7RpR3WNp6VbqUsYS26ZJQo7OHWv--hQ&dbm_d=AKAmf-DtMsHi0iRtg9sWBSosrQd4VzMRFVtO2atnqhiVJlXzVfgv3CCRYXW6DB54mwwsoPvKICJJvnS47fP3-z0Tl6WDDrEo5cRYvEkov4TpYPVE0BmAbLnA5atxJ1L7iOWGCym0iJy69EP_PchEWqse3Fw7tfI5OY1i1aVPAqXdgYeKGUMQlScqyT8lolSmg0upp57EyEDbctF6FrMV2Q1fC27OkhAmVnc_B6GFBIYAAi8aHdVkDJIZuR7sVU8uFznRWlH1k0qYDVe5aGgnu4tW0fLhpwQy3zq0pl_-pU1D4eVL5Nrya6Fyd3XKqt9Uh_FCEoOICaXY83_EYxMxATqrmTOktT1Gmxy_47k0bY2rMx47day9bFc3Bt7rgMPMlee_46DgaTTEfx1v_AF3RCeHUiuvxmI273o_oAbJ40LuKkW8QaN8ZuSx9UNXOCNkSFbJGS7gJb7sXqHbA3FgAOduorzAAT_2quxV5FJFo63bHXB13evX1tSAq6oo1cSm5usVwvu0VbjzD3q8pw9mIRYA0_H8htWpuuBk0qSx4CosZHVca5hslwzj3nuS22HYrXArAz3_pJDPWkn0Ag4qEK2t8DYTme4w1UHaIWLs0XhiJJdZlp64CpIhEVKsCFTTJR-reaRrLu36Yc0VhgcN61KrbHR1C_v82CjQpjSJCzXeGigHb3J5s3j_pRfkHIo4WVUsL2TqlN_FmdGvSFo6L2rIsPezHliJ0sUEAGmKtH20W4djV6RoXLK3B5Jekc7Lz2r9qeYuqjSJPYbDCI3D5-cIjWEO2KW6EDQQpnCAD9ASVk2Zzgd2WIVjP30Ox6c_Whx2e0GKw17yQOQh0NfE6BroBtnjqDKLP_rY2hLvQqP6ErnNFA_mn7LdGdXBmjsdB9zEaAAz5W40VIHsaVSnfppRlVXQkBXcQWw0XWNU2Gq_SZuI9Vfjp3YpgSgCXKzQXy22V4hmjKEdDgyjB1BJK0N5lvj4VFmhKAvV8rP9FSf4T7ep_bE1a60rXVowMN-K7gAyM4bXiOhQDlRsoUiiKo3iMozJ567nsW8k8Nn3ic5Xigc1T1zuuRpasN_UVmV_HoXXkoApVHjt0byXzUgj5V5Kb6EUbrZfwhynMd2y3gpShVVGY73vqTHJcFM77KKEyrTIr63a0xzR_1OEvEOJcRfk2GUm2n2Q0bgHXjmRsDmtbSQdGqOQ3huCTFAj1utyxPBFfk9U07zrMtSLQVl0ohkDHkTAp3HigrBRF6CZ72_jI90pz3hZtCjfO125jgVKG9dnxkgHmmJ384r_t-Hs9gu_pDTYUVl2HvHeeJaJnkEtIZ4SxG2bQtiC7zEo3eB9lR22yAy-rDWGnCQ4P825ANZL5ptd_RaHyU67zH_yjD8ZzkGeDAVX1tHpzAqdwlO6UxMyvJS1Z_1yfKFProzyzpBm9EnIPK0KZ7NvkDElfkXjnzB89XplyyR1E-SDr3Ls82Tg66k7LiUHjjhlaosd5_j_a9hfAUD79GjRBr9Xi_N0I7oGZsQKwbQ_NvFemPQgUvzB4GM4XphucNJK7VidzlM7d1nCQp9E0k7tFHc_qJtIcF5NbrFmsaWdsE4EYR0ILcBKoW_M0F_qZnu2rkrQPSyFAHKDg4b2yCNGLEr8jzSt6-Zuyt93zNZy_lFD9R86amdwluSQV2T5Sh_U6gzRHlLTbf1lFfeQse8ZE220j5DVPPmGi2Nox5bNNrxgdSuA7OZzvWFRfl_W1guZJL8G6kNqLHZ2GGESZVPxUaiHGi0yZ5QQ_NlmGTK48p5hnl-kgwuMXGleT5QJx2vZYt-9JkTzjJ_tV00Ym6LLaoeAweS_oCiCKAHJ9G12k59TtnwAFlafN3nglVUg9su7R616EtPv4mSuC-EQV4zVTs8MgjHIg4NaTGXSpLALYDWlZQcRbyfCKzW3n3g3Adf-SaACCSN1jYTSVtIyy_UTjQWIuf3Voe6jVumCRJV9Mz3ca4DJ0pJdzstzaQloShzb4LkxxxV3fVH3ZDmCMEJ1e5U24QzdsydSQe1J9JlkYdmMdLIER3PoxcK_Hj82vqR28NhpXslL6SJ5wO314xYOhMKxKKPlsHfcn-fsi5dPlFIV55kcLDoN4v18Fb_SNCAP4UR-EcmclJHaVkdeB7uTMYQOwmIjcYqfzMCW1g5jfB6SpNQlBNJXiW9OkRIoNwQca06BDcLhNZHs6PRucGEatASRyzgjYmNjCu50jwecY2Ip1ALOX0kW0AIQmn17YosEKhFXo_1zRfl420lyEeDKyt4TxMh0TkoOqb4etJMIj43JfBQ5ZkP6ZYTUe9pr98H1XR5eOjRbNbeQ8ST-cqASTtq7ndJSiou7l5LsoZJ3NWQV7dGYpicdpYtb7brr95xXD40XjddcC5XWPS08BnmkjgPDMAx44Rpfhu4cw9SSdBEM7qCFOB4-PPRLT27UjdXmOY5PiCYkrxth8QSk5p3HS-YkBy4pycJpKEAjnDFIBW0b-LU-jbAuZ1hFJnEFjI9REdoGMJl_VVllrzQQ0SPHoQSgotlQBy8NTCBOpV1x8LBXUqeO85GcKZGBY5jWVuxAap9ibmUne57U1N3Q8YPzVCjGiXxb9BPlEGeN3jfz7u4tnMlZjVeJKg2nFVj1M6IYcatZjVc9Ov4tEaVfgPZmsRcuUhoXJ5q6GM0LJg84FDcNeUF2Q3wqJPUXINsmVjxvIaDEK2cMArs7sEoaQ4bPNb3EOQ2--FzQkuLDub7eVAbBjEboIR2CAAzRStpFbLVdBk-Ow6QiRvhi8rh9rbKv9ao59RyvsG8JbP6NzJCslxD-BkjdI7JgaVLa_Fc6JNu6zxGvA3fErfcE3gNCy13zaSh-S0HrRMfgzWGQxJiaFyKCyo8W-Vo-XhjWe7LU&cid=CAASEuRoLscGESbuqO86CB3lKjqjSw&rfl=1%2Chttps%253A%252F%252Fwww.baltimoresun.com%252F%240
Requested by
Host: t.co
URL: https://t.co/sWUTVYxdMM
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80b::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9ac9b9a46ed52b07dcdddc49724dd34370866e8b5c7a3255117ce307ddd41916
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:20 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8807
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame E013 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BedlXtj32HD0ieOiFb-i7n3kYvik879nCTfV-lWl7u08iPvl6sTcHM-SvyR9A3fnhItV9-H5r7EFDruympvjEsWvZkcMTpFRClleLfDTdI2e5pvkw
Requested by
Host: 76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com
URL: https://76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:20 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
dvbs_src.js
cdn.doubleverify.com/ Frame E013 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.doubleverify.com/dvbs_src.js?ctx=971108&cmp=25144017&plc=313555254&sid=6479994&aufilter1=1024534&prr=1&ppid=103&autt=1&auevent=ABAjH0ikIFyiaidPa2IVNOXlxzFK&c1=1024534&auorder=22860534&aucmp=56528410&aucrtv=377881813&auxch=1&pltfrm=1&ausite=7724079434&turl=https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&aubndl=&dvregion=0&unit=300x250
Requested by
Host: 76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com
URL: https://76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:d:598::4469 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
c1e12130de1af0a08256debddf188cd3a6d0de24ae929bcaa2bb6be433fa6c99

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 30 Dec 2021 13:58:20 GMT
Content-Encoding
gzip
Last-Modified
Wed, 08 Dec 2021 09:35:31 GMT
Server
Microsoft-IIS/10.0
ETag
"8f6388f116ecd71:0"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=86400
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
1163
dvtp_src.js
cdn.doubleverify.com/ Frame E013 		8 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.doubleverify.com/dvtp_src.js
Requested by
Host: 76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com
URL: https://76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:d:598::4469 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
da9aed600982c4847517d696f18e6c08884c6af8af578bba260590373fc63799

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 30 Dec 2021 13:58:20 GMT
Content-Encoding
gzip
Last-Modified
Tue, 28 Dec 2021 09:42:49 GMT
Server
Microsoft-IIS/10.0
ETag
"80327b46cffbd71:0"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=900
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
3291
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame E013 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js
Requested by
Host: 76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com
URL: https://76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:809::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:54:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
235
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1332
x-xss-protection
0
server
cafe
etag
3351516697335751560
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 13 Jan 2022 13:54:25 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame E013 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: 76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com
URL: https://76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:809::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:55:48 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
152
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6464
x-xss-protection
0
server
cafe
etag
15715955993838318253
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 13 Jan 2022 13:55:48 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame E013 		119 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: 76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com
URL: https://76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:816::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37305
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1638461285297402"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Thu, 30 Dec 2021 13:58:20 GMT
webworker.js
www.google.com/recaptcha/api2/ Frame C82C 		102 B
134 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=VZKEDW9wslPbEc9RmzMqaOAP
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Le9ZMIUAAAAAI5fS3P2dp4pUibhIqYeRd01EJ_Q&co=aHR0cHM6Ly93d3cuYmFsdGltb3Jlc3VuLmNvbTo0NDM.&hl=en&v=VZKEDW9wslPbEc9RmzMqaOAP&size=invisible&cb=kflfkc3f1ggu
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:807::2004 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
6bfc7f035838df33c0b927be3bc8d8a59d6f055658945c9a17eee1c0d09fb972
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Le9ZMIUAAAAAI5fS3P2dp4pUibhIqYeRd01EJ_Q&co=aHR0cHM6Ly93d3cuYmFsdGltb3Jlc3VuLmNvbTo0NDM.&hl=en&v=VZKEDW9wslPbEc9RmzMqaOAP&size=invisible&cb=kflfkc3f1ggu
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
GSE
cross-origin-embedder-policy
require-corp
x-frame-options
SAMEORIGIN
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=300
content-security-policy
frame-ancestors 'self'
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
112
x-xss-protection
1; mode=block
expires
Thu, 30 Dec 2021 13:58:20 GMT
amp4ads-v0.mjs
cdn.ampproject.org/rtv/012111011823000/ Frame D3FA 		189 KB
55 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012111011823000/amp4ads-v0.mjs
Requested by
Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gptprebidnative/202112021159/wrap.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81c::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
98ba8f881333898d751dabe4f8b4cacc4489a9f5b6b4fd1fc67c571dbfec95cf
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
155294
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
55592
x-xss-protection
0
server
sffe
date
Tue, 28 Dec 2021 18:50:06 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"11dee2040f5fc1d7"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Wed, 28 Dec 2022 18:50:06 GMT
amp-ad-exit-0.1.mjs
cdn.ampproject.org/rtv/012111011823000/v0/ Frame D3FA 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012111011823000/v0/amp-ad-exit-0.1.mjs
Requested by
Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gptprebidnative/202112021159/wrap.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81c::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
65f6185cfe1cf88fa7981160dd6fa443e111887215b72953718ea70f8e2ba9f2
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
155294
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4992
x-xss-protection
0
server
sffe
date
Tue, 28 Dec 2021 18:50:06 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"858600ba27ef7413"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Wed, 28 Dec 2022 18:50:06 GMT
amp-analytics-0.1.mjs
cdn.ampproject.org/rtv/012111011823000/v0/ Frame D3FA 		89 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012111011823000/v0/amp-analytics-0.1.mjs
Requested by
Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gptprebidnative/202112021159/wrap.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81c::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9e97fc43ecd2f16948c3a8d2de65e0e5483db4ed5ab174058c178ca1c8665d0b
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
155294
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
28555
x-xss-protection
0
server
sffe
date
Tue, 28 Dec 2021 18:50:06 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"a64e482645fd262b"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Wed, 28 Dec 2022 18:50:06 GMT
amp-fit-text-0.1.mjs
cdn.ampproject.org/rtv/012111011823000/v0/ Frame D3FA 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012111011823000/v0/amp-fit-text-0.1.mjs
Requested by
Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gptprebidnative/202112021159/wrap.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81c::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3d76ab4ac854cafef51bbbb5177ea75816df90e3c775294991a016404f2b6bb5
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
155294
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1731
x-xss-protection
0
server
sffe
date
Tue, 28 Dec 2021 18:50:06 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"cb4f0e89d7d37d9b"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Wed, 28 Dec 2022 18:50:06 GMT
amp-form-0.1.mjs
cdn.ampproject.org/rtv/012111011823000/v0/ Frame D3FA 		40 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012111011823000/v0/amp-form-0.1.mjs
Requested by
Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gptprebidnative/202112021159/wrap.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81c::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9a630b852e94f20cb8140704fd830bf40bfea0a2effaa67d06a0eadafbf3d508
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
155294
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12826
x-xss-protection
0
server
sffe
date
Tue, 28 Dec 2021 18:50:06 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"f02165e023e70703"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Wed, 28 Dec 2022 18:50:06 GMT
css
fonts.googleapis.com/ Frame D3FA 		3 KB
579 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Requested by
Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gptprebidnative/202112021159/wrap.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81d::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
32b5c88160bab78ae20a39de4a8abe015f4f4c5d48be8300a6686d32a570ccfb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Thu, 30 Dec 2021 13:01:00 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Thu, 30 Dec 2021 13:58:20 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 30 Dec 2021 13:58:20 GMT
en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame D3FA 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/en.png
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:809::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 29 Dec 2021 17:24:31 GMT
x-content-type-options
nosniff
server
cafe
age
74029
etag
14819457070020093239
vary
Accept-Encoding
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
content-type
image/png
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2502
x-xss-protection
0
expires
Thu, 30 Dec 2021 17:24:31 GMT
icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame D3FA 		295 B
319 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:809::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 30 Dec 2021 00:17:40 GMT
x-content-type-options
nosniff
server
cafe
age
49240
etag
426692510519060060
vary
Accept-Encoding
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
content-type
image/png
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
295
x-xss-protection
0
expires
Fri, 31 Dec 2021 00:17:40 GMT
l
www.google.com/ads/measurement/ Frame D3FA 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaTp2FVxqH2VtDgmX3HPWph3RLbl7Ve9yiMafsyng64GlVestonUceklnlrEsrJSrga20kqfXZ8ub7g221rHHKDDnwL-4w
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:807::2004 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers
adview
securepubads.g.doubleclick.net/pagead/ Frame D3FA 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securepubads.g.doubleclick.net/pagead/adview?ai=CH68T-7rNYYWXJIuChwf-2YKQAsXt1rhn64vTsrYPhomW35UPEAEgtM6VCGDJ3pWM0KTcEaABjKGfzwHIAQngAgCoAwHIAwqqBO8CT9Ac3k0t63cNsCmohkXqzN0z8etrqylk35cvxvsOXsA0hpt6f6kdzTdVkMo2kySrp-9lWw2e37FxKQrqgcKjzioFtzYZjddr22a29rWRSzHj5u_ZkHv6TqrgyhRz9_HWdleooub4EwGJvy-ulGcFFDSVTQBFiL5HhwnsUfDDjOqo5QDGKEVcNipEpzRT237X36IxyBNU-cQX9AYURBW5-8QvnUCoRPPDlXPwJMN5SCTWHI6nxJ1m76PUwRepl-0NHXPjnFyuP03KzhpcsoSo8z36fNS3oztDn2RKnIgUdAMg7p0PIJ2BHyxMxysmXsmhYjDOhIzQXzSDhcJqxKwxnVbBPONM5ZPKuK39LBLr95U4c9xeUoIPpKTcRJWwZ1rIgtcqHINn2WMNcElIwcQ_V6qL9wiC3poLnA9x0pw2hdI1c52-msNbWTFoYcCiukwTDud46zBqfVx5kmpagrzsITpmOTMgXbiL991QrFqd8MAE9ciEw9ED4AQBkgUECAQYAZIFBAgFGASgBi6AB9ze4LACqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhvYBwDyBwQQh8oe0ggHCIBhEAEYH4AKA8gLAbgTiCfYEwzQFQGYFgGAFwGyFx4KHAgAEhRwdWItNTE5MDkzNTY1MzM3MzczORjAhhA&sigh=mTIMRWzjD7s&uach_m=[UACH]&template_id=5000&uap=UACH(platform)&uapv=UACH(platformVersion)&uaa=UACH(architecture)&uam=UACH(model)&uafv=UACH(uaFullVersion)&uab=UACH(bitness)
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.72.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s32-in-f2.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers
m=xUdipf,blwjVc,fKUV3e,aurFic,ws9Tlc,COQbmf,U0aPgd,zG9H6c,NwH0H,OmgaI,gychg,lfpdyf,ZfAoz,PQaYAf,lPKSwe,yDVVkb,KG2eXe,DfBslb
www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.en_US.b7T37FN4NJs.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.8H2m-GzCKsQ.L... Frame 122E 		102 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.en_US.b7T37FN4NJs.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.8H2m-GzCKsQ.L.B1.O/am=AgAI/d=1/exm=LEikZe,_b,_tp,byfTOb,lsjVmc/excm=_b,_tp,serviceiframeview/esmo=1/ed=1/wt=2/rs=ABXTjI4wtYYm0rpI1qK_odJC3edrEZbnyA/ee=cEt90b:ws9Tlc;uY49fb:COQbmf;Oj465e:KG2eXe;yxTchf:KUM7Z;qddgKe:xQtZb;wR5FRb:O1Gjze;iFQyKf:vfuNJf;dIoSBb:SpsfSb;NPKaK:SdcwHb;LBgRLc:SdcwHb;zxnPse:GkRiKb;NSEoX:lazG7b;nAFL3:NTMZac;oGtAuc:sOXFj;eBAeSb:zbML3c;io8t5d:yDVVkb;j7137d:KG2eXe;ul9GGd:JrBFQb;sP4Vbe:VwDzFe;kMFpHd:blwjVc;pXdRYb:MdUzUe;SNUn3:ZwDk9d/m=xUdipf,blwjVc,fKUV3e,aurFic,ws9Tlc,COQbmf,U0aPgd,zG9H6c,NwH0H,OmgaI,gychg,lfpdyf,ZfAoz,PQaYAf,lPKSwe,yDVVkb,KG2eXe,DfBslb
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.en_US.b7T37FN4NJs.es5.O/am=AgAI/d=1/excm=_b,_tp,serviceiframeview/ed=1/dg=0/wt=2/esmo=1/rs=ABXTjI4rHbVn0l3HM6LNXxMt1G9MeF6B_w/m=_b,_tp
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:822::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
dd82a1a4eb7513b138a5242afa90ae5a42050e326c3d485742511d1a26411e3d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://news.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 19:04:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
586422
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/subscribewithgoogle-boq-js-css-signers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35605
x-xss-protection
0
last-modified
Wed, 15 Dec 2021 23:17:51 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"boq-infra/subscribewithgoogle-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/subscribewithgoogle-boq-js-css-signers"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="boq-infra/subscribewithgoogle-boq-js-css-signers"
expires
Fri, 23 Dec 2022 19:04:38 GMT
usermatchredir
ssum-sec.casalemedia.com/ Frame F6B4
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=Yc26-8PaJt5j23F1hnB8aQAAAZoAAAAB&gdpr_consent=&us_privacy=&gdpr=
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&google_gid=CAESEJxQV7hI1iBbVIijPff9ipw&google_cver=1
43 B
315 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&google_gid=CAESEJxQV7hI1iBbVIijPff9ipw&google_cver=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
Protocol
HTTP/1.1
Server
23.52.162.21 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-52-162-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 30 Dec 2021 13:58:20 GMT
Server
Apache
Vary
Is-Traffic-Usersync
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Length
43
Expires
Thu, 30 Dec 2021 13:58:20 GMT

Redirect headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:20 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&google_gid=CAESEJxQV7hI1iBbVIijPff9ipw&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
342
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame F6B4
Redirect Chain
  • https://match.adsrvr.org/track/cmf/casale
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=e0abe75f-a4ea-4fff-b6a5-5da8b250c6e4&expiration=1643464700&gdpr=0&gdpr_consent=
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=e0abe75f-a4ea-4fff-b6a5-5da8b250c6e4&expiration=1643464700&gdpr=0&gdpr_consent=
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
Protocol
HTTP/1.1
Server
23.52.162.21 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-52-162-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 30 Dec 2021 13:58:20 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 30 Dec 2021 13:58:20 GMT

Redirect headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:20 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=e0abe75f-a4ea-4fff-b6a5-5da8b250c6e4&expiration=1643464700&gdpr=0&gdpr_consent=
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
323
dcm
s.amazon-adsystem.com/ Frame F6B4 		43 B
932 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=Yc26-8PaJt5j23F1hnB8aQAAAZoAAAAB
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
209.54.180.144 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 30 Dec 2021 13:58:20 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
ZJH7NQSDHXF7W2AW4RXM
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT
crum
dsum-sec.casalemedia.com/ Frame F6B4
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=Yc26.8PaJt5j23F1hnB8aQAA
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEMWc9KIl89nheglcBUToqGw&google_cver=1&google_hm=2
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEMWc9KIl89nheglcBUToqGw&google_cver=1&google_hm=2
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
Protocol
HTTP/1.1
Server
23.52.162.21 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-52-162-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 30 Dec 2021 13:58:20 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 30 Dec 2021 13:58:20 GMT

Redirect headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:20 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEMWc9KIl89nheglcBUToqGw&google_cver=1&google_hm=2
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
330
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ix
ad4m.at/ad/sim/ Frame F6B4 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ad4m.at/ad/sim/ix
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3039::6815:c0a7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers
tpid=Yc26.8PaJt5j23F1hnB8aQAA%26410
bcp.crwdcntrl.net/map/c=6725/tp=INDX/ Frame F6B4 		49 B
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bcp.crwdcntrl.net/map/c=6725/tp=INDX/tpid=Yc26.8PaJt5j23F1hnB8aQAA%26410?gdpr_consent=&us_privacy=&gdpr=
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.73.153.177 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-73-153-177.compute-1.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:20 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
*
cache-control
no-cache
x-server
10.40.11.93
content-type
image/gif
content-length
49
expires
0
crum
dsum-sec.casalemedia.com/ Frame F6B4
Redirect Chain
  • https://nep.advangelists.com/xp/user-sync?acctid=405&redirect=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D195%26external_user_id%3D%7BPARTNER_VISITOR_ID%7D%0A
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=195&external_user_id=av-ceed50e2-8809-4021-87e0-b392520bb386
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=195&external_user_id=av-ceed50e2-8809-4021-87e0-b392520bb386
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
Protocol
HTTP/1.1
Server
23.52.162.21 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-52-162-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 30 Dec 2021 13:58:20 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 30 Dec 2021 13:58:20 GMT

Redirect headers

location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=195&external_user_id=av-ceed50e2-8809-4021-87e0-b392520bb386
date
Thu, 30 Dec 2021 13:58:20 GMT
server
Apache-Coyote/1.1
content-length
0
crum
dsum-sec.casalemedia.com/ Frame F6B4
Redirect Chain
  • https://c1.adform.net/serving/cookie/match?party=29
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=111&external_user_id=3938217731362747973&expiration=1642082300
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=111&external_user_id=3938217731362747973&expiration=1642082300
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
Protocol
HTTP/1.1
Server
23.52.162.21 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-52-162-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 30 Dec 2021 13:58:20 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 30 Dec 2021 13:58:20 GMT

Redirect headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:20 GMT
server
nginx
location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=111&external_user_id=3938217731362747973&expiration=1642082300
access-control-max-age
86400
access-control-allow-methods
GET
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
ecm3
s.amazon-adsystem.com/ Frame F6B4 		43 B
556 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/ecm3?ex=index.com&id=Yc26-8PaJt5j23F1hnB8aQAAAZoAAAAB
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
209.54.180.144 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 30 Dec 2021 13:58:20 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
Q5DGK8R25RYQD8SM0WS1
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT
envelope
api.rlcdn.com/api/identity/ 		0
16 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.rlcdn.com/api/identity/envelope?pid=1436
Requested by
Host: tribune-baltimoresunclassic.zeustechnology.com
URL: https://tribune-baltimoresunclassic.zeustechnology.com/main.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.120.155.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
137.155.120.34.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:20 GMT
via
1.1 google
access-control-allow-headers
Accept, Authorization, Content-Type, Cookie, Origin, X-Requested-With
access-control-allow-methods
GET, OPTIONS
access-control-allow-origin
https://www.baltimoresun.com
cache-control
no-cache, no-store
access-control-allow-credentials
true
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
player.css
cds.connatix.com/p/143023/ 		54 KB
8 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cds.connatix.com/p/143023/player.css
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.66.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
ed6cc3e4d411248d84eed9acc1d13ad3fd98396734464cf07173588aeb9d02aa

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:20 GMT
content-encoding
br
last-modified
Fri, 17 Dec 2021 11:40:49 GMT
age
1131394
etag
"2e0a3bf94576cf171c12f9ef0e6f5c54"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
access-control-max-age
86400
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
content-length
8439
pls
capi.connatix.com/core/ Frame E1DD 		32 KB
19 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi.connatix.com/core/pls?v=143023
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.220.25.210 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-220-25-210.us-east-2.compute.amazonaws.com
Software
Kestrel /
Resource Hash
c243b4c153a3db6060d61ae945884ed63e6ef59271933a87ae5bd88e41c0cb17

Request headers

Referer
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Thu, 30 Dec 2021 13:58:19 GMT
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://www.baltimoresun.com
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
18628
ecm3
s.amazon-adsystem.com/ Frame 8E45
Redirect Chain
  • https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=a9us&khaos=KXT18KCV-1V-9YVP
  • https://s.amazon-adsystem.com/ecm3?id=KXT18KCV-1V-9YVP&ex=d-rubiconproject.com&status=ok
43 B
556 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/ecm3?id=KXT18KCV-1V-9YVP&ex=d-rubiconproject.com&status=ok
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east
Protocol
HTTP/1.1
Server
209.54.180.144 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 30 Dec 2021 13:58:20 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
QVZ5ZZCYYSFJZP0D66SM
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location
https://s.amazon-adsystem.com/ecm3?id=KXT18KCV-1V-9YVP&ex=d-rubiconproject.com&status=ok
Cache-Control
no-cache,no-store,must-revalidate
Content-Type
text/html
content-length
0
X-RPHost
a414d61fde5a538d1bc5c621aec59518
Expires
0
downsize_200k_v1
tpc.googlesyndication.com/simgad/18439517493918600283/ Frame D3FA 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/18439517493918600283/downsize_200k_v1?w=600&h=314
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:809::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
fa471ef31eb5a07b2123b1a5a52e7fa3bc085899b114359ef67a186fb5bad68f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Mon, 27 Dec 2021 10:13:18 GMT
x-content-type-options
nosniff
age
272702
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9612
x-xss-protection
0
last-modified
Mon, 13 Sep 2021 15:17:24 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Tue, 27 Dec 2022 10:13:18 GMT
truncated
/ Frame D3FA 		209 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ Frame D3FA 		213 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3ae781aee82693708ba912c85db817870a659f444bee9cfd590d9e71f06f8d8b

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type
image/png
4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
fonts.gstatic.com/s/googlesans/v36/ Frame D3FA 		21 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/googlesans/v36/4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:823::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1abc5469f1235e85489ca1062a07fe18c7f449e3ba039d3de0da07fbb3c5892d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.baltimoresun.com
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Sat, 25 Dec 2021 17:46:18 GMT
x-content-type-options
nosniff
age
418322
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
21660
x-xss-protection
0
last-modified
Wed, 01 Sep 2021 18:07:18 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Sun, 25 Dec 2022 17:46:18 GMT
4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
fonts.gstatic.com/s/googlesans/v36/ Frame D3FA 		21 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/googlesans/v36/4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:823::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c55eebd9845964c111ecdbe7e583ed00ff47536f13c46a7e9c70430cc7ea091f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.baltimoresun.com
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 15:24:28 GMT
x-content-type-options
nosniff
age
599632
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
21424
x-xss-protection
0
last-modified
Wed, 01 Sep 2021 18:08:24 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Fri, 23 Dec 2022 15:24:28 GMT
SPug
simage4.pubmatic.com/AdServer/ Frame 4E62 		0
261 B 		Script
General
Check archive.org
Download Go to
Full URL
https://simage4.pubmatic.com/AdServer/SPug?partnerID=159890&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=159890&s=&predirect=&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
8.28.7.84 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:54:28 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame E013 		41 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Cccqjt5ev8K7hz-lkecX16j2AXWXAK7WPuhTGkC612kl-tQTDXY4FpwMIcZZdgNwoGi8CKSHmjr_JzxlzQO-I4sw0ZXZBVtOl8PrRh_y_AV6NpqWFpAP4EPSuuU3I7RpR3WNp6VbqUsYS26ZJQo7OHWv--hQ&dbm_d=AKAmf-DtMsHi0iRtg9sWBSosrQd4VzMRFVtO2atnqhiVJlXzVfgv3CCRYXW6DB54mwwsoPvKICJJvnS47fP3-z0Tl6WDDrEo5cRYvEkov4TpYPVE0BmAbLnA5atxJ1L7iOWGCym0iJy69EP_PchEWqse3Fw7tfI5OY1i1aVPAqXdgYeKGUMQlScqyT8lolSmg0upp57EyEDbctF6FrMV2Q1fC27OkhAmVnc_B6GFBIYAAi8aHdVkDJIZuR7sVU8uFznRWlH1k0qYDVe5aGgnu4tW0fLhpwQy3zq0pl_-pU1D4eVL5Nrya6Fyd3XKqt9Uh_FCEoOICaXY83_EYxMxATqrmTOktT1Gmxy_47k0bY2rMx47day9bFc3Bt7rgMPMlee_46DgaTTEfx1v_AF3RCeHUiuvxmI273o_oAbJ40LuKkW8QaN8ZuSx9UNXOCNkSFbJGS7gJb7sXqHbA3FgAOduorzAAT_2quxV5FJFo63bHXB13evX1tSAq6oo1cSm5usVwvu0VbjzD3q8pw9mIRYA0_H8htWpuuBk0qSx4CosZHVca5hslwzj3nuS22HYrXArAz3_pJDPWkn0Ag4qEK2t8DYTme4w1UHaIWLs0XhiJJdZlp64CpIhEVKsCFTTJR-reaRrLu36Yc0VhgcN61KrbHR1C_v82CjQpjSJCzXeGigHb3J5s3j_pRfkHIo4WVUsL2TqlN_FmdGvSFo6L2rIsPezHliJ0sUEAGmKtH20W4djV6RoXLK3B5Jekc7Lz2r9qeYuqjSJPYbDCI3D5-cIjWEO2KW6EDQQpnCAD9ASVk2Zzgd2WIVjP30Ox6c_Whx2e0GKw17yQOQh0NfE6BroBtnjqDKLP_rY2hLvQqP6ErnNFA_mn7LdGdXBmjsdB9zEaAAz5W40VIHsaVSnfppRlVXQkBXcQWw0XWNU2Gq_SZuI9Vfjp3YpgSgCXKzQXy22V4hmjKEdDgyjB1BJK0N5lvj4VFmhKAvV8rP9FSf4T7ep_bE1a60rXVowMN-K7gAyM4bXiOhQDlRsoUiiKo3iMozJ567nsW8k8Nn3ic5Xigc1T1zuuRpasN_UVmV_HoXXkoApVHjt0byXzUgj5V5Kb6EUbrZfwhynMd2y3gpShVVGY73vqTHJcFM77KKEyrTIr63a0xzR_1OEvEOJcRfk2GUm2n2Q0bgHXjmRsDmtbSQdGqOQ3huCTFAj1utyxPBFfk9U07zrMtSLQVl0ohkDHkTAp3HigrBRF6CZ72_jI90pz3hZtCjfO125jgVKG9dnxkgHmmJ384r_t-Hs9gu_pDTYUVl2HvHeeJaJnkEtIZ4SxG2bQtiC7zEo3eB9lR22yAy-rDWGnCQ4P825ANZL5ptd_RaHyU67zH_yjD8ZzkGeDAVX1tHpzAqdwlO6UxMyvJS1Z_1yfKFProzyzpBm9EnIPK0KZ7NvkDElfkXjnzB89XplyyR1E-SDr3Ls82Tg66k7LiUHjjhlaosd5_j_a9hfAUD79GjRBr9Xi_N0I7oGZsQKwbQ_NvFemPQgUvzB4GM4XphucNJK7VidzlM7d1nCQp9E0k7tFHc_qJtIcF5NbrFmsaWdsE4EYR0ILcBKoW_M0F_qZnu2rkrQPSyFAHKDg4b2yCNGLEr8jzSt6-Zuyt93zNZy_lFD9R86amdwluSQV2T5Sh_U6gzRHlLTbf1lFfeQse8ZE220j5DVPPmGi2Nox5bNNrxgdSuA7OZzvWFRfl_W1guZJL8G6kNqLHZ2GGESZVPxUaiHGi0yZ5QQ_NlmGTK48p5hnl-kgwuMXGleT5QJx2vZYt-9JkTzjJ_tV00Ym6LLaoeAweS_oCiCKAHJ9G12k59TtnwAFlafN3nglVUg9su7R616EtPv4mSuC-EQV4zVTs8MgjHIg4NaTGXSpLALYDWlZQcRbyfCKzW3n3g3Adf-SaACCSN1jYTSVtIyy_UTjQWIuf3Voe6jVumCRJV9Mz3ca4DJ0pJdzstzaQloShzb4LkxxxV3fVH3ZDmCMEJ1e5U24QzdsydSQe1J9JlkYdmMdLIER3PoxcK_Hj82vqR28NhpXslL6SJ5wO314xYOhMKxKKPlsHfcn-fsi5dPlFIV55kcLDoN4v18Fb_SNCAP4UR-EcmclJHaVkdeB7uTMYQOwmIjcYqfzMCW1g5jfB6SpNQlBNJXiW9OkRIoNwQca06BDcLhNZHs6PRucGEatASRyzgjYmNjCu50jwecY2Ip1ALOX0kW0AIQmn17YosEKhFXo_1zRfl420lyEeDKyt4TxMh0TkoOqb4etJMIj43JfBQ5ZkP6ZYTUe9pr98H1XR5eOjRbNbeQ8ST-cqASTtq7ndJSiou7l5LsoZJ3NWQV7dGYpicdpYtb7brr95xXD40XjddcC5XWPS08BnmkjgPDMAx44Rpfhu4cw9SSdBEM7qCFOB4-PPRLT27UjdXmOY5PiCYkrxth8QSk5p3HS-YkBy4pycJpKEAjnDFIBW0b-LU-jbAuZ1hFJnEFjI9REdoGMJl_VVllrzQQ0SPHoQSgotlQBy8NTCBOpV1x8LBXUqeO85GcKZGBY5jWVuxAap9ibmUne57U1N3Q8YPzVCjGiXxb9BPlEGeN3jfz7u4tnMlZjVeJKg2nFVj1M6IYcatZjVc9Ov4tEaVfgPZmsRcuUhoXJ5q6GM0LJg84FDcNeUF2Q3wqJPUXINsmVjxvIaDEK2cMArs7sEoaQ4bPNb3EOQ2--FzQkuLDub7eVAbBjEboIR2CAAzRStpFbLVdBk-Ow6QiRvhi8rh9rbKv9ao59RyvsG8JbP6NzJCslxD-BkjdI7JgaVLa_Fc6JNu6zxGvA3fErfcE3gNCy13zaSh-S0HrRMfgzWGQxJiaFyKCyo8W-Vo-XhjWe7LU&cid=CAASEuRoLscGESbuqO86CB3lKjqjSw&rfl=1%2Chttps%253A%252F%252Fwww.baltimoresun.com%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:809::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 28 Dec 2021 00:12:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
222354
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15207
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 28 Dec 2022 00:12:26 GMT
exitapi-impl.js
tpc.googlesyndication.com/pagead/gadgets/html5/api/ Frame 90A6 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/gadgets/html5/api/exitapi-impl.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4341884288908283729/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:809::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 05:04:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
32037
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3271
x-xss-protection
0
server
cafe
etag
7483759447172721109
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=86400
timing-allow-origin
*
expires
Fri, 31 Dec 2021 05:04:23 GMT
addata.js
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 90A6 		26 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4341884288908283729/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:809::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 29 Dec 2021 22:27:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
55874
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10382
x-xss-protection
0
server
cafe
etag
12806417668659483808
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=86400
timing-allow-origin
*
expires
Thu, 30 Dec 2021 22:27:06 GMT
7ec167ba56dfdbb98b54f2786aeb643f.js
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4341884288908283729/ Frame 90A6 		77 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4341884288908283729/7ec167ba56dfdbb98b54f2786aeb643f.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4341884288908283729/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:809::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4008ed468f1d73e6ed0c70cf6f19ba403434229d5c326e90f83709f776d3ba69
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding
gzip
x-content-type-options
nosniff
age
265874
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
19724
x-xss-protection
0
last-modified
Wed, 10 Nov 2021 14:07:31 GMT
server
sffe
date
Mon, 27 Dec 2021 12:07:06 GMT
vary
Accept-Encoding
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Tue, 27 Dec 2022 12:07:06 GMT
pixel
cm.g.doubleclick.net/ Frame 8E45
Redirect Chain
  • https://token.rubiconproject.com/token?pid=2249&pt=n
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=MTliOTAzOTJmYTk4MjA5N2Y1ZTRiY2UwZjU3NWMzNDM4YzNhMDQ3OQ
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=MTliOTAzOTJmYTk4MjA5N2Y1ZTRiY2UwZjU3NWMzNDM4YzNhMDQ3OQ
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east
Protocol
H3
Server
142.250.65.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s71-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:20 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=MTliOTAzOTJmYTk4MjA5N2Y1ZTRiY2UwZjU3NWMzNDM4YzNhMDQ3OQ
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
ace9692b4e77bdf741ff63add80edaca
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
pixel
cm.g.doubleclick.net/ Frame 8E45
Redirect Chain
  • https://token.rubiconproject.com/token?pid=25470
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1hUMThLQ1YtMVYtOVlWUA==
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1hUMThLQ1YtMVYtOVlWUA==
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east
Protocol
H3
Server
142.250.65.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s71-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:20 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1hUMThLQ1YtMVYtOVlWUA==
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
2dd9fa24169fa04536d533da131679f8
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
tap.php
pixel.rubiconproject.com/ Frame 8E45
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D
  • https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=Yc26_gABy-th-QAF
42 B
703 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=Yc26_gABy-th-QAF
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east
Protocol
HTTP/1.1
Server
8.43.72.97 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length
42
X-RPHost
a414d61fde5a538d1bc5c621aec59518
Content-Type
image/gif

Redirect headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:20 GMT
via
1.1 varnish
server
Varnish
x-timer
S1640872701.616573,VS0,VE0
x-served-by
cache-dca17777-DCA
x-cache
HIT
location
https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=Yc26_gABy-th-QAF
cache-control
no-cache
accept-ranges
bytes
content-length
0
retry-after
0
x-cache-hits
0
v1
ads.yahoo.com/cms/ Frame 8E45
Redirect Chain
  • https://token.rubiconproject.com/token?pid=26594
  • https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=KXT18KCV-1V-9YVP&sigv=1&esig=2~f9941affe2d1a53d6cec67e38ab6e43bc8fd4522
0
446 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=KXT18KCV-1V-9YVP&sigv=1&esig=2~f9941affe2d1a53d6cec67e38ab6e43bc8fd4522
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east
Protocol
H2
Server
2001:4998:14:800::1001 Ashburn, United States, ASN14777 (YAHOO, US),
Reverse DNS
Software
ATS /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:20 GMT
cache-control
no-store
x-content-type-options
nosniff
server
ATS
strict-transport-security
max-age=15552000
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection
1; mode=block

Redirect headers

Location
https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=KXT18KCV-1V-9YVP&sigv=1&esig=2~f9941affe2d1a53d6cec67e38ab6e43bc8fd4522
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
2dd9fa24169fa04536d533da131679f8
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
tap.php
pixel.rubiconproject.com/ Frame 8E45
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc
  • https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEA75zPdGNYeDtkUPy4C7K60&google_cver=1
42 B
703 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEA75zPdGNYeDtkUPy4C7K60&google_cver=1
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east
Protocol
HTTP/1.1
Server
8.43.72.97 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length
42
X-RPHost
10af108baa8103fb427a2cc0433d74a0
Content-Type
image/gif

Redirect headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:20 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEA75zPdGNYeDtkUPy4C7K60&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
326
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
tap.php
pixel.rubiconproject.com/ Frame 8E45
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=9&redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D4222%26nid%3D1512%26put%3D%5BMM_UUID%5D
  • https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=486e61cd-bafa-4300-ae81-e0c2b6322ca6&expires=28
42 B
703 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=486e61cd-bafa-4300-ae81-e0c2b6322ca6&expires=28
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east
Protocol
HTTP/1.1
Server
8.43.72.97 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length
42
X-RPHost
a414d61fde5a538d1bc5c621aec59518
Content-Type
image/gif

Redirect headers

Date
Thu, 30 Dec 2021 13:58:20 GMT
Server
MT3 4133 baa842e master ord-pixel-x49 config:1.0.0
Access-Control-Allow-Origin
*
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=486e61cd-bafa-4300-ae81-e0c2b6322ca6&expires=28
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Thu, 30 Dec 2021 13:58:19 GMT
709414.gif
id.rlcdn.com/ Frame 8E45 		42 B
316 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://id.rlcdn.com/709414.gif
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
146.60.190.35.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 30 Dec 2021 13:58:20 GMT
via
1.1 google
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control
no-cache, no-store
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
tap.php
pixel.rubiconproject.com/ Frame 8E45
Redirect Chain
  • https://match.adsrvr.org/track/cmf/rubicon
  • https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=e0abe75f-a4ea-4fff-b6a5-5da8b250c6e4&gdpr=0&gdpr_consent=&expires=30
42 B
703 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=e0abe75f-a4ea-4fff-b6a5-5da8b250c6e4&gdpr=0&gdpr_consent=&expires=30
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east
Protocol
HTTP/1.1
Server
8.43.72.97 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length
42
X-RPHost
10af108baa8103fb427a2cc0433d74a0
Content-Type
image/gif

Redirect headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:20 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=e0abe75f-a4ea-4fff-b6a5-5da8b250c6e4&gdpr=0&gdpr_consent=&expires=30
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
289
rum
dsum-sec.casalemedia.com/ Frame 889C
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMWc9KIl89nheglcBUToqGw&google_cver=1
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMWc9KIl89nheglcBUToqGw&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJbEPhDG_rKdAhjViZi0ATAB&v=APEucNXprwrbt6gTRQVNL6nwsOu6RZ7reLThYJbC0GUFuh48AqOmCAtatiFbIT2n-XJ71zAwErRcsbGJMbt3CVPvcmNi4Oj-5w
Protocol
HTTP/1.1
Server
23.52.162.21 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-52-162-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 30 Dec 2021 13:58:20 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 30 Dec 2021 13:58:20 GMT

Redirect headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:20 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMWc9KIl89nheglcBUToqGw&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame 889C
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Yc26.8PaJt5j23F1hnB8aQAA
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMWc9KIl89nheglcBUToqGw&google_cver=1&google_hm=2
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMWc9KIl89nheglcBUToqGw&google_cver=1&google_hm=2
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJbEPhDG_rKdAhjViZi0ATAB&v=APEucNXprwrbt6gTRQVNL6nwsOu6RZ7reLThYJbC0GUFuh48AqOmCAtatiFbIT2n-XJ71zAwErRcsbGJMbt3CVPvcmNi4Oj-5w
Protocol
HTTP/1.1
Server
23.52.162.21 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-52-162-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 30 Dec 2021 13:58:20 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 30 Dec 2021 13:58:20 GMT

Redirect headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:20 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMWc9KIl89nheglcBUToqGw&google_cver=1&google_hm=2
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
329
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
setuid
ib.adnxs.com/ Frame 889C
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
  • https://ib.adnxs.com/setuid?entity=101&code=CAESEM5H-YBcqdeUy1X45cmljVM&google_cver=1
43 B
1004 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ib.adnxs.com/setuid?entity=101&code=CAESEM5H-YBcqdeUy1X45cmljVM&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJbEPhDG_rKdAhjViZi0ATAB&v=APEucNXprwrbt6gTRQVNL6nwsOu6RZ7reLThYJbC0GUFuh48AqOmCAtatiFbIT2n-XJ71zAwErRcsbGJMbt3CVPvcmNi4Oj-5w
Protocol
HTTP/1.1
Server
68.67.160.114 New York, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
672.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 30 Dec 2021 13:58:20 GMT
X-Proxy-Origin
45.250.25.110; 45.250.25.110; 672.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid
e7ac6fc0-4342-49c6-810d-30f4de526d47
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:20 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://ib.adnxs.com/setuid?entity=101&code=CAESEM5H-YBcqdeUy1X45cmljVM&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
290
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 889C
Redirect Chain
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzE4Mzg3NTkyMjY3NTY5MDE2Nw%3D%3D
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzE4Mzg3NTkyMjY3NTY5MDE2Nw%3D%3D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJbEPhDG_rKdAhjViZi0ATAB&v=APEucNXprwrbt6gTRQVNL6nwsOu6RZ7reLThYJbC0GUFuh48AqOmCAtatiFbIT2n-XJ71zAwErRcsbGJMbt3CVPvcmNi4Oj-5w
Protocol
H3
Server
142.250.65.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s71-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:20 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Thu, 30 Dec 2021 13:58:20 GMT
X-Proxy-Origin
45.250.25.110; 45.250.25.110; 672.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid
82167a89-e832-4d35-9a6e-d1ce689bacb3
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzE4Mzg3NTkyMjY3NTY5MDE2Nw%3D%3D
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
sr
capi.connatix.com/tr/ Frame E1DD 		0
321 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi.connatix.com/tr/sr?v=143023
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.220.25.210 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-220-25-210.us-east-2.compute.amazonaws.com
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Thu, 30 Dec 2021 13:58:20 GMT
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://www.baltimoresun.com
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
20
gpt.js
securepubads.g.doubleclick.net/tag/js/ 		78 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.72.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s32-in-f2.1e100.net
Software
sffe /
Resource Hash
4cfab73f48ea3a2c03aa2520f0de01c65bb730a123b6966d3585a5627351e181
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1086 / 285 of 1000 / last-modified: 1639397097"
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
26908
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Thu, 30 Dec 2021 13:58:20 GMT
2_media.bin
vid.connatix.com/8a76dcb9-d432-48f4-9931-6e6c436b1477/ Frame E1DD 		520 B
616 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://vid.connatix.com/8a76dcb9-d432-48f4-9931-6e6c436b1477/2_media.bin
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
3fa83cb7e565862aca7c40718b96a2befae23f74dd84709ae159809b4819614d

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:20 GMT
content-encoding
gzip
last-modified
Tue, 23 Jun 2020 14:20:22 GMT
age
2639532
etag
"47d4be93320f33e9a469d8aed3242fda"
vary
Accept-Encoding
content-type
application/octet-stream
access-control-allow-origin
*
access-control-max-age
86400
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
content-length
378
ima3.js
imasdk.googleapis.com/js/sdkloader/ Frame E1DD 		375 KB
124 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/sdkloader/ima3.js
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:809::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
92492a41ed7dbc02f64b8f399adef0bc87063f9011ea0dcf397d19a8d484bfa7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
126523
x-xss-protection
0
expires
Thu, 30 Dec 2021 13:58:20 GMT
pls
capi.connatix.com/core/ Frame E1DD 		11 KB
7 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi.connatix.com/core/pls?v=143023
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.220.25.210 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-220-25-210.us-east-2.compute.amazonaws.com
Software
Kestrel /
Resource Hash
c08ae15d7248a988dd123dbc6623968149bc3eab209265b7d615f1af11825cfb

Request headers

Referer
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Thu, 30 Dec 2021 13:58:19 GMT
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://www.baltimoresun.com
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
6374
1.png
img.connatix.com/dde83568-9613-4df7-9cbb-a4e4213e5a7b/ 		19 KB
19 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.connatix.com/dde83568-9613-4df7-9cbb-a4e4213e5a7b/1.png
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.66.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
43fbbe355f40735e833eb1acd033f1cec8e3d31a8531c1ca1e7b0a1c6e5a66fb

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:20 GMT
content-encoding
br
age
1927126
etag
"gAc/2Gc+fM9aq8w88fxHelKEyBKnYhPyN9WrKOAo8uQ"
access-control-max-age
86400
fastly-io-info
ifsz=47782 idim=1200x472 ifmt=png ofsz=19690 odim=1200x472 ofmt=png
access-control-allow-origin
*
cache-control
max-age=2592000, public
fastly-stats
io=1
accept-ranges
bytes
content-type
image/png
content-length
18916
cks
cks.connatix.com/
Redirect Chain
  • https://ssum.casalemedia.com/usermatchredir?s=190549&cb=https%3a%2f%2fcks.connatix.com%2fcks%3fpid%3d17%26ev%3df1a7817fe20f4597938371768ad6be84%26pname%3dIndex%26uid%3d
  • https://cks.connatix.com/cks?pid=17&ev=f1a7817fe20f4597938371768ad6be84&pname=Index&uid=Yc26.8PaJt5j23F1hnB8aQAA%26410
138 B
172 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cks.connatix.com/cks?pid=17&ev=f1a7817fe20f4597938371768ad6be84&pname=Index&uid=Yc26.8PaJt5j23F1hnB8aQAA%26410
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H2
Server
151.101.66.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
c75ba520bb106d9af4ac474e59e3fa413f46d1e6da2824d41cc0d4a2c96bead9

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:21 GMT
access-control-max-age
86400
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
accept-ranges
bytes
content-length
138
retry-after
0

Redirect headers

Pragma
no-cache
Date
Thu, 30 Dec 2021 13:58:20 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location
https://cks.connatix.com/cks?pid=17&ev=f1a7817fe20f4597938371768ad6be84&pname=Index&uid=Yc26.8PaJt5j23F1hnB8aQAA%26410
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
text/html; charset=iso-8859-1
Content-Length
314
Expires
Thu, 30 Dec 2021 13:58:20 GMT
connatix
match.prod.bidr.io/cookie-sync/ 		43 B
430 B 		Script
General
Check archive.org
Download Go to
Full URL
https://match.prod.bidr.io/cookie-sync/connatix?redir=https%3a%2f%2fcks.connatix.com%2fcks%3fpid%3d15%26ev%3df1a7817fe20f4597938371768ad6be84%26pname%3dBeeswax%26uid%3d{userid}
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.236.195.76 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-236-195-76.compute-1.amazonaws.com
Software
nginx /
Resource Hash
07383c96980710a04144e5a39ae59e7f9f74bcfd6462a6932ded48efe6d73bce
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
Date
Thu, 30 Dec 2021 13:58:20 GMT
Server
nginx
strict-transport-security
max-age=2592000; includeSubDomains
p3p
CP="This is not a P3P policy! See https://beeswax.com/privacy for more info."
cache-control
no-cache, must-revalidate
Connection
keep-alive
content-type
image/gif
Content-Length
43
expires
Fri, 01 Jan 1990 00:00:00 GMT
cks
cks.connatix.com/
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=gapzaid&ttd_tpi=1
  • https://cks.connatix.com/cks?pid=19&uid=e0abe75f-a4ea-4fff-b6a5-5da8b250c6e4&ttl=1643464700
146 B
180 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cks.connatix.com/cks?pid=19&uid=e0abe75f-a4ea-4fff-b6a5-5da8b250c6e4&ttl=1643464700
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H2
Server
151.101.66.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
9bc9ee936d3225274b7d792070d2071335d798eecfb700aa19c48767b59b2f4e

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:21 GMT
access-control-max-age
86400
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
accept-ranges
bytes
content-length
146
retry-after
0

Redirect headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:20 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://cks.connatix.com/cks?pid=19&uid=e0abe75f-a4ea-4fff-b6a5-5da8b250c6e4&ttl=1643464700
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
213
cks
cks.connatix.com/
Redirect Chain
  • https://ad.turn.com/r/cs?pid=67&redir=https%3a%2f%2fcks.connatix.com%2fcks%3fpid%3d21%26ev%3df1a7817fe20f4597938371768ad6be84%26pname%3dAmobee%26uid%3D%23USER_ID%23
  • https://cks.connatix.com/cks?pid=21&ev=f1a7817fe20f4597938371768ad6be84&pname=Amobee&uid=8053738013470830884
129 B
163 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cks.connatix.com/cks?pid=21&ev=f1a7817fe20f4597938371768ad6be84&pname=Amobee&uid=8053738013470830884
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H2
Server
151.101.66.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
a51f939d8286be23d3f9eb92b08800120cdc126dfb6197b8575ac85c5e85bd7e

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:21 GMT
access-control-max-age
86400
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
accept-ranges
bytes
content-length
129
retry-after
0

Redirect headers

location
https://cks.connatix.com/cks?pid=21&ev=f1a7817fe20f4597938371768ad6be84&pname=Amobee&uid=8053738013470830884
pragma
no-cache
date
Thu, 30 Dec 2021 13:58:20 GMT
cache-control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length
0
p3p
policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
cks
cks.connatix.com/
Redirect Chain
  • https://secure.adnxs.com/getuid?https%3a%2f%2fcks.connatix.com%2fcks%3fpid%3d6%26ev%3df1a7817fe20f4597938371768ad6be84%26pname%3dAppNexus%26uid%3d%24UID
  • https://cks.connatix.com/cks?pid=6&ev=f1a7817fe20f4597938371768ad6be84&pname=AppNexus&uid=3183875922675690167
128 B
250 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cks.connatix.com/cks?pid=6&ev=f1a7817fe20f4597938371768ad6be84&pname=AppNexus&uid=3183875922675690167
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H2
Server
151.101.66.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
ffc2ea88b89bc835aa13178bec0b0a1fe78a35e2745b1e71c76406bd8ccf89c5

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:21 GMT
access-control-max-age
86400
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
accept-ranges
bytes
content-length
128
retry-after
0

Redirect headers

Pragma
no-cache
Date
Thu, 30 Dec 2021 13:58:20 GMT
X-Proxy-Origin
45.250.25.110; 45.250.25.110; 568.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid
76e797fc-c06c-4774-a35c-e11febbd34ad
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://cks.connatix.com/cks?pid=6&ev=f1a7817fe20f4597938371768ad6be84&pname=AppNexus&uid=3183875922675690167
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
usync.html
eus.rubiconproject.com/ Frame 5753
Redirect Chain
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=19564_2&endpoint=us-east
  • https://eus.rubiconproject.com/usync.html?p=19564_2&endpoint=us-east
281 B
554 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?p=19564_2&endpoint=us-east
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.73.244.44 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-73-244-44.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/

Response headers

Server
Apache/2.2.15 (CentOS)
Last-Modified
Tue, 14 Dec 2021 23:07:59 GMT
ETag
"402b2-119-5d32342a551c0"
Accept-Ranges
bytes
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Thu, 30 Dec 2021 13:58:20 GMT
Connection
keep-alive
Vary
Accept-Encoding

Redirect headers

Server
AkamaiGHost
Content-Length
0
Location
https://eus.rubiconproject.com/usync.html?p=19564_2&endpoint=us-east
Date
Thu, 30 Dec 2021 13:58:20 GMT
Connection
keep-alive
Access-Control-Allow-Credentials
true
Access-Control-Allow-Origin
*
userSync.js
ads.pubmatic.com/AdServer/js/ Frame E1DD 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/userSync.js
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.52.161.180 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-52-161-180.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
5a49ffdeec0e61058ab6cdd783275b84a2c27a7a26b95a644f7764a78b510a7a

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:20 GMT
content-encoding
gzip
last-modified
Tue, 15 Jun 2021 06:08:14 GMT
server
Apache/2.2.15 (CentOS)
etag
"1300709-1af3-5c4c7cca9e573"
vary
Accept-Encoding
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
public, max-age=77432
accept-ranges
bytes
content-type
text/javascript
content-length
2267
expires
Fri, 31 Dec 2021 11:28:52 GMT
cks
cks.connatix.com/
Redirect Chain
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=105&redir=https%3a%2f%2fcks.connatix.com%2fcks%3fpid%3d9%26ev%3df1a7817fe20f4597938371768ad6be84%26pname%3dCentro%26uid%3d{userId}
  • https://cks.connatix.com/cks?pid=9&ev=f1a7817fe20f4597938371768ad6be84&pname=Centro&uid=no-consent
119 B
153 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cks.connatix.com/cks?pid=9&ev=f1a7817fe20f4597938371768ad6be84&pname=Centro&uid=no-consent
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H2
Server
151.101.66.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
96d66ae034f09eab8282feb0a9fd951c2a12f7b5419981da6bfdb81453e658ec

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:21 GMT
access-control-max-age
86400
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
accept-ranges
bytes
content-length
119
retry-after
0

Redirect headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:19 GMT
server
AC1.1
p3p
CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location
https://cks.connatix.com/cks?pid=9&ev=f1a7817fe20f4597938371768ad6be84&pname=Centro&uid=no-consent
cache-control
max-age=0,no-cache,no-store
content-length
0
expires
Tue, 11 Oct 1977 12:34:56 GMT
cks
cks.connatix.com/
Redirect Chain
  • https://sync.search.spotxchange.com/partner?adv_id=8600&redir=https%3a%2f%2fcks.connatix.com%2fcks%3fpid%3d10%26ev%3df1a7817fe20f4597938371768ad6be84%26pname%3dSpotX%26uid%3d%24SPOTX_USER_ID
  • https://sync.search.spotxchange.com/partner?adv_id=8600&redir=https%3a%2f%2fcks.connatix.com%2fcks%3fpid%3d10%26ev%3df1a7817fe20f4597938371768ad6be84%26pname%3dSpotX%26uid%3d%24SPOTX_USER_ID&__user...
  • https://cks.connatix.com/cks?pid=10&ev=f1a7817fe20f4597938371768ad6be84&pname=SpotX&uid=8c0ce14d-6978-11ec-90a6-12f84cd00503
146 B
180 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cks.connatix.com/cks?pid=10&ev=f1a7817fe20f4597938371768ad6be84&pname=SpotX&uid=8c0ce14d-6978-11ec-90a6-12f84cd00503
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H2
Server
151.101.66.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
eeab708e9b3eb87fbcb63a09d4c823f00b4aebd56a3686b59f74d79b9ff8afed

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:21 GMT
access-control-max-age
86400
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
accept-ranges
bytes
content-length
146
retry-after
0

Redirect headers

Date
Thu, 30 Dec 2021 13:58:21 GMT
Server
nginx
Location
https://cks.connatix.com/cks?pid=10&ev=f1a7817fe20f4597938371768ad6be84&pname=SpotX&uid=8c0ce14d-6978-11ec-90a6-12f84cd00503
Access-Control-Allow-Methods
GET, POST, OPTIONS
Content-Type
text/plain
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials
false
X-fe
61
Connection
keep-alive
Content-Length
0
s
googleads.g.doubleclick.net/pagead/drt/ Frame 571A 		143 B
163 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Requested by
Host: 76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com
URL: https://76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80b::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-US,en;q=0.9
Referer
https://76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com/

Response headers

content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
gzip
date
Thu, 30 Dec 2021 13:06:46 GMT
server
cafe
content-length
145
x-xss-protection
0
cache-control
public, max-age=3600
age
3094
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
truncated
/ Frame 2A41 		212 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2366e7f19af6f413e44c444c7bb8df5ee7c60fbc6bfe0df5bfd3a2dc74994ab1

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type
image/png
dvbs_src_internal101.js
cdn.doubleverify.com/ Frame E013 		55 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.doubleverify.com/dvbs_src_internal101.js
Requested by
Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src.js?ctx=971108&cmp=25144017&plc=313555254&sid=6479994&aufilter1=1024534&prr=1&ppid=103&autt=1&auevent=ABAjH0ikIFyiaidPa2IVNOXlxzFK&c1=1024534&auorder=22860534&aucmp=56528410&aucrtv=377881813&auxch=1&pltfrm=1&ausite=7724079434&turl=https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&aubndl=&dvregion=0&unit=300x250
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:d:598::4469 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
319dc60c796946da643a880fec740453dfa1308266841c576d1c577a4c9bac44

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 30 Dec 2021 13:58:20 GMT
Content-Encoding
gzip
Last-Modified
Wed, 08 Dec 2021 09:35:46 GMT
Server
Microsoft-IIS/10.0
ETag
"08517fa16ecd71:0"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=946080000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
18088
batchexecute
news.google.com/_/SubscribewithgoogleClientUi/data/ Frame 122E 		361 B
269 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://news.google.com/_/SubscribewithgoogleClientUi/data/batchexecute?rpcids=SlvRf&f.sid=1164672087394245425&bl=boq_subscribewithgoogleclientserver_20211222.12_p0&hl=en-US&soc-app=673&soc-platform=1&soc-device=1&_reqid=50301&rt=c
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.en_US.b7T37FN4NJs.es5.O/am=AgAI/d=1/excm=_b,_tp,serviceiframeview/ed=1/dg=0/wt=2/esmo=1/rs=ABXTjI4rHbVn0l3HM6LNXxMt1G9MeF6B_w/m=_b,_tp
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:816::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
f21287d4fbda5a171b0c7a6716ba2e69121c736f8e652fabc33ee64e3145df2f
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/SubscribewithgoogleClientUi/cspreport
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

X-Same-Domain
1
Referer
https://news.google.com/
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/x-www-form-urlencoded;charset=UTF-8

Response headers

date
Thu, 30 Dec 2021 13:58:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
same-site
content-disposition
attachment; filename="response.bin"; filename*=UTF-8''response.bin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
pragma
no-cache
server
ESF
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
content-type
application/json; charset=utf-8
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-security-policy
require-trusted-types-for 'script';report-uri /_/SubscribewithgoogleClientUi/cspreport
cross-origin-opener-policy-report-only
same-origin-allow-popups; report-to="SubscribewithgoogleClientUi"
expires
Mon, 01 Jan 1990 00:00:00 GMT
m=Wt6vjf,hhhU8,FCpbqb,WhJNk
www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.en_US.b7T37FN4NJs.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.8H2m-GzCKsQ.L... Frame 122E 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.en_US.b7T37FN4NJs.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.8H2m-GzCKsQ.L.B1.O/am=AgAI/d=1/exm=COQbmf,DfBslb,KG2eXe,LEikZe,NwH0H,OmgaI,PQaYAf,U0aPgd,ZfAoz,_b,_tp,aurFic,blwjVc,byfTOb,fKUV3e,gychg,lPKSwe,lfpdyf,lsjVmc,ws9Tlc,xUdipf,yDVVkb,zG9H6c/excm=_b,_tp,serviceiframeview/esmo=1/ed=1/wt=2/rs=ABXTjI4wtYYm0rpI1qK_odJC3edrEZbnyA/ee=cEt90b:ws9Tlc;uY49fb:COQbmf;Oj465e:KG2eXe;yxTchf:KUM7Z;qddgKe:xQtZb;wR5FRb:O1Gjze;iFQyKf:vfuNJf;dIoSBb:SpsfSb;NPKaK:SdcwHb;LBgRLc:SdcwHb;zxnPse:GkRiKb;NSEoX:lazG7b;nAFL3:NTMZac;oGtAuc:sOXFj;eBAeSb:zbML3c;io8t5d:yDVVkb;j7137d:KG2eXe;ul9GGd:JrBFQb;sP4Vbe:VwDzFe;kMFpHd:blwjVc;pXdRYb:MdUzUe;SNUn3:ZwDk9d/m=Wt6vjf,hhhU8,FCpbqb,WhJNk
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.en_US.b7T37FN4NJs.es5.O/am=AgAI/d=1/excm=_b,_tp,serviceiframeview/ed=1/dg=0/wt=2/esmo=1/rs=ABXTjI4rHbVn0l3HM6LNXxMt1G9MeF6B_w/m=_b,_tp
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:822::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d5a1e531dccf3126b4539700b317554228759e52e1725fa82cbe0f58e899a2c3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://news.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 19:04:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
586422
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/subscribewithgoogle-boq-js-css-signers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7290
x-xss-protection
0
last-modified
Wed, 15 Dec 2021 23:17:51 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"boq-infra/subscribewithgoogle-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/subscribewithgoogle-boq-js-css-signers"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="boq-infra/subscribewithgoogle-boq-js-css-signers"
expires
Fri, 23 Dec 2022 19:04:38 GMT
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame 6AC6 		22 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:809::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-US,en;q=0.9
Referer
https://76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin
*
content-length
8395
date
Wed, 29 Dec 2021 16:12:56 GMT
expires
Thu, 29 Dec 2022 16:12:56 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
78324
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
ao
capi.connatix.com/tr/ Frame E1DD 		0
321 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi.connatix.com/tr/ao?v=143023
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.220.25.210 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-220-25-210.us-east-2.compute.amazonaws.com
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Thu, 30 Dec 2021 13:58:20 GMT
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://www.baltimoresun.com
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
20
g
capi.connatix.com/rtb/ Frame E1DD 		4 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi.connatix.com/rtb/g?v=143023
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.220.25.210 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-220-25-210.us-east-2.compute.amazonaws.com
Software
Kestrel /
Resource Hash
e877658348c64e4ed8e28952dfa896c24b4780acf1ccc5bf30d323d837cf33d7

Request headers

Referer
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Thu, 30 Dec 2021 13:58:20 GMT
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://www.baltimoresun.com
transfer-encoding
chunked
Connection
keep-alive
access-control-allow-credentials
true
ps
capi.connatix.com/tr/ Frame E1DD 		0
321 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi.connatix.com/tr/ps?v=143023
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.220.25.210 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-220-25-210.us-east-2.compute.amazonaws.com
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Thu, 30 Dec 2021 13:58:20 GMT
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://www.baltimoresun.com
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
20
1_th.jpg
img.connatix.com/8a76dcb9-d432-48f4-9931-6e6c436b1477/ 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.connatix.com/8a76dcb9-d432-48f4-9931-6e6c436b1477/1_th.jpg?crop=550:309,smart&width=550&height=309&format=jpeg&quality=60&fit=crop
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.66.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
fa88731d3dfcba3466dd05250f89afb97ea729d2787d08929e41d23b23184ff0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:20 GMT
content-encoding
br
age
2010643
etag
"ex354f7syFr/P56CDjh+QQbIWdgH4rDowfDQyg1LBU8"
access-control-max-age
86400
fastly-io-info
ifsz=11736 idim=375x212 ifmt=jpeg ofsz=9039 odim=375x211 ofmt=jpeg
access-control-allow-origin
*
cache-control
max-age=2592000, public
fastly-stats
io=1
accept-ranges
bytes
content-type
image/jpeg
content-length
8667
insights.bin
ins.connatix.com/ffc4d445-1987-4e08-8396-f8627d344b6b/3/ Frame E1DD 		353 B
348 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ins.connatix.com/ffc4d445-1987-4e08-8396-f8627d344b6b/3/insights.bin
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
3c6b45ce8ca0a28f418decd40c175f3abdc3d4f38e011928f965d9ca00c46513

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:21 GMT
content-encoding
gzip
last-modified
Mon, 18 Oct 2021 08:47:59 GMT
age
4867820
etag
"7fd40e201edd31ad5465edae6ca5e912"
vary
Accept-Encoding
content-type
application/octet-stream
access-control-allow-origin
*
access-control-max-age
86400
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
content-length
257
insights.bin
ins.connatix.com/78b4e091-bd5d-475c-9ed1-9a0bbfe32786/3/ Frame E1DD 		677 B
517 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ins.connatix.com/78b4e091-bd5d-475c-9ed1-9a0bbfe32786/3/insights.bin
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
0ec9f4880ece4d620da10f84c3200bd3abc058fe5b7868847ecf7dfa6c0e6686

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:21 GMT
content-encoding
gzip
last-modified
Mon, 18 Oct 2021 08:43:50 GMT
age
4865101
etag
"fdf034f927b2190a4023c759483ce8c9"
vary
Accept-Encoding
content-type
application/octet-stream
access-control-allow-origin
*
access-control-max-age
86400
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
content-length
426
insights.bin
ins.connatix.com/15d9cb3a-2652-4a1e-bdef-95421843a3a6/3/ Frame E1DD 		533 B
443 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ins.connatix.com/15d9cb3a-2652-4a1e-bdef-95421843a3a6/3/insights.bin
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
b09ea579d23bbd93059988b2cecd6d468b6963d86d2fa5a0cedc7e65c7226340

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:21 GMT
content-encoding
gzip
last-modified
Mon, 18 Oct 2021 08:45:33 GMT
age
5115921
etag
"6972ef4370a5c72b9cc76a1c7c73a6ae"
vary
Accept-Encoding
content-type
application/octet-stream
access-control-allow-origin
*
access-control-max-age
86400
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
content-length
352
insights.bin
ins.connatix.com/448125af-186b-4eef-84eb-f7c3c829743f/3/ Frame E1DD 		317 B
349 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ins.connatix.com/448125af-186b-4eef-84eb-f7c3c829743f/3/insights.bin
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
dc72dc2e180487b65563ea7416932c028e9679a733cd23b6ff898df256b2d4c1

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:21 GMT
content-encoding
gzip
last-modified
Mon, 08 Nov 2021 14:48:49 GMT
age
4263337
etag
"d2bdc15870bd6d6d74115c754f74fce8"
vary
Accept-Encoding
content-type
application/octet-stream
access-control-allow-origin
*
access-control-max-age
86400
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
content-length
233
insights.bin
ins.connatix.com/89356587-332c-48da-9c10-d59c6bd36ea8/3/ Frame E1DD 		425 B
383 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ins.connatix.com/89356587-332c-48da-9c10-d59c6bd36ea8/3/insights.bin
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
17a238c718b32f43cce7f677d9304367e09cfb492a17d4228d49515211759204

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:21 GMT
content-encoding
gzip
last-modified
Fri, 15 Oct 2021 13:24:25 GMT
age
5115922
etag
"0e0b9893454bf7919e7884a11311793c"
vary
Accept-Encoding
content-type
application/octet-stream
access-control-allow-origin
*
access-control-max-age
86400
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
content-length
291
sr
capi.connatix.com/tr/ Frame E1DD 		0
321 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi.connatix.com/tr/sr?v=143023
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.220.25.210 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-220-25-210.us-east-2.compute.amazonaws.com
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Thu, 30 Dec 2021 13:58:20 GMT
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://www.baltimoresun.com
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
20
analytics.js
s.srvsynd.com/2/234175/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.srvsynd.com/2/234175/analytics.js?dt=2341751597675869250012&di=www.baltimoresun.com&ui=f1a7817fe20f4597938371768ad6be84&md=2&ap=undefined&sr=connatix.com&pp=780864319626685&ti=x1212214887973369980443275100160&de=2&to=3&pv=8266dd6e-3c76-4285-9592-6a0ab89c378d
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
34.226.87.209 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-226-87-209.compute-1.amazonaws.com
Software
/
Resource Hash
3ad4e4f2ee2a2ba2ed7adcf370985a2b742116af9929d1448af0b078cb104d5b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 30 Dec 2021 13:58:20 GMT
Content-Encoding
gzip
Accept-Ch
Viewport-Width, Width, DPR, RTT, ECT, Device-Memory, Downlink, Save-Data
Vary
*
Content-Type
text/javascript; charset=utf-8
Cache-Control
no-cache, no-store, must-revalidate, no-transform, private, max-age=0
Strict-Transport-Security
max-age=31536000; includeSubDomains
Timing-Allow-Origin
*
Content-Length
2828
Expires
0
3_media.bin
vid.connatix.com/ffc4d445-1987-4e08-8396-f8627d344b6b/ Frame E1DD 		910 B
722 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://vid.connatix.com/ffc4d445-1987-4e08-8396-f8627d344b6b/3_media.bin
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
420b866f2e87987f86bf6e783f550165344a1c319ae537d6da40280f86ed64a5

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:21 GMT
content-encoding
gzip
last-modified
Tue, 16 Mar 2021 10:12:57 GMT
age
2671585
etag
"7a46b52e8117a102bafe1bb5c28400fa"
vary
Accept-Encoding
content-type
application/octet-stream
access-control-allow-origin
*
access-control-max-age
86400
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
content-length
631
1.png
img.connatix.com/ba2fe40a-3d87-41a0-86a3-03209b68366c/ 		19 KB
19 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.connatix.com/ba2fe40a-3d87-41a0-86a3-03209b68366c/1.png
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.66.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
43fbbe355f40735e833eb1acd033f1cec8e3d31a8531c1ca1e7b0a1c6e5a66fb

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:21 GMT
content-encoding
br
age
1067186
etag
"gAc/2Gc+fM9aq8w88fxHelKEyBKnYhPyN9WrKOAo8uQ"
access-control-max-age
86400
fastly-io-info
ifsz=30955 idim=1200x472 ifmt=png ofsz=19690 odim=1200x472 ofmt=png
access-control-allow-origin
*
cache-control
max-age=2592000, public
fastly-stats
io=1
accept-ranges
bytes
content-type
image/png
content-length
18916
verify.js
rtb0.doubleverify.com/ Frame E013 		8 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://rtb0.doubleverify.com/verify.js?jsCallback=__verify_callback_897285906437&jsTagObjCallback=__tagObject_callback_897285906437&num=6&ctx=971108&cmp=25144017&plc=313555254&sid=6479994&advid=&adsrv=&unit=300x250&isdvvid=&uid=897285906437&tagtype=&adID=&app=&sup=&isovv=0&gmnpo=&crt=&dvp_strhd=0.50&dvpx_strhd=0.50&brid=3&brver=96&bridua=3&dup=null&ppid=103&auevent=ABAjH0ikIFyiaidPa2IVNOXlxzFK&aucmp=56528410&aucrtv=377881813&auorder=22860534&ausite=7724079434&auxch=1&pltfrm=1&aufilter1=1024534&autt=1&c1=1024534&turl=https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&srcurlD=0&ssl=1&refD=1&htmlmsging=1&prr=1&aUrlD=-1&m1=13&noc=4&fcifrms=18&brh=2&vavbkt=&lvvn=28&dvp_idcerr=undefined&ver=149&eparams=DC4FC%3Dl9EEADTbpTauTauHHH%5D32%3DE%3A%3E%40C6DF%3F%5D4%40%3ETauU2%3F4r92%3A%3Fl9EEADTbpTauTauHHH%5D32%3DE%3A%3E%40C6DF%3F%5D4%40%3ETar9EEADTbpTauTaufe2_%6032af723fb236a4f334%607hag77hh%5DD2767C2%3E6%5D8%40%408%3D6DJ%3F5%3A42E%3A%40%3F%5D4%40%3EU2%26C%3Dl9EEADTbpTauTauHHH%5D32%3DE%3A%3E%40C6DF%3F%5D4%40%3ETau4%40C%40%3F2G%3ACFDTau3D%5C%3E5%5CECF642C6%5CH9%3ADE%3D63%3D%40H6C%5Ca_a%60%60aah%5CdD%407aCIE%3FG7A%3B%3Ac%3D%3CDbAF%3E%3AB5c%5CDE%40CJ%5D9E%3E%3D&dvp_exetime=6.20&aubndl=&callbackName=__verify_callback_897285906437
Requested by
Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src_internal101.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
204.154.111.120 , United States, ASN36062 (DOUBLE-VERIFY, US),
Reverse DNS
nycp-hlb17.doubleverify.com
Software
/
Resource Hash
66a141e71d418dae03b201001cd25e3b0ea3264c67f5a3f304bd36348eb2a2ad

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma
no-cache
X-DV-Response
1
Content-Encoding
gzip
Date
Thu, 30 Dec 2021 13:58:20 GMT
Vary
Accept-Encoding
Content-Type
text/javascript; charset=utf-8
Cache-Control
max-age=0
Transfer-Encoding
chunked
Expires
12/29/2021 1:58:21 PM
css
fonts.googleapis.com/ Frame 90A6 		2 KB
572 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Montserrat:600|Lato:700
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4341884288908283729/7ec167ba56dfdbb98b54f2786aeb643f.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81d::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
2200c69de12713c4ee020e0ea2c30aa121d02d4c91fae75e58bdfb6362ac160d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Thu, 30 Dec 2021 12:56:09 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Thu, 30 Dec 2021 13:58:21 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 30 Dec 2021 13:58:21 GMT
58c605fc559c9f87e04dca4f6d90017a.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4341884288908283729/media/ Frame 90A6 		45 KB
45 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4341884288908283729/media/58c605fc559c9f87e04dca4f6d90017a.jpg
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4341884288908283729/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:809::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f7ea506bb5341082ea0a43a18e2bf7e5384dbd70619e525cbbad9e576c25f090
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options
nosniff
age
266244
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
46450
x-xss-protection
0
last-modified
Wed, 10 Nov 2021 14:07:31 GMT
server
sffe
date
Mon, 27 Dec 2021 12:00:57 GMT
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Tue, 27 Dec 2022 12:00:57 GMT
1d4845e8fe71d69309f48020217338ca.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4341884288908283729/media/ Frame 90A6 		69 KB
22 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4341884288908283729/media/1d4845e8fe71d69309f48020217338ca.svg
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4341884288908283729/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:809::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
26395bb2ea3cacca0ade568eb8feebc4057f276b60afdf3fd5f724be3642a826
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding
gzip
x-content-type-options
nosniff
age
266244
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
21996
x-xss-protection
0
last-modified
Wed, 10 Nov 2021 14:07:31 GMT
server
sffe
date
Mon, 27 Dec 2021 12:00:57 GMT
vary
Accept-Encoding
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Tue, 27 Dec 2022 12:00:57 GMT
usync.js
eus.rubiconproject.com/ Frame 5753 		32 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=19564_2&endpoint=us-east
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.73.244.44 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-73-244-44.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
b6caa475a6e60a972a981cf3abeb5a2ff01c09bee551831d38f18ae2b28ccfe4

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?p=19564_2&endpoint=us-east
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 30 Dec 2021 13:58:21 GMT
Content-Encoding
gzip
Last-Modified
Wed, 15 Dec 2021 23:04:16 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=53223
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Content-Length
9702
Expires
Fri, 31 Dec 2021 04:45:24 GMT
prebid4.43.0-4.js
cds.connatix.com/p/plugins/ Frame 3B1B 		381 KB
103 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cds.connatix.com/p/plugins/prebid4.43.0-4.js
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.66.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
48690aaa6fff4d84b3d1de64a8ec77ed01ca244492e10fb776c794ba6c171639

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:21 GMT
content-encoding
br
last-modified
Thu, 02 Dec 2021 15:13:51 GMT
age
1933465
etag
"e0908e656154cdf7c73f3852e04c6ceb"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
access-control-max-age
86400
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
content-length
105742
bridge3.493.0_en.html
imasdk.googleapis.com/js/core/ Frame 60AF 		598 KB
194 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:809::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ef447194c4f88706e59e91d4dd03aa925cd6f5d30ae87b863c8fe282153c2fbc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-length
198942
date
Sat, 25 Dec 2021 06:58:54 GMT
expires
Sun, 25 Dec 2022 06:58:54 GMT
last-modified
Wed, 15 Dec 2021 20:12:41 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
457167
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
client.js
s0.2mdn.net/instream/video/ Frame E1DD 		44 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/instream/video/client.js
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:823::2006 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
16746
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 30 Dec 2021 13:58:21 GMT
bridge3.493.0_en.html
imasdk.googleapis.com/js/core/ Frame 8558 		598 KB
194 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:809::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ef447194c4f88706e59e91d4dd03aa925cd6f5d30ae87b863c8fe282153c2fbc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-length
198942
date
Sat, 25 Dec 2021 06:58:54 GMT
expires
Sun, 25 Dec 2022 06:58:54 GMT
last-modified
Wed, 15 Dec 2021 20:12:41 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
457167
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
bridge3.493.0_en.html
imasdk.googleapis.com/js/core/ Frame 0AEA 		598 KB
194 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:809::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ef447194c4f88706e59e91d4dd03aa925cd6f5d30ae87b863c8fe282153c2fbc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-length
198942
date
Sat, 25 Dec 2021 06:58:54 GMT
expires
Sun, 25 Dec 2022 06:58:54 GMT
last-modified
Wed, 15 Dec 2021 20:12:41 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
457167
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
bridge3.493.0_en.html
imasdk.googleapis.com/js/core/ Frame 29CC 		598 KB
194 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:809::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ef447194c4f88706e59e91d4dd03aa925cd6f5d30ae87b863c8fe282153c2fbc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-length
198942
date
Sat, 25 Dec 2021 06:58:54 GMT
expires
Sun, 25 Dec 2022 06:58:54 GMT
last-modified
Wed, 15 Dec 2021 20:12:41 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
457167
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
bridge3.493.0_en.html
imasdk.googleapis.com/js/core/ Frame D0CB 		598 KB
194 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:809::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ef447194c4f88706e59e91d4dd03aa925cd6f5d30ae87b863c8fe282153c2fbc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-length
198942
date
Sat, 25 Dec 2021 06:58:54 GMT
expires
Sun, 25 Dec 2022 06:58:54 GMT
last-modified
Wed, 15 Dec 2021 20:12:41 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
457167
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
bridge3.493.0_en.html
imasdk.googleapis.com/js/core/ Frame DC77 		598 KB
194 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:809::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ef447194c4f88706e59e91d4dd03aa925cd6f5d30ae87b863c8fe282153c2fbc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-length
198942
date
Sat, 25 Dec 2021 06:58:54 GMT
expires
Sun, 25 Dec 2022 06:58:54 GMT
last-modified
Wed, 15 Dec 2021 20:12:41 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
457167
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
1_th.jpg
img.connatix.com/ffc4d445-1987-4e08-8396-f8627d344b6b/ 		13 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.connatix.com/ffc4d445-1987-4e08-8396-f8627d344b6b/1_th.jpg?crop=550:309,smart&width=550&height=309&format=jpeg&quality=60&fit=crop
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.66.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
e103b4b8e054534fe795815addb2068b5db87382812f5893983f2405e36ee094

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:21 GMT
content-encoding
br
age
478671
etag
"A462rxDGxhnPU2S8wHJW+9e05a8xBmw90siDC3bkL8E"
access-control-max-age
86400
fastly-io-info
ifsz=18265 idim=375x212 ifmt=jpeg ofsz=13150 odim=375x211 ofmt=jpeg
access-control-allow-origin
*
cache-control
max-age=2592000, public
fastly-stats
io=1
accept-ranges
bytes
content-type
image/jpeg
content-length
12791
log
play.google.com/ Frame 122E 		131 B
155 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://play.google.com/log?format=json&hasfast=true&authuser=0
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.en_US.b7T37FN4NJs.es5.O/am=AgAI/d=1/excm=_b,_tp,serviceiframeview/ed=1/dg=0/wt=2/esmo=1/rs=ABXTjI4rHbVn0l3HM6LNXxMt1G9MeF6B_w/m=_b,_tp
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:806::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Playlog /
Resource Hash
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://news.google.com/
X-Goog-AuthUser
0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/x-www-form-urlencoded;charset=UTF-8

Response headers

date
Thu, 30 Dec 2021 13:58:21 GMT
content-encoding
gzip
server
Playlog
access-control-allow-headers
X-Playlog-Web
x-frame-options
SAMEORIGIN
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
access-control-allow-origin
https://news.google.com
cache-control
private
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
content-type
text/plain; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
131
x-xss-protection
0
expires
Thu, 30 Dec 2021 13:58:21 GMT
log
play.google.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://play.google.com/log?format=json&hasfast=true&authuser=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:806::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Playlog /
Resource Hash
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
x-goog-authuser
Origin
https://news.google.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

access-control-allow-origin
https://news.google.com
access-control-allow-methods
GET, POST, OPTIONS
access-control-max-age
86400
access-control-allow-credentials
true
access-control-allow-headers
X-Playlog-Web,authorization,origin,x-goog-authuser
content-type
text/plain; charset=UTF-8
date
Thu, 30 Dec 2021 13:58:21 GMT
server
Playlog
content-length
0
x-xss-protection
0
x-frame-options
SAMEORIGIN
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Thu, 30 Dec 2021 13:58:21 GMT
cache-control
private
log
play.google.com/ Frame 122E 		131 B
155 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://play.google.com/log?format=json&hasfast=true&authuser=0
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.en_US.b7T37FN4NJs.es5.O/am=AgAI/d=1/excm=_b,_tp,serviceiframeview/ed=1/dg=0/wt=2/esmo=1/rs=ABXTjI4rHbVn0l3HM6LNXxMt1G9MeF6B_w/m=_b,_tp
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:806::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Playlog /
Resource Hash
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://news.google.com/
X-Goog-AuthUser
0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/x-www-form-urlencoded;charset=UTF-8

Response headers

date
Thu, 30 Dec 2021 13:58:21 GMT
content-encoding
gzip
server
Playlog
access-control-allow-headers
X-Playlog-Web
x-frame-options
SAMEORIGIN
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
access-control-allow-origin
https://news.google.com
cache-control
private
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
content-type
text/plain; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
131
x-xss-protection
0
expires
Thu, 30 Dec 2021 13:58:21 GMT
log
play.google.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://play.google.com/log?format=json&hasfast=true&authuser=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:806::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Playlog /
Resource Hash
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
x-goog-authuser
Origin
https://news.google.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

access-control-allow-origin
https://news.google.com
access-control-allow-methods
GET, POST, OPTIONS
access-control-max-age
86400
access-control-allow-credentials
true
access-control-allow-headers
X-Playlog-Web,authorization,origin,x-goog-authuser
content-type
text/plain; charset=UTF-8
date
Thu, 30 Dec 2021 13:58:21 GMT
server
Playlog
content-length
0
x-xss-protection
0
x-frame-options
SAMEORIGIN
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Thu, 30 Dec 2021 13:58:21 GMT
cache-control
private
log
play.google.com/ Frame 122E 		131 B
155 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://play.google.com/log?format=json&hasfast=true&authuser=0
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.en_US.b7T37FN4NJs.es5.O/am=AgAI/d=1/excm=_b,_tp,serviceiframeview/ed=1/dg=0/wt=2/esmo=1/rs=ABXTjI4rHbVn0l3HM6LNXxMt1G9MeF6B_w/m=_b,_tp
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:806::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Playlog /
Resource Hash
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://news.google.com/
X-Goog-AuthUser
0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/x-www-form-urlencoded;charset=UTF-8

Response headers

date
Thu, 30 Dec 2021 13:58:21 GMT
content-encoding
gzip
server
Playlog
access-control-allow-headers
X-Playlog-Web
x-frame-options
SAMEORIGIN
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
access-control-allow-origin
https://news.google.com
cache-control
private
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
content-type
text/plain; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
131
x-xss-protection
0
expires
Thu, 30 Dec 2021 13:58:21 GMT
log
play.google.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://play.google.com/log?format=json&hasfast=true&authuser=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:806::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Playlog /
Resource Hash
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
x-goog-authuser
Origin
https://news.google.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

access-control-allow-origin
https://news.google.com
access-control-allow-methods
GET, POST, OPTIONS
access-control-max-age
86400
access-control-allow-credentials
true
access-control-allow-headers
X-Playlog-Web,authorization,origin,x-goog-authuser
content-type
text/plain; charset=UTF-8
date
Thu, 30 Dec 2021 13:58:21 GMT
server
Playlog
content-length
0
x-xss-protection
0
x-frame-options
SAMEORIGIN
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Thu, 30 Dec 2021 13:58:21 GMT
cache-control
private
us
capi.connatix.com/core/ Frame 5753
Redirect Chain
  • https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=19564_2&khaos=KXT18KCV-1V-9YVP
  • https://ck.connatix.com/cks?pid=11&uid=KXT18KCV-1V-9YVP
  • https://capi.connatix.com/core/us?DemandPartner=11&DemandPartnerUserId=KXT18KCV-1V-9YVP&UserId=
0
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://capi.connatix.com/core/us?DemandPartner=11&DemandPartnerUserId=KXT18KCV-1V-9YVP&UserId=
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=19564_2&endpoint=us-east
Protocol
HTTP/1.1
Server
18.220.25.210 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-220-25-210.us-east-2.compute.amazonaws.com
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:21 GMT
access-control-allow-credentials
true
server
Kestrel
Connection
keep-alive
Content-Length
0
content-type
application/json

