www.nytimes.com Open in urlscan Pro
151.101.129.164  Public Scan

19 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

1. https://t.co/PJ4yzIBJiy Page URL
2. https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html Page URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 74

• https://5290727.fls.doubleclick.net/activityi;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=7399315201023;gtm=2wgc10;auiddc=2041699940.1639398281;u17=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-russia-bitcoin.html;ps=1;~oref=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-russia-bitcoin.html HTTP 302
• https://5290727.fls.doubleclick.net/activityi;dc_pre=CMKa08Hi4PQCFc-RGwodw6wJVw;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=7399315201023;gtm=2wgc10;auiddc=2041699940.1639398281;u17=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-russia-bitcoin.html;ps=1;~oref=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-russia-bitcoin.html

Request Chain 93

• https://ad.doubleclick.net/ddm/trackimpj/N296811.6440THENEWYORKTIMESCOMPA/B23785176.271590857;dc_trk_aid=466380832;dc_trk_cid=131426341;ord=850882950;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua= HTTP 302
• https://ad.doubleclick.net/ddm/trackimpj/N296811.6440THENEWYORKTIMESCOMPA/B23785176.271590857;dc_pre=CK3i3sHi4PQCFZCEewod0OMOpw;dc_trk_aid=466380832;dc_trk_cid=131426341;ord=850882950;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=

Request Chain 127

• https://5290727.fls.doubleclick.net/activityi;src=5290727;type=remar0;cat=gatew0;ord=1;num=8146863952030;gtm=2wgc10;auiddc=2041699940.1639398281;u17=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-russia-bitcoin.html;ps=1;~oref=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-russia-bitcoin.html HTTP 302
• https://5290727.fls.doubleclick.net/activityi;dc_pre=CIjO9cHi4PQCFdAYGwodYdMCUQ;src=5290727;type=remar0;cat=gatew0;ord=1;num=8146863952030;gtm=2wgc10;auiddc=2041699940.1639398281;u17=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-russia-bitcoin.html;ps=1;~oref=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-russia-bitcoin.html

Request Chain 144

• https://trial-eum-clientnsv4-s.akamaihd.net/eum/getdns.txt?c=pg9nsowb2 HTTP 302
• https://xhubpok7munruynxhofa-pg9nso-c55947a80-clientnsv4-s.akamaihd.net/eum/results.txt

Request Chain 145

• https://trial-eum-clienttons-s.akamaihd.net/eum/getdns.txt?c=pg9nsowb2 HTTP 302
• https://eaaqvsaaeaajakqce3ygyaaaabq3oo4k-pg9nso-f0589f45a-clienttons-s.akamaihd.net/eum/results.txt