Redirect headers

date
Thu, 30 Dec 2021 13:58:21 GMT
location
https://capi.connatix.com/core/us?DemandPartner=11&DemandPartnerUserId=KXT18KCV-1V-9YVP&UserId=
access-control-max-age
86400
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, max-age=0
accept-ranges
bytes
content-length
0
retry-after
0
g
capi.connatix.com/rtb/ Frame E1DD 		0
321 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi.connatix.com/rtb/g?v=143023
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.220.25.210 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-220-25-210.us-east-2.compute.amazonaws.com
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Thu, 30 Dec 2021 13:58:21 GMT
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://www.baltimoresun.com
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
20
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame EFD1 		14 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=156592&s=&predirect=https%3A%2F%2Fcapi.connatix.com%2Fcore%2Fus%3FDemandPartner%3D2%26UserId%3Df1a7817fe20f4597938371768ad6be84%26DemandPartnerName%3DPubmatic%26DemandPartnerUserId%3D&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/userSync.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.52.161.180 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-52-161-180.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
2295c7a89c8ac4a19e2641283109be472d8f58bd78e42a38a0d16e34203e4bba

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-US,en;q=0.9

Response headers

last-modified
Tue, 15 Jun 2021 06:08:03 GMT
etag
"1300708-3945-5c4c7cc02bd56"
server
Apache/2.2.15 (CentOS)
accept-ranges
bytes
content-encoding
gzip
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
5054
content-type
text/html; charset=UTF-8
cache-control
max-age=62362
expires
Fri, 31 Dec 2021 07:17:43 GMT
date
Thu, 30 Dec 2021 13:58:21 GMT
vary
Accept-Encoding
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame FA0A 		14 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=156592&s=&predirect=https%3A%2F%2Fcapi.connatix.com%2Fcore%2Fus%3FDemandPartner%3D2%26UserId%3Df1a7817fe20f4597938371768ad6be84%26DemandPartnerName%3DPubmatic%26DemandPartnerUserId%3D&userIdMacro=&gdpr_consent=&gdpr=1&us_privacy=&
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/userSync.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.52.161.180 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-52-161-180.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
2295c7a89c8ac4a19e2641283109be472d8f58bd78e42a38a0d16e34203e4bba

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-US,en;q=0.9

Response headers

last-modified
Tue, 15 Jun 2021 06:08:03 GMT
etag
"1300708-3945-5c4c7cc02bd56"
server
Apache/2.2.15 (CentOS)
accept-ranges
bytes
content-encoding
gzip
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
5054
content-type
text/html; charset=UTF-8
cache-control
max-age=62362
expires
Fri, 31 Dec 2021 07:17:43 GMT
date
Thu, 30 Dec 2021 13:58:21 GMT
vary
Accept-Encoding
postback
s.srvsynd.com/2/2.43.1/234175/AP4v3tgJBZc63V4i/ 		0
145 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://s.srvsynd.com/2/2.43.1/234175/AP4v3tgJBZc63V4i/postback?oz_pl=1&ci=234175&dt=2341751597675869250012&di=www.baltimoresun.com&ui=f1a7817fe20f4597938371768ad6be84&ap=undefined&sr=connatix.com&de=2&md=2&pp=780864319626685&ti=x1212214887973369980443275100160&to=3&pv=8266dd6e-3c76-4285-9592-6a0ab89c378d&_x=1
Requested by
Host: s.srvsynd.com
URL: https://s.srvsynd.com/2/234175/analytics.js?dt=2341751597675869250012&di=www.baltimoresun.com&ui=f1a7817fe20f4597938371768ad6be84&md=2&ap=undefined&sr=connatix.com&pp=780864319626685&ti=x1212214887973369980443275100160&de=2&to=3&pv=8266dd6e-3c76-4285-9592-6a0ab89c378d
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
34.226.87.209 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-226-87-209.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.baltimoresun.com/
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
*
Date
Thu, 30 Dec 2021 13:58:21 GMT
Timing-Allow-Origin
*
Content-Length
0
Vary
Origin
main.js
s.srvsynd.com/2/2.43.1/ 		154 KB
48 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.srvsynd.com/2/2.43.1/main.js
Requested by
Host: s.srvsynd.com
URL: https://s.srvsynd.com/2/234175/analytics.js?dt=2341751597675869250012&di=www.baltimoresun.com&ui=f1a7817fe20f4597938371768ad6be84&md=2&ap=undefined&sr=connatix.com&pp=780864319626685&ti=x1212214887973369980443275100160&de=2&to=3&pv=8266dd6e-3c76-4285-9592-6a0ab89c378d
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
34.226.87.209 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-226-87-209.compute-1.amazonaws.com
Software
/
Resource Hash
bfa12779f481d024004ac40f96aa837e671f2b6362ca6b3b84f6edf061825e98
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 30 Dec 2021 13:58:21 GMT
Content-Encoding
br
Accept-Ch
Viewport-Width, Width, DPR, RTT, ECT, Device-Memory, Downlink, Save-Data
Vary
Origin, Accept-Encoding
Content-Type
text/javascript; charset=utf-8
Cache-Control
public, no-transform, immutable, max-age=999999999
Strict-Transport-Security
max-age=31536000; includeSubDomains
Timing-Allow-Origin
*
Content-Length
48454
Expires
Sun, 07 Sep 2053 05:16:17 GMT
us
capi.connatix.com/core/ Frame E1DD 		0
321 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi.connatix.com/core/us?v=143023
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.220.25.210 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-220-25-210.us-east-2.compute.amazonaws.com
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Thu, 30 Dec 2021 13:58:20 GMT
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://www.baltimoresun.com
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
20
us
capi.connatix.com/core/ Frame E1DD 		0
321 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi.connatix.com/core/us?v=143023
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.220.25.210 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-220-25-210.us-east-2.compute.amazonaws.com
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Thu, 30 Dec 2021 13:58:21 GMT
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://www.baltimoresun.com
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
20
us
capi.connatix.com/core/ Frame E1DD 		0
321 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi.connatix.com/core/us?v=143023
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.220.25.210 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-220-25-210.us-east-2.compute.amazonaws.com
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Thu, 30 Dec 2021 13:58:21 GMT
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://www.baltimoresun.com
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
20
us
capi.connatix.com/core/ Frame E1DD 		0
321 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi.connatix.com/core/us?v=143023
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.220.25.210 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-220-25-210.us-east-2.compute.amazonaws.com
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Thu, 30 Dec 2021 13:58:20 GMT
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://www.baltimoresun.com
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
20
us
capi.connatix.com/core/ Frame E1DD 		0
321 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi.connatix.com/core/us?v=143023
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.220.25.210 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-220-25-210.us-east-2.compute.amazonaws.com
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Thu, 30 Dec 2021 13:58:20 GMT
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://www.baltimoresun.com
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
20
us
capi.connatix.com/core/ Frame E1DD 		0
321 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi.connatix.com/core/us?v=143023
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.220.25.210 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-220-25-210.us-east-2.compute.amazonaws.com
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Thu, 30 Dec 2021 13:58:21 GMT
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://www.baltimoresun.com
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
20
us
capi.connatix.com/core/ Frame E1DD 		0
321 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi.connatix.com/core/us?v=143023
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.220.25.210 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-220-25-210.us-east-2.compute.amazonaws.com
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Thu, 30 Dec 2021 13:58:20 GMT
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://www.baltimoresun.com
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
20
us
capi.connatix.com/core/ Frame E1DD 		0
321 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi.connatix.com/core/us?v=143023
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.220.25.210 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-220-25-210.us-east-2.compute.amazonaws.com
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Thu, 30 Dec 2021 13:58:20 GMT
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://www.baltimoresun.com
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
20
log
play.google.com/ Frame 122E 		131 B
155 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://play.google.com/log?format=json&hasfast=true
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.en_US.b7T37FN4NJs.es5.O/am=AgAI/d=1/excm=_b,_tp,serviceiframeview/ed=1/dg=0/wt=2/esmo=1/rs=ABXTjI4rHbVn0l3HM6LNXxMt1G9MeF6B_w/m=_b,_tp
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:806::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Playlog /
Resource Hash
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://news.google.com/
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/x-www-form-urlencoded;charset=UTF-8

Response headers

date
Thu, 30 Dec 2021 13:58:21 GMT
content-encoding
gzip
server
Playlog
access-control-allow-headers
X-Playlog-Web
x-frame-options
SAMEORIGIN
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
access-control-allow-origin
https://news.google.com
cache-control
private
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
content-type
text/plain; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
131
x-xss-protection
0
expires
Thu, 30 Dec 2021 13:58:21 GMT
bsevent.gif
tps628.doubleverify.com/ Frame E013 		807 B
1 KB 		Ping
General
Check archive.org
Download Go to
Full URL
https://tps628.doubleverify.com/bsevent.gif?impid=dd8e5c5dd4e44ed680f5192e5aaa6445&nav_pltfrm=Linux%20x86_64&dvp_ac_version=0511&dvp_acibv=&bsigr=2176&cbust=1640872701523848
Requested by
Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src_internal101.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
204.154.111.116 , United States, ASN36062 (DOUBLE-VERIFY, US),
Reverse DNS
nycp-hlb13.doubleverify.com
Software
/
Resource Hash
78fdf5abc0ba7951eb52c6d66c9d1a9f8766f4d1c60ca05173c26623de3f3416

Request headers

Referer
https://76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com/
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Pragma
no-cache
Date
Thu, 30 Dec 2021 13:58:21 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
Content-Type
image/gif
Access-Control-Allow-Origin
https://76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com
Cache-Control
max-age=0
Access-Control-Allow-Credentials
true
Content-Length
860
Expires
12/29/2021 1:58:21 PM
dcmads.js
www.googletagservices.com/dcm/ Frame E013 		9 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/dcm/dcmads.js
Requested by
Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src_internal101.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:816::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c45a7b49c14477cd160a83d4ee1fb8c311e12314e042d0647c68bec62f16fe29
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:27:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1827
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4486
x-xss-protection
0
last-modified
Mon, 29 Nov 2021 19:29:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-dcm-tag"
vary
Accept-Encoding
report-to
{"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type
text/javascript
cache-control
public, max-age=3600
accept-ranges
bytes
expires
Thu, 30 Dec 2021 14:27:54 GMT
bsevent.gif
tps628.doubleverify.com/ Frame E013
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=doubleverify_ddp&google_ula=7327243&google_hm=**&google_redir=https%3A%2F%2Ftps628.doubleverify.com%2Fbsevent.gif%3Fimpid%3Ddd8e5c5dd4e44ed680f5192e5aa...
  • https://tps628.doubleverify.com/bsevent.gif?impid=dd8e5c5dd4e44ed680f5192e5aaa6445&dvpx_gfbc=1&cbust=1640872701521798&google_hm=2&google_ula=7327243,0
807 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tps628.doubleverify.com/bsevent.gif?impid=dd8e5c5dd4e44ed680f5192e5aaa6445&dvpx_gfbc=1&cbust=1640872701521798&google_hm=2&google_ula=7327243,0
Requested by
Host: 76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com
URL: https://76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
HTTP/1.1
Server
204.154.111.116 , United States, ASN36062 (DOUBLE-VERIFY, US),
Reverse DNS
nycp-hlb13.doubleverify.com
Software
/
Resource Hash
78fdf5abc0ba7951eb52c6d66c9d1a9f8766f4d1c60ca05173c26623de3f3416

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 30 Dec 2021 13:58:21 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
Content-Type
image/gif
Cache-Control
max-age=0
Content-Length
860
Expires
12/29/2021 1:58:21 PM

Redirect headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:21 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://tps628.doubleverify.com/bsevent.gif?impid=dd8e5c5dd4e44ed680f5192e5aaa6445&dvpx_gfbc=1&cbust=1640872701521798&google_hm=2&google_ula=7327243,0
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
363
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
S6u9w4BMUTPHh6UVSwiPGQ.woff2
fonts.gstatic.com/s/lato/v20/ Frame 90A6 		22 KB
22 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/lato/v20/S6u9w4BMUTPHh6UVSwiPGQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Montserrat:600|Lato:700
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:823::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8d3ca80fa271e94b0c36cf3053b0f806b7a42bb3395b424c99dc0bd218f0ac20
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
null
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Sun, 26 Dec 2021 00:38:10 GMT
x-content-type-options
nosniff
age
393611
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
22992
x-xss-protection
0
last-modified
Tue, 10 Aug 2021 00:18:57 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Mon, 26 Dec 2022 00:38:10 GMT
JTURjIg1_i6t8kCHKm45_bZF3gnD_g.woff2
fonts.gstatic.com/s/montserrat/v18/ Frame 90A6 		19 KB
19 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/montserrat/v18/JTURjIg1_i6t8kCHKm45_bZF3gnD_g.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Montserrat:600|Lato:700
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:823::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61519deaa156f24ad28ae848179016c7cc741270cb7b30043c24bd30203bdaf3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
null
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 28 Dec 2021 05:38:46 GMT
x-content-type-options
nosniff
age
202775
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
19824
x-xss-protection
0
last-modified
Tue, 10 Aug 2021 00:20:37 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Wed, 28 Dec 2022 05:38:46 GMT
omweb-v1.js
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 6DAD 		37 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 12:58:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
3566
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12861
x-xss-protection
0
last-modified
Tue, 26 Oct 2021 20:08:54 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="omsdk-team-release-policy"
vary
Accept-Encoding
report-to
{"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type
text/javascript
cache-control
public, max-age=3600
accept-ranges
bytes
expires
Thu, 30 Dec 2021 13:58:55 GMT
omweb-v1.js
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 511D 		37 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 12:58:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
3566
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12861
x-xss-protection
0
last-modified
Tue, 26 Oct 2021 20:08:54 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="omsdk-team-release-policy"
vary
Accept-Encoding
report-to
{"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type
text/javascript
cache-control
public, max-age=3600
accept-ranges
bytes
expires
Thu, 30 Dec 2021 13:58:55 GMT
omweb-v1.js
pagead2.googlesyndication.com/omsdk/releases/live/ Frame CFFF 		37 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 12:58:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
3566
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12861
x-xss-protection
0
last-modified
Tue, 26 Oct 2021 20:08:54 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="omsdk-team-release-policy"
vary
Accept-Encoding
report-to
{"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type
text/javascript
cache-control
public, max-age=3600
accept-ranges
bytes
expires
Thu, 30 Dec 2021 13:58:55 GMT
omweb-v1.js
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 0524 		37 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 12:58:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
3566
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12861
x-xss-protection
0
last-modified
Tue, 26 Oct 2021 20:08:54 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="omsdk-team-release-policy"
vary
Accept-Encoding
report-to
{"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type
text/javascript
cache-control
public, max-age=3600
accept-ranges
bytes
expires
Thu, 30 Dec 2021 13:58:55 GMT
omweb-v1.js
pagead2.googlesyndication.com/omsdk/releases/live/ Frame F9BB 		37 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 12:58:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
3566
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12861
x-xss-protection
0
last-modified
Tue, 26 Oct 2021 20:08:54 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="omsdk-team-release-policy"
vary
Accept-Encoding
report-to
{"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type
text/javascript
cache-control
public, max-age=3600
accept-ranges
bytes
expires
Thu, 30 Dec 2021 13:58:55 GMT
omweb-v1.js
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 5044 		37 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 12:58:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
3566
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12861
x-xss-protection
0
last-modified
Tue, 26 Oct 2021 20:08:54 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="omsdk-team-release-policy"
vary
Accept-Encoding
report-to
{"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type
text/javascript
cache-control
public, max-age=3600
accept-ranges
bytes
expires
Thu, 30 Dec 2021 13:58:55 GMT
media
direct.ad.cpe.dotomi.com/cvx/client/direct/ Frame E1DD 		68 B
364 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://direct.ad.cpe.dotomi.com/cvx/client/direct/media?sid=210061&placement_id=d4c4c58&vpaid=2&m=11&mdf=mp4&vastver=2
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2606:ae80:1451:11::2100 , United States, ASN25751 (VALUECLICK, US),
Reverse DNS
Software
nginx /
Resource Hash
34945e57183f095b83b2afddd4768243e33633e4431a9bc7dc06a421dacee7b3

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:21 GMT
server
nginx
content-type
text/html
access-control-allow-origin
https://www.baltimoresun.com
cache-control
no-cache
access-control-allow-credentials
true
content-length
68
expires
0
json
gum.criteo.com/sid/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwww.baltimoresun.com%2F&domain=www.baltimoresun.com&cw=1&lsw=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:100:a001::c , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept
*/*
Access-Control-Request-Method
GET
Access-Control-Request-Headers
content-type
Origin
https://www.baltimoresun.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
content-type
application/json; charset=utf-8
expires
0
access-control-allow-origin
https://www.baltimoresun.com
access-control-allow-headers
content-type
access-control-allow-credentials
true
access-control-allow-methods
GET
server-processing-duration-in-ticks
1660
date
Thu, 30 Dec 2021 13:58:20 GMT
strict-transport-security
max-age=31536000; preload;
content-encoding
gzip
vary
Accept-Encoding
sid
mug.criteo.com/ Frame 3B1B
Redirect Chain
  • https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwww.baltimoresun.com%2F&domain=www.baltimoresun.com&cw=1&lsw=1
  • https://mug.criteo.com/sid?cpp=oU1uEXw4M0ExTldXS0Y2a3B1UFZyejhMenpYTE4wYTZJRmI1NGRlejhvejBGeGpUZ0hGV1ExRk82MXpua0pXVFZSdC9VNEFoUEM3ZXRobGFFQVdTVExsUTNVTkhxQkIwczVDSkdlTFE2UnJpbjlzWFdXQW1nK3I2UkpLa1...
347 B
612 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mug.criteo.com/sid?cpp=oU1uEXw4M0ExTldXS0Y2a3B1UFZyejhMenpYTE4wYTZJRmI1NGRlejhvejBGeGpUZ0hGV1ExRk82MXpua0pXVFZSdC9VNEFoUEM3ZXRobGFFQVdTVExsUTNVTkhxQkIwczVDSkdlTFE2UnJpbjlzWFdXQW1nK3I2UkpLa1ZaM0crTDFNb1FvSXVxaGtPMTczOFRZck9ueXRaWkR0VEltcHhqaXZvekZzQmpZSzFuRFEwd0VUSWd1eHA3MkZ4cDlIZHRDS2NNbHhzMDlEQ2VIblBaY0lKV0Q4QkFZTXFJMnpidk9adUpoc0dTWFUzeVBQdEp4R29ndW1xbHZwNmZOQjYzaGtVfA&cppv=2
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H2
Server
178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
/
Resource Hash
3d81ac966358b04c1c7630c81d63e1fc2a636164e182568fcef439f02c7a8440
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:22 GMT
content-encoding
gzip
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
null
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
2203
strict-transport-security
max-age=31536000; preload;
expires
0

Redirect headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:21 GMT
location
https://mug.criteo.com/sid?cpp=oU1uEXw4M0ExTldXS0Y2a3B1UFZyejhMenpYTE4wYTZJRmI1NGRlejhvejBGeGpUZ0hGV1ExRk82MXpua0pXVFZSdC9VNEFoUEM3ZXRobGFFQVdTVExsUTNVTkhxQkIwczVDSkdlTFE2UnJpbjlzWFdXQW1nK3I2UkpLa1ZaM0crTDFNb1FvSXVxaGtPMTczOFRZck9ueXRaWkR0VEltcHhqaXZvekZzQmpZSzFuRFEwd0VUSWd1eHA3MkZ4cDlIZHRDS2NNbHhzMDlEQ2VIblBaY0lKV0Q4QkFZTXFJMnpidk9adUpoc0dTWFUzeVBQdEp4R29ndW1xbHZwNmZOQjYzaGtVfA&cppv=2
strict-transport-security
max-age=31536000; preload;
access-control-allow-methods
GET
content-type
text/html; charset=utf-8
access-control-allow-origin
https://www.baltimoresun.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
1647
content-length
509
expires
0
prebid
ib.adnxs.com/ut/v3/ Frame 3B1B 		144 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid4.43.0-4.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.160.114 New York, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
672.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
04d3193ffc3518959af1d0556c110e135eddfc11e9a52f9a9d8b41016fad2363
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.baltimoresun.com/
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Thu, 30 Dec 2021 13:58:21 GMT
X-Proxy-Origin
45.250.25.110; 45.250.25.110; 672.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid
bc8067af-d76d-499a-8891-0a515745d1e9
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://www.baltimoresun.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
144
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
prebid
ib.adnxs.com/ut/v3/ Frame 3B1B 		142 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid4.43.0-4.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.160.114 New York, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
672.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
7ca2f8d7e242a0eb5387651027072a5d125b9c34c1ea5ce0079670dfba0d27a4
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.baltimoresun.com/
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Thu, 30 Dec 2021 13:58:21 GMT
X-Proxy-Origin
45.250.25.110; 45.250.25.110; 672.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid
a7f3c902-5d26-45f0-a4fb-77147186759f
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://www.baltimoresun.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
142
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
mvo
tag.1rx.io/rmp/230257/0/ Frame 3B1B 		0
176 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tag.1rx.io/rmp/230257/0/mvo?z=1r&hbv=4.43,2.1
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid4.43.0-4.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.127.204.162 , United States, ASN26120 (RHYTHMONE, US),
Reverse DNS
Software
Tengine /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.baltimoresun.com/
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.baltimoresun.com
pragma
no-cache
date
Thu, 30 Dec 2021 13:58:21 GMT
cache-control
private, max-age=0, no-cache, no-store
access-control-allow-credentials
true
server
Tengine
mvo
tag.1rx.io/rmp/230257/0/ Frame 3B1B 		0
176 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tag.1rx.io/rmp/230257/0/mvo?z=1r&hbv=4.43,2.1
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid4.43.0-4.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.127.204.162 , United States, ASN26120 (RHYTHMONE, US),
Reverse DNS
Software
Tengine /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.baltimoresun.com/
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.baltimoresun.com
pragma
no-cache
date
Thu, 30 Dec 2021 13:58:21 GMT
cache-control
private, max-age=0, no-cache, no-store
access-control-allow-credentials
true
server
Tengine
mvo
tag.1rx.io/rmp/230257/0/ Frame 3B1B 		0
176 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tag.1rx.io/rmp/230257/0/mvo?z=1r&hbv=4.43,2.1
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid4.43.0-4.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.127.204.162 , United States, ASN26120 (RHYTHMONE, US),
Reverse DNS
Software
Tengine /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.baltimoresun.com/
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.baltimoresun.com
pragma
no-cache
date
Thu, 30 Dec 2021 13:58:21 GMT
cache-control
private, max-age=0, no-cache, no-store
access-control-allow-credentials
true
server
Tengine
mvo
tag.1rx.io/rmp/230257/0/ Frame 3B1B 		0
176 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tag.1rx.io/rmp/230257/0/mvo?z=1r&hbv=4.43,2.1
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid4.43.0-4.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.127.204.162 , United States, ASN26120 (RHYTHMONE, US),
Reverse DNS
Software
Tengine /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.baltimoresun.com/
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.baltimoresun.com
pragma
no-cache
date
Thu, 30 Dec 2021 13:58:21 GMT
cache-control
private, max-age=0, no-cache, no-store
access-control-allow-credentials
true
server
Tengine
si
googleads.g.doubleclick.net/pagead/drt/ Frame 571A
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
0
16 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by
Host: 76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com
URL: https://76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80b::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-US,en;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Thu, 30 Dec 2021 13:58:21 GMT
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Thu, 30 Dec 2021 13:58:21 GMT
cache-control
private

Redirect headers

location
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control
private
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Thu, 30 Dec 2021 13:58:21 GMT
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
us
capi.connatix.com/core/ Frame E1DD 		0
321 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi.connatix.com/core/us?v=143023
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.220.25.210 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-220-25-210.us-east-2.compute.amazonaws.com
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Thu, 30 Dec 2021 13:58:21 GMT
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://www.baltimoresun.com
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
20
us
capi.connatix.com/core/ Frame E1DD 		0
321 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi.connatix.com/core/us?v=143023
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.220.25.210 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-220-25-210.us-east-2.compute.amazonaws.com
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Thu, 30 Dec 2021 13:58:21 GMT
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://www.baltimoresun.com
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
20
impl_v81.js
www.googletagservices.com/dcm/ Frame E013 		41 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/dcm/impl_v81.js
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/dcmads.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:816::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f3be6ad457ba5d4425f4d105688e9cf5a32595ff156bd290c8ccbe0e6ca3a68a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Sat, 25 Dec 2021 17:15:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
420193
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
17189
x-xss-protection
0
last-modified
Mon, 29 Nov 2021 19:28:15 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-dcm-tag"
vary
Accept-Encoding
report-to
{"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sun, 25 Dec 2022 17:15:08 GMT
f8gou5y2Dfq0zn72-W9hYw99gWviw2ua4IRi-orcC78.js
pagead2.googlesyndication.com/bg/ Frame 6AC6 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/f8gou5y2Dfq0zn72-W9hYw99gWviw2ua4IRi-orcC78.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7fc828bb9cb60dfab4ce7ef6f96f61630f7d816be2c36b9ae08462fa8adc0bbf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 29 Dec 2021 01:48:38 GMT
content-encoding
br
x-content-type-options
nosniff
age
130183
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13559
x-xss-protection
0
last-modified
Mon, 06 Dec 2021 19:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 29 Dec 2022 01:48:38 GMT
sid
mug.criteo.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://mug.criteo.com/sid?cpp=oU1uEXw4M0ExTldXS0Y2a3B1UFZyejhMenpYTE4wYTZJRmI1NGRlejhvejBGeGpUZ0hGV1ExRk82MXpua0pXVFZSdC9VNEFoUEM3ZXRobGFFQVdTVExsUTNVTkhxQkIwczVDSkdlTFE2UnJpbjlzWFdXQW1nK3I2UkpLa1ZaM0crTDFNb1FvSXVxaGtPMTczOFRZck9ueXRaWkR0VEltcHhqaXZvekZzQmpZSzFuRFEwd0VUSWd1eHA3MkZ4cDlIZHRDS2NNbHhzMDlEQ2VIblBaY0lKV0Q4QkFZTXFJMnpidk9adUpoc0dTWFUzeVBQdEp4R29ndW1xbHZwNmZOQjYzaGtVfA&cppv=2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept
*/*
Access-Control-Request-Method
GET
Access-Control-Request-Headers
content-type
Origin
null
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
content-type
application/json; charset=utf-8
expires
0
access-control-allow-origin
null
access-control-allow-headers
content-type
access-control-allow-credentials
true
access-control-allow-methods
GET
server-processing-duration-in-ticks
1022
date
Thu, 30 Dec 2021 13:58:21 GMT
strict-transport-security
max-age=31536000; preload;
content-encoding
gzip
vary
Accept-Encoding
PugMaster
image6.pubmatic.com/AdServer/ Frame EFD1 		5 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=36799382&p=156592&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=156592&s=&predirect=https%3A%2F%2Fcapi.connatix.com%2Fcore%2Fus%3FDemandPartner%3D2%26UserId%3Df1a7817fe20f4597938371768ad6be84%26DemandPartnerName%3DPubmatic%26DemandPartnerUserId%3D&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
8.28.7.81 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
eeb64bc99cfdedfe9dc9cd5f417163ddef1762bda21692fca09281e632e6f43d

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:20 GMT
content-type
text/html; charset=UTF-8
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
postback
s.srvsynd.com/2/2.43.1/234175/AP4v3tgJBZc63V4i/ 		0
145 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://s.srvsynd.com/2/2.43.1/234175/AP4v3tgJBZc63V4i/postback?oz_pl=1&ci=234175&dt=2341751597675869250012&di=www.baltimoresun.com&ui=f1a7817fe20f4597938371768ad6be84&ap=undefined&sr=connatix.com&de=2&md=2&pp=780864319626685&ti=x1212214887973369980443275100160&to=3&pv=8266dd6e-3c76-4285-9592-6a0ab89c378d&_x=1
Requested by
Host: s.srvsynd.com
URL: https://s.srvsynd.com/2/234175/analytics.js?dt=2341751597675869250012&di=www.baltimoresun.com&ui=f1a7817fe20f4597938371768ad6be84&md=2&ap=undefined&sr=connatix.com&pp=780864319626685&ti=x1212214887973369980443275100160&de=2&to=3&pv=8266dd6e-3c76-4285-9592-6a0ab89c378d
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
34.226.87.209 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-226-87-209.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.baltimoresun.com/
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
*
Date
Thu, 30 Dec 2021 13:58:21 GMT
Timing-Allow-Origin
*
Content-Length
0
Vary
Origin
B9689862.280410797;dc_ver=81.236;dc_eid=40004000;sz=300x250;u_sd=1;dc_adk=3480848358;ord=n1y1ln;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%2Cnull%2Cnull%2C%22%22%5D;dc_rfl=1,https%...
ad.doubleclick.net/ddm/adj/N1395.150740DOUBLEVERIFY/ Frame E013 		58 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ad.doubleclick.net/ddm/adj/N1395.150740DOUBLEVERIFY/B9689862.280410797;dc_ver=81.236;dc_eid=40004000;sz=300x250;u_sd=1;dc_adk=3480848358;ord=n1y1ln;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%2Cnull%2Cnull%2C%22%22%5D;dc_rfl=1,https%3A%2F%2Fwww.baltimoresun.com%2F$0;xdt=1;crlt=C8-C3LMdy_;sttr=183;prcl=s
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/impl_v81.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.65.230 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s73-in-f6.1e100.net
Software
cafe /
Resource Hash
02bd40051130b0945ef0f22ccff190169852b3fe44f3ea7bf4075d2c437b30f6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:21 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
23817
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
%7B%22status%22%3A1%2C%22pubid%22%3A%223503%22%2C%22_type%22%3A%22bidSetPixel%22%2C%22toa%22%3A0%2C%22fbrq%22%3A1640872698411%2C%22pto%22%3A1000%2C%22ns%22%3A1%2C%22bla%22%3A440%2C%22reqindex%22%3A...
aax.amazon-adsystem.com/x/px/IjFFN1A-y7A6PldBjSN8cEgAAAF-C6JjHwEAAA2vAXVkttc/ 		43 B
457 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aax.amazon-adsystem.com/x/px/IjFFN1A-y7A6PldBjSN8cEgAAAF-C6JjHwEAAA2vAXVkttc/%7B%22status%22%3A1%2C%22pubid%22%3A%223503%22%2C%22_type%22%3A%22bidSetPixel%22%2C%22toa%22%3A0%2C%22fbrq%22%3A1640872698411%2C%22pto%22%3A1000%2C%22ns%22%3A1%2C%22bla%22%3A440%2C%22reqindex%22%3A3%2C%22fid%22%3A%222%22%2C%22tbs%22%3A0%2C%22c%22%3A%22dtb%22%2C%22delay%22%3A-688%2C%22ul%22%3A478%2C%22es%22%3A584%2C%22_tl%22%3A%22aps-tag%22%2C%22src%22%3A%223503%22%2C%22lv%22%3A%227.71.1%22%7D
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
209.54.177.91 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 30 Dec 2021 13:58:21 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
JG4RRHK1HD5HMR1FA153
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Content-Type
image/gif
Cache-Control
no-cache
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
43
%7B%22pid%22%3A%226RqX7mJDnud4f%22%2C%22ns%22%3A1%2C%22fid%22%3A%222%22%2C%22fbrq%22%3A1640872698411%2C%22_type%22%3A%22latencyBd%22%2C%22a%22%3A1.5%2C%22b%22%3A1.5%2C%22c%22%3A1.5%2C%22d%22%3A1.5%...
aax.amazon-adsystem.com/x/px/IjFFN1A-y7A6PldBjSN8cEgAAAF-C6JjHwEAAA2vAXVkttc/ 		43 B
457 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aax.amazon-adsystem.com/x/px/IjFFN1A-y7A6PldBjSN8cEgAAAF-C6JjHwEAAA2vAXVkttc/%7B%22pid%22%3A%226RqX7mJDnud4f%22%2C%22ns%22%3A1%2C%22fid%22%3A%222%22%2C%22fbrq%22%3A1640872698411%2C%22_type%22%3A%22latencyBd%22%2C%22a%22%3A1.5%2C%22b%22%3A1.5%2C%22c%22%3A1.5%2C%22d%22%3A1.5%2C%22e%22%3A1.5%2C%22f%22%3A1.5%2C%22g%22%3A2.5%2C%22h%22%3A259.5%2C%22i%22%3A260.5%2C%22j%22%3A440%2C%22_tl%22%3A%22aps-tag%22%2C%22src%22%3A%223503%22%2C%22lv%22%3A%227.71.1%22%7D
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
209.54.177.91 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 30 Dec 2021 13:58:21 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
EXF2662AZPH9YF8HE5VD
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Content-Type
image/gif
Cache-Control
no-cache
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
43
activeview
pagead2.googlesyndication.com/pcs/ Frame 2A41 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvHPP_vwoIHkrmQCREKKZUrxJhGFD4IJe-8OKbfUGYP__UbGO0JNQL_qw7DQ0hfnla1a0BMD4xgdBKxcJkZJFPQjiKVRLSCJapYHaS8gugMLTAPjvQ&sai=AMfl-YTf4s2JJALByGq3M4e5oOC02lJD1NH0pc3i5sw6nDQ0mMNP-paOpHQgdqJN8BvyZyq8TwuNBd0f58jbdMw4fw4PorLOJlRtYqWcZ75QpLS-3TpBrUzbq6IfpuE&sig=Cg0ArKJSzNtvsuEyIFTJEAE&cid=CAASFeRo90Fsfgv_twpk4hxp-XcuJQRfFg&id=lidar2&mcvt=1027&p=785,1056,1035,1356&mtos=1027,1027,1027,1027,1027&tos=1027,0,0,0,0&v=20211202&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=2&adk=970833480&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1640872699468&rpt=1359&isd=0&lsd=0&met=mue&wmsd=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:21 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
postback
s.srvsynd.com/2/2.43.1/234175/AP4v3tgJBZc63V4i/ 		0
145 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://s.srvsynd.com/2/2.43.1/234175/AP4v3tgJBZc63V4i/postback?ci=234175&dt=2341751597675869250012&di=www.baltimoresun.com&ui=f1a7817fe20f4597938371768ad6be84&ap=undefined&sr=connatix.com&de=2&md=2&pp=780864319626685&ti=x1212214887973369980443275100160&to=3&pv=8266dd6e-3c76-4285-9592-6a0ab89c378d&sid=AP4v3tgJBZc63V4i&oz_sc=d1a5b9c31009128bce120ef1&oz_df=1640872701853&oz_l=234&cv=3
Requested by
Host: s.srvsynd.com
URL: https://s.srvsynd.com/2/2.43.1/main.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
34.226.87.209 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-226-87-209.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.baltimoresun.com/
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
*
Date
Thu, 30 Dec 2021 13:58:21 GMT
Timing-Allow-Origin
*
Content-Length
0
Vary
Origin
usersync.aspx
dis.criteo.com/dis/ Frame 70AD 		43 B
362 B 		Document
General
Check archive.org
Download Go to
Full URL
https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=156592&s=&predirect=https%3A%2F%2Fcapi.connatix.com%2Fcore%2Fus%3FDemandPartner%3D2%26UserId%3Df1a7817fe20f4597938371768ad6be84%26DemandPartnerName%3DPubmatic%26DemandPartnerUserId%3D&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
74.119.119.150 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
Kestrel /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-US,en;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

date
Thu, 30 Dec 2021 13:58:21 GMT
content-type
image/gif
server
Kestrel
cache-control
no-cache
pragma
no-cache
expires
Thu, 30 Dec 2021 00:00:00 GMT
x-errorlevel
0
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cross-origin-resource-policy
cross-origin
server-processing-duration-in-ticks
556753
strict-transport-security
max-age=31536000; preload;
141
match.deepintent.com/usersync/ Frame B576 		0
223 B 		Document
General
Check archive.org
Download Go to
Full URL
https://match.deepintent.com/usersync/141?gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=156592&s=&predirect=https%3A%2F%2Fcapi.connatix.com%2Fcore%2Fus%3FDemandPartner%3D2%26UserId%3Df1a7817fe20f4597938371768ad6be84%26DemandPartnerName%3DPubmatic%26DemandPartnerUserId%3D&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
169.197.150.7 , United States, ASN398989 (DEEPINTENT, US),
Reverse DNS
g.deepintent.com
Software
a /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-US,en;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

p3p
policyref='http://cdn.deepintent.com/p3p.xml', CP='NON CUR DEV TAI'
content-type
image/gif
content-length
0
date
Thu, 30 Dec 2021 13:58:21 GMT
server
a
Pug
simage2.pubmatic.com/AdServer/ Frame D3E3
Redirect Chain
  • https://cm.adgrx.com/bridge?AG_PID=pubmatic&AG_SETCOOKIE&gdpr=0&gdpr_consent=
  • https://cm.adgrx.com/bridge.gif?AG_PID=pubmatic&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDEmdGw9MTI5NjAw&piggybackCookie=8cc640ec-6978-11ec-9f00-7928b90ff49e
568 B
642 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDEmdGw9MTI5NjAw&piggybackCookie=8cc640ec-6978-11ec-9f00-7928b90ff49e
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=156592&s=&predirect=https%3A%2F%2Fcapi.connatix.com%2Fcore%2Fus%3FDemandPartner%3D2%26UserId%3Df1a7817fe20f4597938371768ad6be84%26DemandPartnerName%3DPubmatic%26DemandPartnerUserId%3D&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.36.115.109 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
7921a6035cc8a0981a5dee737dd3d29b150ddd48407717d3fca4b6376f2b0e70

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-US,en;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
date
Thu, 30 Dec 2021 12:55:17 GMT
content-type
text/html; charset=UTF-8
content-length
568

Redirect headers

Date
Thu, 30 Dec 2021 13:58:22 GMT
Content-Type
image/gif
Content-Length
0
Connection
keep-alive
server
Cowboy
Location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDEmdGw9MTI5NjAw&piggybackCookie=8cc640ec-6978-11ec-9f00-7928b90ff49e
X-RealServer-NX
lga-delivery-2
Cache-Control
no-cache, no-store, must-revalidate, proxy-revalidate
Pragma
no-cache
Expires
Thu, 23 Sep 2004 17:42:04 GMT
P3P
CP="NOI OTC OTP OUR NOR"
Access-Control-Allow-Origin
*
Pug
simage2.pubmatic.com/AdServer/ Frame 2A67
Redirect Chain
  • https://sync.srv.stackadapt.com/sync?nid=11
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=zMocoBWdTUFFZe1obrBfIS36GW4
42 B
373 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=zMocoBWdTUFFZe1obrBfIS36GW4
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=156592&s=&predirect=https%3A%2F%2Fcapi.connatix.com%2Fcore%2Fus%3FDemandPartner%3D2%26UserId%3Df1a7817fe20f4597938371768ad6be84%26DemandPartnerName%3DPubmatic%26DemandPartnerUserId%3D&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.36.115.109 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-US,en;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
date
Thu, 30 Dec 2021 13:58:22 GMT
content-type
image/gif; charset=utf-8
content-length
42
x-lat
njrpug002:0:629
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
no-store, no-cache, private

Redirect headers

Content-Type
text/html; charset=utf-8
Date
Thu, 30 Dec 2021 13:58:21 GMT
Location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=zMocoBWdTUFFZe1obrBfIS36GW4
Content-Length
159
Connection
keep-alive
i.match
s.tribalfusion.com/z/ Frame B5BA
Redirect Chain
  • https://a.tribalfusion.com/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATI...
  • https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMA...
43 B
415 B 		Document
General
Check archive.org
Download Go to
Full URL
https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=156592&s=&predirect=https%3A%2F%2Fcapi.connatix.com%2Fcore%2Fus%3FDemandPartner%3D2%26UserId%3Df1a7817fe20f4597938371768ad6be84%26DemandPartnerName%3DPubmatic%26DemandPartnerUserId%3D&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:c05 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4f49e616d278a16d9cd55a6d5fe19c99ebd37d7d3848d14422190618b67011e0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-US,en;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

date
Thu, 30 Dec 2021 13:58:22 GMT
content-type
image/gif; charset=utf-8
content-length
43
p3p
CP="NOI DEVo TAIa OUR BUS"
x-function
302
cache-control
no-cache private
expires
Thu, 01 Jan 1970 00:00:00 GMT
pragma
no-cache
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
6c5bc8545e145ce8-IAD
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

Redirect headers

date
Thu, 30 Dec 2021 13:58:22 GMT
content-type
text/html
location
https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
p3p
CP="NOI DEVo TAIa OUR BUS"
x-function
206
x-reuse-index
102
cache-control
no-cache private
expires
Thu, 01 Jan 1970 00:00:00 GMT
pragma
no-cache
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
6c5bc853bd6b5ce8-IAD
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
Pug
simage2.pubmatic.com/AdServer/ Frame D9A0
Redirect Chain
  • https://pm.w55c.net/ping_match.gif?ei=PUBMATIC&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:_wfivefivec_&gdpr=0&gdpr_consent=
  • https://pm.w55c.net/ping_match.gif?scc=1&ei=PUBMATIC&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:_wfivefivec_&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:Ev34cJ1d1N2VWK5&gdpr=0&gdpr_consent=
42 B
211 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:Ev34cJ1d1N2VWK5&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=156592&s=&predirect=https%3A%2F%2Fcapi.connatix.com%2Fcore%2Fus%3FDemandPartner%3D2%26UserId%3Df1a7817fe20f4597938371768ad6be84%26DemandPartnerName%3DPubmatic%26DemandPartnerUserId%3D&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.36.115.109 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-US,en;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
date
Thu, 30 Dec 2021 13:58:22 GMT
content-type
image/gif; charset=utf-8
content-length
42
x-lat
njrpug019:0:603
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
no-store, no-cache, private

Redirect headers

Cache-Control
no-cache, must-revalidate
Date
Thu, 30 Dec 2021 13:58:21 GMT
Expires
Fri, 01 Jan 1990 00:00:00 GMT
Location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:Ev34cJ1d1N2VWK5&gdpr=0&gdpr_consent=
Pragma
no-cache
Server
PingMatch/v2.0.30-693-g87a8e09#rel-ec2-master i-09ea9fd12bd276632@us-east-1e@dxedge-app-us-east-1-prod-asg
Strict-Transport-Security
max-age=2592000; includeSubDomains
Content-Length
0
Connection
keep-alive
Pug
simage2.pubmatic.com/AdServer/ Frame DEF4
Redirect Chain
  • https://ums.acuityplatform.com/tum?umid=6
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI5NDcmdGw9MTI5NjAw&piggybackCookie=635661617131
42 B
361 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI5NDcmdGw9MTI5NjAw&piggybackCookie=635661617131
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=156592&s=&predirect=https%3A%2F%2Fcapi.connatix.com%2Fcore%2Fus%3FDemandPartner%3D2%26UserId%3Df1a7817fe20f4597938371768ad6be84%26DemandPartnerName%3DPubmatic%26DemandPartnerUserId%3D&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.36.115.109 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-US,en;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
date
Thu, 30 Dec 2021 13:58:21 GMT
content-type
image/gif; charset=utf-8
content-length
42
x-lat
njrpug029:0:559
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
no-store, no-cache, private

Redirect headers

Content-Length
0
Access-Control-Allow-Origin
*
Location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI5NDcmdGw9MTI5NjAw&piggybackCookie=635661617131
Pug
image2.pubmatic.com/AdServer/ Frame EC4C
Redirect Chain
  • https://mweb.ck.inmobi.com/sync/15?redirect=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA%3D%3D%26piggybackCookie%3D%24DSP_CKID
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA==&piggybackCookie=5bb3797a-fc9f-4495-909a-e7dc4c592013
1 B
427 B 		Document
General
Check archive.org
Download Go to
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA==&piggybackCookie=5bb3797a-fc9f-4495-909a-e7dc4c592013
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=156592&s=&predirect=https%3A%2F%2Fcapi.connatix.com%2Fcore%2Fus%3FDemandPartner%3D2%26UserId%3Df1a7817fe20f4597938371768ad6be84%26DemandPartnerName%3DPubmatic%26DemandPartnerUserId%3D&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-US,en;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
date
Thu, 30 Dec 2021 13:58:21 GMT
content-type
text/html; charset=utf-8
content-length
1
x-lat
va1pug018:0:558
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
no-store, no-cache, private

Redirect headers

date
Thu, 30 Dec 2021 13:58:22 GMT
content-length
0
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA==&piggybackCookie=5bb3797a-fc9f-4495-909a-e7dc4c592013
expires
Thu, 01 Jan 1970 00:00:00 GMT
strict-transport-security
max-age=15724800; includeSubDomains
Pug
simage2.pubmatic.com/AdServer/ Frame 350E
Redirect Chain
  • https://px.owneriq.net/epm?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzMmdGw9MTI5NjAw&piggybackCookie=$UID
  • https://px.owneriq.net/ecc?redir=https%3a%2f%2fsimage2.pubmatic.com%2fAdServer%2fPug%3fvcode%3dbz0yJnR5cGU9MSZjb2RlPTMwNzMmdGw9MTI5NjAw%26piggybackCookie%3dQ6941591021453854449&uid=Q694159102145385...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzMmdGw9MTI5NjAw&piggybackCookie=Q6941591021453854449
42 B
390 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzMmdGw9MTI5NjAw&piggybackCookie=Q6941591021453854449
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=156592&s=&predirect=https%3A%2F%2Fcapi.connatix.com%2Fcore%2Fus%3FDemandPartner%3D2%26UserId%3Df1a7817fe20f4597938371768ad6be84%26DemandPartnerName%3DPubmatic%26DemandPartnerUserId%3D&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.36.115.109 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-US,en;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
date
Thu, 30 Dec 2021 12:32:56 GMT
content-type
image/gif; charset=utf-8
content-length
42
x-lat
njrpug022:0:508
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
no-store, no-cache, private

Redirect headers

Server
Apache/2.2.15 (CentOS)
Content-Length
154
Content-Type
text/html
Location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzMmdGw9MTI5NjAw&piggybackCookie=Q6941591021453854449
X-Powered-By
PHP/5.3.3
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Vary
Accept-Encoding
Cache-Control
max-age=34084
Date
Thu, 30 Dec 2021 13:58:22 GMT
Connection
keep-alive
Pug
simage2.pubmatic.com/AdServer/ Frame 8B63
Redirect Chain
  • https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent=
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=1413777693
  • https://sync.1rx.io/usersync/tradedesk/e0abe75f-a4ea-4fff-b6a5-5da8b250c6e4
  • https://sync.targeting.unrulymedia.com/csync/RX-c726f1b5-f2ac-41a2-bd61-14d6eda8e3c6-005?redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA%...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-c726f1b5-f2ac-41a2-bd61-14d6eda8e3c6-005
42 B
233 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-c726f1b5-f2ac-41a2-bd61-14d6eda8e3c6-005
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=156592&s=&predirect=https%3A%2F%2Fcapi.connatix.com%2Fcore%2Fus%3FDemandPartner%3D2%26UserId%3Df1a7817fe20f4597938371768ad6be84%26DemandPartnerName%3DPubmatic%26DemandPartnerUserId%3D&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.36.115.109 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-US,en;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
date
Thu, 30 Dec 2021 13:58:22 GMT
content-type
image/gif; charset=utf-8
content-length
42
x-lat
njrpug001:0:435
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
no-store, no-cache, private

Redirect headers

Server
Tengine
Date
Thu, 30 Dec 2021 13:58:22 GMT
Content-Type
text/html
Transfer-Encoding
chunked
Connection
keep-alive
P3P
CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
Location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-c726f1b5-f2ac-41a2-bd61-14d6eda8e3c6-005
ETag
RXc726f1b5f2ac41a2bd6114d6eda8e3c6005
usersync
match.bnmla.com/ Frame AFD0 		0
114 B 		Document
General
Check archive.org
Download Go to
Full URL
https://match.bnmla.com/usersync?sspid=10738&redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI3NzUmdGw9MTI5NjAw%26piggybackCookie%3D%5BUUID%5D
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=156592&s=&predirect=https%3A%2F%2Fcapi.connatix.com%2Fcore%2Fus%3FDemandPartner%3D2%26UserId%3Df1a7817fe20f4597938371768ad6be84%26DemandPartnerName%3DPubmatic%26DemandPartnerUserId%3D&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
38.27.122.158 , United States, ASN174 (COGENT-174, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-US,en;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

Server
nginx
Date
Thu, 30 Dec 2021 13:58:22 GMT
Content-Length
0
Connection
keep-alive
pbmtc.gif
beacon.lynx.cognitivlabs.com/ Frame 8382
Redirect Chain
  • https://beacon.lynx.cognitivlabs.com/pbmtc.gif?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0xJnR5cGU9MSZjb2RlPTM0MzkmdGw9MTI5NjAw&piggybackCookie=$UID
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0xJnR5cGU9MSZjb2RlPTM0MzkmdGw9MTI5NjAw&piggybackCookie=5d5a98bc-20aa-4663-b0c6-8b234992b77d&r=https://beacon.lynx.cognitivlabs.com/pbmtc.gif?puid=$...
  • https://beacon.lynx.cognitivlabs.com/pbmtc.gif?puid=9AEF885A-3E04-4A8E-9A29-6FFBCF07119E
42 B
355 B 		Document
General
Check archive.org
Download Go to
Full URL
https://beacon.lynx.cognitivlabs.com/pbmtc.gif?puid=9AEF885A-3E04-4A8E-9A29-6FFBCF07119E
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=156592&s=&predirect=https%3A%2F%2Fcapi.connatix.com%2Fcore%2Fus%3FDemandPartner%3D2%26UserId%3Df1a7817fe20f4597938371768ad6be84%26DemandPartnerName%3DPubmatic%26DemandPartnerUserId%3D&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.20.156.159 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-20-156-159.compute-1.amazonaws.com
Software
Kestrel /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-US,en;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

date
Thu, 30 Dec 2021 13:58:22 GMT
content-type
image/gif
content-length
42
server
Kestrel

Redirect headers

server
nginx
date
Thu, 30 Dec 2021 13:58:22 GMT
x-lat
njrpug007:0:570
location
https://beacon.lynx.cognitivlabs.com/pbmtc.gif?puid=9AEF885A-3E04-4A8E-9A29-6FFBCF07119E
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
no-store, no-cache, private
rtb-h
match.taboola.com/sg/pubmatic-ssp-network/1/ Frame 44E3
Redirect Chain
  • https://trc.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw&piggybackCookie=uid:$UID
  • https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdSe...
0
53 B 		Document
General
Check archive.org
Download Go to
Full URL
https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=156592&s=&predirect=https%3A%2F%2Fcapi.connatix.com%2Fcore%2Fus%3FDemandPartner%3D2%26UserId%3Df1a7817fe20f4597938371768ad6be84%26DemandPartnerName%3DPubmatic%26DemandPartnerUserId%3D&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-US,en;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
accept-ranges
bytes
date
Thu, 30 Dec 2021 13:58:22 GMT
via
1.1 varnish
x-served-by
cache-dca17780-DCA
x-cache
MISS
x-cache-hits
0
x-timer
S1640872702.038554,VS0,VE7
content-length
0

Redirect headers

server
nginx
location
https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
accept-ranges
bytes
date
Thu, 30 Dec 2021 13:58:22 GMT
via
1.1 varnish
x-served-by
cache-dca17780-DCA
x-cache
MISS
x-cache-hits
0
x-timer
S1640872702.002762,VS0,VE8
x-vcl-time-ms
8
content-length
0
Pug
image2.pubmatic.com/AdServer/ Frame F9A8
Redirect Chain
  • https://gocm.c.appier.net/pubmatic
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=4YvWuSrvAdGO0tDJ_rrNYQ
42 B
238 B 		Document
General
Check archive.org
Download Go to
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=4YvWuSrvAdGO0tDJ_rrNYQ
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=156592&s=&predirect=https%3A%2F%2Fcapi.connatix.com%2Fcore%2Fus%3FDemandPartner%3D2%26UserId%3Df1a7817fe20f4597938371768ad6be84%26DemandPartnerName%3DPubmatic%26DemandPartnerUserId%3D&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-US,en;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
date
Thu, 30 Dec 2021 13:58:22 GMT
content-type
image/gif; charset=utf-8
content-length
42
x-lat
10:0:445
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
no-store, no-cache, private

Redirect headers

server
nginx
date
Thu, 30 Dec 2021 13:58:22 GMT
content-type
text/html; charset=utf-8
content-length
153
cache-control
no-store
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=4YvWuSrvAdGO0tDJ_rrNYQ
p3p
CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pug
simage2.pubmatic.com/AdServer/ Frame F402
Redirect Chain
  • https://csync.loopme.me/?redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie={device_id}&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0
0
89 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=156592&s=&predirect=https%3A%2F%2Fcapi.connatix.com%2Fcore%2Fus%3FDemandPartner%3D2%26UserId%3Df1a7817fe20f4597938371768ad6be84%26DemandPartnerName%3DPubmatic%26DemandPartnerUserId%3D&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.36.115.109 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-US,en;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
date
Thu, 30 Dec 2021 13:58:22 GMT
content-type
text/html; charset=utf-8
x-lat
njrpug019:2:370
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
no-store, no-cache, private
content-encoding
gzip

Redirect headers

location
https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0
content-length
0
date
Thu, 30 Dec 2021 13:58:22 GMT
server
_
cookiesync
core.iprom.net/ Frame 0781 		43 B
279 B 		Document
General
Check archive.org
Download Go to
Full URL
https://core.iprom.net/cookiesync
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=156592&s=&predirect=https%3A%2F%2Fcapi.connatix.com%2Fcore%2Fus%3FDemandPartner%3D2%26UserId%3Df1a7817fe20f4597938371768ad6be84%26DemandPartnerName%3DPubmatic%26DemandPartnerUserId%3D&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
195.5.165.20 , Slovenia, ASN44968 (IPROM-AS, SI),
Reverse DNS
Software
/
Resource Hash
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-US,en;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

Vary
Accept-Encoding
X-adserver-worker
avatar-b351b7508758@version_1.366v3
Connection
close
X-server-arch
v2
Content-Type
image/gif
Content-Length
43
X-core-time
1ms
Date
Thu, 30 Dec 2021 13:58:22 GMT
Pug
simage2.pubmatic.com/AdServer/ Frame A530
Redirect Chain
  • https://um.simpli.fi/pm_match?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:$UID
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:7C30F16DB53846EBADAE183D17DE974E
1 B
88 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:7C30F16DB53846EBADAE183D17DE974E
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=156592&s=&predirect=https%3A%2F%2Fcapi.connatix.com%2Fcore%2Fus%3FDemandPartner%3D2%26UserId%3Df1a7817fe20f4597938371768ad6be84%26DemandPartnerName%3DPubmatic%26DemandPartnerUserId%3D&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.36.115.109 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-US,en;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
date
Thu, 30 Dec 2021 13:58:22 GMT
content-type
text/html; charset=utf-8
content-length
1
x-lat
njrpug003:0:493
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
no-store, no-cache, private

Redirect headers

server
nginx
date
Thu, 30 Dec 2021 13:58:22 GMT
content-type
text/html
content-length
138
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:7C30F16DB53846EBADAE183D17DE974E
expires
Wed, 29 Dec 2021 13:58:22 GMT
cache-control
no-cache
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
access-control-allow-origin
*
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
us
capi.connatix.com/core/ Frame 8A4E 		0
188 B 		Document
General
Check archive.org
Download Go to
Full URL
https://capi.connatix.com/core/us?DemandPartner=2&UserId=f1a7817fe20f4597938371768ad6be84&DemandPartnerName=Pubmatic&DemandPartnerUserId=9AEF885A-3E04-4A8E-9A29-6FFBCF07119E
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=156592&s=&predirect=https%3A%2F%2Fcapi.connatix.com%2Fcore%2Fus%3FDemandPartner%3D2%26UserId%3Df1a7817fe20f4597938371768ad6be84%26DemandPartnerName%3DPubmatic%26DemandPartnerUserId%3D&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.220.25.210 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-220-25-210.us-east-2.compute.amazonaws.com
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-US,en;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

access-control-allow-credentials
true
content-type
application/json
date
Thu, 30 Dec 2021 13:58:21 GMT
server
Kestrel
Content-Length
0
Connection
keep-alive
/
pixel.onaudience.com/ Frame EFD1
Redirect Chain
  • https://pixel.onaudience.com/?partner=214&mapped=9AEF885A-3E04-4A8E-9A29-6FFBCF07119E
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=xksw9la&ttd_tpi=1
  • https://pixel.onaudience.com/?partner=147&mapped=e0abe75f-a4ea-4fff-b6a5-5da8b250c6e4&icm
  • https://loada.exelator.com/load/?p=1164&g=1&j=r&ru=https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D161%26icm%26cver%26mapped%3D%25%25UID%25%25
  • https://loada.exelator.com/load/?p=1164&g=1&j=r&ru=https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D161%26icm%26cver%26mapped%3D%25%25UID%25%25&xl8blockcheck=1
  • https://pixel.onaudience.com/?partner=161&icm&cver&mapped=1d905505bb6df16f493cc0ee5b2b8040
35 B
248 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.onaudience.com/?partner=161&icm&cver&mapped=1d905505bb6df16f493cc0ee5b2b8040
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=156592&s=&predirect=https%3A%2F%2Fcapi.connatix.com%2Fcore%2Fus%3FDemandPartner%3D2%26UserId%3Df1a7817fe20f4597938371768ad6be84%26DemandPartnerName%3DPubmatic%26DemandPartnerUserId%3D&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&
Protocol
HTTP/1.1
Server
51.79.83.225 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS
pikafka-5.cloudy.ovh
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-length
35
content-type
image/gif

Redirect headers

date
Thu, 30 Dec 2021 13:58:22 GMT
server
nginx
x-powered-by
Undertow/1
p3p
policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
location
https://pixel.onaudience.com/?partner=161&icm&cver&mapped=1d905505bb6df16f493cc0ee5b2b8040
cache-control
no-cache
access-control-allow-credentials
true
content-type
text/html
content-length
0
Artemis
aud.pubmatic.com/AdServer/ Frame EFD1
Redirect Chain
  • https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=9AEF885A-3E04-4A8E-9A29-6FFBCF07119E&gdpr=
  • https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=9AEF885A-3E04-4A8E-9A29-6FFBCF07119E&gdpr=&fbounce=1
  • https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=9AEF885A-3E04-4A8E-9A29-6FFBCF07119E&addseg=10,33,39
43 B
43 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=9AEF885A-3E04-4A8E-9A29-6FFBCF07119E&addseg=10,33,39
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=156592&s=&predirect=https%3A%2F%2Fcapi.connatix.com%2Fcore%2Fus%3FDemandPartner%3D2%26UserId%3Df1a7817fe20f4597938371768ad6be84%26DemandPartnerName%3DPubmatic%26DemandPartnerUserId%3D&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&
Protocol
H2
Server
162.248.18.10 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:22 GMT
content-length
43
content-type
text/plain; charset=utf-8

Redirect headers

date
Thu, 30 Dec 2021 13:58:22 GMT
via
1.1 google
p3p
CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
location
https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=9AEF885A-3E04-4A8E-9A29-6FFBCF07119E&addseg=10,33,39
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
content-type
text/html; charset=utf-8
alt-svc
clear
content-length
141
g.pixel
aa.agkn.com/adscores/ Frame EFD1 		43 B
656 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aa.agkn.com/adscores/g.pixel?sid=9212308278&puid=9AEF885A-3E04-4A8E-9A29-6FFBCF07119E
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=156592&s=&predirect=https%3A%2F%2Fcapi.connatix.com%2Fcore%2Fus%3FDemandPartner%3D2%26UserId%3Df1a7817fe20f4597938371768ad6be84%26DemandPartnerName%3DPubmatic%26DemandPartnerUserId%3D&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.210.86 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-210-86.ewr50.r.cloudfront.net
Software
AAWebServer /
Resource Hash
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:22 GMT
via
1.1 d50f0ffd76e03cff5d1f6328069e44e0.cloudfront.net (CloudFront)
server
AAWebServer
x-amz-cf-pop
EWR50-C1
access-control-allow-methods
GET, POST, OPTIONS
p3p
policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
x-cache
Miss from cloudfront
content-type
image/gif
access-control-allow-headers
accept, cache-control, origin, x-requested-with, x-file-name, content-type
content-length
43
x-amz-cf-id
za1-Agpzs57Htk3HXtb8kZ04cZzeO6MTnfhg9LJRTzhA9cIuxtppvQ==
expires
0
/
io.narrative.io/ Frame EFD1
Redirect Chain
  • https://io.narrative.io/?companyId=673&id=pubmatic_id:9AEF885A-3E04-4A8E-9A29-6FFBCF07119E
  • https://io.narrative.io/?io.narrative.guid.v2=8cc7a950-6978-11ec-b070-0a4515f2e365&companyId=673&id=pubmatic_id:9AEF885A-3E04-4A8E-9A29-6FFBCF07119E
0
247 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://io.narrative.io/?io.narrative.guid.v2=8cc7a950-6978-11ec-b070-0a4515f2e365&companyId=673&id=pubmatic_id:9AEF885A-3E04-4A8E-9A29-6FFBCF07119E
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=156592&s=&predirect=https%3A%2F%2Fcapi.connatix.com%2Fcore%2Fus%3FDemandPartner%3D2%26UserId%3Df1a7817fe20f4597938371768ad6be84%26DemandPartnerName%3DPubmatic%26DemandPartnerUserId%3D&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&
Protocol
HTTP/1.1
Server
54.83.242.41 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-83-242-41.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 30 Dec 2021 13:58:22 GMT
Cache-Control
no-cache
Server
nginx/1.18.0
Connection
keep-alive

Redirect headers

Location
https://io.narrative.io/?io.narrative.guid.v2=8cc7a950-6978-11ec-b070-0a4515f2e365&companyId=673&id=pubmatic_id:9AEF885A-3E04-4A8E-9A29-6FFBCF07119E
Date
Thu, 30 Dec 2021 13:58:22 GMT
Server
nginx/1.18.0
Connection
keep-alive
Content-Length
0
CookieSyncPubMatic&gdpr=0&gdpr_consent=
rtb.adentifi.com/ Frame EFD1 		0
88 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.adentifi.com/CookieSyncPubMatic&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=156592&s=&predirect=https%3A%2F%2Fcapi.connatix.com%2Fcore%2Fus%3FDemandPartner%3D2%26UserId%3Df1a7817fe20f4597938371768ad6be84%26DemandPartnerName%3DPubmatic%26DemandPartnerUserId%3D&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.222.216.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-222-216-135.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Connection
keep-alive
Content-Length
0
Content-Type
text/plain
Pug
image2.pubmatic.com/AdServer/ Frame EFD1
Redirect Chain
  • https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=3183875922675690167&gdpr=0&gdpr_consent=
42 B
229 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=3183875922675690167&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=156592&s=&predirect=https%3A%2F%2Fcapi.connatix.com%2Fcore%2Fus%3FDemandPartner%3D2%26UserId%3Df1a7817fe20f4597938371768ad6be84%26DemandPartnerName%3DPubmatic%26DemandPartnerUserId%3D&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&
Protocol
H2
Server
8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:22 GMT
cache-control
no-store, no-cache, private
x-lat
10:0:1033
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Pragma
no-cache
Date
Thu, 30 Dec 2021 13:58:22 GMT
X-Proxy-Origin
45.250.25.110; 45.250.25.110; 672.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid
9ba640c8-1ff4-4aee-9b32-f19de9c8d337
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=3183875922675690167&gdpr=0&gdpr_consent=
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
Pug
simage2.pubmatic.com/AdServer/ Frame EFD1
Redirect Chain
  • https://pubmatic-match.dotomi.com/match/bounce/current?networkId=17100&version=1&nuid=9AEF885A-3E04-4A8E-9A29-6FFBCF07119E&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTQ2MSZ0bD0xMDA4MA==&piggybackCookie=AQEI5WSSLymbeQI88T8DAQEBAQE&expiration=1640959102&nuid=9AEF885A-3E04-4A8E-9A29-6FFBCF07119E&...
42 B
302 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTQ2MSZ0bD0xMDA4MA==&piggybackCookie=AQEI5WSSLymbeQI88T8DAQEBAQE&expiration=1640959102&nuid=9AEF885A-3E04-4A8E-9A29-6FFBCF07119E&gdpr_consent=&gdpr=0
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=156592&s=&predirect=https%3A%2F%2Fcapi.connatix.com%2Fcore%2Fus%3FDemandPartner%3D2%26UserId%3Df1a7817fe20f4597938371768ad6be84%26DemandPartnerName%3DPubmatic%26DemandPartnerUserId%3D&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&
Protocol
H2
Server
104.36.115.109 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:22 GMT
cache-control
no-store, no-cache, private
x-lat
njrpug011:0:498
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:22 GMT
server
nginx
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP NID OUR STP"
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTQ2MSZ0bD0xMDA4MA==&piggybackCookie=AQEI5WSSLymbeQI88T8DAQEBAQE&expiration=1640959102&nuid=9AEF885A-3E04-4A8E-9A29-6FFBCF07119E&gdpr_consent=&gdpr=0
cache-control
no-cache, private, max-age=0, no-store
content-length
0
expires
0
Pug
simage2.pubmatic.com/AdServer/ Frame EFD1
Redirect Chain
  • https://sync.ipredictive.com/d/sync/cookie/generic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=${ADELPHIC_CUID}&gdpr=0&gdpr_cons...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=8cc511ca-6978-11ec-8e12-35e553acf2fa&gdpr=0&gdpr_consent=
1 B
362 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=8cc511ca-6978-11ec-8e12-35e553acf2fa&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=156592&s=&predirect=https%3A%2F%2Fcapi.connatix.com%2Fcore%2Fus%3FDemandPartner%3D2%26UserId%3Df1a7817fe20f4597938371768ad6be84%26DemandPartnerName%3DPubmatic%26DemandPartnerUserId%3D&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&
Protocol
H2
Server
104.36.115.109 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:22 GMT
cache-control
no-store, no-cache, private
x-lat
njrpug009:0:715
server
nginx
content-type
text/html; charset=utf-8
content-length
1
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=8cc511ca-6978-11ec-8e12-35e553acf2fa&gdpr=0&gdpr_consent=
Date
Thu, 30 Dec 2021 13:58:21 GMT
Server
Apache-Coyote/1.1
Connection
keep-alive
Content-Length
0
X-CI-RTID
8cc511cb-6978-11ec-8e12-35e553acf2fa
sn.ashx
pmp.mxptint.net/ Frame EFD1
Redirect Chain
  • https://pmp.mxptint.net/sn.ashx?&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjc0NCZ0bD0xNTc2ODAw&piggybackCookie=R1D530_E8E99346_C4E563D7&r=https://pmp.mxptint.net/sn.ashx?ak=1
  • https://pmp.mxptint.net/sn.ashx?ak=1
43 B
266 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pmp.mxptint.net/sn.ashx?ak=1
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=156592&s=&predirect=https%3A%2F%2Fcapi.connatix.com%2Fcore%2Fus%3FDemandPartner%3D2%26UserId%3Df1a7817fe20f4597938371768ad6be84%26DemandPartnerName%3DPubmatic%26DemandPartnerUserId%3D&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&
Protocol
HTTP/1.1
Server
38.67.14.233 , United States, ASN174 (COGENT-174, US),
Reverse DNS
Software
/
Resource Hash
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
Security Headers
Name Value
Strict-Transport-Security max-age=-323859502; includeSubDomains

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 30 Dec 2021 13:58:22 GMT
Cache-Control
no-cache
Expires
-1
Content-Length
43
Strict-Transport-Security
max-age=-323859502; includeSubDomains
Content-Type
image/gif

Redirect headers

location
https://pmp.mxptint.net/sn.ashx?ak=1
date
Thu, 30 Dec 2021 13:58:22 GMT
cache-control
no-store, no-cache, private
x-lat
njrpug003:0:616
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Pug
image2.pubmatic.com/AdServer/ Frame EFD1
Redirect Chain
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=3&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=no-consent&gdpr=1&gdpr_consent=
42 B
204 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=no-consent&gdpr=1&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=156592&s=&predirect=https%3A%2F%2Fcapi.connatix.com%2Fcore%2Fus%3FDemandPartner%3D2%26UserId%3Df1a7817fe20f4597938371768ad6be84%26DemandPartnerName%3DPubmatic%26DemandPartnerUserId%3D&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&
Protocol
H2
Server
8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:22 GMT
cache-control
no-store, no-cache, private
x-lat
va1pug003:0:1409
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:21 GMT
server
AC1.1
p3p
CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=no-consent&gdpr=1&gdpr_consent=
cache-control
max-age=0,no-cache,no-store
content-length
0
expires
Tue, 11 Oct 1977 12:34:56 GMT
Pug
image2.pubmatic.com/AdServer/ Frame EFD1
Redirect Chain
  • https://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=IREE-HVBAf86GQSkLhJK_S5FBKo6EAT_LxFm1fGr
42 B
470 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=IREE-HVBAf86GQSkLhJK_S5FBKo6EAT_LxFm1fGr
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=156592&s=&predirect=https%3A%2F%2Fcapi.connatix.com%2Fcore%2Fus%3FDemandPartner%3D2%26UserId%3Df1a7817fe20f4597938371768ad6be84%26DemandPartnerName%3DPubmatic%26DemandPartnerUserId%3D&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&
Protocol
H2
Server
8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:22 GMT
cache-control
no-store, no-cache, private
x-lat
va1pug012:0:948
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:22 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=IREE-HVBAf86GQSkLhJK_S5FBKo6EAT_LxFm1fGr
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
0
expires
Fri, 04 Aug 1978 12:00:00 GMT
Pug
simage2.pubmatic.com/AdServer/ Frame EFD1
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent=
  • https://pool.admedo.com/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic&bsw_custom_parameter=84efc425-6b61-4040-bd22-124692c6664b
  • https://pool.admedo.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic&bsw_custom_parameter=84efc425-6b61-4040-bd22-124692c6664b
  • https://x.bidswitch.net/sync?dsp_id=23&expires=14&user_id=90bd4d5f-4394-4386-8714-56dd400fa3a8&user_group=1&ssp=pubmatic&bsw_param=84efc425-6b61-4040-bd22-124692c6664b
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=84efc425-6b61-4040-bd22-124692c6664b&gdpr=&gdpr_consent=&gdpr_pd=
1 B
260 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=84efc425-6b61-4040-bd22-124692c6664b&gdpr=&gdpr_consent=&gdpr_pd=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=156592&s=&predirect=https%3A%2F%2Fcapi.connatix.com%2Fcore%2Fus%3FDemandPartner%3D2%26UserId%3Df1a7817fe20f4597938371768ad6be84%26DemandPartnerName%3DPubmatic%26DemandPartnerUserId%3D&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&
Protocol
H2
Server
104.36.115.109 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:22 GMT
cache-control
no-store, no-cache, private
x-lat
njrpug009:0:683
server
nginx
content-type
text/html; charset=utf-8
content-length
1
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Location
//simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=84efc425-6b61-4040-bd22-124692c6664b&gdpr=&gdpr_consent=&gdpr_pd=
Date
Thu, 30 Dec 2021 13:58:22 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
0
Pug
simage2.pubmatic.com/AdServer/ Frame EFD1
Redirect Chain
  • https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COO...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=3938217731362747973
42 B
235 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=3938217731362747973
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=156592&s=&predirect=https%3A%2F%2Fcapi.connatix.com%2Fcore%2Fus%3FDemandPartner%3D2%26UserId%3Df1a7817fe20f4597938371768ad6be84%26DemandPartnerName%3DPubmatic%26DemandPartnerUserId%3D&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&
Protocol
H2
Server
104.36.115.109 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:22 GMT
cache-control
no-store, no-cache, private
x-lat
njrpug016:0:492
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:22 GMT
server
nginx
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=3938217731362747973
access-control-max-age
86400
access-control-allow-methods
GET
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
Pug
simage2.pubmatic.com/AdServer/ Frame EFD1
Redirect Chain
  • https://sync.resetdigital.co:10001/csync/pubmatic
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MTgmdGw9NzIwMA==&piggybackCookie=00000092C5414FF6
42 B
286 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MTgmdGw9NzIwMA==&piggybackCookie=00000092C5414FF6
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=156592&s=&predirect=https%3A%2F%2Fcapi.connatix.com%2Fcore%2Fus%3FDemandPartner%3D2%26UserId%3Df1a7817fe20f4597938371768ad6be84%26DemandPartnerName%3DPubmatic%26DemandPartnerUserId%3D&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&
Protocol
H2
Server
104.36.115.109 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:22 GMT
cache-control
no-store, no-cache, private
x-lat
njrpug005:0:746
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date
Thu, 30 Dec 2021 13:58:26 GMT
Server
nginx/1.18.0 (Ubuntu)
Front-End-Https
on
Content-Type
text/html
Location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MTgmdGw9NzIwMA==&piggybackCookie=00000092C5414FF6
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
0
Pug
simage2.pubmatic.com/AdServer/ Frame EFD1
Redirect Chain
  • https://ads.playground.xyz/usersync/apn?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID
  • https://secure.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=3183875922675690167
42 B
187 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=3183875922675690167
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=156592&s=&predirect=https%3A%2F%2Fcapi.connatix.com%2Fcore%2Fus%3FDemandPartner%3D2%26UserId%3Df1a7817fe20f4597938371768ad6be84%26DemandPartnerName%3DPubmatic%26DemandPartnerUserId%3D&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&
Protocol
H2
Server
104.36.115.109 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 12:12:29 GMT
cache-control
no-store, no-cache, private
x-lat
njrpug030:0:318
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Pragma
no-cache
Date
Thu, 30 Dec 2021 13:58:22 GMT
X-Proxy-Origin
45.250.25.110; 45.250.25.110; 568.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid
6c19d155-9313-4794-a528-530f8ec5384f
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=3183875922675690167
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
Pug
simage2.pubmatic.com/AdServer/ Frame EFD1
Redirect Chain
  • https://match.adsby.bidtheatre.com/pubmaticmatch?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:a794a797-b9f7-4081-ae4a-618e8dd0e9da&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
42 B
186 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:a794a797-b9f7-4081-ae4a-618e8dd0e9da&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=156592&s=&predirect=https%3A%2F%2Fcapi.connatix.com%2Fcore%2Fus%3FDemandPartner%3D2%26UserId%3Df1a7817fe20f4597938371768ad6be84%26DemandPartnerName%3DPubmatic%26DemandPartnerUserId%3D&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&
Protocol
H2
Server
104.36.115.109 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 11:25:54 GMT
cache-control
no-store, no-cache, private
x-lat
njrpug026:0:412
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Location
https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:a794a797-b9f7-4081-ae4a-618e8dd0e9da&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
Date
Thu, 30 Dec 2021 13:58:22 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5, max=3000
Content-Length
0
P3P
policyref="/w3c/p3p.xml", CP="DSP NON LAW OUR CUR DEVo PSAo PSDo IND STA NAV COM INT"
d1ba4609
rtb.gumgum.com/getuid/ Frame EFD1 		35 B
238 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/getuid/d1ba4609?gdpr=0&gdpr_consent=&r=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzNDImdGw9MTI5NjAw%26piggybackCookie%3D
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=156592&s=&predirect=https%3A%2F%2Fcapi.connatix.com%2Fcore%2Fus%3FDemandPartner%3D2%26UserId%3Df1a7817fe20f4597938371768ad6be84%26DemandPartnerName%3DPubmatic%26DemandPartnerUserId%3D&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.223.11.104 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-223-11-104.compute-1.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:22 GMT
content-type
image/gif;charset=UTF-8
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0
express_html_inpage_rendering_lib_200_275.js
s0.2mdn.net/879366/ Frame E013 		106 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js
Requested by
Host: t.co
URL: https://t.co/sWUTVYxdMM
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:823::2006 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a23e44d9d02a2a9641a9bd3b47693656054c00b71890aed2fa7fc90151750f73
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com/
Origin
https://76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 06:38:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
26409
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37892
x-xss-protection
0
last-modified
Mon, 27 Sep 2021 18:44:52 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 31 Dec 2021 06:38:13 GMT
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20211207/r20110914/elements/html/ Frame E013 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20211207/r20110914/elements/html/omrhp.js
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N1395.150740DOUBLEVERIFY/B9689862.280410797;dc_ver=81.236;dc_eid=40004000;sz=300x250;u_sd=1;dc_adk=3480848358;ord=n1y1ln;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%2Cnull%2Cnull%2C%22%22%5D;dc_rfl=1,https%3A%2F%2Fwww.baltimoresun.com%2F$0;xdt=1;crlt=C8-C3LMdy_;sttr=183;prcl=s
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9db8a678d1681c1c4a3f15e1769c3f54d96f126db4a7b00cea65127c820a7763
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 12:59:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
3511
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3140
x-xss-protection
0
server
cafe
etag
17163059639670574047
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 13 Jan 2022 12:59:51 GMT
b88abba9-87da-45ee-be74-1a3fa0274b63
https://www.baltimoresun.com/ Frame 6EF9 		185 B
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://www.baltimoresun.com/b88abba9-87da-45ee-be74-1a3fa0274b63
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
848fe19ed492948709b881f504ce2eb6274baa694606ca88eb9b2990a2460caf

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Length
185
Content-Type
application/javascript
postback
s.srvsynd.com/2/2.43.1/234175/AP4v3tgJBZc63V4i/ 		0
145 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://s.srvsynd.com/2/2.43.1/234175/AP4v3tgJBZc63V4i/postback?ci=234175&dt=2341751597675869250012&di=www.baltimoresun.com&ui=f1a7817fe20f4597938371768ad6be84&ap=undefined&sr=connatix.com&de=2&md=2&pp=780864319626685&ti=x1212214887973369980443275100160&to=3&pv=8266dd6e-3c76-4285-9592-6a0ab89c378d&sid=AP4v3tgJBZc63V4i&oz_sc=d1a5b9c31009128bce120ef1&oz_df=1640872702010&oz_l=4445&cv=3
Requested by
Host: s.srvsynd.com
URL: https://s.srvsynd.com/2/2.43.1/main.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
34.226.87.209 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-226-87-209.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.baltimoresun.com/
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
*
Date
Thu, 30 Dec 2021 13:58:21 GMT
Timing-Allow-Origin
*
Content-Length
0
Vary
Origin
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame 3060 		22 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:809::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-US,en;q=0.9
Referer
https://76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin
*
content-length
8395
date
Wed, 29 Dec 2021 16:12:56 GMT
expires
Thu, 29 Dec 2022 16:12:56 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
78326
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
dv-measurements1953.js
cdn.doubleverify.com/ Frame AD86 		499 KB
92 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.doubleverify.com/dv-measurements1953.js
Requested by
Host: t.co
URL: https://t.co/sWUTVYxdMM
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:d:598::4469 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
04de522bd92b4351527d64657e77abd3d7a70bedee55dc18f62efee5f6958577

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 30 Dec 2021 13:58:22 GMT
Content-Encoding
gzip
Last-Modified
Mon, 27 Dec 2021 10:11:55 GMT
Server
Microsoft-IIS/10.0
ETag
"80e7c32cafbd71:0"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=946080900
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
93548
cookie_push_onload.html
pagead2.googlesyndication.com/pagead/s/ Frame E117 		1 KB
749 B 		Document
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Requested by
Host: 76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com
URL: https://76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-US,en;q=0.9
Referer
https://76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com/

Response headers

p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
vary
Accept-Encoding
date
Wed, 29 Dec 2021 16:21:02 GMT
expires
Thu, 30 Dec 2021 16:21:02 GMT
content-type
text/html; charset=UTF-8
etag
48472445140208031
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
724
x-xss-protection
0
age
77840
cache-control
public, max-age=86400
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
truncated
/ Frame E013 		212 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6c25f3576e24c0bd118be276156f837a706efe68fa0e9a505ee75144838a4bff

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type
image/png
integrator.js
adservice.google.com/adsid/ Frame E1DD 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:822::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 30 Dec 2021 13:58:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
truncated
/ Frame E1DD 		43 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type
image/gif
postback
s.srvsynd.com/2/2.43.1/234175/AP4v3tgJBZc63V4i/ 		0
145 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://s.srvsynd.com/2/2.43.1/234175/AP4v3tgJBZc63V4i/postback?ci=234175&dt=2341751597675869250012&di=www.baltimoresun.com&ui=f1a7817fe20f4597938371768ad6be84&ap=undefined&sr=connatix.com&de=2&md=2&pp=780864319626685&ti=x1212214887973369980443275100160&to=3&pv=8266dd6e-3c76-4285-9592-6a0ab89c378d&sid=AP4v3tgJBZc63V4i&oz_sc=d1a5b9c31009128bce120ef1&oz_df=1640872702268&oz_l=582&cv=3
Requested by
Host: s.srvsynd.com
URL: https://s.srvsynd.com/2/2.43.1/main.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
34.226.87.209 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-226-87-209.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.baltimoresun.com/
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
*
Date
Thu, 30 Dec 2021 13:58:22 GMT
Timing-Allow-Origin
*
Content-Length
0
Vary
Origin
dvtp_src.js
cdn.doubleverify.com/ Frame E013 		8 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.doubleverify.com/dvtp_src.js?ctx=13311291&cmp=9689862&sid=2641434&plc=280410797&num=&adid=&advid=2276943&adsrv=1&btreg=512701624&btadsrv=doubleclick&crt=159933946&crtname=&chnl=&unit=&pid=&uid=&tagtype=&dvtagver=6.1.src
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:d:598::4469 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
da9aed600982c4847517d696f18e6c08884c6af8af578bba260590373fc63799

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 30 Dec 2021 13:58:22 GMT
Content-Encoding
gzip
Last-Modified
Tue, 28 Dec 2021 09:42:49 GMT
Server
Microsoft-IIS/10.0
ETag
"80327b46cffbd71:0"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=900
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
3291
adc_RET_makemoney_300x250_HTML5.html
s0.2mdn.net/sadbundle/17569883881679332434/adc_RET_makemoney_300x250_HTML5/ Frame D149 		5 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/sadbundle/17569883881679332434/adc_RET_makemoney_300x250_HTML5/adc_RET_makemoney_300x250_HTML5.html
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:823::2006 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c2b78ed223025c8f45a91292079327e340f054b4ece1a75fb9dc36b5d225a9f3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-US,en;q=0.9
Referer
https://76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-type
text/html
access-control-allow-origin
*
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin
*
content-length
2211
date
Sat, 25 Dec 2021 18:01:52 GMT
expires
Sun, 25 Dec 2022 18:01:52 GMT
last-modified
Wed, 20 Oct 2021 18:11:29 GMT
x-content-type-options
nosniff
x-dns-prefetch-control
off
content-encoding
gzip
server
sffe
x-xss-protection
0
age
417390
cache-control
public, max-age=31536000
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
view
googleads4.g.doubleclick.net/pcs/ Frame E013 		0
524 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstQwqz_qFuzA8okWNGXauv5jF07QA6_LVC0hfs4JfTSfDyfanafZ4qYufMe4vDAaAZHSiajPreHwn9GWMm_pfW2fT1jBv7rWlSHDwDn8RKKhr18aLoGdHbfEGb03Qlvfr64TDWtwWWJhejmLkvlm7BulsYt&sig=Cg0ArKJSzM_PY8sSkY4QEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=603&cbvp=1&cstd=600&cisv=r20211207.56272&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&adurl=
Requested by
Host: t.co
URL: https://t.co/sWUTVYxdMM
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.65.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s73-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com/
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

timing-allow-origin
*
date
Thu, 30 Dec 2021 13:58:22 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
gen_204
pagead2.googlesyndication.com/pagead/ Frame E1DD 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?adtagurl=https%3A%2F%2Fpubads.g.doubleclick.net%2Fgampad%2Fads%3Fiu%3D%2F107430338%2FCNXORTEST%2F6148%26description_url%3Dhttps%253A%252F%252Fwww.baltimoresun.com%252Fcoronavirus%252Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html%26tfcd%3D0%26npa%3D0%26sz%3D400x300%257C640x480%26gdfp_req%3D1%26output%3Dvast%26unviewed_position_start%3D1%26env%3Dvp%26impl%3Ds%26correlator%3Dc5fe77b2-8c5a-46af-afe9-4605046caeb5%26cust_params%3Ddomains%253Dwww.baltimoresun.com%26ad_type%3Dvideo&customPlayback=f&customClick=f&lid=8&sdkv=h.3.493.0&e=44750604%2C44750824&id=ima_html5&c=428083378999419&domain
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:22 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame D3FA 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstnM57_5DtR2x0ac9VwUEo46I_rSuaVNgRl1roUCdf7DAkF1KCKMceI05BjTXsyiPRJcB2sbt80pLB0OJ0wpS1bHhF8DupwA9wO0YpdukROGIV1BA4&sai=AMfl-YQ09DKh-gCkrEHAW2lhEvNKXNYe5MYPI2iwuLzuHbXhQipcxwXJXFK6QNacnrc4-nkRLNIFaCbsm5kC-uPF7TDl5BSzVfOLvUdTJJcrb9rp55WKpkYGDvjHpXU&sig=Cg0ArKJSzAbi6XES9I80EAE&cid=CAASFeRoARD4TQ_RErumSvKktjrhpFt_MQ&id=ampim&o=200,206&d=1200,250&ss=1600,1200&bs=1600,1200&mcvt=1321&mtos=0,0,0,1321,1321&tos=0,0,0,1321,0&tfs=546&tls=1867&g=100&h=100&tt=1867&r=v&avms=ampa&uap=&uapv=&uaa=&uam=&uafv=&uab=&adk=0
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:22 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
visit.js
tps.doubleverify.com/ Frame AD86 		7 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tps.doubleverify.com/visit.js?gdpr=&gdpr_consent=&ttmms=329&ttfrms=42&brid=3&brver=96.0.4664.93&bridua=3&bds=1&tstype=128&eparams=DC4FC%3Dl9EEADTbpTauTauHHH%5D32%3DE%3A%3E%40C6DF%3F%5D4%40%3ETauU2%3F4r92%3A%3Fl9EEADTbpTauTauHHH%5D32%3DE%3A%3E%40C6DF%3F%5D4%40%3ETar9EEADTbpTauTaufe2_%6032af723fb236a4f334%607hag77hh%5DD2767C2%3E6%5D8%40%408%3D6DJ%3F5%3A42E%3A%40%3F%5D4%40%3EU2%26C%3Dl9EEADTbpTauTauHHH%5D32%3DE%3A%3E%40C6DF%3F%5D4%40%3ETau4%40C%40%3F2G%3ACFDTau3D%5C%3E5%5CECF642C6%5CH9%3ADE%3D63%3D%40H6C%5Ca_a%60%60aah%5CdD%407aCIE%3FG7A%3B%3Ac%3D%3CDbAF%3E%3AB5c%5CDE%40CJ%5D9E%3E%3D&srcurlD=0&aUrlD=-1&ssl=https:&uid=1640872702836710&jsCallback=dvCallback_1640872702836538&dvtagver=6.1.src&navUa=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F96.0.4664.93%20Safari%2F537.36&htmlmsging=1&chro=1&hist=2&winh=250&winw=300&wouh=1200&wouw=1600&scah=1200&scaw=1600&jsver=1953&tgjsver=1953&lvvn=28&m1=13&refD=1&referrer=https%3A%2F%2F76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&fcifrms=33&brh=2&sdf=2&dvp_epl=457&noc=4&ctx=3397726&cmp=3398513&sid=pp3&plc=33985131&adsrv=0&advid=3398311&turl=https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&c1=1024534&prr=1&errorURL=https://tps.doubleverify.com/visit.jpg&ppid=103&auevent=ABAjH0ikIFyiaidPa2IVNOXlxzFK&aucmp=56528410&aucrtv=377881813&auorder=22860534&ausite=7724079434&auxch=1&pltfrm=1&aufilter1=1024534&autt=1&mib=0&dvp_rcp=2&dvp_htec=1&dvp_seem=2&dvp_tuk=1&dvp_sukv=89081036310.15744&dvp_tukv=509658211601.16504&dvp_uuid=890867611.5962851&dvp_strhd=0.6000003814697266&dvpx_strhd=0.6000003814697266&dvp_tuid=236346805286
Requested by
Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements1953.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
204.154.110.88 , United States, ASN36062 (DOUBLE-VERIFY, US),
Reverse DNS
nycp-phlb118.doubleverify.com
Software
/
Resource Hash
4ee4f2b6484cee71dbd7ac530f1be8f59d6715316b5490f417079e0a436c5707

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 30 Dec 2021 13:57:50 GMT
Content-Encoding
br
Vary
Accept-Encoding
Content-Type
text/javascript
Cache-Control
max-age=0
Transfer-Encoding
chunked
Expires
12/29/2021 13:58:23
postback
s.srvsynd.com/2/2.43.1/234175/AP4v3tgJBZc63V4i/ 		0
145 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://s.srvsynd.com/2/2.43.1/234175/AP4v3tgJBZc63V4i/postback?ci=234175&dt=2341751597675869250012&di=www.baltimoresun.com&ui=f1a7817fe20f4597938371768ad6be84&ap=undefined&sr=connatix.com&de=2&md=2&pp=780864319626685&ti=x1212214887973369980443275100160&to=3&pv=8266dd6e-3c76-4285-9592-6a0ab89c378d&sid=AP4v3tgJBZc63V4i&oz_sc=d1a5b9c31009128bce120ef1&oz_df=1640872702783&oz_l=233&cv=3
Requested by
Host: s.srvsynd.com
URL: https://s.srvsynd.com/2/2.43.1/main.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
34.226.87.209 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-226-87-209.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.baltimoresun.com/
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
*
Date
Thu, 30 Dec 2021 13:58:22 GMT
Timing-Allow-Origin
*
Content-Length
0
Vary
Origin
dv-measurements1953.js
cdn.doubleverify.com/ Frame B9AD 		499 KB
92 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.doubleverify.com/dv-measurements1953.js
Requested by
Host: t.co
URL: https://t.co/sWUTVYxdMM
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:d:598::4469 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
04de522bd92b4351527d64657e77abd3d7a70bedee55dc18f62efee5f6958577

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 30 Dec 2021 13:58:22 GMT
Content-Encoding
gzip
Last-Modified
Mon, 27 Dec 2021 10:11:55 GMT
Server
Microsoft-IIS/10.0
ETag
"80e7c32cafbd71:0"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=946080900
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
93548
createjs.min.js
code.createjs.com/1.0.0/ Frame D149 		236 KB
63 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.createjs.com/1.0.0/createjs.min.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17569883881679332434/adc_RET_makemoney_300x250_HTML5/adc_RET_makemoney_300x250_HTML5.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2600:141b:13::b833:92c9 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Apache /
Resource Hash
e439bebf8de2df0582273906d2c1dceff2387c661efb2152ef1c28420ce4e7e5

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:22 GMT
content-encoding
gzip
server
Apache
cache-control
max-age=900
vary
Accept-Encoding
content-type
text/javascript
x-n
S
accept-ranges
bytes
expires
Thu, 30 Dec 2021 14:13:22 GMT
adc_RET_makemoney_300x250_HTML5.js
s0.2mdn.net/sadbundle/17569883881679332434/adc_RET_makemoney_300x250_HTML5/ Frame D149 		30 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/sadbundle/17569883881679332434/adc_RET_makemoney_300x250_HTML5/adc_RET_makemoney_300x250_HTML5.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17569883881679332434/adc_RET_makemoney_300x250_HTML5/adc_RET_makemoney_300x250_HTML5.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:823::2006 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7901c1416c141e4016d913e899e97472a0e3e3def294ab91570a9dec0f4a9c75
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://s0.2mdn.net/sadbundle/17569883881679332434/adc_RET_makemoney_300x250_HTML5/adc_RET_makemoney_300x250_HTML5.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Fri, 24 Dec 2021 01:24:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
563622
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5394
x-xss-protection
0
last-modified
Wed, 20 Oct 2021 18:11:29 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Sat, 24 Dec 2022 01:24:40 GMT
pixel
cm.g.doubleclick.net/ Frame E117
Redirect Chain
  • https://aep.mxptint.net/sn.ashx?google_gid=CAESEFHlWJCQL-3oG-2fABAS6Bg&google_cver=1&google_push=AYg5qPJdWZfGZJFg-pFNIFrRKdWi5zcYkTGpSSvukmDljML1Qd0nOypFxe92yE-VkUYH663-kKPTuraxne_jEgnzX_DYK-9RMAAP4w
  • https://cm.g.doubleclick.net/pixel?google_nid=pf8b3zh4kyw&google_push=AYg5qPJdWZfGZJFg-pFNIFrRKdWi5zcYkTGpSSvukmDljML1Qd0nOypFxe92yE-VkUYH663-kKPTuraxne_jEgnzX_DYK-9RMAAP4w&google_hm=UjFENTMwX0U4RT...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=pf8b3zh4kyw&google_push=AYg5qPJdWZfGZJFg-pFNIFrRKdWi5zcYkTGpSSvukmDljML1Qd0nOypFxe92yE-VkUYH663-kKPTuraxne_jEgnzX_DYK-9RMAAP4w&google_hm=UjFENTMwX0U4RTk5MzQ2X0M0RTU2M0Q3
Requested by
Host: 76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com
URL: https://76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Server
142.250.65.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s71-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:23 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=pf8b3zh4kyw&google_push=AYg5qPJdWZfGZJFg-pFNIFrRKdWi5zcYkTGpSSvukmDljML1Qd0nOypFxe92yE-VkUYH663-kKPTuraxne_jEgnzX_DYK-9RMAAP4w&google_hm=UjFENTMwX0U4RTk5MzQ2X0M0RTU2M0Q3
Date
Thu, 30 Dec 2021 13:58:22 GMT
Cache-Control
private
P3P
CP="NON CUR ADM DEVo PSAo PSDo OUR IND UNI COM NAV DEM STA PRE"
Content-Length
340
Strict-Transport-Security
max-age=-323859503; includeSubDomains
Content-Type
text/html; charset=utf-8
pixel
cm.g.doubleclick.net/ Frame E117
Redirect Chain
  • https://match.adsrvr.org/track/cmf/google?google_gid=CAESEB508fCLIBITC2slII6EGS0&google_cver=1&google_push=AYg5qPK_FQD4PbNO0DQdMfrBKhSmaO8Rfp9_cYYx018LgNKwDqAYhIETjwyXZy9vJEhQVqj5GHpZaaosajZvc-RiXP...
  • https://cm.g.doubleclick.net/pixel?google_nid=TheTradeDesk&google_hm=ZTBhYmU3NWYtYTRlYS00ZmZmLWI2YTUtNWRhOGIyNTBjNmU0&google_push&gdpr=0&gdpr_consent=&ttd_tdid=e0abe75f-a4ea-4fff-b6a5-5da8b250c6e4
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=TheTradeDesk&google_hm=ZTBhYmU3NWYtYTRlYS00ZmZmLWI2YTUtNWRhOGIyNTBjNmU0&google_push&gdpr=0&gdpr_consent=&ttd_tdid=e0abe75f-a4ea-4fff-b6a5-5da8b250c6e4
Requested by
Host: 76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com
URL: https://76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Server
142.250.65.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s71-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:22 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:22 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://cm.g.doubleclick.net/pixel?google_nid=TheTradeDesk&google_hm=ZTBhYmU3NWYtYTRlYS00ZmZmLWI2YTUtNWRhOGIyNTBjNmU0&google_push&gdpr=0&gdpr_consent=&ttd_tdid=e0abe75f-a4ea-4fff-b6a5-5da8b250c6e4
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
423
us.php
c.eu1.dyntrk.com/adx/ga/ Frame E117 		0
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.eu1.dyntrk.com/adx/ga/us.php?dynk=ga2ex&google_gid=CAESELT3sMex-uw270ziUyoAI4E&google_cver=1&google_push=AYg5qPJAlCEFYqXTDBU28w6julvfSMBz7cVLAUY12HgXd6ytLNh2a7BYMzS7Nio4AbJB5Gh7Rq9DCeJcgG0kcycjsJVFv3cKY19Omw
Requested by
Host: 76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com
URL: https://76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
51.178.20.140 , France, ASN16276 (OVH, FR),
Reverse DNS
ns31193670.ip-51-178-20.eu
Software
proxy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

access-control-allow-origin
*
pragma
no-cache
cache-control
private, no-cache, no-store, proxy-revalidate, no-transform
x-rc
10
server
proxy
content-length
0
content-type
text/plain
dot.gif
s0.2mdn.net/ Frame E117 		43 B
65 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/dot.gif?google_gid=CAESEJC2QJf_MxM3ETd1NiEqdkg&google_cver=1&google_push=AYg5qPKBKjoNdYI18R6ROb3PpizN2qIcNqJ7j2KBYXbNVGUIQx7n8S_zSef904OQdFOQBr0GVg_fmRhgGS6bUyOzw_6PhVx675Gv
Requested by
Host: 76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com
URL: https://76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:823::2006 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:22 GMT
x-content-type-options
nosniff
last-modified
Sun, 01 Feb 2009 08:00:00 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/gif
access-control-allow-origin
*
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
43
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 31 Dec 2021 13:58:22 GMT
pixel
cm.g.doubleclick.net/ Frame E117
Redirect Chain
  • https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEP...
  • https://sync.targeting.unrulymedia.com/csync/RX-c726f1b5-f2ac-41a2-bd61-14d6eda8e3c6-005?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAYg5qPKMrtDI5cttzwB5kUtnY...
  • https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPKMrtDI5cttzwB5kUtnY8Wj6Etkru61hTzUwRHP1fSg7rBWlctRcUkN09tMGEFdOJquuLjGpULCROjH9gq2an3yILZ7nHq0Ew&google_hm=Bccm8bXyrEGivWEU1u2o48Y
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPKMrtDI5cttzwB5kUtnY8Wj6Etkru61hTzUwRHP1fSg7rBWlctRcUkN09tMGEFdOJquuLjGpULCROjH9gq2an3yILZ7nHq0Ew&google_hm=Bccm8bXyrEGivWEU1u2o48Y
Requested by
Host: 76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com
URL: https://76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Server
142.250.65.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s71-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:23 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date
Thu, 30 Dec 2021 13:58:22 GMT
Server
Tengine
ETag
RXc726f1b5f2ac41a2bd6114d6eda8e3c6005
Transfer-Encoding
chunked
P3P
CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
Location
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPKMrtDI5cttzwB5kUtnY8Wj6Etkru61hTzUwRHP1fSg7rBWlctRcUkN09tMGEFdOJquuLjGpULCROjH9gq2an3yILZ7nHq0Ew&google_hm=Bccm8bXyrEGivWEU1u2o48Y
Connection
keep-alive
Content-Type
text/html
pixel
cm.g.doubleclick.net/ Frame E117
Redirect Chain
  • https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEHO31S7kSVTq1HJtCvwhvts&google_cver=1&google_push=AYg5qPLNZOhgidZw7H5TP-fhxJn6OCUevwkg0O83q95b01wquemib_zLjqFNWLrIQkTyOAH4BS...
  • https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1Za0tnZVdoRTJ1RzVxaGtTdTYySmhmWG40QXBDajU4dX5B&google_push=AYg5qPLNZOhgidZw7H5TP-fhxJn6OCUevwkg0O83q95b01wquemib_zLj...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1Za0tnZVdoRTJ1RzVxaGtTdTYySmhmWG40QXBDajU4dX5B&google_push=AYg5qPLNZOhgidZw7H5TP-fhxJn6OCUevwkg0O83q95b01wquemib_zLjqFNWLrIQkTyOAH4BS4O_QIlHLiBMJg5yoNkOaCZA2ZIzYM
Requested by
Host: 76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com
URL: https://76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Server
142.250.65.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s71-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:23 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1Za0tnZVdoRTJ1RzVxaGtTdTYySmhmWG40QXBDajU4dX5B&google_push=AYg5qPLNZOhgidZw7H5TP-fhxJn6OCUevwkg0O83q95b01wquemib_zLjqFNWLrIQkTyOAH4BS4O_QIlHLiBMJg5yoNkOaCZA2ZIzYM
date
Thu, 30 Dec 2021 13:58:22 GMT
server
ATS/9.1.0.33
age
0
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
pixel
cm.g.doubleclick.net/ Frame E117
Redirect Chain
  • https://match.sharethrough.com/E4rooAtA/v1?google_gid=CAESEM3TlyaRZS6Vk8tulMpm2ug&google_cver=1&google_push=AYg5qPKHzhAvMmWusnn15qnxNtoymmywiecVz0TD5Mk9OcuQO5eq2XBFk6ywIpDrI4zhQAbQ1jOym51_qNa24KxmW...
  • https://cm.g.doubleclick.net/pixel?google_nid=sharethrough_ob&google_hm=ZWRiMDFlMGItODIzNS00MTI0LWE1ZjMtN2IxMjFjYTFmYzQy&google_push=AYg5qPKHzhAvMmWusnn15qnxNtoymmywiecVz0TD5Mk9OcuQO5eq2XBFk6ywIpDr...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=sharethrough_ob&google_hm=ZWRiMDFlMGItODIzNS00MTI0LWE1ZjMtN2IxMjFjYTFmYzQy&google_push=AYg5qPKHzhAvMmWusnn15qnxNtoymmywiecVz0TD5Mk9OcuQO5eq2XBFk6ywIpDrI4zhQAbQ1jOym51_qNa24KxmWY7FCZYVSNcLHAc
Requested by
Host: 76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com
URL: https://76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Server
142.250.65.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s71-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:23 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=sharethrough_ob&google_hm=ZWRiMDFlMGItODIzNS00MTI0LWE1ZjMtN2IxMjFjYTFmYzQy&google_push=AYg5qPKHzhAvMmWusnn15qnxNtoymmywiecVz0TD5Mk9OcuQO5eq2XBFk6ywIpDrI4zhQAbQ1jOym51_qNa24KxmWY7FCZYVSNcLHAc
date
Thu, 30 Dec 2021 13:58:22 GMT
content-length
0
attr
cm.g.doubleclick.net/pixel/ Frame E117 		0
12 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KZOao3RfLIvkDVmasDYP5XjFwX5xAiAd5t-5A0NXHCEcXZ5RJWodBdNQtqmM-PlrZNc2jYebE
Requested by
Host: 76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com
URL: https://76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.65.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s71-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:22 GMT
server
HTTP server (unknown)
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
content-type
text/html
U_DPXy_vflqTjVU_YutWJm0axOJE633NQGMGFEhf2s0.js
pagead2.googlesyndication.com/bg/ Frame 3060 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/U_DPXy_vflqTjVU_YutWJm0axOJE633NQGMGFEhf2s0.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
53f0cf5f2fef7e5a938d553f62eb56266d1ac4e244eb7dcd40630614485fdacd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 28 Dec 2021 15:27:46 GMT
content-encoding
br
x-content-type-options
nosniff
age
167436
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13577
x-xss-protection
0
last-modified
Mon, 06 Dec 2021 19:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 28 Dec 2022 15:27:46 GMT
ads
pubads.g.doubleclick.net/gampad/ Frame 0AEA 		156 B
523 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pubads.g.doubleclick.net/gampad/ads?iu=%2F107430338%2FCNXORTEST%2F6148&description_url=https%3A%2F%2Fwww.baltimoresun.com%2Fcoronavirus%2Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&tfcd=0&npa=0&sz=400x300%7C640x480&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=1483190437661008&cust_params=domains%3Dwww.baltimoresun.com&ad_type=video&sdkv=h.3.493.0&osd=2&frm=1&vis=1&sdr=1&hl=en&afvsz=200x200%2C450x50%2C468x60%2C480x70&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&u_so=l&ctv=0&gdpr_consent=tcunavailable&sdki=44d&adk=3133581750&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.493.0&sid=F4EEFD2E-0BB0-4352-A444-A30E7AC5BD97&nel=1&eid=44750604%2C44750824&top=https%3A%2F%2Fwww.baltimoresun.com%2Fcoronavirus%2Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&url=https%3A%2F%2Fwww.baltimoresun.com%2Fcoronavirus%2Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&loc=about%3Ablank&dlt=1640872699580&idt=2836&dt=1640872702973&cookie=ID%3D1ab9841e9d635743%3AT%3D1640872697%3AS%3DALNI_Ma-Qe6UXEsGDRe5-rBnPwntAlRaoQ&scor=3278846124418488&ged=ve4_td3_tt1_pd3_la3000_er2571.441.2729.747_vi0.0.1200.1600_vp0_eb16491
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.72.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s32-in-f2.1e100.net
Software
cafe /
Resource Hash
8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:23 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
113
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/xml; charset=UTF-8
access-control-allow-origin
https://imasdk.googleapis.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
postback
s.srvsynd.com/2/2.43.1/234175/AP4v3tgJBZc63V4i/ 		0
145 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://s.srvsynd.com/2/2.43.1/234175/AP4v3tgJBZc63V4i/postback?ci=234175&dt=2341751597675869250012&di=www.baltimoresun.com&ui=f1a7817fe20f4597938371768ad6be84&ap=undefined&sr=connatix.com&de=2&md=2&pp=780864319626685&ti=x1212214887973369980443275100160&to=3&pv=8266dd6e-3c76-4285-9592-6a0ab89c378d&sid=AP4v3tgJBZc63V4i&oz_sc=d1a5b9c31009128bce120ef1&oz_df=1640872702960&oz_l=414&cv=3
Requested by
Host: s.srvsynd.com
URL: https://s.srvsynd.com/2/2.43.1/main.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
34.226.87.209 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-226-87-209.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.baltimoresun.com/
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
*
Date
Thu, 30 Dec 2021 13:58:22 GMT
Timing-Allow-Origin
*
Content-Length
0
Vary
Origin
visit.js
tps.doubleverify.com/ Frame B9AD 		7 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tps.doubleverify.com/visit.js?gdpr=&gdpr_consent=&ttmms=99&ttfrms=7&brid=3&brver=96.0.4664.93&bridua=3&bds=1&tstype=128&eparams=DC4FC%3Dl9EEADTbpTauTauHHH%5D32%3DE%3A%3E%40C6DF%3F%5D4%40%3ETauU2%3F4r92%3A%3Fl9EEADTbpTauTauHHH%5D32%3DE%3A%3E%40C6DF%3F%5D4%40%3ETar9EEADTbpTauTaufe2_%6032af723fb236a4f334%607hag77hh%5DD2767C2%3E6%5D8%40%408%3D6DJ%3F5%3A42E%3A%40%3F%5D4%40%3EU2%26C%3Dl9EEADTbpTauTauHHH%5D32%3DE%3A%3E%40C6DF%3F%5D4%40%3ETau4%40C%40%3F2G%3ACFDTau3D%5C%3E5%5CECF642C6%5CH9%3ADE%3D63%3D%40H6C%5Ca_a%60%60aah%5CdD%407aCIE%3FG7A%3B%3Ac%3D%3CDbAF%3E%3AB5c%5CDE%40CJ%5D9E%3E%3D&srcurlD=0&aUrlD=-1&ssl=https:&dfs=3213&ddur=19&uid=1640872702998540&jsCallback=dvCallback_1640872702998143&dvtagver=6.1.src&navUa=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F96.0.4664.93%20Safari%2F537.36&htmlmsging=1&chro=1&hist=2&winh=250&winw=300&wouh=1200&wouw=1600&scah=1200&scaw=1600&jsver=1953&tgjsver=1953&lvvn=28&m1=13&refD=1&referrer=https%3A%2F%2F76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&fcifrms=33&brh=2&sdf=2&dvp_epl=457&noc=4&ctx=13311291&cmp=9689862&sid=2641434&plc=280410797&crt=159933946&btreg=512701624&btadsrv=doubleclick&adsrv=1&advid=2276943&errorURL=https://tps.doubleverify.com/visit.jpg&mib=0&dvp_rcp=2&dvp_htec=2&dvp_seem=2&dvp_tuk=1&dvp_tcnt=2&dvp_sukv=89081036310.15744&dvp_tukv=15893097798.380886&dvp_uuid=3454822793.2880263&dvp_strhd=0.09999847412109375&dvpx_strhd=0.09999847412109375&dvp_tuid=617438610853
Requested by
Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements1953.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
204.154.110.88 , United States, ASN36062 (DOUBLE-VERIFY, US),
Reverse DNS
nycp-phlb118.doubleverify.com
Software
/
Resource Hash
33529847d91c70e4e3598761a9a9e9d7b481dc58230dd54d5e782d3dd8d4607e

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 30 Dec 2021 13:58:23 GMT
Content-Encoding
br
Vary
Accept-Encoding
Content-Type
text/javascript
Cache-Control
max-age=0
Transfer-Encoding
chunked
Expires
12/29/2021 13:58:23
adcouncil.png
s0.2mdn.net/sadbundle/17569883881679332434/adc_RET_makemoney_300x250_HTML5/images/ Frame D149 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/17569883881679332434/adc_RET_makemoney_300x250_HTML5/images/adcouncil.png
Requested by
Host: 76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com
URL: https://76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:823::2006 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e62c1665e6764ce5527ead949dd8e2f18a15fbe89d660a6870dd5a9c2d4b35ee
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://s0.2mdn.net/sadbundle/17569883881679332434/adc_RET_makemoney_300x250_HTML5/adc_RET_makemoney_300x250_HTML5.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 21:20:56 GMT
x-content-type-options
nosniff
age
578247
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2387
x-xss-protection
0
last-modified
Wed, 20 Oct 2021 18:11:29 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 23 Dec 2022 21:20:56 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame E013 		0
23 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstQwqz_qFuzA8okWNGXauv5jF07QA6_LVC0hfs4JfTSfDyfanafZ4qYufMe4vDAaAZHSiajPreHwn9GWMm_pfW2fT1jBv7rWlSHDwDn8RKKhr18aLoGdHbfEGb03Qlvfr64TDWtwWWJhejmLkvlm7BulsYt&sig=Cg0ArKJSzM_PY8sSkY4QEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=973&vt=11&dtpt=370&dett=3&cstd=600&cisv=r20211207.56272&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&adurl=
Requested by
Host: t.co
URL: https://t.co/sWUTVYxdMM
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.65.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s73-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com/
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

timing-allow-origin
*
date
Thu, 30 Dec 2021 13:58:23 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
gen_204
pagead2.googlesyndication.com/pagead/ Frame 6AC6 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BlgV4_LrNYamrC5adowaW_aiABwAAAAA4AeAEAg&bg=!fH-lfzvNAAZKWFskSlg7ACkAdvg8Wkih2TECv7WaDER4jKnSB5wDMgnh-rgDNnLDwWI-0JdkLgWwSgIAAAPxUgAAAEhoAQeZAxaJNoaP7z9OkTXBu0JHCGOJhc6abo1P-zFqydCKKcaDFt47pP12U-Zqf5kIw4deBz95sk4VhcZlaKjYICdJiuadv7F_o7cgHLLtFnEUfkLCEn4eu2T4C2qoJIJ4TJj7o3PQnzZiHntOeApIaxQvE6yoHg87nBnhD4d5Tt7ejWWaiCXIEC0UGa_cxYdXUEALZlxBygdrqKC1sG27D24NUdTXTYkcQrfuEhT9rtIxHfCiPo3Fp8t05Na_sRh4UMNHYGCkLoi4pICQGzj77jHCCDWZYeYuZde1rgUdJ3kjvRkcuWhFBPq1FcbBTiuM62O2pf7dJJzTD00nvzXdMyRUtjC7Bfx9FGFlTXUh90dbQ5LfKGUHsDbW-qhA8dEyu-SisGzPUkNnp3kbKo2kwUYv8f7IuimARPrZbX5xmJ8xJ1sbuTAfbVV0nevvaH8JUrowXDBluoe8e_Cn7RY6wJv4Y24baFZHxApMVsXw97npWTBPSqhkVLtrIoEoCeQG3Owtak4BibJrKqmqiynj5iB2i-al_srRoGtsplSZ2VW9Uzz8GGD-NoFxPNGclN-p2NiWlL9eN8jlRXQ3icEoItKrZnTeJXfTXoSLiW_xCA0XdHxxEHZjOQgwLVp8jbP6Tme3MB14wvu6vpBBEonyJ1T8bo4O9naLPVh00IHg7lTfkVNlCafe-v7x87-y5Paqsb4btCfrputFU5ktkTCyf7QXgbNhh184wE-rOPlpRDC0YeD-39Y7TNPZsgjPDp4KrozdaOcw2esAoMzQGXhc7dpUzEJ7xazMWWYt4_S53Gqn8hwKsroMZ6C6F4svjoBYgd6zDo94eQlIUcYs5JfZcJPWBuhIG5P_vWSdvXQttKKPXIAskVPcNuFH1Hkhm8-U7LY0IJrasRntvQaGMvMLrB5d53Dv6vRbqwtBKXmMmJH7jaApmsfUOQt0DEKnmohlo99_3W1okcLMW-LbSZbpq6PCEUzkyk-zr1NXKR6sGcje6I-I81vESHHeM6tYTz8mXHYCk_23hxACPd75lbJ46XG4r1JKaHQGFJEx
Requested by
Host: 76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com
URL: https://76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:23 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame E1DD 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?error=1009&vis=1&lid=7&sdkv=h.3.493.0&e=44750604%2C44750824&id=ima_html5&c=428083378999419&domain
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:23 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
bg.jpg
s0.2mdn.net/sadbundle/17569883881679332434/adc_RET_makemoney_300x250_HTML5/images/ Frame D149 		14 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/17569883881679332434/adc_RET_makemoney_300x250_HTML5/images/bg.jpg
Requested by
Host: 76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com
URL: https://76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:823::2006 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a4dacb07f83f131eb13162db109e0c2b763dd3262adf859de3bf6c21d2efba0e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://s0.2mdn.net/sadbundle/17569883881679332434/adc_RET_makemoney_300x250_HTML5/adc_RET_makemoney_300x250_HTML5.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 29 Dec 2021 16:06:07 GMT
x-content-type-options
nosniff
age
78736
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14720
x-xss-protection
0
last-modified
Wed, 20 Oct 2021 18:11:29 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 29 Dec 2022 16:06:07 GMT
OneSignalSDKStyles.css
onesignal.com/sdks/ 		82 KB
9 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://onesignal.com/sdks/OneSignalSDKStyles.css?v=2
Requested by
Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151512
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:e134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
db7e0b393e175f19922fefbdcaa2866fca209c521d01cc834ae06cbf8d0f91b7

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:23 GMT
content-encoding
br
cf-cache-status
HIT
server
cloudflare
age
3031
etag
W/"4e9aaefffd5f8ae7dc83361aa2294190"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=259200
cf-ray
6c5bc85a892157ae-IAD
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires
Sun, 02 Jan 2022 13:58:23 GMT
event.png
tpsc-nyc.doubleverify.com/ Frame B9AD
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=doubleverify_ddp&google_ula=7327243&google_hm=**&google_redir=https%3A%2F%2Ftpsc-nyc.doubleverify.com%2Fevent.png%3Fimpid%3D8a2c5f08dfc64973914014fc5f5...
  • https://tpsc-nyc.doubleverify.com/event.png?impid=8a2c5f08dfc64973914014fc5f5902e0&gdpr=&gdpr_consent=&dvpx_gfbc=1&cbust=1640872703129776&google_hm=2&google_ula=7327243,0
0
138 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://tpsc-nyc.doubleverify.com/event.png?impid=8a2c5f08dfc64973914014fc5f5902e0&gdpr=&gdpr_consent=&dvpx_gfbc=1&cbust=1640872703129776&google_hm=2&google_ula=7327243,0
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
HTTP/1.1
Server
204.154.110.88 , United States, ASN36062 (DOUBLE-VERIFY, US),
Reverse DNS
nycp-phlb118.doubleverify.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 30 Dec 2021 13:58:23 GMT
Cache-Control
max-age=0
Expires
12/29/2021 13:58:23

Redirect headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:23 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://tpsc-nyc.doubleverify.com/event.png?impid=8a2c5f08dfc64973914014fc5f5902e0&gdpr=&gdpr_consent=&dvpx_gfbc=1&cbust=1640872703129776&google_hm=2&google_ula=7327243,0
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
391
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
event.png
tpsc-nyc.doubleverify.com/ Frame AD86
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=doubleverify_ddp&google_ula=7327243&google_hm=**&google_redir=https%3A%2F%2Ftpsc-nyc.doubleverify.com%2Fevent.png%3Fimpid%3D9f183a764c2f4219b774735c3f0...
  • https://tpsc-nyc.doubleverify.com/event.png?impid=9f183a764c2f4219b774735c3f0f7e61&gdpr=&gdpr_consent=&dvpx_gfbc=1&cbust=1640872703135994&google_hm=2&google_ula=7327243,0
0
138 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://tpsc-nyc.doubleverify.com/event.png?impid=9f183a764c2f4219b774735c3f0f7e61&gdpr=&gdpr_consent=&dvpx_gfbc=1&cbust=1640872703135994&google_hm=2&google_ula=7327243,0
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
HTTP/1.1
Server
204.154.110.88 , United States, ASN36062 (DOUBLE-VERIFY, US),
Reverse DNS
nycp-phlb118.doubleverify.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 30 Dec 2021 13:58:23 GMT
Cache-Control
max-age=0
Expires
12/29/2021 13:58:23

Redirect headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:23 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://tpsc-nyc.doubleverify.com/event.png?impid=9f183a764c2f4219b774735c3f0f7e61&gdpr=&gdpr_consent=&dvpx_gfbc=1&cbust=1640872703135994&google_hm=2&google_ula=7327243,0
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
391
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
postback
s.srvsynd.com/2/2.43.1/234175/AP4v3tgJBZc63V4i/ 		0
145 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://s.srvsynd.com/2/2.43.1/234175/AP4v3tgJBZc63V4i/postback?ci=234175&dt=2341751597675869250012&di=www.baltimoresun.com&ui=f1a7817fe20f4597938371768ad6be84&ap=undefined&sr=connatix.com&de=2&md=2&pp=780864319626685&ti=x1212214887973369980443275100160&to=3&pv=8266dd6e-3c76-4285-9592-6a0ab89c378d&sid=AP4v3tgJBZc63V4i&oz_sc=d1a5b9c31009128bce120ef1&oz_df=1640872703117&oz_l=25205&cv=3
Requested by
Host: s.srvsynd.com
URL: https://s.srvsynd.com/2/2.43.1/main.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
34.226.87.209 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-226-87-209.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.baltimoresun.com/
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
*
Date
Thu, 30 Dec 2021 13:58:23 GMT
Timing-Allow-Origin
*
Content-Length
0
Vary
Origin
body.png
s0.2mdn.net/sadbundle/17569883881679332434/adc_RET_makemoney_300x250_HTML5/images/ Frame D149 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/17569883881679332434/adc_RET_makemoney_300x250_HTML5/images/body.png
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:823::2006 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9b00167bd1a8b5eff20eff2fe5e1fcace5b8b6a08e54ebdc6a1274d65cda1fb2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://s0.2mdn.net/sadbundle/17569883881679332434/adc_RET_makemoney_300x250_HTML5/adc_RET_makemoney_300x250_HTML5.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Sat, 25 Dec 2021 17:46:19 GMT
x-content-type-options
nosniff
age
418324
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3364
x-xss-protection
0
last-modified
Wed, 20 Oct 2021 18:11:29 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Sun, 25 Dec 2022 17:46:19 GMT
baltimoresun.com
pubcast-files.remixd.com/player-configs/ 		16 KB
17 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pubcast-files.remixd.com/player-configs/baltimoresun.com
Requested by
Host: tags.remixd.com
URL: https://tags.remixd.com/player/v5/index.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.38.143 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
143.38.190.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
cd22acc82061c31e346e4bdd6dad76ab9d2915f35c26c589c00fb63f9b8c8dc9

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 12:58:49 GMT
age
3574
x-guploader-uploadid
ADPycdsYKcJKphFxPA8LDN2LqFlWad5cK-tRAqI6cnSCPLx9JAJeji-9fs0RpdgGy_cwpTX7DlA-w9Y89VzsXsxMsdYzIzzP1w
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
3
x-goog-stored-content-encoding
identity
alt-svc
clear
content-length
16498
last-modified
Wed, 01 Dec 2021 18:41:25 GMT
server
UploadServer
etag
"5171e50a952533c48d9c957108fa6f9b"
x-goog-hash
crc32c=IfIUog==, md5=UXHlCpUlM8SNnJVxCPpvmw==
x-goog-generation
1638384085365585
access-control-allow-origin
*
access-control-expose-headers
Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=3600
x-goog-meta-cache-control
public, no-cache, must-revalidate
x-goog-stored-content-length
16498
accept-ranges
bytes
content-type
application/json
expires
Thu, 30 Dec 2021 13:58:49 GMT
/
znbkhvqf0zrgtvrlt-tribune.siteintercept.qualtrics.com/SIE/ 		7 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://znbkhvqf0zrgtvrlt-tribune.siteintercept.qualtrics.com/SIE/?Q_ZID=ZN_bkhVqF0ZrGTvRLT
Requested by
Host: t.co
URL: https://t.co/sWUTVYxdMM
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9f8384db37a0525c5cb15f466e68c7080e3fc9b702ca638e77d4b2f70b063f7f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:23 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
230676
cf-polished
origSize=8435
cf-ray
6c5bc85b6e9081e8-IAD
edge-control
max-age=604800
x-envoy-upstream-service-time
5
vary
Accept-Encoding
referrer-policy
strict-origin-when-cross-origin
cf-bgj
minify
server
cloudflare
etag
W/"20f3-Ka/0vQE1kibJXRO5HJYst+/JlKQ"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=3600, s-maxage=604800
timing-allow-origin
*
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
sync
eb2.3lift.com/ Frame CF84 		1 KB
1023 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eb2.3lift.com/sync?
Requested by
Host: ib.3lift.com
URL: https://ib.3lift.com/sync.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.223.22.214 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
afb83dd09526a6517.awsglobalaccelerator.com
Software
/
Resource Hash
ec89a17eee61ba72fc6d7013974c95b2ff08f8e1a12c13259d68d80fac34a88e

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/

Response headers

date
Thu, 30 Dec 2021 13:58:23 GMT
content-type
text/html; charset=utf-8
content-length
459
content-encoding
gzip
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
cache-control
no-cache, no-store, must-revalidate
optimus_rules.json
tags.crwdcntrl.net/lt/c/13200/ 		2 KB
849 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tags.crwdcntrl.net/lt/c/13200/optimus_rules.json
Requested by
Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/13200/lt.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.230.162.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-54-230-162-121.ewr53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
aa8acae55af2687e4def8fd9c2ab60ddb636c6895b70304fb0d295fcedf453ed

Request headers

Referer
https://www.baltimoresun.com/
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Wed, 29 Dec 2021 16:22:47 GMT
content-encoding
gzip
age
77737
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
access-control-allow-origin
*
last-modified
Tue, 23 Nov 2021 19:48:04 GMT
server
AmazonS3
etag
W/"44d6c694be30f47a3ffaa002a09e9835"
vary
Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods
GET
content-type
application/json
via
1.1 41ef018c4b3646a152209c05c1b3adf8.cloudfront.net (CloudFront)
cache-control
max-age: 86400
x-amz-cf-pop
EWR53-C3
x-amz-cf-id
MJgOatz0gBhukVrhi7SuShLLJ5cPbVEI9b8BcCftPFfkSKBqEcV5Vg==
load.js
widget.perfectmarket.com/tribunedigital-network/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://widget.perfectmarket.com/tribunedigital-network/load.js
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/tribunedigital-network/loader.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.65.181 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
7fb26c7aa8a0f21eb4cf37124706d49b568d5417e06c39bfa755b1613a1f8373

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id
zPPBPNVuQIKx9mFZx7n5m0zCpM.9fGQ1
content-encoding
gzip
etag
"e698d193db1b2fd0631ec46c1dc8a8fa"
age
271
x-cache
HIT, HIT
content-length
1424
x-amz-id-2
pXceNCl9avNxAdG6+8qSuvYIuvfIV9LWNij+jKgL/GBc+0Yfc1NEsmXZR/39flrOFPVnxWP+tdU=
x-served-by
cache-lax10624-LGB, cache-dca17729-DCA
last-modified
Thu, 17 Dec 2020 11:02:50 GMT
server
AmazonS3
x-timer
S1640872703.241364,VS0,VE1
date
Thu, 30 Dec 2021 13:58:23 GMT
vary
Accept-Encoding,,
x-amz-request-id
56GCSMQTSBVSYPKF
via
1.1 varnish, 1.1 varnish
cache-control
max-age=300
accept-ranges
bytes
content-type
application/javascript; charset=utf-8
x-cache-hits
1, 1
impl.20211230-7-RELEASE.js
cdn.taboola.com/libtrc/ 		615 KB
127 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.taboola.com/libtrc/impl.20211230-7-RELEASE.js
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/tribunedigital-network/loader.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3-br /
Resource Hash
8097a174e646a7c3e537b868df84168428fd1d8f75430e2eb171c33499c127cc

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id
OTHKOd.p.Vo2H2J7XEAkjB4z4sw23jFK
content-encoding
br
etag
"f4b76f353816cbcdb4e4f92ef07270ed"
age
14040
x-cache
HIT
content-length
129652
x-amz-id-2
Re2JB2mNYkZkA3QhxEaJfMjigA2RQZGXnST18i4USIcvzzkj9JZ6w/eR+0GqG+nq2IhnlBhgdmY=
x-served-by
cache-dca17780-DCA
last-modified
Thu, 30 Dec 2021 10:01:33 GMT
server
AmazonS3-br
x-timer
S1640872703.209601,VS0,VE0
date
Thu, 30 Dec 2021 13:58:23 GMT
vary
Accept-Encoding
x-amz-request-id
PDR30MVPPZ6F0EKA
via
1.1 varnish
cache-control
private,max-age=31536000
accept-ranges
bytes
content-type
application/javascript
abp
1
x-cache-hits
14
sodar
pagead2.googlesyndication.com/getconfig/ 		11 KB
8 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021120601&st=env
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
6a85d8df939a9605e57602f6da2a4a479653fd16f326f56a45db3d1dca79ad94
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 30 Dec 2021 13:58:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8628
x-xss-protection
0
cs.js
sb.scorecardresearch.com/internal-c2/default/
Redirect Chain
  • https://sb.scorecardresearch.com/c2/6036462/cs.js
  • https://sb.scorecardresearch.com/internal-c2/default/cs.js
0
350 B 		Script
General
Check archive.org
Download Go to
Full URL
https://sb.scorecardresearch.com/internal-c2/default/cs.js
Protocol
H2
Server
13.226.31.94 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-31-94.ewr53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:33:56 GMT
via
1.1 15b896d254f935ae71226074f7ea14b7.cloudfront.net (CloudFront)
etag
"d41d8cd98f00b204e9800998ecf8427e"
last-modified
Mon, 01 Mar 2021 20:42:20 GMT
server
AmazonS3
age
1468
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-type
application/javascript
x-amz-cf-pop
EWR53-C2
accept-ranges
bytes
content-length
0
x-amz-cf-id
EnWJvTC2zklEoaWMsdYN5nLpJyUSmpd9-sXXFym9-Ue7WmDsfDxxxA==

Redirect headers

date
Thu, 30 Dec 2021 13:58:23 GMT
via
1.1 15b896d254f935ae71226074f7ea14b7.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR53-C2
vary
Accept
x-cache
Miss from cloudfront
content-type
text/plain; charset=utf-8
location
/internal-c2/default/cs.js
content-length
48
x-amz-cf-id
2TAcDAxokzUJZ9dLCd139Qcxoa9AmtGpoZ6tw0iYFRy0czXHp30btg==
cta.png
s0.2mdn.net/sadbundle/17569883881679332434/adc_RET_makemoney_300x250_HTML5/images/ Frame D149 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/17569883881679332434/adc_RET_makemoney_300x250_HTML5/images/cta.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:823::2006 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2496e08f7905bc4ed641ed9e93365fe951e2d9d5a66d1dd42b052fb5179a398e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://s0.2mdn.net/sadbundle/17569883881679332434/adc_RET_makemoney_300x250_HTML5/adc_RET_makemoney_300x250_HTML5.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 28 Dec 2021 22:41:37 GMT
x-content-type-options
nosniff
age
141406
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1658
x-xss-protection
0
last-modified
Wed, 20 Oct 2021 18:11:29 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Wed, 28 Dec 2022 22:41:37 GMT
sodar2.js
tpc.googlesyndication.com/sodar/ 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:809::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6386
x-xss-protection
0
expires
Thu, 30 Dec 2021 13:58:23 GMT
truncated
/ Frame 2C83 		28 B
28 B 		Document
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1623f1d081160d976dd6588373dd6e73e24af9a6ff056a653ebd0fba2f355bcd

Request headers

Upgrade-Insecure-Requests
1
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type
text/html;charset=utf-8
i.js
tag.wknd.ai/2056/ 		511 KB
207 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tag.wknd.ai/2056/i.js
Requested by
Host: t.co
URL: https://t.co/sWUTVYxdMM
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.253.250 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
250.253.120.34.bc.googleusercontent.com
Software
fasthttp /
Resource Hash
b7d2581758831567a0a29de6c8a3d2cbaadc5e6eee7ae1c9d077ed34d03f97cb

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:57:23 GMT
content-encoding
gzip
server
fasthttp
age
60
etag
b7b6521715f466
content-type
text/plain; charset=utf-8
via
1.1 google
cache-control
public,max-age=60
x-region
us-central1
timing-allow-origin
*
alt-svc
clear
content-length
211177
link
<https://assets.bounceexchange.com>; rel=dns-prefetch, <https://events.bouncex.net>; rel=dns-prefetch, <https://data.cdnbasket.net>; rel=dns-prefetch, <https://page.cdnbasket.net>; rel=dns-prefetch, <https://view.cdnbasket.net>; rel=dns-prefetch, <https://ids.cdnwidget.com>; rel=dns-prefetch, <https://u.cdnwidget.com>; rel=dns-prefetch, <https://api.bounceexchange.com>; rel=preconnect, <https://pd.cdnwidget.com>; rel=preconnect
ads
pubads.g.doubleclick.net/gampad/ Frame FCD2 		6 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pubads.g.doubleclick.net/gampad/ads?iu=/92056281,4011/54098486&env=vp&gdfp_req=1&unviewed_position_start=1&ad_rule=1&output=xml_vmap1&sz=480x270&ciu_szs=300x60&description_url=https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&hl=en&vpa=auto&vpmute=1&vconp=2&cmsid=2460952&vid=1701381&cust_params=sessionKey=213384664-9O-d6nHSVOcDf6XQ%26schain=sendtonews.com,M9GXSLPIQGp0PH0Q6ZcjjQ%26content=8784%26placementType=Premium%26embed=N2Hxdj0R%26domain=baltimoresun.com%26player_size=large%26player_width=740%26player_height=416%26player_type=float%26version=65.21.10%26player_status=LVFPLNIY%26play_code=2008%26view100=1%26excl_cat=stl_id00157%26rand=3%26devicetype=desktop%26ums_taxonomy=/health%20and%20fitness/disease/cold%20and%20flu,/health%20and%20fitness/disease/epidemic,/law%20govt%20and%20politics%26ums_entities=fe459cd71e673841d3cba7259dbca983,TrueCare,Ray,Maryland%20Department%20of%20Health,U.S.%20Centers%20for%20Disease%20Control%20and%20Prevention,The%20Baltimore%20Sun.%20A%20Maryland%20Department%20of%20Health,U.S.%20Department%20of%20Health%20and%20Human%20Services,state%20health%20department%E2%80%99s%20inspector%20general,Jessicah%20Ray,licensed%20clinician,formerly%20deputy%20director,Maryland%20Department%20of%20Health%20coronavirus%20recovery%20program,health%20department%20personnel%26ums_keywords=state%20health%20department,Maryland%20Department%20of%20Health,Jessicah%20Ray%26iris_context=undefined
Requested by
Host: player.sendtonews.com
URL: https://player.sendtonews.com/player7/player/65.21.10/player.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.72.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s32-in-f2.1e100.net
Software
cafe /
Resource Hash
8221bdc70145c9154445252f23ebeed91ef6930354e1dafaffb1de2e88844593
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:23 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1286
x-xss-protection
0
google-lineitem-id
0
pragma
no-cache
server
cafe
google-creative-id
0
content-type
text/xml; charset=UTF-8
access-control-allow-origin
https://www.baltimoresun.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
xuid
eb2.3lift.com/ Frame CF84
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=svx9t50&ttd_tpi=1&gdpr=0&gdpr_consent=
  • https://eb2.3lift.com/xuid?mid=3658&xuid=e0abe75f-a4ea-4fff-b6a5-5da8b250c6e4&dongle=0cfd
37 B
352 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?mid=3658&xuid=e0abe75f-a4ea-4fff-b6a5-5da8b250c6e4&dongle=0cfd
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
H2
Server
52.223.22.214 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
afb83dd09526a6517.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:23 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:23 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://eb2.3lift.com/xuid?mid=3658&xuid=e0abe75f-a4ea-4fff-b6a5-5da8b250c6e4&dongle=0cfd
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
209
xuidmid=7976&xuid=WPai8rs4M&dongle=u6nf
eb2.3lift.com/ Frame CF84
Redirect Chain
  • https://ad.mrtnsvr.com/sync/triplelift
  • https://eb2.3lift.com/xuidmid=7976&xuid=WPai8rs4M&dongle=u6nf
37 B
155 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuidmid=7976&xuid=WPai8rs4M&dongle=u6nf
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
H2
Server
52.223.22.214 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
afb83dd09526a6517.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:23 GMT
cache-control
no-cache, no-store, must-revalidate
x-error
Not Found
content-length
37
content-type
image/gif

Redirect headers

location
https://eb2.3lift.com/xuidmid=7976&xuid=WPai8rs4M&dongle=u6nf
date
Thu, 30 Dec 2021 13:58:23 GMT
via
1.1 google
alt-svc
clear
content-length
92
vary
Origin
content-type
text/html; charset=utf-8
xuid
eb2.3lift.com/ Frame CF84
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=triplelift&google_cm&google_sc&gdpr=0&gdpr_consent=
  • https://eb2.3lift.com/xuid?mid=5989&xuid=CAESENSGDZ9yW8ZjIo6Rd-iHTcQ&dongle=c627&gdpr=0&gdpr_consent=&google_cver=1
37 B
352 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?mid=5989&xuid=CAESENSGDZ9yW8ZjIo6Rd-iHTcQ&dongle=c627&gdpr=0&gdpr_consent=&google_cver=1
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
H2
Server
52.223.22.214 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
afb83dd09526a6517.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:23 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:23 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://eb2.3lift.com/xuid?mid=5989&xuid=CAESENSGDZ9yW8ZjIo6Rd-iHTcQ&dongle=c627&gdpr=0&gdpr_consent=&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
332
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame CF84
Redirect Chain
  • https://eb2.3lift.com/sync/google/demand?sync=1&gdpr=0&gdpr_consent=
  • https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=0&gdpr_consent=&us_privacy=&google_hm=OTg2NTUwNjg0NjI1MjM5MjY1MQ%3D%3D
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=0&gdpr_consent=&us_privacy=&google_hm=OTg2NTUwNjg0NjI1MjM5MjY1MQ%3D%3D
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
H3
Server
142.250.65.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s71-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:23 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=0&gdpr_consent=&us_privacy=&google_hm=OTg2NTUwNjg0NjI1MjM5MjY1MQ%3D%3D
date
Thu, 30 Dec 2021 13:58:23 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
0
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
setuid
px.ads.linkedin.com/ Frame CF84 		0
706 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.ads.linkedin.com/setuid?partner=tripleliftdbredirect&tlUid=9865506846252392651&dbredirect=true&gdpr=0&consent=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:22 GMT
x-li-pop
afd-prod-lva1-x
x-msedge-ref
Ref A: 3B5D72461FE443349FE25EC73331C5C3 Ref B: ASHEDGE1419 Ref C: 2021-12-30T13:58:23Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-lva1
x-li-proto
http/2
content-length
0
x-li-uuid
AAXUXXKbaXi4pY1qFpuiuw==
xuid
eb2.3lift.com/ Frame CF84
Redirect Chain
  • https://pr-bh.ybp.yahoo.com/sync/triplelift/9865506846252392651?gdpr=0&gdpr_consent=
  • https://eb2.3lift.com/xuid?mid=2662&xuid=y-Me1qqhBE2oRwoIr.FbVh4obSv45srJ96iUT8lm66ow--~A&dongle=0883
37 B
352 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?mid=2662&xuid=y-Me1qqhBE2oRwoIr.FbVh4obSv45srJ96iUT8lm66ow--~A&dongle=0883
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
H2
Server
52.223.22.214 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
afb83dd09526a6517.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:23 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

date
Thu, 30 Dec 2021 13:58:23 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
location
https://eb2.3lift.com/xuid?mid=2662&xuid=y-Me1qqhBE2oRwoIr.FbVh4obSv45srJ96iUT8lm66ow--~A&dongle=0883
x-xss-protection
1; mode=block
content-length
0
x-content-type-options
nosniff
xuid
eb2.3lift.com/ Frame CF84
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=triplelift&user_id=9865506846252392651&gdpr=0&gdpr_consent=
  • https://ads.creative-serving.com/bsw_sync?bidswitch_ssp_id=triplelift&bsw_custom_parameter=84efc425-6b61-4040-bd22-124692c6664b
  • https://ads.creative-serving.com/ul_cb/bsw_sync?bidswitch_ssp_id=triplelift&bsw_custom_parameter=84efc425-6b61-4040-bd22-124692c6664b
  • https://x.bidswitch.net/sync?dsp_id=4&user_id=7b1da402-1df4-49d2-a432-a3660ada85a3&ssp=triplelift&expires=30&user_group=5&bsw_param=84efc425-6b61-4040-bd22-124692c6664b
  • https://eb2.3lift.com/xuid?mid=2409&xuid=84efc425-6b61-4040-bd22-124692c6664b&dongle=d3d3&gdpr=&gdpr_consent=&gdpr_pd=
37 B
352 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?mid=2409&xuid=84efc425-6b61-4040-bd22-124692c6664b&dongle=d3d3&gdpr=&gdpr_consent=&gdpr_pd=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
H2
Server
52.223.22.214 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
afb83dd09526a6517.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:23 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

Location
//eb2.3lift.com/xuid?mid=2409&xuid=84efc425-6b61-4040-bd22-124692c6664b&dongle=d3d3&gdpr=&gdpr_consent=&gdpr_pd=
Date
Thu, 30 Dec 2021 13:58:23 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
0
c.gif
c.bing.com/ Frame CF84 		42 B
674 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.bing.com/c.gif?xid=9865506846252392651&Red3=TLMS_pd
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/ ASP.NET
Resource Hash
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:23 GMT
etag
"4fbbfa5769d2d71:0"
last-modified
Fri, 05 Nov 2021 17:19:52 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 29BF0BE8DA544670B0B1DACE099964D4 Ref B: ASHEDGE1521 Ref C: 2021-12-30T13:58:23Z
x-powered-by
ASP.NET
x-cache
CONFIG_NOCACHE
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control
private, no-cache, proxy-revalidate, no-store
accept-ranges
bytes
content-type
image/gif
content-length
42
757c0557066e95cfd4c7
s.amazon-adsystem.com/x/ Frame CF84 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/x/757c0557066e95cfd4c7?gdpr=0&gdpr_consent=&uid=9865506846252392651
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
209.54.180.144 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers
xuid
eb2.3lift.com/ Frame CF84
Redirect Chain
  • https://b1sync.zemanta.com/usersync/triplelift?gdpr=0&gdpr_consent=
  • https://stags.bluekai.com/site/23178?id=uSv0OrXHcTHKOKS0Nm2e&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS6ZLCGIXDG3DJMZ2C4Y3PNUXXQ5LJMQ7WI33OM5WGKPLE...
  • https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS6ZLCGIXDG3DJMZ2C4Y3PNUXXQ5LJMQ7WI33OM5WGKPLEMJQTQJTFPBRWQYLOM5ST25DSNFYGYZLMNFTHIJTHMRYHEPJQEZWWSZB5GI2DMMBGPB2WSZB5OVJXMMCPOJMEQ...
  • https://eb2.3lift.com/xuid?dongle=dba8&gdpr=0&mid=2460&xuid=uSv0OrXHcTHKOKS0Nm2e
37 B
352 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?dongle=dba8&gdpr=0&mid=2460&xuid=uSv0OrXHcTHKOKS0Nm2e
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
H2
Server
52.223.22.214 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
afb83dd09526a6517.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:23 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

Pragma
no-cache
Date
Thu, 30 Dec 2021 13:58:23 GMT
P3p
CP="We do not support P3P header."
Location
https://eb2.3lift.com/xuid?dongle=dba8&gdpr=0&mid=2460&xuid=uSv0OrXHcTHKOKS0Nm2e
Cache-Control
no-cache, no-store, must-revalidate
Content-Type
text/html; charset=utf-8
Content-Length
115
Expires
Thu, 01 Dec 1994 16:00:00 GMT
postback
s.srvsynd.com/2/2.43.1/234175/AP4v3tgJBZc63V4i/ 		0
145 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://s.srvsynd.com/2/2.43.1/234175/AP4v3tgJBZc63V4i/postback?ci=234175&dt=2341751597675869250012&di=www.baltimoresun.com&ui=f1a7817fe20f4597938371768ad6be84&ap=undefined&sr=connatix.com&de=2&md=2&pp=780864319626685&ti=x1212214887973369980443275100160&to=3&pv=8266dd6e-3c76-4285-9592-6a0ab89c378d&sid=AP4v3tgJBZc63V4i&oz_sc=d1a5b9c31009128bce120ef1&oz_df=1640872703280&oz_l=164&cv=3
Requested by
Host: s.srvsynd.com
URL: https://s.srvsynd.com/2/2.43.1/main.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
34.226.87.209 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-226-87-209.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.baltimoresun.com/
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
*
Date
Thu, 30 Dec 2021 13:58:23 GMT
Timing-Allow-Origin
*
Content-Length
0
Vary
Origin
standard-player.html
tags.remixd.com/player/v5/players/ 		119 KB
27 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://tags.remixd.com/player/v5/players/standard-player.html
Requested by
Host: tags.remixd.com
URL: https://tags.remixd.com/player/v5/index.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.210.64 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-210-64.ewr50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
9227891ef9134bc380869626cce49072003826252e06ffbffec6bee99d53cc12

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:57:44 GMT
content-encoding
gzip
vary
Origin,Access-Control-Request-Headers,Access-Control-Request-Method
age
40
x-cache
Hit from cloudfront
access-control-allow-origin
*
last-modified
Mon, 06 Dec 2021 11:33:30 GMT
server
AmazonS3
etag
W/"828aa9417c29691c059a0f7c1e3ee4fa"
access-control-max-age
60
access-control-allow-methods
GET, HEAD
content-type
text/html
via
1.1 8fd19835f7197012a8cc880526cfcce2.cloudfront.net (CloudFront)
cache-control
public,max-age=1800
x-amz-cf-pop
EWR50-C1
x-amz-cf-id
OQNuRllHCf5a28ugydmRqLKBnRj9HUg1rbQFNre7-7q1nhaf5Ia-Dg==
h1.png
s0.2mdn.net/sadbundle/17569883881679332434/adc_RET_makemoney_300x250_HTML5/images/ Frame D149 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/17569883881679332434/adc_RET_makemoney_300x250_HTML5/images/h1.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:823::2006 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f7f6fe9d1fb6a41206bdeb0a87c1c82d5391f633fb25cee7da80334e9f7b7e0c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://s0.2mdn.net/sadbundle/17569883881679332434/adc_RET_makemoney_300x250_HTML5/adc_RET_makemoney_300x250_HTML5.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 28 Dec 2021 22:53:53 GMT
x-content-type-options
nosniff
age
140670
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1786
x-xss-protection
0
last-modified
Wed, 20 Oct 2021 18:11:29 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Wed, 28 Dec 2022 22:53:53 GMT
pmk-202010011.27.js
widget.perfectmarket.com/tribunedigital-network/ 		112 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://widget.perfectmarket.com/tribunedigital-network/pmk-202010011.27.js
Requested by
Host: widget.perfectmarket.com
URL: https://widget.perfectmarket.com/tribunedigital-network/load.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.65.181 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b7fb9aeafd2d878c9105c3dbda844cbc6b86855b92dfe660b0117f692284bc7c

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id
vFwti8OzZphvyKcnsCOphWOBBaaimv.v
content-encoding
gzip
etag
"7253bec5e4edc0dcd2517b9a3f645467"
age
6664720
x-cache
HIT, HIT
content-length
31166
x-amz-id-2
ZvVpbhbjqJPsTzDHGOCJRcYD5c9uZT4LGdyIe0lTG+Hy+wUVyH2L+dCAfwarn/3NaOPCGiMG5aM=
x-served-by
cache-sna10749-LGB, cache-dca17729-DCA
last-modified
Thu, 17 Dec 2020 11:02:49 GMT
server
AmazonS3
x-timer
S1640872703.338695,VS0,VE0
date
Thu, 30 Dec 2021 13:58:23 GMT
vary
Accept-Encoding,,
x-amz-request-id
XGQD5TZV79SPWS1Q
via
1.1 varnish, 1.1 varnish
cache-control
max-age=31536000
accept-ranges
bytes
content-type
application/javascript; charset=utf-8
x-cache-hits
2908, 2
12.8327016048e927965e51.chunk.js
siteintercept.qualtrics.com/dxjsmodule/ 		55 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://siteintercept.qualtrics.com/dxjsmodule/12.8327016048e927965e51.chunk.js?Q_CLIENTVERSION=1.64.1&Q_CLIENTTYPE=web&Q_BRANDID=www.baltimoresun.com
Requested by
Host: znbkhvqf0zrgtvrlt-tribune.siteintercept.qualtrics.com
URL: https://znbkhvqf0zrgtvrlt-tribune.siteintercept.qualtrics.com/SIE/?Q_ZID=ZN_bkhVqF0ZrGTvRLT
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
878227787bfdfdc233209277b711325be189981949e62797f2b8413f1931c261
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:23 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
47044
cf-polished
origSize=57365
cf-ray
6c5bc85c0f5c81e8-IAD
edge-control
max-age=604800
x-envoy-upstream-service-time
5
vary
Accept-Encoding
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 14 Dec 2021 22:49:08 GMT
server
cloudflare
etag
W/"e015-17dbb229ea0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=604800, s-maxage=604800
timing-allow-origin
*
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
cf-bgj
minify
json
trc.taboola.com/tribunedigital-baltimoresun/trc/3/ 		71 KB
22 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://trc.taboola.com/tribunedigital-baltimoresun/trc/3/json?tim=13%3A58%3A23.389&lti=deflated&data=%7B%22id%22%3A650%2C%22ii%22%3A%22%2Fcoronavirus%2Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html%22%2C%22it%22%3A%22text%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22uifp%22%3Anull%2C%22lbt%22%3A1640860331968%2C%22vi%22%3A1640872703386%2C%22cv%22%3A%2220211230-7-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fwww.baltimoresun.com%2Fcoronavirus%2Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html%22%2C%22bv%22%3A%220%22%2C%22ul%22%3A%5B%22en-US%22%2C%22en%22%5D%2C%22btv%22%3A%220%22%2C%22cos%22%3A%224g%22%2C%22bu%22%3A%22https%3A%2F%2Fwww.baltimoresun.com%2Fcoronavirus%2Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html%22%2C%22e%22%3A%22https%3A%2F%2Ft.co%2F%22%2C%22bad%22%3A-1%2C%22sw%22%3A1600%2C%22sh%22%3A1200%2C%22bw%22%3A1600%2C%22sde%22%3A%221.000%22%2C%22bh%22%3A1200%2C%22dw%22%3A1600%2C%22dh%22%3A7716%2C%22nsid%22%3A%22tribunedigital-network%22%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A6%2C%22uim%22%3A%22thumbs-1r%3Apub%3Dtribunedigital-network%3Aabp%3D0%22%2C%22uip%22%3A%22below-article-thumbs_ARC%22%2C%22orig_uip%22%3A%22below-article-thumbs_ARC%22%2C%22cd%22%3A7085%2C%22mw%22%3A788%7D%2C%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A4%2C%22uim%22%3A%22thumbnails-rr2%3Apub%3Dtribunedigital-network%3Aabp%3D0%22%2C%22uip%22%3A%22taboola-right-rail-thumbnails_arc%22%2C%22orig_uip%22%3A%22taboola-right-rail-thumbnails_arc%22%2C%22cd%22%3A2358%2C%22mw%22%3A388%7D%5D%2C%22cacheKey%22%3A%22text%3D%2Fcoronavirus%2Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html%2Cbelow-article-thumbs_ARC%3Dthumbs-1r%3Apub%3Dtribunedigital-network%3Aabp%3D0%2C%2Ctaboola-right-rail-thumbnails_arc%3Dthumbnails-rr2%3Apub%3Dtribunedigital-network%3Aabp%3D0%22%2C%22cb%22%3A%22TRC.callbacks.recommendations_1%22%2C%22lt%22%3A%22deflated%22%7D&llvl=2
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20211230-7-RELEASE.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
2070f3136990107c194f441e3e82cd766bc0c86caf7ca00a93b5c8db8af25fdc

Request headers

Referer
https://www.baltimoresun.com/
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain

Response headers

x-vcl-time-ms
859
date
Thu, 30 Dec 2021 13:58:24 GMT
content-encoding
gzip
server
nginx
x-timer
S1640872703.398140,VS0,VE859
x-served-by
cache-dca17780-DCA
vary
Accept-Encoding
x-cache
MISS
p3p
policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin
https://www.baltimoresun.com
access-control-allow-credentials
true
accept-ranges
bytes
content-type
application/javascript; charset=utf-8
via
1.1 varnish
x-cache-hits
0
integrator.js
adservice.google.com/adsid/ Frame FCD2 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=www.baltimoresun.com
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:822::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 30 Dec 2021 13:58:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
h2.png
s0.2mdn.net/sadbundle/17569883881679332434/adc_RET_makemoney_300x250_HTML5/images/ Frame D149 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/17569883881679332434/adc_RET_makemoney_300x250_HTML5/images/h2.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:823::2006 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
de714201a45a5a6ebcbb2054203fbc5b86fa149a5e396e32606afc4a23f87bb2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://s0.2mdn.net/sadbundle/17569883881679332434/adc_RET_makemoney_300x250_HTML5/adc_RET_makemoney_300x250_HTML5.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 29 Dec 2021 17:41:11 GMT
x-content-type-options
nosniff
age
73032
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2234
x-xss-protection
0
last-modified
Wed, 20 Oct 2021 18:11:29 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 29 Dec 2022 17:41:11 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 0AD3 		13 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:809::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length
5046
date
Wed, 29 Dec 2021 16:12:40 GMT
expires
Thu, 29 Dec 2022 16:12:40 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
78343
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
aframe
www.google.com/recaptcha/api2/ Frame DA7C 		783 B
535 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:807::2004 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
1a433a6a57c07eb1d2754e06d6fc413dfd4464b8e5c67b30597aff484885a9b5
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-XXs53Lv4Qi+7Sgudv93QHg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/

Response headers

cross-origin-resource-policy
cross-origin
cross-origin-embedder-policy
require-corp
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires
Thu, 30 Dec 2021 13:58:23 GMT
date
Thu, 30 Dec 2021 13:58:23 GMT
cache-control
private, max-age=300
content-type
text/html; charset=utf-8
content-security-policy
script-src 'report-sample' 'nonce-XXs53Lv4Qi+7Sgudv93QHg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
513
server
GSE
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
results.txt
fx5bs3qxg6thgyonxl7q-p2hmtf-b2a56155f-clientnsv4-s.akamaihd.net/eum/ Frame 595C
Redirect Chain
  • https://trial-eum-clientnsv4-s.akamaihd.net/eum/getdns.txt?c=p2hmtflvb
  • https://fx5bs3qxg6thgyonxl7q-p2hmtf-b2a56155f-clientnsv4-s.akamaihd.net/eum/results.txt
8 B
312 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fx5bs3qxg6thgyonxl7q-p2hmtf-b2a56155f-clientnsv4-s.akamaihd.net/eum/results.txt
Protocol
HTTP/1.1
Server
23.55.166.115 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-55-166-115.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
662efaf46c617ddbcb8ff4a2a8f64cffd3d93630f1003f8e66511f369b87730f

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 30 Dec 2021 13:58:23 GMT
Last-Modified
Wed, 08 May 2013 07:51:12 GMT
Server
AkamaiNetStorage
ETag
"402e7a087747cb56c718bde84651f96a:1367999472"
Content-Type
text/plain
Access-Control-Allow-Origin
*
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
8

Redirect headers

Location
https://fx5bs3qxg6thgyonxl7q-p2hmtf-b2a56155f-clientnsv4-s.akamaihd.net/eum/results.txt
Date
Thu, 30 Dec 2021 13:58:23 GMT
Server
AkamaiGHost
Connection
keep-alive
Access-Control-Allow-Origin
*
Content-Length
0
results.txt
fif7gbaea4aaajqacqnqaeyaabq43ox7-p2hmtf-4de565b37-clienttons-s.akamaihd.net/eum/ Frame 595C
Redirect Chain
  • https://trial-eum-clienttons-s.akamaihd.net/eum/getdns.txt?c=p2hmtflvb
  • https://fif7gbaea4aaajqacqnqaeyaabq43ox7-p2hmtf-4de565b37-clienttons-s.akamaihd.net/eum/results.txt
8 B
312 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fif7gbaea4aaajqacqnqaeyaabq43ox7-p2hmtf-4de565b37-clienttons-s.akamaihd.net/eum/results.txt
Protocol
HTTP/1.1
Server
2600:141b:13::17d7:82da New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
662efaf46c617ddbcb8ff4a2a8f64cffd3d93630f1003f8e66511f369b87730f

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 30 Dec 2021 13:58:23 GMT
Last-Modified
Wed, 08 May 2013 07:51:12 GMT
Server
AkamaiNetStorage
ETag
"402e7a087747cb56c718bde84651f96a:1367999472"
Content-Type
text/plain
Access-Control-Allow-Origin
*
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
8

Redirect headers

Location
https://fif7gbaea4aaajqacqnqaeyaabq43ox7-p2hmtf-4de565b37-clienttons-s.akamaihd.net/eum/results.txt
Date
Thu, 30 Dec 2021 13:58:23 GMT
Server
AkamaiGHost
Connection
keep-alive
Access-Control-Allow-Origin
*
Content-Length
0
ijs_all_modules_cjs_min_3a4888a29ab77d37f7af68772d0af770.js
assets.bounceexchange.com/assets/smart-tag/versioned/ 		621 KB
152 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/smart-tag/versioned/ijs_all_modules_cjs_min_3a4888a29ab77d37f7af68772d0af770.js
Requested by
Host: tag.wknd.ai
URL: https://tag.wknd.ai/2056/i.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
05bfcd506e58aec520b3d5a2b61583d9c4a9e6c6d790fae07e711a872cfb0838

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 01:16:54 GMT
content-encoding
gzip
age
45689
x-guploader-uploadid
ADPycdsm26nzUkNPnbPF4dnHVtt0o049TPpE9-0vPtzoCrUPmnleh8SSDII8HxtipIcPV13Re31oFbNvgoVAIe3kzufmdPHFGw
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
clear
content-length
155317
last-modified
Wed, 22 Dec 2021 16:17:18 GMT
server
UploadServer
etag
"6c365bf8b05c90f0ab87707c859cad1a"
vary
Accept-Encoding
x-goog-hash
crc32c=Plmrqg==, md5=bDZb+LBckPCrh3B8hZytGg==
x-goog-generation
1640189838582926
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
155317
accept-ranges
bytes
content-type
text/javascript
expires
Fri, 30 Dec 2022 01:16:54 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 3060 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BSQ1-_brNYdbROMPK_gSfi4yIDwAAAAA4AeAEAg&bg=!dXaldjLNAAZKWFskSlg7ACkAdvg8Wv8NdFc14NGoFwuxRN4RD_YdW4TlGmj6LJZ2VBeZr3DSOtWghwIAAAEdUgAAAFloAQeZAwIGdO-z2e1XlY9PC0naOucotCAjVICKjfyYkFOrsZ7TMdVc6_Qjom99GQhuS7euLlAEC13YX6e9YWpnIy-m0xK1v3Uo1a7-qdL4g6ipU9qlokasrXAIyVrLsvEw6mm5uVgpU-3vUY157clAArmHO4540hxQRTisS4UctmQNykcLkfEjU7s5kVLUluanSz8frCoZrfp7duvq1bEpYZ1bc7D2nq2H-Vf8ezURTQiCtI2mA2GWp1_wBGtd3TAH0-38WqEElx_2sRzAz23lNIOiIJmw1rMsdm8ksNPN6Rj0tbPz-4r_51l4sJWJ1ouaNvPoDaUkq55n4ZJHulyhHEMTjP-NV22RxpkL043COWmYz38FmZ1efjqUlUTTpsTBxnb-wyRxHrG9SwaExUXlNsnCdgxsNliC3AXQDDQxzq1jkouYIsdUKWKKQlhqzc2wcXnRT6rA5Fc7RW3K851QP_JyUz8Oe1QSfwyYOJNWMJXn0o-ZYOlQ4yhoTK6nRG8lM5tUrYA8EknRnf40BcU2wJynucKU8Cb4IzfvZ293_CAYwibGeTjX9tCLfgcE_NQRkSAm63o-cj6rmwccBDsoril5-n8LhGFjblJZpWqFTSi6zA-rVBl4zY1sjTvqgsM2OUTBFHsVOQrV78YXkjvy1Dp641RMfLI2TMFaBB7dae6xeAJikwv7ipvzJOC2bx82XWBRK4RUMKKjezs8ozrtkDLsd-L9dP4grLDtKQWCpCIb8jRbdiYVJsoVZ0jgj1kseXD85kbu_CgecOy-cDgbCeqlF413sQX2fZMoFxo0iLx56W-eGfsz5fnojexNHsEuHQ668VhvK1GJEx7PGwMhy8FxC9dI80w4uLm4f15uNYFxJGBLdoZrUdTcHUyeunJYrgx0_jWFE_lMUVBQQfjVI7mJJm9h4PvnIWpgQIrWWSzh7xaXln5NLyzH5kb3wRvk5OMz93o__giLlq5YZUAqZM9rnv3nx7Vdno5y4qnWclIPIV_g3nrLzLYbPnrI31q6GbN10PwXUQ
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:23 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
FUtg69tL.js
cdn.jwplayer.com/libraries/ Frame 95EE 		115 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jwplayer.com/libraries/FUtg69tL.js
Requested by
Host: tags.remixd.com
URL: https://tags.remixd.com/player/v5/index.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21da:9a00:1:a3fa:7cc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
openresty /
Resource Hash
611e62123af6134c31493f663d3e4b0db17776b501611ec2a3ba790956303043

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:57:42 GMT
content-encoding
gzip
server
openresty
age
41
x-cache
Hit from cloudfront
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=150, max-stale=180
x-amz-cf-pop
EWR53-C1
content-length
39092
via
1.1 285f391916b519587cefa0e29513e1ed.cloudfront.net (CloudFront)
x-amz-cf-id
HkXjBxO5KPwzdOrG82Ac0l2zqR2lEFg4qcDE0_K6uOWAbGrwABbVWA==
expires
Thu, 30 Dec 2021 13:57:30 GMT
h3.png
s0.2mdn.net/sadbundle/17569883881679332434/adc_RET_makemoney_300x250_HTML5/images/ Frame D149 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/17569883881679332434/adc_RET_makemoney_300x250_HTML5/images/h3.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:823::2006 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
289d845103cad048511dd9dc30e71bd407c44a954284ebc0f578d6adc18cd139
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://s0.2mdn.net/sadbundle/17569883881679332434/adc_RET_makemoney_300x250_HTML5/adc_RET_makemoney_300x250_HTML5.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Sat, 25 Dec 2021 19:14:26 GMT
x-content-type-options
nosniff
age
413037
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2424
x-xss-protection
0
last-modified
Wed, 20 Oct 2021 18:11:29 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Sun, 25 Dec 2022 19:14:26 GMT
Targeting.php
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 		3 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Targeting.php?Q_ZoneID=ZN_bkhVqF0ZrGTvRLT&Q_CLIENTVERSION=1.64.1&Q_CLIENTTYPE=web
Requested by
Host: siteintercept.qualtrics.com
URL: https://siteintercept.qualtrics.com/dxjsmodule/12.8327016048e927965e51.chunk.js?Q_CLIENTVERSION=1.64.1&Q_CLIENTTYPE=web&Q_BRANDID=www.baltimoresun.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
20195593806d0981e14b859212c46a8d27612fff906d4f2714f0221730390f39
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.baltimoresun.com/
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Thu, 30 Dec 2021 13:58:23 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-envoy-upstream-service-time
8
strict-transport-security
max-age=31536000; includeSubDomains; preload
timing-allow-origin
*
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://www.baltimoresun.com
cache-control
no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials
true
trace-id
86ca7c699cb21d95
cf-ray
6c5bc85d493181e8-IAD
logos.png
s0.2mdn.net/sadbundle/17569883881679332434/adc_RET_makemoney_300x250_HTML5/images/ Frame D149 		12 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/17569883881679332434/adc_RET_makemoney_300x250_HTML5/images/logos.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:823::2006 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c06400bc83a93b1f376c538f8d1476b2a5c7c470cd5a34bc3af91e6b1decd71c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://s0.2mdn.net/sadbundle/17569883881679332434/adc_RET_makemoney_300x250_HTML5/adc_RET_makemoney_300x250_HTML5.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 29 Dec 2021 16:12:23 GMT
x-content-type-options
nosniff
age
78360
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12397
x-xss-protection
0
last-modified
Wed, 20 Oct 2021 18:11:29 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 29 Dec 2022 16:12:23 GMT
/
data.cdnbasket.net/ 		57 B
406 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://data.cdnbasket.net/
Requested by
Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/ijs_all_modules_cjs_min_3a4888a29ab77d37f7af68772d0af770.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.190.31.44 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
44.31.190.35.bc.googleusercontent.com
Software
/
Resource Hash
df3e24422f84a464cc849484047d96fe2b0039f06f4878df502426422aab729d

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 30 Dec 2021 13:58:23 GMT
Transfer-Encoding
chunked
Content-Type
application/json
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Timing-Allow-Origin
*
Access-Control-Allow-Headers
Origin, Content-Type, Accept
Expires
0
/
page.cdnbasket.net/ 		57 B
406 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://page.cdnbasket.net/
Requested by
Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/ijs_all_modules_cjs_min_3a4888a29ab77d37f7af68772d0af770.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.186.193.0 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
0.193.186.35.bc.googleusercontent.com
Software
/
Resource Hash
30eb5f04fda6ace9d2b2688ac03c600c6bddb3f6084553c6c766c48845a0681c

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 30 Dec 2021 13:58:23 GMT
Transfer-Encoding
chunked
Content-Type
application/json
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Timing-Allow-Origin
*
Access-Control-Allow-Headers
Origin, Content-Type, Accept
Expires
0
/
view.cdnbasket.net/ 		100 B
449 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://view.cdnbasket.net/
Requested by
Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/ijs_all_modules_cjs_min_3a4888a29ab77d37f7af68772d0af770.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.190.65.91 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
91.65.190.35.bc.googleusercontent.com
Software
/
Resource Hash
1614b96024fccacb8eb3ccea78f91c0c0fb374eb89c4e47434d34f5949c8a0ae

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 30 Dec 2021 13:58:23 GMT
Transfer-Encoding
chunked
Content-Type
application/json
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Timing-Allow-Origin
*
Access-Control-Allow-Headers
Origin, Content-Type, Accept
Expires
0
postback
s.srvsynd.com/2/2.43.1/234175/AP4v3tgJBZc63V4i/ 		0
145 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://s.srvsynd.com/2/2.43.1/234175/AP4v3tgJBZc63V4i/postback?ci=234175&dt=2341751597675869250012&di=www.baltimoresun.com&ui=f1a7817fe20f4597938371768ad6be84&ap=undefined&sr=connatix.com&de=2&md=2&pp=780864319626685&ti=x1212214887973369980443275100160&to=3&pv=8266dd6e-3c76-4285-9592-6a0ab89c378d&sid=AP4v3tgJBZc63V4i&oz_sc=d1a5b9c31009128bce120ef1&oz_df=1640872703582&oz_l=33&cv=3
Requested by
Host: s.srvsynd.com
URL: https://s.srvsynd.com/2/2.43.1/main.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
34.226.87.209 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-226-87-209.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.baltimoresun.com/
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
*
Date
Thu, 30 Dec 2021 13:58:23 GMT
Timing-Allow-Origin
*
Content-Length
0
Vary
Origin
led5or6qk6basanc4h88aotofqriy51h.jpg
d29xw9s9x32j3w.cloudfront.net/videos/video_thumb/XL/ Frame FCD2 		24 KB
25 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d29xw9s9x32j3w.cloudfront.net/videos/video_thumb/XL/led5or6qk6basanc4h88aotofqriy51h.jpg
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/video.js/7.11.4/video.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.31.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-31-90.ewr53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
8dff895e37b835b6c8b61a53d2eb55ff2203292771138535b40767c401935a44

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 29 Dec 2021 17:11:48 GMT
via
1.1 80bad22a3308bca7ca55a6da6a46dad4.cloudfront.net (CloudFront)
last-modified
Wed, 29 Dec 2021 17:09:46 GMT
server
AmazonS3
age
74796
etag
"0d07fd1265d3af3d97bef849aba8c4fb"
x-cache
Hit from cloudfront
content-type
image/jpeg
x-amz-storage-class
REDUCED_REDUNDANCY
content-disposition
attachment
x-amz-cf-pop
EWR53-C2
accept-ranges
bytes
content-length
24891
x-amz-cf-id
GAUS1uOkqDgP6Bpo0WcWvmW3K9RmHuzJzYTYEZPh_VgN5t_jvwHaUQ==
66217q764337q34qpp4oq7283730op61base.en.vtt
d29xw9s9x32j3w.cloudfront.net/videos/cc_text/ Frame FCD2 		10 KB
11 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://d29xw9s9x32j3w.cloudfront.net/videos/cc_text/66217q764337q34qpp4oq7283730op61base.en.vtt
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/video.js/7.11.4/video.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.31.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-31-90.ewr53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b8c58a9dd82e0d8f354035a424fece887b03aa40be27fd9c0d0dcfaa9857f813

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:54:36 GMT
via
1.1 94344436af750794f6bc9899d89d3a0a.cloudfront.net (CloudFront)
age
228
x-cache
Hit from cloudfront
content-length
10363
last-modified
Wed, 29 Dec 2021 17:07:54 GMT
server
AmazonS3
etag
"de4089818a92749bbfc2e12525fc1863"
vary
Origin
access-control-allow-methods
GET, HEAD, POST
content-type
text/vtt
access-control-allow-origin
*
access-control-expose-headers
Access-Control-Allow-Origin, Access-Control-Allow-Credentials
x-amz-cf-pop
EWR53-C2
accept-ranges
bytes
x-amz-cf-id
5sZ24IZ8z4hIf023xRiidxct-cwSS742SJp1B2QhoIc6Wt45GpRaXg==
stn_trk.gif
s2l.sendtonews.com/ Frame FCD2 		26 B
186 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s2l.sendtonews.com/stn_trk.gif?session=9O-d6nHSVOcDf6XQ&instance=213384664&version=65.21.10&age=211230&ldt=IMA&key=N2Hxdj0R&seq=1&order=5&recoveryMethod=SSAI&imaVersion=3.493.0&blocked=false&recovered=false
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
100.25.5.11 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-100-25-5-11.compute-1.amazonaws.com
Software
Apache/2.4.41 (Ubuntu) /
Resource Hash
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:23 GMT
last-modified
Wed, 23 Dec 2020 21:38:39 GMT
server
Apache/2.4.41 (Ubuntu)
accept-ranges
bytes
etag
"1a-5b72883b37f80"
content-length
26
content-type
image/gif
integrator.js
adservice.google.com/adsid/ Frame E1DD 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:822::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 30 Dec 2021 13:58:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
local_storage_frame16.min.html
assets.bounceexchange.com/assets/bounce/ Frame 50C6 		2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/bounce/local_storage_frame16.min.html
Requested by
Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/ijs_all_modules_cjs_min_3a4888a29ab77d37f7af68772d0af770.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
f2f11e4d45030f1f21ec7d3ae67a65b83c4c67016fe861fbebdff04ca0c8cd60

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/

Response headers

x-guploader-uploadid
ADPycds8PRMi3j56uZ8n-6c6lf_kEDkbmQqOTxrDJ6MVk2ZPUb3lBnqPjpZF_mKLYERPfby19jJqpwIx7IDE5_QY6eYXFumf5A
date
Wed, 29 Dec 2021 04:03:45 GMT
expires
Thu, 29 Dec 2022 04:03:45 GMT
last-modified
Fri, 17 Dec 2021 16:58:39 GMT
etag
"5f42635f07a2ede6fd9c859d0c1df260"
x-goog-generation
1639760318956475
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
x-goog-stored-content-length
1055
content-type
text/html; charset=UTF-8
content-encoding
gzip
x-goog-hash
crc32c=43+dGw== md5=X0JjXwei7eb9nIWdDB3yYA==
x-goog-storage-class
MULTI_REGIONAL
accept-ranges
bytes
vary
Accept-Encoding
content-length
1055
access-control-allow-origin
*
access-control-expose-headers
etag Content-Type
server
UploadServer
age
122078
cache-control
public,max-age=31536000
alt-svc
clear
08r380qonqoo8q9993p650o7993o965rplaylist.m3u8
d29xw9s9x32j3w.cloudfront.net/videos/m3u8/ Frame FCD2 		291 B
840 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://d29xw9s9x32j3w.cloudfront.net/videos/m3u8/08r380qonqoo8q9993p650o7993o965rplaylist.m3u8
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/video.js/7.11.4/video.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.31.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-31-90.ewr53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d14e69a9e761cb31b90acde1d2d11e03fc8f63b3c2d3a17320021592c7437a7d

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:54:36 GMT
via
1.1 94344436af750794f6bc9899d89d3a0a.cloudfront.net (CloudFront)
age
228
x-cache
Hit from cloudfront
x-amz-storage-class
REDUCED_REDUNDANCY
content-disposition
attachment
content-length
291
last-modified
Wed, 29 Dec 2021 17:06:09 GMT
server
AmazonS3
etag
"e7e526ad7c0eac7fe53ef97dfa1ca5e4"
vary
Origin
access-control-allow-methods
GET, HEAD, POST
content-type
application/x-mpegURL
access-control-allow-origin
*
access-control-expose-headers
Access-Control-Allow-Origin, Access-Control-Allow-Credentials
cache-control
max-age=86400
x-amz-cf-pop
EWR53-C2
accept-ranges
bytes
x-amz-cf-id
gcFsS0FMV1F87kpGYDY3q95tMoHSpl6Mw5MGkKrPpdzx3LaMjAdTjw==
CoreModule.js
siteintercept.qualtrics.com/dxjsmodule/ 		99 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://siteintercept.qualtrics.com/dxjsmodule/CoreModule.js?Q_CLIENTVERSION=1.64.1&Q_CLIENTTYPE=web&Q_BRANDID=tribune
Requested by
Host: siteintercept.qualtrics.com
URL: https://siteintercept.qualtrics.com/dxjsmodule/12.8327016048e927965e51.chunk.js?Q_CLIENTVERSION=1.64.1&Q_CLIENTTYPE=web&Q_BRANDID=www.baltimoresun.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
319a3cc5c9b91c326cd8b31930650ec7afa7d00dfb4c8f59bf0d4ed0f5ca1526
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:23 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
47013
cf-polished
origSize=102657
cf-ray
6c5bc85e8b1481e8-IAD
edge-control
max-age=604800
x-envoy-upstream-service-time
16
vary
Accept-Encoding
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 14 Dec 2021 22:49:08 GMT
server
cloudflare
etag
W/"19101-17dbb229ea0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=604800, s-maxage=604800
timing-allow-origin
*
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
cf-bgj
minify
sodar
pagead2.googlesyndication.com/pagead/ Frame DA7C 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2021120601&jk=2285181733356244&rc=null
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers
tape1.png
s0.2mdn.net/sadbundle/17569883881679332434/adc_RET_makemoney_300x250_HTML5/images/ Frame D149 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/17569883881679332434/adc_RET_makemoney_300x250_HTML5/images/tape1.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:823::2006 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
75deaa11b0d180d4c21bc7df7bbe91b772f859db7f9cad11f80f2102c64527a8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://s0.2mdn.net/sadbundle/17569883881679332434/adc_RET_makemoney_300x250_HTML5/adc_RET_makemoney_300x250_HTML5.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 21:20:57 GMT
x-content-type-options
nosniff
age
578246
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9662
x-xss-protection
0
last-modified
Wed, 20 Oct 2021 18:11:29 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 23 Dec 2022 21:20:57 GMT
idsync.js
playerservices.live.streamtheworld.com/api/ Frame 95EE
Redirect Chain
  • https://playerservices.live.streamtheworld.com/api/idsync.js?stationId=297663&gdpr=&gdpr_consent=&us_privacy=
  • https://playerservices.live.streamtheworld.com/api/idsync.js?stationId=297663&gdpr=&gdpr_consent=&us_privacy=&bounce=true
938 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://playerservices.live.streamtheworld.com/api/idsync.js?stationId=297663&gdpr=&gdpr_consent=&us_privacy=&bounce=true
Protocol
HTTP/1.1
Server
192.173.29.77 , Canada, ASN13360 (TRITONDIGITAL, CA),
Reverse DNS
Software
/
Resource Hash
9a2d3304493ce1111daee9adba848901e42f8c7d21bed90975a5a6d1dedb2860

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:23 GMT
x-stw-ps
mtl-strc-docker01_8082
x-stw-site
MTL
p3p
policyref="http://tds.media.streamtheworld.com/w3c/policy/tds-p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-language
en-US
access-control-allow-origin
*
connection
close
content-type
application/javascript; charset=ISO-8859-1

Redirect headers

date
Thu, 30 Dec 2021 13:58:23 GMT
x-stw-ps
mtl-strc-docker01_8082
x-stw-site
MTL
p3p
policyref="http://tds.media.streamtheworld.com/w3c/policy/tds-p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
location
https://playerservices.live.streamtheworld.com/api/idsync.js?stationId=297663&gdpr=&gdpr_consent=&us_privacy=&bounce=true
content-language
en-US
access-control-allow-origin
*
connection
close
content-type
application/javascript; charset=ISO-8859-1
usync.html
eus.rubiconproject.com/ Frame 9A56
Redirect Chain
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=22106&endpoint=us-east&gdpr=&gdpr_consent=&us_privacy=
  • https://eus.rubiconproject.com/usync.html?p=22106&endpoint=us-east&gdpr=&gdpr_consent=&us_privacy=
281 B
554 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?p=22106&endpoint=us-east&gdpr=&gdpr_consent=&us_privacy=
Requested by
Host: t.co
URL: https://t.co/sWUTVYxdMM
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.73.244.44 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-73-244-44.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/

Response headers

Server
Apache/2.2.15 (CentOS)
Last-Modified
Tue, 14 Dec 2021 23:07:59 GMT
ETag
"402b2-119-5d32342a551c0"
Accept-Ranges
bytes
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Thu, 30 Dec 2021 13:58:23 GMT
Connection
keep-alive
Vary
Accept-Encoding

Redirect headers

Server
AkamaiGHost
Content-Length
0
Location
https://eus.rubiconproject.com/usync.html?p=22106&endpoint=us-east&gdpr=&gdpr_consent=&us_privacy=
Date
Thu, 30 Dec 2021 13:58:23 GMT
Connection
keep-alive
Access-Control-Allow-Credentials
true
Access-Control-Allow-Origin
*
register2.php
synchrobox.adswizz.com/ Frame 95EE 		589 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://synchrobox.adswizz.com/register2.php
Requested by
Host: t.co
URL: https://t.co/sWUTVYxdMM
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.248.104.197 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-248-104-197.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
7087fef813ede5ae1c4e78959a30d1a76ff8e10e74ce4e7a379eb39a7e646c7f

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Access-Control-Allow-Methods
GET, HEAD, OPTIONS, POST, PUT
P3P
CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
true
Connection
keep-alive
content-type
text/javascript
Access-Control-Allow-Headers
Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization
Content-Length
589
bulk_sync.js
geo.ads.audio.thisisdax.com/ Frame 95EE 		2 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://geo.ads.audio.thisisdax.com/bulk_sync.js?cb=1640872704
Requested by
Host: t.co
URL: https://t.co/sWUTVYxdMM
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
3.127.201.35 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-127-201-35.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
84b0dce2e4672388f88fa115fcd8689047e3aea197da5786861582a63e73f0b8

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 30 Dec 2021 13:58:24 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
2366
Content-Type
application/json; charset=UTF-8
css2
fonts.googleapis.com/ Frame 95EE 		3 KB
492 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Barlow:wght@400;500;600&display=swap
Requested by
Host: t.co
URL: https://t.co/sWUTVYxdMM
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81d::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
60de22f54cc58673248512de11eeaef5e4dcdd9d90883727ec2ba1de23e4c57b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Thu, 30 Dec 2021 12:51:28 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Thu, 30 Dec 2021 13:58:23 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 30 Dec 2021 13:58:23 GMT
ping.gif
player-files.remixd.com/ Frame 95EE 		43 B
548 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://player-files.remixd.com/ping.gif?action=playerImpression&userId=null&referrerUrl=https%3A%2F%2Fwww.baltimoresun.com%2Fcoronavirus%2Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&domain=baltimoresun.com&adDuration=&inViewDuration=&sessionDuration=6&sessionId=7f4f4d0c-d6ca-49cc-a1cd-b155c4b26614&volume=null&speed=1&position=null&mediaLength=null&isAMP=false
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.38.143 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
143.38.190.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
1d4a78769df11981630c482bfe090ec752e4a7401e15e79abd8d351f6e034903

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:23 GMT
x-guploader-uploadid
ADPycdtBPHypEn_GvNQ_8fnRbyAWVkBVtG87wn64sQAEkcBFA75r2nGlLp-s3fT7X9F-J-h9dNstdTnjNQnCDKgqrGc
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
3
x-goog-stored-content-encoding
identity
alt-svc
clear
content-length
43
last-modified
Wed, 23 Oct 2019 15:45:02 GMT
server
UploadServer
etag
"cc8f8e28fe4d3aa85ca835a029fe08a5"
x-goog-hash
crc32c=CskzBw==, md5=zI+OKP5NOqhcqDWgKf4IpQ==
x-goog-generation
1571845502045744
access-control-allow-origin
*
access-control-expose-headers
Content-Type
cache-control
no-cache, no-store, must-revalidate
x-goog-stored-content-length
43
accept-ranges
bytes
content-type
image/gif
expires
Fri, 30 Dec 2022 13:58:23 GMT
ping.gif
player-files.remixd.com/ Frame 95EE 		43 B
190 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://player-files.remixd.com/ping.gif?action=loading&userId=null&referrerUrl=https%3A%2F%2Fwww.baltimoresun.com%2Fcoronavirus%2Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&domain=baltimoresun.com&adDuration=&inViewDuration=&sessionDuration=7&sessionId=7f4f4d0c-d6ca-49cc-a1cd-b155c4b26614&volume=null&speed=1&position=null&mediaLength=null&isAMP=false
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.38.143 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
143.38.190.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
1d4a78769df11981630c482bfe090ec752e4a7401e15e79abd8d351f6e034903

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:23 GMT
x-guploader-uploadid
ADPycduNJvBNLNVJ-PV5n-eBHYc3PhzdDr0pG-gIlAYGTzAs-ofQ6if2JpW2iquXZ1rfgsNK86j4w_lU8ik8XOzNMdM
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
3
x-goog-stored-content-encoding
identity
alt-svc
clear
content-length
43
last-modified
Wed, 23 Oct 2019 15:45:02 GMT
server
UploadServer
etag
"cc8f8e28fe4d3aa85ca835a029fe08a5"
x-goog-hash
crc32c=CskzBw==, md5=zI+OKP5NOqhcqDWgKf4IpQ==
x-goog-generation
1571845502045744
access-control-allow-origin
*
access-control-expose-headers
Content-Type
cache-control
no-cache, no-store, must-revalidate
x-goog-stored-content-length
43
accept-ranges
bytes
content-type
image/gif
expires
Fri, 30 Dec 2022 13:58:23 GMT
ping.gif
player-files.remixd.com/ Frame 95EE 		43 B
194 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://player-files.remixd.com/ping.gif?action=loaded&userId=null&referrerUrl=https%3A%2F%2Fwww.baltimoresun.com%2Fcoronavirus%2Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&domain=baltimoresun.com&adDuration=&inViewDuration=&sessionDuration=8&sessionId=7f4f4d0c-d6ca-49cc-a1cd-b155c4b26614&volume=null&speed=1&position=null&mediaLength=null&isAMP=false
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.38.143 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
143.38.190.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
1d4a78769df11981630c482bfe090ec752e4a7401e15e79abd8d351f6e034903

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:23 GMT
x-guploader-uploadid
ADPycdtt0TnjqkbhhvElAwBiM_7fwXpLjIIMx35xyfFdIqJkbex136PT3Sf0_Wdelh6A2df-E_DP78QFF8cTzFyoJ5exq-SBIA
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
3
x-goog-stored-content-encoding
identity
alt-svc
clear
content-length
43
last-modified
Wed, 23 Oct 2019 15:45:02 GMT
server
UploadServer
etag
"cc8f8e28fe4d3aa85ca835a029fe08a5"
x-goog-hash
crc32c=CskzBw==, md5=zI+OKP5NOqhcqDWgKf4IpQ==
x-goog-generation
1571845502045744
access-control-allow-origin
*
access-control-expose-headers
Content-Type
cache-control
no-cache, no-store, must-revalidate
x-goog-stored-content-length
43
accept-ranges
bytes
content-type
image/gif
expires
Fri, 30 Dec 2022 13:58:23 GMT
23d00b68-8d6b-4a57-96b3-a840a0923f62
https://www.baltimoresun.com/ Frame FCD2 		5 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://www.baltimoresun.com/23d00b68-8d6b-4a57-96b3-a840a0923f62
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d30b0267d0bf72b081aa7dcc95b79d9cfc1514aa50aead2d7b390abcf77883d4

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Length
4896
Content-Type
application/javascript
42f51408-0894-4c07-af0f-46c3895683b3
https://www.baltimoresun.com/ Frame FCD2 		76 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://www.baltimoresun.com/42f51408-0894-4c07-af0f-46c3895683b3
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
48e73bfa7149bb6f8a43bdcdf9362c23e496576431d5851f54c332f595c35fd0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Length
77931
Content-Type
application/javascript
6671cf0b-6255-412d-9748-e0e4521b1e49
https://www.baltimoresun.com/ Frame FCD2 		76 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://www.baltimoresun.com/6671cf0b-6255-412d-9748-e0e4521b1e49
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
48e73bfa7149bb6f8a43bdcdf9362c23e496576431d5851f54c332f595c35fd0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Length
77931
Content-Type
application/javascript
08r380qonqoo8q9993p650o7993o965r.m3u8
d29xw9s9x32j3w.cloudfront.net/videos/m3u8/300k/ Frame FCD2 		2 KB
850 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://d29xw9s9x32j3w.cloudfront.net/videos/m3u8/300k/08r380qonqoo8q9993p650o7993o965r.m3u8
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/video.js/7.11.4/video.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.31.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-31-90.ewr53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
4293a76b2b68b6801d795c40b8a124f80fe7d5b114977d66860a59e6e761a0e6

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:54:36 GMT
content-encoding
gzip
age
228
x-cache
Hit from cloudfront
x-amz-storage-class
REDUCED_REDUNDANCY
content-disposition
attachment
access-control-allow-origin
*
last-modified
Wed, 29 Dec 2021 17:07:39 GMT
server
AmazonS3
etag
W/"789facfdc4dc38753d97da9a0bb345a2"
vary
Accept-Encoding,Origin
access-control-allow-methods
GET, HEAD, POST
content-type
application/x-mpegURL
via
1.1 94344436af750794f6bc9899d89d3a0a.cloudfront.net (CloudFront)
access-control-expose-headers
Access-Control-Allow-Origin, Access-Control-Allow-Credentials
cache-control
max-age=86400
x-amz-cf-pop
EWR53-C2
x-amz-cf-id
9cEvbpw5TrHY8NbrwTEzSJWp7GaP3nl2XkhqUVh1S31mfD-T_AWs2Q==
ads
pubads.g.doubleclick.net/gampad/ Frame 1BF5 		52 KB
5 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pubads.g.doubleclick.net/gampad/ads?slotname=%2F92056281%2F54098486&sz=480x270&ciu_szs=300x60&cust_params=sessionKey%3D213384664-9O-d6nHSVOcDf6XQ%26schain%3Dsendtonews.com%2CM9GXSLPIQGp0PH0Q6ZcjjQ%26content%3D8784%26placementType%3DPremium%26embed%3DN2Hxdj0R%26domain%3Dbaltimoresun.com%26player_size%3Dlarge%26player_width%3D740%26player_height%3D416%26player_type%3Dfloat%26version%3D65.21.10%26player_status%3DLVFPLNIY%26play_code%3D2008%26view100%3D1%26excl_cat%3Dstl_id00157%26rand%3D3%26devicetype%3Ddesktop%26ums_taxonomy%3D%2Fhealth%20and%20fitness%2Fdisease%2Fcold%20and%20flu%2C%2Fhealth%20and%20fitness%2Fdisease%2Fepidemic%2C%2Flaw%20govt%20and%20politics%26ums_entities%3Dfe459cd71e673841d3cba7259dbca983%2CTrueCare%2CRay%2CMaryland%20Department%20of%20Health%2CU.S.%20Centers%20for%20Disease%20Control%20and%20Prevention%2CThe%20Baltimore%20Sun.%20A%20Maryland%20Department%20of%20Health%2CU.S.%20Department%20of%20Health%20and%20Human%20Services%2Cstate%20health%20department%E2%80%99s%20inspector%20general%2CJessicah%20Ray%2Clicensed%20clinician%2Cformerly%20deputy%20director%2CMaryland%20Department%20of%20Health%20coronavirus%20recovery%20program%2Chealth%20department%20personnel%26ums_keywords%3Dstate%20health%20department%2CMaryland%20Department%20of%20Health%2CJessicah%20Ray%26iris_context%3Dundefined&url=https%3A%2F%2Fwww.baltimoresun.com%2Fcoronavirus%2Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&unviewed_position_start=1&output=xml_vast4&env=vp&gdfp_req=1&ad_rule=0&video_url_to_fetch=https%3A%2F%2Fwww.baltimoresun.com%2Fcoronavirus%2Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&useragent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F96.0.4664.93%20Safari%2F537.36%2Cgzip(gfe)&vad_type=linear&vpos=preroll&pod=1&ppos=1&lip=true&min_ad_duration=0&max_ad_duration=60000&vrid=1257205&hl=en&cmsid=2460952&vconp=2&video_doc_id=1701381&vpa=auto&vpmute=true&cnc=4011&kfa=0&tfcd=0&sdkv=h.3.493.0&osd=2&frm=0&vis=1&sdr=1&afvsz=200x200%2C250x250%2C300x250%2C336x280%2C450x50%2C468x60%2C480x70&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&u_so=l&ctv=0&sdki=44d&adk=3012200687&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.493.0&sid=BE564827-122D-4030-8169-59EF6B2CBCEA&nel=1&eid=44730896%2C44737473%2C44750604&dlt=1640872696884&idt=3666&dt=1640872703887&cookie=ID%3D1ab9841e9d635743%3AT%3D1640872697%3AS%3DALNI_Ma-Qe6UXEsGDRe5-rBnPwntAlRaoQ&correlator=3010403597985664&scor=2283149803701888&ged=ve4_td7_tt5_pd7_la7000_er854.224.1270.964_vi0.0.1200.1600_vp83_eb23275
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.72.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s32-in-f2.1e100.net
Software
cafe /
Resource Hash
cc84b96ede8ab1128d99e7a3bcf1a492602b11dc4dc1c1b8446420bf59d9d87c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:23 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5055
x-xss-protection
0
google-lineitem-id
5802004472,5801286616,5843833112
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
138372550082,138367038863,138369125673
content-type
text/xml; charset=UTF-8
access-control-allow-origin
https://imasdk.googleapis.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
tape2.png
s0.2mdn.net/sadbundle/17569883881679332434/adc_RET_makemoney_300x250_HTML5/images/ Frame D149 		12 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/17569883881679332434/adc_RET_makemoney_300x250_HTML5/images/tape2.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:823::2006 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f3a0360f0d2b33e2478712e762699bb18f814d6064c630fc29d5290f747adb86
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://s0.2mdn.net/sadbundle/17569883881679332434/adc_RET_makemoney_300x250_HTML5/adc_RET_makemoney_300x250_HTML5.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 14:49:12 GMT
x-content-type-options
nosniff
age
601751
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12787
x-xss-protection
0
last-modified
Wed, 20 Oct 2021 18:11:29 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 23 Dec 2022 14:49:12 GMT
7cHqv4kjgoGqM7E3_-gs51os.woff2
fonts.gstatic.com/s/barlow/v5/ Frame 95EE 		20 KB
20 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/barlow/v5/7cHqv4kjgoGqM7E3_-gs51os.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Barlow:wght@400;500;600&display=swap
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:823::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
bf6c1e2f8c250b7efeb5d250181599880b1c17efc3c94466aa5d847454bf14ef
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.baltimoresun.com
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 28 Dec 2021 05:10:42 GMT
x-content-type-options
nosniff
age
204461
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20348
x-xss-protection
0
last-modified
Thu, 10 Sep 2020 17:07:49 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Wed, 28 Dec 2022 05:10:42 GMT
7cHpv4kjgoGqM7E_DMs5.woff2
fonts.gstatic.com/s/barlow/v5/ Frame 95EE 		20 KB
20 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/barlow/v5/7cHpv4kjgoGqM7E_DMs5.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Barlow:wght@400;500;600&display=swap
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:823::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
023694a0472dde38c6600bf88e6330765839e53f64f94edb63714aeab3de7e51
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.baltimoresun.com
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Fri, 24 Dec 2021 00:29:06 GMT
x-content-type-options
nosniff
age
566957
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20444
x-xss-protection
0
last-modified
Thu, 10 Sep 2020 17:04:46 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Sat, 24 Dec 2022 00:29:06 GMT
ads
pubads.g.doubleclick.net/gampad/live/ Frame 8558 		156 B
184 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pubads.g.doubleclick.net/gampad/live/ads?iu=%2F30690318%2FTRONC_RON_Ora_Desktop&description_url=https%3A%2F%2Fwww.baltimoresun.com%2Fcoronavirus%2Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&tfcd=0&npa=0&sz=640x480&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=3548741245098239&sdkv=h.3.493.0&osd=2&frm=1&vis=1&sdr=1&hl=en&afvsz=200x200%2C450x50%2C468x60%2C480x70&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&u_so=l&ctv=0&gdpr_consent=tcunavailable&sdki=44d&adk=3535696309&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.493.0&sid=10464087-99AE-44B6-86F6-0A5E35B16769&nel=1&eid=44750604%2C44752711&top=https%3A%2F%2Fwww.baltimoresun.com%2Fcoronavirus%2Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&url=https%3A%2F%2Fwww.baltimoresun.com%2Fcoronavirus%2Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&loc=about%3Ablank&dlt=1640872699580&idt=2788&dt=1640872703916&cookie=ID%3D1ab9841e9d635743%3AT%3D1640872697%3AS%3DALNI_Ma-Qe6UXEsGDRe5-rBnPwntAlRaoQ&scor=3977023802231568&ged=ve4_td4_tt2_pd4_la4000_er2636.441.2794.747_vi0.0.1200.1600_vp0_eb16491
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.72.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s32-in-f2.1e100.net
Software
ltt /
Resource Hash
8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
153
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
ltt
google-mediationtag-id
-2
google-creative-id
-2
x-frame-options
SAMEORIGIN
content-type
text/xml; charset=UTF-8
access-control-allow-origin
https://imasdk.googleapis.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
f8gou5y2Dfq0zn72-W9hYw99gWviw2ua4IRi-orcC78.js
pagead2.googlesyndication.com/bg/ Frame 0AD3 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/f8gou5y2Dfq0zn72-W9hYw99gWviw2ua4IRi-orcC78.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7fc828bb9cb60dfab4ce7ef6f96f61630f7d816be2c36b9ae08462fa8adc0bbf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 29 Dec 2021 01:48:38 GMT
content-encoding
br
x-content-type-options
nosniff
age
130185
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13559
x-xss-protection
0
last-modified
Mon, 06 Dec 2021 19:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 29 Dec 2022 01:48:38 GMT
08r380qonqoo8q9993p650o7993o965r-00001.ts
d29xw9s9x32j3w.cloudfront.net/videos/m3u8/300k/ Frame FCD2 		329 KB
330 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://d29xw9s9x32j3w.cloudfront.net/videos/m3u8/300k/08r380qonqoo8q9993p650o7993o965r-00001.ts
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/video.js/7.11.4/video.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.31.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-31-90.ewr53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
7ae52ca982da40ea41d1a94b377d108afdc06ca49d8dd8fa0127bfc57020ab14

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:54:36 GMT
via
1.1 94344436af750794f6bc9899d89d3a0a.cloudfront.net (CloudFront)
age
228
x-cache
Hit from cloudfront
x-amz-storage-class
REDUCED_REDUNDANCY
content-disposition
attachment
content-length
336708
last-modified
Wed, 29 Dec 2021 17:07:32 GMT
server
AmazonS3
etag
"eaa46d15aa848a399d64ea3ce5c7fbdb"
vary
Origin
access-control-allow-methods
GET, HEAD, POST
content-type
video/mp2t
access-control-allow-origin
*
access-control-expose-headers
Access-Control-Allow-Origin, Access-Control-Allow-Credentials
cache-control
max-age=86400
x-amz-cf-pop
EWR53-C2
accept-ranges
bytes
x-amz-cf-id
WxCnGsO9WVlvvkhDU9BKS0Ocu9ghIiJJdKhW5Cvtu7Yctoq_Ftpumg==
usync.js
eus.rubiconproject.com/ Frame 9A56 		32 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=22106&endpoint=us-east&gdpr=&gdpr_consent=&us_privacy=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.73.244.44 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-73-244-44.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
b6caa475a6e60a972a981cf3abeb5a2ff01c09bee551831d38f18ae2b28ccfe4

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?p=22106&endpoint=us-east&gdpr=&gdpr_consent=&us_privacy=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 30 Dec 2021 13:58:23 GMT
Content-Encoding
gzip
Last-Modified
Wed, 15 Dec 2021 23:04:16 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=53221
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Content-Length
9702
Expires
Fri, 31 Dec 2021 04:45:24 GMT
4.421260a34f7ea51f50e6.chunk.js
siteintercept.qualtrics.com/dxjsmodule/ 		2 KB
906 B 		Script
General
Check archive.org
Download Go to
Full URL
https://siteintercept.qualtrics.com/dxjsmodule/4.421260a34f7ea51f50e6.chunk.js?Q_CLIENTVERSION=1.64.1&Q_CLIENTTYPE=web&Q_BRANDID=tribune
Requested by
Host: znbkhvqf0zrgtvrlt-tribune.siteintercept.qualtrics.com
URL: https://znbkhvqf0zrgtvrlt-tribune.siteintercept.qualtrics.com/SIE/?Q_ZID=ZN_bkhVqF0ZrGTvRLT
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b93deb2f2f99a6dcd6ba15e31633e827712bebda802d21de182dcd417c5173c1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:23 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
47042
cf-polished
origSize=2539
cf-ray
6c5bc85fccef81e8-IAD
edge-control
max-age=604800
x-envoy-upstream-service-time
3
vary
Accept-Encoding
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 14 Dec 2021 22:49:08 GMT
server
cloudflare
etag
W/"9eb-17dbb229ea0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=604800, s-maxage=604800
timing-allow-origin
*
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
cf-bgj
minify
1.5c0b718e7a75c4689460.chunk.js
siteintercept.qualtrics.com/dxjsmodule/ 		28 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://siteintercept.qualtrics.com/dxjsmodule/1.5c0b718e7a75c4689460.chunk.js?Q_CLIENTVERSION=1.64.1&Q_CLIENTTYPE=web&Q_BRANDID=tribune
Requested by
Host: znbkhvqf0zrgtvrlt-tribune.siteintercept.qualtrics.com
URL: https://znbkhvqf0zrgtvrlt-tribune.siteintercept.qualtrics.com/SIE/?Q_ZID=ZN_bkhVqF0ZrGTvRLT
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
01937c9481039111d9c0f243edc9dc1fd987dde3ecfa0e7082c3500f82477807
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:23 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
47042
cf-polished
origSize=29269
cf-ray
6c5bc85fccf481e8-IAD
edge-control
max-age=604800
x-envoy-upstream-service-time
6
vary
Accept-Encoding
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 14 Dec 2021 22:49:08 GMT
server
cloudflare
etag
W/"7255-17dbb229ea0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=604800, s-maxage=604800
timing-allow-origin
*
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
cf-bgj
minify
FeedbackButtonModule.js
siteintercept.qualtrics.com/dxjsmodule/ 		64 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://siteintercept.qualtrics.com/dxjsmodule/FeedbackButtonModule.js?Q_CLIENTVERSION=1.64.1&Q_CLIENTTYPE=web&Q_BRANDID=tribune
Requested by
Host: siteintercept.qualtrics.com
URL: https://siteintercept.qualtrics.com/dxjsmodule/12.8327016048e927965e51.chunk.js?Q_CLIENTVERSION=1.64.1&Q_CLIENTTYPE=web&Q_BRANDID=www.baltimoresun.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a52353c2f4c441c1f50d634fcf160da6abaa62f36ad3a90e6e457b367479a0dc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:23 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
47012
cf-polished
origSize=66052
cf-ray
6c5bc85fccf581e8-IAD
edge-control
max-age=604800
x-envoy-upstream-service-time
7
vary
Accept-Encoding
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 14 Dec 2021 22:49:08 GMT
server
cloudflare
etag
W/"10204-17dbb229ea0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=604800, s-maxage=604800
timing-allow-origin
*
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
cf-bgj
minify
Asset.php
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 		6 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=SI_dcBWkNG8JYKMMVT&Version=16&Q_ORIGIN=https://www.baltimoresun.com&Q_CLIENTVERSION=1.64.1&Q_CLIENTTYPE=web
Requested by
Host: siteintercept.qualtrics.com
URL: https://siteintercept.qualtrics.com/dxjsmodule/12.8327016048e927965e51.chunk.js?Q_CLIENTVERSION=1.64.1&Q_CLIENTTYPE=web&Q_BRANDID=www.baltimoresun.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9b5c31a44af11ab4c79d80365b93563fb565dd0edcd72569ec8e487756889209
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:24 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
11425
p3p
CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control
max-age=604800
x-envoy-upstream-service-time
19
vary
Accept-Encoding
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 30 Dec 2021 10:47:59 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/json
access-control-allow-origin
*
expires
Sun, 28 Dec 2031 10:47:59 GMT
cache-control
public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials
false
cf-ray
6c5bc85ffb5581df-IAD
servershortname
Asset.php
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 		2 KB
719 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=CR_eyNz9QFvN6te1iB&Version=2&Q_InterceptID=SI_dcBWkNG8JYKMMVT&Q_ORIGIN=https://www.baltimoresun.com&Q_CLIENTVERSION=1.64.1&Q_CLIENTTYPE=web
Requested by
Host: siteintercept.qualtrics.com
URL: https://siteintercept.qualtrics.com/dxjsmodule/12.8327016048e927965e51.chunk.js?Q_CLIENTVERSION=1.64.1&Q_CLIENTTYPE=web&Q_BRANDID=www.baltimoresun.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5364592098ff9eeb1a5817799a168dfc181b7e4bb797e3ebd1797e044ace345d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:24 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
224353
p3p
CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control
max-age=604800
x-envoy-upstream-service-time
14
vary
Accept-Encoding
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 27 Dec 2021 23:39:11 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/json
access-control-allow-origin
*
expires
Thu, 25 Dec 2031 23:39:11 GMT
cache-control
public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials
false
cf-ray
6c5bc85ffb5781df-IAD
servershortname
tape3.png
s0.2mdn.net/sadbundle/17569883881679332434/adc_RET_makemoney_300x250_HTML5/images/ Frame D149 		17 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/17569883881679332434/adc_RET_makemoney_300x250_HTML5/images/tape3.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:823::2006 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
53e807d38ac701ed0eff611ee13b958a518c31c4af9c161de590d0288af478e1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://s0.2mdn.net/sadbundle/17569883881679332434/adc_RET_makemoney_300x250_HTML5/adc_RET_makemoney_300x250_HTML5.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 18:21:59 GMT
x-content-type-options
nosniff
age
588984
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
17916
x-xss-protection
0
last-modified
Wed, 20 Oct 2021 18:11:29 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 23 Dec 2022 18:21:59 GMT
setuid
exchange.remixd.com/ Frame 9A56
Redirect Chain
  • https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=22106&gdpr=&gdpr_consent=&us_privacy=&khaos=KXT18KCV-1V-9YVP
  • https://exchange.remixd.com/setuid?bidder=rubicon&uid=KXT18KCV-1V-9YVP
0
382 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://exchange.remixd.com/setuid?bidder=rubicon&uid=KXT18KCV-1V-9YVP
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=22106&endpoint=us-east&gdpr=&gdpr_consent=&us_privacy=
Protocol
H2
Server
34.102.142.228 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
228.142.102.34.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:24 GMT
via
1.1 google
vary
Origin
cache-control
no-cache, no-store, must-revalidate
alt-svc
clear
content-length
0
expires
0

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location
https://exchange.remixd.com/setuid?bidder=rubicon&uid=KXT18KCV-1V-9YVP
Cache-Control
no-cache,no-store,must-revalidate
Content-Type
text/html
content-length
0
X-RPHost
a414d61fde5a538d1bc5c621aec59518
Expires
0
SPug
simage4.pubmatic.com/AdServer/ Frame EFD1 		0
128 B 		Script
General
Check archive.org
Download Go to
Full URL
https://simage4.pubmatic.com/AdServer/SPug?partnerID=156592&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=156592&s=&predirect=https%3A%2F%2Fcapi.connatix.com%2Fcore%2Fus%3FDemandPartner%3D2%26UserId%3Df1a7817fe20f4597938371768ad6be84%26DemandPartnerName%3DPubmatic%26DemandPartnerUserId%3D&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
8.28.7.84 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:24 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
tear.png
s0.2mdn.net/sadbundle/17569883881679332434/adc_RET_makemoney_300x250_HTML5/images/ Frame D149 		43 KB
43 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/17569883881679332434/adc_RET_makemoney_300x250_HTML5/images/tear.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:823::2006 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f11168d9e18cdeb56987d0c36f99e640a430d60aa4873b0882ad22c8104dfc65
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://s0.2mdn.net/sadbundle/17569883881679332434/adc_RET_makemoney_300x250_HTML5/adc_RET_makemoney_300x250_HTML5.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 29 Dec 2021 16:03:40 GMT
x-content-type-options
nosniff
age
78884
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
43537
x-xss-protection
0
last-modified
Wed, 20 Oct 2021 18:11:29 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 29 Dec 2022 16:03:40 GMT
postback
s.srvsynd.com/2/2.43.1/234175/AP4v3tgJBZc63V4i/ 		0
145 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://s.srvsynd.com/2/2.43.1/234175/AP4v3tgJBZc63V4i/postback?ci=234175&dt=2341751597675869250012&di=www.baltimoresun.com&ui=f1a7817fe20f4597938371768ad6be84&ap=undefined&sr=connatix.com&de=2&md=2&pp=780864319626685&ti=x1212214887973369980443275100160&to=3&pv=8266dd6e-3c76-4285-9592-6a0ab89c378d&sid=AP4v3tgJBZc63V4i&oz_sc=d1a5b9c31009128bce120ef1&oz_df=1640872704052&oz_l=117&cv=3
Requested by
Host: s.srvsynd.com
URL: https://s.srvsynd.com/2/2.43.1/main.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
34.226.87.209 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-226-87-209.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.baltimoresun.com/
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
*
Date
Thu, 30 Dec 2021 13:58:23 GMT
Timing-Allow-Origin
*
Content-Length
0
Vary
Origin
/
direct.adsrvr.org/bid/bidder/publisherdirect/ Frame 1BF5 		284 B
693 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://direct.adsrvr.org/bid/bidder/publisherdirect/?video.inline=1&maxdur=30&omsdk=0&did=ttdd-hwxjwd5-6exkyxi&ord=1053503847&video.ft=mp4&dom=
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
199.250.166.129 , United States, ASN26459 (TTD-ASN-01, US),
Reverse DNS
Software
Kestrel /
Resource Hash
8ffb306af4c54b8413b86ba5f5825cd3946b78546ff026a910d16fb340b2934a

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:23 GMT
server
Kestrel
transfer-encoding
chunked
content-type
text/xml; charset=utf-8
access-control-allow-origin
https://imasdk.googleapis.com
cache-control
private
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
idsync.js
yield-op-idsync.live.streamtheworld.com/ Frame 95EE 		3 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://yield-op-idsync.live.streamtheworld.com/idsync.js?stn=REMIXD&gdpr=&gdpr_consent=&us_privacy=
Requested by
Host: playerservices.live.streamtheworld.com
URL: https://playerservices.live.streamtheworld.com/api/idsync.js?stationId=297663&gdpr=&gdpr_consent=&us_privacy=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.173.29.75 , Canada, ASN13360 (TRITONDIGITAL, CA),
Reverse DNS
Software
/
Resource Hash
60f7338b205b37afb343de313e37df580b009bc571f0cbb45d5429295af331d8

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:24 GMT
x-stw-site
MTL
x-stw-server
mtl-mesos01-node14
p3p
policyref="http://tds.media.streamtheworld.com/w3c/policy/tds-p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-length
2908
content-type
application/javascript; charset=UTF-8
Graphic.php
ca1.qualtrics.com/WRQualtricsSiteIntercept/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ca1.qualtrics.com/WRQualtricsSiteIntercept/Graphic.php?IM=IM_cAuXTarH8eQ2ZRH
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.41.168.170 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-41-168-170.deploy.static.akamaitechnologies.com
Software
envoy /
Resource Hash
1621109321ffb600b707bba407e8434f2e0a8f453e63caec68f77dbf4508fef0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:24 GMT
x-content-type-options
nosniff
content-security-policy-report-only
report-uri https://sjc1.qualtrics.com/csp-report
x-envoy-upstream-service-time
78
content-disposition
inline; filename=FEEDBACK%2B%2B1%2B+-+Copy.png
content-length
3148
x-request-id
065ff5c8-296b-4ffc-b1b0-560d7cc588e8
referrer-policy
strict-origin-when-cross-origin
server
envoy
etag
"5e6eb417110940826d66af964289a2b6"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
image/png
access-control-allow-origin
*
x-transaction-id
2badb189-a0cf-4733-87d1-90413b59fdf6
cache-control
public, max-age=4
x-robots-tag
noindex
expires
Thu, 30 Dec 2021 13:58:28 GMT
c
ids.cdnwidget.com/ 		542 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ids.cdnwidget.com/c?cookieID=&deviceID=&iv=&v=&GCH1=09170cfa4927459eac3d47fc4a05088c&SCH1=&GCS1=107098145&GCS2=YzA0ZWQwNzMtMjUxYi00NDU3LTg5NWEtNGI4OGU2NWFmNDg5LmxvY2Fs&pe=false&wsid=2056&varID=0obs5&varData=undefined&log=%7B%22config%22%3A%7B%22gmEN%22%3Atrue%2C%22pixEN%22%3Afalse%7D%2C%22apikey%22%3A%222%5EHIykD%22%2C%22cjsversion%22%3A%221.5.9%22%2C%22wsid%22%3A2056%2C%22loadID%22%3A%22kIgQaRfVBThi1Il%22%2C%22timing%22%3A%7B%22sessionStorageLoad%22%3A14%2C%22IDStageStart%22%3A14%2C%22obsReqdata%22%3A180%2C%22obsReqpage%22%3A182%2C%22obsReqview%22%3A231%2C%22netComplete%22%3A506%2C%22IDStagePrefire%22%3A506%7D%2C%22matches%22%3A%7B%22cookie%22%3Afalse%2C%22LS%22%3Afalse%7D%2C%22info%22%3A%7B%22isSpoofed%22%3Atrue%2C%22PM%22%3Afalse%2C%22DNT%22%3Afalse%2C%22deviceTimezone%22%3A0%2C%22extensionID%22%3Anull%2C%22externalID%22%3Anull%2C%22agent%22%3A%7B%22device%22%3Anull%7D%2C%22firstLoad%22%3Atrue%7D%7D
Requested by
Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/ijs_all_modules_cjs_min_3a4888a29ab77d37f7af68772d0af770.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.191.194 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
194.191.107.34.bc.googleusercontent.com
Software
/
Resource Hash
9f70186449defd49f0c09aaea8e03fd4ad4b29293c6f2d8d4071bb6953288bd2

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

access-control-allow-origin
https://www.baltimoresun.com
date
Thu, 30 Dec 2021 13:58:24 GMT
content-encoding
gzip
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
via
1.1 google
content-type
application/json
sync
geo.ads.audio.thisisdax.com/ Frame 95EE
Redirect Chain
  • https://synchroscript.deliveryengine.adswizz.com/getUID?curl=https%3A%2F%2Fgeo.ads.audio.thisisdax.com%2Fsync%3Ftp_id%3D766%26dsp_dax_listenerid=%24%7BUID%7D
  • https://geo.ads.audio.thisisdax.com/sync?tp_id=766&dsp_dax_listenerid=938da2495b23f9add6ca968d1acf11bd
43 B
365 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://geo.ads.audio.thisisdax.com/sync?tp_id=766&dsp_dax_listenerid=938da2495b23f9add6ca968d1acf11bd
Protocol
HTTP/1.1
Server
3.127.201.35 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-127-201-35.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 30 Dec 2021 13:58:24 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
43
Content-Type
image/gif

Redirect headers

Date
Thu, 30 Dec 2021 13:58:24 GMT
X-Clacks-Overhead
GNU Terry Pratchett
Server
Apache-Coyote/1.1
X-Adswizz-request-id
8e494040-6978-11ec-9c80-021d0e32f1a1
Instance-id
i-0d1ae89b2f4831b8e
Location
https://geo.ads.audio.thisisdax.com/sync?tp_id=766&dsp_dax_listenerid=938da2495b23f9add6ca968d1acf11bd
Connection
keep-alive
Content-Length
0
X-Application-Context
application:production
sync
geo.ads.audio.thisisdax.com/ Frame 95EE
Redirect Chain
  • https://synchroscript.deliveryengine.adswizz.com/getUID?curl=https%3A%2F%2Fgeo.ads.audio.thisisdax.com%2Fsync%3Ftp_id%3D764%26dsp_dax_listenerid=%24%7BUID%7D
  • https://geo.ads.audio.thisisdax.com/sync?tp_id=764&dsp_dax_listenerid=938da2495b23f9add6ca968d1acf11bd
43 B
365 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://geo.ads.audio.thisisdax.com/sync?tp_id=764&dsp_dax_listenerid=938da2495b23f9add6ca968d1acf11bd
Protocol
HTTP/1.1
Server
3.127.201.35 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-127-201-35.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 30 Dec 2021 13:58:24 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
43
Content-Type
image/gif

Redirect headers

Date
Thu, 30 Dec 2021 13:58:24 GMT
X-Clacks-Overhead
GNU Terry Pratchett
Server
Apache-Coyote/1.1
X-Adswizz-request-id
8e559c50-6978-11ec-b100-0a004e3788a7
Instance-id
i-06ef1057433fece67
Location
https://geo.ads.audio.thisisdax.com/sync?tp_id=764&dsp_dax_listenerid=938da2495b23f9add6ca968d1acf11bd
Connection
keep-alive
Content-Length
0
X-Application-Context
application:production
sync
geo.ads.audio.thisisdax.com/ Frame 95EE
Redirect Chain
  • https://synchroscript.deliveryengine.adswizz.com/getUID?curl=https%3A%2F%2Fgeo.ads.audio.thisisdax.com%2Fsync%3Ftp_id%3D765%26dsp_dax_listenerid=%24%7BUID%7D
  • https://geo.ads.audio.thisisdax.com/sync?tp_id=765&dsp_dax_listenerid=938da2495b23f9add6ca968d1acf11bd
43 B
365 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://geo.ads.audio.thisisdax.com/sync?tp_id=765&dsp_dax_listenerid=938da2495b23f9add6ca968d1acf11bd
Protocol
HTTP/1.1
Server
3.127.201.35 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-127-201-35.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 30 Dec 2021 13:58:24 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
43
Content-Type
image/gif

Redirect headers

Date
Thu, 30 Dec 2021 13:58:24 GMT
X-Clacks-Overhead
GNU Terry Pratchett
Server
Apache-Coyote/1.1
X-Adswizz-request-id
8e583460-6978-11ec-bee2-02f82186cf09
Instance-id
i-0f16d0fd0f3ab892a
Location
https://geo.ads.audio.thisisdax.com/sync?tp_id=765&dsp_dax_listenerid=938da2495b23f9add6ca968d1acf11bd
Connection
keep-alive
Content-Length
0
X-Application-Context
application:production
sync
geo.ads.audio.thisisdax.com/ Frame 95EE
Redirect Chain
  • https://synchroscript.deliveryengine.adswizz.com/getUID?curl=https%3A%2F%2Fgeo.ads.audio.thisisdax.com%2Fsync%3Ftp_id%3D777%26dsp_dax_listenerid=%24%7BUID%7D
  • https://geo.ads.audio.thisisdax.com/sync?tp_id=777&dsp_dax_listenerid=938da2495b23f9add6ca968d1acf11bd
43 B
365 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://geo.ads.audio.thisisdax.com/sync?tp_id=777&dsp_dax_listenerid=938da2495b23f9add6ca968d1acf11bd
Protocol
HTTP/1.1
Server
3.127.201.35 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-127-201-35.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 30 Dec 2021 13:58:24 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
43
Content-Type
image/gif

Redirect headers

Date
Thu, 30 Dec 2021 13:58:23 GMT
X-Clacks-Overhead
GNU Terry Pratchett
Server
Apache-Coyote/1.1
X-Adswizz-request-id
8e588280-6978-11ec-a19b-0a6937e44d13
Instance-id
i-059ff8f34ce41554d
Location
https://geo.ads.audio.thisisdax.com/sync?tp_id=777&dsp_dax_listenerid=938da2495b23f9add6ca968d1acf11bd
Connection
keep-alive
Content-Length
0
X-Application-Context
application:production
sync
geo.ads.audio.thisisdax.com/ Frame 95EE
Redirect Chain
  • https://synchroscript.deliveryengine.adswizz.com/getUID?curl=https%3A%2F%2Fgeo.ads.audio.thisisdax.com%2Fsync%3Ftp_id%3D773%26dsp_dax_listenerid=%24%7BUID%7D
  • https://geo.ads.audio.thisisdax.com/sync?tp_id=773&dsp_dax_listenerid=938da2495b23f9add6ca968d1acf11bd
43 B
365 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://geo.ads.audio.thisisdax.com/sync?tp_id=773&dsp_dax_listenerid=938da2495b23f9add6ca968d1acf11bd
Protocol
HTTP/1.1
Server
3.127.201.35 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-127-201-35.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 30 Dec 2021 13:58:24 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
43
Content-Type
image/gif

Redirect headers

Date
Thu, 30 Dec 2021 13:58:24 GMT
X-Clacks-Overhead
GNU Terry Pratchett
Server
Apache-Coyote/1.1
X-Adswizz-request-id
8e591ec0-6978-11ec-9a3f-064f268782c3
Instance-id
i-099f30bd2ffce6fd5
Location
https://geo.ads.audio.thisisdax.com/sync?tp_id=773&dsp_dax_listenerid=938da2495b23f9add6ca968d1acf11bd
Connection
keep-alive
Content-Length
0
X-Application-Context
application:production
sync
x.bidswitch.net/ Frame 95EE
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=daxaudio
  • https://sync.mathtag.com/sync/img?mt_exid=46&redir=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D80%26user_id%3D%5BUUID%5D%26expires%3D30%26ssp%3Ddaxaudio%26bsw_param%3D84efc425-6b61-4040-bd22-124692c666...
  • https://x.bidswitch.net/sync?dsp_id=80&user_id=486e61cd-bafa-4300-ae81-e0c2b6322ca6&expires=30&ssp=daxaudio&bsw_param=84efc425-6b61-4040-bd22-124692c6664b&gdpr=&gdpr_consent=
43 B
235 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://x.bidswitch.net/sync?dsp_id=80&user_id=486e61cd-bafa-4300-ae81-e0c2b6322ca6&expires=30&ssp=daxaudio&bsw_param=84efc425-6b61-4040-bd22-124692c6664b&gdpr=&gdpr_consent=
Protocol
HTTP/1.1
Server
35.211.178.172 North Charleston, United States, ASN15169 (GOOGLE, US),
Reverse DNS
172.178.211.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 30 Dec 2021 13:58:24 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
43
Content-Type
image/gif

Redirect headers

Date
Thu, 30 Dec 2021 13:58:24 GMT
Server
MT3 4133 baa842e master ord-pixel-x34 config:1.0.0
Access-Control-Allow-Origin
*
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://x.bidswitch.net/sync?dsp_id=80&user_id=486e61cd-bafa-4300-ae81-e0c2b6322ca6&expires=30&ssp=daxaudio&bsw_param=84efc425-6b61-4040-bd22-124692c6664b&gdpr=&gdpr_consent=
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Thu, 30 Dec 2021 13:58:23 GMT
sync
geo.ads.audio.thisisdax.com/ Frame 95EE
Redirect Chain
  • https://synchroscript.deliveryengine.adswizz.com/getUID?curl=https%3A%2F%2Fgeo.ads.audio.thisisdax.com%2Fsync%3Ftp_id%3D771%26dsp_dax_listenerid=%24%7BUID%7D
  • https://geo.ads.audio.thisisdax.com/sync?tp_id=771&dsp_dax_listenerid=938da2495b23f9add6ca968d1acf11bd
43 B
365 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://geo.ads.audio.thisisdax.com/sync?tp_id=771&dsp_dax_listenerid=938da2495b23f9add6ca968d1acf11bd
Protocol
HTTP/1.1
Server
3.127.201.35 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-127-201-35.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 30 Dec 2021 13:58:24 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
43
Content-Type
image/gif

Redirect headers

Date
Thu, 30 Dec 2021 13:58:23 GMT
X-Clacks-Overhead
GNU Terry Pratchett
Server
Apache-Coyote/1.1
X-Adswizz-request-id
8e5a5740-6978-11ec-8ae5-0640afb2ff73
Instance-id
i-027c4b69d38090602
Location
https://geo.ads.audio.thisisdax.com/sync?tp_id=771&dsp_dax_listenerid=938da2495b23f9add6ca968d1acf11bd
Connection
keep-alive
Content-Length
0
X-Application-Context
application:production
sync
geo.ads.audio.thisisdax.com/ Frame 95EE
Redirect Chain
  • https://synchroscript.deliveryengine.adswizz.com/getUID?curl=https%3A%2F%2Fgeo.ads.audio.thisisdax.com%2Fsync%3Ftp_id%3D769%26dsp_dax_listenerid=%24%7BUID%7D
  • https://geo.ads.audio.thisisdax.com/sync?tp_id=769&dsp_dax_listenerid=938da2495b23f9add6ca968d1acf11bd
43 B
365 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://geo.ads.audio.thisisdax.com/sync?tp_id=769&dsp_dax_listenerid=938da2495b23f9add6ca968d1acf11bd
Protocol
HTTP/1.1
Server
3.127.201.35 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-127-201-35.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 30 Dec 2021 13:58:24 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
43
Content-Type
image/gif

Redirect headers

Date
Thu, 30 Dec 2021 13:58:23 GMT
X-Clacks-Overhead
GNU Terry Pratchett
Server
Apache-Coyote/1.1
X-Adswizz-request-id
8e4855e0-6978-11ec-87ca-0204a79b30cf
Instance-id
i-0bf7999b52bbc327a
Location
https://geo.ads.audio.thisisdax.com/sync?tp_id=769&dsp_dax_listenerid=938da2495b23f9add6ca968d1acf11bd
Connection
keep-alive
Content-Length
0
X-Application-Context
application:production
sync
geo.ads.audio.thisisdax.com/ Frame 95EE
Redirect Chain
  • https://synchroscript.deliveryengine.adswizz.com/getUID?curl=https%3A%2F%2Fgeo.ads.audio.thisisdax.com%2Fsync%3Ftp_id%3D768%26dsp_dax_listenerid=%24%7BUID%7D
  • https://geo.ads.audio.thisisdax.com/sync?tp_id=768&dsp_dax_listenerid=938da2495b23f9add6ca968d1acf11bd
43 B
365 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://geo.ads.audio.thisisdax.com/sync?tp_id=768&dsp_dax_listenerid=938da2495b23f9add6ca968d1acf11bd
Protocol
HTTP/1.1
Server
3.127.201.35 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-127-201-35.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 30 Dec 2021 13:58:24 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
43
Content-Type
image/gif

Redirect headers

Date
Thu, 30 Dec 2021 13:58:23 GMT
X-Clacks-Overhead
GNU Terry Pratchett
Server
Apache-Coyote/1.1
X-Adswizz-request-id
8e48f220-6978-11ec-8415-061bd31174e3
Instance-id
i-0be0349279b9821e2
Location
https://geo.ads.audio.thisisdax.com/sync?tp_id=768&dsp_dax_listenerid=938da2495b23f9add6ca968d1acf11bd
Connection
keep-alive
Content-Length
0
X-Application-Context
application:production
sync
geo.ads.audio.thisisdax.com/ Frame 95EE
Redirect Chain
  • https://synchroscript.deliveryengine.adswizz.com/getUID?curl=https%3A%2F%2Fgeo.ads.audio.thisisdax.com%2Fsync%3Ftp_id%3D770%26dsp_dax_listenerid=%24%7BUID%7D
  • https://geo.ads.audio.thisisdax.com/sync?tp_id=770&dsp_dax_listenerid=938da2495b23f9add6ca968d1acf11bd
43 B
365 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://geo.ads.audio.thisisdax.com/sync?tp_id=770&dsp_dax_listenerid=938da2495b23f9add6ca968d1acf11bd
Protocol
HTTP/1.1
Server
3.127.201.35 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-127-201-35.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 30 Dec 2021 13:58:24 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
43
Content-Type
image/gif

Redirect headers

Date
Thu, 30 Dec 2021 13:58:24 GMT
X-Clacks-Overhead
GNU Terry Pratchett
Server
Apache-Coyote/1.1
X-Adswizz-request-id
8e463300-6978-11ec-b711-062acbb50299
Instance-id
i-0be055fd2d1ef5029
Location
https://geo.ads.audio.thisisdax.com/sync?tp_id=770&dsp_dax_listenerid=938da2495b23f9add6ca968d1acf11bd
Connection
keep-alive
Content-Length
0
X-Application-Context
application:production
sync
geo.ads.audio.thisisdax.com/ Frame 95EE
Redirect Chain
  • https://synchroscript.deliveryengine.adswizz.com/getUID?curl=https%3A%2F%2Fgeo.ads.audio.thisisdax.com%2Fsync%3Ftp_id%3D774%26dsp_dax_listenerid=%24%7BUID%7D
  • https://geo.ads.audio.thisisdax.com/sync?tp_id=774&dsp_dax_listenerid=938da2495b23f9add6ca968d1acf11bd
43 B
365 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://geo.ads.audio.thisisdax.com/sync?tp_id=774&dsp_dax_listenerid=938da2495b23f9add6ca968d1acf11bd
Protocol
HTTP/1.1
Server
3.127.201.35 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-127-201-35.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 30 Dec 2021 13:58:24 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
43
Content-Type
image/gif

Redirect headers

Date
Thu, 30 Dec 2021 13:58:24 GMT
X-Clacks-Overhead
GNU Terry Pratchett
Server
Apache-Coyote/1.1
X-Adswizz-request-id
8e4d8601-6978-11ec-8ab7-06127a59a47d
Instance-id
i-008ef31fce2035103
Location
https://geo.ads.audio.thisisdax.com/sync?tp_id=774&dsp_dax_listenerid=938da2495b23f9add6ca968d1acf11bd
Connection
keep-alive
Content-Length
0
X-Application-Context
application:production
sync
geo.ads.audio.thisisdax.com/ Frame 95EE
Redirect Chain
  • https://ib.adnxs.com/getuidnb?https://geo.ads.audio.thisisdax.com/sync?tp_id=763&dsp_dax_listenerid=$UID
  • https://geo.ads.audio.thisisdax.com/sync?tp_id=763&dsp_dax_listenerid=3183875922675690167
43 B
365 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://geo.ads.audio.thisisdax.com/sync?tp_id=763&dsp_dax_listenerid=3183875922675690167
Protocol
HTTP/1.1
Server
3.127.201.35 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-127-201-35.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 30 Dec 2021 13:58:24 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
43
Content-Type
image/gif

Redirect headers

Pragma
no-cache
Date
Thu, 30 Dec 2021 13:58:24 GMT
X-Proxy-Origin
45.250.25.110; 45.250.25.110; 672.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid
30bacd25-427f-464a-b3a2-3bc5200b475a
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://geo.ads.audio.thisisdax.com/sync?tp_id=763&dsp_dax_listenerid=3183875922675690167
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
sync
geo.ads.audio.thisisdax.com/ Frame 95EE
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=6kjs2rf&ttd_tpi=1
  • https://geo.ads.audio.thisisdax.com/sync?tp_id=762&dsp_dax_listenerid=e0abe75f-a4ea-4fff-b6a5-5da8b250c6e4
43 B
365 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://geo.ads.audio.thisisdax.com/sync?tp_id=762&dsp_dax_listenerid=e0abe75f-a4ea-4fff-b6a5-5da8b250c6e4
Protocol
HTTP/1.1
Server
3.127.201.35 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-127-201-35.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 30 Dec 2021 13:58:24 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
43
Content-Type
image/gif

Redirect headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:24 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://geo.ads.audio.thisisdax.com/sync?tp_id=762&dsp_dax_listenerid=e0abe75f-a4ea-4fff-b6a5-5da8b250c6e4
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
243
setuid
exchange.remixd.com/ Frame 95EE 		0
415 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://exchange.remixd.com/setuid?bidder=dax&uid=5CE99284311366AE6A5D16221FC625E9&gdpr=&gdpr_consent=&us_privacy=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.142.228 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
228.142.102.34.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:24 GMT
via
1.1 google
vary
Origin
cache-control
no-cache, no-store, must-revalidate
alt-svc
clear
content-length
0
expires
0
empty-vast.xml
v.adsrvr.org/VAST/ Frame 1BF5 		0
0
/
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 		45 B
214 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://siteintercept.qualtrics.com/WRSiteInterceptEngine/?Q_Impress=1&Q_CID=CR_eyNz9QFvN6te1iB&Q_SIID=SI_dcBWkNG8JYKMMVT&Q_ASID=AS_95675435&Q_CLIENTVERSION=1.64.1&Q_CLIENTTYPE=web&r=1640872704259
Requested by
Host: siteintercept.qualtrics.com
URL: https://siteintercept.qualtrics.com/dxjsmodule/CoreModule.js?Q_CLIENTVERSION=1.64.1&Q_CLIENTTYPE=web&Q_BRANDID=tribune
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f47f21063dfdcbdeffed3d97689b45efae7a52401cd7fc5b8d07c42d2f232ab9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.baltimoresun.com/
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Thu, 30 Dec 2021 13:58:24 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-envoy-upstream-service-time
21
strict-transport-security
max-age=31536000; includeSubDomains; preload
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.baltimoresun.com
cache-control
no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials
true
trace-id
bd6b9fa151871036
cf-ray
6c5bc861adfa81df-IAD
wr-dialog-close-btn-black.png
siteintercept.qualtrics.com/WRQualtricsShared/Graphics/siteintercept/ 		256 B
549 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://siteintercept.qualtrics.com/WRQualtricsShared/Graphics/siteintercept/wr-dialog-close-btn-black.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2547640cd989b80083eb3ade2a4993c1776a1229cfffd41adeb0fef3e86eaf2b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:24 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
1767244
cf-polished
origSize=757
p3p
CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
x-envoy-upstream-service-time
5
cf-bgj
imgq:85,h2pri
vary
Accept-Encoding
content-length
256
accept-ranges
bytes
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 24 Sep 2021 19:50:52 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
image/png
cache-control
max-age=315360000, public
trace-id
7781408b6ba2c85d
cf-ray
6c5bc861a84581e8-IAD
servershortname
expires
Mon, 08 Dec 2031 03:04:20 GMT
/
173bf108.akstat.io/ 		0
206 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://173bf108.akstat.io/
Requested by
Host: c.go-mpulse.net
URL: https://c.go-mpulse.net/boomerang/9E52W-759Q8-QRNWG-5DBLH-ZFZGZ
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2600:1400:d:5a5::11a6 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.baltimoresun.com/
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:24 GMT
content-type
image/gif
access-control-allow-origin
https://www.baltimoresun.com
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
timing-allow-origin
*
x-xss-protection
0
expires
Thu, 30 Dec 2021 13:58:24 GMT
lookup
pd.cdnwidget.com/ 		49 B
178 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pd.cdnwidget.com/lookup?deviceID=230YvnkXNiZJyTOUgedanR4P1p8&cookieID=230Yvt4fmXqDoOEPyvRpPgd3ELB&bxwid=2056
Requested by
Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/ijs_all_modules_cjs_min_3a4888a29ab77d37f7af68772d0af770.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.130.207 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
207.130.149.34.bc.googleusercontent.com
Software
/
Resource Hash
771196c556ce9fe2914aa0d336cf0f11fbd579c7cdd52e8436b19e0fffdd783b

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

access-control-allow-origin
*
date
Thu, 30 Dec 2021 13:58:24 GMT
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
49
content-type
application/json
pixel.gif
yield-op-idsync.live.streamtheworld.com/ Frame 95EE
Redirect Chain
  • https://ib.adnxs.com/getuid?https://yield-op-idsync.live.streamtheworld.com/pixel.gif?partner=an&uid=$UID&pubId=41773
  • https://yield-op-idsync.live.streamtheworld.com/pixel.gif?partner=an&uid=3183875922675690167&pubId=41773
43 B
455 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://yield-op-idsync.live.streamtheworld.com/pixel.gif?partner=an&uid=3183875922675690167&pubId=41773
Protocol
H2
Server
192.173.29.75 , Canada, ASN13360 (TRITONDIGITAL, CA),
Reverse DNS
Software
/
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-stw-server
mtl-mesos01-node05
x-stw-site
MTL
date
Thu, 30 Dec 2021 13:58:24 GMT
content-length
43
content-type
image/gif

Redirect headers

Pragma
no-cache
Date
Thu, 30 Dec 2021 13:58:24 GMT
X-Proxy-Origin
45.250.25.110; 45.250.25.110; 672.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid
a1d3cb71-caf6-4ec3-8d2d-63df733b3444
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://yield-op-idsync.live.streamtheworld.com/pixel.gif?partner=an&uid=3183875922675690167&pubId=41773
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
uuid
nodeny.targetspot.com/callback/ Frame 95EE 		0
0
pixel.gif
yield-op-idsync.live.streamtheworld.com/ Frame 95EE
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=triton&stn=REMIXD
  • https://cm.smadex.com/sync?sm_did=bds&bds_ssp_id=triton&bds_param=84efc425-6b61-4040-bd22-124692c6664b
  • https://x.bidswitch.net/sync?dsp_id=340&user_id=9822fc74-ae5d-4703-8bca-6b52b296d10d&expires=10&ssp=triton&bsw_param=84efc425-6b61-4040-bd22-124692c6664b
  • https://yield-op-idsync.live.streamtheworld.com/pixel.gif?partner=bsw&uid=84efc425-6b61-4040-bd22-124692c6664b&stn=REMIXD
43 B
491 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://yield-op-idsync.live.streamtheworld.com/pixel.gif?partner=bsw&uid=84efc425-6b61-4040-bd22-124692c6664b&stn=REMIXD
Protocol
H2
Server
192.173.29.75 , Canada, ASN13360 (TRITONDIGITAL, CA),
Reverse DNS
Software
/
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-stw-server
mtl-mesos01-node03
x-stw-site
MTL
date
Thu, 30 Dec 2021 13:58:24 GMT
content-length
43
content-type
image/gif

Redirect headers

Location
//yield-op-idsync.live.streamtheworld.com/pixel.gif?partner=bsw&uid=84efc425-6b61-4040-bd22-124692c6664b&stn=REMIXD
Date
Thu, 30 Dec 2021 13:58:24 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
0
pixel.gif
yield-op-idsync.live.streamtheworld.com/ Frame 95EE
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=tpqk5an&ttd_puid=REMIXD&gdpr_consent
  • https://yield-op-idsync.live.streamtheworld.com/pixel.gif?partner=ttd&uid=e0abe75f-a4ea-4fff-b6a5-5da8b250c6e4&stn=REMIXD
43 B
491 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://yield-op-idsync.live.streamtheworld.com/pixel.gif?partner=ttd&uid=e0abe75f-a4ea-4fff-b6a5-5da8b250c6e4&stn=REMIXD
Protocol
H2
Server
192.173.29.75 , Canada, ASN13360 (TRITONDIGITAL, CA),
Reverse DNS
Software
/
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-stw-server
mtl-mesos01-node07
x-stw-site
MTL
date
Thu, 30 Dec 2021 13:58:24 GMT
content-length
43
content-type
image/gif

Redirect headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:24 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://yield-op-idsync.live.streamtheworld.com/pixel.gif?partner=ttd&uid=e0abe75f-a4ea-4fff-b6a5-5da8b250c6e4&stn=REMIXD
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
273
pixel.gif
yield-op-idsync.live.streamtheworld.com/ Frame 95EE
Redirect Chain
  • https://synchroscript.deliveryengine.adswizz.com/getUID?curl=https%3A%2F%2Fyield-op-idsync.live.streamtheworld.com%2Fpixel.gif%3Fpartner%3Daw%26uid%3D%24%7BUID%7D%26pubId%3D41773
  • https://yield-op-idsync.live.streamtheworld.com/pixel.gif?partner=aw&uid=938da2495b23f9add6ca968d1acf11bd&pubId=41773
43 B
481 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://yield-op-idsync.live.streamtheworld.com/pixel.gif?partner=aw&uid=938da2495b23f9add6ca968d1acf11bd&pubId=41773
Protocol
H2
Server
192.173.29.75 , Canada, ASN13360 (TRITONDIGITAL, CA),
Reverse DNS
Software
/
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-stw-server
mtl-mesos01-node16
x-stw-site
MTL
date
Thu, 30 Dec 2021 13:58:24 GMT
content-length
43
content-type
image/gif

Redirect headers

Date
Thu, 30 Dec 2021 13:58:24 GMT
X-Clacks-Overhead
GNU Terry Pratchett
Server
Apache-Coyote/1.1
X-Adswizz-request-id
8e491930-6978-11ec-aec3-020da898cec5
Instance-id
i-014c939b4c514be69
Location
https://yield-op-idsync.live.streamtheworld.com/pixel.gif?partner=aw&uid=938da2495b23f9add6ca968d1acf11bd&pubId=41773
Connection
keep-alive
Content-Length
0
X-Application-Context
application:production
pixel.gif
yield-op-idsync.live.streamtheworld.com/ Frame 95EE
Redirect Chain
  • https://ums.acuityplatform.com/tum?umid=133&uid=8722167b-8ba9-4542-b427-8761e06085ee&rurl=https%3A%2F%2Fyield-op-idsync.live.streamtheworld.com%2Fpixel.gif%3Fpartner%3Dacu%26uid%3D___AUID___%26pubI...
  • https://yield-op-idsync.live.streamtheworld.com/pixel.gif?partner=acu&uid=635661617131&pubId=41773
43 B
442 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://yield-op-idsync.live.streamtheworld.com/pixel.gif?partner=acu&uid=635661617131&pubId=41773
Protocol
H2
Server
192.173.29.75 , Canada, ASN13360 (TRITONDIGITAL, CA),
Reverse DNS
Software
/
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-stw-server
mtl-mesos01-node15
x-stw-site
MTL
date
Thu, 30 Dec 2021 13:58:24 GMT
content-length
43
content-type
image/gif

Redirect headers

Access-Control-Allow-Origin
*
Content-Length
0
Location
https://yield-op-idsync.live.streamtheworld.com/pixel.gif?partner=acu&uid=635661617131&pubId=41773
CookieSyncTriton
rtb.adentifi.com/ Frame 95EE 		0
88 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.adentifi.com/CookieSyncTriton?redirect=https%3A%2F%2Fyield-op-idsync.live.streamtheworld.com%2Fpixel.gif%3Fpartner%3Dadt%26uid%3D%24UID%26pubId%3D41773
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.222.216.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-222-216-135.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Connection
keep-alive
Content-Length
0
Content-Type
text/plain
pixel.gif
yield-op-idsync.live.streamtheworld.com/ Frame 95EE
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=70&redir=https%3A%2F%2Fyield-op-idsync.live.streamtheworld.com%2Fpixel.gif%3Fpartner%3Dmm%26uid%3D%5BMM_UUID%5D%26pubId%3D41773
  • https://yield-op-idsync.live.streamtheworld.com/pixel.gif?partner=mm&uid=486e61cd-bafa-4300-ae81-e0c2b6322ca6&pubId=41773
43 B
489 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://yield-op-idsync.live.streamtheworld.com/pixel.gif?partner=mm&uid=486e61cd-bafa-4300-ae81-e0c2b6322ca6&pubId=41773
Protocol
H2
Server
192.173.29.75 , Canada, ASN13360 (TRITONDIGITAL, CA),
Reverse DNS
Software
/
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-stw-server
mtl-mesos01-node06
x-stw-site
MTL
date
Thu, 30 Dec 2021 13:58:24 GMT
content-length
43
content-type
image/gif

Redirect headers

Date
Thu, 30 Dec 2021 13:58:24 GMT
Server
MT3 4133 baa842e master ord-pixel-x48 config:1.0.0
Access-Control-Allow-Origin
*
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://yield-op-idsync.live.streamtheworld.com/pixel.gif?partner=mm&uid=486e61cd-bafa-4300-ae81-e0c2b6322ca6&pubId=41773
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Thu, 30 Dec 2021 13:58:23 GMT
pixel.gif
yield-op-idsync.live.streamtheworld.com/ Frame 95EE
Redirect Chain
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=107&gdpr_consent&redir=https%3A%2F%2Fyield-op-idsync.live.streamtheworld.com%2Fpixel.gif%3Fpartner%3Dcto%26uid%3D%7BuserId%7D%26pubId%3D41773
  • https://yield-op-idsync.live.streamtheworld.com/pixel.gif?partner=cto&uid=no-consent&pubId=41773
43 B
438 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://yield-op-idsync.live.streamtheworld.com/pixel.gif?partner=cto&uid=no-consent&pubId=41773
Protocol
H2
Server
192.173.29.75 , Canada, ASN13360 (TRITONDIGITAL, CA),
Reverse DNS
Software
/
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-stw-server
mtl-mesos01-node10
x-stw-site
MTL
date
Thu, 30 Dec 2021 13:58:24 GMT
content-length
43
content-type
image/gif

Redirect headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:24 GMT
server
AC1.1
p3p
CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location
https://yield-op-idsync.live.streamtheworld.com/pixel.gif?partner=cto&uid=no-consent&pubId=41773
cache-control
max-age=0,no-cache,no-store
content-length
0
expires
Tue, 11 Oct 1977 12:34:56 GMT
pixel.gif
cmod.live.streamtheworld.com/cookiesync/ Frame 95EE
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=triton&google_sc&google_cm&stn=REMIXD
  • https://cmod.live.streamtheworld.com/cookiesync/pixel.gif?partner=dbm&uid=CAESEOWJqg3Fk4LhR3KB135xjDs&stn=REMIXD&google_cver=1
43 B
611 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cmod.live.streamtheworld.com/cookiesync/pixel.gif?partner=dbm&uid=CAESEOWJqg3Fk4LhR3KB135xjDs&stn=REMIXD&google_cver=1
Protocol
HTTP/1.1
Server
208.80.55.209 , Canada, ASN13360 (TRITONDIGITAL, CA),
Reverse DNS
Software
/
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-stw-ps
lax-alloy11
x-stw-site
LAX
content-length
43
content-type
image/gif

Redirect headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:24 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://cmod.live.streamtheworld.com/cookiesync/pixel.gif?partner=dbm&uid=CAESEOWJqg3Fk4LhR3KB135xjDs&stn=REMIXD&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
335
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
us.php
gu.dyntrk.com/adx/trtn/ Frame 95EE 		0
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gu.dyntrk.com/adx/trtn/us.php?dynk=tr26t81n&gdpr_consent&redir=https%3A%2F%2Fyield-op-idsync.live.streamtheworld.com%2Fpixel.gif%3Fpartner%3Ddyn%26uid%3D%5BDYNADMIC_UID%5D%26pubId%3D41773
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
51.178.20.140 , France, ASN16276 (OVH, FR),
Reverse DNS
ns31193670.ip-51-178-20.eu
Software
proxy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

access-control-allow-origin
*
pragma
no-cache
cache-control
private, no-cache, no-store, proxy-revalidate, no-transform
x-rc
10
server
proxy
content-length
0
content-type
text/plain
pixel.gif
yield-op-idsync.live.streamtheworld.com/ Frame 95EE
Redirect Chain
  • https://ad.turn.com/r/cs?pid=58&redir=https%3A%2F%2Fyield-op-idsync.live.streamtheworld.com%2Fpixel.gif%3Fpartner%3Damb%26uid%3D%23USER_ID%23%26pubId%3D41773
  • https://yield-op-idsync.live.streamtheworld.com/pixel.gif?partner=amb&uid=8053738013470830884&pubId=41773
43 B
457 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://yield-op-idsync.live.streamtheworld.com/pixel.gif?partner=amb&uid=8053738013470830884&pubId=41773
Protocol
H2
Server
192.173.29.75 , Canada, ASN13360 (TRITONDIGITAL, CA),
Reverse DNS
Software
/
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-stw-server
mtl-mesos01-node04
x-stw-site
MTL
date
Thu, 30 Dec 2021 13:58:24 GMT
content-length
43
content-type
image/gif

Redirect headers

location
https://yield-op-idsync.live.streamtheworld.com/pixel.gif?partner=amb&uid=8053738013470830884&pubId=41773
pragma
no-cache
date
Thu, 30 Dec 2021 13:58:24 GMT
cache-control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length
0
p3p
policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
empty-vast.xml
v.adsrvr.org/VAST/ Frame 1BF5 		27 B
655 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://v.adsrvr.org/VAST/empty-vast.xml
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.225.68.201 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-68-201.ewr53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
4efe845e7dfcf34474889ed984c37c464cea9fd16cd4c56d3501d71949dcbfbf

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 30 Dec 2021 11:47:19 GMT
Via
1.1 2d922ab79d41a826404f05ff416bb98c.cloudfront.net (CloudFront)
Age
7866
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
27
Last-Modified
Mon, 12 Aug 2019 18:16:39 GMT
Server
AmazonS3
ETag
"21c260b4e3bf20cd15e0f10701127ad9"
Vary
Origin
Access-Control-Allow-Methods
HEAD, GET, PUT, POST, DELETE
Content-Type
text/xml
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
ETag, x-amz-meta-custom-header
X-Amz-Cf-Pop
EWR53-C1
Accept-Ranges
bytes
X-Amz-Cf-Id
jikQWpUnnxanNdCgxismsR33GzSdi_BYAE8uXFqur9u175VDgMOOMg==
cta-branding.js
cdn.taboola.com/demand-formats/cta-branding/ 		19 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.taboola.com/demand-formats/cta-branding/cta-branding.js
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20211230-7-RELEASE.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a351fd92e5702efce917edb3a5fa5e15b0c2c01b05c72004d183ea3cd0ac8cc4

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id
n7qu5_m2oY3yYk8zx0ISQgopnHkiUO7s
content-encoding
gzip
etag
"103abcd7af0ff73c2bca84d874ada0e2"
age
24232
x-cache
HIT
x-amz-replication-status
COMPLETED
content-length
6020
x-amz-id-2
fVqATTfCUT/rEDqz1Zeg1q7LWmxxRRIXRh8eMOenHA8gGIG+eptonZDpZekbfQ4TljPNPUEqz7o=
x-served-by
cache-dca17780-DCA
last-modified
Tue, 30 Nov 2021 12:15:08 GMT
server
AmazonS3
x-timer
S1640872704.343852,VS0,VE0
date
Thu, 30 Dec 2021 13:58:24 GMT
vary
Accept-Encoding
x-amz-request-id
4MW9MP86125NQZHF
via
1.1 varnish
cache-control
private,max-age=14400
accept-ranges
bytes
content-type
application/javascript
abp
1
x-cache-hits
369
cta-branding.css
cdn.taboola.com/demand-formats/cta-branding/ 		2 KB
948 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.taboola.com/demand-formats/cta-branding/cta-branding.css
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20211230-7-RELEASE.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
8061c17ad6d7b8805745d8f136437acc8abe498fed1a01cec4d142b55def3c55

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id
8oi59FmV5lZnBSZug04yEHoBr2VIEPOj
content-encoding
gzip
etag
"44e0fb48ae5c8af459ee8102bcc39ee7"
age
24231
x-cache
HIT
x-amz-replication-status
COMPLETED
content-length
702
x-amz-id-2
g6enXLyTA7AAAqf3hQsSImuNUxZ9kiOcETb9KeCdfiFBxvpRww3puy0tHMZ8xjF7oVvPyeUcpTk=
x-served-by
cache-dca17780-DCA
last-modified
Tue, 30 Nov 2021 12:15:07 GMT
server
AmazonS3
x-timer
S1640872704.344339,VS0,VE0
date
Thu, 30 Dec 2021 13:58:24 GMT
vary
Accept-Encoding
x-amz-request-id
4MWAWT7X595HHKNW
via
1.1 varnish
cache-control
private,max-age=14400
accept-ranges
bytes
content-type
text/css
abp
1
x-cache-hits
349
tfa-eid.20211230-7-RELEASE.es6.js
cdn.taboola.com/libtrc/ 		14 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.taboola.com/libtrc/tfa-eid.20211230-7-RELEASE.es6.js
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/tribunedigital-network/loader.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
8b13dc377a7e2365bca4d396121e915ef3328c7001889aa08f5b26efde7b880f

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id
sDybZtjjMEHkxCzgoDL5L.FwBRJSXdik
content-encoding
gzip
etag
"3a0803113de2d6bf020df6c0d2188220"
age
11770
x-cache
HIT
x-amz-replication-status
PENDING
content-length
5062
x-amz-id-2
roqWQUYXezTBFhgHNt9gPg84Pud1qEwFWGiflpRInBMSBiLBgSjmVqa0Bo4KkcYsSXA7qzZ5ApI=
x-served-by
cache-dca17780-DCA
last-modified
Thu, 30 Dec 2021 10:41:48 GMT
server
AmazonS3
x-timer
S1640872704.346243,VS0,VE0
date
Thu, 30 Dec 2021 13:58:24 GMT
vary
Accept-Encoding
x-amz-request-id
K7WRZCDH7S56R08K
via
1.1 varnish
cache-control
private,max-age=14400
accept-ranges
bytes
content-type
application/javascript; charset=utf-8
abp
1
x-cache-hits
117
sha256.20211230-7-RELEASE.es6.js
cdn.taboola.com/libtrc/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.taboola.com/libtrc/sha256.20211230-7-RELEASE.es6.js
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/tribunedigital-network/loader.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
002c23c133b009fc8c30da80c329c0814b80f5935dc73ab28e6c6467fe032c26

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id
7XkGUGXuetp7gT8jMBCtiUtirSzi1TZL
content-encoding
gzip
etag
"53394ad092468c14047a8302c1db68b5"
age
11773
x-cache
HIT
x-amz-replication-status
PENDING
content-length
2589
x-amz-id-2
vlBNtUSR5oBS1b04eA1FR9WFJmRGFKHxfWod0Avsm6p4x6JXCPca2j8/sxuL+v/039SrGbtJMt8=
x-served-by
cache-dca17780-DCA
last-modified
Thu, 30 Dec 2021 10:42:06 GMT
server
AmazonS3
x-timer
S1640872704.346297,VS0,VE0
date
Thu, 30 Dec 2021 13:58:24 GMT
vary
Accept-Encoding
x-amz-request-id
CZN001XNZPM3GT8C
via
1.1 varnish
cache-control
private,max-age=14400
accept-ranges
bytes
content-type
application/javascript; charset=utf-8
abp
1
x-cache-hits
113
explore-more.20211230-7-RELEASE.es6.js
cdn.taboola.com/libtrc/ 		15 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.taboola.com/libtrc/explore-more.20211230-7-RELEASE.es6.js
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/tribunedigital-network/loader.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
82449a4ceb4548aa5b23844b9dc34ac0561cce4da2890f4a1090b2e687cb5fcf

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id
it3ISUZJ5zK2S.cKl0LzN2pp2DP6v0uc
content-encoding
gzip
etag
"16e0673f4d4cb85b58489364f5c65adb"
age
11750
x-cache
HIT
x-amz-replication-status
PENDING
content-length
4480
x-amz-id-2
pv6of0awOy358rU/kzHeljOGF9WRYoH7gLwLi93Qx7QXlpcQLOn9IaJ62CEVqr6yb1nMWD0zKA0=
x-served-by
cache-dca17780-DCA
last-modified
Thu, 30 Dec 2021 10:42:28 GMT
server
AmazonS3
x-timer
S1640872704.349773,VS0,VE0
date
Thu, 30 Dec 2021 13:58:24 GMT
vary
Accept-Encoding
x-amz-request-id
XJW8TTSWHQHNW9HT
via
1.1 varnish
cache-control
private,max-age=14400
accept-ranges
bytes
content-type
application/javascript; charset=utf-8
abp
1
x-cache-hits
51
feed-card-placeholder.20211230-7-RELEASE.es6.js
cdn.taboola.com/libtrc/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.taboola.com/libtrc/feed-card-placeholder.20211230-7-RELEASE.es6.js
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/tribunedigital-network/loader.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
bd91b6791b53ec8bc3376cd72017f585add2778dc9fe08f8fdf9914b343ddb04

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id
ZRg5JHtQTb6Jczsn6w59B60cVbpF82Nt
content-encoding
gzip
etag
"f1dd6e586502805dfc43f054369afed5"
age
11741
x-cache
HIT
x-amz-replication-status
PENDING
content-length
1261
x-amz-id-2
Yd/AwDQwzoi/M+4/Y7AcdtE/egRcO2rsM8zYTj9OiNsDphW6mbx84KhPxc9MTMaPhB+qEzPP5s8=
x-served-by
cache-dca17780-DCA
last-modified
Thu, 30 Dec 2021 10:42:25 GMT
server
AmazonS3
x-timer
S1640872704.351715,VS0,VE0
date
Thu, 30 Dec 2021 13:58:24 GMT
vary
Accept-Encoding
x-amz-request-id
6AWDQM650XM3T1BN
via
1.1 varnish
cache-control
private,max-age=14400
accept-ranges
bytes
content-type
application/javascript; charset=utf-8
abp
1
x-cache-hits
93
userx.20211230-7-RELEASE.es6.js
cdn.taboola.com/libtrc/ 		17 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.taboola.com/libtrc/userx.20211230-7-RELEASE.es6.js
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/tribunedigital-network/loader.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
29b39c8712d228af23ca90e3a3e7c352174ffe883f0e66b34b5920909dd3da70

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id
VTG3H46aTEm6ZktoKW8I2gqjTla7rb2m
content-encoding
gzip
etag
"2de3733cf277aba1fc3aa49379d615b0"
age
11796
x-cache
HIT
x-amz-replication-status
PENDING
content-length
5339
x-amz-id-2
e/m4kFSrkFWowkCl8jw1L9w8tbWmnOW/OnW2XVhi8NvctZj/9RI+WmNzDQfN29o6rxf+CaFDVJE=
x-served-by
cache-dca17780-DCA
last-modified
Thu, 30 Dec 2021 10:41:44 GMT
server
AmazonS3
x-timer
S1640872704.384276,VS0,VE0
date
Thu, 30 Dec 2021 13:58:24 GMT
vary
Accept-Encoding
x-amz-request-id
6T8Y7NFE2KTVABE8
via
1.1 varnish
cache-control
private,max-age=14400
accept-ranges
bytes
content-type
application/javascript; charset=utf-8
abp
1
x-cache-hits
110
tb
15.taboola.com/ 		38 KB
12 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://15.taboola.com/tb?oid=15&pubnm=tribunedigital-baltimoresun&unitType=244&tbloc=&pageType=text&pstn=below-article-thumbs_ARC&uuip=Feed%20-%20below-article-thumbs_ARC&cisrf=https%3A%2F%2Ft.co%2F&cirf=https%3A%2F%2Fwww.baltimoresun.com%2Fcoronavirus%2Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&encoded=1&uid=edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e&variant=416805|4330&callback=TRC.videoTagCallbacks.videoCallback1&cb=1640872704407&tagid=&cntry=US&platform=1&sesid=fbd0892ec0a46bc5b391a2526586fb00&itemid=/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&viewid=1640872703386&geolat=&geoing=&deviceifa=&appid=&sd=v2_fbd0892ec0a46bc5b391a2526586fb00_edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e_1640872703_1640872703_CGoQrso9GJrrid3gLyABKAMw4QE4kaQOQJ3RDkj_stsDUOEEWABgAGiApKeijMutlDNwAQ&ri=8ebfd3657308148101ebef20883eadc5&appname=&cdb=&gdprApplies=false&rid=&sii=1054380772255988762&oee=true&tpubid=1008942&uis=3&fagg=1&ccpaDns=false&ccpaPrivacy=&region=IL&hasGDPRConsent=true&tcfVersion=&cmpStatus=&tnetid=1008940&prcnt=&layer=
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20211230-7-RELEASE.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
fe327b582b7a4c398d86025094aad4838d9f218849d4f62c4a5b5f07c4a94dfe

Request headers

Referer
https://www.baltimoresun.com/
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain

Response headers

date
Thu, 30 Dec 2021 13:58:24 GMT
content-encoding
gzip
access-control-allow-origin
https://www.baltimoresun.com
machineid
1142
x-cache
MISS
xvid-debug
mrmr - :
x-served-by
cache-dca17780-DCA
pragma
no-cache
server
nginx
x-timer
S1640872704.422664,VS0,VE19
vary
Accept-Encoding
content-type
text/html;charset=ISO-8859-1
via
1.1 varnish
expires
Sat, 26 Jul 1997 05:00:00 GMT
cache-control
no-cache,must-revalidate,no-store,max-age=0,s-maxage=0
access-control-allow-credentials
true
accept-ranges
bytes
link
<https://us-wf.taboola.com>; rel=preconnect
x-cache-hits
0
f89e1763-220d-4e09-ba69-9e040548fb7a.svg
cdn.taboola.com/static/f8/ 		4 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.taboola.com/static/f8/f89e1763-220d-4e09-ba69-9e040548fb7a.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
39b076e4bb4fab9b8a142499cf6155f8c128464974691a04de7e764f71b72618

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id
cMrDKn.emLmm9kiiOOF64ulDT4DRy6LK
content-encoding
gzip
etag
"b8b410e4b18d45aa2f3d9bc09cd335fb"
age
88
via
1.1 varnish
x-cache
HIT
x-amz-replication-status
COMPLETED
content-length
1758
x-amz-id-2
czJodZjEXOlx24Eqbl6KAo7MHkOKD/zMe6eCPVQ2coARd511JzFhvTAEw1WHxsr7+IIYjrYMU6A=
x-served-by
cache-dca17780-DCA
last-modified
Wed, 07 Feb 2018 11:15:52 GMT
server
AmazonS3
x-timer
S1640872704.458589,VS0,VE0
date
Thu, 30 Dec 2021 13:58:24 GMT
vary
Accept-Encoding
access-control-allow-methods
GET
x-amz-request-id
JM3NNQMNTKP1BCQ3
access-control-allow-origin
*
cache-control
private,max-age=31536000
accept-ranges
bytes
content-type
image/svg+xml
access-control-allow-headers
*
abp
1
x-cache-hits
3
debug
us-trc-events.taboola.com/tribunedigital-baltimoresun/log/2/ 		0
89 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-trc-events.taboola.com/tribunedigital-baltimoresun/log/2/debug?tim=13%3A58%3A24.488&type=info&msg=Load%20publisher%20card%3A%20%23taboola-skip%20on%20Card%3A%207%20with%20the%20anchor%20element%20selector%3A%20%23taboola-skip%20succeed&llvl=2&id=7680&cv=20211230-7-RELEASE&lt=deflated&idx=pc&pc=%23taboola-skip&st=1
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
141.226.224.48 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:24 GMT
access-control-allow-credentials
true
server
nginx
x-fastly-to-nlb-rtt
6501
abtests
trc.taboola.com/tribunedigital-baltimoresun/log/3/ 		0
332 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://trc.taboola.com/tribunedigital-baltimoresun/log/3/abtests?route=US:US:V&lti=deflated&ri=36e2491b4e36cadd037efd66eb3be001&sd=v2_fbd0892ec0a46bc5b391a2526586fb00_edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e_1640872703_1640872703_CGoQrso9GJrrid3gLyABKAMw4QE4kaQOQJ3RDkj_stsDUOEEWABgAGiApKeijMutlDNwAQ&ui=edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e&pi=/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&wi=1054380772255988762&pt=text&vi=1640872703386&d=%7B%22abTestsEventType%22%3A%22simple%22%2C%22name%22%3A%22pageLoad%22%2C%22type%22%3A%7B%22storageRef%22%3Anull%2C%22referrer%22%3A%22https%3A%2F%2Ft.co%2F%22%7D%2C%22eventTime%22%3A1640872704490%7D&tim=13%3A58%3A24.490&id=2699&llvl=2&cv=20211230-7-RELEASE&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-vcl-time-ms
8
pragma
no-cache
date
Thu, 30 Dec 2021 13:58:24 GMT
via
1.1 varnish
server
nginx
x-timer
S1640872705.500625,VS0,VE8
x-served-by
cache-dca17780-DCA
x-cache
MISS
p3p
policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-credentials
true
accept-ranges
bytes
content-type
image/gif
x-cache-hits
0
SynchroClient2.js
delivery-cdn-cf.adswizz.com/adswizz/js/ Frame 95EE 		9 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://delivery-cdn-cf.adswizz.com/adswizz/js/SynchroClient2.js
Requested by
Host: t.co
URL: https://t.co/sWUTVYxdMM
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.230.162.36 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-54-230-162-36.ewr53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
dc3a0e2e935e1287780338713472a6ab77cfddcd82259c9d6bb4317de0d93898

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 12:31:33 GMT
via
1.1 4e0a12897838fdf8f772b549bbcdb420.cloudfront.net (CloudFront)
last-modified
Tue, 15 Sep 2020 06:28:38 GMT
server
AmazonS3
age
5212
etag
"3a38a4c45e3aa46a58e390f0b0baebfd"
x-cache
Hit from cloudfront
content-type
application/javascript
x-amz-cf-pop
EWR53-C3
accept-ranges
bytes
content-length
9187
x-amz-cf-id
10C_aXHm7U0FeoXl3mZMGn2OQ0u4cYIVM_Zb4Dux9NjU3daOxXwdiQ==
postback
s.srvsynd.com/2/2.43.1/234175/AP4v3tgJBZc63V4i/ 		0
145 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://s.srvsynd.com/2/2.43.1/234175/AP4v3tgJBZc63V4i/postback?ci=234175&dt=2341751597675869250012&di=www.baltimoresun.com&ui=f1a7817fe20f4597938371768ad6be84&ap=undefined&sr=connatix.com&de=2&md=2&pp=780864319626685&ti=x1212214887973369980443275100160&to=3&pv=8266dd6e-3c76-4285-9592-6a0ab89c378d&sid=AP4v3tgJBZc63V4i&oz_sc=d1a5b9c31009128bce120ef1&oz_df=1640872704313&oz_l=219&cv=3
Requested by
Host: s.srvsynd.com
URL: https://s.srvsynd.com/2/2.43.1/main.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
34.226.87.209 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-226-87-209.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.baltimoresun.com/
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
*
Date
Thu, 30 Dec 2021 13:58:24 GMT
Timing-Allow-Origin
*
Content-Length
0
Vary
Origin
truncated
/ Frame 1BF5 		43 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type
image/gif
social
us-trc-events.taboola.com/tribunedigital-baltimoresun/log/3/ 		0
362 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-trc-events.taboola.com/tribunedigital-baltimoresun/log/3/social?route=US:US:V&lti=deflated&ri=36e2491b4e36cadd037efd66eb3be001&sd=v2_fbd0892ec0a46bc5b391a2526586fb00_edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e_1640872703_1640872703_CGoQrso9GJrrid3gLyABKAMw4QE4kaQOQJ3RDkj_stsDUOEEWABgAGiApKeijMutlDNwAQ&ui=edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e&pi=/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&wi=1054380772255988762&pt=text&vi=1640872703386&st=social-available&d=%7B%22data%22%3A%5B%7B%22i%22%3A%22ctx%22%2C%22ism%22%3Afalse%2C%22srx%22%3A1600%2C%22sry%22%3A1200%2C%22pd%22%3Anull%2C%22tpl%22%3A%22%22%2C%22url%22%3A%22https%3A%2F%2Fwww.baltimoresun.com%2Fcoronavirus%2Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html%22%2C%22rref%22%3A%22https%3A%2F%2Ft.co%2F%22%2C%22sref%22%3A%22_sessionPending_%22%2C%22hdl%22%3A%22Whistleblower%20alleges%20Maryland%20health%20officials%20failed%20to%20alert%20hundreds%20of%20patients%20of%20potentially%20spoiled%20vaccines%22%2C%22sec%22%3A%22coronavirus%22%2C%22aut%22%3A%5B%22Taylor%20DeVille%22%2C%22Meredith%20Cohn%22%2C%22Hallie%20Miller%22%5D%2C%22img%22%3A%22https%3A%2F%2Fwww.baltimoresun.com%2Fresizer%2F-pGffZg9qJPmHoG1yyxxA_jhXmk%3D%2F1200x0%2Ftop%2Fcloudfront-us-east-1.images.arcpublishing.com%2Ftronc%2FVLQ3MUCJ7VANRL54RLZOA2XARI.jpg%22%2C%22v%22%3A15%2C%22pw%22%3Afalse%7D%5D%7D&tim=13%3A58%3A24.552&id=7556&llvl=2&cv=20211230-7-RELEASE&
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
141.226.224.48 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

access-control-allow-origin
*
pragma
no-cache
date
Thu, 30 Dec 2021 13:58:24 GMT
cache-control
no-cache
access-control-allow-credentials
true
server
nginx
p3p
policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
abtests
trc.taboola.com/tribunedigital-baltimoresun/log/3/ 		0
98 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://trc.taboola.com/tribunedigital-baltimoresun/log/3/abtests?route=US:US:V&lti=deflated&ri=36e2491b4e36cadd037efd66eb3be001&sd=v2_fbd0892ec0a46bc5b391a2526586fb00_edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e_1640872703_1640872703_CGoQrso9GJrrid3gLyABKAMw4QE4kaQOQJ3RDkj_stsDUOEEWABgAGiApKeijMutlDNwAQ&ui=edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e&pi=/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&wi=1054380772255988762&pt=text&vi=1640872703386&d=%7B%22abTestsEventType%22%3A%22simple%22%2C%22name%22%3A%22recommendation-reel%22%2C%22type%22%3A%22available%22%2C%22eventTime%22%3A1640872704557%7D&tim=13%3A58%3A24.558&id=6602&llvl=2&cv=20211230-7-RELEASE&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-vcl-time-ms
8
pragma
no-cache
date
Thu, 30 Dec 2021 13:58:24 GMT
via
1.1 varnish
server
nginx
x-timer
S1640872705.570680,VS0,VE8
x-served-by
cache-dca17780-DCA
x-cache
MISS
p3p
policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-credentials
true
accept-ranges
bytes
content-type
image/gif
x-cache-hits
0
/
pubads.g.doubleclick.net/pagead/interaction/ Frame 1BF5 		42 B
66 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pubads.g.doubleclick.net/pagead/interaction/?ai=Ben_s_7rNYaarOMW_pQefgJiYC5zMy49GAAAAEAEg0b23PTgBWMKblr2DBGDJ3pWM0KTcEbIBFHd3dy5iYWx0aW1vcmVzdW4uY29tugELNDgweDI3MF94bWzIAQXaAXRodHRwczovL3d3dy5iYWx0aW1vcmVzdW4uY29tL2Nvcm9uYXZpcnVzL2JzLW1kLXRydWVjYXJlLXdoaXN0bGVibG93ZXItMjAyMTEyMjktNXNvZjJyeHRudmZwamk0bGtzM3B1bWlxZDQtc3RvcnkuaHRtbJgC4F3AAgLgAgDqAhIvOTIwNTYyODEvNTQwOTg0ODb4AoHSHpADpAOYA9AFqAMB4AQB0gUGEPifzs4VkAYBoAYkqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHAOAHH9IIBwiAYRABGB3YCAKACgWYCwGADAHQFQGAFwE&sigh=wJE2_peGGcU&label=videoplayfailed303&acvw=[VIEWABILITY]&sdkv=h.3.493.0&vci=Ck4IAhIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgRHREZQIAQqCjU4MDIwMDQ0NzJAjwFSGSUAAPBBOgd1bmtub3duQgd1bmtub3duUAAYAQ..
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.72.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s32-in-f2.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:24 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
init1.js
api.bounceexchange.com/bounce/ 		36 B
320 B 		Script
General
Check archive.org
Download Go to
Full URL
https://api.bounceexchange.com/bounce/init1.js?wklz=C4ewVgigvAZgrgOwMbAJYgQMhQZygRgDYAWABgA4B2AJktOIFYBOQzYALxClMwHcBTAEY5UwfgH1UAEyjVSDVgCd+OEABs4aDAUKlSAD3xyeymP0XLFUYADokIbAEM1a1AgDm4uIrVQAFsDAAA44AKQAzACCodQAYjGxvEk2gs5oALYgyjiIdiDpCfaKGI4AbqiKcGFxwgC06VK1wJX8SI7Ktbx+qDjAakJqIAKKtXLU+EbUTLUMqjDUivrACKUwQWCoxGoA1jjhQXDpqACOUsS1vVkAnjYB6WqY5SLA4vYg26j8UKGUAEIx1DUQQBEWi1GoAWC1QYURiDDicLiSV4KTSqEy2Vy9gK1HhsSKJXKlWhNRw9UazTgrXa-E63V6-UEg2Go1I40m01mIHmi2Wq3Wmx2ewOR1O50uihudzUIOoAGEAYoQbDwbZ7CDKAARbAgd6fb5-AGlZXRQ3ghCHQTmcTc8TtNBIfo4cTKRxSE34GIK8GDdzufhSSQIcQwZT8E0wZw4cPygG+-2BtziIKOaQRqMx73UFNXdL8BAvewIGAVPPu8GgyNqaNegH8UrW+MBoPJ1Pl6iVjO18E4Ry8cSudwBQQgfTiJ6idPVzN1huKAcgP3NtxTmux8GoQRjsS9Vcz8HUoLiaP58c9ScVqJVtdZw-HuCCI6BZv18zuMMIPfd6h3nKP0RiIGWToE6X7rj+bRHn+T6AS6ZT5tUHZXl24G-g+MHNkE6ioEgVxgbekH3v+z6BlIPR+PhdaEdBAHNn4-BpBRl6RNe+4QY4UHobRgaOPw7g9JRB7UVxJHiH4QztO2nbTt+aHEbBUjtNsxT5IJ7GcfJzbNPBMrMaxsnCZpgbiXmalyRhgZIIo6IxkhLEoQRHFERZ4iCFUbgqIh0k3lRTk0aJxRwEOahXDgQQMR8HhqUEgiCC6KhYQga52fp4FqI4vRnvwAiWfRSDbCAmhflq35SO4sQVL0AAyIBuialJsX4kkAJKaiaALUOEpAAJqlMAxAwOkAAaxyaiAADyACiAAKVylAASkE03uFI4STVV-wVuBczAK17Xgp1PWlAg2xDQAcqgABaABSVwACrjQAqgmjgIPNxDTfgQTkLKWZle1ZrUD003KOUhU4HKVSgHmSp6Q5AI9AAyg+OBWZu5jFW1WqPO0OAANq+kmmSKWoAC6sAZjjij446nwFnagY4OJvAIOTrFU-j5RSPwIDJtk+bAGzlOlLjeM5rwzhqHzKgC0L04cwTi4JkGcvRgr9o4f0rb+uTDUKxa6RWvOtoa46KjxW65P4ArmQFn4IV2ooDpOhbUjkzwIvU3jptawgjh5uTCtNomwahvw-Cq-wQdK8uwYptIkcKzmeb00WJaKGWiee-jf6o9ZQRaMGwBXOFWei6+87By28duxT8vZ3jvb9oOw6jmezxl17FcLkuIedzniWqNT3RHkgeXbP3eObtuKiC3XasN7TAsM+IZGM8zk8gHO6VXPeQRBNkIgYLrLQK20wZM0MNrb44VyT26A6oEOLzH-PUcN7+4fBhOc-sx-hkuQru+L+k9zLcRtNZdQKhQEAPAYoeCSUYF+RErBLCrhcJII0i5MiTNMHOXAfRRieD-KwV4vxHAxCUF0QkooWuf9y6wNEopRQyldTpEoUZcQ2kGxkzfgrMBokTIRz4f-ZBnC0YBxEQwsRLk3IiAQJ5DhLlArBVCuFRwkV3CTyarQiWLhpbRgLJPKQawXS1SkEyEA+VyaSyGOrJ2msJBoD6MIgA6vSFxljhiIlIJLPiKgfEAFl2hXHSggcs8JSCELUMAJikTuQliQKgKMPjIyoH6BEuQoAfHOHMMAHxfhEBSGUFIEkpBuQ+JTGgAWZSKm4jkFhMQBZkkuDwvU0gYUQDpIDD4kWSAkkKJwPwsioBrLOHEF0Ho4V5wHxlkYqRXtQAZTEDM-m8z6GLOKMgcQh5J4xTitkQewiNn4zcPYdwCBRC80sflAxssFn41SPlEs+juZBEGLme5Cs5wOnGe4PxkptbHOFqLcWks7kFmoJPHaEzwWzMMb-EFXsfbm3KNlZseYVkTLcFIIYVt+GESWb0a08L7knLxneIlWLeivWYaU1A7AJCkvWUizmnwcqvHHoVF4KZMoCH4BPB5BNllZQ5WPVoBVNCT36YGVwvRJ7KH4noqWzLEX125jARufZH7PxHGOH+WcNUUuol-duohDX8E1fs+KnSkrAvlm8D4TjdQDnaP6PhgggjcEwPwYIUA8ak0wAXPAOp0jvOScgCQMB0ruCgI8JqcadGJhkIdXq-VBojTGlNWaC0lorTWhtTAMLpCyC6r1E650rq3Qes9AMr13qfW+kAA
Requested by
Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/ijs_all_modules_cjs_min_3a4888a29ab77d37f7af68772d0af770.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.117.4.53 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
53.4.117.34.bc.googleusercontent.com
Software
istio-envoy /
Resource Hash
fe3fcb884394be745dbd11141b6d780028a4d86106b6292d7502db096f582218

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:24 GMT
via
1.1 google
server
istio-envoy
p3p
CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
content-encoding
gzip
x-envoy-upstream-service-time
42
content-type
text/html; charset=UTF-8
alt-svc
clear
UnitFeedManagerDesktop.min.js
vidstat.taboola.com/lite-unit/3.5.9/ 		100 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://vidstat.taboola.com/lite-unit/3.5.9/UnitFeedManagerDesktop.min.js
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20211230-7-RELEASE.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
1608980c6f4deb0e238ce9af217e69059535d627e4d9fa8adc9908661912b3a1

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:24 GMT
via
1.1 7afe17509cf46af31fd4ba3c3d932fa6.cloudfront.net (CloudFront), 1.1 varnish
age
273327
x-cache
Miss from cloudfront, HIT
content-encoding
gzip
content-length
29149
x-served-by
cache-dca17780-DCA
last-modified
Mon, 27 Dec 2021 10:02:06 GMT
server
AmazonS3
x-timer
S1640872705.662827,VS0,VE0
etag
"cfa326391ec5ae5c236d77282035eb1c"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=2592000
x-amz-cf-pop
IAD89-P1
accept-ranges
bytes
access-control-allow-headers
*
x-amz-cf-id
yRM4pdnicAPfA2RtF27zVm0td6aD9WbjIj3YYOSDwvKYyauDQwQX5A==
x-cache-hits
1209
abtests
trc.taboola.com/tribunedigital-baltimoresun/log/3/ 		0
332 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://trc.taboola.com/tribunedigital-baltimoresun/log/3/abtests?route=US:US:V&lti=deflated&ri=36e2491b4e36cadd037efd66eb3be001&sd=v2_fbd0892ec0a46bc5b391a2526586fb00_edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e_1640872703_1640872703_CGoQrso9GJrrid3gLyABKAMw4QE4kaQOQJ3RDkj_stsDUOEEWABgAGiApKeijMutlDNwAQ&ui=edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e&pi=/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&wi=1054380772255988762&pt=text&vi=1640872703386&d=%7B%22abTestsEventType%22%3A%22simple%22%2C%22name%22%3A%22CTA_Title_Not_Black%22%2C%22type%22%3A%22%22%2C%22eventTime%22%3A1640872704674%7D&tim=13%3A58%3A24.674&id=1656&llvl=2&cv=20211230-7-RELEASE&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-vcl-time-ms
9
pragma
no-cache
date
Thu, 30 Dec 2021 13:58:24 GMT
via
1.1 varnish
server
nginx
x-timer
S1640872705.693395,VS0,VE9
x-served-by
cache-dca17780-DCA
x-cache
MISS
p3p
policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-credentials
true
accept-ranges
bytes
content-type
image/gif
x-cache-hits
0
abtests
trc.taboola.com/tribunedigital-baltimoresun/log/3/ 		0
57 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://trc.taboola.com/tribunedigital-baltimoresun/log/3/abtests?route=US:US:V&lti=deflated&ri=36e2491b4e36cadd037efd66eb3be001&sd=v2_fbd0892ec0a46bc5b391a2526586fb00_edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e_1640872703_1640872703_CGoQrso9GJrrid3gLyABKAMw4QE4kaQOQJ3RDkj_stsDUOEEWABgAGiApKeijMutlDNwAQ&ui=edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e&pi=/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&wi=1054380772255988762&pt=text&vi=1640872703386&d=%7B%22abTestsEventType%22%3A%22simple%22%2C%22name%22%3A%22CTA_Title_Not_Black%22%2C%22type%22%3A%22%22%2C%22eventTime%22%3A1640872704677%7D&tim=13%3A58%3A24.678&id=8082&llvl=2&cv=20211230-7-RELEASE&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-vcl-time-ms
8
pragma
no-cache
date
Thu, 30 Dec 2021 13:58:24 GMT
via
1.1 varnish
server
nginx
x-timer
S1640872705.693821,VS0,VE8
x-served-by
cache-dca17780-DCA
x-cache
MISS
p3p
policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-credentials
true
accept-ranges
bytes
content-type
image/gif
x-cache-hits
0
abtests
trc.taboola.com/tribunedigital-baltimoresun/log/3/ 		0
66 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://trc.taboola.com/tribunedigital-baltimoresun/log/3/abtests?route=US:US:V&lti=deflated&ri=36e2491b4e36cadd037efd66eb3be001&sd=v2_fbd0892ec0a46bc5b391a2526586fb00_edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e_1640872703_1640872703_CGoQrso9GJrrid3gLyABKAMw4QE4kaQOQJ3RDkj_stsDUOEEWABgAGiApKeijMutlDNwAQ&ui=edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e&pi=/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&wi=1054380772255988762&pt=text&vi=1640872703386&d=%7B%22abTestsEventType%22%3A%22simple%22%2C%22name%22%3A%22CTA_Title_Not_Black%22%2C%22type%22%3A%22%22%2C%22eventTime%22%3A1640872704680%7D&tim=13%3A58%3A24.681&id=343&llvl=2&cv=20211230-7-RELEASE&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-vcl-time-ms
8
pragma
no-cache
date
Thu, 30 Dec 2021 13:58:24 GMT
via
1.1 varnish
server
nginx
x-timer
S1640872705.693912,VS0,VE8
x-served-by
cache-dca17780-DCA
x-cache
MISS
p3p
policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-credentials
true
accept-ranges
bytes
content-type
image/gif
x-cache-hits
0
abtests
trc.taboola.com/tribunedigital-baltimoresun/log/3/ 		0
96 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://trc.taboola.com/tribunedigital-baltimoresun/log/3/abtests?route=US:US:V&lti=deflated&ri=36e2491b4e36cadd037efd66eb3be001&sd=v2_fbd0892ec0a46bc5b391a2526586fb00_edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e_1640872703_1640872703_CGoQrso9GJrrid3gLyABKAMw4QE4kaQOQJ3RDkj_stsDUOEEWABgAGiApKeijMutlDNwAQ&ui=edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e&pi=/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&wi=1054380772255988762&pt=text&vi=1640872703386&d=%7B%22abTestsEventType%22%3A%22simple%22%2C%22name%22%3A%22CTA_Title_Not_Black%22%2C%22type%22%3A%22%22%2C%22eventTime%22%3A1640872704685%7D&tim=13%3A58%3A24.685&id=2753&llvl=2&cv=20211230-7-RELEASE&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-vcl-time-ms
8
pragma
no-cache
date
Thu, 30 Dec 2021 13:58:24 GMT
via
1.1 varnish
server
nginx
x-timer
S1640872705.694011,VS0,VE8
x-served-by
cache-dca17780-DCA
x-cache
MISS
p3p
policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-credentials
true
accept-ranges
bytes
content-type
image/gif
x-cache-hits
0
/
direct.adsrvr.org/bid/bidder/publisherdirect/ Frame 1BF5 		284 B
693 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://direct.adsrvr.org/bid/bidder/publisherdirect/?video.inline=1&maxdur=30&omsdk=0&did=ttdd-k5y9rtr-sus9z6l&ord=236503820&video.ft=mp4&dom=
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
199.250.166.129 , United States, ASN26459 (TTD-ASN-01, US),
Reverse DNS
Software
Kestrel /
Resource Hash
393719e94722f419dbccfc81e71d79ccde0bbebf8f21d17d3dcf90b01d8a4a9b

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:24 GMT
server
Kestrel
transfer-encoding
chunked
content-type
text/xml; charset=utf-8
access-control-allow-origin
https://imasdk.googleapis.com
cache-control
private
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
abtests
trc.taboola.com/tribunedigital-baltimoresun/log/3/ 		0
56 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://trc.taboola.com/tribunedigital-baltimoresun/log/3/abtests?route=US:US:V&lti=deflated&ri=36e2491b4e36cadd037efd66eb3be001&sd=v2_fbd0892ec0a46bc5b391a2526586fb00_edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e_1640872703_1640872703_CGoQrso9GJrrid3gLyABKAMw4QE4kaQOQJ3RDkj_stsDUOEEWABgAGiApKeijMutlDNwAQ&ui=edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e&pi=/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&wi=1054380772255988762&pt=text&vi=1640872703386&d=%7B%22abTestsEventType%22%3A%22simple%22%2C%22name%22%3A%22CTA_Title_Not_Black%22%2C%22type%22%3A%22%22%2C%22eventTime%22%3A1640872704695%7D&tim=13%3A58%3A24.695&id=1383&llvl=2&cv=20211230-7-RELEASE&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-vcl-time-ms
8
pragma
no-cache
date
Thu, 30 Dec 2021 13:58:24 GMT
via
1.1 varnish
server
nginx
x-timer
S1640872705.703162,VS0,VE8
x-served-by
cache-dca17780-DCA
x-cache
MISS
p3p
policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-credentials
true
accept-ranges
bytes
content-type
image/gif
x-cache-hits
0
postback
s.srvsynd.com/2/2.43.1/234175/AP4v3tgJBZc63V4i/ 		0
145 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://s.srvsynd.com/2/2.43.1/234175/AP4v3tgJBZc63V4i/postback?ci=234175&dt=2341751597675869250012&di=www.baltimoresun.com&ui=f1a7817fe20f4597938371768ad6be84&ap=undefined&sr=connatix.com&de=2&md=2&pp=780864319626685&ti=x1212214887973369980443275100160&to=3&pv=8266dd6e-3c76-4285-9592-6a0ab89c378d&sid=AP4v3tgJBZc63V4i&oz_sc=d1a5b9c31009128bce120ef1&oz_df=1640872704601&oz_l=647&cv=3
Requested by
Host: s.srvsynd.com
URL: https://s.srvsynd.com/2/2.43.1/main.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
34.226.87.209 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-226-87-209.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.baltimoresun.com/
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
*
Date
Thu, 30 Dec 2021 13:58:24 GMT
Timing-Allow-Origin
*
Content-Length
0
Vary
Origin
setuid
exchange.remixd.com/ Frame 95EE 		0
518 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://exchange.remixd.com/setuid?bidder=adswizz&uid=938da2495b23f9add6ca968d1acf11bd&gdpr=&gdpr_consent=&us_privacy=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.142.228 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
228.142.102.34.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:24 GMT
via
1.1 google
vary
Origin
cache-control
no-cache, no-store, must-revalidate
alt-svc
clear
content-length
0
expires
0
XWHMKZXVKBDY7CGTACZ3M7E4QU.jpg
www.baltimoresun.com/resizer/21V4iv7OgD07BdZw41vzL1cCqjQ=/64x64/top/www.baltimoresun.com/resizer/doiTOWchmZvWnPEzo4L40bp5fkY=/cloudfront-us-east-1.images.arcpublishing.com/tronc/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.baltimoresun.com/resizer/21V4iv7OgD07BdZw41vzL1cCqjQ=/64x64/top/www.baltimoresun.com/resizer/doiTOWchmZvWnPEzo4L40bp5fkY=/cloudfront-us-east-1.images.arcpublishing.com/tronc/XWHMKZXVKBDY7CGTACZ3M7E4QU.jpg
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/explore-more.20211230-7-RELEASE.es6.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:13::17d7:822b New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Akamai Image Manager /
Resource Hash
73a33835cc68bbeb09caab7383bd8c03b2b734a2f499dc04523ea54775dae7de
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:24 GMT
last-modified
Wed, 29 Dec 2021 18:15:36 GMT
server
Akamai Image Manager
etag
"06329048ca23f36dc1fcb1209bd8fdc700b5ce75"
content-type
image/jpeg
cache-control
private, no-transform, max-age=31465034
content-security-policy
upgrade-insecure-requests
server-timing
cdn-cache; desc=HIT, edge; dur=1
content-length
2019
expires
Thu, 29 Dec 2022 18:15:38 GMT
ZGGPOJ545JEPDOTY7TVRHWWJRI.jpg
www.baltimoresun.com/resizer/dqHRegvChdTCMUWI--AQ-Lw8fRY=/64x64/top/www.baltimoresun.com/resizer/79a5pTGllaV3B6QDfYWA3OgbtKw=/cloudfront-us-east-1.images.arcpublishing.com/tronc/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.baltimoresun.com/resizer/dqHRegvChdTCMUWI--AQ-Lw8fRY=/64x64/top/www.baltimoresun.com/resizer/79a5pTGllaV3B6QDfYWA3OgbtKw=/cloudfront-us-east-1.images.arcpublishing.com/tronc/ZGGPOJ545JEPDOTY7TVRHWWJRI.jpg
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/explore-more.20211230-7-RELEASE.es6.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:13::17d7:822b New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Akamai Image Manager /
Resource Hash
3cb4b4bb82f8d327fdb36e8f7df44603109ef4ad45689b9f3602970a2e0a7d1a
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:24 GMT
last-modified
Thu, 30 Dec 2021 10:28:06 GMT
server
Akamai Image Manager
etag
"1f93a0788f7329d1abfa247b7905f75683e81194"
content-type
image/jpeg
cache-control
private, no-transform, max-age=31523387
content-security-policy
upgrade-insecure-requests
server-timing
cdn-cache; desc=HIT, edge; dur=1
content-length
2005
expires
Fri, 30 Dec 2022 10:28:11 GMT
L3TX4QCNOVHBPL7ZYVF6PFKZYA.jpg
www.baltimoresun.com/resizer/PYRhrd4eCfZBEfQoVqgSCD7lwKE=/64x64/top/www.baltimoresun.com/resizer/YxfYj4zcy3m5-XmMZOiXLaNM_4s=/cloudfront-us-east-1.images.arcpublishing.com/tronc/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.baltimoresun.com/resizer/PYRhrd4eCfZBEfQoVqgSCD7lwKE=/64x64/top/www.baltimoresun.com/resizer/YxfYj4zcy3m5-XmMZOiXLaNM_4s=/cloudfront-us-east-1.images.arcpublishing.com/tronc/L3TX4QCNOVHBPL7ZYVF6PFKZYA.jpg
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/explore-more.20211230-7-RELEASE.es6.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:13::17d7:822b New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Akamai Image Manager /
Resource Hash
b3367b9bb32575edaee47af62f00bf91924bb4c54ac355ea1336fff9b9e2c19e
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:24 GMT
x-check-cacheable
YES
x-serial
922
etag
"20770ccabe8a1cd3636c6d184e163e47bf7600fc"
content-type
image/jpeg
cache-control
private, no-transform, max-age=31522784
last-modified
Thu, 30 Dec 2021 10:17:22 GMT
content-security-policy
upgrade-insecure-requests
server-timing
cdn-cache; desc=HIT, edge; dur=1
content-length
2936
server
Akamai Image Manager
expires
Fri, 30 Dec 2022 10:18:08 GMT
SJU4AITZJRBQVMM4L2HY5ITRBA.jpg
www.baltimoresun.com/resizer/wbZ_78W2OwqvXpWPpbVn9p1CYZs=/64x64/top/www.baltimoresun.com/resizer/ku9heJFqPy47DTI_USHB8Dz1QAI=/cloudfront-us-east-1.images.arcpublishing.com/tronc/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.baltimoresun.com/resizer/wbZ_78W2OwqvXpWPpbVn9p1CYZs=/64x64/top/www.baltimoresun.com/resizer/ku9heJFqPy47DTI_USHB8Dz1QAI=/cloudfront-us-east-1.images.arcpublishing.com/tronc/SJU4AITZJRBQVMM4L2HY5ITRBA.jpg
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/explore-more.20211230-7-RELEASE.es6.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:13::17d7:822b New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Akamai Image Manager /
Resource Hash
2913e580b9b9ea178e0eb7797ced71471f7913cfe34b496ec09087d1d1ae8c0f
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:24 GMT
last-modified
Thu, 30 Dec 2021 11:14:48 GMT
server
Akamai Image Manager
etag
"043ccf7e8c167ef9f547c24e7d80d38881da3714"
content-type
image/jpeg
cache-control
private, no-transform, max-age=31526224
content-security-policy
upgrade-insecure-requests
server-timing
cdn-cache; desc=HIT, edge; dur=23
content-length
1745
expires
Fri, 30 Dec 2022 11:15:28 GMT
tinygif.gif
www.baltimoresun.com/pb/resources/images/ 		26 B
441 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.baltimoresun.com/pb/resources/images/tinygif.gif?v=299
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/explore-more.20211230-7-RELEASE.es6.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:13::17d7:822b New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
openresty /
Resource Hash
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id
9T5taX9RwjHrNVNqwC0.yQG5VOUlx6w9
last-modified
Thu, 09 Dec 2021 17:06:55 GMT
server
openresty
x-amz-request-id
BNRQF62QZNW8773C
etag
"6a43099d5c8fe991a7aa7ebaca53069d"
content-type
image/gif
access-control-allow-origin
*
cache-control
max-age=31536000
date
Thu, 30 Dec 2021 13:58:24 GMT
content-security-policy
upgrade-insecure-requests
server-timing
cdn-cache; desc=HIT, edge; dur=1
accept-ranges
bytes
content-length
26
x-amz-id-2
MHPD1z9zMLTv5218uaJyMmvMB0sRG2l2MIn+V5Ujjw08jMchnywPk9TQ60xcbPvVrMcluPmQgbE=
expires
Fri, 30 Dec 2022 13:58:24 GMT
css2
fonts.googleapis.com/ 		2 KB
427 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Lato:wght@300;400;900&display=swap
Requested by
Host: client
URL: about:client
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81d::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
3be09b57f4ddbc74f8d4e72fea0807bf03ac934a74d71e841309558aefde7b0c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Thu, 30 Dec 2021 12:23:56 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Thu, 30 Dec 2021 13:58:24 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 30 Dec 2021 13:58:24 GMT
afr.php
synchroscript.deliveryengine.adswizz.com/www/delivery/ Frame 07D8 		6 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://synchroscript.deliveryengine.adswizz.com/www/delivery/afr.php?zoneid=9&aw_0_req.gdpr=false
Requested by
Host: delivery-cdn-cf.adswizz.com
URL: https://delivery-cdn-cf.adswizz.com/adswizz/js/SynchroClient2.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.49.183.91 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-49-183-91.eu-west-1.compute.amazonaws.com
Software
Apache-Coyote/1.1 /
Resource Hash
4cb706b4696d73df6dcce4631b68bc78fcee36583567ca77a802ee4dbe563406

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/

Response headers

Accept-Charset
utf-8
Access-Control-Allow-Origin
*
Content-Type
text/html;charset=UTF-8
Date
Thu, 30 Dec 2021 13:58:24 GMT
Instance-id
i-0a4a2a363efd7c06a
P3P
policyref="synchroscript.adswizz.com/docs/adswizz_adserver.htm", CP="CUR OUR NAV INT IND"
Server
Apache-Coyote/1.1
X-Adswizz-request-id
8e71fdf0-6978-11ec-9bf9-0a84383748e7
X-Application-Context
application:production
X-Clacks-Overhead
GNU Terry Pratchett
Content-Length
6012
Connection
keep-alive
id
id.sharedid.org/ Frame 3B1B 		0
218 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://id.sharedid.org/id
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid4.43.0-4.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.242.34.37 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-44-242-34-37.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.baltimoresun.com/
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.baltimoresun.com
pragma
no-cache
date
Thu, 30 Dec 2021 13:58:25 GMT
cache-control
no-cache,no-store,must-revalidate
access-control-allow-credentials
true
p3p
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
expires
0
async_usersync.html
acdn.adnxs.com/dmp/ Frame C403 		52 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid4.43.0-4.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.52.160.130 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-52-160-130.deploy.static.akamaitechnologies.com
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/

Response headers

Last-Modified
Wed, 02 Dec 2020 20:56:47 GMT
ETag
"5fc7ff8f-cf34"
Server
nginx/1.18.0 (Ubuntu)
Access-Control-Allow-Origin
*
Content-Type
text/html
Content-Encoding
gzip
Content-Length
17053
Cache-Control
max-age=86402
Expires
Fri, 31 Dec 2021 13:58:26 GMT
Date
Thu, 30 Dec 2021 13:58:24 GMT
Connection
keep-alive
Vary
Accept-Encoding
async_usersync.html
acdn.adnxs.com/dmp/ Frame 52E5 		52 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid4.43.0-4.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.52.160.130 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-52-160-130.deploy.static.akamaitechnologies.com
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/

Response headers

Last-Modified
Wed, 02 Dec 2020 20:56:47 GMT
ETag
"5fc7ff8f-cf34"
Server
nginx/1.18.0 (Ubuntu)
Access-Control-Allow-Origin
*
Content-Type
text/html
Content-Encoding
gzip
Content-Length
17053
Cache-Control
max-age=86402
Expires
Fri, 31 Dec 2021 13:58:26 GMT
Date
Thu, 30 Dec 2021 13:58:24 GMT
Connection
keep-alive
Vary
Accept-Encoding
integrator.js
adservice.google.com/adsid/ Frame E1DD 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:822::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 30 Dec 2021 13:58:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
empty-vast.xml
v.adsrvr.org/VAST/ Frame 1BF5 		0
0
gen_204
pagead2.googlesyndication.com/pagead/ 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2021120601&jk=2285181733356244&bg=!LC-lL2vNAAZKWFskSlg7ACkAdvg8WkyYTrBpMhLoIA4RssFeTDI62dg0vbSblk2dA8Kp_aw_w1OZFgIAAAIrUgAAAIBoAQcKAE7gcl5iknNrKr2FNQn0a_jUSdrRxP33cdFjePx1WFrqfpM_GKgm0uILC8esmnPpKwB38fRhhhqmsZzhh-9ndAuOgy2mfu_5qFo4D71t_PuZAqlva2VjDlm4mGm8NaqLFxSnM28dZANJyYEexpaWGznopITU9RZGW6PuEDnV4KsMPNmdya_uKahBiGxoZD-iWfAXJkAsBMPYYDtr8XjLAWCdPw1UzM5ONUXbqBznoP2IvqhyErrnTUzGxsnDHB2miySewOy1Fg0CmVRoHzapQLuWxM4kdoEpi8qHTgWAOAp9bIvU-J7Iw2RqbWD3N5bb3n6jtW92i9LQb1TradnRyxFTFdaRZbGM2eBk_Oh10QLMrf7aALKEk8Kk2RbBjJKDXXl5qBVB3-4lMNIvIjYJgnyEUqoyYIzFU6RYyk8WugSU0-4T-28INH48OZeKJwTIYtS931KnCO6N1IoGz9QEEGFz7JHPk0gfqBhdxNPuJSLzbeOkPop4WMZ0IZiGn97PWMGTQ7OHS3-eOKZAtNLgViGNH8XA7j2bYddrOBHWzhVXc099GozbWvBafmEdD0UospnMrqFKnNJvDGXSOHwNz1W5cszBMdsR9egP7dLoS7qxxfsMMmcvVvUqJorLCQV8bOKeGtSVJHub0jWM_5f6rzEhCdJvu8Md-W_EN1RgwgGGJSnmf8NyMXt445_goLH1s_A321FaCK7ZKAH4eOBn1FaVBhMpt5Ykxeevo4yXvX3dCteHm0nPSI85whuR6jYiyRBoamHprTjS-JzgTbLiwoey5Y5CV9NcDzfZOtwQR61XI4TrMOm_q8IdWx7M6HY2TQyhhF5J_r5NQyKOKmLCzcvCTkyuuRkJ4AegniCMzYWeVmlCB7lhlEjstIi9m8wIeukI7fLs-D9EYS_RIlApy9HhXGit1dLOnky6_0aqP0fwn--h1BjBa5lSaecbTG9ClttbKWfuYB3zZTMs_u74g3WP-h52_E-6SGjEYYjyWSodDcLmUIfFVvecgHM
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:24 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
S6u9w4BMUTPHh50XSwiPGQ.woff2
fonts.gstatic.com/s/lato/v20/ 		22 KB
22 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/lato/v20/S6u9w4BMUTPHh50XSwiPGQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Lato:wght@300;400;900&display=swap
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:823::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7d4243c8e973ec0cfc707904891ae4e3efc03dbc8923acb9755f9a35c92269a6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.baltimoresun.com
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Sat, 25 Dec 2021 01:45:19 GMT
x-content-type-options
nosniff
age
475985
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
22572
x-xss-protection
0
last-modified
Tue, 10 Aug 2021 00:18:56 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Sun, 25 Dec 2022 01:45:19 GMT
S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v20/ 		23 KB
23 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/lato/v20/S6uyw4BMUTPHjx4wXg.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Lato:wght@300;400;900&display=swap
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:823::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c3c0d3f472358aac78455515c4800771426770c22698e2486d39fdb5505634e1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.baltimoresun.com
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 29 Dec 2021 04:58:07 GMT
x-content-type-options
nosniff
age
118817
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
23484
x-xss-protection
0
last-modified
Tue, 10 Aug 2021 00:19:01 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 29 Dec 2022 04:58:07 GMT
empty-vast.xml
v.adsrvr.org/VAST/ Frame 1BF5 		27 B
655 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://v.adsrvr.org/VAST/empty-vast.xml
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.225.68.201 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-68-201.ewr53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
4efe845e7dfcf34474889ed984c37c464cea9fd16cd4c56d3501d71949dcbfbf

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 30 Dec 2021 11:47:19 GMT
Via
1.1 2d922ab79d41a826404f05ff416bb98c.cloudfront.net (CloudFront)
Age
7866
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
27
Last-Modified
Mon, 12 Aug 2019 18:16:39 GMT
Server
AmazonS3
ETag
"21c260b4e3bf20cd15e0f10701127ad9"
Vary
Origin
Access-Control-Allow-Methods
HEAD, GET, PUT, POST, DELETE
Content-Type
text/xml
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
ETag, x-amz-meta-custom-header
X-Amz-Cf-Pop
EWR53-C1
Accept-Ranges
bytes
X-Amz-Cf-Id
_Rp-RtVpgFetWBu1d1Xp6nqTnmVOhw6RO3GRe7BnJBXTG1pGp98vZg==
postback
s.srvsynd.com/2/2.43.1/234175/AP4v3tgJBZc63V4i/ 		0
145 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://s.srvsynd.com/2/2.43.1/234175/AP4v3tgJBZc63V4i/postback?ci=234175&dt=2341751597675869250012&di=www.baltimoresun.com&ui=f1a7817fe20f4597938371768ad6be84&ap=undefined&sr=connatix.com&de=2&md=2&pp=780864319626685&ti=x1212214887973369980443275100160&to=3&pv=8266dd6e-3c76-4285-9592-6a0ab89c378d&sid=AP4v3tgJBZc63V4i&oz_sc=d1a5b9c31009128bce120ef1&oz_df=1640872704842&oz_l=35&cv=3
Requested by
Host: s.srvsynd.com
URL: https://s.srvsynd.com/2/2.43.1/main.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
34.226.87.209 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-226-87-209.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.baltimoresun.com/
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
*
Date
Thu, 30 Dec 2021 13:58:24 GMT
Timing-Allow-Origin
*
Content-Length
0
Vary
Origin
/
pubads.g.doubleclick.net/pagead/interaction/ Frame 1BF5 		42 B
66 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pubads.g.doubleclick.net/pagead/interaction/?ai=B54UF_7rNYcCXOsW_pQefgJiYC9Pr4Y9GAAAAEAEg0b23PTgBWI_rxbqDBGDJ3pWM0KTcEbIBFHd3dy5iYWx0aW1vcmVzdW4uY29tugELNDgweDI3MF94bWzIAQXaAXRodHRwczovL3d3dy5iYWx0aW1vcmVzdW4uY29tL2Nvcm9uYXZpcnVzL2JzLW1kLXRydWVjYXJlLXdoaXN0bGVibG93ZXItMjAyMTEyMjktNXNvZjJyeHRudmZwamk0bGtzM3B1bWlxZDQtc3RvcnkuaHRtbJgC4F3AAgLgAgDqAhIvOTIwNTYyODEvNTQwOTg0ODb4AoHSHpADpAOYA9AFqAMB4AQB0gUGENi3os4VkAYBoAYkqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHAOAHH9IIBwiAYRABGB3YCAKACgWYCwGADAHQFQGAFwE&sigh=yRw4Ja91dSs&label=videoplayfailed303&acvw=[VIEWABILITY]&sdkv=h.3.493.0&vci=Ck4IAhIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgRHREZQIAQqCjU4MDEyODY2MTZAjwFSGSUAAPBBOgd1bmtub3duQgd1bmtub3duUAAYAQ..
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.72.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s32-in-f2.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:24 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
securepubads.g.doubleclick.net/gampad/ Frame 60AF 		156 B
145 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?iu=%2F107430338%2FCNXORTEST%2F8566&description_url=https%3A%2F%2Fwww.baltimoresun.com%2Fcoronavirus%2Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&tfcd=0&npa=1&sz=400x300%7C640x480&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=3737428343423551&cust_params=domains%3Dwww.baltimoresun.com&ad_type=video&us_privacy&sdkv=h.3.493.0&osd=2&frm=1&vis=1&sdr=1&hl=en&afvsz=200x200%2C450x50%2C468x60%2C480x70&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&u_so=l&ctv=0&gdpr_consent=tcunavailable&sdki=44d&adk=38908496&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.493.0&sid=AB7EF834-3F30-42EE-B1CA-FFB56AD884F7&nel=1&eid=44750604&top=https%3A%2F%2Fwww.baltimoresun.com%2Fcoronavirus%2Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&url=https%3A%2F%2Fwww.baltimoresun.com%2Fcoronavirus%2Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&loc=about%3Ablank&dlt=1640872699580&idt=2735&dt=1640872704964&cookie=ID%3D1ab9841e9d635743%3AT%3D1640872697%3AS%3DALNI_Ma-Qe6UXEsGDRe5-rBnPwntAlRaoQ&scor=2846585330046199&ged=ve4_td5_tt3_pd5_la5000_er2636.441.2794.747_vi0.0.1200.1600_vp0_eb16491
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.72.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s32-in-f2.1e100.net
Software
cafe /
Resource Hash
8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:25 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
113
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/xml; charset=UTF-8
access-control-allow-origin
https://imasdk.googleapis.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
517106b8-d3c5-4d8c-8bd4-b32a58063047
https://www.baltimoresun.com/ 		773 B
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://www.baltimoresun.com/517106b8-d3c5-4d8c-8bd4-b32a58063047
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e5aaeab37a6a8698e66682cf5576863ba82b78e6bdf486dd90ba40ed00358856

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Length
773
vast
vast.extremereach.io/ Frame 1BF5 		4 KB
4 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://vast.extremereach.io/vast?line_item=15671012&subid1=novpaid&er_pm=ap&er_ar=&er_cp=&er_pt=0&us_privacy=${US_PRIVACY}&gdpr_consent=&gdpr=&ba_cb=1862000317
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:66e7:fb11:ec89:9d10:70e:2fef Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
60a0fab50a32452c2ce934379d8308dcbb19726badef816c4e9b483d54322442

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:25 GMT
p3p
CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
access-control-allow-origin
https://imasdk.googleapis.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-type
application/xml
expires
0
swfobject-2.2.min.js
delivery-cdn-cf.adswizz.com/adswizz/js/ Frame 07D8 		9 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://delivery-cdn-cf.adswizz.com/adswizz/js/swfobject-2.2.min.js
Requested by
Host: synchroscript.deliveryengine.adswizz.com
URL: https://synchroscript.deliveryengine.adswizz.com/www/delivery/afr.php?zoneid=9&aw_0_req.gdpr=false
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.230.162.36 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-54-230-162-36.ewr53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
a18cbdbb0fbb733d7f4cba5d2afd6b2706e3f141c743f491057e5800368cd8e5

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://synchroscript.deliveryengine.adswizz.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 29 Dec 2021 23:05:02 GMT
via
1.1 4e0a12897838fdf8f772b549bbcdb420.cloudfront.net (CloudFront)
last-modified
Wed, 01 Apr 2015 12:24:04 GMT
server
AmazonS3
age
53604
etag
"e6a40488a5f5774d02c06d0787ef01d8"
x-cache
Hit from cloudfront
content-type
application/x-javascript
x-amz-cf-pop
EWR53-C3
accept-ranges
bytes
content-length
9211
x-amz-cf-id
yKLeL2rrYhbvSos0IKmqxrrfCOdhR_K-hg1u6PFrU4LORxb60mDTYA==
lg.php
synchroscript.deliveryengine.adswizz.com/www/delivery/ Frame 07D8 		43 B
345 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://synchroscript.deliveryengine.adswizz.com/www/delivery/lg.php?adData=targeted-publisher-info%3A2%3Bsynchroscript%5Ebilling%3Asynchroscript_A12%3B14%3BUSD%3B0.00000%3Bfalse%5EtraceId%3A8e7225cf-6978-11ec-a0c8-0a84383748e7%5EAS%2Fi%3Asynchroscript%3Bad_id%3A14%3Bzone_id%3A9%3Bview_key%3A1640872704874%3Bduration%3A0%3Baf%3A0.00000%3Btf%3A0.00000%3Bnp%3A0.00000%3Bgp%3A0.00000%3Bc%3AUSD%3Bbaf%3A0.00000%3Bbtf%3A0.00000%3Bbnp%3A0.00000%3Bbgp%3A0.00000%3Bbc%3AUSD%3Bat%3A1%3Bo_id%3A0%3Bc_id%3A4%5Epchain%3A52ded3ee71b94c84%3Asynchroscript&loc=&referer=https%3A%2F%2Fwww.baltimoresun.com%2F&listenerId=938da2495b23f9add6ca968d1acf11bd&sessionId=13d773351c6336dce991f9ee17edea1&ip=%3A%3Affff%3A45.250.25.110&user_agent=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F96.0.4664.93+Safari%2F537.36&us_privacy=null&cbs=521785&aw_0_req.gdpr=false&aw_0_azn.pname=%5B%22Sync+Publisher%22%5D
Requested by
Host: synchroscript.deliveryengine.adswizz.com
URL: https://synchroscript.deliveryengine.adswizz.com/www/delivery/afr.php?zoneid=9&aw_0_req.gdpr=false
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.49.183.91 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-49-183-91.eu-west-1.compute.amazonaws.com
Software
Apache-Coyote/1.1 /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://synchroscript.deliveryengine.adswizz.com/www/delivery/afr.php?zoneid=9&aw_0_req.gdpr=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Thu, 30 Dec 2021 13:58:24 GMT
Instance-id
i-05e1541f501c32aab
Server
Apache-Coyote/1.1
Connection
keep-alive
Content-Length
43
Content-Type
image/gif
async_usersync
ib.adnxs.com/ Frame C403 		0
731 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.160.114 New York, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
672.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 30 Dec 2021 13:58:25 GMT
X-Proxy-Origin
45.250.25.110; 45.250.25.110; 672.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid
628ca212-c5d8-4ef8-8bc2-29567a351756
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
async_usersync
ib.adnxs.com/ Frame 52E5 		0
731 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.160.114 New York, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
672.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 30 Dec 2021 13:58:25 GMT
X-Proxy-Origin
45.250.25.110; 45.250.25.110; 672.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid
1700532a-2481-4da7-ba65-00fec5239c42
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
postback
s.srvsynd.com/2/2.43.1/234175/AP4v3tgJBZc63V4i/ 		0
145 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://s.srvsynd.com/2/2.43.1/234175/AP4v3tgJBZc63V4i/postback?ci=234175&dt=2341751597675869250012&di=www.baltimoresun.com&ui=f1a7817fe20f4597938371768ad6be84&ap=undefined&sr=connatix.com&de=2&md=2&pp=780864319626685&ti=x1212214887973369980443275100160&to=3&pv=8266dd6e-3c76-4285-9592-6a0ab89c378d&sid=AP4v3tgJBZc63V4i&oz_sc=d1a5b9c31009128bce120ef1&oz_df=1640872705029&oz_l=26137&cv=3
Requested by
Host: s.srvsynd.com
URL: https://s.srvsynd.com/2/2.43.1/main.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
34.226.87.209 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-226-87-209.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.baltimoresun.com/
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
*
Date
Thu, 30 Dec 2021 13:58:24 GMT
Timing-Allow-Origin
*
Content-Length
0
Vary
Origin
csi
csi.gstatic.com/ Frame 1BF5 		0
54 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=1~kxt18mt8&c=6009682840159&slotId=3004841420079.5&qqid=COamjpXXi_UCFcVf6QodHwAGsw&gqid=_7rNYYPFN9a1hwf9_YWYDw&fb=ima_html5-lima&sdkv=h.3.493.0&mrd=4&aab=0&itv=1&eee=missing-element&bi=missing-id&ghmsh_eids=44730896%2C44737473%2C44750604&vmfc=3&vhc=0
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4023:c0b::78 Las Vegas, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://imasdk.googleapis.com/
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:25 GMT
last-modified
Wed, 21 Jan 2004 19:51:30 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame 1BF5 		0
25 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuP6laWPLvAN6-wd1vkmaWZqTK3LLLexvivHebfYG2FvxHVFypGzxFYUr6uBBOgmOsvf88KTnmG5Co_V6XHB12OwyMMq9zYrb8K6KG5PNiRjctv9r8TdPDNJkeauFULyOE12JY-l4MeNH8ujYOJVLFyXttfv_NzpRoD-MP8WCK43P9lP6m1IHEkLC2u5JDe_PWlKj1RWQaN0zk0vsa5glWedFfhiYn7a08znaFDeQ3lMFnsEEULbjnhzcDjUd-INZP-Jv7fPGERI_eDCTZVxUu21zGi6bks9bJQ_f5nSvyGRSXRBIn34kOygupTZClR&sig=Cg0ArKJSzMPW81LKqZbDEAE&uach_m=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&sdkv=h.3.493.0&vci=CkEIAhIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgRHREZQIAQqCjU4NDM4MzMxMTIyDDEzODM2OTEyNTY3M0CPAQqiAQgBEhR2YXN0LmV4dHJlbWVyZWFjaC5pbxoXRXh0cmVtZSBSZWFjaCBBZCBTZXJ2ZXIgAiosZXh0cmVtZXJlYWNoX2FkXzE1NjcxMDEyXzExODMxNzIzXzI0MjY5NDkwXzAyHmV4dHJlbWVyZWFjaF9jcmVhdGl2ZV8yNDI2OTQ5MEA9Uh0QDyUAAPBBKAE6B3Vua25vd25CB3Vua25vd25QABgB&adurl=
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.72.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s32-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 30 Dec 2021 13:58:25 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
ajs.php
synchroscript.deliveryengine.adswizz.com/www/delivery/ Frame 07D8 		1 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://synchroscript.deliveryengine.adswizz.com/www/delivery/ajs.php?zoneid=8&withtext=1&isDisableLogImpression=1&listenerId=938da2495b23f9add6ca968d1acf11bd&cb=12101809881&charset=UTF-8&loc=https%3A//synchroscript.deliveryengine.adswizz.com/www/delivery/afr.php%3Fzoneid%3D9%26aw_0_req.gdpr%3Dfalse&referer=https%3A//www.baltimoresun.com/
Requested by
Host: synchroscript.deliveryengine.adswizz.com
URL: https://synchroscript.deliveryengine.adswizz.com/www/delivery/afr.php?zoneid=9&aw_0_req.gdpr=false
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.49.183.91 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-49-183-91.eu-west-1.compute.amazonaws.com
Software
Apache-Coyote/1.1 /
Resource Hash
9f4f0a485be04d23af8ec30b93e20aea60d815a1331a21d2de4086b6ed9c5fe9

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://synchroscript.deliveryengine.adswizz.com/www/delivery/afr.php?zoneid=9&aw_0_req.gdpr=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 30 Dec 2021 13:58:24 GMT
Accept-Charset
utf-8
Server
Apache-Coyote/1.1
X-Adswizz-request-id
8e9dc8e0-6978-11ec-8398-0aa5690cbac5
P3P
policyref="synchroscript.adswizz.com/docs/adswizz_adserver.htm", CP="CUR OUR NAV INT IND"
Access-Control-Allow-Origin
*
Instance-id
i-0ff7e63648cdfc725
Connection
keep-alive
X-Clacks-Overhead
GNU Terry Pratchett
Content-Type
application/x-javascript;charset=UTF-8
Content-Length
1533
X-Application-Context
application:production
csi
csi.gstatic.com/ Frame FCD2 		0
327 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=1~kxt18kxy&c=6009682840159&slotId=3004841420079.5&eee=missing-element&bi=missing-id
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4023:c0b::78 Las Vegas, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.baltimoresun.com/
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:25 GMT
last-modified
Wed, 21 Jan 2004 19:51:30 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
cb9b3512-3678-4600-abfa-7e2214a1acb3.mp4
cdn1.extremereach.io/media/107116/171169/1b1fde03-3a01-4761-8210-07dc1e9b2bfe/ Frame FCD2 		3 MB
3 MB 		Media
General
Check archive.org
Download Go to
Full URL
https://cdn1.extremereach.io/media/107116/171169/1b1fde03-3a01-4761-8210-07dc1e9b2bfe/cb9b3512-3678-4600-abfa-7e2214a1acb3.mp4?line_item=15671012&cid=221992&e=e.mp4
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:210b:200:1d:e9ba:f480:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
878df354e0cf3ba3f58f505e99d33053be6f107bd16b2d7834a6a41e34229a56

Request headers

Referer
https://www.baltimoresun.com/
Accept-Encoding
identity;q=1, *;q=0
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Range
bytes=0-

Response headers

x-amz-version-id
null
via
1.1 dfbeb92e774306364b3bad2c0151cd7e.cloudfront.net (CloudFront)
etag
"24523b44a6ccf43c751562f846dedb94"
age
37831
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-storage-class
STANDARD_IA
Content-Length
3390884
Content-Range
bytes 0-3390883/3390884
last-modified
Mon, 19 Jul 2021 23:59:02 GMT
server
AmazonS3
date
Thu, 30 Dec 2021 09:48:14 GMT
content-type
video/mp4
x-amz-cf-pop
EWR53-C3
accept-ranges
bytes
x-amz-cf-id
d3b_pDrhUCUDcWE18yetAD5MDmMWyUWt9kz0kPJqom9fxWtDI9-4AA==
event.png
tpsc-nyc.doubleverify.com/ Frame B9AD 		0
281 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://tpsc-nyc.doubleverify.com/event.png?impid=8a2c5f08dfc64973914014fc5f5902e0&gdpr=&gdpr_consent=&dvp_gdpr_Error=3&dvp_gdv2_Error=3&dvp_t1stMsgD=64&vdur=99&eoid=9&msrjs=1953&nav_pltfrm=Linux%20x86_64&dvp_ac_version=0511&dvp_acibv=&bsigr=2176&sdf=2&vit=2&isvelg=1&tltms=19&tetms=10&msltms=30&vltms=99&sei=290&vetms=34&engms=1&engisel=1&ttfurm=2138&cbust=1640872705130807
Requested by
Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements1953.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
204.154.110.88 , United States, ASN36062 (DOUBLE-VERIFY, US),
Reverse DNS
nycp-phlb118.doubleverify.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com/
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin
https://76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com
Pragma
no-cache
Date
Thu, 30 Dec 2021 13:58:25 GMT
Cache-Control
max-age=0
Access-Control-Allow-Credentials
true
Expires
12/29/2021 13:58:25
event.png
tpsc-nyc.doubleverify.com/ Frame AD86 		0
281 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://tpsc-nyc.doubleverify.com/event.png?impid=9f183a764c2f4219b774735c3f0f7e61&gdpr=&gdpr_consent=&dvp_gdpr_Error=3&dvp_gdv2_Error=3&dvp_t1stMsgB=233&vdur=257&eoid=9&msrjs=1953&nav_pltfrm=Linux%20x86_64&dvp_ac_version=0511&dvp_acibv=&bsigr=2176&sdf=2&vit=2&isvelg=1&tltms=19&tetms=9&msltms=33&vltms=257&sei=289&vetms=40&engms=1&engisel=1&ttfurm=2338&cbust=1640872705136691
Requested by
Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements1953.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
204.154.110.88 , United States, ASN36062 (DOUBLE-VERIFY, US),
Reverse DNS
nycp-phlb118.doubleverify.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com/
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin
https://76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com
Pragma
no-cache
Date
Thu, 30 Dec 2021 13:58:25 GMT
Cache-Control
max-age=0
Access-Control-Allow-Credentials
true
Expires
12/29/2021 13:58:25
st
imprnjmp.taboola.com/ Frame 3222 		8 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://imprnjmp.taboola.com/st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=8016157&crid=5318825&dast=V7upYCFgM4AJf1LkDriwQ4AJf1LkDriwUAAAAGBvQHHEWYzDYb0oxBY00Wg81sN1pMZrvNYjdbDIbAUYTJbLMhzRg01mQx2Mx2m8VmthpuZpvBbAofxnKZDGqBxGX2-94Ky-npMbvcoqPrbfH8G5QOG-jQdDp8rnu97ve7Sxxm09Ptt7w8r7td43f7NX7L3-6wPS2vz1_ieatNbtHl9fI4LC-37uj0nM4ui9nve1neksFksZhMlmvV5m-zTI6nu-1muDpNY6_nM3i9nY6Taa05_S3Pu9D0NtsBAAAA4AEgCiUV4gcQACACAAAAQAIAAACAIqDi30LgAgAAAAADoCCrTgNgnINh_Gaz0-65Pc1mlz8AAB4UQAAABDBIAATKB0sAPHDeTwAAAAAAAAAAWP7___9jAPSiOmQAPrzSegAefAAeiAjsihgBAAAAtOhnuB1N6oTKogoAgCDdCuAKACDAb0E0bzUMAABAQExNsy7m113rcGyBHha_3-ywa_xulwEAAAAAAAAAmP2f_aMJaQg_pgnP1g-r_QICAKz9AgIAsKkbAMCbAFzINaDpdPhc93rRXeP3i86AFrPhYLU6AtpsBrMDAAAAuPv____HU9Osi_l11zrUAzGLyTBcTlYew8I0m3hcE89ysbCsJrPVcDazGAbb6-dK3o7SHvXsCxGX2e97Kyynp8fscouOrrfF829QOgTxQcOwnAyC-U3YYrSaTDbL4Wy5mAyGo-FotD-BnA1wIgbL5WSymOxWo9VoM9yNZoMFCsRgghQtGkxWo9FkMRmuRpPVbLnY7TZI0arVbLQZDFezyWy3Ww0Hw-VohBO2GK0mk81yOFsuJoPhaDgaDRGmTB6XZWExrWWelW8t2m0Ma-HKuFvLbCPLYDTx2CazzVr0-piOG99osFtZ8WA-Lue-duGiYADcXgQX6UR0eVpcd5fJ6XOaHma3xGE2Pd1-y8vzulvEEs3JIp3ILvuaxWQYLicrj2Fhmk08rolnuVhYVpPZajibWQyDfcvkcVkWFtNa5ln51qLdxrAWroy7tcw2sgxGE49tMtusRa-P6bjxjQa7lb8xGw2Gu8lusNk3ZqPBcDfZDTb7Do_vqHz-zh2VcnmaPDsz80HhMti806JF2jocfUaVMylxrf7O6XNi9VksXoPCc_CYDsKX5bS6Waezic57MCpiieB0kU5EL-PpIpZInhbpRLiy2Eye2Wq3GQwXo-FisFhZXDbLYDjcrBwmj2silihNF-lEr_Fb_naH7Wl5ff4Sz1ttcosur5fHYXm5dUen53R2Wcx-38vylgwmi8VkslyrNn-bZXI83W03w9VpGns9n8Hr7XScTGvN6W953oWmt9mi_mMDreaS1WAuWc0Vi8EqAQAAAAAAAAAsYcq8CQAAAMBpEMPlcLJbLsBDmYsuMAgAAAAAAMCuQ2h6LncUv0Zx48cbdHlaXHeXyelzmh5mt8RhNj3dfsvL87pbGeChjIV5s2eCWKvVsgYAABjABgAACODWzVsgySQH!&cmcv=&pix=undefined&cb=1640872705145&uv=3093&tms=1640872705145&abt=adh5c-1_vA!ftp1_vB!iiqd1_vB!iiqd2_vB!iiqd5_vB!rv1adimptmot1_vD!scec9_vB!t45!t45!ufm_vC&ru=https://t.co/&ft=0&su=2&unm=FEED_MANAGER&aure=false&agl=1&cirid=E0263C4FAF521036741267317610&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1
Requested by
Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/lite-unit/3.5.9/UnitFeedManagerDesktop.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
98154da53a312b4d3693fb0602045dbe38cb80892777d6777ccbad1f34462531

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/

Response headers

server
nginx
content-type
text/html;charset=ISO-8859-1
content-encoding
gzip
accept-ranges
bytes
date
Thu, 30 Dec 2021 13:58:25 GMT
via
1.1 varnish
x-served-by
cache-dca17780-DCA
x-cache
MISS
x-cache-hits
0
x-timer
S1640872705.163978,VS0,VE10
vary
Accept-Encoding
sync
us-match.taboola.com/ Frame C902 		8 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://us-match.taboola.com/sync?dast=V7upYCFgM4AJf1LkDriwQ4AJf1LkDriwUAAAAGBvQHHEWYzDYb0oxBY00Wg81sN1pMZrvNYjdbDIbAUYTJbLMhzRg01mQx2Mx2m8VmthpuZpvBbAofxnKZDGqBxGX2-94Ky-npMbvcoqPrbfH8G5QOG-jQdDp8rnu97ve7Sxxm09Ptt7w8r7td43f7NX7L3-6wPS2vz1_ieatNbtHl9fI4LC-37uj0nM4ui9nve1neksFksZhMlmvV5m-zTI6nu-1muDpNY6_nM3i9nY6Taa05_S3Pu9D0NtsBAAAA4AEgCiUV4gcQACACAAAAQAIAAACAIqDi30LgAgAAAAADoCCrTgNgnINh_Gaz0-65Pc1mlz8AAB4UQAAABDBIAATKB0sAPHDeTwAAAAAAAAAAWP7___9jAPSiOmQAPrzSegAefAAeiAjsihgBAAAAtOhnuB1N6oTKogoAgCDdCuAKACDAb0E0bzUMAABAQExNsy7m113rcGyBHha_3-ywa_xulwEAAAAAAAAAmP2f_aMJaQg_pgnP1g-r_QICAKz9AgIAsKkbAMCbAFzINaDpdPhc93rRXeP3i86AFrPhYLU6AtpsBrMDAAAAuPv____HU9Osi_l11zrUAzGLyTBcTlYew8I0m3hcE89ysbCsJrPVcDazGAbb6-dK3o7SHvXsCxGX2e97Kyynp8fscouOrrfF829QOgTxQcOwnAyC-U3YYrSaTDbL4Wy5mAyGo-FotD-BnA1wIgbL5WSymOxWo9VoM9yNZoMFCsRgghQtGkxWo9FkMRmuRpPVbLnY7TZI0arVbLQZDFezyWy3Ww0Hw-VohBO2GK0mk81yOFsuJoPhaDgaDRGmTB6XZWExrWWelW8t2m0Ma-HKuFvLbCPLYDTx2CazzVr0-piOG99osFtZ8WA-Lue-duGiYADcXgQX6UR0eVpcd5fJ6XOaHma3xGE2Pd1-y8vzulvEEs3JIp3ILvuaxWQYLicrj2Fhmk08rolnuVhYVpPZajibWQyDfcvkcVkWFtNa5ln51qLdxrAWroy7tcw2sgxGE49tMtusRa-P6bjxjQa7lb8xGw2Gu8lusNk3ZqPBcDfZDTb7Do_vqHz-zh2VcnmaPDsz80HhMti806JF2jocfUaVMylxrf7O6XNi9VksXoPCc_CYDsKX5bS6Waezic57MCpiieB0kU5EL-PpIpZInhbpRLiy2Eye2Wq3GQwXo-FisFhZXDbLYDjcrBwmj2silihNF-lEr_Fb_naH7Wl5ff4Sz1ttcosur5fHYXm5dUen53R2Wcx-38vylgwmi8VkslyrNn-bZXI83W03w9VpGns9n8Hr7XScTGvN6W953oWmt9mi_mMDreaS1WAuWc0Vi8EqAQAAAAAAAAAsYcq8CQAAAMBpEMPlcLJbLsBDmYsuMAgAAAAAAMCuQ2h6LncUv0Zx48cbdHlaXHeXyelzmh5mt8RhNj3dfsvL87pbGeChjIV5s2eCWKvVsgYAABjABgAACODWzVsgySQH!&excid=22&docw=0&cijs=1&nlb=true
Requested by
Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/lite-unit/3.5.9/UnitFeedManagerDesktop.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
141.226.224.48 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
a8581464ccfec805d81acc0f2b30399314095b968bead403f26b1e285553d34b

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/

Response headers

server
nginx
date
Thu, 30 Dec 2021 13:58:25 GMT
content-type
text/html;charset=ISO-8859-1
machineid
3103
st
us-vid-events.taboola.com/ 		0
43 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-vid-events.taboola.com/st?cijs=convusmp&ttype=45&cisd=convusmp&cipid=8016157&crid=5318825&dast=V7upYCFgM4AJf1LkDriwQ4AJf1LkDriwUAAAAGBvQHHEWYzDYb0oxBY00Wg81sN1pMZrvNYjdbDIbAUYTJbLMhzRg01mQx2Mx2m8VmthpuZpvBbAofxnKZDGqBxGX2-94Ky-npMbvcoqPrbfH8G5QOG-jQdDp8rnu97ve7Sxxm09Ptt7w8r7td43f7NX7L3-6wPS2vz1_ieatNbtHl9fI4LC-37uj0nM4ui9nve1neksFksZhMlmvV5m-zTI6nu-1muDpNY6_nM3i9nY6Taa05_S3Pu9D0NtsBAAAA4AEgCiUV4gcQACACAAAAQAIAAACAIqDi30LgAgAAAAADoCCrTgNgnINh_Gaz0-65Pc1mlz8AAB4UQAAABDBIAATKB0sAPHDeTwAAAAAAAAAAWP7___9jAPSiOmQAPrzSegAefAAeiAjsihgBAAAAtOhnuB1N6oTKogoAgCDdCuAKACDAb0E0bzUMAABAQExNsy7m113rcGyBHha_3-ywa_xulwEAAAAAAAAAmP2f_aMJaQg_pgnP1g-r_QICAKz9AgIAsKkbAMCbAFzINaDpdPhc93rRXeP3i86AFrPhYLU6AtpsBrMDAAAAuPv____HU9Osi_l11zrUAzGLyTBcTlYew8I0m3hcE89ysbCsJrPVcDazGAbb6-dK3o7SHvXsCxGX2e97Kyynp8fscouOrrfF829QOgTxQcOwnAyC-U3YYrSaTDbL4Wy5mAyGo-FotD-BnA1wIgbL5WSymOxWo9VoM9yNZoMFCsRgghQtGkxWo9FkMRmuRpPVbLnY7TZI0arVbLQZDFezyWy3Ww0Hw-VohBO2GK0mk81yOFsuJoPhaDgaDRGmTB6XZWExrWWelW8t2m0Ma-HKuFvLbCPLYDTx2CazzVr0-piOG99osFtZ8WA-Lue-duGiYADcXgQX6UR0eVpcd5fJ6XOaHma3xGE2Pd1-y8vzulvEEs3JIp3ILvuaxWQYLicrj2Fhmk08rolnuVhYVpPZajibWQyDfcvkcVkWFtNa5ln51qLdxrAWroy7tcw2sgxGE49tMtusRa-P6bjxjQa7lb8xGw2Gu8lusNk3ZqPBcDfZDTb7Do_vqHz-zh2VcnmaPDsz80HhMti806JF2jocfUaVMylxrf7O6XNi9VksXoPCc_CYDsKX5bS6Waezic57MCpiieB0kU5EL-PpIpZInhbpRLiy2Eye2Wq3GQwXo-FisFhZXDbLYDjcrBwmj2silihNF-lEr_Fb_naH7Wl5ff4Sz1ttcosur5fHYXm5dUen53R2Wcx-38vylgwmi8VkslyrNn-bZXI83W03w9VpGns9n8Hr7XScTGvN6W953oWmt9mi_mMDreaS1WAuWc0Vi8EqAQAAAAAAAAAsYcq8CQAAAMBpEMPlcLJbLsBDmYsuMAgAAAAAAMCuQ2h6LncUv0Zx48cbdHlaXHeXyelzmh5mt8RhNj3dfsvL87pbGeChjIV5s2eCWKvVsgYAABjABgAACODWzVsgySQH!&cmcv=&pix=31589837&cb=1640872705145&uv=3093&tms=1640872705145&abt=adh5c-1_vA!ftp1_vB!iiqd1_vB!iiqd2_vB!iiqd5_vB!rv1adimptmot1_vD!scec9_vB!t45!t45!ufm_vC&ru=https://t.co/&ft=0&su=2&unm=FEED_MANAGER&debug=pn:!sqg:!torgn:1640872696439.5!ts:1640872705144&mntl=1
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
141.226.224.48 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:25 GMT
content-length
0
server
nginx
postback
s.srvsynd.com/2/2.43.1/234175/AP4v3tgJBZc63V4i/ 		0
145 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://s.srvsynd.com/2/2.43.1/234175/AP4v3tgJBZc63V4i/postback?ci=234175&dt=2341751597675869250012&di=www.baltimoresun.com&ui=f1a7817fe20f4597938371768ad6be84&ap=undefined&sr=connatix.com&de=2&md=2&pp=780864319626685&ti=x1212214887973369980443275100160&to=3&pv=8266dd6e-3c76-4285-9592-6a0ab89c378d&sid=AP4v3tgJBZc63V4i&oz_sc=d1a5b9c31009128bce120ef1&oz_df=1640872705181&oz_l=1121&cv=3
Requested by
Host: s.srvsynd.com
URL: https://s.srvsynd.com/2/2.43.1/main.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
34.226.87.209 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-226-87-209.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.baltimoresun.com/
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
*
Date
Thu, 30 Dec 2021 13:58:25 GMT
Timing-Allow-Origin
*
Content-Length
0
Vary
Origin
/
trc.taboola.com/sg/thetradedesk-network/1/rtb-h/ Frame 2029
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?gdpr=0&ttd_pid=054f32o&us_privacy=1---&ttd_tpi=1
  • https://trc.taboola.com/sg/thetradedesk-network/1/rtb-h/?taboola_hm=e0abe75f-a4ea-4fff-b6a5-5da8b250c6e4
0
178 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://trc.taboola.com/sg/thetradedesk-network/1/rtb-h/?taboola_hm=e0abe75f-a4ea-4fff-b6a5-5da8b250c6e4
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Server
151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://imprnjmp.taboola.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-vcl-time-ms
8
date
Thu, 30 Dec 2021 13:58:25 GMT
via
1.1 varnish
server
nginx
x-timer
S1640872705.240310,VS0,VE8
x-cache
MISS
x-cache-hits
0
accept-ranges
bytes
content-length
0
x-served-by
cache-dca17780-DCA

Redirect headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:25 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://trc.taboola.com/sg/thetradedesk-network/1/rtb-h/?taboola_hm=e0abe75f-a4ea-4fff-b6a5-5da8b250c6e4
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
239
sync
taboola-supply-partners.tremorhub.com/ Frame 2029 		43 B
183 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://taboola-supply-partners.tremorhub.com/sync?UISTB=%3CtaboolaUserId%3E&gdpr=0&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Ftelaria-rtb-network%2F1%2Frtb-h%2F%3Fgdpr%3D0%26us_privacy%3D1---%26taboola_hm%3D%5BTVUSER_ID%5D%26orig%3Dvideo
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:612b:4232:542e:84b1:1361:c28e Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
Apache-Coyote/1.1 /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://imprnjmp.taboola.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:25 GMT
server
Apache-Coyote/1.1
p3p
CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
content-type
image/gif
rtb-h
sync-t1.taboola.com/sg/spotx-rtb-network/1/ Frame 2029
Redirect Chain
  • https://sync.search.spotxchange.com/partner?gdpr=0&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3D...
  • https://sync-t1.taboola.com/sg/spotx-rtb-network/1/rtb-h?taboola_hm=8c0ce14d-6978-11ec-90a6-12f84cd00503&orig=video&us_privacy=1---gdpr=0&
0
229 B 		Script
General
Check archive.org
Download Go to
Full URL
https://sync-t1.taboola.com/sg/spotx-rtb-network/1/rtb-h?taboola_hm=8c0ce14d-6978-11ec-90a6-12f84cd00503&orig=video&us_privacy=1---gdpr=0&
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Server
141.226.224.48 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://imprnjmp.taboola.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:25 GMT
access-control-allow-credentials
true
server
nginx
x-fastly-to-nlb-rtt
9929

Redirect headers

Date
Thu, 30 Dec 2021 13:58:25 GMT
Server
nginx
Location
https://sync-t1.taboola.com/sg/spotx-rtb-network/1/rtb-h?taboola_hm=8c0ce14d-6978-11ec-90a6-12f84cd00503&orig=video&us_privacy=1---gdpr=0&
Access-Control-Allow-Methods
GET, POST, OPTIONS
Content-Type
text/plain
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials
false
X-fe
395
Connection
keep-alive
Content-Length
0
rtb-h
sync-t1.taboola.com/sg/bidswitch-network/1/ Frame 2029
Redirect Chain
  • https://x.bidswitch.net/sync?gdpr=0&us_privacy=1---&ssp=taboola
  • https://inv-nets.admixer.net/adxcm.aspx?ssp=D41B0D84-4DB7-4D9C-81CC-3A497DB5D0A6&rurl=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D354%26user_id%3D%24%24visitor_cookie%24%24%26ssp%3Dtaboola%26bsw_param%...
  • https://x.bidswitch.net/sync?dsp_id=354&user_id=a5dabb708b24436a802a9a0ca6b4a427&ssp=taboola&bsw_param=84efc425-6b61-4040-bd22-124692c6664b&gdpr=0&consent=&gdpr_pd=&expires=7
  • https://sync-t1.taboola.com/sg/bidswitch-network/1/rtb-h?taboola_hm=84efc425-6b61-4040-bd22-124692c6664b
0
229 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync-t1.taboola.com/sg/bidswitch-network/1/rtb-h?taboola_hm=84efc425-6b61-4040-bd22-124692c6664b
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Server
141.226.224.48 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://imprnjmp.taboola.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:25 GMT
access-control-allow-credentials
true
server
nginx
x-fastly-to-nlb-rtt
9114

Redirect headers

Location
//sync-t1.taboola.com/sg/bidswitch-network/1/rtb-h?taboola_hm=84efc425-6b61-4040-bd22-124692c6664b
Date
Thu, 30 Dec 2021 13:58:25 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
0
/
loadm.exelator.com/load/ Frame 07D8 		0
751 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://loadm.exelator.com/load/?p=204&g=1050&j=0&buid=938da2495b23f9add6ca968d1acf11bd
Requested by
Host: synchroscript.deliveryengine.adswizz.com
URL: https://synchroscript.deliveryengine.adswizz.com/www/delivery/afr.php?zoneid=9&aw_0_req.gdpr=false
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.229.3.43 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-229-3-43.compute-1.amazonaws.com
Software
nginx / Undertow/1
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://synchroscript.deliveryengine.adswizz.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:25 GMT
cache-control
no-cache
access-control-allow-credentials
true
server
nginx
x-powered-by
Undertow/1
p3p
policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
lg.php
synchroscript.deliveryengine.adswizz.com/www/delivery/ Frame 07D8 		43 B
346 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://synchroscript.deliveryengine.adswizz.com/www/delivery/lg.php?adData=targeted-publisher-info%3A2%3Bsynchroscript%5Ebilling%3Asynchroscript_A12%3B20%3BUSD%3B0.00000%3Bfalse%5EtraceId%3A8e9dc9d3-6978-11ec-9480-0aa5690cbac5%5EAS%2Fi%3Asynchroscript%3Bad_id%3A20%3Bzone_id%3A8%3Bview_key%3A1640872705149%3Bduration%3A0%3Baf%3A0.00000%3Btf%3A0.00000%3Bnp%3A0.00000%3Bgp%3A0.00000%3Bc%3AUSD%3Bbaf%3A0.00000%3Bbtf%3A0.00000%3Bbnp%3A0.00000%3Bbgp%3A0.00000%3Bbc%3AUSD%3Bat%3A1%3Bo_id%3A0%3Bc_id%3A9%5Epchain%3A52ded3ee71b94c84%3Asynchroscript&loc=https%3A%2F%2Fsynchroscript.deliveryengine.adswizz.com%2Fwww%2Fdelivery%2Fafr.php%3Fzoneid%3D9%26aw_0_req.gdpr%3Dfalse&listenerId=938da2495b23f9add6ca968d1acf11bd&sessionId=1d5fc7ccfb6e4e7d1b44a38c48a1bc84&ip=%3A%3Affff%3A45.250.25.110&user_agent=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F96.0.4664.93+Safari%2F537.36&us_privacy=null&cbs=183103&isDisableLogImpression=1&charset=UTF-8&loc=https://synchroscript.deliveryengine.adswizz.com/www/delivery/afr.php?zoneid=9&aw_0_req.gdpr=false&withtext=1
Requested by
Host: synchroscript.deliveryengine.adswizz.com
URL: https://synchroscript.deliveryengine.adswizz.com/www/delivery/afr.php?zoneid=9&aw_0_req.gdpr=false
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.49.183.91 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-49-183-91.eu-west-1.compute.amazonaws.com
Software
Apache-Coyote/1.1 /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://synchroscript.deliveryengine.adswizz.com/www/delivery/afr.php?zoneid=9&aw_0_req.gdpr=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Thu, 30 Dec 2021 13:58:25 GMT
Instance-id
i-083cfe92562148616
Server
Apache-Coyote/1.1
Connection
keep-alive
Content-Length
43
Content-Type
image/gif
ajs.php
synchroscript.deliveryengine.adswizz.com/www/delivery/ Frame 07D8 		1 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://synchroscript.deliveryengine.adswizz.com/www/delivery/ajs.php?zoneid=8&withtext=1&cb=83937612869&charset=UTF-8&loc=https%3A//synchroscript.deliveryengine.adswizz.com/www/delivery/afr.php%3Fzoneid%3D9%26aw_0_req.gdpr%3Dfalse&referer=https%3A//www.baltimoresun.com/
Requested by
Host: synchroscript.deliveryengine.adswizz.com
URL: https://synchroscript.deliveryengine.adswizz.com/www/delivery/afr.php?zoneid=9&aw_0_req.gdpr=false
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.49.183.91 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-49-183-91.eu-west-1.compute.amazonaws.com
Software
Apache-Coyote/1.1 /
Resource Hash
a5993eea6d5c8a2028c3b4fbc30205d88e4d1d854310ebb1e4f74b618d79c3a1

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://synchroscript.deliveryengine.adswizz.com/www/delivery/afr.php?zoneid=9&aw_0_req.gdpr=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 30 Dec 2021 13:58:25 GMT
Accept-Charset
utf-8
Server
Apache-Coyote/1.1
X-Adswizz-request-id
8eb68100-6978-11ec-8e0c-0a4a85d04a0f
P3P
policyref="synchroscript.adswizz.com/docs/adswizz_adserver.htm", CP="CUR OUR NAV INT IND"
Access-Control-Allow-Origin
*
Instance-id
i-0049b79c258bdd9c4
Connection
keep-alive
X-Clacks-Overhead
GNU Terry Pratchett
Content-Type
application/x-javascript;charset=UTF-8
Content-Length
1448
X-Application-Context
application:production
sync
taboola-supply-partners.tremorhub.com/ Frame D0D8 		43 B
182 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://taboola-supply-partners.tremorhub.com/sync?UISTB=%3CtaboolaUserId%3E&gdpr=0&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Ftelaria-rtb-network%2F1%2Frtb-h%2F%3Fgdpr%3D0%26us_privacy%3D1---%26taboola_hm%3D%5BTVUSER_ID%5D%26orig%3Dvideo
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:612b:4232:542e:84b1:1361:c28e Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
Apache-Coyote/1.1 /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://us-match.taboola.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:25 GMT
server
Apache-Coyote/1.1
p3p
CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
content-type
image/gif
/
trc.taboola.com/sg/thetradedesk-network/1/rtb-h/ Frame D0D8
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?gdpr=0&ttd_pid=054f32o&us_privacy=1---&ttd_tpi=1
  • https://trc.taboola.com/sg/thetradedesk-network/1/rtb-h/?taboola_hm=e0abe75f-a4ea-4fff-b6a5-5da8b250c6e4
0
54 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://trc.taboola.com/sg/thetradedesk-network/1/rtb-h/?taboola_hm=e0abe75f-a4ea-4fff-b6a5-5da8b250c6e4
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Server
151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://us-match.taboola.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-vcl-time-ms
9
date
Thu, 30 Dec 2021 13:58:25 GMT
via
1.1 varnish
server
nginx
x-timer
S1640872706.534964,VS0,VE9
x-cache
MISS
x-cache-hits
0
accept-ranges
bytes
content-length
0
x-served-by
cache-dca17780-DCA

Redirect headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:25 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://trc.taboola.com/sg/thetradedesk-network/1/rtb-h/?taboola_hm=e0abe75f-a4ea-4fff-b6a5-5da8b250c6e4
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
239
rtb-h
sync-t1.taboola.com/sg/spotx-rtb-network/1/ Frame D0D8
Redirect Chain
  • https://sync.search.spotxchange.com/partner?gdpr=0&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3D...
  • https://sync-t1.taboola.com/sg/spotx-rtb-network/1/rtb-h?taboola_hm=8c0ce14d-6978-11ec-90a6-12f84cd00503&orig=video&us_privacy=1---gdpr=0&
0
229 B 		Script
General
Check archive.org
Download Go to
Full URL
https://sync-t1.taboola.com/sg/spotx-rtb-network/1/rtb-h?taboola_hm=8c0ce14d-6978-11ec-90a6-12f84cd00503&orig=video&us_privacy=1---gdpr=0&
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Server
141.226.224.48 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://us-match.taboola.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:25 GMT
access-control-allow-credentials
true
server
nginx
x-fastly-to-nlb-rtt
9492

Redirect headers

Date
Thu, 30 Dec 2021 13:58:25 GMT
Server
nginx
Location
https://sync-t1.taboola.com/sg/spotx-rtb-network/1/rtb-h?taboola_hm=8c0ce14d-6978-11ec-90a6-12f84cd00503&orig=video&us_privacy=1---gdpr=0&
Access-Control-Allow-Methods
GET, POST, OPTIONS
Content-Type
text/plain
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials
false
X-fe
333
Connection
keep-alive
Content-Length
0
rtb-h
sync-t1.taboola.com/sg/bidswitch-network/1/ Frame D0D8
Redirect Chain
  • https://x.bidswitch.net/sync?gdpr=0&us_privacy=1---&ssp=taboola
  • https://event.clientgear.com/cookie/bidswitch?partner=bidswitch&bidswitch_ssp_id=taboola&bsw_custom_parameter=84efc425-6b61-4040-bd22-124692c6664b
  • https://x.bidswitch.net/sync?dsp_id=257&user_id=mk441c9ae4-4e00-4b3f-8579-89c4bf39aa31&expires=7&user_group=5&ssp=taboola&bsw_param=84efc425-6b61-4040-bd22-124692c6664b
  • https://sync-t1.taboola.com/sg/bidswitch-network/1/rtb-h?taboola_hm=84efc425-6b61-4040-bd22-124692c6664b
0
230 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync-t1.taboola.com/sg/bidswitch-network/1/rtb-h?taboola_hm=84efc425-6b61-4040-bd22-124692c6664b
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Server
141.226.224.48 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://us-match.taboola.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:25 GMT
access-control-allow-credentials
true
server
nginx
x-fastly-to-nlb-rtt
13919

Redirect headers

Location
//sync-t1.taboola.com/sg/bidswitch-network/1/rtb-h?taboola_hm=84efc425-6b61-4040-bd22-124692c6664b
Date
Thu, 30 Dec 2021 13:58:25 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
0
/
pubads.g.doubleclick.net/pagead/interaction/ Frame 1BF5 		42 B
66 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pubads.g.doubleclick.net/pagead/interaction/?ai=Bj4Jt_7rNYcGXOsW_pQefgJiYC6nMyo9GAAAAEAEg0b23PTgBWKmaxbuDBGDJ3pWM0KTcEbIBFHd3dy5iYWx0aW1vcmVzdW4uY29tugELNDgweDI3MF94bWzIAQXaAXRodHRwczovL3d3dy5iYWx0aW1vcmVzdW4uY29tL2Nvcm9uYXZpcnVzL2JzLW1kLXRydWVjYXJlLXdoaXN0bGVibG93ZXItMjAyMTEyMjktNXNvZjJyeHRudmZwamk0bGtzM3B1bWlxZDQtc3RvcnkuaHRtbJgC2DbAAgLgAgDqAhIvOTIwNTYyODEvNTQwOTg0ODb4AoHSHpADpAOYA9AFqAMB4AQB0gUGEJiix-IVkAYBoAYkqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHAOAHH9IIBwiAYRABGB3YCAKACgWYCwGADAHQFQGAFwE&sigh=xfSTSXnlQgY&label=video_ad_loaded&acvw=&sdkv=h.3.493.0&vci=CkEIAhIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgRHREZQIAQqCjU4NDM4MzMxMTIyDDEzODM2OTEyNTY3M0CPAQqlAQgBEhR2YXN0LmV4dHJlbWVyZWFjaC5pbxoXRXh0cmVtZSBSZWFjaCBBZCBTZXJ2ZXIgAiosZXh0cmVtZXJlYWNoX2FkXzE1NjcxMDEyXzExODMxNzIzXzI0MjY5NDkwXzAyHmV4dHJlbWVyZWFjaF9jcmVhdGl2ZV8yNDI2OTQ5MEA9UiAQDyUAAPBBKAE6B3Vua25vd25CB3Vua25vd25I2gFQABgB
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.72.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s32-in-f2.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:25 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame 1BF5 		0
25 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvwU_mzc5cg24B27hblktpRatLm-SMpWxQRLBKwF8Ae_-iW8igSN3gd-RLml2SoDkGkF6vtvoS4565lGFqSJrr6jH6Gf_7QWTn-quxu2ZmDah9TBYGsIPGd0iNalmPrh1UH5-3HIpS3XgE5zRvVTQ1Pn0L7LQWe12r2goVyhYyooe1I3NrYPuaPbGUhLXNiFROaNzeCtNvXcmIthJJIVFelUcerAbIciDA6TdvakfXfOEHUp3liTVH3X3gFszRT3SgsO-1w28N8zlRilKuEBYBJ8L4jzV-ET_8tGhe4h1bx_-aPKCLLACXt3Cx_yWl2r_gAaSXSAIlVRVGf&sig=Cg0ArKJSzFyscsd5tAQnEAE&uach_m=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&sdkv=h.3.493.0&adurl=
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.72.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s32-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 30 Dec 2021 13:58:25 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
pixel.gif
cdn.blisspointmedia.com/assets/img/ Frame 1BF5
Redirect Chain
  • https://beacons.extremereach.io/cp-imp?cid=221992&creative_id=24269490&line_item=15671012&companion_id=0&er_ts=1640872705&session_id=PgVKMrIQmy0LKjpQhpc23E1640872705&er_fp=b342ca5fce51f581&subid1=n...
  • https://beacons-ipv4.extremereach.io/ip-sync?fp=b342ca5fce51f58141905902281b481e&forwardto=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%2Fblisspoint%3Fbuyer_user_id%3D1-61cdbb01-77ee6d4e7997585a5...
  • https://match.prod.bidr.io/cookie-sync/blisspoint?buyer_user_id=1-61cdbb01-77ee6d4e7997585a5473ad20.221992
  • https://pixel.pointmediatracker.com/bsync?beeswax_id=AAFPok7Dm3YAAEBiNAEM6g&buyer_user_id=1-61cdbb01-77ee6d4e7997585a5473ad20.221992
  • https://cdn.blisspointmedia.com/assets/img/pixel.gif
807 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.blisspointmedia.com/assets/img/pixel.gif
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H2
Server
13.225.210.108 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-210-108.ewr50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
3ca19e57c9a2465ae4df271316ba4d29e7ff7f113a2a2c5297780c0b7a0ac09d

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id
null
via
1.1 9c1465c390ec70cc0036cf15c3a531d9.cloudfront.net (CloudFront)
last-modified
Mon, 08 Apr 2019 16:24:44 GMT
server
AmazonS3
age
79923
etag
"18b3e43abad26bdac6f4cea944777b62"
x-cache
Hit from cloudfront
content-type
image/gif
date
Wed, 29 Dec 2021 15:46:23 GMT
x-amz-cf-pop
EWR50-C1
accept-ranges
bytes
content-length
807
x-amz-cf-id
knpXMFItRBPORjz2qUTmfzMGNHZglluOLnAKfpFolKEz6Rr5_xw0Hw==

Redirect headers

date
Thu, 30 Dec 2021 13:58:25 GMT
via
1.1 d50f0ffd76e03cff5d1f6328069e44e0.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR50-C1
location
https://cdn.blisspointmedia.com/assets/img/pixel.gif
x-amzn-requestid
4d03e711-7b01-4685-954d-4cfe7626e50c
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
Miss from cloudfront
content-type
application/json
access-control-allow-origin
*
x-amzn-trace-id
Root=1-61cdbb01-76409aa65eb024aa02d56adf;Sampled=0
x-amz-apigw-id
LKooRFwPPHcF9Xw=
content-length
2
x-amz-cf-id
DA-mIkhrTKJa2KWMEFPgFPf9h7pfeQBXBv_D_AQe60rTH-jtBq0aSA==
/
pubads.g.doubleclick.net/pagead/interaction/ Frame 1BF5 		42 B
66 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pubads.g.doubleclick.net/pagead/interaction/?ai=Bj4Jt_7rNYcGXOsW_pQefgJiYC6nMyo9GAAAAEAEg0b23PTgBWKmaxbuDBGDJ3pWM0KTcEbIBFHd3dy5iYWx0aW1vcmVzdW4uY29tugELNDgweDI3MF94bWzIAQXaAXRodHRwczovL3d3dy5iYWx0aW1vcmVzdW4uY29tL2Nvcm9uYXZpcnVzL2JzLW1kLXRydWVjYXJlLXdoaXN0bGVibG93ZXItMjAyMTEyMjktNXNvZjJyeHRudmZwamk0bGtzM3B1bWlxZDQtc3RvcnkuaHRtbJgC2DbAAgLgAgDqAhIvOTIwNTYyODEvNTQwOTg0ODb4AoHSHpADpAOYA9AFqAMB4AQB0gUGEJiix-IVkAYBoAYkqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHAOAHH9IIBwiAYRABGB3YCAKACgWYCwGADAHQFQGAFwE&sigh=xfSTSXnlQgY&label=vast_creativeview&ad_mt=0&acvw=sv%3D914%26cb%3Dima%26e%3D19%26nas%3D1%26sdk%3Dh%26p%3D854,224,1270,964%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26at%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D0%26pst%3D-1%26dur%3D30036%26vmtime%3D-1%26is%3D275%26cs%3D274%26c%3D0.83%26mc%3D0.83%26nc%3D0.83%26mv%3D0%26nv%3D0%26lte%3D0.83%26ces%26femt%3D4575%26femvt%3D0%26emc%3D1%26emuc%3D0%26emb%3D0,1,0,0,0%26avms%3Dexc%26qi%3D546407981%26psm%3D-2147483648%26psv%3D-2147483648%26psfv%3D0%26psa%3D0%26ptlt%3D7169%26pngs%3D9,14,15%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,0&gv=atos%3D0,0,0,0,0%26avt%3D0%26ss%3D0.13%26t%3D1640872705112&sdkv=h.3.493.0&vci=CkEIAhIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgRHREZQIAQqCjU4NDM4MzMxMTIyDDEzODM2OTEyNTY3M0CPAQqlAQgBEhR2YXN0LmV4dHJlbWVyZWFjaC5pbxoXRXh0cmVtZSBSZWFjaCBBZCBTZXJ2ZXIgAiosZXh0cmVtZXJlYWNoX2FkXzE1NjcxMDEyXzExODMxNzIzXzI0MjY5NDkwXzAyHmV4dHJlbWVyZWFjaF9jcmVhdGl2ZV8yNDI2OTQ5MEA9UiAQDyUAAPBBKAE6B3Vua25vd25CB3Vua25vd25I2gFQABgB
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.72.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s32-in-f2.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:25 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
pubads.g.doubleclick.net/pagead/interaction/ Frame 1BF5 		42 B
66 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pubads.g.doubleclick.net/pagead/interaction/?ai=Bj4Jt_7rNYcGXOsW_pQefgJiYC6nMyo9GAAAAEAEg0b23PTgBWKmaxbuDBGDJ3pWM0KTcEbIBFHd3dy5iYWx0aW1vcmVzdW4uY29tugELNDgweDI3MF94bWzIAQXaAXRodHRwczovL3d3dy5iYWx0aW1vcmVzdW4uY29tL2Nvcm9uYXZpcnVzL2JzLW1kLXRydWVjYXJlLXdoaXN0bGVibG93ZXItMjAyMTEyMjktNXNvZjJyeHRudmZwamk0bGtzM3B1bWlxZDQtc3RvcnkuaHRtbJgC2DbAAgLgAgDqAhIvOTIwNTYyODEvNTQwOTg0ODb4AoHSHpADpAOYA9AFqAMB4AQB0gUGEJiix-IVkAYBoAYkqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHAOAHH9IIBwiAYRABGB3YCAKACgWYCwGADAHQFQGAFwE&sigh=xfSTSXnlQgY&label=videoautoplayed&ad_mt=0&acvw=sv%3D914%26cb%3Dima%26e%3D19%26nas%3D1%26sdk%3Dh%26p%3D854,224,1270,964%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26at%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D0%26pst%3D-1%26dur%3D30036%26vmtime%3D-1%26is%3D275%26cs%3D274%26c%3D0.83%26mc%3D0.83%26nc%3D0.83%26mv%3D0%26nv%3D0%26lte%3D0.83%26ces%26femt%3D4575%26femvt%3D0%26emc%3D1%26emuc%3D0%26emb%3D0,1,0,0,0%26avms%3Dexc%26qi%3D546407981%26psm%3D-2147483648%26psv%3D-2147483648%26psfv%3D0%26psa%3D0%26ptlt%3D7169%26pngs%3D9,14,15%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,0&gv=atos%3D0,0,0,0,0%26avt%3D0%26ss%3D0.13%26t%3D1640872705112&sdkv=h.3.493.0&vci=CkEIAhIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgRHREZQIAQqCjU4NDM4MzMxMTIyDDEzODM2OTEyNTY3M0CPAQqlAQgBEhR2YXN0LmV4dHJlbWVyZWFjaC5pbxoXRXh0cmVtZSBSZWFjaCBBZCBTZXJ2ZXIgAiosZXh0cmVtZXJlYWNoX2FkXzE1NjcxMDEyXzExODMxNzIzXzI0MjY5NDkwXzAyHmV4dHJlbWVyZWFjaF9jcmVhdGl2ZV8yNDI2OTQ5MEA9UiAQDyUAAPBBKAE6B3Vua25vd25CB3Vua25vd25I2gFQABgB
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.72.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s32-in-f2.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:25 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame 1BF5 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuINN4unghpRZSbbktmprsIuyOFydVyrdqozG9eMMtM9pO14cYcdAUlhNeOhr9DN50F6cnSffM_V6V_KAe9kVFk2omFBm2IPvriRanU3-pg5rK2ZkNC&sig=Cg0ArKJSzGFArA-_jasWEAE&id=lidarv&acvw=sv%3D914%26cb%3Dima%26e%3D15%26nas%3D1%26sdk%3Dh%26p%3D854,224,1270,964%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D0%26pst%3D-1%26dur%3D30036%26vmtime%3D-1%26dvs%3D0%26dfvs%3D0%26dvpt%3D0%26is%3D275%26ic%3D274%26cs%3D274%26c%3D0.83%26mc%3D0.83%26nc%3D0.83%26mv%3D0%26nv%3D0%26lte%3D0.83%26ces%26femt%3D4575%26femvt%3D0%26emc%3D1%26emuc%3D0%26emb%3D0,1,0,0,0%26avms%3Dexc%26qi%3D546407981%26psm%3D-2147483648%26psv%3D-2147483648%26psfv%3D0%26psa%3D0%26ptlt%3D7171%26pngs%3D9,14,15%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,0&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0.13%26t%3D1640872705112&avm=1
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:25 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
duration
beacons.extremereach.io/ Frame 1BF5 		35 B
363 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://beacons.extremereach.io/duration?cid=221992&creative_id=24269490&line_item=15671012&companion_id=0&er_ts=1640872705&session_id=PgVKMrIQmy0LKjpQhpc23E1640872705&er_fp=b342ca5fce51f581&subid1=novpaid&er_pm=ap&er_pt=0&us_privacy=%24%7BUS_PRIVACY%7D&gdpr_consent=&gdpr=&percent=0&
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:66e7:fb10:6760:55cb:2555:7ffa Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

access-control-allow-origin
*
date
Thu, 30 Dec 2021 13:58:25 GMT
content-type
image/gif
content-length
35
p3p
CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
/
pubads.g.doubleclick.net/pagead/interaction/ Frame 1BF5 		42 B
66 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pubads.g.doubleclick.net/pagead/interaction/?ai=Bj4Jt_7rNYcGXOsW_pQefgJiYC6nMyo9GAAAAEAEg0b23PTgBWKmaxbuDBGDJ3pWM0KTcEbIBFHd3dy5iYWx0aW1vcmVzdW4uY29tugELNDgweDI3MF94bWzIAQXaAXRodHRwczovL3d3dy5iYWx0aW1vcmVzdW4uY29tL2Nvcm9uYXZpcnVzL2JzLW1kLXRydWVjYXJlLXdoaXN0bGVibG93ZXItMjAyMTEyMjktNXNvZjJyeHRudmZwamk0bGtzM3B1bWlxZDQtc3RvcnkuaHRtbJgC2DbAAgLgAgDqAhIvOTIwNTYyODEvNTQwOTg0ODb4AoHSHpADpAOYA9AFqAMB4AQB0gUGEJiix-IVkAYBoAYkqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHAOAHH9IIBwiAYRABGB3YCAKACgWYCwGADAHQFQGAFwE&sigh=xfSTSXnlQgY&label=part2viewed&ad_mt=0&acvw=sv%3D914%26cb%3Dima%26e%3D0%26nas%3D1%26sdk%3Dh%26p%3D854,224,1270,964%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D0%26pst%3D-1%26dur%3D30036%26vmtime%3D-1%26dvs%3D0%26dfvs%3D0%26dvpt%3D0%26is%3D275%26i0%3D275%26ic%3D0%26cs%3D274%26c%3D0.83%26mc%3D0.83%26nc%3D0.83%26mv%3D0%26nv%3D0%26lte%3D0.83%26ces%26femt%3D4575%26femvt%3D0%26emc%3D1%26emuc%3D0%26emb%3D0,1,0,0,0%26avms%3Dexc%26qi%3D546407981%26psm%3D-2147483648%26psv%3D-2147483648%26psfv%3D0%26psa%3D0%26ptlt%3D7173%26pngs%3D9,14,15s%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,0&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0.13%26t%3D1640872705112&sdkv=h.3.493.0&vci=CkEIAhIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgRHREZQIAQqCjU4NDM4MzMxMTIyDDEzODM2OTEyNTY3M0CPAQqlAQgBEhR2YXN0LmV4dHJlbWVyZWFjaC5pbxoXRXh0cmVtZSBSZWFjaCBBZCBTZXJ2ZXIgAiosZXh0cmVtZXJlYWNoX2FkXzE1NjcxMDEyXzExODMxNzIzXzI0MjY5NDkwXzAyHmV4dHJlbWVyZWFjaF9jcmVhdGl2ZV8yNDI2OTQ5MEA9UiAQDyUAAPBBKAE6B3Vua25vd25CB3Vua25vd25I2gFQABgB
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.72.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s32-in-f2.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:25 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
pubads.g.doubleclick.net/pagead/interaction/ Frame 1BF5 		42 B
66 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pubads.g.doubleclick.net/pagead/interaction/?ai=Bj4Jt_7rNYcGXOsW_pQefgJiYC6nMyo9GAAAAEAEg0b23PTgBWKmaxbuDBGDJ3pWM0KTcEbIBFHd3dy5iYWx0aW1vcmVzdW4uY29tugELNDgweDI3MF94bWzIAQXaAXRodHRwczovL3d3dy5iYWx0aW1vcmVzdW4uY29tL2Nvcm9uYXZpcnVzL2JzLW1kLXRydWVjYXJlLXdoaXN0bGVibG93ZXItMjAyMTEyMjktNXNvZjJyeHRudmZwamk0bGtzM3B1bWlxZDQtc3RvcnkuaHRtbJgC2DbAAgLgAgDqAhIvOTIwNTYyODEvNTQwOTg0ODb4AoHSHpADpAOYA9AFqAMB4AQB0gUGEJiix-IVkAYBoAYkqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHAOAHH9IIBwiAYRABGB3YCAKACgWYCwGADAHQFQGAFwE&sigh=xfSTSXnlQgY&label=admute&ad_mt=0&acvw=sv%3D914%26cb%3Dima%26e%3D10%26nas%3D1%26sdk%3Dh%26p%3D854,224,1270,964%26tos%3D0,13,0,0,0%26mtos%3D0,13,13,13,13%26amtos%3D0,0,0,0,0%26mcvt%3D13%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D13%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D13%26pst%3D-1%26dur%3D30036%26vmtime%3D-1%26dvs%3D13%26dfvs%3D0%26dvpt%3D13%26is%3D275%26i0%3D275%26ic%3D4096%26cs%3D4370%26c%3D0.83%26mc%3D0.83%26nc%3D0.83%26mv%3D0%26nv%3D0%26lte%3D0.83%26ces%26femt%3D4575%26femvt%3D0%26emc%3D1%26emuc%3D0%26emb%3D0,1,0,0,0%26avms%3Dexc%26qi%3D546407981%26psm%3D-2147483648%26psv%3D-2147483648%26psfv%3D0%26psa%3D0%26ptlt%3D7176%26pngs%3D9,14,15s%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,13,0&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0.13%26t%3D1640872705112&sdkv=h.3.493.0&vci=CkEIAhIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgRHREZQIAQqCjU4NDM4MzMxMTIyDDEzODM2OTEyNTY3M0CPAQqlAQgBEhR2YXN0LmV4dHJlbWVyZWFjaC5pbxoXRXh0cmVtZSBSZWFjaCBBZCBTZXJ2ZXIgAiosZXh0cmVtZXJlYWNoX2FkXzE1NjcxMDEyXzExODMxNzIzXzI0MjY5NDkwXzAyHmV4dHJlbWVyZWFjaF9jcmVhdGl2ZV8yNDI2OTQ5MEA9UiAQDyUAAPBBKAE6B3Vua25vd25CB3Vua25vd25I2gFQABgB
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.72.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s32-in-f2.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:25 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
stn_trk.gif
s2l.sendtonews.com/ Frame FCD2 		26 B
186 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s2l.sendtonews.com/stn_trk.gif?session=9O-d6nHSVOcDf6XQ&instance=213384664&version=65.21.10&age=211230&ldt=AD_IMP&key=N2Hxdj0R&seq=1&order=6&iu=/92056281,4011/54098486&adX=false&lineItem=5843833112&adSystem=GDFP&firstLineItem=5843833112&firstAdSystem=GDFP&lineItemsGDFP=5843833112&logAssertiveYield=false&rmt=ns&cid=4643
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
100.25.5.11 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-100-25-5-11.compute-1.amazonaws.com
Software
Apache/2.4.41 (Ubuntu) /
Resource Hash
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:25 GMT
last-modified
Wed, 23 Dec 2020 21:38:39 GMT
server
Apache/2.4.41 (Ubuntu)
accept-ranges
bytes
etag
"1a-5b72883b37f80"
content-length
26
content-type
image/gif
data_stn_l.php
timber.sendtonews.com/timber/ Frame FCD2 		0
253 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://timber.sendtonews.com/timber/data_stn_l.php?CMD=INV&ESG_key=N2Hxdj0R&ES_key=N2Hxdj0R&ES_ID=25799&S_RKEY=a23CIWNr0b&USR_ID=213384664&ST_usrKey=9O-d6nHSVOcDf6XQ&SM_ID=1701381&C_ID=4643&C_companyName=Tribune%20-%20Baltimore%20Sun&version=650210100&sC_ID=8784&AC_ID=2008&TYPE=FLOAT&EXTREF=https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&REF=https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&PLAYERWIDTH=740&PLAYERCODE=LVFPLN&OGSET=1&REFONLY=0&STRIPQUERY=1
Requested by
Host: player.sendtonews.com
URL: https://player.sendtonews.com/player7/player/65.21.10/player.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
50.17.207.51 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-50-17-207-51.compute-1.amazonaws.com
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 30 Dec 2021 13:58:25 GMT
Server
Apache
Content-Type
text/html; charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
max-age=1
Connection
keep-alive
Content-Length
0
Expires
Thu, 30 Dec 2021 13:58:26 GMT
stn_trk.gif
s2l.sendtonews.com/ Frame FCD2 		26 B
186 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s2l.sendtonews.com/stn_trk.gif?session=9O-d6nHSVOcDf6XQ&instance=213384664&version=65.21.10&age=211230&cmd=INV&key=N2Hxdj0R&c_id=4643&seq=1&order=7&EXTREF=https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&REF=https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&playerCfg=FL&alt=0&sC_ID=8784&sm_id=1701381&load=1&status=LVFPLNIY&ac_id=2008
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
100.25.5.11 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-100-25-5-11.compute-1.amazonaws.com
Software
Apache/2.4.41 (Ubuntu) /
Resource Hash
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:25 GMT
last-modified
Wed, 23 Dec 2020 21:38:39 GMT
server
Apache/2.4.41 (Ubuntu)
accept-ranges
bytes
etag
"1a-5b72883b37f80"
content-length
26
content-type
image/gif
usync.html
eus.rubiconproject.com/ Frame 1061
Redirect Chain
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?gdpr=0&p=15414&us_privacy=1---&endpoint=
  • https://eus.rubiconproject.com/usync.html?gdpr=0&p=15414&us_privacy=1---&endpoint=
281 B
554 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?gdpr=0&p=15414&us_privacy=1---&endpoint=
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.73.244.44 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-73-244-44.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-US,en;q=0.9
Referer
https://imprnjmp.taboola.com/

Response headers

Server
Apache/2.2.15 (CentOS)
Last-Modified
Tue, 14 Dec 2021 23:07:59 GMT
ETag
"402b2-119-5d32342a551c0"
Accept-Ranges
bytes
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Thu, 30 Dec 2021 13:58:25 GMT
Connection
keep-alive
Vary
Accept-Encoding

Redirect headers

Server
AkamaiGHost
Content-Length
0
Location
https://eus.rubiconproject.com/usync.html?gdpr=0&p=15414&us_privacy=1---&endpoint=
Date
Thu, 30 Dec 2021 13:58:25 GMT
Connection
keep-alive
Access-Control-Allow-Credentials
true
Access-Control-Allow-Origin
*
p
sb.scorecardresearch.com/ Frame FCD2 		64 B
444 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sb.scorecardresearch.com/p?c1=2&c2=18065638&ns_type=hidden&ns_st_sv=6.3.4.190424&ns_st_smv=5.10&ns_st_it=c&ns_st_id=1640872698337&ns_st_ec=1&ns_st_sp=1&ns_st_sc=1&ns_st_psq=1&ns_st_asq=1&ns_st_sq=1&ns_st_ppc=1&ns_st_apc=1&ns_st_spc=1&ns_st_cn=1&ns_st_ev=play&ns_st_po=0&ns_st_cl=30000&ns_st_pb=1&ns_st_mp=js_api&ns_st_mv=6.3.4.190424&ns_st_pn=1&ns_st_tp=1&ns_st_ad=pre-roll&ns_st_ci=1701381&ns_st_pt=0&ns_st_dpt=0&ns_st_ipt=0&ns_st_ap=0&ns_st_dap=0&ns_st_et=0&ns_st_det=0&ns_st_upc=0&ns_st_dupc=0&ns_st_iupc=0&ns_st_upa=0&ns_st_dupa=0&ns_st_iupa=0&ns_st_lpc=0&ns_st_dlpc=0&ns_st_lpa=0&ns_st_dlpa=0&ns_st_pa=0&ns_st_ldw=0&ns_st_ldo=0&ns_ts=1640872705327&ns_st_bc=0&ns_st_dbc=0&ns_st_bt=0&ns_st_dbt=0&ns_st_bp=0&ns_st_lt=6990&ns_st_skc=0&ns_st_dskc=0&ns_st_ska=0&ns_st_dska=0&ns_st_skd=0&ns_st_skt=0&ns_st_dskt=0&ns_st_pc=0&ns_st_dpc=0&ns_st_pp=0&ns_st_br=0&ns_st_rt=100&ns_st_ub=0&ns_st_ki=1200000&ns_st_pr=*null&ns_st_sn=*null&ns_st_en=*null&ns_st_ep=*null&ns_st_ct=va11&ns_st_ge=Sports&ns_st_st=SendtoNews&ns_st_ia=0&ns_st_ddt=*null&ns_st_tdt=*null&ns_st_pu=Cheddar%20News&c3=sendtonews&c4=Technology&c6=*null&c7=https%3A%2F%2Fwww.baltimoresun.com%2Fcoronavirus%2Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&c8=&c9=
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.31.94 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-31-94.ewr53.r.cloudfront.net
Software
/
Resource Hash
831b0d6cde4541d363bb7a67eb49010fc5fd717dda4b9c3187dd3207b1da56cd

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:25 GMT
via
1.1 15b896d254f935ae71226074f7ea14b7.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR53-C2
etag
W/"40-jHLN3x5dWpBzaQm4lkBmDWvrjrg"
x-cache
Miss from cloudfront
content-type
image/gif; charset=utf-8
content-length
64
x-amz-cf-id
3aV3JWkJCUHATuA18vfe41ET8vrT3pC_X-sIPea5HJtSVpD8FOEoIQ==
usync.html
eus.rubiconproject.com/ Frame EBA1
Redirect Chain
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?gdpr=0&p=15414&us_privacy=1---&endpoint=
  • https://eus.rubiconproject.com/usync.html?gdpr=0&p=15414&us_privacy=1---&endpoint=
281 B
554 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?gdpr=0&p=15414&us_privacy=1---&endpoint=
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.73.244.44 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-73-244-44.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-US,en;q=0.9
Referer
https://us-match.taboola.com/

Response headers

Server
Apache/2.2.15 (CentOS)
Last-Modified
Tue, 14 Dec 2021 23:07:59 GMT
ETag
"402b2-119-5d32342a551c0"
Accept-Ranges
bytes
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Thu, 30 Dec 2021 13:58:25 GMT
Connection
keep-alive
Vary
Accept-Encoding

Redirect headers

Server
AkamaiGHost
Content-Length
0
Location
https://eus.rubiconproject.com/usync.html?gdpr=0&p=15414&us_privacy=1---&endpoint=
Date
Thu, 30 Dec 2021 13:58:25 GMT
Connection
keep-alive
Access-Control-Allow-Credentials
true
Access-Control-Allow-Origin
*
postback
s.srvsynd.com/2/2.43.1/234175/AP4v3tgJBZc63V4i/ 		0
145 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://s.srvsynd.com/2/2.43.1/234175/AP4v3tgJBZc63V4i/postback?ci=234175&dt=2341751597675869250012&di=www.baltimoresun.com&ui=f1a7817fe20f4597938371768ad6be84&ap=undefined&sr=connatix.com&de=2&md=2&pp=780864319626685&ti=x1212214887973369980443275100160&to=3&pv=8266dd6e-3c76-4285-9592-6a0ab89c378d&sid=AP4v3tgJBZc63V4i&oz_sc=d1a5b9c31009128bce120ef1&oz_df=1640872705344&oz_l=9219&cv=3
Requested by
Host: s.srvsynd.com
URL: https://s.srvsynd.com/2/2.43.1/main.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
34.226.87.209 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-226-87-209.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.baltimoresun.com/
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
*
Date
Thu, 30 Dec 2021 13:58:25 GMT
Timing-Allow-Origin
*
Content-Length
0
Vary
Origin
syncMe
synchroscript.deliveryengine.adswizz.com/ Frame 07D8
Redirect Chain
  • https://sync.1rx.io/usersync2/adswizz
  • https://sync.targeting.unrulymedia.com/csync/RX-c726f1b5-f2ac-41a2-bd61-14d6eda8e3c6-005?redir=https%3A%2F%2Fsynchroscript.deliveryengine.adswizz.com%2FsyncMe%3FpartnerDomain%3Drhythmxchange.com%26...
  • https://synchroscript.deliveryengine.adswizz.com/syncMe?partnerDomain=rhythmxchange.com&idType=cookie&partnerUserId=RX-c726f1b5-f2ac-41a2-bd61-14d6eda8e3c6-005
0
426 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://synchroscript.deliveryengine.adswizz.com/syncMe?partnerDomain=rhythmxchange.com&idType=cookie&partnerUserId=RX-c726f1b5-f2ac-41a2-bd61-14d6eda8e3c6-005
Requested by
Host: synchroscript.deliveryengine.adswizz.com
URL: https://synchroscript.deliveryengine.adswizz.com/www/delivery/afr.php?zoneid=9&aw_0_req.gdpr=false
Protocol
HTTP/1.1
Server
52.49.183.91 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-49-183-91.eu-west-1.compute.amazonaws.com
Software
Apache-Coyote/1.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://synchroscript.deliveryengine.adswizz.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 30 Dec 2021 13:58:25 GMT
X-Clacks-Overhead
GNU Terry Pratchett
Server
Apache-Coyote/1.1
X-Adswizz-request-id
8edc7f90-6978-11ec-8dcd-06872c567103
Instance-id
i-0c9a1379ada668478
Connection
keep-alive
Content-Length
0
X-Application-Context
application:production

Redirect headers

Date
Thu, 30 Dec 2021 13:58:25 GMT
Server
Tengine
ETag
RXc726f1b5f2ac41a2bd6114d6eda8e3c6005
Transfer-Encoding
chunked
P3P
CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
Location
https://synchroscript.deliveryengine.adswizz.com/syncMe?partnerDomain=rhythmxchange.com&idType=cookie&partnerUserId=RX-c726f1b5-f2ac-41a2-bd61-14d6eda8e3c6-005
Connection
keep-alive
Content-Type
text/html
lg.php
synchroscript.deliveryengine.adswizz.com/www/delivery/ Frame 07D8 		43 B
345 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://synchroscript.deliveryengine.adswizz.com/www/delivery/lg.php?adData=targeted-publisher-info%3A2%3Bsynchroscript%5Ebilling%3Asynchroscript_A12%3B66%3BUSD%3B0.00000%3Bfalse%5EtraceId%3A8eb6a846-6978-11ec-8c88-0a4a85d04a0f%5EAS%2Fi%3Asynchroscript%3Bad_id%3A66%3Bzone_id%3A8%3Bview_key%3A1640872705343%3Bduration%3A0%3Baf%3A0.00000%3Btf%3A0.00000%3Bnp%3A0.00000%3Bgp%3A0.00000%3Bc%3AUSD%3Bbaf%3A0.00000%3Bbtf%3A0.00000%3Bbnp%3A0.00000%3Bbgp%3A0.00000%3Bbc%3AUSD%3Bat%3A1%3Bo_id%3A0%3Bc_id%3A31%5Epchain%3A52ded3ee71b94c84%3Asynchroscript&loc=https%3A%2F%2Fsynchroscript.deliveryengine.adswizz.com%2Fwww%2Fdelivery%2Fafr.php%3Fzoneid%3D9%26aw_0_req.gdpr%3Dfalse&listenerId=938da2495b23f9add6ca968d1acf11bd&sessionId=d5d67145c83e43bca53ff5bea46cb7f&ip=%3A%3Affff%3A45.250.25.110&user_agent=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F96.0.4664.93+Safari%2F537.36&us_privacy=null&cbs=7410800&charset=UTF-8&loc=https://synchroscript.deliveryengine.adswizz.com/www/delivery/afr.php?zoneid=9&aw_0_req.gdpr=false&withtext=1
Requested by
Host: synchroscript.deliveryengine.adswizz.com
URL: https://synchroscript.deliveryengine.adswizz.com/www/delivery/afr.php?zoneid=9&aw_0_req.gdpr=false
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.49.183.91 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-49-183-91.eu-west-1.compute.amazonaws.com
Software
Apache-Coyote/1.1 /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://synchroscript.deliveryengine.adswizz.com/www/delivery/afr.php?zoneid=9&aw_0_req.gdpr=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Thu, 30 Dec 2021 13:58:24 GMT
Instance-id
i-05b06965b7e9a2930
Server
Apache-Coyote/1.1
Connection
keep-alive
Content-Length
43
Content-Type
image/gif
usync.js
eus.rubiconproject.com/ Frame 1061 		32 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?gdpr=0&p=15414&us_privacy=1---&endpoint=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.73.244.44 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-73-244-44.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
b6caa475a6e60a972a981cf3abeb5a2ff01c09bee551831d38f18ae2b28ccfe4

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?gdpr=0&p=15414&us_privacy=1---&endpoint=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 30 Dec 2021 13:58:25 GMT
Content-Encoding
gzip
Last-Modified
Wed, 15 Dec 2021 23:04:16 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=53219
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Content-Length
9702
Expires
Fri, 31 Dec 2021 04:45:24 GMT
usync.js
eus.rubiconproject.com/ Frame EBA1 		32 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?gdpr=0&p=15414&us_privacy=1---&endpoint=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.73.244.44 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-73-244-44.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
b6caa475a6e60a972a981cf3abeb5a2ff01c09bee551831d38f18ae2b28ccfe4

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?gdpr=0&p=15414&us_privacy=1---&endpoint=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 30 Dec 2021 13:58:25 GMT
Content-Encoding
gzip
Last-Modified
Wed, 15 Dec 2021 23:04:16 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=53219
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Content-Length
9702
Expires
Fri, 31 Dec 2021 04:45:24 GMT
/
trc.taboola.com/sg/rubiconvideo-network/1/rtb-h/ Frame 1061
Redirect Chain
  • https://pixel.rubiconproject.com/exchange/sync.php?p=15414&gdpr=0&us_privacy=1---&gdpr=0&us_privacy=1---&khaos=KXT18KCV-1V-9YVP
  • https://trc.taboola.com/sg/rubiconvideo-network/1/rtb-h/?taboola_hm=KXT18KCV-1V-9YVP&gdpr=0&us_privacy=1---
0
60 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://trc.taboola.com/sg/rubiconvideo-network/1/rtb-h/?taboola_hm=KXT18KCV-1V-9YVP&gdpr=0&us_privacy=1---
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?gdpr=0&p=15414&us_privacy=1---&endpoint=
Protocol
H2
Server
151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-vcl-time-ms
8
date
Thu, 30 Dec 2021 13:58:25 GMT
via
1.1 varnish
server
nginx
x-timer
S1640872706.531747,VS0,VE8
x-cache
MISS
x-cache-hits
0
accept-ranges
bytes
content-length
0
x-served-by
cache-dca17780-DCA

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location
https://trc.taboola.com/sg/rubiconvideo-network/1/rtb-h/?taboola_hm=KXT18KCV-1V-9YVP&gdpr=0&us_privacy=1---
Cache-Control
no-cache,no-store,must-revalidate
Content-Type
text/html
content-length
0
X-RPHost
10af108baa8103fb427a2cc0433d74a0
Expires
0
postback
s.srvsynd.com/2/2.43.1/234175/AP4v3tgJBZc63V4i/ 		0
145 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://s.srvsynd.com/2/2.43.1/234175/AP4v3tgJBZc63V4i/postback?ci=234175&dt=2341751597675869250012&di=www.baltimoresun.com&ui=f1a7817fe20f4597938371768ad6be84&ap=undefined&sr=connatix.com&de=2&md=2&pp=780864319626685&ti=x1212214887973369980443275100160&to=3&pv=8266dd6e-3c76-4285-9592-6a0ab89c378d&sid=AP4v3tgJBZc63V4i&oz_sc=d1a5b9c31009128bce120ef1&oz_df=1640872705510&oz_l=1158&cv=3
Requested by
Host: s.srvsynd.com
URL: https://s.srvsynd.com/2/2.43.1/main.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
34.226.87.209 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-226-87-209.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.baltimoresun.com/
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
*
Date
Thu, 30 Dec 2021 13:58:25 GMT
Timing-Allow-Origin
*
Content-Length
0
Vary
Origin
bulk
trc.taboola.com/tribunedigital-baltimoresun/log/3/ 		0
108 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://trc.taboola.com/tribunedigital-baltimoresun/log/3/bulk?route=US%3AUS%3AV&lti=deflated&bulkSize=13
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20211230-7-RELEASE.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.baltimoresun.com/
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

x-vcl-time-ms
12
pragma
no-cache
date
Thu, 30 Dec 2021 13:58:25 GMT
via
1.1 varnish
server
nginx
x-timer
S1640872706.570056,VS0,VE12
x-served-by
cache-dca17780-DCA
x-cache
MISS
p3p
policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin
https://www.baltimoresun.com
cache-control
no-cache
access-control-allow-credentials
true
accept-ranges
bytes
content-type
image/gif
x-cache-hits
0
integrator.js
adservice.google.com/adsid/ Frame E1DD 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:822::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 30 Dec 2021 13:58:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
gen_204
pagead2.googlesyndication.com/pagead/ Frame E1DD 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?adtagurl=https%3A%2F%2Fpubads.g.doubleclick.net%2Fgampad%2Fads%3Fiu%3D%2F107430338%2FCNXORTEST%2F2570%26description_url%3Dhttps%253A%252F%252Fwww.baltimoresun.com%252Fcoronavirus%252Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html%26tfcd%3D0%26npa%3D0%26sz%3D400x300%257C640x480%26gdfp_req%3D1%26output%3Dvast%26unviewed_position_start%3D1%26env%3Dvp%26impl%3Ds%26correlator%3Def27bfd0-e432-450e-a7c9-e7a4a17c5d26%26cust_params%3Ddomains%253Dwww.baltimoresun.com%26ad_type%3Dvideo%26us_privacy%3D&customPlayback=f&customClick=f&lid=8&sdkv=h.3.493.0&e=44750604%2C44750824&id=ima_html5&c=428083378999419&domain
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:25 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
pubads.g.doubleclick.net/gampad/ Frame 0AEA 		156 B
145 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pubads.g.doubleclick.net/gampad/ads?iu=%2F107430338%2FCNXORTEST%2F2570&description_url=https%3A%2F%2Fwww.baltimoresun.com%2Fcoronavirus%2Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&tfcd=0&npa=0&sz=400x300%7C640x480&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=2352888438036225&cust_params=domains%3Dwww.baltimoresun.com&ad_type=video&us_privacy&sdkv=h.3.493.0&osd=2&frm=1&vis=1&sdr=1&hl=en&afvsz=200x200%2C450x50%2C468x60%2C480x70&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&u_so=l&ctv=0&gdpr_consent=tcunavailable&sdki=44d&adk=3133581750&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.493.0&sid=F4EEFD2E-0BB0-4352-A444-A30E7AC5BD97&nel=1&eid=44750604%2C44750824&top=https%3A%2F%2Fwww.baltimoresun.com%2Fcoronavirus%2Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&url=https%3A%2F%2Fwww.baltimoresun.com%2Fcoronavirus%2Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&loc=about%3Ablank&dlt=1640872699580&idt=2836&dt=1640872705621&cookie=ID%3D1ab9841e9d635743%3AT%3D1640872697%3AS%3DALNI_Ma-Qe6UXEsGDRe5-rBnPwntAlRaoQ&scor=1590642772957239&ged=ve4_td6_tt4_pd6_la6000_er2636.441.2794.747_vi0.0.1200.1600_vp0_ts3_eb16491
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.72.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s32-in-f2.1e100.net
Software
cafe /
Resource Hash
8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:25 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
113
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/xml; charset=UTF-8
access-control-allow-origin
https://imasdk.googleapis.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame E1DD 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?error=1009&vis=1&lid=7&sdkv=h.3.493.0&e=44750604%2C44750824&id=ima_html5&c=428083378999419&domain
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:25 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
media
direct.ad.cpe.dotomi.com/cvx/client/direct/ Frame E1DD 		68 B
363 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://direct.ad.cpe.dotomi.com/cvx/client/direct/media?sid=210063&placement_id=addd440&vpaid=2&m=11&mdf=mp4&vastver=2
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2606:ae80:1451:11::2100 , United States, ASN25751 (VALUECLICK, US),
Reverse DNS
Software
nginx /
Resource Hash
34945e57183f095b83b2afddd4768243e33633e4431a9bc7dc06a421dacee7b3

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:25 GMT
server
nginx
content-type
text/html
access-control-allow-origin
https://www.baltimoresun.com
cache-control
no-cache
access-control-allow-credentials
true
content-length
68
expires
0
abt
capi.connatix.com/tr/ Frame E1DD 		0
321 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi.connatix.com/tr/abt?v=143023
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.220.25.210 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-220-25-210.us-east-2.compute.amazonaws.com
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Thu, 30 Dec 2021 13:58:25 GMT
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://www.baltimoresun.com
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
20
f539211219b796ffbb49949997c764f0.png
cdn.taboola.com/libtrc/static/thumbnails/ 		254 B
712 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.taboola.com/libtrc/static/thumbnails/f539211219b796ffbb49949997c764f0.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f68019eb4b4e5933301d4ee75969e0cb94ed8333bf514630fa749eb9c3e483c9

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id
hL.cyLD7Q4TL5ceY.7JQwF9m5IYI8mkC
via
1.1 varnish
etag
"dfa7b52c86e56bd67fa4002f6ed19854"
age
23958
x-cache
HIT
x-amz-replication-status
COMPLETED
content-length
254
x-amz-id-2
WmkY72/JScbrLVpAlrKqyNZZBoILOsUg0GrGp4WdQihvN0f6MVI/LzuMxxJSo4tjhBj7e3rFy5o=
x-served-by
cache-dca17780-DCA
last-modified
Wed, 24 Jun 2015 07:14:11 GMT
server
AmazonS3
x-amz-meta-s3cmd-attrs
uid:0/gname:root/uname:root/gid:0/mode:33188/mtime:1377415166/atime:1435052450/md5:dfa7b52c86e56bd67fa4002f6ed19854/ctime:1422381567
x-timer
S1640872706.818710,VS0,VE0
date
Thu, 30 Dec 2021 13:58:25 GMT
x-amz-request-id
EDQJTPEGDDD7EJMT
cache-control
private,max-age=31536000
accept-ranges
bytes
content-type
image/png
abp
1
x-cache-hits
238
partnerIds
yield-op-idsync.live.streamtheworld.com/ Frame 95EE 		401 B
644 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://yield-op-idsync.live.streamtheworld.com/partnerIds
Requested by
Host: t.co
URL: https://t.co/sWUTVYxdMM
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.173.29.75 , Canada, ASN13360 (TRITONDIGITAL, CA),
Reverse DNS
Software
/
Resource Hash
4fb83b55a32c676b34bdaedd8c51d5917ca7b491dee559a69a87fe26a1ded6eb

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:25 GMT
x-stw-site
MTL
x-stw-server
mtl-mesos01-node09
access-control-allow-methods
GET, OPTIONS
content-type
application/json
access-control-allow-origin
https://www.baltimoresun.com
access-control-allow-credentials
true
content-length
401
setuid
exchange.remixd.com/ Frame 95EE 		0
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://exchange.remixd.com/setuid?bidder=tritondigital&uid=%7B%22cto-uid%22%3A%22no-consent%22%2C%22bsw-uid%22%3A%2284efc425-6b61-4040-bd22-124692c6664b%22%2C%22acu-uid%22%3A%22635661617131%22%2C%22ttd-uid%22%3A%22e0abe75f-a4ea-4fff-b6a5-5da8b250c6e4%22%2C%22an-uid%22%3A%223183875922675690167%22%2C%22mm-uid%22%3A%22486e61cd-bafa-4300-ae81-e0c2b6322ca6%22%2C%22triton-uid%22%3A%22cookie%3A8722167b-8ba9-4542-b427-8761e06085ee%22%2C%22amb-uid%22%3A%228053738013470830884%22%2C%22aw-uid%22%3A%22938da2495b23f9add6ca968d1acf11bd%22%2C%22dbm-uid%22%3A%22CAESEOWJqg3Fk4LhR3KB135xjDs%22%7D&gdpr=&gdpr_consent=&us_privacy=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.142.228 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
228.142.102.34.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:25 GMT
via
1.1 google
vary
Origin
cache-control
no-cache, no-store, must-revalidate
alt-svc
clear
content-length
0
expires
0
async_usersync
ib.adnxs.com/ Frame C403 		0
731 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.160.114 New York, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
672.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 30 Dec 2021 13:58:26 GMT
X-Proxy-Origin
45.250.25.110; 45.250.25.110; 672.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid
841c93bc-bbde-438f-a90c-430d9829ec26
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
async_usersync
ib.adnxs.com/ Frame 52E5 		0
731 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.160.114 New York, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
672.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 30 Dec 2021 13:58:26 GMT
X-Proxy-Origin
45.250.25.110; 45.250.25.110; 672.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid
f4a5f4b5-57df-442f-8523-e6328eff2852
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
event.png
tpsc-nyc.doubleverify.com/ Frame B9AD 		0
281 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://tpsc-nyc.doubleverify.com/event.png?impid=8a2c5f08dfc64973914014fc5f5902e0&gdpr=&gdpr_consent=&msrcanlm=906&msrcannum=3&eoid=12&ismms=13&isumms=13&isvelg=1&nvr=3&elmtp=1&isbxdms=2236&b0=100&b4=2471&adhgt=250&adwdth=300&norwdth=300&norhgt=250&engisel=1&dvp_vsosnmr=1&lftb=2571&sftb=2571&msrdp=2&naral=642&vct=512&vphgt=1200&vpwdth=1600&chgt=250&cwdth=300&invcs=false&scrhgt=1200&scrwdth=1600&strp=0&advisonl=false&engalms=13&dvp_dpr=1&dvp_valpct=2&cbust=1640872706128810
Requested by
Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements1953.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
204.154.110.88 , United States, ASN36062 (DOUBLE-VERIFY, US),
Reverse DNS
nycp-phlb118.doubleverify.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com/
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin
https://76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com
Pragma
no-cache
Date
Thu, 30 Dec 2021 13:58:26 GMT
Cache-Control
max-age=0
Access-Control-Allow-Credentials
true
Expires
12/29/2021 13:58:26
event.png
tpsc-nyc.doubleverify.com/ Frame AD86 		0
281 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://tpsc-nyc.doubleverify.com/event.png?impid=9f183a764c2f4219b774735c3f0f7e61&gdpr=&gdpr_consent=&msrcanlm=904&msrcannum=3&eoid=12&ismms=53&isumms=53&isvelg=1&nvr=3&isgmmims=53&isgmv4mims=53&elmtp=1&isbxdms=2378&b0=100&b4=2424&adhgt=250&adwdth=300&norwdth=300&norhgt=250&engisel=1&dvp_vsosnmr=1&lftb=2524&sftb=2524&msrdp=3&naral=640&vct=512&vphgt=1200&vpwdth=1600&chgt=250&cwdth=300&invcs=false&scrhgt=1200&scrwdth=1600&strp=0&advisonl=false&engalms=52&dvp_dpr=1&dvp_valpct=2&cbust=1640872706137134
Requested by
Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements1953.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
204.154.110.88 , United States, ASN36062 (DOUBLE-VERIFY, US),
Reverse DNS
nycp-phlb118.doubleverify.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com/
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin
https://76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com
Pragma
no-cache
Date
Thu, 30 Dec 2021 13:58:26 GMT
Cache-Control
max-age=0
Access-Control-Allow-Credentials
true
Expires
12/29/2021 13:58:26
integrator.js
adservice.google.com/adsid/ Frame E1DD 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:822::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 30 Dec 2021 13:58:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
pubads.g.doubleclick.net/gampad/live/ Frame 8558 		156 B
186 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pubads.g.doubleclick.net/gampad/live/ads?iu=%2F8749%2FTribune&description_url=https%3A%2F%2Fwww.baltimoresun.com%2Fcoronavirus%2Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&tfcd=0&npa=0&sz=640x480&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=1290141777983273&sdkv=h.3.493.0&osd=2&frm=1&vis=1&sdr=1&hl=en&afvsz=200x200%2C450x50%2C468x60%2C480x70&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&u_so=l&ctv=0&gdpr_consent=tcunavailable&sdki=44d&adk=3535696309&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.493.0&sid=10464087-99AE-44B6-86F6-0A5E35B16769&nel=1&eid=44750604%2C44752711&top=https%3A%2F%2Fwww.baltimoresun.com%2Fcoronavirus%2Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&url=https%3A%2F%2Fwww.baltimoresun.com%2Fcoronavirus%2Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&loc=about%3Ablank&dlt=1640872699580&idt=2788&dt=1640872706277&cookie=ID%3D1ab9841e9d635743%3AT%3D1640872697%3AS%3DALNI_Ma-Qe6UXEsGDRe5-rBnPwntAlRaoQ&scor=416015148995426&ged=ve4_td6_tt4_pd6_la6000_er2636.441.2794.747_vi0.0.1200.1600_vp0_ts2_eb16491
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.72.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s32-in-f2.1e100.net
Software
ltt /
Resource Hash
8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
153
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
ltt
google-mediationtag-id
-2
google-creative-id
-2
x-frame-options
SAMEORIGIN
content-type
text/xml; charset=UTF-8
access-control-allow-origin
https://imasdk.googleapis.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
trc.taboola.com/sg/rubicon-network-display/1/rtb-h/ Frame B537
Redirect Chain
  • https://pixel.rubiconproject.com/exchange/sync.php?p=16698
  • https://trc.taboola.com/sg/rubicon-network-display/1/rtb-h/?taboola_hm=KXT18KCV-1V-9YVP
0
210 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://trc.taboola.com/sg/rubicon-network-display/1/rtb-h/?taboola_hm=KXT18KCV-1V-9YVP
Protocol
H2
Server
151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-vcl-time-ms
8
date
Thu, 30 Dec 2021 13:58:26 GMT
via
1.1 varnish
server
nginx
x-timer
S1640872706.380518,VS0,VE8
x-cache
MISS
x-cache-hits
0
accept-ranges
bytes
x-served-by
cache-dca17780-DCA

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location
https://trc.taboola.com/sg/rubicon-network-display/1/rtb-h/?taboola_hm=KXT18KCV-1V-9YVP
Cache-Control
no-cache,no-store,must-revalidate
Content-Type
text/html
content-length
0
X-RPHost
10af108baa8103fb427a2cc0433d74a0
Expires
0
/
sync.taboola.com/sg/pulsepointrtb-network/1/rtb-h/ Frame B537
Redirect Chain
  • https://bh.contextweb.com/bh/rtset?pid=562107&ev=1&rurl=https%3A%2F%2Fsync.taboola.com/sg/pulsepointrtb-network/1/rtb-h/?taboola_hm=%%VGUID%%&orig=trc
  • https://sync.taboola.com/sg/pulsepointrtb-network/1/rtb-h/?taboola_hm=EZ2yaDDdi7BZ&ev=1&orig=trc&pid=562107
0
221 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.taboola.com/sg/pulsepointrtb-network/1/rtb-h/?taboola_hm=EZ2yaDDdi7BZ&ev=1&orig=trc&pid=562107
Protocol
H2
Server
141.226.224.48 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:26 GMT
access-control-allow-credentials
true
server
nginx
x-fastly-to-nlb-rtt
16362

Redirect headers

strict-transport-security
max-age=15768000
server
Jetty(9.4.14.v20181114)
p3p
policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
content-language
en-US
location
https://sync.taboola.com/sg/pulsepointrtb-network/1/rtb-h/?taboola_hm=EZ2yaDDdi7BZ&ev=1&orig=trc&pid=562107
cache-control
private, max-age=0, no-cache, no-store
cw-server
bh-deployment-685df6f7b9-fhw5j
expires
-1
cm
u.openx.net/w/1.0/ Frame B537
Redirect Chain
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=359446293&pcid=edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e&is_fpcid=false
  • https://sync1.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=359446293&pcid=edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e&is_fpcid=false&ckls=true&ci=ycvoscIWvK&nc=false&trid...
  • https://image8.pubmatic.com/AdServer/ImgSync?p=156872&pu=https%3A%2F%2Fsync1.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26dpi%3D1402230080%26mi%3D10%26csh%3D359446293%26rnd%3D...
  • https://sync1.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=1402230080&mi=10&csh=359446293&rnd=493460157&pcid=9AEF885A-3E04-4A8E-9A29-6FFBCF07119E
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fsync1.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26dpi%3D1709765917%26mi%3D10%26csh%3D359446293%3B1402230080%26rnd%3D1279058907&pcid=...
  • https://sync1.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=1709765917&mi=10&csh=359446293;1402230080&rnd=1279058907&pcid=3183875922675690167
  • https://sync.mathtag.com/sync/img?mt_exid=10019&redir=https%3A%2F%2Fsync1.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26dpi%3D1678944572%26mi%3D10%26csh%3D359446293%3B140223008...
  • https://sync1.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=1678944572&mi=10&csh=359446293;1402230080;1709765917&rnd=-2009563315&pcid=486e61cd-bafa-4300-ae81-e0c2b6322ca6
  • https://u.openx.net/w/1.0/cm?id=476b50d3-5ccf-49a1-89b8-1ddf8ea18042&r=https%3A%2F%2Fsync1.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26dpi%3D1486637409%26mi%3D10%26csh%3D3594...
43 B
75 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://u.openx.net/w/1.0/cm?id=476b50d3-5ccf-49a1-89b8-1ddf8ea18042&r=https%3A%2F%2Fsync1.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26dpi%3D1486637409%26mi%3D10%26csh%3D359446293%3B1402230080%3B1709765917%3B1678944572%26rnd%3D-655220293%26pcid%3D
Protocol
H3
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/17.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:26 GMT
content-encoding
gzip
server
OXGW/17.0.0
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
via
1.1 google
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
56
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:26 GMT
via
1.1 1e50ca9ac269e92d749f11227b12760d.cloudfront.net (CloudFront)
server
Apache-Coyote/1.1
x-amz-cf-pop
EWR53-C3
x-cache
Miss from cloudfront
p3p
CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
location
https://u.openx.net/w/1.0/cm?id=476b50d3-5ccf-49a1-89b8-1ddf8ea18042&r=https%3A%2F%2Fsync1.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26dpi%3D1486637409%26mi%3D10%26csh%3D359446293%3B1402230080%3B1709765917%3B1678944572%26rnd%3D-655220293%26pcid%3D
cache-control
no-cache, no-store, must-revalidate
patent
https://www.almondnet.com/ip
content-type
image/gif
content-length
43
x-amz-cf-id
MnUTFN6Tl1215yhbBHxvbbBH0hj0FcOqT0Smu4DoiTVr2kQcvM5pcA==
expires
Thu, 01 Jan 1970 00:00:00 GMT
35702
tags.bluekai.com/site/ Frame B537 		62 B
757 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tags.bluekai.com/site/35702?id=edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
184.50.205.90 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-50-205-90.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 30 Dec 2021 13:58:26 GMT
Connection
keep-alive
P3P
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Content-Length
62
BK-Server
e6a8
Content-Type
image/gif
mw
mwzeom.zeotap.com/ Frame B537 		95 B
232 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?zpartnerid=1367&env=mWeb&cid=edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e&gdpr=$0&gdpr_consent=$
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:26 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type
image/png
access-control-allow-origin
*
access-control-allow-credentials
true
cf-ray
6c5bc86f1e2f57a3-IAD
access-control-allow-headers
*
content-length
95
sync
odr.mookie1.com/t/v2/ Frame B537 		43 B
610 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://odr.mookie1.com/t/v2/sync?tagid=V2_866925&src.visitorId=edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e&gdpr=0&gdpr_consent=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.90.30 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
30.90.190.35.bc.googleusercontent.com
Software
Apache /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:26 GMT
via
1.1 google
server
Apache
p3p
CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif;charset=UTF-8
alt-svc
clear
content-length
43
x-application-context
application
expires
Thu, 01 Jan 1970 00:00:00 GMT
cm
trc.taboola.com/sg/neustar/1/ Frame B537
Redirect Chain
  • https://aa.agkn.com/adscores/g.pixel?sid=9212237748&puid=edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e
  • https://d.agkn.com/pixel/10751/?che=1640872706426&ip=45.250.25.110&l1=https%3A%2F%2Ftrc.taboola.com%2Fsg%2Fneustar%2F1%2Fcm%3Ftaboola_hm%3D163850504016007010113
  • https://trc.taboola.com/sg/neustar/1/cm?taboola_hm=163850504016007010113
43 B
104 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://trc.taboola.com/sg/neustar/1/cm?taboola_hm=163850504016007010113
Protocol
H2
Server
151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
0d9762a1a60deef8aa093c473ad27c38eed77184d6940e7df06d89d77cbd3e94

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-vcl-time-ms
8
pragma
no-cache
date
Thu, 30 Dec 2021 13:58:26 GMT
via
1.1 varnish
server
nginx
x-timer
S1640872707.581722,VS0,VE8
x-served-by
cache-dca17780-DCA
x-cache
MISS
cache-control
no-cache, no-store
accept-ranges
bytes
x-cache-hits
0

Redirect headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:25 GMT
via
1.1 6840113c714f694919508fbd89b7f29d.cloudfront.net (CloudFront)
server
Apache-Coyote/1.1
x-amz-cf-pop
EWR53-C1
x-cache
Miss from cloudfront
p3p
CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
location
https://trc.taboola.com/sg/neustar/1/cm?taboola_hm=163850504016007010113
cache-control
no-cache, must-revalidate
content-length
0
x-amz-cf-id
l95zlpdPXjqp4kV354U9gRQxnqvjx_BaE8qHxybdtYmRm-RJUVCT4Q==
expires
Sat, 01 Jan 2000 00:00:00 GMT
cse
pxl.connexity.net/c/ Frame B537 		44 B
510 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pxl.connexity.net/c/cse?a=R&A=22c&D=569a&V=9&I0k=ptnrid&I0v=edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
64.19.224.203 , United States, ASN14332 (SHOPZILLA, US),
Reverse DNS
Software
nginx /
Resource Hash
6d1743a4b9cd803083da5fd65626a4e92edebe73a40ee18f60276c96492b4afd

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 30 Dec 2021 13:58:26 GMT
Server
nginx
Transfer-Encoding
chunked
P3P
policyref="/w3c/p3p.xml", CP="CAO PSA OUR CURa DEVa PSDo PSAo BUS COR UNI COM",an.pp="http://www.connexity.com/privacy",an.oo="http://www.connexity.com/privacy",an.bt="N"
Cache-Control
no-store, max-age=-1, post-check=0, pre-check=0
Content-Transfer-Encoding
binary
Connection
keep-alive
Content-Type
image/gif
Expires
-1
64716
i6.liadm.com/s/ Frame B537
Redirect Chain
  • https://i.liadm.com/s/32441?bidder_id=88068&bidder_uuid=edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e
  • https://i.liadm.com/s/64716?md5=&sha1=&sha2=&bidder_id=88068&bidder_uuid=edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e&previous_uuid=4496c83974014f90b4c0d1681ef92254
  • https://i6.liadm.com/s/64716?sha1=&bidder_id=88068&sha2=&bidder_uuid=edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e&md5=
43 B
447 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i6.liadm.com/s/64716?sha1=&bidder_id=88068&sha2=&bidder_uuid=edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e&md5=
Protocol
HTTP/1.1
Server
2600:1f18:444a:4602:2c20:3113:5c28:1366 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 30 Dec 2021 13:58:26 GMT
Cache-Control
no-store
Connection
keep-alive
trace-id
cd96b6412bb27dae
Content-Length
43
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
image/gif

Redirect headers

Location
https://i6.liadm.com/s/64716?sha1=&bidder_id=88068&sha2=&bidder_uuid=edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e&md5=
Date
Thu, 30 Dec 2021 13:58:26 GMT
Connection
keep-alive
trace-id
d926c40067d3cbed
Content-Length
0
Strict-Transport-Security
max-age=31536000; includeSubDomains
/
sync.taboola.com/sg/appnexus-network/1/rtb-h/ Frame B537
Redirect Chain
  • https://ib.adnxs.com/getuidnb?https://sync.taboola.com/sg/appnexus-network/1/rtb-h/?taboola_hm=$UID&orig=trc
  • https://sync.taboola.com/sg/appnexus-network/1/rtb-h/?taboola_hm=3183875922675690167&orig=trc
0
230 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.taboola.com/sg/appnexus-network/1/rtb-h/?taboola_hm=3183875922675690167&orig=trc
Protocol
H2
Server
141.226.224.48 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:26 GMT
access-control-allow-credentials
true
server
nginx
x-fastly-to-nlb-rtt
12171

Redirect headers

Pragma
no-cache
Date
Thu, 30 Dec 2021 13:58:26 GMT
X-Proxy-Origin
45.250.25.110; 45.250.25.110; 672.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid
5b33d709-88d4-4bcb-80e6-6aa156926521
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://sync.taboola.com/sg/appnexus-network/1/rtb-h/?taboola_hm=3183875922675690167&orig=trc
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
/
trc.taboola.com/sg/google-network/1/rtb-h/ Frame B537
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_cm&google_sc
  • https://trc.taboola.com/sg/google-network/1/rtb-h/?taboola_hm=CAESEGV28zS88ltdfa6-GRMtgUs&google_cver=1
0
54 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://trc.taboola.com/sg/google-network/1/rtb-h/?taboola_hm=CAESEGV28zS88ltdfa6-GRMtgUs&google_cver=1
Protocol
H2
Server
151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-vcl-time-ms
8
date
Thu, 30 Dec 2021 13:58:26 GMT
via
1.1 varnish
server
nginx
x-timer
S1640872706.419067,VS0,VE8
x-cache
MISS
x-cache-hits
0
accept-ranges
bytes
content-length
0
x-served-by
cache-dca17780-DCA

Redirect headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:26 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://trc.taboola.com/sg/google-network/1/rtb-h/?taboola_hm=CAESEGV28zS88ltdfa6-GRMtgUs&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
304
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
cm
us-u.openx.net/w/1.0/ Frame B537
Redirect Chain
  • https://idsync.rlcdn.com/382399.gif?partner_uid=edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e&gdpr=0&gdpr_consent=
  • https://us-u.openx.net/w/1.0/cm?id=e508c905-ddce-4732-92a4-0b0f5b72a28f&r=https%3A%2F%2Fidsync.rlcdn.com%2F396846.gif%3Fserved_by%3Devergreen%26partner_uid%3D
43 B
219 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/cm?id=e508c905-ddce-4732-92a4-0b0f5b72a28f&r=https%3A%2F%2Fidsync.rlcdn.com%2F396846.gif%3Fserved_by%3Devergreen%26partner_uid%3D
Protocol
H2
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/17.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:26 GMT
content-encoding
gzip
server
OXGW/17.0.0
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
via
1.1 google
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
56
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

date
Thu, 30 Dec 2021 13:58:26 GMT
via
1.1 google
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://us-u.openx.net/w/1.0/cm?id=e508c905-ddce-4732-92a4-0b0f5b72a28f&r=https%3A%2F%2Fidsync.rlcdn.com%2F396846.gif%3Fserved_by%3Devergreen%26partner_uid%3D
cache-control
no-cache, no-store
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
Pug
simage2.pubmatic.com/AdServer/ Frame B537 		42 B
393 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw&piggybackCookie=edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e:$UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.36.115.109 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:26 GMT
cache-control
no-store, no-cache, private
x-lat
njrpug001:0:579
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
csync.ashx
ml314.com/ Frame B537
Redirect Chain
  • https://ml314.com/utsync.ashx?eid=50077&et=0&fp=edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e&gdpr=0&gdpr_consent=&return=https%3a%2f%2fidsync.rlcdn.com%2f395886.gif%3fpartner_uid%3d%5bPersonID%5d
  • https://idsync.rlcdn.com/395886.gif?partner_uid=3624068251975680020
  • https://ml314.com/csync.ashx?fp=774ccc348ceec109a7d4b0f8103331090bdbe392113a14d1a3ec7c204a5a26f7f4cb09cee1a4f8eb&person_id=3624068251975680020&eid=50082
43 B
312 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ml314.com/csync.ashx?fp=774ccc348ceec109a7d4b0f8103331090bdbe392113a14d1a3ec7c204a5a26f7f4cb09cee1a4f8eb&person_id=3624068251975680020&eid=50082
Protocol
HTTP/1.1
Server
34.233.103.61 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-103-61.compute-1.amazonaws.com
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 30 Dec 2021 13:58:26 GMT
Server
Microsoft-IIS/10.0
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Content-Type
image/gif
Cache-Control
private
Connection
keep-alive
Content-Length
43
Expires
Fri, 31 Dec 2021 08:58:26 GMT

Redirect headers

date
Thu, 30 Dec 2021 13:58:26 GMT
via
1.1 google
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://ml314.com/csync.ashx?fp=774ccc348ceec109a7d4b0f8103331090bdbe392113a14d1a3ec7c204a5a26f7f4cb09cee1a4f8eb&person_id=3624068251975680020&eid=50082
cache-control
no-cache, no-store
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
pixel
cm.g.doubleclick.net/ Frame B537
Redirect Chain
  • https://sync.taboola.com/sg/google-network/1/rtb?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dtaboola_dbm%26google_sc%26gdpr%3D0%26gdpr_consent%3D&orig=trc
  • https://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_sc&gdpr=0&gdpr_consent=&google_hm=edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_sc&gdpr=0&gdpr_consent=&google_hm=edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e
Protocol
H3
Server
142.250.65.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s71-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:26 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_sc&gdpr=0&gdpr_consent=&google_hm=edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e
date
Thu, 30 Dec 2021 13:58:26 GMT
access-control-allow-credentials
true
server
nginx
x-fastly-to-nlb-rtt
12988
/
trc.taboola.com/sg/thetradedesk-network/1/rtb-h/ Frame B537
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=054f32o&ttd_tpi=1
  • https://trc.taboola.com/sg/thetradedesk-network/1/rtb-h/?taboola_hm=e0abe75f-a4ea-4fff-b6a5-5da8b250c6e4
0
54 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://trc.taboola.com/sg/thetradedesk-network/1/rtb-h/?taboola_hm=e0abe75f-a4ea-4fff-b6a5-5da8b250c6e4
Protocol
H2
Server
151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-vcl-time-ms
8
date
Thu, 30 Dec 2021 13:58:26 GMT
via
1.1 varnish
server
nginx
x-timer
S1640872706.413443,VS0,VE8
x-cache
MISS
x-cache-hits
0
accept-ranges
bytes
content-length
0
x-served-by
cache-dca17780-DCA

Redirect headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:26 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://trc.taboola.com/sg/thetradedesk-network/1/rtb-h/?taboola_hm=e0abe75f-a4ea-4fff-b6a5-5da8b250c6e4
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
239
merge
ce.lijit.com/ Frame B537
Redirect Chain
  • https://ce.lijit.com/merge?pid=42&3pid=edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e&us_privacy=&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=42&3pid=edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e&us_privacy=&gdpr=0&gdpr_consent=&dnr=1
0
433 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=42&3pid=edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e&us_privacy=&gdpr=0&gdpr_consent=&dnr=1
Protocol
HTTP/1.1
Server
23.92.190.68 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 30 Dec 2021 13:58:26 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap2ewr1
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Thu, 30 Dec 2021 13:58:26 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Location
https://ce.lijit.com/merge?pid=42&3pid=edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e&us_privacy=&gdpr=0&gdpr_consent=&dnr=1
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap2ewr1
Content-Length
0
Expires
Fri, 20 Mar 2009 00:00:00 GMT
rtset
bh.contextweb.com/bh/ Frame B537 		49 B
672 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bh.contextweb.com/bh/rtset?do=add&pid=553204&ev=edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
198.148.27.139 New York, United States, ASN19189 (PULSEPOINT, US),
Reverse DNS
Software
Jetty(9.4.14.v20181114) /
Resource Hash
d0409a1b73dab4e29dc40f92fb431fa9133baa23b4a1ffae4897f39068110e32
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=15768000
server
Jetty(9.4.14.v20181114)
content-language
en-US
p3p
policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
cache-control
private, max-age=0, no-cache, no-store
content-type
image/gif;charset=iso-8859-1
cw-server
bh-deployment-685df6f7b9-fhw5j
expires
-1
rtb-h
sync.taboola.com/sg/storygize-network/1/ Frame B537
Redirect Chain
  • https://www.storygize.net/ccm/4b560cdd-91f9-422b-adb7-e9dff26bc3ad?u=edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e
  • https://www.storygize.net/csr?r=https%3A%2F%2Fsync.taboola.com%2Fsg%2Fstorygize-network%2F1%2Frtb-h%3Ftaboola_hm%3D6cb39ed4-8fd5-4385-942a-b7d5ffd397fb
  • https://sync.taboola.com/sg/storygize-network/1/rtb-h?taboola_hm=6cb39ed4-8fd5-4385-942a-b7d5ffd397fb
0
230 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.taboola.com/sg/storygize-network/1/rtb-h?taboola_hm=6cb39ed4-8fd5-4385-942a-b7d5ffd397fb
Protocol
H2
Server
141.226.224.48 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:26 GMT
access-control-allow-credentials
true
server
nginx
x-fastly-to-nlb-rtt
13287

Redirect headers

Location
https://sync.taboola.com/sg/storygize-network/1/rtb-h?taboola_hm=6cb39ed4-8fd5-4385-942a-b7d5ffd397fb
Pragma
no-cache
cache-control
no-cache, no-store, must-revalidate
Connection
keep-alive
P3P
CP ALL ADM DEV PSAi COM OUR OTRo STP IND ONL
Content-Length
0
expires
0
/
rtb-csync.smartadserver.com/redir/ Frame B537 		43 B
697 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb-csync.smartadserver.com/redir/?partnerid=107&partneruserid=edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e&gdpr=0&gdpr_consent=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
199.187.193.185 , Canada, ASN47043 (SMARTADSERVER, CA),
Reverse DNS
Software
/
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:26 GMT
cache-control
no-cache,no-store
content-type
image/gif
transfer-encoding
chunked
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
put
e1.emxdgt.com/ Frame B537 		43 B
120 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://e1.emxdgt.com/put?d=d41&uid=edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
23.23.88.115 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-23-23-88-115.compute-1.amazonaws.com
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:26 GMT
content-length
43
x-nosync
emp
content-type
image/gif
/
loadm.exelator.com/load/ Frame B537 		0
751 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://loadm.exelator.com/load/?p=204&g=1270&j=0&BUID=edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.229.3.43 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-229-3-43.compute-1.amazonaws.com
Software
nginx / Undertow/1
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:26 GMT
cache-control
no-cache
access-control-allow-credentials
true
server
nginx
x-powered-by
Undertow/1
p3p
policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
/
sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/ Frame B537
Redirect Chain
  • https://dis.criteo.com/dis/usersync.aspx?r=29&p=282&cp=taboolaortb&cu=1&url=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fcriteortb-network%2F1%2Frtb-h%2F%3Ftaboola_hm%3D%40%40CRITEO_USERID%40%40
  • https://sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/?taboola_hm=5d9efba0-4461-4c54-9e76-024563ed93ab
0
230 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/?taboola_hm=5d9efba0-4461-4c54-9e76-024563ed93ab
Protocol
H2
Server
141.226.224.48 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:26 GMT
access-control-allow-credentials
true
server
nginx
x-fastly-to-nlb-rtt
12171

Redirect headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:25 GMT
server
Kestrel
x-errorlevel
0
strict-transport-security
max-age=31536000; preload;
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location
https://sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/?taboola_hm=5d9efba0-4461-4c54-9e76-024563ed93ab
cache-control
no-cache
cross-origin-resource-policy
cross-origin
server-processing-duration-in-ticks
1998732
content-length
0
expires
Thu, 30 Dec 2021 00:00:00 GMT
mw
mwzeom.zeotap.com/ Frame B537 		95 B
433 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?zpartnerid=1412&env=mWeb&cid=b7a8dbf7c78dbe5ec07806e983c8ddc03e5edc6aaaa661be8cb993d5de911763&gdpr=$0&gdpr_consent=$
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:26 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type
image/png
access-control-allow-origin
*
access-control-allow-credentials
true
cf-ray
6c5bc86f6e7757a3-IAD
access-control-allow-headers
*
content-length
95
generic
sync.ipredictive.com/d/sync/cookie/ Frame B537
Redirect Chain
  • https://id5-sync.com/s/464/9.gif?puid=edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e&gdpr=0&gdpr_consent=&callback=https%3A%2F%2Fsync.taboola.com%2Fsg%2Fid5-network%2F1%2Frtb-h%2F%3Ftaboola_hm%3D...
  • https://id5-sync.com/c/464/464/7/1.gif?puid=edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e&gdpr=0&gdpr_consent=
  • https://ib.adnxs.com/getuid?https://id5-sync.com/c/464/2/6/2.gif?puid=$UID&gdpr=0&gdpr_consent=
  • https://id5-sync.com/c/464/2/6/2.gif?puid=3183875922675690167&gdpr=0&gdpr_consent=
  • https://sync.mathtag.com/sync/img?mt_exid=10089&mt_exuid=ID5-ZHMOzsv5HH53hIx_1wPceJ0NfToMZAl8Btr34YiP2w&redir=https%3A%2F%2Fid5-sync.com%2Fc%2F464%2F3%2F5%2F3.gif%3Fpuid%3D%5BUUID%5D%26gdpr%3D0%26g...
  • https://id5-sync.com/c/464/3/5/3.gif?puid=486e61cd-bafa-4300-ae81-e0c2b6322ca6&gdpr=0&gdpr_consent=
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=8h9u11h&ttd_tpi=1&gdpr=0&gdpr_consent=
  • https://id5-sync.com/k/264.gif?puid=e0abe75f-a4ea-4fff-b6a5-5da8b250c6e4&ttl=%%TTL%%
  • https://cookie-matching.mediarithmics.com/v1/get_user_agent_id?dom_token=id517&sd=Y2FzY2FkZXNSZW1haW5pbmc9MyZjYXNjYWRlc0RvbmU9NSZpbml0aWF0aW5nUGFydG5lcj00NjQmZm9ybWF0PWdpZiY
  • https://cookie-matching.mediarithmics.com/v1/get_or_create?sd=Y2FzY2FkZXNSZW1haW5pbmc9MyZjYXNjYWRlc0RvbmU9NSZpbml0aWF0aW5nUGFydG5lcj00NjQmZm9ybWF0PWdpZiY&domid=1033
  • https://cm.g.doubleclick.net/pixel?google_nid=medr&google_cm&key=GOO&sd=Y2FzY2FkZXNSZW1haW5pbmc9MyZjYXNjYWRlc0RvbmU9NSZpbml0aWF0aW5nUGFydG5lcj00NjQmZm9ybWF0PWdpZiY&action=GET_ID&opid=goo&etid=&domi...
  • https://cookie-matching.mediarithmics.com/input?key=GOO&key=GOO&sd=Y2FzY2FkZXNSZW1haW5pbmc9MyZjYXNjYWRlc0RvbmU9NSZpbml0aWF0aW5nUGFydG5lcj00NjQmZm9ybWF0PWdpZiY&action=GET_ID&opid=goo&etid=&domid=103...
  • https://ib.adnxs.com/getuid?https://cookie-matching.mediarithmics.com/input?key=APX&apx_uid=$UID&opid=apx&ops=&utidl=tech:goo:CAESEKHs4uVdYGATEGFhyfEoU5k&sd=Y2FzY2FkZXNSZW1haW5pbmc9MyZjYXNjYWRlc0Rv...
  • https://cookie-matching.mediarithmics.com/input?key=APX&apx_uid=3183875922675690167&opid=apx&ops=&utidl=tech:goo:CAESEKHs4uVdYGATEGFhyfEoU5k&sd=Y2FzY2FkZXNSZW1haW5pbmc9MyZjYXNjYWRlc0RvbmU9NSZpbml0a...
  • https://id5-sync.com/qp/18.gif?puid=vec%3A24013968869&sd=Y2FzY2FkZXNSZW1haW5pbmc9MyZjYXNjYWRlc0RvbmU9NSZpbml0aWF0aW5nUGFydG5lcj00NjQmZm9ybWF0PWdpZiY
  • https://ice.360yield.com/match?publisher_dsp_id=313&dsp_callback=1&external_user_id=ID5-ZHMOzsv5HH53hIx_1wPceJ0NfToMZAl8Btr34YiP2w&r=https%3A%2F%2Fid5-sync.com%2Fcq%2F464%2F916%2F2%2F6.gif%3Fpuid%3...
  • https://ice.360yield.com/ul_cb/match?publisher_dsp_id=313&dsp_callback=1&external_user_id=ID5-ZHMOzsv5HH53hIx_1wPceJ0NfToMZAl8Btr34YiP2w&r=https%3A%2F%2Fid5-sync.com%2Fcq%2F464%2F916%2F2%2F6.gif%3F...
  • https://id5-sync.com/cq/464/916/2/6.gif?puid=ee79c2a0-d18c-489d-9b60-44a222537d47&gdpr=0&gdpr_consent=&gdpr=0&gdpr_consent=
  • https://match.prod.bidr.io/cookie-sync/id5
  • https://id5-sync.com/k/155.gif?id5AccountNum=155&numCascadesAllowed=9&puid=AAFPok7Dm3YAAEBiNAEM6g
  • https://sync.ipredictive.com/d/sync/cookie/generic?partner=id5&cspid=18&cb=&redirect=https%3A%2F%2Fid5-sync.com%2Fc%2F464%2F796%2F0%2F8.gif%3Fpuid%3D%24%7BADELPHIC_CUID%7D%26gdpr%3D0%26gdpr_consent...
0
0
sync
ups.analytics.yahoo.com/ups/55973/ Frame B537
Redirect Chain
  • https://pixel.advertising.com/ups/55973/sync?uid=edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e&_origin=1
  • https://pixel.advertising.com/ups/55973/sync?uid=edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e&_origin=1&verify=true
  • https://ups.analytics.yahoo.com/ups/55973/sync?uid=edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e&_origin=1&apid=UP8f6eadce-6978-11ec-8109-02a123991559
0
632 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ups.analytics.yahoo.com/ups/55973/sync?uid=edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e&_origin=1&apid=UP8f6eadce-6978-11ec-8109-02a123991559
Protocol
H2
Server
52.45.33.138 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-45-33-138.compute-1.amazonaws.com
Software
ATS/9.1.0.33 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:26 GMT
server
ATS/9.1.0.33
age
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

location
https://ups.analytics.yahoo.com/ups/55973/sync?uid=edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e&_origin=1&apid=UP8f6eadce-6978-11ec-8109-02a123991559
date
Thu, 30 Dec 2021 13:58:26 GMT
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
taboola_td_cookiesync
in.treasuredata.com/postback/v3/event/media/ Frame B537 		35 B
448 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://in.treasuredata.com/postback/v3/event/media/taboola_td_cookiesync?td_format=pixel&td_write_key=10628/3f27e73e6bd9ea6d999cfb0d5a4af0d1ca246c08&td_global_id=td_global_id&td_ip=td_ip&td_ua=td_ua&taboola_id=edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.3.109.58 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-3-109-58.compute-1.amazonaws.com
Software
/
Resource Hash
b05bf1769da8596f575f074474fde72f795f02b7797d7ae0b58b939e1c216047
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000
Connection
keep-alive
P3P
CP="This is not a P3P policy! See https://docs.treasuredata.com/articles/p3p"
Date
Thu, 30 Dec 2021 13:58:26 GMT
Content-Length
35
Content-Type
image/gif
rtb-h
sync.taboola.com/sg/bidtellectrtb-network/1/ Frame B537
Redirect Chain
  • https://bttrack.com/pixel/cookiesync?source=14b8c562-d12b-418b-b680-ad517d5839ec
  • https://sync.taboola.com/sg/bidtellectrtb-network/1/rtb-h?taboola_hm=f71e59a5-4380-468e-8ae7-4e9a544a02cd
0
230 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.taboola.com/sg/bidtellectrtb-network/1/rtb-h?taboola_hm=f71e59a5-4380-468e-8ae7-4e9a544a02cd
Protocol
H2
Server
141.226.224.48 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:26 GMT
access-control-allow-credentials
true
server
nginx
x-fastly-to-nlb-rtt
15122

Redirect headers

X-ServerName
Track003-dc3
Pragma
no-cache
Date
Thu, 30 Dec 2021 13:58:25 GMT
X-AspNetMvc-Version
5.2
Server
Microsoft-IIS/8.5
X-AspNet-Version
4.0.30319
P3P
CP="CAO DSP COR ADMo DEVo PSAo PSDo HISo IVAo IVDo OUR IND OTC"
Location
https://sync.taboola.com/sg/bidtellectrtb-network/1/rtb-h?taboola_hm=f71e59a5-4380-468e-8ae7-4e9a544a02cd
Cache-Control
private,no-cache
Content-Type
text/html; charset=utf-8
Content-Length
222
Expires
-1
/
gixel.gnetwork.me/ Frame B537 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gixel.gnetwork.me/?giaudi_id=edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1901:0:240a:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers
rtb-h
sync-t1.taboola.com/sg/bidswitch-network/1/ Frame B537
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=taboola&gdpr=0&gdpr_consent=
  • https://c1.adform.net/serving/cookie/match/?party=24&bidswitch_ssp_id=taboola
  • https://x.bidswitch.net/sync?dsp_id=70&user_id=3938217731362747973&ssp=taboola
  • https://sync-t1.taboola.com/sg/bidswitch-network/1/rtb-h?taboola_hm=84efc425-6b61-4040-bd22-124692c6664b
0
230 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync-t1.taboola.com/sg/bidswitch-network/1/rtb-h?taboola_hm=84efc425-6b61-4040-bd22-124692c6664b
Protocol
H2
Server
141.226.224.48 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:26 GMT
access-control-allow-credentials
true
server
nginx
x-fastly-to-nlb-rtt
14039

Redirect headers

Location
//sync-t1.taboola.com/sg/bidswitch-network/1/rtb-h?taboola_hm=84efc425-6b61-4040-bd22-124692c6664b
Date
Thu, 30 Dec 2021 13:58:26 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
0
tpid=edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e
sync.crwdcntrl.net/map/c=10924/tp=OOLA/ Frame B537 		49 B
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.crwdcntrl.net/map/c=10924/tp=OOLA/tpid=edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.203.157.37 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-203-157-37.compute-1.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:26 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
*
cache-control
no-cache
x-server
10.40.8.246
content-type
image/gif
content-length
49
expires
0
rtb-h
match.taboola.com/sg/mediaforcebidder-network/1/ Frame B537
Redirect Chain
  • https://rtb.mfadsrvr.com/sync?ssp=taboola
  • https://rtb.mfadsrvr.com/ul_cb/sync?ssp=taboola
  • https://sync.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=8d5f73aa-5fab-48ec-ad58-73e0411837e4
  • https://match.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=8d5f73aa-5fab-48ec-ad58-73e0411837e4&tbid=edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e&query=taboola_hm%3D8d5f73aa-5fab-...
0
52 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=8d5f73aa-5fab-48ec-ad58-73e0411837e4&tbid=edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e&query=taboola_hm%3D8d5f73aa-5fab-48ec-ad58-73e0411837e4&isDirect=0
Protocol
H2
Server
151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:26 GMT
via
1.1 varnish
server
nginx
x-timer
S1640872707.654722,VS0,VE8
x-cache
MISS
x-cache-hits
0
accept-ranges
bytes
content-length
0
x-served-by
cache-dca17780-DCA

Redirect headers

location
https://match.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=8d5f73aa-5fab-48ec-ad58-73e0411837e4&tbid=edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e&query=taboola_hm%3D8d5f73aa-5fab-48ec-ad58-73e0411837e4&isDirect=0
date
Thu, 30 Dec 2021 13:58:26 GMT
access-control-allow-credentials
true
server
nginx
x-fastly-to-nlb-rtt
13089
sd
u.openx.net/w/1.0/ Frame B537
Redirect Chain
  • https://u.openx.net/w/1.0/sd?id=543998486&val=edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e&gdpr=0&gdpr_consent=
  • https://u.openx.net/w/1.0/sd?cc=1&id=543998486&val=edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e&gdpr=0&gdpr_consent=
43 B
61 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://u.openx.net/w/1.0/sd?cc=1&id=543998486&val=edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e&gdpr=0&gdpr_consent=
Protocol
H3
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/17.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:26 GMT
via
1.1 google
server
OXGW/17.0.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

location
https://u.openx.net/w/1.0/sd?cc=1&id=543998486&val=edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e&gdpr=0&gdpr_consent=
date
Thu, 30 Dec 2021 13:58:26 GMT
via
1.1 google
server
OXGW/17.0.0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
p3p
CP="CUR ADM OUR NOR STA NID"
cm
trc.taboola.com/sg/salesforce/1/ Frame B537
Redirect Chain
  • https://usermatch.krxd.net/um/v2?partner=taboola
  • https://trc.taboola.com/sg/salesforce/1/cm?taboola_hm=Okl69tJd
43 B
132 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://trc.taboola.com/sg/salesforce/1/cm?taboola_hm=Okl69tJd
Protocol
H2
Server
151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
0d9762a1a60deef8aa093c473ad27c38eed77184d6940e7df06d89d77cbd3e94

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-vcl-time-ms
8
pragma
no-cache
date
Thu, 30 Dec 2021 13:58:26 GMT
via
1.1 varnish
server
nginx
x-timer
S1640872706.413370,VS0,VE8
x-served-by
cache-dca17780-DCA
x-cache
MISS
cache-control
no-cache, no-store
accept-ranges
bytes
x-cache-hits
0

Redirect headers

location
https://trc.taboola.com/sg/salesforce/1/cm?taboola_hm=Okl69tJd
date
Thu, 30 Dec 2021 13:58:26 GMT
x-cache-hits
0
x-age
0
content-length
0
x-cache
MISS
x-served-by
usermatch-a012-ash-prod.krxd.net
rtb-h
sync.taboola.com/sg/betweenxrtb-network/1/ Frame B537
Redirect Chain
  • https://ads.betweendigital.com/match?bidder_id=43957&callback_url=https%3A%2F%2Fsync.taboola.com%2Fsg%2Fbetweenxrtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24%7BUSER_ID%7D
  • https://ads.betweendigital.com/match?bidder_id=43957&callback_url=https%3A%2F%2Fsync.taboola.com%2Fsg%2Fbetweenxrtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24%7BUSER_ID%7D&crf=1
  • https://sync.taboola.com/sg/betweenxrtb-network/1/rtb-h?taboola_hm=f29d89c3-678f-516c-89b6-bbf7e87b00f5
0
98 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.taboola.com/sg/betweenxrtb-network/1/rtb-h?taboola_hm=f29d89c3-678f-516c-89b6-bbf7e87b00f5
Protocol
H2
Server
141.226.224.48 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:27 GMT
access-control-allow-credentials
true
server
nginx
x-fastly-to-nlb-rtt
17711

Redirect headers

location
https://sync.taboola.com/sg/betweenxrtb-network/1/rtb-h?taboola_hm=f29d89c3-678f-516c-89b6-bbf7e87b00f5
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-length
0
66627
i.liadm.com/s/ Frame B537 		43 B
447 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.liadm.com/s/66627?bidder_id=88068&bidder_uuid=edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.194.166.233 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-194-166-233.compute-1.amazonaws.com
Software
/
Resource Hash
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 30 Dec 2021 13:58:26 GMT
Cache-Control
no-store
Connection
keep-alive
trace-id
294ba4355f3ad184
Content-Length
43
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
image/gif
/
sync.taboola.com/sg/adxxscod-network/1/rtb-h/ Frame B537
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=taboolacom_ltd&google_sc&google_hm=r87uYfxHRL2OybblurZa3Q&google_redir=https%3A%2F%2Fsync.taboola.com%2Fsg%2Fadxxscod-network%2F1%2Frtb-h%2F%3Ftaboola_...
  • https://sync.taboola.com/sg/adxxscod-network/1/rtb-h/?taboola_hm=edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e&ui=r87uYfxHRL2OybblurZa3Q
0
98 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.taboola.com/sg/adxxscod-network/1/rtb-h/?taboola_hm=edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e&ui=r87uYfxHRL2OybblurZa3Q
Protocol
H2
Server
141.226.224.48 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:26 GMT
access-control-allow-credentials
true
server
nginx
x-fastly-to-nlb-rtt
12171

Redirect headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:26 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://sync.taboola.com/sg/adxxscod-network/1/rtb-h/?taboola_hm=edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e&ui=r87uYfxHRL2OybblurZa3Q
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
340
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
xuid
eb2.3lift.com/ Frame B537 		37 B
352 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?mid=7772&xuid=edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e&dongle=tbla
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.223.22.214 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
afb83dd09526a6517.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:26 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
tap.php
pixel.rubiconproject.com/ Frame B537 		42 B
711 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=1013714&nid=5550&put=edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
8.43.72.97 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length
42
X-RPHost
10af108baa8103fb427a2cc0433d74a0
Content-Type
image/gif
taboola
sync.hgrtb.com/ Frame B537 		0
0
sync
visitor.omnitagjs.com/visitor/ Frame B537 		49 B
235 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://visitor.omnitagjs.com/visitor/sync?uid=54ac1f569912e3c4967bf7b5df910a44&name=TABOOLA&visitor=[BUYER_USERID]&external=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
195.244.31.10 Newark, United States, ASN63140 (IGUANA-WORLDWIDE, US),
Reverse DNS
Software
ayl-lb-usa02 /
Resource Hash
d1371feb0512d700cf724b05a588ce79f8d8dfbb0991ae5f45ecd3ab08983a38
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:26 GMT
x-content-type-options
nosniff
server
ayl-lb-usa02
vary
Accept-Encoding
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
3
content-length
49
expires
0
rum
dsum-sec.casalemedia.com/ Frame B537 		43 B
315 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?external_user_id=edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.52.162.21 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-52-162-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 30 Dec 2021 13:58:26 GMT
Server
Apache
Vary
Is-Traffic-Usersync
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Length
43
Expires
Thu, 30 Dec 2021 13:58:26 GMT
cds-pips.js
cdn.taboola.com/scripts/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.taboola.com/scripts/cds-pips.js
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20211230-7-RELEASE.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
7faef21187e15aefd3d8a5a585ca32c66358f597a97f5abd276517eaea1057d3

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id
iYtYacMlAb7PnD4NbVgysKvLj2fov4iK
content-encoding
gzip
etag
"3aa74dbf5cd656dbb65deda2d238ddbd"
age
2588
x-cache
HIT
x-amz-replication-status
COMPLETED
content-length
911
x-amz-id-2
QBvWLtyMdyoiyuzHZlnoXhaQLyI7gSRrit9/XzXEe2uu4mRQ/2WM75cNUvepyqmBLQzzXZ+jw0w=
x-served-by
cache-dca17780-DCA
last-modified
Wed, 14 Jul 2021 05:06:01 GMT
server
AmazonS3
x-timer
S1640872706.379871,VS0,VE0
date
Thu, 30 Dec 2021 13:58:26 GMT
vary
Accept-Encoding
x-amz-request-id
TJD8F53GVRBGZ8PF
via
1.1 varnish
cache-control
private, max-age=3600
accept-ranges
bytes
content-type
application/javascript
abp
1
x-cache-hits
96
panorama.js
cdn.taboola.com/scripts/ 		1 KB
989 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.taboola.com/scripts/panorama.js
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20211230-7-RELEASE.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d7bfa676c07c88144d9ecdcec09a4ec7afcd0449226bf5fc5063342a16d5f8e3

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id
CYlu4uGxGteYv0_gS3v6WaXb_4ObQ4ke
content-encoding
gzip
etag
"245ecb1e94189239a899012670435435"
age
24186
x-cache
HIT
x-amz-replication-status
COMPLETED
content-length
710
x-amz-id-2
4Jb0Zh6JrXDz2nNPqAhg0wBJfvl9LQmdx//DRNtzrrS66zRKBiZR63OqDQkSOsEelH4lLQFitv4=
x-served-by
cache-dca17780-DCA
last-modified
Sun, 18 Apr 2021 12:53:28 GMT
server
AmazonS3
x-timer
S1640872706.380361,VS0,VE0
date
Thu, 30 Dec 2021 13:58:26 GMT
vary
Accept-Encoding
x-amz-request-id
76EDXD50Q3DJV0NF
via
1.1 varnish
cache-control
private,max-age=14400
accept-ranges
bytes
content-type
application/javascript
abp
1
x-cache-hits
249
/
pips.taboola.com/ 		64 B
244 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pips.taboola.com/
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/scripts/cds-pips.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:200::300 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Varnish /
Resource Hash
94ced0d4c94d2743b8875077f9eedb7788cb9f80cd839e19816fe78f907aa90e

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:26 GMT
via
1.1 varnish
server
Varnish
x-served-by
cache-dca17739-DCA
access-control-allow-methods
GET
access-control-allow-origin
https://www.baltimoresun.com
cache-control
no-store
x-cache
HIT
accept-ranges
bytes
content-length
64
retry-after
0
x-cache-hits
0
sync.min.js
tags.crwdcntrl.net/lt/c/16011/ 		23 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.crwdcntrl.net/lt/c/16011/sync.min.js
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/scripts/panorama.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.230.162.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-54-230-162-121.ewr53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
7ede96275acb943f9079c1d7e2c838f65bcd2959e6a6b0b13734cbbdb08a3b01

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-server-side-encryption
AES256
date
Wed, 29 Dec 2021 17:14:42 GMT
content-encoding
gzip
last-modified
Tue, 23 Nov 2021 20:29:21 GMT
server
AmazonS3
age
74625
etag
W/"5c59b19ead19919d8dfbde00b9fc3d04"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
via
1.1 6886c621d4716e156349149ba8d65b41.cloudfront.net (CloudFront)
cache-control
max-age: 86400
x-amz-cf-pop
EWR53-C3
x-amz-cf-id
5ySXBpOLuIm4-U9oc_jKYko3vfzBiBAtx8jcm017NL9br1AkL9hT6g==
/
cds.taboola.com/ 		0
155 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://cds.taboola.com/?uid=edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e&uad=f1005e25c8c4ed5504b2f307645c2a106b7290109295f6140feb93d592f468e5
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/scripts/cds-pips.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
141.226.224.32 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Thu, 30 Dec 2021 13:58:26 GMT
Cache-Control
no-store
Server
nginx
Connection
close
data
bcp.crwdcntrl.net/6/ 		172 B
1001 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://bcp.crwdcntrl.net/6/data
Requested by
Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/13200/lt.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.73.153.177 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-73-153-177.compute-1.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
54dd6dab7dc8f91606c567d844bdf8c11c3d36690af78c74b421641e908ce8dd

Request headers

Referer
https://www.baltimoresun.com/
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:26 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
https://www.baltimoresun.com
cache-control
no-cache
x-server
10.40.32.130
access-control-allow-credentials
true
content-type
application/json;charset=utf-8
content-length
172
expires
0
integrator.js
adservice.google.com/adsid/ Frame E1DD 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:822::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 30 Dec 2021 13:58:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
pubads.g.doubleclick.net/gampad/ Frame 60AF 		156 B
145 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pubads.g.doubleclick.net/gampad/ads?iu=%2F107430338%2FCNXORTEST%2F6650&description_url=https%3A%2F%2Fwww.baltimoresun.com%2Fcoronavirus%2Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&tfcd=0&npa=0&sz=400x300%7C640x480&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=3774294144335338&cust_params=domains%3Dwww.baltimoresun.com&ad_type=video&sdkv=h.3.493.0&osd=2&frm=1&vis=1&sdr=1&hl=en&afvsz=200x200%2C450x50%2C468x60%2C480x70&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&u_so=l&ctv=0&gdpr_consent=tcunavailable&sdki=44d&adk=38908496&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.493.0&sid=AB7EF834-3F30-42EE-B1CA-FFB56AD884F7&nel=1&eid=44750604&top=https%3A%2F%2Fwww.baltimoresun.com%2Fcoronavirus%2Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&url=https%3A%2F%2Fwww.baltimoresun.com%2Fcoronavirus%2Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&loc=about%3Ablank&dlt=1640872699580&idt=2735&dt=1640872707066&cookie=ID%3D1ab9841e9d635743%3AT%3D1640872697%3AS%3DALNI_Ma-Qe6UXEsGDRe5-rBnPwntAlRaoQ&scor=3395639365759926&ged=ve4_td7_tt5_pd7_la7000_er2636.441.2794.747_vi0.0.1200.1600_vp0_ts2_eb16491
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.72.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s32-in-f2.1e100.net
Software
cafe /
Resource Hash
8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:27 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
113
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/xml; charset=UTF-8
access-control-allow-origin
https://imasdk.googleapis.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame 1BF5 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuINN4unghpRZSbbktmprsIuyOFydVyrdqozG9eMMtM9pO14cYcdAUlhNeOhr9DN50F6cnSffM_V6V_KAe9kVFk2omFBm2IPvriRanU3-pg5rK2ZkNC&sig=Cg0ArKJSzGFArA-_jasWEAE&id=lidarv&acvw=sv%3D914%26cb%3Dima%26e%3D9%26nas%3D1%26sdk%3Dh%26p%3D854,224,1270,964%26tos%3D0,2025,0,0,0%26mtos%3D0,2025,2025,2025,2025%26amtos%3D0,0,0,0,0%26mcvt%3D2025%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D2025%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D432%26pst%3D415%26dur%3D30036%26vmtime%3D1948%26dtos%3D2025%26dtoss%3D1%26dvs%3D2012%26dfvs%3D0%26dvpt%3D2012%26is%3D275%26i0%3D275%26ic%3D1%26cs%3D4371%26c%3D0.83%26mc%3D0.83%26nc%3D0.83%26mv%3D0%26nv%3D0%26lte%3D0.83%26ces%26femt%3D4575%26femvt%3D0%26emc%3D11%26emuc%3D0%26emb%3D0,11,0,0,0%26avms%3Dexc%26qi%3D546407981%26psm%3D-2147483645%26psv%3D-2147483645%26psfv%3D0%26psa%3D0%26ptlt%3D9187%26pngs%3D9,14,15s%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,2025,0&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26dav%3D0%26ss%3D0.13%26t%3D1640872705112
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:27 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
integrator.js
adservice.google.com/adsid/ Frame E1DD 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:822::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 30 Dec 2021 13:58:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
gen_204
pagead2.googlesyndication.com/pagead/ Frame E1DD 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?adtagurl=https%3A%2F%2Fpubads.g.doubleclick.net%2Fgampad%2Fads%3Fiu%3D%2F107430338%2FCNXORTEST%2F5640%26description_url%3Dhttps%253A%252F%252Fwww.baltimoresun.com%252Fcoronavirus%252Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html%26tfcd%3D0%26npa%3D0%26sz%3D400x300%257C640x480%26gdfp_req%3D1%26output%3Dvast%26unviewed_position_start%3D1%26env%3Dinstream%26impl%3Ds%26correlator%3D8ed9677e-7344-4d2c-aaa9-498286188500%26cust_params%3Ddomains%253Dwww.baltimoresun.com%26ad_type%3Dvideo&customPlayback=f&customClick=f&lid=8&sdkv=h.3.493.0&e=44750604%2C44750824&id=ima_html5&c=428083378999419&domain
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:27 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
pubads.g.doubleclick.net/gampad/ Frame 0AEA 		156 B
145 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pubads.g.doubleclick.net/gampad/ads?iu=%2F107430338%2FCNXORTEST%2F5640&description_url=https%3A%2F%2Fwww.baltimoresun.com%2Fcoronavirus%2Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&tfcd=0&npa=0&sz=400x300%7C640x480&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=instream&correlator=1310274290877422&cust_params=domains%3Dwww.baltimoresun.com&ad_type=video&sdkv=h.3.493.0&osd=2&frm=1&vis=1&sdr=1&hl=en&afvsz=200x200%2C450x50%2C468x60%2C480x70&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&u_so=l&ctv=0&gdpr_consent=tcunavailable&sdki=44d&adk=3133581750&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.493.0&sid=F4EEFD2E-0BB0-4352-A444-A30E7AC5BD97&nel=1&eid=44750604%2C44750824&top=https%3A%2F%2Fwww.baltimoresun.com%2Fcoronavirus%2Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&url=https%3A%2F%2Fwww.baltimoresun.com%2Fcoronavirus%2Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&loc=about%3Ablank&dlt=1640872699580&idt=2836&dt=1640872707673&cookie=ID%3D1ab9841e9d635743%3AT%3D1640872697%3AS%3DALNI_Ma-Qe6UXEsGDRe5-rBnPwntAlRaoQ&scor=3203242857778671&ged=ve4_td8_tt6_pd8_la8000_er2636.441.2794.747_vi0.0.1200.1600_vp0_ts2_eb16491
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.72.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s32-in-f2.1e100.net
Software
cafe /
Resource Hash
8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:27 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
113
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/xml; charset=UTF-8
access-control-allow-origin
https://imasdk.googleapis.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
st
capi.connatix.com/tr/ Frame E1DD 		0
321 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi.connatix.com/tr/st?v=143023
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.220.25.210 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-220-25-210.us-east-2.compute.amazonaws.com
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Thu, 30 Dec 2021 13:58:26 GMT
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://www.baltimoresun.com
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
20
gen_204
pagead2.googlesyndication.com/pagead/ Frame E1DD 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?error=1009&vis=1&lid=7&sdkv=h.3.493.0&e=44750604%2C44750824&id=ima_html5&c=428083378999419&domain
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:27 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
media
direct.ad.cpe.dotomi.com/cvx/client/direct/ Frame E1DD 		68 B
363 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://direct.ad.cpe.dotomi.com/cvx/client/direct/media?sid=210061&placement_id=d4c4c58&vpaid=2&m=11&mdf=mp4&vastver=2
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2606:ae80:1451:11::2100 , United States, ASN25751 (VALUECLICK, US),
Reverse DNS
Software
nginx /
Resource Hash
34945e57183f095b83b2afddd4768243e33633e4431a9bc7dc06a421dacee7b3

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:27 GMT
server
nginx
content-type
text/html
access-control-allow-origin
https://www.baltimoresun.com
cache-control
no-cache
access-control-allow-credentials
true
content-length
68
expires
0
st
capi.connatix.com/tr/ Frame E1DD 		0
321 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi.connatix.com/tr/st?v=143023
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.220.25.210 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-220-25-210.us-east-2.compute.amazonaws.com
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Thu, 30 Dec 2021 13:58:27 GMT
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://www.baltimoresun.com
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
20
i
www.i.matheranalytics.com/ 		43 B
245 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.i.matheranalytics.com/i?e=pe&tv=js-3.0.138&tna=Mather&aid=v1&p=web&tz=Etc%2FUnknown&tzoff=0&lang=en-US&cs=UTF-8&navt=link&f_pdf=1&res=1600x1200&cd=24&cookie=1&f_jquery=1&f_es6=1&f_gears=2&tvltm=15&tvcfg=all&f_privb=0&tid=ec42fdd4-0947-4794-8c38-f93716646b15&pid=3fd2ad8b-b4be-4d78-a81e-5ea5351195e5&dtm=1640872708048&qnm=_matherq&visible=1&tabid=707c5c94-999a-48bd-931a-818a6d9dff4e&refr=https%3A%2F%2Ft.co%2F&url=https%3A%2F%2Fwww.baltimoresun.com%2Fcoronavirus%2Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&vrefr=https%3A%2F%2Ft.co%2F&vp=1600x1200&ds=1600x10976&tofa=1640872698&vid=1&lvidt=1640872698&duid=ee5e6c871b747ff8&fp=401617179&cid=ma89701&mrk=197837615&cx=eyJwZXJmIjp7InN0YXJ0IjoiMTY0MDg3MjY5NjQzOSIsInJlZGlyQ250IjoiMCIsIm5hdlR5cGUiOiJsaW5rIiwiaGVhcFUiOiIxNi4xbWIiLCJoZWFwVCI6IjE3LjFtYiIsImZzdFBhaW50IjoiMzY1IiwiZmV0Y2hTIjoiMCIsImRvbWFpblMiOiIyIiwiZG9tYWluRSI6IjQ3IiwiY29ublMiOiI0NyIsImNvbm5FIjoiOTciLCJzc2xTIjoiNTUiLCJyZXF1UyI6Ijk3IiwicmVzcFMiOiIxNjQiLCJyZXNwRSI6IjE4MiIsImRvbUxvYWQiOiIxNjciLCJkb21JbnRlciI6Ijk3NSIsImRvbUxvYWRTIjoiOTc3IiwiZG9tTG9hZEUiOiI5OTQiLCJkb21DbXBsdCI6IjY3NTYiLCJsb2FkUyI6IjY3NTYiLCJsb2FkRSI6IjY3NjcifX0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.195.91.69 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-195-91-69.compute-1.amazonaws.com
Software
/
Resource Hash
d6fbd6d46b0a1be6a3cdc49f712f83d661805a42fc37993340e2cc4493819adc

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 30 Dec 2021 13:58:28 GMT
Connection
keep-alive
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
Content-Length
43
Content-Type
image/gif
event.png
tpsc-nyc.doubleverify.com/ Frame B9AD 		0
281 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://tpsc-nyc.doubleverify.com/event.png?impid=8a2c5f08dfc64973914014fc5f5902e0&gdpr=&gdpr_consent=&dvp_masver=1953&eoid=13&cbust=1640872708240466
Requested by
Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements1953.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
204.154.110.88 , United States, ASN36062 (DOUBLE-VERIFY, US),
Reverse DNS
nycp-phlb118.doubleverify.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com/
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin
https://76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com
Pragma
no-cache
Date
Thu, 30 Dec 2021 13:58:28 GMT
Cache-Control
max-age=0
Access-Control-Allow-Credentials
true
Expires
12/29/2021 13:58:28
event.png
tpsc-nyc.doubleverify.com/ Frame AD86 		0
281 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://tpsc-nyc.doubleverify.com/event.png?impid=9f183a764c2f4219b774735c3f0f7e61&gdpr=&gdpr_consent=&dvp_masver=1953&eoid=13&cbust=1640872708243498
Requested by
Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements1953.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
204.154.110.88 , United States, ASN36062 (DOUBLE-VERIFY, US),
Reverse DNS
nycp-phlb118.doubleverify.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com/
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin
https://76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com
Pragma
no-cache
Date
Thu, 30 Dec 2021 13:58:18 GMT
Cache-Control
max-age=0
Access-Control-Allow-Credentials
true
Expires
12/29/2021 13:58:28
integrator.js
adservice.google.com/adsid/ Frame E1DD 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:822::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 30 Dec 2021 13:58:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
pubads.g.doubleclick.net/gampad/ Frame 8558 		156 B
146 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pubads.g.doubleclick.net/gampad/ads?iu=%2F107430338%2FCNXORTEST%2F6148&description_url=https%3A%2F%2Fwww.baltimoresun.com%2Fcoronavirus%2Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&tfcd=0&npa=0&sz=400x300%7C640x480&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=2967072133922894&cust_params=domains%3Dwww.baltimoresun.com&ad_type=video&sdkv=h.3.493.0&osd=2&frm=1&vis=1&sdr=1&hl=en&afvsz=200x200%2C450x50%2C468x60%2C480x70&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&u_so=l&ctv=0&gdpr_consent=tcunavailable&sdki=44d&adk=838683114&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.493.0&sid=10464087-99AE-44B6-86F6-0A5E35B16769&nel=1&eid=44750604%2C44752711&top=https%3A%2F%2Fwww.baltimoresun.com%2Fcoronavirus%2Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&url=https%3A%2F%2Fwww.baltimoresun.com%2Fcoronavirus%2Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&loc=about%3Ablank&dlt=1640872699580&idt=2788&dt=1640872708305&cookie=ID%3D1ab9841e9d635743%3AT%3D1640872697%3AS%3DALNI_Ma-Qe6UXEsGDRe5-rBnPwntAlRaoQ&scor=389345377764949&ged=ve4_td8_tt6_pd8_la8000_er2636.441.2794.747_vi0.0.1200.1600_vp0_ts2_eb16491
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.72.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s32-in-f2.1e100.net
Software
cafe /
Resource Hash
8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:28 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
113
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/xml; charset=UTF-8
access-control-allow-origin
https://imasdk.googleapis.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
postback
s.srvsynd.com/2/2.43.1/234175/AP4v3tgJBZc63V4i/ 		0
145 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://s.srvsynd.com/2/2.43.1/234175/AP4v3tgJBZc63V4i/postback?ci=234175&dt=2341751597675869250012&di=www.baltimoresun.com&ui=f1a7817fe20f4597938371768ad6be84&ap=undefined&sr=connatix.com&de=2&md=2&pp=780864319626685&ti=x1212214887973369980443275100160&to=3&pv=8266dd6e-3c76-4285-9592-6a0ab89c378d&sid=AP4v3tgJBZc63V4i&oz_sc=d1a5b9c31009128bce120ef1&oz_df=1640872708316&oz_l=6481&cv=3
Requested by
Host: s.srvsynd.com
URL: https://s.srvsynd.com/2/2.43.1/main.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
34.226.87.209 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-226-87-209.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.baltimoresun.com/
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
*
Date
Thu, 30 Dec 2021 13:58:28 GMT
Timing-Allow-Origin
*
Content-Length
0
Vary
Origin
postback
s.srvsynd.com/2/2.43.1/234175/AP4v3tgJBZc63V4i/ 		0
145 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://s.srvsynd.com/2/2.43.1/234175/AP4v3tgJBZc63V4i/postback?ci=234175&dt=2341751597675869250012&di=www.baltimoresun.com&ui=f1a7817fe20f4597938371768ad6be84&ap=undefined&sr=connatix.com&de=2&md=2&pp=780864319626685&ti=x1212214887973369980443275100160&to=3&pv=8266dd6e-3c76-4285-9592-6a0ab89c378d&sid=AP4v3tgJBZc63V4i&oz_sc=d1a5b9c31009128bce120ef1&oz_df=1640872708354&oz_l=235&cv=3
Requested by
Host: s.srvsynd.com
URL: https://s.srvsynd.com/2/2.43.1/main.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
34.226.87.209 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-226-87-209.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.baltimoresun.com/
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
*
Date
Thu, 30 Dec 2021 13:58:28 GMT
Timing-Allow-Origin
*
Content-Length
0
Vary
Origin
media
direct.ad.cpe.dotomi.com/cvx/client/direct/ Frame E1DD 		68 B
363 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://direct.ad.cpe.dotomi.com/cvx/client/direct/media?sid=210059&placement_id=a83f707&vpaid=2&m=11&mdf=mp4&vastver=2
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2606:ae80:1451:11::2100 , United States, ASN25751 (VALUECLICK, US),
Reverse DNS
Software
nginx /
Resource Hash
34945e57183f095b83b2afddd4768243e33633e4431a9bc7dc06a421dacee7b3

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:28 GMT
server
nginx
content-type
text/html
access-control-allow-origin
https://www.baltimoresun.com
cache-control
no-cache
access-control-allow-credentials
true
content-length
68
expires
0
postback
s.srvsynd.com/2/2.43.1/234175/AP4v3tgJBZc63V4i/ 		0
145 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://s.srvsynd.com/2/2.43.1/234175/AP4v3tgJBZc63V4i/postback?ci=234175&dt=2341751597675869250012&di=www.baltimoresun.com&ui=f1a7817fe20f4597938371768ad6be84&ap=undefined&sr=connatix.com&de=2&md=2&pp=780864319626685&ti=x1212214887973369980443275100160&to=3&pv=8266dd6e-3c76-4285-9592-6a0ab89c378d&sid=AP4v3tgJBZc63V4i&oz_sc=d1a5b9c31009128bce120ef1&oz_df=1640872709642&oz_l=3066&cv=3
Requested by
Host: s.srvsynd.com
URL: https://s.srvsynd.com/2/2.43.1/main.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
34.226.87.209 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-226-87-209.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.baltimoresun.com/
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
*
Date
Thu, 30 Dec 2021 13:58:29 GMT
Timing-Allow-Origin
*
Content-Length
0
Vary
Origin
integrator.js
adservice.google.com/adsid/ Frame E1DD 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:822::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 30 Dec 2021 13:58:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
pubads.g.doubleclick.net/gampad/live/ Frame 60AF 		156 B
188 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pubads.g.doubleclick.net/gampad/live/ads?iu=%2F30690318%2FTRONC_RON_Ora_Desktop&description_url=https%3A%2F%2Fwww.baltimoresun.com%2Fcoronavirus%2Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&tfcd=0&npa=0&sz=640x480&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=3485207959071662&sdkv=h.3.493.0&osd=2&frm=1&vis=1&sdr=1&hl=en&afvsz=200x200%2C450x50%2C468x60%2C480x70&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&u_so=l&ctv=0&gdpr_consent=tcunavailable&sdki=44d&adk=637743642&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.493.0&sid=AB7EF834-3F30-42EE-B1CA-FFB56AD884F7&nel=1&eid=44750604&top=https%3A%2F%2Fwww.baltimoresun.com%2Fcoronavirus%2Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&url=https%3A%2F%2Fwww.baltimoresun.com%2Fcoronavirus%2Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&loc=about%3Ablank&dlt=1640872699580&idt=2735&dt=1640872709997&cookie=ID%3D1ab9841e9d635743%3AT%3D1640872697%3AS%3DALNI_Ma-Qe6UXEsGDRe5-rBnPwntAlRaoQ&scor=3287175762865394&ged=ve4_td10_tt8_pd10_la10000_er2636.441.2794.747_vi0.0.1200.1600_vp0_ts3_eb16491
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.72.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s32-in-f2.1e100.net
Software
ltt /
Resource Hash
8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
153
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
ltt
google-mediationtag-id
-2
google-creative-id
-2
x-frame-options
SAMEORIGIN
content-type
text/xml; charset=UTF-8
access-control-allow-origin
https://imasdk.googleapis.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
sync.taboola.com/sg/yahoosspus-network/1/rtb-h/ Frame F487
Redirect Chain
  • https://ups.analytics.yahoo.com/ups/58534/occ
  • https://sync.taboola.com/sg/yahoosspus-network/1/rtb-h/?taboola_hm=y-V6oCjw5E2uE7.n9GAK.irzWNcjZGBIUsCgU4DAE-~A
0
230 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.taboola.com/sg/yahoosspus-network/1/rtb-h/?taboola_hm=y-V6oCjw5E2uE7.n9GAK.irzWNcjZGBIUsCgU4DAE-~A
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Server
141.226.224.48 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://imprnjmp.taboola.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:30 GMT
access-control-allow-credentials
true
server
nginx
x-fastly-to-nlb-rtt
16307

Redirect headers

location
https://sync.taboola.com/sg/yahoosspus-network/1/rtb-h/?taboola_hm=y-V6oCjw5E2uE7.n9GAK.irzWNcjZGBIUsCgU4DAE-~A
date
Thu, 30 Dec 2021 13:58:30 GMT
server
ATS/9.1.0.33
age
0
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
/
sync.taboola.com/sg/improvedigitalrtb-network/1/rtb-h/ Frame F487
Redirect Chain
  • https://ad.360yield.com/server_match?partner_id=1577gdpr=0&r=https%3A%2F%2Fsync.taboola.com%2Fsg%2Fimprovedigitalrtb-network%2F1%2Frtb-h%2F%3Ftaboola_hm%3D%7BPUB_USER_ID%7D
  • https://sync.taboola.com/sg/improvedigitalrtb-network/1/rtb-h/?taboola_hm=ee79c2a0-d18c-489d-9b60-44a222537d47
0
230 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.taboola.com/sg/improvedigitalrtb-network/1/rtb-h/?taboola_hm=ee79c2a0-d18c-489d-9b60-44a222537d47
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Server
141.226.224.48 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://imprnjmp.taboola.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:30 GMT
access-control-allow-credentials
true
server
nginx
x-fastly-to-nlb-rtt
13997

Redirect headers

location
https://sync.taboola.com/sg/improvedigitalrtb-network/1/rtb-h/?taboola_hm=ee79c2a0-d18c-489d-9b60-44a222537d47
date
Thu, 30 Dec 2021 13:58:30 GMT
access-control-allow-origin
*
content-type
text/plain
content-length
0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
rtb-h
sync.taboola.com/sg/synacorrtb-network/1/ Frame F487
Redirect Chain
  • https://sync.technoratimedia.com/services?srv=cs&pid=70&cb=https%3A%2F%2Fsync.taboola.com%2Fsg%2Fsynacorrtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%5BUSER_ID%5D
  • https://sync.taboola.com/sg/synacorrtb-network/1/rtb-h?taboola_hm=1345D2117A8B4805B34CFE2437A6617D
0
230 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.taboola.com/sg/synacorrtb-network/1/rtb-h?taboola_hm=1345D2117A8B4805B34CFE2437A6617D
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Server
141.226.224.48 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://imprnjmp.taboola.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:30 GMT
access-control-allow-credentials
true
server
nginx
x-fastly-to-nlb-rtt
14508

Redirect headers

date
Thu, 30 Dec 2021 13:58:30 GMT
via
1.1 varnish
server
nginx
age
0
location
https://sync.taboola.com/sg/synacorrtb-network/1/rtb-h?taboola_hm=1345D2117A8B4805B34CFE2437A6617D
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
text/plain
access-control-allow-origin
https://imprnjmp.taboola.com/
access-control-allow-credentials
true
x-varnish
1051159449
content-length
0
/
sync.taboola.com/sg/yahoossplatam-network/1/rtb-h/ Frame F487
Redirect Chain
  • https://ups.analytics.yahoo.com/ups/58533/occ
  • https://sync.taboola.com/sg/yahoossplatam-network/1/rtb-h/?taboola_hm=y-V6oCjw5E2uE7.n9GAK.irzWNcjZGBIUsCgU4DAE-~A
0
230 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.taboola.com/sg/yahoossplatam-network/1/rtb-h/?taboola_hm=y-V6oCjw5E2uE7.n9GAK.irzWNcjZGBIUsCgU4DAE-~A
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Server
141.226.224.48 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://imprnjmp.taboola.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:30 GMT
access-control-allow-credentials
true
server
nginx
x-fastly-to-nlb-rtt
16307

Redirect headers

location
https://sync.taboola.com/sg/yahoossplatam-network/1/rtb-h/?taboola_hm=y-V6oCjw5E2uE7.n9GAK.irzWNcjZGBIUsCgU4DAE-~A
date
Thu, 30 Dec 2021 13:58:30 GMT
server
ATS/9.1.0.33
age
0
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
usermatch
ssum-sec.casalemedia.com/ Frame 21D7 		2 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ssum-sec.casalemedia.com/usermatch?gdpr=0&s=183756&us_privacy=1---&cb=https%3A%2F%2Fsync.taboola.com%2Fsg%2Fcasale-network%2F1%2Frtb-h%2F%3Ftaboola_hm%3D%5Bpartner_user_id%5D%26orig%3Dvideo%26us_privacy%3D1---
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.52.162.21 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-52-162-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
3de3075ef16d3387fb9e903eaf5521e0e7ea1c4bedc4877d77dc850cf56c8436

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-US,en;q=0.9
Referer
https://imprnjmp.taboola.com/

Response headers

Server
Apache
Content-Type
text/html
Dropped-Udsids
73|46|130|3|221|190|241|191
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Vary
Is-Traffic-Usersync
Content-Length
1764
Expires
Thu, 30 Dec 2021 13:58:30 GMT
Cache-Control
max-age=0, no-cache, no-store
Pragma
no-cache
Date
Thu, 30 Dec 2021 13:58:30 GMT
Connection
keep-alive
/
sync.taboola.com/sg/yahoosspus-network/1/rtb-h/ Frame 44C0
Redirect Chain
  • https://ups.analytics.yahoo.com/ups/58534/occ
  • https://sync.taboola.com/sg/yahoosspus-network/1/rtb-h/?taboola_hm=y-V6oCjw5E2uE7.n9GAK.irzWNcjZGBIUsCgU4DAE-~A
0
230 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.taboola.com/sg/yahoosspus-network/1/rtb-h/?taboola_hm=y-V6oCjw5E2uE7.n9GAK.irzWNcjZGBIUsCgU4DAE-~A
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Server
141.226.224.48 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://us-match.taboola.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:30 GMT
access-control-allow-credentials
true
server
nginx
x-fastly-to-nlb-rtt
17545

Redirect headers

location
https://sync.taboola.com/sg/yahoosspus-network/1/rtb-h/?taboola_hm=y-V6oCjw5E2uE7.n9GAK.irzWNcjZGBIUsCgU4DAE-~A
date
Thu, 30 Dec 2021 13:58:30 GMT
server
ATS/9.1.0.33
age
0
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
/
sync.taboola.com/sg/emxdigitalrtb-network/1/rtb-h/ Frame 44C0
Redirect Chain
  • https://cs.emxdgt.com/um?redirect=https%3A%2F%2Fsync.taboola.com%2Fsg%2Femxdigitalrtb-network%2F1%2Frtb-h%2F%3Ftaboola_hm%3D%24UID
  • https://ib.adnxs.com/getuid?https://cs.emxdgt.com/umcheck?apnxid=$UID&redirect=https%3A%2F%2Fsync.taboola.com%2Fsg%2Femxdigitalrtb-network%2F1%2Frtb-h%2F%3Ftaboola_hm%3D%24EMXUID&b64_redirect=aHR0c...
  • https://cs.emxdgt.com/umcheck?apnxid=3183875922675690167&redirect=https://sync.taboola.com/sg/emxdigitalrtb-network/1/rtb-h/?taboola_hm=$EMXUID&b64_redirect=aHR0cHM6Ly9zeW5jLnRhYm9vbGEuY29tL3NnL2Vt...
  • https://sync.taboola.com/sg/emxdigitalrtb-network/1/rtb-h/?taboola_hm=3183875922675690167brt66701640872710284159bd
0
230 B 		Script
General
Check archive.org
Download Go to
Full URL
https://sync.taboola.com/sg/emxdigitalrtb-network/1/rtb-h/?taboola_hm=3183875922675690167brt66701640872710284159bd
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Server
141.226.224.48 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://us-match.taboola.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:30 GMT
access-control-allow-credentials
true
server
nginx
x-fastly-to-nlb-rtt
16855

Redirect headers

location
https://sync.taboola.com/sg/emxdigitalrtb-network/1/rtb-h/?taboola_hm=3183875922675690167brt66701640872710284159bd
date
Thu, 30 Dec 2021 13:58:30 GMT
content-length
0
content-type
text/html
/
sync.taboola.com/sg/rtb-pulsepoint-network/1/rtb-h/ Frame 44C0
Redirect Chain
  • https://bh.contextweb.com/bh/rtset?gdpr=0&pid=560382&ev=1&us_privacy=1---&rurl=https%3A%2F%2Fsync.taboola.com%2Fsg%2Frtb-pulsepoint-network%2F1%2Frtb-h%2F%3Fgdpr%3D0%26taboola_hm%3D%25%25VGUID%25%2...
  • https://cm.g.doubleclick.net/pixel?google_nid=contextweb&google_cm&google_sc&google_hm=X1J4Z0V6RUVNSUxoUW90ejVVa21Xdw&gdpr=&gdpr_consent=
  • https://bh.contextweb.com/bh/rtset?do=add&pid=547259&gdpr=&gdpr_consent=&ev=CAESEG-mr-CjVYVaQkQ6cdXDsqs&google_cver=1
  • https://sync.taboola.com/sg/rtb-pulsepoint-network/1/rtb-h/?gdpr=0&taboola_hm=EZ2yaDDdi7BZ&orig=video&us_privacy=1---&ev=1&us_privacy=1---&pid=560382&gdpr=0
0
230 B 		Script
General
Check archive.org
Download Go to
Full URL
https://sync.taboola.com/sg/rtb-pulsepoint-network/1/rtb-h/?gdpr=0&taboola_hm=EZ2yaDDdi7BZ&orig=video&us_privacy=1---&ev=1&us_privacy=1---&pid=560382&gdpr=0
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Server
141.226.224.48 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://us-match.taboola.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:30 GMT
access-control-allow-credentials
true
server
nginx
x-fastly-to-nlb-rtt
22354

Redirect headers

strict-transport-security
max-age=15768000
server
Jetty(9.4.14.v20181114)
p3p
policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
content-language
en-US
location
https://sync.taboola.com/sg/rtb-pulsepoint-network/1/rtb-h/?gdpr=0&taboola_hm=EZ2yaDDdi7BZ&orig=video&us_privacy=1---&ev=1&us_privacy=1---&pid=560382&gdpr=0
cache-control
private, max-age=0, no-cache, no-store
cw-server
bh-deployment-685df6f7b9-fhw5j
expires
-1
/
sync.taboola.com/sg/improvedigitalrtb-network/1/rtb-h/ Frame 44C0
Redirect Chain
  • https://ad.360yield.com/server_match?partner_id=1577gdpr=0&r=https%3A%2F%2Fsync.taboola.com%2Fsg%2Fimprovedigitalrtb-network%2F1%2Frtb-h%2F%3Ftaboola_hm%3D%7BPUB_USER_ID%7D
  • https://sync.taboola.com/sg/improvedigitalrtb-network/1/rtb-h/?taboola_hm=ee79c2a0-d18c-489d-9b60-44a222537d47
0
230 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.taboola.com/sg/improvedigitalrtb-network/1/rtb-h/?taboola_hm=ee79c2a0-d18c-489d-9b60-44a222537d47
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Server
141.226.224.48 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://us-match.taboola.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:30 GMT
access-control-allow-credentials
true
server
nginx
x-fastly-to-nlb-rtt
18327

Redirect headers

location
https://sync.taboola.com/sg/improvedigitalrtb-network/1/rtb-h/?taboola_hm=ee79c2a0-d18c-489d-9b60-44a222537d47
date
Thu, 30 Dec 2021 13:58:30 GMT
access-control-allow-origin
*
content-type
text/plain
content-length
0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Yc26-8PaJt5j23F1hnB8aQAAAZoAAAAB
pr-bh.ybp.yahoo.com/sync/casale/ Frame 21D7 		43 B
874 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pr-bh.ybp.yahoo.com/sync/casale/Yc26-8PaJt5j23F1hnB8aQAAAZoAAAAB?gdpr_consent=&us_privacy=1---&gdpr=
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?gdpr=0&s=183756&us_privacy=1---&cb=https%3A%2F%2Fsync.taboola.com%2Fsg%2Fcasale-network%2F1%2Frtb-h%2F%3Ftaboola_hm%3D%5Bpartner_user_id%5D%26orig%3Dvideo%26us_privacy%3D1---
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:4e9:5a05:cbbe:ce00:264f:b9b8 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:30 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
content-type
image/gif
x-xss-protection
1; mode=block
content-length
43
x-content-type-options
nosniff
crum
dsum-sec.casalemedia.com/ Frame 21D7
Redirect Chain
  • https://secure.adnxs.com/getuid?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=$UID&us_privacy=1---
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=3183875922675690167&us_privacy=1---
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=3183875922675690167&us_privacy=1---
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?gdpr=0&s=183756&us_privacy=1---&cb=https%3A%2F%2Fsync.taboola.com%2Fsg%2Fcasale-network%2F1%2Frtb-h%2F%3Ftaboola_hm%3D%5Bpartner_user_id%5D%26orig%3Dvideo%26us_privacy%3D1---
Protocol
HTTP/1.1
Server
23.52.162.21 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-52-162-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 30 Dec 2021 13:58:30 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 30 Dec 2021 13:58:30 GMT

Redirect headers

Pragma
no-cache
Date
Thu, 30 Dec 2021 13:58:30 GMT
X-Proxy-Origin
45.250.25.110; 45.250.25.110; 568.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid
db6a7916-6192-4e9a-9dae-8efe33655f7f
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=3183875922675690167&us_privacy=1---
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
ie
match.prod.bidr.io/cookie-sync/ Frame 21D7 		43 B
430 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.prod.bidr.io/cookie-sync/ie?us_privacy=1---
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?gdpr=0&s=183756&us_privacy=1---&cb=https%3A%2F%2Fsync.taboola.com%2Fsg%2Fcasale-network%2F1%2Frtb-h%2F%3Ftaboola_hm%3D%5Bpartner_user_id%5D%26orig%3Dvideo%26us_privacy%3D1---
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.236.195.76 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-236-195-76.compute-1.amazonaws.com
Software
nginx /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
Date
Thu, 30 Dec 2021 13:58:30 GMT
Server
nginx
strict-transport-security
max-age=2592000; includeSubDomains
p3p
CP="This is not a P3P policy! See https://beeswax.com/privacy for more info."
cache-control
no-cache, must-revalidate
Connection
keep-alive
content-type
image/gif
Content-Length
43
expires
Fri, 01 Jan 1990 00:00:00 GMT
crum
dsum-sec.casalemedia.com/ Frame 21D7
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=15&redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D3%26external_user_id%3D%5BMM_UUID%5D&us_privacy=1---
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=486e61cd-bafa-4300-ae81-e0c2b6322ca6
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=486e61cd-bafa-4300-ae81-e0c2b6322ca6
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?gdpr=0&s=183756&us_privacy=1---&cb=https%3A%2F%2Fsync.taboola.com%2Fsg%2Fcasale-network%2F1%2Frtb-h%2F%3Ftaboola_hm%3D%5Bpartner_user_id%5D%26orig%3Dvideo%26us_privacy%3D1---
Protocol
HTTP/1.1
Server
23.52.162.21 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-52-162-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 30 Dec 2021 13:58:30 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 30 Dec 2021 13:58:30 GMT

Redirect headers

Date
Thu, 30 Dec 2021 13:58:30 GMT
Server
MT3 4133 baa842e master ord-pixel-x5 config:1.0.0
Access-Control-Allow-Origin
*
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=486e61cd-bafa-4300-ae81-e0c2b6322ca6
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Thu, 30 Dec 2021 13:58:29 GMT
tpid=Yc26.8PaJt5j23F1hnB8aQAA%26410
bcp.crwdcntrl.net/map/c=6725/tp=INDX/ Frame 21D7 		49 B
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bcp.crwdcntrl.net/map/c=6725/tp=INDX/tpid=Yc26.8PaJt5j23F1hnB8aQAA%26410?gdpr_consent=&us_privacy=1---&gdpr=
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?gdpr=0&s=183756&us_privacy=1---&cb=https%3A%2F%2Fsync.taboola.com%2Fsg%2Fcasale-network%2F1%2Frtb-h%2F%3Ftaboola_hm%3D%5Bpartner_user_id%5D%26orig%3Dvideo%26us_privacy%3D1---
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.73.153.177 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-73-153-177.compute-1.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:30 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
*
cache-control
no-cache
x-server
10.40.11.69
content-type
image/gif
content-length
49
expires
0
crum
dsum.casalemedia.com/ Frame 21D7
Redirect Chain
  • https://ib.adnxs.com/getuid?https://dsum.casalemedia.com/crum?cm_dsp_id=190&external_user_id=$UID&us_privacy=1---
  • https://dsum.casalemedia.com/crum?cm_dsp_id=190&external_user_id=3183875922675690167&us_privacy=1---
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum.casalemedia.com/crum?cm_dsp_id=190&external_user_id=3183875922675690167&us_privacy=1---
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?gdpr=0&s=183756&us_privacy=1---&cb=https%3A%2F%2Fsync.taboola.com%2Fsg%2Fcasale-network%2F1%2Frtb-h%2F%3Ftaboola_hm%3D%5Bpartner_user_id%5D%26orig%3Dvideo%26us_privacy%3D1---
Protocol
HTTP/1.1
Server
23.52.162.21 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-52-162-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 30 Dec 2021 13:58:30 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 30 Dec 2021 13:58:30 GMT

Redirect headers

Pragma
no-cache
Date
Thu, 30 Dec 2021 13:58:30 GMT
X-Proxy-Origin
45.250.25.110; 45.250.25.110; 672.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid
f46d3788-11f1-4266-98b1-280581edc6d8
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://dsum.casalemedia.com/crum?cm_dsp_id=190&external_user_id=3183875922675690167&us_privacy=1---
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
dcm
s.amazon-adsystem.com/ Frame 21D7 		43 B
932 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=1---&gdpr=&gdpr_consent=&id=Yc26-8PaJt5j23F1hnB8aQAAAZoAAAAB
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?gdpr=0&s=183756&us_privacy=1---&cb=https%3A%2F%2Fsync.taboola.com%2Fsg%2Fcasale-network%2F1%2Frtb-h%2F%3Ftaboola_hm%3D%5Bpartner_user_id%5D%26orig%3Dvideo%26us_privacy%3D1---
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
209.54.180.144 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 30 Dec 2021 13:58:30 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
23CH47J2464SQXEPCDS4
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT
index
dmp.brand-display.com/cm/api/ Frame 21D7 		43 B
261 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dmp.brand-display.com/cm/api/index?cm_dsp_id=191&cm_user_id=%3CIndex_user_id%3E&us_privacy=1---
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?gdpr=0&s=183756&us_privacy=1---&cb=https%3A%2F%2Fsync.taboola.com%2Fsg%2Fcasale-network%2F1%2Frtb-h%2F%3Ftaboola_hm%3D%5Bpartner_user_id%5D%26orig%3Dvideo%26us_privacy%3D1---
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.24.171.117 -, , ASN (),
Reverse DNS
Software
nginx/1.20.2 /
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:30 GMT
last-modified
Thu, 30 Dec 2021 13:58:30 GMT
server
nginx/1.20.2
content-type
image/gif
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length
43
expires
Thu, 30 Dec 2021 13:58:31 GMT
/
sync.taboola.com/sg/casale-network/1/rtb-h/ Frame 21D7 		0
230 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.taboola.com/sg/casale-network/1/rtb-h/?taboola_hm=Yc26-8PaJt5j23F1hnB8aQAAAZoAAAAB&orig=video&us_privacy=1---
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?gdpr=0&s=183756&us_privacy=1---&cb=https%3A%2F%2Fsync.taboola.com%2Fsg%2Fcasale-network%2F1%2Frtb-h%2F%3Ftaboola_hm%3D%5Bpartner_user_id%5D%26orig%3Dvideo%26us_privacy%3D1---
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
141.226.224.48 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:30 GMT
access-control-allow-credentials
true
server
nginx
x-fastly-to-nlb-rtt
18327
/
sync-t1.taboola.com/sg/openxrtb-network/1/rtb-h/ Frame DC0D
Redirect Chain
  • https://us-u.openx.net/w/1.0/cm?gdpr=0&us_privacy=1---&id=37f45540-fa88-4005-bf73-8a7ac39467e3&r=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fopenxrtb-network%2F1%2Frtb-h%2F%3Fgdpr%3D0%26us_privacy%3D1...
  • https://sync-t1.taboola.com/sg/openxrtb-network/1/rtb-h/?gdpr=0&us_privacy=1---&orig=video&taboola_hm=c2756fd5-2f8f-4926-adc4-8d6470932b22
0
230 B 		Document
General
Check archive.org
Download Go to
Full URL
https://sync-t1.taboola.com/sg/openxrtb-network/1/rtb-h/?gdpr=0&us_privacy=1---&orig=video&taboola_hm=c2756fd5-2f8f-4926-adc4-8d6470932b22
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
141.226.224.48 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-US,en;q=0.9
Referer
https://us-match.taboola.com/

Response headers

server
nginx
date
Thu, 30 Dec 2021 13:58:30 GMT
x-fastly-to-nlb-rtt
18883
access-control-allow-credentials
true

Redirect headers

vary
Accept, Accept-Encoding
server
OXGW/17.0.0
p3p
CP="CUR ADM OUR NOR STA NID"
location
https://sync-t1.taboola.com/sg/openxrtb-network/1/rtb-h/?gdpr=0&us_privacy=1---&orig=video&taboola_hm=c2756fd5-2f8f-4926-adc4-8d6470932b22
date
Thu, 30 Dec 2021 13:58:30 GMT
content-type
text/html
content-length
0
content-encoding
gzip
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
postback
s.srvsynd.com/2/2.43.1/234175/AP4v3tgJBZc63V4i/ 		0
145 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://s.srvsynd.com/2/2.43.1/234175/AP4v3tgJBZc63V4i/postback?ci=234175&dt=2341751597675869250012&di=www.baltimoresun.com&ui=f1a7817fe20f4597938371768ad6be84&ap=undefined&sr=connatix.com&de=2&md=2&pp=780864319626685&ti=x1212214887973369980443275100160&to=3&pv=8266dd6e-3c76-4285-9592-6a0ab89c378d&sid=AP4v3tgJBZc63V4i&oz_sc=d1a5b9c31009128bce120ef1&oz_df=1640872710626&oz_l=90&cv=3
Requested by
Host: s.srvsynd.com
URL: https://s.srvsynd.com/2/2.43.1/main.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
34.226.87.209 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-226-87-209.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.baltimoresun.com/
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
*
Date
Thu, 30 Dec 2021 13:58:30 GMT
Timing-Allow-Origin
*
Content-Length
0
Vary
Origin
abt
capi.connatix.com/tr/ Frame E1DD 		0
321 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi.connatix.com/tr/abt?v=143023
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.220.25.210 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-220-25-210.us-east-2.compute.amazonaws.com
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Thu, 30 Dec 2021 13:58:29 GMT
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://www.baltimoresun.com
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
20
integrator.js
adservice.google.com/adsid/ Frame E1DD 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:822::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 30 Dec 2021 13:58:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
gen_204
pagead2.googlesyndication.com/pagead/ Frame E1DD 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?adtagurl=https%3A%2F%2Fsecurepubads.g.doubleclick.net%2Fgampad%2Fads%3Fiu%3D%2F107430338%2FCNXORTEST%2F8566%26description_url%3Dhttps%253A%252F%252Fwww.baltimoresun.com%252Fcoronavirus%252Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html%26tfcd%3D0%26npa%3D1%26sz%3D400x300%257C640x480%26gdfp_req%3D1%26output%3Dvast%26unviewed_position_start%3D1%26env%3Dvp%26impl%3Ds%26correlator%3D667aaa34-f449-4806-a789-157db3853e89%26cust_params%3Ddomains%253Dwww.baltimoresun.com%26ad_type%3Dvideo%26us_privacy%3D&customPlayback=f&customClick=f&lid=8&sdkv=h.3.493.0&e=44750604%2C44750824&id=ima_html5&c=428083378999419&domain
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:31 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
securepubads.g.doubleclick.net/gampad/ Frame 0AEA 		156 B
147 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?iu=%2F107430338%2FCNXORTEST%2F8566&description_url=https%3A%2F%2Fwww.baltimoresun.com%2Fcoronavirus%2Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&tfcd=0&npa=1&sz=400x300%7C640x480&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=2311670973435562&cust_params=domains%3Dwww.baltimoresun.com&ad_type=video&us_privacy&sdkv=h.3.493.0&osd=2&frm=1&vis=1&sdr=1&hl=en&afvsz=200x200%2C450x50%2C468x60%2C480x70&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&u_so=l&ctv=0&gdpr_consent=tcunavailable&sdki=44d&adk=3133581750&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.493.0&sid=F4EEFD2E-0BB0-4352-A444-A30E7AC5BD97&nel=1&eid=44750604%2C44750824&top=https%3A%2F%2Fwww.baltimoresun.com%2Fcoronavirus%2Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&url=https%3A%2F%2Fwww.baltimoresun.com%2Fcoronavirus%2Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&loc=about%3Ablank&dlt=1640872699580&idt=2836&dt=1640872710998&cookie=ID%3D1ab9841e9d635743%3AT%3D1640872697%3AS%3DALNI_Ma-Qe6UXEsGDRe5-rBnPwntAlRaoQ&scor=2378603606166233&ged=ve4_td11_tt9_pd11_la11000_er2636.441.2794.747_vi0.0.1200.1600_vp0_ts3_eb16491
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.72.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s32-in-f2.1e100.net
Software
cafe /
Resource Hash
8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:31 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
113
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/xml; charset=UTF-8
access-control-allow-origin
https://imasdk.googleapis.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame E1DD 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?error=1009&vis=1&lid=7&sdkv=h.3.493.0&e=44750604%2C44750824&id=ima_html5&c=428083378999419&domain
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:31 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
g
capi.connatix.com/rtb/ Frame E1DD 		3 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi.connatix.com/rtb/g?v=143023
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.220.25.210 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-220-25-210.us-east-2.compute.amazonaws.com
Software
Kestrel /
Resource Hash
c61d5366ec6a77b6c8ebb1023b5bb8cf92cc3d65fdb46eccdc51853dc971136d

Request headers

Referer
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Thu, 30 Dec 2021 13:58:31 GMT
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://www.baltimoresun.com
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
1757
postback
s.srvsynd.com/2/2.43.1/234175/AP4v3tgJBZc63V4i/ 		0
145 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://s.srvsynd.com/2/2.43.1/234175/AP4v3tgJBZc63V4i/postback?ci=234175&dt=2341751597675869250012&di=www.baltimoresun.com&ui=f1a7817fe20f4597938371768ad6be84&ap=undefined&sr=connatix.com&de=2&md=2&pp=780864319626685&ti=x1212214887973369980443275100160&to=3&pv=8266dd6e-3c76-4285-9592-6a0ab89c378d&sid=AP4v3tgJBZc63V4i&oz_sc=d1a5b9c31009128bce120ef1&oz_df=1640872711672&oz_l=93&cv=3
Requested by
Host: s.srvsynd.com
URL: https://s.srvsynd.com/2/2.43.1/main.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
34.226.87.209 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-226-87-209.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.baltimoresun.com/
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
*
Date
Thu, 30 Dec 2021 13:58:31 GMT
Timing-Allow-Origin
*
Content-Length
0
Vary
Origin
g
capi.connatix.com/rtb/ Frame E1DD 		398 B
614 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi.connatix.com/rtb/g?v=143023
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.220.25.210 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-220-25-210.us-east-2.compute.amazonaws.com
Software
Kestrel /
Resource Hash
c1d76120776952d5ee350dde9d24aeda0d50484a138575bde208112f9dcd91c2

Request headers

Referer
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Thu, 30 Dec 2021 13:58:31 GMT
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://www.baltimoresun.com
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
312
mvo
tag.1rx.io/rmp/230257/0/ Frame 3B1B 		0
176 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tag.1rx.io/rmp/230257/0/mvo?z=1r&hbv=4.43,2.1
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid4.43.0-4.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.127.204.162 , United States, ASN26120 (RHYTHMONE, US),
Reverse DNS
Software
Tengine /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.baltimoresun.com/
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.baltimoresun.com
pragma
no-cache
date
Thu, 30 Dec 2021 13:58:31 GMT
cache-control
private, max-age=0, no-cache, no-store
access-control-allow-credentials
true
server
Tengine
mvo
tag.1rx.io/rmp/230257/0/ Frame 3B1B 		0
176 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tag.1rx.io/rmp/230257/0/mvo?z=1r&hbv=4.43,2.1
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid4.43.0-4.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.127.204.162 , United States, ASN26120 (RHYTHMONE, US),
Reverse DNS
Software
Tengine /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.baltimoresun.com/
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.baltimoresun.com
pragma
no-cache
date
Thu, 30 Dec 2021 13:58:31 GMT
cache-control
private, max-age=0, no-cache, no-store
access-control-allow-credentials
true
server
Tengine
mvo
tag.1rx.io/rmp/230257/0/ Frame 3B1B 		0
176 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tag.1rx.io/rmp/230257/0/mvo?z=1r&hbv=4.43,2.1
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid4.43.0-4.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.127.204.162 , United States, ASN26120 (RHYTHMONE, US),
Reverse DNS
Software
Tengine /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.baltimoresun.com/
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.baltimoresun.com
pragma
no-cache
date
Thu, 30 Dec 2021 13:58:31 GMT
cache-control
private, max-age=0, no-cache, no-store
access-control-allow-credentials
true
server
Tengine
mvo
tag.1rx.io/rmp/230257/0/ Frame 3B1B 		0
176 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tag.1rx.io/rmp/230257/0/mvo?z=1r&hbv=4.43,2.1
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid4.43.0-4.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.127.204.162 , United States, ASN26120 (RHYTHMONE, US),
Reverse DNS
Software
Tengine /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.baltimoresun.com/
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.baltimoresun.com
pragma
no-cache
date
Thu, 30 Dec 2021 13:58:31 GMT
cache-control
private, max-age=0, no-cache, no-store
access-control-allow-credentials
true
server
Tengine
integrator.js
adservice.google.com/adsid/ Frame E1DD 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:822::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 30 Dec 2021 13:58:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
pubads.g.doubleclick.net/gampad/ Frame 8558 		156 B
148 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pubads.g.doubleclick.net/gampad/ads?iu=%2F107430338%2FCNXORTEST%2F2570&description_url=https%3A%2F%2Fwww.baltimoresun.com%2Fcoronavirus%2Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&tfcd=0&npa=0&sz=400x300%7C640x480&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=2253875580095975&cust_params=domains%3Dwww.baltimoresun.com&ad_type=video&us_privacy&sdkv=h.3.493.0&osd=2&frm=1&vis=1&sdr=1&hl=en&afvsz=200x200%2C450x50%2C468x60%2C480x70&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&u_so=l&ctv=0&gdpr_consent=tcunavailable&sdki=44d&adk=838683114&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.493.0&sid=10464087-99AE-44B6-86F6-0A5E35B16769&nel=1&eid=44750604%2C44752711&top=https%3A%2F%2Fwww.baltimoresun.com%2Fcoronavirus%2Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&url=https%3A%2F%2Fwww.baltimoresun.com%2Fcoronavirus%2Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&loc=about%3Ablank&dlt=1640872699580&idt=2788&dt=1640872712493&cookie=ID%3D1ab9841e9d635743%3AT%3D1640872697%3AS%3DALNI_Ma-Qe6UXEsGDRe5-rBnPwntAlRaoQ&scor=2507796413285992&ged=ve4_td12_tt10_pd12_la12000_er2636.441.2794.747_vi0.0.1200.1600_vp0_ts4_eb16491
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.72.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s32-in-f2.1e100.net
Software
cafe /
Resource Hash
8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:32 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
113
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/xml; charset=UTF-8
access-control-allow-origin
https://imasdk.googleapis.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
media
direct.ad.cpe.dotomi.com/cvx/client/direct/ Frame E1DD 		68 B
363 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://direct.ad.cpe.dotomi.com/cvx/client/direct/media?sid=210063&placement_id=addd440&vpaid=2&m=11&mdf=mp4&vastver=2
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2606:ae80:1451:11::2100 , United States, ASN25751 (VALUECLICK, US),
Reverse DNS
Software
nginx /
Resource Hash
34945e57183f095b83b2afddd4768243e33633e4431a9bc7dc06a421dacee7b3

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:32 GMT
server
nginx
content-type
text/html
access-control-allow-origin
https://www.baltimoresun.com
cache-control
no-cache
access-control-allow-credentials
true
content-length
68
expires
0
duration
beacons.extremereach.io/ Frame 1BF5 		35 B
363 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://beacons.extremereach.io/duration?cid=221992&creative_id=24269490&line_item=15671012&companion_id=0&er_ts=1640872705&session_id=PgVKMrIQmy0LKjpQhpc23E1640872705&er_fp=b342ca5fce51f581&subid1=novpaid&er_pm=ap&er_pt=0&us_privacy=%24%7BUS_PRIVACY%7D&gdpr_consent=&gdpr=&percent=0.25&
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:66e7:fb10:6760:55cb:2555:7ffa Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

access-control-allow-origin
*
date
Thu, 30 Dec 2021 13:58:33 GMT
content-type
image/gif
content-length
35
p3p
CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
/
pubads.g.doubleclick.net/pagead/interaction/ Frame 1BF5 		42 B
68 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pubads.g.doubleclick.net/pagead/interaction/?ai=Bj4Jt_7rNYcGXOsW_pQefgJiYC6nMyo9GAAAAEAEg0b23PTgBWKmaxbuDBGDJ3pWM0KTcEbIBFHd3dy5iYWx0aW1vcmVzdW4uY29tugELNDgweDI3MF94bWzIAQXaAXRodHRwczovL3d3dy5iYWx0aW1vcmVzdW4uY29tL2Nvcm9uYXZpcnVzL2JzLW1kLXRydWVjYXJlLXdoaXN0bGVibG93ZXItMjAyMTEyMjktNXNvZjJyeHRudmZwamk0bGtzM3B1bWlxZDQtc3RvcnkuaHRtbJgC2DbAAgLgAgDqAhIvOTIwNTYyODEvNTQwOTg0ODb4AoHSHpADpAOYA9AFqAMB4AQB0gUGEJiix-IVkAYBoAYkqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHAOAHH9IIBwiAYRABGB3YCAKACgWYCwGADAHQFQGAFwE&sigh=xfSTSXnlQgY&label=videoplaytime25&ad_mt=7698&acvw=sv%3D914%26cb%3Dima%26e%3D1%26nas%3D1%26sdk%3Dh%26p%3D854,224,1270,964%26tos%3D0,7744,0,0,0%26mtos%3D0,7744,7744,7744,7744%26amtos%3D0,0,0,0,0%26mcvt%3D7744%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D7744%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D1640%26pst%3D415%26dur%3D30036%26vmtime%3D7698%26dtos%3D5719%26dtoss%3D2%26dvs%3D5719%26dfvs%3D0%26dvpt%3D5719%26is%3D275%26i0%3D275%26i1%3D275%26ic%3D0%26cs%3D4371%26c%3D0.83%26mc%3D0.83%26nc%3D0.83%26mv%3D0%26nv%3D0%26qmt%3D0,7744,7744,7744,7744%26qnc%3D0.83%26qmv%3D0%26qnv%3D0%26lte%3D0.83%26ces%26femt%3D4575%26femvt%3D0%26emc%3D40%26emuc%3D0%26emb%3D0,40,0,0,0%26avms%3Dexc%26qi%3D546407981%26psm%3D-2147483393%26psv%3D-2147483393%26psfv%3D0%26psa%3D0%26ptlt%3D14907%26pngs%3D9s,14,15s%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,7744,0&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26dav%3D0%26ss%3D0.13%26t%3D1640872705112&sdkv=h.3.493.0&vci=CkEIAhIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgRHREZQIAQqCjU4NDM4MzMxMTIyDDEzODM2OTEyNTY3M0CPAQqlAQgBEhR2YXN0LmV4dHJlbWVyZWFjaC5pbxoXRXh0cmVtZSBSZWFjaCBBZCBTZXJ2ZXIgAiosZXh0cmVtZXJlYWNoX2FkXzE1NjcxMDEyXzExODMxNzIzXzI0MjY5NDkwXzAyHmV4dHJlbWVyZWFjaF9jcmVhdGl2ZV8yNDI2OTQ5MEA9UiAQDyUAAPBBKAE6B3Vua25vd25CB3Vua25vd25I2gFQABgB
Requested by
Host: www.baltimoresun.com
URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.72.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s32-in-f2.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:33 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
integrator.js
adservice.google.com/adsid/ Frame E1DD 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:822::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 30 Dec 2021 13:58:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
pubads.g.doubleclick.net/gampad/live/ Frame 60AF 		156 B
190 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pubads.g.doubleclick.net/gampad/live/ads?iu=%2F8749%2FTribune&description_url=https%3A%2F%2Fwww.baltimoresun.com%2Fcoronavirus%2Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&tfcd=0&npa=0&sz=640x480&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=1671778288706821&sdkv=h.3.493.0&osd=2&frm=1&vis=1&sdr=1&hl=en&afvsz=200x200%2C450x50%2C468x60%2C480x70&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&u_so=l&ctv=0&gdpr_consent=tcunavailable&sdki=44d&adk=637743642&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.493.0&sid=AB7EF834-3F30-42EE-B1CA-FFB56AD884F7&nel=1&eid=44750604&top=https%3A%2F%2Fwww.baltimoresun.com%2Fcoronavirus%2Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&url=https%3A%2F%2Fwww.baltimoresun.com%2Fcoronavirus%2Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&loc=about%3Ablank&dlt=1640872699580&idt=2735&dt=1640872713125&cookie=ID%3D1ab9841e9d635743%3AT%3D1640872697%3AS%3DALNI_Ma-Qe6UXEsGDRe5-rBnPwntAlRaoQ&scor=1972161099544230&ged=ve4_td13_tt11_pd13_la13000_er2636.441.2794.747_vi0.0.1200.1600_vp0_ts3_eb16491
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.72.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s32-in-f2.1e100.net
Software
ltt /
Resource Hash
8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
153
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
ltt
google-mediationtag-id
-2
google-creative-id
-2
x-frame-options
SAMEORIGIN
content-type
text/xml; charset=UTF-8
access-control-allow-origin
https://imasdk.googleapis.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
dc_oe=ChMIlsSUlNeL9QIVQ6WfCh2fBQPxEAAYACD6y6FM;met=1;&timestamp=1640872713158;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;
ade.googlesyndication.com/ddm/activity/ Frame E013 		42 B
251 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIlsSUlNeL9QIVQ6WfCh2fBQPxEAAYACD6y6FM;met=1;&timestamp=1640872713158;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.65.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s71-in-f2.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:33 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ping
ping.chartbeat.net/ 		43 B
200 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ping.chartbeat.net/ping?h=baltimoresun.com&p=%2Fcoronavirus%2Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&u=DrDnugBQoAr_Cn-gBV&d=baltimoresun.com&g=45584&g0=coronavirus&g1=Taylor%20DeVille%2CMeredith%20Cohn%2CHallie%20Miller&n=1&f=00001&c=0.25&x=0&m=0&y=10976&o=1600&w=1200&j=30&R=1&W=0&I=0&E=5&e=5&r=https%3A%2F%2Ft.co%2F&b=2160&_s=%7B%22epvid%22%3A%221640872696710_243452589%22%7D&t=6qYwizA9_LQFkGfCgFPveDBKv_m&V=129&tz=0&_acct=anon&sn=2&sv=D_Rt2suQWyEChDhUCrswbDBoXDVI&sr=https%3A%2F%2Ft.co%2F&sd=1&im=067b0ff3&_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.207.202.199 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-207-202-199.compute-1.amazonaws.com
Software
/
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://www.baltimoresun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:33 GMT
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
content-length
43
expires
0
integrator.js
adservice.google.com/adsid/ Frame E1DD 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:822::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 30 Dec 2021 13:58:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
gen_204
pagead2.googlesyndication.com/pagead/ Frame E1DD 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?adtagurl=https%3A%2F%2Fpubads.g.doubleclick.net%2Fgampad%2Fads%3Fiu%3D%2F107430338%2FCNXORTEST%2F6650%26description_url%3Dhttps%253A%252F%252Fwww.baltimoresun.com%252Fcoronavirus%252Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html%26tfcd%3D0%26npa%3D0%26sz%3D400x300%257C640x480%26gdfp_req%3D1%26output%3Dvast%26unviewed_position_start%3D1%26env%3Dvp%26impl%3Ds%26correlator%3Dc4a58f7b-b5b8-461d-8b87-6538f18508ef%26cust_params%3Ddomains%253Dwww.baltimoresun.com%26ad_type%3Dvideo&customPlayback=f&customClick=f&lid=8&sdkv=h.3.493.0&e=44750604%2C44750824&id=ima_html5&c=428083378999419&domain
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:33 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
pubads.g.doubleclick.net/gampad/ Frame 0AEA 		156 B
149 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pubads.g.doubleclick.net/gampad/ads?iu=%2F107430338%2FCNXORTEST%2F6650&description_url=https%3A%2F%2Fwww.baltimoresun.com%2Fcoronavirus%2Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&tfcd=0&npa=0&sz=400x300%7C640x480&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=138066555866557&cust_params=domains%3Dwww.baltimoresun.com&ad_type=video&sdkv=h.3.493.0&osd=2&frm=1&vis=1&sdr=1&hl=en&afvsz=200x200%2C450x50%2C468x60%2C480x70&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&u_so=l&ctv=0&gdpr_consent=tcunavailable&sdki=44d&adk=3133581750&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.493.0&sid=F4EEFD2E-0BB0-4352-A444-A30E7AC5BD97&nel=1&eid=44750604%2C44750824&top=https%3A%2F%2Fwww.baltimoresun.com%2Fcoronavirus%2Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&url=https%3A%2F%2Fwww.baltimoresun.com%2Fcoronavirus%2Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&loc=about%3Ablank&dlt=1640872699580&idt=2836&dt=1640872713909&cookie=ID%3D1ab9841e9d635743%3AT%3D1640872697%3AS%3DALNI_Ma-Qe6UXEsGDRe5-rBnPwntAlRaoQ&scor=1206783141481223&ged=ve4_td14_tt12_pd14_la14000_er2636.441.2794.747_vi0.0.1200.1600_vp0_ts3_eb16491
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.72.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s32-in-f2.1e100.net
Software
cafe /
Resource Hash
8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 13:58:33 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
113
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/xml; charset=UTF-8
access-control-allow-origin
https://imasdk.googleapis.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame E1DD 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?error=1009&vis=1&lid=7&sdkv=h.3.493.0&e=44750604%2C44750824&id=ima_html5&c=428083378999419&domain
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 13:58:34 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
player.sendtonews.com
URL
https://player.sendtonews.com/bidderFiles/0.js
Domain
v.adsrvr.org
URL
https://v.adsrvr.org/VAST/empty-vast.xml
Domain
nodeny.targetspot.com
URL
https://nodeny.targetspot.com/callback/uuid?https://yield-op-idsync.live.streamtheworld.com/pixel.gif?partner=ts&uid=$UID&pubId=41773
Domain
v.adsrvr.org
URL
https://v.adsrvr.org/VAST/empty-vast.xml
Domain
sync.ipredictive.com
URL
https://sync.ipredictive.com/d/sync/cookie/generic?partner=id5&cspid=18&cb=&redirect=https%3A%2F%2Fid5-sync.com%2Fc%2F464%2F796%2F0%2F8.gif%3Fpuid%3D%24%7BADELPHIC_CUID%7D%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_consent=
Domain
sync.hgrtb.com
URL
https://sync.hgrtb.com/taboola?redir=https%3A%2F%2Fsync.taboola.com%2Fsg%2Fmediaforcertb-network%2F1%2Frtb-h%2F%3Ftaboola_hm%3D%7BUSER_ID%7D

Verdicts & Comments Add Verdict or Comment

730 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 object| 11 object| 12 object| 13 object| 14 object| 15 object| 16 object| 17 object| 18 object| 19 object| 20 object| 21 object| 22 object| 23 object| 24 object| 25 object| 26 object| 27 object| 28 object| 29 object| 30 object| 31 object| 32 object| 33 object| 34 object| 35 object| 36 object| 37 object| 38 object| 39 object| 40 object| webviewParam object| hashParams object| outputType undefined| newRelativePathQuery object| trb function| i$ function| _toConsumableArray object| OneTrustStub string| OnetrustActiveGroups string| OptanonActiveGroups object| dataLayer undefined| metaTwitterDnt function| OptanonWrapper object| zephrBrowser number| uniqueIDValue function| zephrLoad function| determinePaywallInclusion function| createEvent function| arrangeZephrData number| nativoLazyLoadOffset object| baselineServices object| DOMHelpers2 function| _createClass function| _classCallCheck function| DeviceDetection function| LazyLoadService object| lazyLoadService function| FeatureAPIHelpers function| TimestampService function| _typeof object| Helpers2 object| UrlParams function| ScriptLoader string| ANALYTICS_REFERRING_PAGE_KEY string| LEAD_ART string| ARTICLE_BODY string| HOMEPAGE string| HOMEPAGE_STORY_FEED string| PLAYLIST string| VIDEO_DETAIL_PAGE string| LIVEBLOG string| GF_PLAYLIST_PARENT string| ARTICLE_GALLERY string| GA_DEFAULT_CD string| RIGHT_RAIL object| genericHelpers function| httpService function| TrackScrollingService function| trackClick function| trackMessages function| trackScroll function| handleMutations function| trackScrolledItems function| trackTaboolaFeedScroll function| trackClickReferrer function| trackElementRenderImpression function| trackElementFocus function| arctrackListeners object| services boolean| disableDssWebview string| minDss object| googletag object| ads object| oVa object| YieldmoService object| serviceCallbacks object| pageBuilder number| _sf_startpt string| GoogleAnalyticsObject function| ga number| BOOMR_lstart function| StickyAdService object| regeneratorRuntime object| ZeusAdapter string| zeusAdUnitPath object| zeusKeyvalues boolean| isSubscriber boolean| isUserLogin function| TaboolaFeedScrollService object| BOOMR_mq string| BOOMR_API_key object| BOOMR object| confiant boolean| apstagLOADED object| apstag function| jsonFeed object| ggeac object| google_js_reporting_queue function| setImmediate function| clearImmediate object| doc object| loc function| checkInfuse object| breakpoints object| _sf_async_config number| _sf_endpt function| $ function| jQuery function| infuse object| TRC object| _taboola object| _tblConsole object| _comscore object| registration object| lotame_13200 object| zeus object| pbjs object| google_tag_manager object| otStubData function| BOOMR_check_doc_domain number| BOOMR_start object| ErrorStackParser object| UserTimingCompression undefined| google_measure_js_timing boolean| creativeVendorLibraryLoaded object| google_tag_data object| gaplugins object| PubMaticSync function| lotameIsCompatible function| lt13200_ba function| lt13200_b undefined| lt13200_c undefined| lt13200_ca undefined| lt13200_da function| lt13200_ea object| lt13200_fa function| lt13200_ga function| lt13200_ha object| lt13200_ object| lt13200_5 function| lt13200_aa function| lt13200_a function| lt13200_d function| lt13200_e function| lt13200_f function| lt13200_g function| lt13200_h function| lt13200_i function| lt13200_j function| lt13200_ja function| lt13200_ia function| lt13200_k function| lt13200_l function| lt13200_ka function| lt13200_m function| lt13200_n function| lt13200_o function| lt13200_p function| lt13200_q function| lt13200_oa function| lt13200_la function| lt13200_ma function| lt13200_s function| lt13200_na function| lt13200_t function| lt13200_u function| lt13200_v function| lt13200_r function| lt13200_w function| lt13200_x function| lt13200_y function| lt13200_z function| lt13200_pa function| lt13200_A function| lt13200_B function| lt13200_qa function| lt13200_C function| lt13200_D function| lt13200_E function| lt13200_ra function| lt13200_G function| lt13200_H function| lt13200_F function| lt13200_sa function| lt13200_I function| lt13200_J function| lt13200_ta function| lt13200_ua function| lt13200_K function| lt13200_va function| lt13200_wa function| lt13200_xa function| lt13200_Ba function| lt13200_ya function| lt13200_za function| lt13200_Aa function| lt13200_Ca function| lt13200_Ea function| lt13200_Da function| lt13200_L function| lt13200_Fa function| lt13200_Ga function| lt13200_Ha function| lt13200_Ia function| lt13200_Ja function| lt13200_Ka function| lt13200_La function| lt13200_Ma function| lt13200_Na function| lt13200_M function| lt13200_N function| lt13200_O function| lt13200_P function| lt13200_Q function| lt13200_R function| lt13200_S function| lt13200_T function| lt13200_U function| lt13200_V function| lt13200_W function| lt13200_X function| lt13200_Y function| lt13200_Z function| lt13200__ function| lt13200_1 function| lt13200_Oa function| lt13200_Qa function| lt13200_Pa function| lt13200_2 function| lt13200_Ra function| lt13200_0 function| lt13200_Sa function| lt13200_Ta function| lt13200_Ua function| lt13200_Va function| lt13200_Wa function| lt13200_Xa function| lt13200_3 function| lt13200_4 function| lt13200_Ya function| lt13200_Za function| lt13200__a function| lt13200_0a function| lt13200_1a function| lt13200_2a function| lt13200_3a function| lt13200_4a function| lt13200_5a function| lt13200_6 function| lt13200_7 function| lt13200_8a function| lt13200_9a function| lt13200_7a function| lt13200_6a function| lt13200_ab function| lt13200_$a function| lt13200_cb function| lt13200_bb function| lt13200_8 function| lt13200_db function| lt13200_eb function| lt13200_fb function| lt13200_gb function| lt13200_hb function| lt13200_jb function| lt13200_mb function| lt13200_lb function| lt13200_ib function| lt13200_pb function| lt13200_kb function| lt13200_nb function| lt13200_rb function| lt13200_qb function| lt13200_sb function| lt13200_ob function| lt13200_tb function| lt13200_ub function| lt13200_vb function| lt13200_9 function| lt13200_wb function| lt13200_xb function| lt13200_yb function| lt13200_zb function| lt13200_Ab function| lt13200_$ function| lt13200_Bb function| lt13200_Cb function| lt13200_Db function| lt13200_Eb function| lt13200_Fb function| lt13200_Hb function| lt13200_Ib function| lt13200_Jb function| lt13200_Gb object| headertag function| headertag_render function| udm_ object| ns_p object| COMSCORE object| pb_global object| banditoEnv object| clavis object| _smtr object| FeatureCompatService function| CollapsibleService object| collapsibleService function| ShowMoreStoriesService object| keyBoardNavigation object| stickyAdService number| APP_BAR_HEIGHT function| TrayService object| otkjs string| DEFAULT_SEARCH_PATH string| INPUT_IDENTIFIER string| INPUT_IDENTIFIER_UNPROCESSED string| FEATURE_API function| InputAutocomplete function| ScrollToggleService object| initAnalytics function| setupS2NApi object| clsImagesContainer function| _defineProperty function| TaboolaService function| loadError function| initTaboolas function| initTaboola object| taboolaService function| NewsletterService object| OneSignalService function| loadAdmiral function| ScreamerServiceNew object| imageService string| _uri string| _context string| _outputType string| _rid object| Zephr undefined| msg object| googleToken object| googleIMState function| processGoogleToken number| google_unique_id object| gaGlobal object| gaData object| PARSELY string| p578633348 number| p578633349 function| p578633350 function| p578633346 function| p578633344 function| p578633356 function| p578633353 function| p578633351 function| p578633327 function| p578633332 function| p578633318 function| p578633317 function| p578633315 function| p578633308 function| oEnableNullChecklistener_ function| p578633360 function| p578633299 function| oPageUnload function| p578633228 function| p578633233 function| p578633352 number| p578633218 string| p578633219 object| p578633220 object| p578633221 boolean| p578633222 number| p578633224 number| p578633225 object| p578633246 string| p578633288 number| p578633229 object| p578633296 string| p578633264 string| p578633265 object| p578633302 number| p578633303 boolean| p578633307 number| p578633309 boolean| p578633311 boolean| p578633361 boolean| p578633336 boolean| p578633363 boolean| p578633362 boolean| p578633364 boolean| oAudienceListenerEnabled_ object| p578633313 string| oDevice string| oParentHostname_ string| oParentPathname_ boolean| p578633314 boolean| p578633316 number| p578633331 boolean| p578633333 number| p578633334 object| p578633323 object| oAdSlots_ boolean| p578633354 boolean| p578633355 object| optimeraInsights string| p578633273 function| p578633226 string| p578633227 boolean| p578633295 boolean| p578633275 object| p578633274 string| p578633293 number| p578633277 object| opbjs object| oaudLibjs object| ovpjs number| p578633276 object| s2nVideo function| confiantDfpWrap object| ats object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client object| SWG object| dsl string| subStatus object| _cbq function| admiral undefined| _smtrErr object| shqChromeOnsiteResponse object| _shqdbl object| _shqDebug object| SmtrRmkr string| scmPrty object| Optanon object| OneTrust object| oDv number| p578633230 string| oUrl_ object| _mather object| _mg2q object| tid object| _matherq number| google_global_correlator number| oIndex4_ number| p578633245 object| google_optimize object| teadsscript number| BOOMR_configt function| OneSignal string| lock object| zephrOutcomes string| key object| _cb_shared object| pSUPERFLY_mab object| pSUPERFLY function| 4dm1r11545242527 object| UrlCache object| SUBSCRIPTIONS object| closure_lm_928166 string| testAndVariation object| zephrAccessDetails undefined| activeProducts undefined| activeProductLength undefined| activeProductCount undefined| leftEarOutcome undefined| rightEarOutcome undefined| accountFlyoutOutcome string| topicFlyoutOutcome string| subButtonOutcome undefined| regWallOutcome string| toasterOutcome function| readCookie function| cookieValue object| tracker string| toasterCookie string| toasterValue object| zephrTestGroups number| leftEarMetric number| rightEarMetric number| accountFlyoutMetric number| topicFlyoutMetric number| subButtonMetric number| regWallMetric number| toasterMetric object| zephrMeters object| zephrTrialTrackingDetails object| zephrCredits undefined| entitlementName undefined| entitlementId number| countIncremented undefined| entitlementObj undefined| num object| closure_lm_600504 object| teads object| ampInaboxIframes object| ampInaboxPendingMessages function| cnx object| c number| __oneSignalSdkLoadCount function| __jp0 object| cnx_usr_storage object| cnxEnfStorage function| cnxsetTimeout function| cnxsetInterval object| cnxPlugins object| ampInaboxPositionObserver object| ampInaboxFrameOverlayManager function| cnxProxyTask boolean| ozoki_sv object| $$$ object| closure_lm_215776 string| saved_tc string| saved_sc string| ________ok number| BOOMR_onload string| pm_pgtp function| bx object| GoogleGcLKhOms object| _rmxd boolean| _tb_dis string| pm_ppy string| _pmep string| _pmep_geo string| _pmpmk boolean| _pmasync boolean| _pmoptimization boolean| _pmoptimizationmanipulation boolean| _pmhp boolean| _pmsb object| pmk object| pmglb object| pmfa object| pmad object| pmdebug_c object| _pmenv object| _pma undefined| _tb_d undefined| _tb_rand object| _pm_ecd string| _tb_vpx boolean| _tb_vautop function| _pmloadfile function| pmws_request_done function| _tb_getUrlParameter object| QSI object| WAFQualtricsWebpackJsonP-cloud-1.64.1 function| __trcCopyProps function| __trcFromError function| __trcClientTimestamp function| __trcLog function| __trcError function| __trcDebug function| __trcInfo function| __trcWarn function| __trcWarnUsingBeacon function| __trcDOMWalker function| __trcJSONify function| __trcUnJSONify function| __trcTrim function| __trcGetElementsByClass function| __trcToArray function| __trcObjectCreate function| PageManager function| addHashParam number| trc_debug_level string| trc_article_id boolean| plHookRanOnce function| initSwap object| swapRegionMapping number| swapRegionMappingIndex undefined| swapConfig object| TRCImpl number| taboola_view_id string| prop object| bouncex function| TBClickToPlayVideo function| TBClickToPlayVideoElem function| TBVideoElem function| TBVideoEvents function| TBOptimizationAutoPlayInfoFromXPathAndURL object| _pmk function| TBWidgetVideoPlayer function| TBGenericVideoModule function| TBOtherPlayer function| TBVideoMetaData function| TBVideo function| TBVideoDetectionYoutubeAPI function| TBOptimizationTouchAndClickEventTracker function| TBWidgetStorage object| PMFileLoader object| PMPage object| PMTemplate function| PMTracking function| PMUniversalGA function| PMMdotLabs function| PMComScore function| PMPublisher function| TBOptimization function| PMGlobal function| pmws_getlocation_done object| pmdebug object| pmws object| qi object| _pm_mcg boolean| _tb_vd_pg object| tbopt object| bxgraph function| reload_campaigns function| setBounceCookie function| getBounceCookie function| setBounceVisitCookie function| getBounceVisitCookie function| clearBounceCookie object| _qsie function| miCallback object| list object| placementData string| nam object| _tfa object| google_image_requests object| cmTag object| _cm_wfCounters object| lotame_sync_16011 function| sync16011_c function| sync16011_d undefined| sync16011_e undefined| sync16011_f undefined| sync16011_g function| sync16011_h object| sync16011_j function| sync16011_k function| sync16011_l object| sync16011_ function| sync16011_a function| sync16011_b function| sync16011_i function| sync16011_m function| sync16011_n function| sync16011_o function| sync16011_p function| sync16011_r function| sync16011_q function| sync16011_s function| sync16011_t function| sync16011_u function| sync16011_v function| sync16011_w function| sync16011_x function| sync16011_z function| sync16011_y function| sync16011_A function| sync16011_B function| sync16011_C function| sync16011_D function| sync16011_E function| sync16011_F function| sync16011_G function| sync16011_H function| sync16011_I function| sync16011_J function| sync16011_K function| sync16011_L function| sync16011_M function| sync16011_N function| sync16011_aa function| sync16011_O function| sync16011_P function| sync16011_ba function| sync16011_ca function| sync16011_Q function| sync16011_R function| sync16011_da function| sync16011_ea function| sync16011_S function| sync16011_T function| sync16011_U function| sync16011_V function| sync16011_W function| sync16011_X function| sync16011_Y function| sync16011_Z function| sync16011__ function| sync16011_0 function| sync16011_1 function| sync16011_2 function| sync16011_3 function| sync16011_4 function| sync16011_6 function| sync16011_fa function| sync16011_5 function| sync16011_8 function| sync16011_7 function| sync16011_ga function| sync16011_9 function| sync16011_ha function| sync16011_$ function| sync16011_ia function| cnxAddEventListener

277 Cookies

Domain/Path Name / Value
.taboola.com/tribunedigital-baltimoresun/ Name: taboola_session_id
Value: v2_fbd0892ec0a46bc5b391a2526586fb00_edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e_1640872703_1640872703_CGoQrso9GJrrid3gLyABKAMw4QE4kaQOQJ3RDkj_stsDUOEEWABgAGiApKeijMutlDNwAQ
.baltimoresun.com/api/v2/render/feature Name: _lbz
Value: 0
.baltimoresun.com/api/v2/render Name: _lbz
Value: 0
.baltimoresun.com/coronavirus Name: _lbz
Value: 0
www.baltimoresun.com/coronavirus Name: liveramp_id_env_sampling_rate
Value: 0
.resetdigital.co/csync Name: ckbk
Value: 00000092C5414FF6
.3lift.com/sync Name: sync
Value: CgoIgQIQ5emJ3eAvCgoI4gEQ5emJ3eAvCgoI5gEQ5emJ3eAvCgoIhwIQ5emJ3eAvCgkICRDl6Ynd4C8KCQg6EOXpid3gLwoJCAsQ5emJ3eAvCgoIjAIQ5emJ3eAvCgoIngIQ5emJ3eAvCgkIXxDl6Ynd4C8=
.mrtnsvr.com/sync Name: userId
Value: WPai8rs4M
i.liadm.com/s Name: _li_ss
Value: MgkI_____wcQnRE
.t.co/ Name: muc
Value: 60eb0674-441e-4355-a7a6-1bb7345ab006
.t.co/ Name: muc_ads
Value: 60eb0674-441e-4355-a7a6-1bb7345ab006
.baltimoresun.com/ Name: AKA_A2
Value: A
www.baltimoresun.com/ Name: akaas_AS_tronc_baltimore_sun_prod
Value: 2147483647~rv=100~id=8cd59f27bcd4a0bbb7a8be9a3c300787
embed.sendtonews.com/ Name: AWSELBCORS
Value: AB7769910C09524E3F673477D3796BB23C89D09F9B37FBACFC54F04D5C3B577F4373300E1D8F6FA0C81F1C2AEC6A4978487F062E7D833BEA66C9723ED513C40B70538462FD
zephr.baltimoresun.com/ Name: blaize_session
Value: e984cc03-be8a-4da5-b833-262d64e1066f
zephr.baltimoresun.com/ Name: blaize_tracking_id
Value: 82ba67f9-693d-42d9-a013-cba3d60cbb41
.baltimoresun.com/ Name: lotame_domain_check
Value: baltimoresun.com
.scorecardresearch.com/ Name: UID
Value: 18SMYCP9SYPR2ZOMFI9E9Jg1640872697
.adsrvr.org/ Name: TDID
Value: e0abe75f-a4ea-4fff-b6a5-5da8b250c6e4
.liadm.com/ Name: lidid
Value: 877f5819-ff44-44bc-8537-f3413ed5de1d
.rubiconproject.com/ Name: rsid
Value: 1|Dtm3NkML6+rCCCqn0sEoNxjc5rJRK5uGkRphBfr0Ow8bqoP5PWrhQ8HyZrqJ5/zPRx3CvDzGDmXGQhinMyiRFxj1oVYGhl0PykV7JZfhCBsnvGKvYKcxeOisJKG3Nw==
.baltimoresun.com/ Name: AMP_TOKEN
Value: %24NOT_FOUND
.rubiconproject.com/ Name: khaos
Value: KXT18KCV-1V-9YVP
.baltimoresun.com/ Name: _ga
Value: GA1.2.1820711798.1640872697
.baltimoresun.com/ Name: _gid
Value: GA1.2.629856563.1640872698
.adnxs.com/ Name: uuid2
Value: 3183875922675690167
d3mmnnn9s2dcmq.cloudfront.net/ Name: AWSELBCORS
Value: AB7769910C09524E3F673477D3796BB23C89D09F9BFB5D4C7F8E1C8EB6D236C1CB7CD79E12C59E61EBB541A0AAA984817791847C8F393B83E82C4781D5313197A81B8455A0
.baltimoresun.com/ Name: _parsely_session
Value: {%22sid%22:1%2C%22surl%22:%22https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html%22%2C%22sref%22:%22https://t.co/%22%2C%22sts%22:1640872697600%2C%22slts%22:0}
.baltimoresun.com/ Name: _parsely_visitor
Value: {%22id%22:%22pid=ee90289ea67d019d6050b44ace2bc40b%22%2C%22session_count%22:1%2C%22last_session_ts%22:1640872697600}
.crwdcntrl.net/ Name: _cc_dc
Value: 0
.crwdcntrl.net/ Name: _cc_id
Value: d1f7c93abf4490836d860b8505530287
.doubleclick.net/ Name: IDE
Value: AHWqTUkLowxQIblaHCphvd3QRUuXoyrXKX16k59mYC7UBIMPDB-V7IxegRmTArwQpXQ
.baltimoresun.com/ Name: c_mId
Value:
.baltimoresun.com/ Name: c_PUID
Value:
.baltimoresun.com/ Name: _cc_id
Value: d1f7c93abf4490836d860b8505530287
.pubmatic.com/ Name: KADUSERCOOKIE
Value: 9AEF885A-3E04-4A8E-9A29-6FFBCF07119E
.baltimoresun.com/ Name: _cc_cc
Value: ACZ4XmNQSDFMM0%2B2NE5MSjMxsTSwMDZLsTAzSLIwNTA1NTYwsjBnAILEs7t%2BgmgIEJy687oK44R0hv%2BMjAyr121TgLE3bFymBmNPRWIf3zSFBSZ%2B74MljPls8Ry48OvZB5hg4j%2FXPuWGsc8dPcQMY%2B%2Fed1kAxj6MpPfdEoQ5%2FSfUYUoa%2FmvCmFd%2FrNWBsb93acGYAPJsUOA%3D
.baltimoresun.com/ Name: _cc_aud
Value: ABR4XmNgYGBIPLvrJ5CCABYGtn4bEJOtXx5Ecfu0QahWIAUApFoGJA%3D%3D
.baltimoresun.com/ Name: panoramaId_expiry
Value: 1640959097371
zephr.baltimoresun.com/ Name: AWSALB
Value: rnLRxWMAc7fiVvZkBW1D948uHHN6ZzVwSu+ibaBYRtGCSMRnMVg/6Mrb2hG9crOvUt4TZt9+3i50IWl5d5vq+21bGEvyB8rPBXM5IaUC2Jqkc3jp4nPkiGxiS4xX
zephr.baltimoresun.com/ Name: AWSALBCORS
Value: rnLRxWMAc7fiVvZkBW1D948uHHN6ZzVwSu+ibaBYRtGCSMRnMVg/6Mrb2hG9crOvUt4TZt9+3i50IWl5d5vq+21bGEvyB8rPBXM5IaUC2Jqkc3jp4nPkiGxiS4xX
.rkdms.com/ Name: sessionid
Value: h-c6c8df3fe84b3458120539d51cd80f9b_t-1640872697
.amazon-adsystem.com/ Name: ad-id
Value: A0t6cTkDkEiZo1i4lOzAs10
.amazon-adsystem.com/ Name: ad-privacy
Value: 0
.baltimoresun.com/ Name: _ml_ses
Value: *
.baltimoresun.com/ Name: _gat_trb
Value: 1
www.baltimoresun.com/ Name: _lr_geo_location
Value: US
.everesttech.net/ Name: everest_g_v2
Value: g_surferid~Yc26_gABy-th-QAF
.adform.net/ Name: C
Value: 1
.bidr.io/ Name: bito
Value: AAFPok7Dm3YAAEBiNAEM6g
.bidr.io/ Name: bitoIsSecure
Value: ok
.adform.net/ Name: uid
Value: 3938217731362747973
.baltimoresun.com/ Name: ajs_user_id
Value: null
.baltimoresun.com/ Name: ajs_group_id
Value: null
.baltimoresun.com/ Name: ajs_anonymous_id
Value: %2286adec89-d123-4957-ab29-39cfbd6b741f%22
.mathtag.com/ Name: uuid
Value: 486e61cd-bafa-4300-ae81-e0c2b6322ca6
.pubmatic.com/ Name: KRTBCOOKIE_218
Value: 4056-Yc26_gABy-th-QAF&KRTB&22978-Yc26_gABy-th-QAF&KRTB&23194-Yc26_gABy-th-QAF&KRTB&23209-Yc26_gABy-th-QAF
.pubmatic.com/ Name: PUBMDCID
Value: 2
.yahoo.com/ Name: A3
Value: d=AQABBPq6zWECED11g5DTUsjXcE5MXV2VlPcFEgEBAQEMz2HXYQAAAAAA_eMAAA&S=AQAAAo4ITyyREcRFEikiIkwokDQ
.pubmatic.com/ Name: KRTBCOOKIE_377
Value: 6810-e0abe75f-a4ea-4fff-b6a5-5da8b250c6e4&KRTB&22918-e0abe75f-a4ea-4fff-b6a5-5da8b250c6e4&KRTB&23031-e0abe75f-a4ea-4fff-b6a5-5da8b250c6e4
.baltimoresun.com/ Name: smtrrmkr
Value: 637764694978401720%5E017e0ba2-5ff0-41bc-8fc3-69014979f115%5E017e0ba2-5ff0-43c6-add2-44e4ab491541%5E0%5E45.250.25.110
.simpli.fi/ Name: suid
Value: 7C30F16DB53846EBADAE183D17DE974E
.reson8.com/ Name: RCID2
Value: D81A893FCA12112C92E11B41936DE6B4
.baltimoresun.com/ Name: OptanonConsent
Value: isIABGlobal=false&datestamp=Thu+Dec+30+2021+13%3A58%3A18+GMT%2B0000+(GMT)&version=6.9.0&hosts=&consentId=3b3a616a-f278-4ce3-a65e-e72d159ef544&interactionCount=0&landingPath=https%3A%2F%2Fwww.baltimoresun.com%2Fcoronavirus%2Fbs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html&groups=C0001%3A1%2CC0003%3A1%2CC0002%3A1%2CC0005%3A1%2CC0004%3A1
www.baltimoresun.com/ Name: _cb_ls
Value: 1
www.baltimoresun.com/ Name: _cb
Value: DrDnugBQoAr_Cn-gBV
www.baltimoresun.com/ Name: _chartbeat2
Value: .1640872698587.1640872698587.1.D_Rt2suQWyEChDhUCrswbDBoXDVI.1
www.baltimoresun.com/ Name: _cb_svref
Value: https%3A%2F%2Ft.co%2F
.turn.com/ Name: uid
Value: 8053738013470830884
.google.com/ Name: NID
Value: 511=Mv6z18YiJBkMpi7BM-vrudw019dTjzyyLzktEywaS1ma6De2ELW6AdKK2L1_VvO8whDsGYcOiHWtaDBh-j9LkdxRuDZS8MrBS4qMCWi3tvGAbfxDfzh1vkVxPAORdnYhbcuK5DS8ycjw905Ek0BavH6lCvaODlqDWjkfPuUXhXY
.baltimoresun.com/ Name: __gads
Value: ID=1ab9841e9d635743:T=1640872697:S=ALNI_Ma-Qe6UXEsGDRe5-rBnPwntAlRaoQ
.pubmatic.com/ Name: KRTBCOOKIE_80
Value: 16514-CAESEGOo8OJLKvneWC3c1z0FTvU&KRTB&22987-CAESEGOo8OJLKvneWC3c1z0FTvU&KRTB&23025-CAESEGOo8OJLKvneWC3c1z0FTvU
.pubmatic.com/ Name: KRTBCOOKIE_27
Value: 16735-uid:486e61cd-bafa-4300-ae81-e0c2b6322ca6&KRTB&16736-uid:486e61cd-bafa-4300-ae81-e0c2b6322ca6&KRTB&23019-uid:486e61cd-bafa-4300-ae81-e0c2b6322ca6&KRTB&23114-uid:486e61cd-bafa-4300-ae81-e0c2b6322ca6
.pubmatic.com/ Name: KRTBCOOKIE_148
Value: 19421-uid:7C30F16DB53846EBADAE183D17DE974E
.pippio.com/ Name: did
Value: GSZBTOc9y-Kgj0Ur
.pippio.com/ Name: didts
Value: 1640872699
.pippio.com/ Name: nnls
Value:
.teads.tv/ Name: tt_viewer
Value: 5d977c69-38cc-4251-882f-8556e831645f
.3lift.com/ Name: tluid
Value: 9865506846252392651
.yieldmo.com/ Name: yieldmo_id
Value: g264bdcc93e25f50b49d%7C1640872699610%7C0%7C
.kargo.com/ Name: ktcid
Value: 4f996220-2c1e-0334-548c-83e5231b0457
.casalemedia.com/ Name: CMID
Value: Yc26.8PaJt5j23F1hnB8aQAA
.casalemedia.com/ Name: CMPS
Value: 2966
.casalemedia.com/ Name: CMPRO
Value: 410
.pippio.com/ Name: pxrc
Value: CPv1to4GEgQIAhAAEgYI3awrEAA=
.baltimoresun.com/ Name: _awl
Value: 2.1640872699.0.5-835e836a2844e0caad5a0aaae2aaf220-6763652d75732d6561737431-0
.krxd.net/ Name: _kuid_
Value: Okl69tJd
.ml314.com/ Name: pi
Value: 3624068251975680020
.bidswitch.net/ Name: tuuid
Value: 84efc425-6b61-4040-bd22-124692c6664b
.bidswitch.net/ Name: c
Value: 1640872700
.bidswitch.net/ Name: tuuid_lu
Value: 1640872700
.postrelease.com/ Name: visitor
Value: a26991cd-42eb-489d-b616-8596ebb2ccaf
.postrelease.com/ Name: status
Value: 1
.contextweb.com/ Name: V
Value: EZ2yaDDdi7BZ
bh.contextweb.com/ Name: INGRESSCOOKIE
Value: 5dfbfa7e17ef8b57
.agkn.com/ Name: ab
Value: 0001%3A%2FpG6xPXWqWsA8Hn3QXcU7%2F5TQjJ9ja9r
.casalemedia.com/ Name: CMST
Value: Yc26+2HNuvwA
.eyeota.net/ Name: SERVERID
Value: 22076~DM
.ads.yieldmo.com/ Name: ptrt
Value: e0abe75f-a4ea-4fff-b6a5-5da8b250c6e4
sync.srv.stackadapt.com/ Name: sa-user-id
Value: s%3A0-ccca1ca0-159d-4d41-4565-ed686eb05f21.Q7d%2FntlXx%2BYsUSbjhWxivnFZIQHSRnxKdZQK%2Bj%2BnFOk
.srv.stackadapt.com/ Name: sa-user-id-v2
Value: s%3A0-ccca1ca0-159d-4d41-4565-ed686eb05f21%24ip%2445.250.25.110.vEuayEALvUxSiickjldcfzdjkN5LSRDokXQMUesvsp8
capi.connatix.com/ Name: cnx_userId
Value: f1a7817fe20f4597938371768ad6be84
.ads.yieldmo.com/ Name: ptrpp
Value: EZ2yaDDdi7BZ
.ads.yieldmo.com/ Name: ptrstk
Value: zMocoBWdTUFFZe1obrBfIS36GW4
.quantserve.com/ Name: mc
Value: 61cdbafc-9c892-a9ec6-0cc81
www.baltimoresun.com/ Name: cnx_userId
Value: f1a7817fe20f4597938371768ad6be84
.mathtag.com/ Name: mt_mop
Value: 9:1640872700
.spotxchange.com/ Name: audience
Value: 8c0ce14d-6978-11ec-90a6-12f84cd00503
.ads.yieldmo.com/ Name: ptrbsw
Value: 84efc425-6b61-4040-bd22-124692c6664b
.adnxs.com/ Name: anj
Value: dTM7k!M41.D>6NRF']wIg2In4u#QNm!]tbPl1M>e)ZlrFUfJ+tGXxpG[NBEj?k_?AG4xKTOWfHeHKJ9#^NCi9laXTN*bpRz*qF1`*bagb*PrJJ
.casalemedia.com/ Name: CMRUM3
Value: f161cdbafb05a0&dd61cdbafb2760&0561cdbafb05a00&2d61cdbafc2760CAESEMWc9KIl89nheglcBUToqGw&c361cdbafc2760av-ceed50e2-8809-4021-87e0-b392520bb386&6f61cdbafb05a0&2761cdbafc2760e0abe75f-a4ea-4fff-b6a5-5da8b250c6e4&e661cdbafb2760
www.baltimoresun.com/ Name: _pbjs_userid_consent_data
Value: 3524755945110770
.baltimoresun.com/ Name: _pubcid
Value: ac260dc4-a810-4f71-8e3e-dd61e4f28357
.dotomi.com/ Name: DotomiUser
Value: 712806323840391800$3$1039154690$$1
.doubleclick.net/ Name: DSID
Value: NO_DATA
.adnxs.com/ Name: icu
Value: ChgI5ZhYEAoYASABKAEw_fW2jgY4AUABSAEKGAjM5nAQChgCIAIoAjD69baOBjgCQAJIAhD99baOBhgC
.pubmatic.com/ Name: DPSync3
Value: 1642032000%3A221_228_236_197_201_219%7C1640908800%3A174%7C1641427200%3A164
.pubmatic.com/ Name: SyncRTB3
Value: 1642118400%3A35%7C1641686400%3A63%7C1641427200%3A223_15_38_2%7C1643414400%3A224%7C1642032000%3A166_3_239_81_54_165_56_99_231_189_222_48_233_204_71_5_57_234_238_21_7_240_96_220_22_178_104_55_8_176_13%7C1641254400%3A216%7C1646006400%3A69
.deepintent.com/ Name: CDIUSER
Value: di_27ef9588dc934f0bb061f
.quantserve.com/ Name: d
Value: EMgBEgGKJfijD9r7EA
.acuityplatform.com/ Name: auid
Value: 635661617131
.pubmatic.com/ Name: KRTBCOOKIE_860
Value: 16335-zMocoBWdTUFFZe1obrBfIS36GW4
.taboola.com/ Name: t_gid
Value: edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e
.w55c.net/ Name: wfivefivec
Value: Ev34cJ1d1N2VWK5
.w55c.net/ Name: matchpubmatic
Value: 5
.pubmatic.com/ Name: KRTBCOOKIE_469
Value: 8273-635661617131
.ipredictive.com/ Name: cu
Value: 8cc511ca-6978-11ec-8e12-35e553acf2fa|1640872702036
.inmobi.com/ Name: idsp_c
Value: 5bb3797a-fc9f-4495-909a-e7dc4c592013
.owneriq.net/ Name: p2
Value: pmc
.owneriq.net/ Name: si
Value: Q6941591021453854449P
.owneriq.net/ Name: pmc
Value: 1
.1rx.io/ Name: _rxuuid
Value: %7B%22rx_uuid%22%3A%22RX-c726f1b5-f2ac-41a2-bd61-14d6eda8e3c6-005%22%7D
.adgrx.com/ Name: ADGRX_UID
Value: 8cc640ec-6978-11ec-9f00-7928b90ff49e
.pubmatic.com/ Name: KRTBCOOKIE_1278
Value: 23329-5d5a98bc-20aa-4663-b0c6-8b234992b77d
.pubmatic.com/ Name: KRTBCOOKIE_1233
Value: 23223-5bb3797a-fc9f-4495-909a-e7dc4c592013&KRTB&23266-5bb3797a-fc9f-4495-909a-e7dc4c592013&KRTB&23285-5bb3797a-fc9f-4495-909a-e7dc4c592013
.pubmatic.com/ Name: KRTBCOOKIE_107
Value: 1471-uid:Ev34cJ1d1N2VWK5
io.narrative.io/ Name: io.narrative.guid.v2
Value: 8cc7a950-6978-11ec-b070-0a4515f2e365
.fiftyt.com/ Name: fifid
Value: f5d7dd1f-bd27-4c38-4bd2-766353fe19c0
.fiftyt.com/ Name: cs
Value: MTY0MDg3MjcwMnxEdi1CQkFFQ180SUFBUkFCRUFBQUJQLUNBQUE9fCvDqOMqcSWG8lNUc-76N3oAZspdxv0dBjhE_INgRHg-
beacon.lynx.cognitivlabs.com/ Name: UID
Value: 852cbf67-3003-4de7-b2c1-f91b7ae20f64
beacon.lynx.cognitivlabs.com/ Name: ss
Value: QavJ7AzUzM7eBMRz7rfkbrh69xyniVuB5OqwTad%2B0TVhVW%2Fm2TsPtlqaU%2FHW%2FkcUJQ%2B4mKxYSYc3pFrpRqfOyQ%3D%3D
.adgrx.com/ Name: ADGRX_CM_PUBMATIC_BRIDGED
Value: 1
.onaudience.com/ Name: cookie
Value: 6c2798af5b79eba4
.onaudience.com/ Name: done_redirects147
Value: 1
ads.playground.xyz/ Name: connect.sid
Value: s%3A7so6qvyT_OXXhehomS0PitXG4If6AEl2.I5DoS127riI3aMSTXJwsN832l8Nv8%2FSoo5wfuL23fRY
.pubmatic.com/ Name: KRTBCOOKIE_153
Value: 1923-IREE-HVBAf86GQSkLhJK_S5FBKo6EAT_LxFm1fGr&KRTB&19420-IREE-HVBAf86GQSkLhJK_S5FBKo6EAT_LxFm1fGr&KRTB&22979-IREE-HVBAf86GQSkLhJK_S5FBKo6EAT_LxFm1fGr
.targeting.unrulymedia.com/ Name: _rxuuid
Value: %7B%22rx_uuid%22%3A%22RX-c726f1b5-f2ac-41a2-bd61-14d6eda8e3c6-005%22%7D
.pubmatic.com/ Name: KRTBCOOKIE_188
Value: 3189-no-consent
.pubmatic.com/ Name: KRTBCOOKIE_391
Value: 22924-3938217731362747973&KRTB&23263-3938217731362747973
.pubmatic.com/ Name: KRTBCOOKIE_286
Value: 5193-Q6941591021453854449&KRTB&22521-Q6941591021453854449
.pubmatic.com/ Name: KRTBCOOKIE_594
Value: 17107-RX-c726f1b5-f2ac-41a2-bd61-14d6eda8e3c6-005
.pubmatic.com/ Name: KRTBCOOKIE_1199
Value: 23175-00000092C5414FF6
.pubmatic.com/ Name: KRTBCOOKIE_279
Value: 22890-8cc511ca-6978-11ec-8e12-35e553acf2fa&KRTB&23011-8cc511ca-6978-11ec-8e12-35e553acf2fa
.pubmatic.com/ Name: KRTBCOOKIE_57
Value: 22776-3183875922675690167&KRTB&23339-3183875922675690167
.tribalfusion.com/ Name: ANON_ID
Value: a7nseFwyEojpuMNpbIFm148qnURNfCV9PbZccf03t3cSyQN3IchRRmZavxIPCn4wZbkEPUWbk2QwLRsrEpuJrYE
.fiftyt.com/ Name: fppm
Value: 20211230135822
.pubmatic.com/ Name: KRTBCOOKIE_32
Value: 11175-AQEI5WSSLymbeQI88T8DAQEBAQE&KRTB&22713-AQEI5WSSLymbeQI88T8DAQEBAQE&KRTB&22715-AQEI5WSSLymbeQI88T8DAQEBAQE
.pubmatic.com/ Name: KRTBCOOKIE_52
Value: 22772-R1D530_E8E99346_C4E563D7&KRTB&23092-R1D530_E8E99346_C4E563D7
.adsby.bidtheatre.com/ Name: __kuid
Value: a794a797-b9f7-4081-ae4a-618e8dd0e9da.410086702
pool.admedo.com/ Name: tuuid
Value: 90bd4d5f-4394-4386-8714-56dd400fa3a8
pool.admedo.com/ Name: c
Value: 1640872702
pool.admedo.com/ Name: tuuid_lu
Value: 1640872702
.c.appier.net/ Name: _auid
Value: 4YvWuSrvAdGO0tDJ_rrNYQ
.onaudience.com/ Name: done_redirects161
Value: 1
.pubmatic.com/ Name: KRTBCOOKIE_904
Value: 16787-4YvWuSrvAdGO0tDJ_rrNYQ&KRTB&23130-4YvWuSrvAdGO0tDJ_rrNYQ
www.baltimoresun.com/ Name: cto_bidid
Value: ycEhBl9US0ZhTEwwdGhHSWZQdiUyQlF6ZVQ2MEVPUlczdHdJNkUwRGh1UnFSbDVCTktNVm5la3phckxrSTFDbTBNSU9CZ08wd2Q0TmNMaUVmeTNIRklEUm8lMkZJdFElM0QlM0Q
www.baltimoresun.com/ Name: cto_bundle
Value: N4jPbV93dyUyRkk3RjRib0V0c09pMHUwZDBqeXFHUjVkSkFqRkVEWVJBUVdoJTJGMzJ4a0RZNzFZWkZrZCUyQjFBd0tTdFdJd0JpdUxlSldPSjZzYUtkTjRNQ3VjTmpiUEZWcjIlMkIxU0JWNmtZeVc3MERDeHVwSzZYajE3ZmN5UzZUeUVySklhSkox
.exelator.com/ Name: EE
Value: "1d905505bb6df16f493cc0ee5b2b8040"
.exelator.com/ Name: ud
Value: "eJxrXxzq6XKLQcEwxdLA1NTANCnJLCXN0CzNxNI4OdkgNdU0ySjJwsDEYHFZatGCpaXFqSlJh5ZU5JTkNK0uiw91jHdz9PX0iVzmnFGUn5u6AiwU5hq0yNJsSX5RZvqi0ODFRSlpDItKik8F72e9CAB6eyoU"
.pubmatic.com/ Name: KRTBCOOKIE_466
Value: 16530-84efc425-6b61-4040-bd22-124692c6664b
.sharethrough.com/ Name: stx_user_id
Value: edb01e0b-8235-4124-a5f3-7b121ca1fc42
.mxptint.net/ Name: mxpim
Value: R1D530_E8E99346_C4E563D7.1.61CDBAFF0000000061CDBAFE
.bing.com/ Name: MUID
Value: 14101724AB88603C03660639AA3F619E
.c.bing.com/ Name: MR
Value: 0
.zemanta.com/ Name: zuid
Value: uSv0OrXHcTHKOKS0Nm2e
.ads.linkedin.com/ Name: lang
Value: v=2&lang=en-us
.linkedin.com/ Name: bcookie
Value: "v=2&98250ab2-9c42-4228-875f-a04acf954f7e"
.linkedin.com/ Name: li_gc
Value: MTswOzE2NDA4NzI3MDM7MjswMjFFNIrrrO5Ibs5VqALTyLFSv/6ka4Y7VSOjCaNIdltgwQ==
.linkedin.com/ Name: lidc
Value: "b=VGST06:s=V:r=V:a=V:p=V:g=2273:u=1:x=1:i=1640872703:t=1640959103:v=2:sig=AQFZv2sqYyIes26YhA9AaUPeqz4FQr3Z"
www.baltimoresun.com/ Name: _tb_sess_r
Value: https%3A//t.co/
.creative-serving.com/ Name: tuuid
Value: 7b1da402-1df4-49d2-a432-a3660ada85a3
.creative-serving.com/ Name: c
Value: 1640872703
.creative-serving.com/ Name: tuuid_lu
Value: 1640872703
www.baltimoresun.com/ Name: rx_ss
Value: {"v":2}
.live.streamtheworld.com/ Name: uuid-s
Value: 8722167b-8ba9-4542-b427-8761e06085ee
.pubmatic.com/ Name: SPugT
Value: 1640872704
exchange.remixd.com/ Name: SSCookie
Value: 1
.adswizz.com/ Name: OAID
Value: 938da2495b23f9add6ca968d1acf11bd
.cdnwidget.com/ Name: __3idcontext
Value: {"cookieID":"TAGPAHMI2G7LIVBSU35QIAQQQVXYIKH6XY3DIKU3EISA====","deviceID":"TAGPAHMIZPQYU5YDRX2REGI2QBYZOHXPQABWISPPDZPA====","iv":"EKST5TTTVDMTZL6AMSEHC7ZEOA======","v":1}
.cdnwidget.com/ Name: __adcontext
Value: {"cookieID":"TAGPAHMI2G7LIVBSU35QIAQQQVXYIKH6XY3DIKU3EISA====","deviceID":"TAGPAHMIZPQYU5YDRX2REGI2QBYZOHXPQABWISPPDZPA====","iv":"EKST5TTTVDMTZL6AMSEHC7ZEOA======","v":1}
.baltimoresun.com/ Name: __idcontext
Value: eyJjb29raWVJRCI6IlRBR1BBSE1JMkc3TElWQlNVMzVRSUFRUVFWWFlJS0g2WFkzRElLVTNFSVNBPT09PSIsImRldmljZUlEIjoiVEFHUEFITUlaUFFZVTVZRFJYMlJFR0kyUUJZWk9IWFBRQUJXSVNQUERaUEE9PT09IiwiaXYiOiJFS1NUNVRUVFZETVRaTDZBTVNFSEM3WkVPQT09PT09PSIsInYiOjF9
.acuityplatform.com/ Name: aum
Value: "OikKAfqbdXNlck1hdGNoQnlVc2VyTWF0Y2hpbmdJZE1hcPqANvqNdXNlck1hdGNoaW5nSWTMkWxhc3REcm9wVGltZU1pbGxpcyUBPwJ0JwGkmGxhc3RTdWNjZXNzZnVsTWF0Y2hNaWxsaXMlAT8CdCcBpI90aGlyZFBhcnR5VXNlcklkIfuCMTMz+kIkBIpDJQE/AnQnSZZEJQE/AnQnSZZFYzg3MjIxNjdiLThiYTktNDU0Mi1iNDI3LTg3NjFlMDYwODVlZfv7hnZlcnNpb27C+w=="
www.baltimoresun.com/ Name: trc_cookie_storage
Value: taboola%2520global%253Auser-id%3Dedce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e
.live.streamtheworld.com/ Name: idsync-ttd-uid-s
Value: e0abe75f-a4ea-4fff-b6a5-5da8b250c6e4
.live.streamtheworld.com/ Name: idsync-cto-uid-s
Value: no-consent
.live.streamtheworld.com/ Name: idsync-acu-uid-s
Value: 635661617131
.live.streamtheworld.com/ Name: idsync-an-uid-s
Value: 3183875922675690167
.live.streamtheworld.com/ Name: idsync-mm-uid-s
Value: 486e61cd-bafa-4300-ae81-e0c2b6322ca6
.live.streamtheworld.com/ Name: idsync-amb-uid-s
Value: 8053738013470830884
.smadex.com/ Name: smxtrack
Value: 9822fc74-ae5d-4703-8bca-6b52b296d10d
.live.streamtheworld.com/ Name: idsync-dbm-uid-s
Value: CAESEOWJqg3Fk4LhR3KB135xjDs
.live.streamtheworld.com/ Name: idsync-dbm-profile-s
Value: true
.live.streamtheworld.com/ Name: idsync-aw-uid-s
Value: 938da2495b23f9add6ca968d1acf11bd
.live.streamtheworld.com/ Name: idsync-bsw-uid-s
Value: 84efc425-6b61-4040-bd22-124692c6664b
.admixer.net/ Name: am-uid
Value: a5dabb708b24436a802a9a0ca6b4a427
.extremereach.io/ Name: userid_prod2
Value: b342ca5fce51f58141905902281b481e
event.clientgear.com/ Name: mkuuid
Value: mk441c9ae4-4e00-4b3f-8579-89c4bf39aa31
.pointmediatracker.com/ Name: c
Value: b9d3439e-f4ba-4908-b4a7-5b89f5d5503e
exchange.remixd.com/ Name: uids
Value: eyJ0ZW1wVUlEcyI6eyJhZHN3aXp6Ijp7InVpZCI6IjkzOGRhMjQ5NWIyM2Y5YWRkNmNhOTY4ZDFhY2YxMWJkIiwiZXhwaXJlcyI6IjIwMjItMDEtMTNUMTM6NTg6MjQuNzQ3MDAxMjFaIn0sImRheCI6eyJ1aWQiOiI1Q0U5OTI4NDMxMTM2NkFFNkE1RDE2MjIxRkM2MjVFOSIsImV4cGlyZXMiOiIyMDIyLTAxLTEzVDEzOjU4OjI0LjIwNDEwMDMwNVoifSwicnViaWNvbiI6eyJ1aWQiOiJLWFQxOEtDVi0xVi05WVZQIiwiZXhwaXJlcyI6IjIwMjItMDEtMTNUMTM6NTg6MjQuMTE3MDg1MDI3WiJ9LCJ0cml0b25kaWdpdGFsIjp7InVpZCI6IntcImN0by11aWRcIjpcIm5vLWNvbnNlbnRcIixcImJzdy11aWRcIjpcIjg0ZWZjNDI1LTZiNjEtNDA0MC1iZDIyLTEyNDY5MmM2NjY0YlwiLFwiYWN1LXVpZFwiOlwiNjM1NjYxNjE3MTMxXCIsXCJ0dGQtdWlkXCI6XCJlMGFiZTc1Zi1hNGVhLTRmZmYtYjZhNS01ZGE4YjI1MGM2ZTRcIixcImFuLXVpZFwiOlwiMzE4Mzg3NTkyMjY3NTY5MDE2N1wiLFwibW0tdWlkXCI6XCI0ODZlNjFjZC1iYWZhLTQzMDAtYWU4MS1lMGMyYjYzMjJjYTZcIixcInRyaXRvbi11aWRcIjpcImNvb2tpZTo4NzIyMTY3Yi04YmE5LTQ1NDItYjQyNy04NzYxZTA2MDg1ZWVcIixcImFtYi11aWRcIjpcIjgwNTM3MzgwMTM0NzA4MzA4ODRcIixcImF3LXVpZFwiOlwiOTM4ZGEyNDk1YjIzZjlhZGQ2Y2E5NjhkMWFjZjExYmRcIixcImRibS11aWRcIjpcIkNBRVNFT1dKcWczRms0TGhSM0tCMTM1eGpEc1wifSIsImV4cGlyZXMiOiIyMDIyLTAxLTEzVDEzOjU4OjI1Ljg5Mjc3OTUwNVoifX0sImJkYXkiOiIyMDIxLTEyLTMwVDEzOjU4OjI0LjExNzA3OTgyN1oifQ==
.criteo.com/ Name: uid
Value: 5d9efba0-4461-4c54-9e76-024563ed93ab
.pubmatic.com/ Name: KRTBCOOKIE_1235
Value: 23226-edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e:$UID
.pubmatic.com/ Name: PugT
Value: 1640872706
.openx.net/ Name: i
Value: 96e3b3af-6c09-4786-85bc-440ab5c9bc6b|1640872706
.rlcdn.com/ Name: rlas3
Value: TwlMVZNXyyhkuMwROuFLU7XKtKcdygKpUOhsA6mm7J0=
.intentiq.com/ Name: IQver
Value: 1.9
.intentiq.com/ Name: intentIQ
Value: ycvoscIWvK
.mookie1.com/ Name: id
Value: 10604991960995826557
.mookie1.com/ Name: mdata
Value: 1|10604991960995826557|1640872706424
.mookie1.com/ Name: ov
Value: 9939515469abf81881a67b23d60fb262
.rlcdn.com/ Name: pxrc
Value: CPr1to4GEgUI6AcQABIFCOhHEAASBQjbThAI
.lijit.com/ Name: ljt_reader
Value: bf87118fb0d20ad10990f724
.bluekai.com/ Name: bkdc
Value: phx
.bluekai.com/ Name: bkpa
Value: KJyayzWBQe9/91YJu9AQXecmRGWZ4H4l2tbzlEUT13H78N6jHKXDVaysRGcQ8xjnANOZvYke42WKJZMN965dW4R=
.bluekai.com/ Name: bku
Value: 5GL999vfpVsgwtAM
.intentiq.com/ Name: intentIQCDate
Value: 1640872706467
.intentiq.com/ Name: IQTaboolaCookieSync
Value: 1640872706473
.intentiq.com/ Name: ASDT
Value: 0
.advertising.com/ Name: APID
Value: UP8f6eadce-6978-11ec-8109-02a123991559
.pubmatic.com/ Name: ipc
Value: 156872^https%3A%2F%2Fsync1.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26dpi%3D1402230080%26mi%3D10%26csh%3D359446293%26rnd%3D493460157%26pcid%3D%23PMUID^0^0
.pubmatic.com/ Name: pi
Value: 156872:3
.pubmatic.com/ Name: chkChromeAb67Sec
Value: 3
.in.treasuredata.com/ Name: _td_global
Value: 38418aa8-22a9-4e38-8d6d-c5b773fff24c
.contextweb.com/ Name: pb_rtb_ev
Value: 3-1bbk|89W.0.1|5Ql.0.edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e|7TZ.0.1
.analytics.yahoo.com/ Name: IDSYNC
Value: "18z8~22dp:18y3~22dp:18yx~22dp:176t~22dp"
.yahoo.com/ Name: APID
Value: UP8f6eadce-6978-11ec-8109-02a123991559
.yahoo.com/ Name: APIDTS
Value: 1640872706
.bttrack.com/ Name: GLOBALID
Value: 2uKlc8-sIBd987FnXwTBYuV7eQoDJ1d9cHA4nYnOJbtyRTprCPP3lVRh9DX89WFCk2zA-mi_srMC4Q2
.intentiq.com/ Name: IQPubmaticCookieSync
Value: 1640872706536
.smartadserver.com/ Name: pid
Value: 5724776408916944561
.smartadserver.com/ Name: TestIfCookieP
Value: ok
.smartadserver.com/ Name: csync
Value: 107:edce2ab4-f3e7-47c0-8e87-f6d204bc6263-tuct8c7407e
.gnetwork.me/ Name: gixel_mpc
Value: 6de72c10194e91850e74b2fe6c8ece15
.agkn.com/ Name: u
Value: C|0AAAAAAAAKWB3ggAAAAAA
.rubiconproject.com/ Name: audit
Value: 1|mFVHqHkj5bFWCwRM2g90JI4t6Qz7VawQ9Iwz8xI2OBrsN3aNOZhe2tB0SmUvjtkSoUTpitDocW6yTWTbou7/1I/ymwQ0AbMicSp2Urqyc04A8gSq+6jVONLeItSKttXd
.intentiq.com/ Name: IQAppnexusCookieSync
Value: 1640872706589
.mfadsrvr.com/ Name: tuuid
Value: 8d5f73aa-5fab-48ec-ad58-73e0411837e4
.mfadsrvr.com/ Name: c
Value: 1640872706
.mfadsrvr.com/ Name: tuuid_lu
Value: 1640872706
.mfadsrvr.com/ Name: ssh
Value: !taboola,1640872706
.zeotap.com/ Name: zc
Value: 213fe15d-bd5e-4213-4826-0b9b5bce1478
.intentiq.com/ Name: IQMediaMathCookieSync
Value: 1640872706662
.intentiq.com/ Name: CSDT
Value: UEQ6MjRfMCZTdDVLZWQ2IzEwMTM5XzAmU3Q1S2VkeCMxMDE0MF8wJlN0NUtlZjgjMTAyNTNfMCZTdDVLZWM1
.intentiq.com/ Name: IQPData
Value: 771365230#1640872706661#0#1640872706465
.storygize.net/ Name: U
Value: 6cb39ed4-8fd5-4385-942a-b7d5ffd397fb
.id5-sync.com/ Name: id5
Value: 092c9ee0-7d81-4cde-a131-7bc281e96fbf#1640872706815#1
.id5-sync.com/ Name: callback
Value: https%3A%2F%2Fsync.taboola.com%2Fsg%2Fid5-network%2F1%2Frtb-h%2F%3Ftaboola_hm%3D%7BID5UID%7D
.betweendigital.com/ Name: dc
Value: mow1
.betweendigital.com/ Name: tuuid
Value: f29d89c3-678f-516c-89b6-bbf7e87b00f5
.betweendigital.com/ Name: ss
Value: 1
.crwdcntrl.net/ Name: _cc_cc
Value: "ACZ4XmNQSDFMM0%2B2NE5MSjMxsTSwMDZLsTAzSLIwNTA1NTYwsjBnAILEs7uZvv%2F%2F%2F58fxAEDwak7r6swTkhn%2BM%2FIyLB63TYFGHvDxmVqMPZUJPbxTVNYYOL3PljCmM8Wz4ELv559gAkm%2FnPtU24Y%2B9zRQ8ww9u59lwVg7MNIet8tQZjTf0IdpqThvyaMefXHWh0Y%2B3uXFowJAKeNU%2B0%3D"
.crwdcntrl.net/ Name: _cc_aud
Value: "ABR4XmNgYGBIPLubCUhBAAsDW78NiMnWLw%2BiuH3aIFQrkAIAfuEFLg%3D%3D"
.betweendigital.com/ Name: ut
Value: Yc27AgAPGzBl1f4VLUdKtnBSxuXpdtg63STL5A==
.adsrvr.org/ Name: TDCPM
Value: CAESFwoIcHVibWF0aWMSCwik5Y_xzumlOhAFEhUKBmNhc2FsZRILCITLhIPP6aU6EAUSFgoHcnViaWNvbhILCLai8obP6aU6EAUSFQoGZ29vZ2xlEgsI8oztnM_ppToQBRIWCgdzdng5dDUwEgsIiLqdoM_ppToQBRgBIAEoAjILCJqvlPPl6aU6EAU4AVoHOGg5dTExaGAC
.mediarithmics.com/ Name: mics_vid
Value: 24013968869
.mediarithmics.com/ Name: mics_uaid
Value: web:1:ad317029-01a6-441f-a016-973c890e02f2
.mediarithmics.com/ Name: mics_lts
Value: 1640872707960
.baltimoresun.com/ Name: _ml_id
Value: ee5e6c871b747ff8.1640872698.1.1640872708.1640872698
.360yield.com/ Name: tuuid
Value: ee79c2a0-d18c-489d-9b60-44a222537d47
.360yield.com/ Name: tuuid_lu
Value: 1640872708
.360yield.com/ Name: um
Value: !313,wzbtq36NGJAW9salzmRxhqxqBvH3t9DGOVbaO3m22yMxSZP9vWJvLzAUKXJSEpcpVsTzz3vhsBBClVUn,1648648708
.360yield.com/ Name: umeh
Value: !313,0,1703080708,-1
.id5-sync.com/ Name: 3pi
Value: 464#1640872706917#-630523910|2#1640872707074#709235037#3183875922675690167|18#1640872708075#-750249910|3#1640872707214#1556931210#486e61cd-bafa-4300-ae81-e0c2b6322ca6|916#1640872708229#993012147|264#1640872707330#-215673827#e0abe75f-a4ea-4fff-b6a5-5da8b250c6e4|155#1640872708359#1743299320#AAFPok7Dm3YAAEBiNAEM6g
.id5-sync.com/ Name: cf
Value:
.id5-sync.com/ Name: cip
Value:
.id5-sync.com/ Name: cnac
Value:
.id5-sync.com/ Name: car
Value:
.id5-sync.com/ Name: gdpr
Value:

24 Console Messages

Source Level URL
Text
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'interest-cohort'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'interest-cohort'.
security error (Line 6)
Message:
This document requires 'TrustedScript' assignment.
network error URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=8053738013470830884&gdpr=0&gdpr_consent=&us_privacy=
Message:
Failed to load resource: the server responded with a status of 502 ()
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'interest-cohort'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'interest-cohort'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'interest-cohort'.
network error URL: https://ib.adnxs.com/&https://ads.yieldmo.com/v000/sync?userid=3183875922675690167&pn_id=an
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
network error URL: https://thrtle.com/insync?vxii_pid=10014&vxii_pdid=d1f7c93abf4490836d860b8505530287
Message:
Failed to load resource: the server responded with a status of 404 ()
security error URL: https://76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html(Line 12)
Message:
Refused to frame 'https://pagead2.googlesyndication.com/' because it violates the following Content Security Policy directive: "frame-src cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp=er3$/4341884288908283729/index.html".
other warning URL: https://cdn.ampproject.org/rtv/012111011823000/v0/amp-ad-exit-0.1.mjs(Line 2)
Message:
Unrecognized feature: 'attribution-reporting'.
security error URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Message:
Refused to execute script from 'https://match.prod.bidr.io/cookie-sync/connatix?redir=https%3a%2f%2fcks.connatix.com%2fcks%3fpid%3d15%26ev%3df1a7817fe20f4597938371768ad6be84%26pname%3dBeeswax%26uid%3d{userid}' because its MIME type ('image/gif') is not executable.
security error URL: https://www.baltimoresun.com/coronavirus/bs-md-truecare-whistleblower-20211229-5sof2rxtnvfpji4lks3pumiqd4-story.html
Message:
Refused to execute script from 'https://match.prod.bidr.io/cookie-sync/connatix?redir=https%3a%2f%2fcks.connatix.com%2fcks%3fpid%3d15%26ev%3df1a7817fe20f4597938371768ad6be84%26pname%3dBeeswax%26uid%3d{userid}' because its MIME type ('image/gif') is not executable.
network error URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDEmdGw9MTI5NjAw&piggybackCookie=8cc640ec-6978-11ec-9f00-7928b90ff49e
Message:
Failed to load resource: the server responded with a status of 502 ()
worker error URL: blob:https://www.baltimoresun.com/b88abba9-87da-45ee-be74-1a3fa0274b63
Message:
Mixed Content: The page at 'blob:https://www.baltimoresun.com/b88abba9-87da-45ee-be74-1a3fa0274b63' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'chrome-extension://eppiocemhmnlbhjplcgkofciiegomcon/content/safecheck-notification/notification-iframe/index.html'. This request has been blocked; the content must be served over HTTPS.
worker error URL: blob:https://www.baltimoresun.com/b88abba9-87da-45ee-be74-1a3fa0274b63
Message:
Mixed Content: The page at 'blob:https://www.baltimoresun.com/b88abba9-87da-45ee-be74-1a3fa0274b63' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'chrome-extension://cplklnmnlbnpmjogncfgfijoopmnlemp/skin/logo24.png'. This request has been blocked; the content must be served over HTTPS.
network error URL: https://eb2.3lift.com/xuidmid=7976&xuid=WPai8rs4M&dongle=u6nf
Message:
Failed to load resource: the server responded with a status of 404 ()
javascript error URL: https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html#goog_391119753
Message:
Access to XMLHttpRequest at 'https://v.adsrvr.org/VAST/empty-vast.xml' from origin 'https://imasdk.googleapis.com' has been blocked by CORS policy: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.
network error URL: https://v.adsrvr.org/VAST/empty-vast.xml
Message:
Failed to load resource: net::ERR_FAILED
network error URL: https://nodeny.targetspot.com/callback/uuid?https://yield-op-idsync.live.streamtheworld.com/pixel.gif?partner=ts&uid=$UID&pubId=41773
Message:
Failed to load resource: net::ERR_CONNECTION_RESET
javascript error URL: https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html#goog_391119753
Message:
Access to XMLHttpRequest at 'https://v.adsrvr.org/VAST/empty-vast.xml' from origin 'https://imasdk.googleapis.com' has been blocked by CORS policy: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.
network error URL: https://v.adsrvr.org/VAST/empty-vast.xml
Message:
Failed to load resource: net::ERR_FAILED
network error URL: https://sync.hgrtb.com/taboola?redir=https%3A%2F%2Fsync.taboola.com%2Fsg%2Fmediaforcertb-network%2F1%2Frtb-h%2F%3Ftaboola_hm%3D%7BUSER_ID%7D
Message:
Failed to load resource: net::ERR_CONNECTION_RESET
network error URL: https://sync.ipredictive.com/d/sync/cookie/generic?partner=id5&cspid=18&cb=&redirect=https%3A%2F%2Fid5-sync.com%2Fc%2F464%2F796%2F0%2F8.gif%3Fpuid%3D%24%7BADELPHIC_CUID%7D%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_consent=
Message:
Failed to load resource: net::ERR_TOO_MANY_REDIRECTS

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=0
X-Xss-Protection 0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

15.taboola.com
173bf108.akstat.io
76a01ba27fab73abe2c7bbc1f928ff99.safeframe.googlesyndication.com
a.teads.tv
a.tribalfusion.com
aa.agkn.com
aax.amazon-adsystem.com
acdn.adnxs.com
ad.360yield.com
ad.doubleclick.net
ad.mrtnsvr.com
ad.turn.com
ad4m.at
ade.googlesyndication.com
ads.betweendigital.com
ads.creative-serving.com
ads.playground.xyz
ads.pubmatic.com
ads.yahoo.com
ads.yieldmo.com
adservice.google.com
aep.mxptint.net
ampcid.google.com
api.bounceexchange.com
api.rlcdn.com
as-sec.casalemedia.com
assets.bounceexchange.com
assets.zephr.com
ats.rlcdn.com
aud.pubmatic.com
authenticate.baltimoresun.com
b1sync.zemanta.com
bcp.crwdcntrl.net
beacon.krxd.net
beacon.lynx.cognitivlabs.com
beacons-ipv4.extremereach.io
beacons.extremereach.io
bh.contextweb.com
bttrack.com
c.amazon-adsystem.com
c.bing.com
c.eu1.dyntrk.com
c.go-mpulse.net
c1.adform.net
ca1.qualtrics.com
capi.connatix.com
cd.connatix.com
cdn.ampproject.org
cdn.blisspointmedia.com
cdn.cookielaw.org
cdn.doubleverify.com
cdn.jwplayer.com
cdn.onesignal.com
cdn.parsely.com
cdn.resonate.com
cdn.taboola.com
cdn1.extremereach.io
cdnjs.cloudflare.com
cds.connatix.com
cds.taboola.com
ce.lijit.com
check.analytics.rlcdn.com
ck.connatix.com
cks.connatix.com
cm.adgrx.com
cm.g.doubleclick.net
cm.smadex.com
cmod.live.streamtheworld.com
code.createjs.com
confiant-integrations.global.ssl.fastly.net
core.iprom.net
crb.kargo.com
cs.emxdgt.com
csi.gstatic.com
csync.loopme.me
d.agkn.com
d15kdpgjg3unno.cloudfront.net
d1n00d49gkbray.cloudfront.net
d29xw9s9x32j3w.cloudfront.net
d3mmnnn9s2dcmq.cloudfront.net
data.cdnbasket.net
delivery-cdn-cf.adswizz.com
direct.ad.cpe.dotomi.com
direct.adsrvr.org
dis.criteo.com
dmp.brand-display.com
ds.reson8.com
dsum-sec.casalemedia.com
dsum.casalemedia.com
dyv1bugovvq1g.cloudfront.net
e1.emxdgt.com
eb2.3lift.com
embed.sendtonews.com
eus.rubiconproject.com
event.clientgear.com
exchange.remixd.com
fastlane.rubiconproject.com
fif7gbaea4aaajqacqnqaeyaabq43ox7-p2hmtf-4de565b37-clienttons-s.akamaihd.net
fonts.googleapis.com
fonts.gstatic.com
fx5bs3qxg6thgyonxl7q-p2hmtf-b2a56155f-clientnsv4-s.akamaihd.net
geo.ads.audio.thisisdax.com
geo.privacymanager.io
geolocation.onetrust.com
gixel.gnetwork.me
gocm.c.appier.net
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
grid.bidswitch.net
gu.dyntrk.com
gum.criteo.com
hbopenbid.pubmatic.com
i.liadm.com
i6.liadm.com
ib.3lift.com
ib.adnxs.com
id.rlcdn.com
id.sharedid.org
id.sv.rkdms.com
ids.cdnwidget.com
idsync.rlcdn.com
idx.liadm.com
image2.pubmatic.com
image4.pubmatic.com
image6.pubmatic.com
image8.pubmatic.com
imasdk.googleapis.com
img.connatix.com
imprnjmp.taboola.com
in.treasuredata.com
ins.connatix.com
insights.zeustechnology.com
inv-nets.admixer.net
io.narrative.io
jadserve.postrelease.com
js-sec.indexww.com
js.matheranalytics.com
loada.exelator.com
loadm.exelator.com
match.adsby.bidtheatre.com
match.adsrvr.org
match.bnmla.com
match.deepintent.com
match.prod.bidr.io
match.sharethrough.com
match.taboola.com
ml314.com
mug.criteo.com
mweb.ck.inmobi.com
mwzeom.zeotap.com
nep.advangelists.com
news.google.com
nodeny.targetspot.com
odr.mookie1.com
onesignal.com
p1.parsely.com
page.cdnbasket.net
pagead2.googlesyndication.com
pd.cdnwidget.com
ping.chartbeat.net
pippio.com
pips.taboola.com
pixel-sync.sitescout.com
pixel-us-east.rubiconproject.com
pixel.advertising.com
pixel.onaudience.com
pixel.pointmediatracker.com
pixel.quantserve.com
pixel.rubiconproject.com
play.google.com
player-files.remixd.com
player.sendtonews.com
playerservices.live.streamtheworld.com
pm.w55c.net
pmp.mxptint.net
pool.admedo.com
pr-bh.ybp.yahoo.com
protected-by.clarium.io
ps.eyeota.net
pubads.g.doubleclick.net
pubcast-files.remixd.com
pubmatic-match.dotomi.com
px.ads.linkedin.com
px.owneriq.net
pxl.connexity.net
rtb-csync.smartadserver.com
rtb.adentifi.com
rtb.gumgum.com
rtb.mfadsrvr.com
rtb0.doubleverify.com
s.amazon-adsystem.com
s.go-mpulse.net
s.srvsynd.com
s.tribalfusion.com
s0.2mdn.net
s2l.sendtonews.com
s8t.teads.tv
sb.scorecardresearch.com
secure-assets.rubiconproject.com
secure.adnxs.com
securepubads.g.doubleclick.net
simage2.pubmatic.com
simage4.pubmatic.com
siteintercept.qualtrics.com
smoggysnakes.com
sqs.us-east-1.amazonaws.com
ssor.tribdss.com
ssum-sec.casalemedia.com
ssum.casalemedia.com
stags.bluekai.com
static.adsafeprotected.com
static.chartbeat.com
stats.g.doubleclick.net
sync-amz.ads.yieldmo.com
sync-pp.ads.yieldmo.com
sync-t1.taboola.com
sync-tm.everesttech.net
sync.1rx.io
sync.crwdcntrl.net
sync.hgrtb.com
sync.intentiq.com
sync.ipredictive.com
sync.mathtag.com
sync.resetdigital.co
sync.search.spotxchange.com
sync.srv.stackadapt.com
sync.taboola.com
sync.targeting.unrulymedia.com
sync.technoratimedia.com
sync1.intentiq.com
synchrobox.adswizz.com
synchroscript.deliveryengine.adswizz.com
t.co
t.teads.tv
taboola-supply-partners.tremorhub.com
tag.1rx.io
tag.wknd.ai
tags.bluekai.com
tags.crwdcntrl.net
tags.remixd.com
thrtle.com
timber.sendtonews.com
tlx.3lift.com
token.rubiconproject.com
tpc.googlesyndication.com
tps.doubleverify.com
tps628.doubleverify.com
tpsc-nyc.doubleverify.com
tr2.smarterhq.io
trc.taboola.com
trial-eum-clientnsv4-s.akamaihd.net
trial-eum-clienttons-s.akamaihd.net
tribune-baltimoresunclassic.zeustechnology.com
u.openx.net
um.simpli.fi
ums.acuityplatform.com
ups.analytics.yahoo.com
us-match.taboola.com
us-trc-events.taboola.com
us-u.openx.net
us-vid-events.taboola.com
usermatch.krxd.net
v.adsrvr.org
vast.extremereach.io
vid.connatix.com
vidstat.taboola.com
view.cdnbasket.net
visitor.fiftyt.com
visitor.omnitagjs.com
widget.perfectmarket.com
www.baltimoresun.com
www.google-analytics.com
www.google.co.uk
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.i.matheranalytics.com
www.storygize.net
www.tribdss.com
x.bidswitch.net
yield-op-idsync.live.streamtheworld.com
zephr.baltimoresun.com
znbkhvqf0zrgtvrlt-tribune.siteintercept.qualtrics.com
nodeny.targetspot.com
player.sendtonews.com
sync.hgrtb.com
sync.ipredictive.com
v.adsrvr.org
100.25.5.11
104.17.209.240
104.18.12.242
104.18.8.110
104.244.42.197
104.36.115.109
104.36.115.114
104.36.115.98
104.45.178.220
107.178.250.234
107.178.254.65
107.20.198.59
13.225.210.108
13.225.210.122
13.225.210.40
13.225.210.64
13.225.210.86
13.225.210.98
13.225.58.39
13.225.63.128
13.225.68.201
13.226.31.111
13.226.31.61
13.226.31.85
13.226.31.90
13.226.31.94
139.162.78.222
141.226.224.32
141.226.224.48
142.250.65.162
142.250.65.226
142.250.65.230
142.250.72.98
150.136.156.92
151.101.129.194
151.101.193.44
151.101.194.137
151.101.2.49
151.101.65.181
151.101.66.137
159.65.196.12
162.248.18.10
169.197.150.7
173.231.178.77
178.250.0.157
18.209.139.57
18.220.25.210
184.50.205.90
185.167.164.39
192.132.33.46
192.173.29.75
192.173.29.77
192.35.249.127
195.244.31.10
195.5.165.20
198.148.27.139
199.127.204.142
199.127.204.162
199.187.193.185
199.250.166.129
2001:4998:14:800::1001
204.154.110.88
204.154.111.116
204.154.111.120
204.62.13.72
207.198.113.169
208.80.55.209
209.54.177.91
209.54.180.144
216.200.232.249
23.217.25.136
23.219.95.182
23.23.88.115
23.41.168.170
23.41.169.52
23.52.160.130
23.52.161.180
23.52.162.21
23.52.164.7
23.55.166.115
23.73.244.44
23.88.75.189
23.92.190.68
2600:1400:d:188::26e5
2600:1400:d:29c::11a6
2600:1400:d:598::4469
2600:1400:d:5a5::11a6
2600:141b:13::17d7:822b
2600:141b:13::17d7:82da
2600:141b:13::b833:92c9
2600:1901:0:240a::
2600:1f18:444a:4602:2c20:3113:5c28:1366
2600:1f18:4e9:5a05:cbbe:ce00:264f:b9b8
2600:1f18:612b:4232:542e:84b1:1361:c28e
2600:1f18:66e7:fb10:6760:55cb:2555:7ffa
2600:1f18:66e7:fb11:ec89:9d10:70e:2fef
2600:9000:210b:200:1d:e9ba:f480:93a1
2600:9000:210b:3800:e:f240:cc80:21
2600:9000:210b:f400:5:82fd:2500:21
2600:9000:21da:3000:19:fc2c:a140:93a1
2600:9000:21da:7000:11:b309:9100:21
2600:9000:21da:9a00:1:a3fa:7cc0:93a1
2600:9000:21da:e000:18:1fcd:34f:cdc1
2600:9000:21dd:b400:8:48e:53c0:93a1
2600:9000:21ea:c400:9:7c30:be80:21
2602:803:c002:200::32
2606:4700:10::6814:b844
2606:4700:10::ac43:db6
2606:4700:3039::6815:c0a7
2606:4700::6810:125e
2606:4700::6810:9540
2606:4700::6812:c05
2606:4700::6812:e134
2606:ae80:1451:11::2100
2606:ae80:1451:12::1720
2607:f8b0:4006:806::200e
2607:f8b0:4006:807::2003
2607:f8b0:4006:807::2004
2607:f8b0:4006:809::2001
2607:f8b0:4006:809::200a
2607:f8b0:4006:80b::2002
2607:f8b0:4006:80b::200e
2607:f8b0:4006:816::2002
2607:f8b0:4006:816::200e
2607:f8b0:4006:81c::2001
2607:f8b0:4006:81c::2002
2607:f8b0:4006:81d::200a
2607:f8b0:4006:81f::200e
2607:f8b0:4006:821::2001
2607:f8b0:4006:822::2002
2607:f8b0:4006:822::2003
2607:f8b0:4006:822::2008
2607:f8b0:4006:823::2003
2607:f8b0:4006:823::2006
2607:f8b0:4023:1404::9c
2607:f8b0:4023:c0b::78
2620:100:a001::c
2620:112:f006:bbbb::12
2620:116:800b:21:ea23:7677:128a:8c9c
2620:1ec:21::14
2620:1ec:c11::200
2a04:4e42:200::300
3.127.201.35
3.208.105.70
3.208.244.38
3.217.216.1
3.222.216.135
3.223.11.104
3.230.62.22
3.236.169.69
3.248.104.197
3.33.220.150
3.95.140.237
34.102.142.228
34.102.163.6
34.102.253.54
34.107.191.194
34.117.4.53
34.120.155.137
34.120.253.250
34.149.130.207
34.194.166.233
34.195.91.69
34.197.95.142
34.203.25.60
34.225.18.44
34.226.87.209
34.228.250.212
34.229.3.43
34.233.103.61
34.98.64.218
34.98.72.95
35.174.233.127
35.174.248.175
35.186.193.0
35.190.31.44
35.190.38.143
35.190.60.146
35.190.65.91
35.190.90.30
35.201.103.212
35.201.96.126
35.207.24.140
35.210.53.219
35.211.165.199
35.211.178.172
38.27.122.158
38.67.14.224
38.67.14.233
44.238.90.180
44.239.174.197
44.242.34.37
45.35.192.162
47.252.78.131
50.17.207.51
50.17.208.58
51.178.20.140
51.79.83.225
52.20.156.159
52.200.181.105
52.203.157.37
52.205.167.202
52.207.202.199
52.223.22.214
52.24.171.117
52.3.109.58
52.3.54.123
52.45.33.138
52.45.80.111
52.49.183.91
52.5.237.191
52.55.72.211
52.73.153.177
54.147.68.28
54.159.192.110
54.175.69.37
54.192.160.42
54.230.162.106
54.230.162.112
54.230.162.121
54.230.162.36
54.230.162.49
54.230.162.5
54.236.195.76
54.82.87.39
54.83.242.41
64.19.224.203
68.67.160.114
68.67.179.90
69.90.254.78
70.42.32.95
74.119.119.150
75.126.248.142
8.28.7.81
8.28.7.82
8.28.7.83
8.28.7.84
8.43.72.97
8.43.72.98
88.212.252.22
002c23c133b009fc8c30da80c329c0814b80f5935dc73ab28e6c6467fe032c26
006928ad2f9831aa8e8e80d104ff2a0d1f69a35d3a6a1c0484a62d700be9f902
01937c9481039111d9c0f243edc9dc1fd987dde3ecfa0e7082c3500f82477807
023694a0472dde38c6600bf88e6330765839e53f64f94edb63714aeab3de7e51
0263e1cae993e2ffc249131d904643bc99dfbaaac022fa762a34d9459af4c8f0
02bd40051130b0945ef0f22ccff190169852b3fe44f3ea7bf4075d2c437b30f6
04d3193ffc3518959af1d0556c110e135eddfc11e9a52f9a9d8b41016fad2363
04de522bd92b4351527d64657e77abd3d7a70bedee55dc18f62efee5f6958577
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
0597ab745938c4a2cc0818fc2447beb211629e484fed0b4143bdd6fa5724be61
05bfcd506e58aec520b3d5a2b61583d9c4a9e6c6d790fae07e711a872cfb0838
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
071e48f36d01127379244fb4189bbdd75bbe98190375981e8dc833e2cccea0c4
07383c96980710a04144e5a39ae59e7f9f74bcfd6462a6932ded48efe6d73bce
079da63fbcd217a3da18101e1b6277f27b2a30aadc0ed92fe1d89699b9669498
091ec084a0358833ca37c3555b08169ec1f856ddcb5d9257310a988b73bddcb1
09ebd7f407439990aac227e70da23e1a819e8e30282928e324370805f480bec4
0a35349b8f48d352d79805b7cc32b971b2ca08f2b9532c8b4f1d75cc3fab7b99
0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0cfd9cdfffcce403b6f36df8ae21ebb9d9734e049b5871e2c58f436ec46064be
0d9762a1a60deef8aa093c473ad27c38eed77184d6940e7df06d89d77cbd3e94
0ec9f4880ece4d620da10f84c3200bd3abc058fe5b7868847ecf7dfa6c0e6686
0f4d9e5596ab8d88f5cd68ea64b7cb3f4a7d6f47aa8830abe72f9cef6a19c758
1115425295037930ce44054590ef1becd0085a79e8292aa3125a165c2cbb86ef
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
128921b242c2b1953c2a1691cfd681f716ecbe620ec1a2424a644b9487c23760
12908fba830466a63d701246d2ab82c2728d680f333e7b32dd09eb8ad7b0a413
1608980c6f4deb0e238ce9af217e69059535d627e4d9fa8adc9908661912b3a1
1614b96024fccacb8eb3ccea78f91c0c0fb374eb89c4e47434d34f5949c8a0ae
1621109321ffb600b707bba407e8434f2e0a8f453e63caec68f77dbf4508fef0
1623f1d081160d976dd6588373dd6e73e24af9a6ff056a653ebd0fba2f355bcd
17a238c718b32f43cce7f677d9304367e09cfb492a17d4228d49515211759204
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002
18977e2e60e3aa80ea2c0c96490ab192c47a4eb8334705da0eb41a938965c3bf
1a433a6a57c07eb1d2754e06d6fc413dfd4464b8e5c67b30597aff484885a9b5
1abc5469f1235e85489ca1062a07fe18c7f449e3ba039d3de0da07fbb3c5892d
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
1ccab59b5a632568cfd33c6e670e86e2494419fb365298b0baeef0cea9f227da
1d4a78769df11981630c482bfe090ec752e4a7401e15e79abd8d351f6e034903
20195593806d0981e14b859212c46a8d27612fff906d4f2714f0221730390f39
2027db5d0eadd49f42a261c36b107d03af905139fd2b59367cd71e34895f8d96
202c65dbcb8456a7d52ae9d52909a15eb60894c08a15aef615f4e0955e090688
2070f3136990107c194f441e3e82cd766bc0c86caf7ca00a93b5c8db8af25fdc
2200c69de12713c4ee020e0ea2c30aa121d02d4c91fae75e58bdfb6362ac160d
2295c7a89c8ac4a19e2641283109be472d8f58bd78e42a38a0d16e34203e4bba
22ab320d4b6f39cc9f1cfc18b7e02b4da4b2e2143bed52742123b5f35fd652ce
2366e7f19af6f413e44c444c7bb8df5ee7c60fbc6bfe0df5bfd3a2dc74994ab1
2496e08f7905bc4ed641ed9e93365fe951e2d9d5a66d1dd42b052fb5179a398e
2547640cd989b80083eb3ade2a4993c1776a1229cfffd41adeb0fef3e86eaf2b
26395bb2ea3cacca0ade568eb8feebc4057f276b60afdf3fd5f724be3642a826
289d845103cad048511dd9dc30e71bd407c44a954284ebc0f578d6adc18cd139
2913e580b9b9ea178e0eb7797ced71471f7913cfe34b496ec09087d1d1ae8c0f
292bcd0551ee500b1cc5c1416ce840c056f16075b5f83fb84c3cbcbd422fa5ee
29726e833f4940e76823406599378dfda2812b5c91a6653cec78e722f1e40df8
29b39c8712d228af23ca90e3a3e7c352174ffe883f0e66b34b5920909dd3da70
2b726738f3e7aded2bdbc9c57e27086583974f79f8da3e0ec4fea3889bb42468
2c347d58c696d6e371b92485f7705ffe574ed5eff3758f6fd919e6241caf19f2
2d244ab7abf2ef8a3b4b393211fb2ee0469290fc2f5daccb83b71177a4f27d5f
2d5ae5a515a688823dc98d032242c2ed6f490a74c4281bdd599567898f9fa675
2ed6094272f4048fcfabf992dc7e1dd1fad5136e51b00ab32953d7e22de8d605
2f314df0392b589afa4804f597a2d613c286614bcea09f91bd19a539c0ce34ab
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
30eb5f04fda6ace9d2b2688ac03c600c6bddb3f6084553c6c766c48845a0681c
319a3cc5c9b91c326cd8b31930650ec7afa7d00dfb4c8f59bf0d4ed0f5ca1526
319dc60c796946da643a880fec740453dfa1308266841c576d1c577a4c9bac44
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
32b5c88160bab78ae20a39de4a8abe015f4f4c5d48be8300a6686d32a570ccfb
33529847d91c70e4e3598761a9a9e9d7b481dc58230dd54d5e782d3dd8d4607e
34945e57183f095b83b2afddd4768243e33633e4431a9bc7dc06a421dacee7b3
34c7f5ae9616e6b04a053ebb5d16d7342c9b12901e5ffcbe47e464ffe1bf9257
35792cbd9b85c2c663c4b20dcbef025d89e58ae04c675782fe76f105a65932d9
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068
36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627
37da4f4e9645bcde259d1669db9d2548d9ff4f80e72bbe405232924129ae4db7
3848dbc8ed944fa2d7d2953916e4898fa05ea4de8d4427d886253cf569b2adc6
393719e94722f419dbccfc81e71d79ccde0bbebf8f21d17d3dcf90b01d8a4a9b
39b076e4bb4fab9b8a142499cf6155f8c128464974691a04de7e764f71b72618
3ad4e4f2ee2a2ba2ed7adcf370985a2b742116af9929d1448af0b078cb104d5b
3ae781aee82693708ba912c85db817870a659f444bee9cfd590d9e71f06f8d8b
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
3b7f1a6aeceeb60c709478e55147a48f4031ac6617b3ab089210f1f1f59b7204
3be09b57f4ddbc74f8d4e72fea0807bf03ac934a74d71e841309558aefde7b0c
3c25b077a6d92cd9d3576660b68c4c0bd135b78b3cd3b66491ff2c7aa0eeaad3
3c6b45ce8ca0a28f418decd40c175f3abdc3d4f38e011928f965d9ca00c46513
3ca19e57c9a2465ae4df271316ba4d29e7ff7f113a2a2c5297780c0b7a0ac09d
3cb4b4bb82f8d327fdb36e8f7df44603109ef4ad45689b9f3602970a2e0a7d1a
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd
3d76ab4ac854cafef51bbbb5177ea75816df90e3c775294991a016404f2b6bb5
3d81ac966358b04c1c7630c81d63e1fc2a636164e182568fcef439f02c7a8440
3de3075ef16d3387fb9e903eaf5521e0e7ea1c4bedc4877d77dc850cf56c8436
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
3fa83cb7e565862aca7c40718b96a2befae23f74dd84709ae159809b4819614d
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
4008ed468f1d73e6ed0c70cf6f19ba403434229d5c326e90f83709f776d3ba69
404b5ddfd751e54016ba4fdbc2578938191c4978d69f28d642b746d6e9f5b5cc
40eeab10551e93f9208a961f1981131a6022ff67126179e0dcf15599d67ff4df
41d15bcac88d0a213dffe9a69c69cb84bf5d69ac5fc7045791d794c2db96a0d8
420b866f2e87987f86bf6e783f550165344a1c319ae537d6da40280f86ed64a5
4293a76b2b68b6801d795c40b8a124f80fe7d5b114977d66860a59e6e761a0e6
42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2
43f4ee1062cc29fb4768c1806575cee96768b541f19a3c25da4b1afb82b30652
43fbbe355f40735e833eb1acd033f1cec8e3d31a8531c1ca1e7b0a1c6e5a66fb
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4483fd79fda349ebff0e396f6bff63c4c78628faa8eaa6fac607b7c1a3ec44f6
48690aaa6fff4d84b3d1de64a8ec77ed01ca244492e10fb776c794ba6c171639
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
48e73bfa7149bb6f8a43bdcdf9362c23e496576431d5851f54c332f595c35fd0
49384e3ae86358dc14b92e003f2b2da1bd50e6082057eff08176ae064afd234c
4a1e0bd521509e9519ea02e47696488cd510c861cf33ed797227b18837c570b5
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4bbb9c825577c27290906050a1617d27570fc84ee5970b3a777f3fc1e5d72fc8
4bce7b36ed85b24ae3b056cd1b83bbc9d82e0c915c14bab1f076e85a03374f93
4cb706b4696d73df6dcce4631b68bc78fcee36583567ca77a802ee4dbe563406
4cfab73f48ea3a2c03aa2520f0de01c65bb730a123b6966d3585a5627351e181
4d2a74d8b25e1ccd4b1294b0b937804bc24aeea7f46edad3f3c1f91604d2708c
4d46b9cf533d460ad479908c269a802f8bd08c5b44dfefccff56c0e327ae4ff2
4daeb273f8c0e435cddd264f2326819bb4612ad2aa878169248386372abb0cce
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4ee4f2b6484cee71dbd7ac530f1be8f59d6715316b5490f417079e0a436c5707
4efe845e7dfcf34474889ed984c37c464cea9fd16cd4c56d3501d71949dcbfbf
4f49e616d278a16d9cd55a6d5fe19c99ebd37d7d3848d14422190618b67011e0
4fb83b55a32c676b34bdaedd8c51d5917ca7b491dee559a69a87fe26a1ded6eb
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
52a1bcfe57d41720ea9ca3591ee85d582aae3f2ac61d865ae746bf3db06a3998
5364592098ff9eeb1a5817799a168dfc181b7e4bb797e3ebd1797e044ace345d
53e807d38ac701ed0eff611ee13b958a518c31c4af9c161de590d0288af478e1
53f0cf5f2fef7e5a938d553f62eb56266d1ac4e244eb7dcd40630614485fdacd
5442f87efbd6d519174909df3299423a48540ab21842316daa021299fc65012f
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23
54dd6dab7dc8f91606c567d844bdf8c11c3d36690af78c74b421641e908ce8dd
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
562ccf1a955dca2ab87a91b53b85411f17e69a1131abd4b3be9d1aaeda19b69b
59c25f997909b65945ed830593231305338180fbc6010e569f36cd7bc7c5f4ab
5a49ffdeec0e61058ab6cdd783275b84a2c27a7a26b95a644f7764a78b510a7a
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
5b076b70e052b397f288229ec95ddae8407bff08f318c1c9d5f0a5f7e2a374cd
5b9e14d715735265ef2a440f07ea9bb0e0738028232e1579de99b13cbce91cc1
5c30ea983a08b3944d7e078647b151862d0df28c0a646aac568c53c6460ab408
5da3370ea81bf9fec16d0edc044663f919e8662c07c1d9e1e346c139f3e3aa0d
60a0fab50a32452c2ce934379d8308dcbb19726badef816c4e9b483d54322442
60de22f54cc58673248512de11eeaef5e4dcdd9d90883727ec2ba1de23e4c57b
60f7338b205b37afb343de313e37df580b009bc571f0cbb45d5429295af331d8
611e62123af6134c31493f663d3e4b0db17776b501611ec2a3ba790956303043
61519deaa156f24ad28ae848179016c7cc741270cb7b30043c24bd30203bdaf3
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
63cf7a38baaaaebc012cfc355797544949b60c040b5da57560f26d88502d1372
65873c98a919ec2951e9a6634cf09bd7b4b96db870352f14795ad6d2305babd9
65f6185cfe1cf88fa7981160dd6fa443e111887215b72953718ea70f8e2ba9f2
662efaf46c617ddbcb8ff4a2a8f64cffd3d93630f1003f8e66511f369b87730f
66a141e71d418dae03b201001cd25e3b0ea3264c67f5a3f304bd36348eb2a2ad
69539b5b3777cffda28a66d7f2aa9b17c91ee1ec8fd50c00c442af91753a60f7
6a13b93c05af6ec6255b737032aa3f5d1f4823ed2d57d12c0735bd2c4adc8efc
6a85d8df939a9605e57602f6da2a4a479653fd16f326f56a45db3d1dca79ad94
6a97efa44f7becd1edf3da18b9b332485c45ed390e5aa03833d5bd2fd7d7c4cf
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6bfc7f035838df33c0b927be3bc8d8a59d6f055658945c9a17eee1c0d09fb972
6c25f3576e24c0bd118be276156f837a706efe68fa0e9a505ee75144838a4bff
6d1743a4b9cd803083da5fd65626a4e92edebe73a40ee18f60276c96492b4afd
6e1c86552cf292a8f63431402d68873f7c979c46f07fb9a98f804d85543cd298
7087fef813ede5ae1c4e78959a30d1a76ff8e10e74ce4e7a379eb39a7e646c7f
721b19d22cfdf15fff3df982e879b138287adb2d85a729590fcbc9fafa8a14f5
724228d8c311c35307c0386a8a6ee6db86a8828a89f987689e796e0c3158cf20
72c5d10e99c6620a2561415895a84064b5b5616c2b1914602263886be4cdc229
73a33835cc68bbeb09caab7383bd8c03b2b734a2f499dc04523ea54775dae7de
743a61c3d4903f8b453a8e4d022b477acb5ca21066402fa987842ad8483c5f22
74df6a6e6baba23c158bc44b03c0e68cd743edffbf10942864e70e1414936b48
75deaa11b0d180d4c21bc7df7bbe91b772f859db7f9cad11f80f2102c64527a8
771196c556ce9fe2914aa0d336cf0f11fbd579c7cdd52e8436b19e0fffdd783b
7725538fe2f71147bffeba7452b434c826aef9009666cb4360c605d0b2a91d1d
775f322cf3b9588f0dcc50a109cbf02dd4e6507546deb3da2af3694eb7f7c585
78fdf5abc0ba7951eb52c6d66c9d1a9f8766f4d1c60ca05173c26623de3f3416
7901c1416c141e4016d913e899e97472a0e3e3def294ab91570a9dec0f4a9c75
7921a6035cc8a0981a5dee737dd3d29b150ddd48407717d3fca4b6376f2b0e70
7adc0e82d10de0c5af74d068b95973ff1528ff242d6e35390d3d5ef718291471
7ae52ca982da40ea41d1a94b377d108afdc06ca49d8dd8fa0127bfc57020ab14
7ca2f8d7e242a0eb5387651027072a5d125b9c34c1ea5ce0079670dfba0d27a4
7d4243c8e973ec0cfc707904891ae4e3efc03dbc8923acb9755f9a35c92269a6
7ede96275acb943f9079c1d7e2c838f65bcd2959e6a6b0b13734cbbdb08a3b01
7faef21187e15aefd3d8a5a585ca32c66358f597a97f5abd276517eaea1057d3
7fb26c7aa8a0f21eb4cf37124706d49b568d5417e06c39bfa755b1613a1f8373
7fbe6dbf4ac7e741238f60512586f324d925ac691b726a24edf9722354863d84
7fc828bb9cb60dfab4ce7ef6f96f61630f7d816be2c36b9ae08462fa8adc0bbf
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
8061c17ad6d7b8805745d8f136437acc8abe498fed1a01cec4d142b55def3c55
8097a174e646a7c3e537b868df84168428fd1d8f75430e2eb171c33499c127cc
80da370ad41bee2716b42d1583e139eac39f5c7c243c5fe6439b9754013116c6
812bfc20d3598295f995076ee01dd95a476cccd9b435ba224680ae3c6b949bc1
8221bdc70145c9154445252f23ebeed91ef6930354e1dafaffb1de2e88844593
82449a4ceb4548aa5b23844b9dc34ac0561cce4da2890f4a1090b2e687cb5fcf
831b0d6cde4541d363bb7a67eb49010fc5fd717dda4b9c3187dd3207b1da56cd
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
834148c265906aadbcc02bcaefe38a6ad8afb80bff27945a3e65000262ff2e35
848fe19ed492948709b881f504ce2eb6274baa694606ca88eb9b2990a2460caf
84b0dce2e4672388f88fa115fcd8689047e3aea197da5786861582a63e73f0b8
878227787bfdfdc233209277b711325be189981949e62797f2b8413f1931c261
878df354e0cf3ba3f58f505e99d33053be6f107bd16b2d7834a6a41e34229a56
8795fc450592a67c97bef4c63e537c84507bd5279a45607e3486ec76f6fca1d1
87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48
88522cca257c7b55886862e9549236b005c2fcbb1246bcd986621476739c2127
88915cdc03fc5b9a20aec966fe93ee38aa3fd76bfef296e41d305271b3541c96
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8a76c01fae94a20d97921ff32659e57cb8d566803422e70df351adeeaf56b515
8a96447f6c2508fd5d0c5d3a3c7b279c012c6e8125c81847b2eae58daa09dbc9
8b13dc377a7e2365bca4d396121e915ef3328c7001889aa08f5b26efde7b880f
8c1c9bcac701d914dce9b928a57bb65f59e23f30077d85e8fe907d93a35f3986
8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7
8d3ca80fa271e94b0c36cf3053b0f806b7a42bb3395b424c99dc0bd218f0ac20
8dff895e37b835b6c8b61a53d2eb55ff2203292771138535b40767c401935a44
8f6bf9f240f49eeb1c8ad27bdbf484cbc28286f040d5589c37d354b14d429deb
8febc33037e91109f63df5b8e0a847bece52adb0ad7363ac3c781b1977b6f046
8ffb306af4c54b8413b86ba5f5825cd3946b78546ff026a910d16fb340b2934a
9000ac6e87387641c9ef778db9586e320bf451e28815384c5e72b689876bcc90
9117e96954ff5f2423e161b42f9a0bae8706d1426f350fa9ecd6be3e2c8eff3b
9227891ef9134bc380869626cce49072003826252e06ffbffec6bee99d53cc12
92492a41ed7dbc02f64b8f399adef0bc87063f9011ea0dcf397d19a8d484bfa7
94a557b756089fc7dde1c857bb1a2f776dff6aeec3ceead5c2fa2304433b88ee
94ced0d4c94d2743b8875077f9eedb7788cb9f80cd839e19816fe78f907aa90e
95ea62b1500600dbaf8354a2a2a8f0f9e9d023217c53bb215a9aaa0524a44efb
96d66ae034f09eab8282feb0a9fd951c2a12f7b5419981da6bfdb81453e658ec
98154da53a312b4d3693fb0602045dbe38cb80892777d6777ccbad1f34462531
9861f51d1896f195c45f603bdc6b7f1455817966f5da945371c922a6f8797711
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
98ba8f881333898d751dabe4f8b4cacc4489a9f5b6b4fd1fc67c571dbfec95cf
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9a2d3304493ce1111daee9adba848901e42f8c7d21bed90975a5a6d1dedb2860
9a630b852e94f20cb8140704fd830bf40bfea0a2effaa67d06a0eadafbf3d508
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9ac9b9a46ed52b07dcdddc49724dd34370866e8b5c7a3255117ce307ddd41916
9b00167bd1a8b5eff20eff2fe5e1fcace5b8b6a08e54ebdc6a1274d65cda1fb2
9b5c31a44af11ab4c79d80365b93563fb565dd0edcd72569ec8e487756889209
9bc9ee936d3225274b7d792070d2071335d798eecfb700aa19c48767b59b2f4e
9c67c6ca53fca0eef341d51edaec7d3e4111b3260bc0dfab22407901a9246ec3
9d621880e1af103e6a169b83fe62ef53ceffa55f5217fb792172333c7cbacd74
9db8a678d1681c1c4a3f15e1769c3f54d96f126db4a7b00cea65127c820a7763
9e000e7805a03b275608d64f0ee40fc1140ea80bcb3daa6bc9a5406dd107f9d0
9e97fc43ecd2f16948c3a8d2de65e0e5483db4ed5ab174058c178ca1c8665d0b
9eb383d02057906872cb675627a821f045566072476a0a28f5ca94185b58a704
9f4f0a485be04d23af8ec30b93e20aea60d815a1331a21d2de4086b6ed9c5fe9
9f70186449defd49f0c09aaea8e03fd4ad4b29293c6f2d8d4071bb6953288bd2
9f8384db37a0525c5cb15f466e68c7080e3fc9b702ca638e77d4b2f70b063f7f
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a08f1809f6eb14f16140d0791bd03278c203b2d010e83a438dbc4475515fd24d
a0b549670f674169e0d1e6b360eb75caa61b1ce12dd1b0c766b24960a1a972f9
a18cbdbb0fbb733d7f4cba5d2afd6b2706e3f141c743f491057e5800368cd8e5
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a1d8f1be2db6c31542850ac366d8f6791ec8037b0721340e4841500e2f12258a
a23e44d9d02a2a9641a9bd3b47693656054c00b71890aed2fa7fc90151750f73
a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79
a351fd92e5702efce917edb3a5fa5e15b0c2c01b05c72004d183ea3cd0ac8cc4
a3bbe644b3d4224f5fa9818016c32de6d42adb32c432c7bfc15063ca7f40a4dc
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a4dacb07f83f131eb13162db109e0c2b763dd3262adf859de3bf6c21d2efba0e
a51f939d8286be23d3f9eb92b08800120cdc126dfb6197b8575ac85c5e85bd7e
a52353c2f4c441c1f50d634fcf160da6abaa62f36ad3a90e6e457b367479a0dc
a5993eea6d5c8a2028c3b4fbc30205d88e4d1d854310ebb1e4f74b618d79c3a1
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a7579b34641a4373479f073a7a2d5db0f9ee13d11b7a1e01a54d6eb2fa1f0ad7
a8581464ccfec805d81acc0f2b30399314095b968bead403f26b1e285553d34b
a901e5e138e58fa2a82c2a70a6018b55f045a0ef2688d91681c2a519dfc588c3
aa23c6001a6930d81375f66e1095571652c7cfbf1607e5813078b40a032a392e
aa8acae55af2687e4def8fd9c2ab60ddb636c6895b70304fb0d295fcedf453ed
ac5a10cba3423ecfae3c965801dc3200c34383d15fbdf7b5e1bde63475d866f6
acd36ab0af49cbeda0afdc6b5dfc79d463b65e51a9785015b78a798f4a28744a
aef991b2e0b693a95d41986576dd3901ea7ac03b379501b1caba966058753308
afd023474f6847854b3c8c639ab202aeeb141e16694c0e9d6da502b051ba2fa9
b05bf1769da8596f575f074474fde72f795f02b7797d7ae0b58b939e1c216047
b09ea579d23bbd93059988b2cecd6d468b6963d86d2fa5a0cedc7e65c7226340
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b23c6752d70d3d6014dc03ae00aedd0a546aa8f2ac3de923a3b88161a71124cd
b32f1dd7944a616684664938c47f70037874111f0167467ce74a65e32a8ab4a8
b3367b9bb32575edaee47af62f00bf91924bb4c54ac355ea1336fff9b9e2c19e
b6caa475a6e60a972a981cf3abeb5a2ff01c09bee551831d38f18ae2b28ccfe4
b7d2581758831567a0a29de6c8a3d2cbaadc5e6eee7ae1c9d077ed34d03f97cb
b7fb9aeafd2d878c9105c3dbda844cbc6b86855b92dfe660b0117f692284bc7c
b8c58a9dd82e0d8f354035a424fece887b03aa40be27fd9c0d0dcfaa9857f813
b93deb2f2f99a6dcd6ba15e31633e827712bebda802d21de182dcd417c5173c1
b943311192171927b56d493e53b0dde02aa63b94e101ddce7576f2c7c7b04d5f
b9b1bace72c2e9a6deb4ccf206cbfce43fcbd4016cfd553151681847ed29ee04
ba1d4c816a3afc381c8b2883571e8cbdc8c982ccba7e977072722c881b69b40d
ba8706cbb821cd94ce97f10e4b5934af52f5b1ffcfee48fceaba01c8ad2a216a
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bd91b6791b53ec8bc3376cd72017f585add2778dc9fe08f8fdf9914b343ddb04
bdd7a5943bc66d3eacae8b7104d16f557de4dcfc7a981f2c5a4df825edb9e76a
be1305021803860a3154678e54b963e877079a0a270950512b7b42f7e6ffe922
bf6c1e2f8c250b7efeb5d250181599880b1c17efc3c94466aa5d847454bf14ef
bfa12779f481d024004ac40f96aa837e671f2b6362ca6b3b84f6edf061825e98
c06400bc83a93b1f376c538f8d1476b2a5c7c470cd5a34bc3af91e6b1decd71c
c08ae15d7248a988dd123dbc6623968149bc3eab209265b7d615f1af11825cfb
c11d6059d286b09f6cb6e6a17f8de7ddb36635ea34d0e3fc048e2d6a478cb87c
c1d76120776952d5ee350dde9d24aeda0d50484a138575bde208112f9dcd91c2
c1e12130de1af0a08256debddf188cd3a6d0de24ae929bcaa2bb6be433fa6c99
c1f9cd1b1f00846dd43cd13beea1a075fa441da36f1da7f38ec4777472692724
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c243b4c153a3db6060d61ae945884ed63e6ef59271933a87ae5bd88e41c0cb17
c2b78ed223025c8f45a91292079327e340f054b4ece1a75fb9dc36b5d225a9f3
c3c0d3f472358aac78455515c4800771426770c22698e2486d39fdb5505634e1
c45a7b49c14477cd160a83d4ee1fb8c311e12314e042d0647c68bec62f16fe29
c480ca0670c3ed371600aae00aa1ad3e325207ab04d57d55cdda72e541e78739
c4f5de2583549a064e85576592324508ba933122fe0adcc4ab03601fd61271b2
c55eebd9845964c111ecdbe7e583ed00ff47536f13c46a7e9c70430cc7ea091f
c61d5366ec6a77b6c8ebb1023b5bb8cf92cc3d65fdb46eccdc51853dc971136d
c75ba520bb106d9af4ac474e59e3fa413f46d1e6da2824d41cc0d4a2c96bead9
c7c6c1d68b523a4aba708c558bf9cd24ba411667679c0501a1cb93f87f8aa7cf
c815be0139a92202ff8f262cc335f6ae103594bb1d92c1c479ed604adf384a16
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
ca68d0f659b4b3b019145f9d7287ea640924cc519d216fe0eaad8f09a4f6fe91
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
cc84b96ede8ab1128d99e7a3bcf1a492602b11dc4dc1c1b8446420bf59d9d87c
cd22acc82061c31e346e4bdd6dad76ab9d2915f35c26c589c00fb63f9b8c8dc9
cd356dcb0cec4362656f5b5d96df98dd13fcb3bcae87b2a7d8a4018761b1e88b
cdb8d65e43d8930b10e65e16b0a3cb96c597e644967bd8a9db45fb4b7bb1a89d
ce9c6aa4e4eaacd6692a77ca792c8869240b0059248a69cdf947346444ec0cbc
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d0409a1b73dab4e29dc40f92fb431fa9133baa23b4a1ffae4897f39068110e32
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
d0ef936654ba84031c1ef90617069aceaab3dac1dd0912b76ebd449f9a566e55
d1371feb0512d700cf724b05a588ce79f8d8dfbb0991ae5f45ecd3ab08983a38
d14e69a9e761cb31b90acde1d2d11e03fc8f63b3c2d3a17320021592c7437a7d
d30b0267d0bf72b081aa7dcc95b79d9cfc1514aa50aead2d7b390abcf77883d4
d359aecf56b0cdaeeab7cee03d687618fff2b0b84412b442c48a7015ba6a8b7a
d5a1e531dccf3126b4539700b317554228759e52e1725fa82cbe0f58e899a2c3
d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01
d6fbd6d46b0a1be6a3cdc49f712f83d661805a42fc37993340e2cc4493819adc
d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6
d79d580ef6759a73a3510318a9fc97bf29ab12284c8b4fa878ecb3fc26710cd0
d7bfa676c07c88144d9ecdcec09a4ec7afcd0449226bf5fc5063342a16d5f8e3
d8c62b0d4ac621bedd0ca5a4e96b12a77118338d4166f94d65c15bb154d455aa
d9955b485ec10339d863941175c02572657bf9d4f6c5fa2e5603e7d803c1b8cf
da3995d7fc1c7f5c9d6878d3fcf56d59dc5f3e583caffb0be4bba9fc6ad805d0
da5d36db785b7ac5b15b9628b766d1943637d54d86fbaa184da34fe8be8cbfe9
da9aed600982c4847517d696f18e6c08884c6af8af578bba260590373fc63799
dae36d368a9c9dac3efbec409d87a6254e793f221336a31e0bb159ec1258b7cb
db7e0b393e175f19922fefbdcaa2866fca209c521d01cc834ae06cbf8d0f91b7
dc3a0e2e935e1287780338713472a6ab77cfddcd82259c9d6bb4317de0d93898
dc51aa66c36a48c0dc54e8bec5b9752bb7b12ac4fbc89522b6a5e1f75f7cbc03
dc72dc2e180487b65563ea7416932c028e9679a733cd23b6ff898df256b2d4c1
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
dd82a1a4eb7513b138a5242afa90ae5a42050e326c3d485742511d1a26411e3d
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
de40f8e9a13821460fad3250442ee45458a1073661d67758f325b3a354995dd3
de714201a45a5a6ebcbb2054203fbc5b86fa149a5e396e32606afc4a23f87bb2
df3e24422f84a464cc849484047d96fe2b0039f06f4878df502426422aab729d
e103b4b8e054534fe795815addb2068b5db87382812f5893983f2405e36ee094
e1bc9147ffe0ec281f2e18f1196a5010e5e69fced49eda1851b1803459902105
e1ce17fd79478fbb0830c687ff4046c86993acb5fd14fc35b4fd29bed00ce94a
e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528
e2665953e1da948e9d31762386969a8b8ee6e6c057959c6580decb1568b94ea2
e2c28f3e8b6a2e5170859e67cff3e8240e6b888d02005306ef3d2129f5cbd74c
e367417f5dbe0078f7412f5ae03652c31ed387fc2922e75f63b55e5747e1fc3a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e439bebf8de2df0582273906d2c1dceff2387c661efb2152ef1c28420ce4e7e5
e5aaeab37a6a8698e66682cf5576863ba82b78e6bdf486dd90ba40ed00358856
e62c1665e6764ce5527ead949dd8e2f18a15fbe89d660a6870dd5a9c2d4b35ee
e877658348c64e4ed8e28952dfa896c24b4780acf1ccc5bf30d323d837cf33d7
e89fb1a3b569a78fcfe9dadea880aa997e17ad07255b823b61e02703abc60871
e8ba6c25e1483b376da5f911cb5a9cda1cf892b3e3b6a6d193e564636343bf47
ec70d00afc372c7d6a4604a8484122c3080dd5b1db52e8cf4f160955c2e6d85d
ec89a17eee61ba72fc6d7013974c95b2ff08f8e1a12c13259d68d80fac34a88e
ed6b237b687782c7d85630dec9239d26965f826b0b1a64d2817b4dec65db486a
ed6cc3e4d411248d84eed9acc1d13ad3fd98396734464cf07173588aeb9d02aa
ede4e066ba6f7824c19c64988f43ad8becc156469b410eae92d59abe3151ad4b
eeab708e9b3eb87fbcb63a09d4c823f00b4aebd56a3686b59f74d79b9ff8afed
eeb64bc99cfdedfe9dc9cd5f417163ddef1762bda21692fca09281e632e6f43d
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef447194c4f88706e59e91d4dd03aa925cd6f5d30ae87b863c8fe282153c2fbc
f11168d9e18cdeb56987d0c36f99e640a430d60aa4873b0882ad22c8104dfc65
f1a597483f2d07201294970e0aa8995fe101948b7ce04f0820ddd33fdd8214ac
f1ac5bc2d2f0c446b2d5bc135db7414a2662ade7b701bc199456d05f51bfc261
f21287d4fbda5a171b0c7a6716ba2e69121c736f8e652fabc33ee64e3145df2f
f28ff6ccc410c5a872459ac22e3d3145bc785744fe356eb6df8e0ef60ddac179
f2f11e4d45030f1f21ec7d3ae67a65b83c4c67016fe861fbebdff04ca0c8cd60
f3a0360f0d2b33e2478712e762699bb18f814d6064c630fc29d5290f747adb86
f3be6ad457ba5d4425f4d105688e9cf5a32595ff156bd290c8ccbe0e6ca3a68a
f47f21063dfdcbdeffed3d97689b45efae7a52401cd7fc5b8d07c42d2f232ab9
f504b556b358863cf0d102c645cd26f871033d8f2452103bcb12ccddcdd2a80d
f5dbd2985ef2d22745931d04bb5d212624b46d3f79458331e8625a7c2e61b287
f66c72eba2fc065baa8d7efee6e00af0dbc191d553f4bfa46369a0ee6be00020
f68019eb4b4e5933301d4ee75969e0cb94ed8333bf514630fa749eb9c3e483c9
f7ea506bb5341082ea0a43a18e2bf7e5384dbd70619e525cbbad9e576c25f090
f7f6fe9d1fb6a41206bdeb0a87c1c82d5391f633fb25cee7da80334e9f7b7e0c
f82f6cf1599100b7836d8b8aa4bd5394e997849487dd6110d70908440c97fa64
fa471ef31eb5a07b2123b1a5a52e7fa3bc085899b114359ef67a186fb5bad68f
fa8123b1150b7d62c2299ab431333d888d2af898b6e796d8bf7f3fbfb02b00dd
fa88731d3dfcba3466dd05250f89afb97ea729d2787d08929e41d23b23184ff0
fcac0e1a4f11bbf64e60b1305ef1b935ff5c41e49d150c42ca8d8d6464dc240f
fd05f0b1bbb84abffb401d97456a2c906a35bdc888651c5da28816896270d0e0
fd3f93f729909fd4b39390fbd69f6505503d7f9a0fab820907bd88c22f0853ca
fd53d74d5d4ae2ab7af4fa2cf6ce001aefe68f524059fec089e596992020fa89
fe327b582b7a4c398d86025094aad4838d9f218849d4f62c4a5b5f07c4a94dfe
fe3fcb884394be745dbd11141b6d780028a4d86106b6292d7502db096f582218
ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914
ffc2ea88b89bc835aa13178bec0b0a1fe78a35e2745b1e71c76406bd8ccf89c5