154 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	PJ4yzIBJiy t.co/	394 B 664 B	179ms 143ms	Document text/html	104.244.42.197 TWITTER
General Check archive.org Show headers Download Go to Full URL https://t.co/PJ4yzIBJiy Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.244.42.197 , United States, ASN13414 (TWITTER, US), Reverse DNS Software tsa_o / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=0 X-Xss-Protection 0 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Accept-Language de-DE,de;q=0.9 Response headers date Mon, 13 Dec 2021 12:24:39 GMT vary Origin server tsa_o expires Mon, 13 Dec 2021 12:29:39 GMT content-type text/html; charset=utf-8 cache-control private,max-age=300 content-length 229 content-encoding gzip x-xss-protection 0 strict-transport-security max-age=0 x-response-time 129 x-connection-hash 3f82d67e67e624622ffae5ddd311ff626bfa2730d7ba0f1defa0cc01ca2692a8
GET H2	200	Primary Request ransomware-russia-bitcoin.html Show response www.nytimes.com/2021/12/06/world/europe/	441 KB 89 KB	53ms 13ms	Document text/html	151.101.129.164 FASTLY
General Check archive.org Show headers Download Go to Full URL https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html Requested by Host: t.co URL: https://t.co/PJ4yzIBJiy Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.129.164 , United States, ASN54113 (FASTLY, US), Reverse DNS Software nginx / Resource Hash e7b026d651f883d1a6bc37d0129d71b19beee0b4b82c1a4ad53c8423cc51da26 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report; Strict-Transport-Security max-age=63072000; preload X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 1; mode=block Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://t.co/ Response headers server nginx content-type text/html; charset=utf-8 x-nyt-data-last-modified Mon, 13 Dec 2021 11:59:43 GMT last-modified Mon, 13 Dec 2021 11:59:43 GMT x-scoop-last-modified 2021-12-08T16:36:06.336Z x-pagetype vi-story x-xss-protection 1; mode=block x-content-type-options nosniff content-encoding gzip cache-control s-maxage=300,no-cache x-nyt-route vi-story x-datadome-timer S1639396783.208134,VS0,VE5 x-origin-time 2021-12-13 11:59:44 UTC fastly-restarts 1 accept-ranges bytes date Mon, 13 Dec 2021 12:24:39 GMT age 1495 x-served-by cache-lga21934-LGA, cache-hhn4062-HHN x-cache MISS, HIT x-cache-hits 0, 1 x-timer S1639398279.424092,VS0,VE5 vary Accept-Encoding, Fastly-SSL x-datadome protected x-nyt-app-webview 0 x-gdpr 1 x-frame-options DENY onion-location https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/2021/12/06/world/europe/ransomware-russia-bitcoin.html x-api-version F-F-VI content-security-policy upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report; strict-transport-security max-age=63072000; preload x-nyt-edge-cache MISS-HIT content-length 89150
GET H2	200	web-fonts.b1c035e4560e0216caf8f03326e0430712b61041.css g1.nyt.com/fonts/css/	60 KB 10 KB	22ms 7ms	Stylesheet text/css	151.101.129.164 FASTLY
General Check archive.org Show headers Download Go to Full URL https://g1.nyt.com/fonts/css/web-fonts.b1c035e4560e0216caf8f03326e0430712b61041.css Requested by Host: www.nytimes.com URL: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.129.164 , United States, ASN54113 (FASTLY, US), Reverse DNS Software UploadServer / Resource Hash 6de706923eaa7411b5bc9dfcc2de58c8950a85454fc1aa386f3537b19f861d5a Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.nytimes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers x-goog-hash crc32c=i0q+3Q==, md5=Gy5SJh6FIQsSa1B2q6k1mw== date Mon, 13 Dec 2021 12:24:39 GMT content-encoding gzip content-type text/css; charset=utf-8 age 5222511 x-guploader-uploadid ADPycdvM_HxElX7psfISEsaNQfEgnO2Zgx5cmB4AGrFveWBc7tmn1KIO6XBFRxV4kkQJuoRY7wL5yZmwCuWxcKNne2c x-cache HIT x-goog-storage-class STANDARD x-goog-metageneration 1 x-goog-stored-content-encoding gzip content-length 9775 via 1.1 varnish x-served-by cache-hhn4062-HHN accept-ranges bytes expires Fri, 14 Oct 2022 01:42:47 GMT last-modified Tue, 06 Apr 2021 21:11:51 GMT server UploadServer x-timer S1639398279.468403,VS0,VE0 etag "1b2e52261e85210b126b5076aba9359b" vary Accept-Encoding access-control-allow-methods GET, OPTIONS x-goog-generation 1617743511910294 access-control-allow-origin * access-control-expose-headers Content-Type cache-control public,max-age=31536000,immutable x-goog-stored-content-length 9775 x-nyt-pagetype web-font timing-allow-origin * x-cache-hits 10004
GET H2	200	global-a390e9d7a067927dd253742a2f0124d4.css www.nytimes.com/vi-assets/static-assets/	6 KB 3 KB	8ms 8ms	Stylesheet text/css	151.101.129.164 FASTLY
General Check archive.org Show headers Download Go to Full URL https://www.nytimes.com/vi-assets/static-assets/global-a390e9d7a067927dd253742a2f0124d4.css Requested by Host: www.nytimes.com URL: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.129.164 , United States, ASN54113 (FASTLY, US), Reverse DNS Software UploadServer / Resource Hash 95bc30ee747b5f6aaa020d0848cd4390c346156e7103906bf0bb273147b632af Security Headers Name Value Content-Security-Policy upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report; Strict-Transport-Security max-age=63072000; preload Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers content-security-policy upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report; content-encoding gzip age 2403138 x-guploader-uploadid ADPycdttV5cfM4ot0Wd6I_dVFOYVzlhed2WXxjWmqyNFw0YeNkVIs3ucL6WPHXQmhwg5m36hWS76YcR_aFDB6IFsCpG1j2DeGQ x-goog-stored-content-encoding identity x-origin-time 2021-11-15 16:53:39 UTC x-served-by cache-hhn4062-HHN x-timer S1639398279.454632,VS0,VE1 etag "3571f7d1a0dfa9e747b201e07fd9492b" vary Accept-Encoding, Fastly-SSL onion-location https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/global-a390e9d7a067927dd253742a2f0124d4.css content-type text/css; charset=utf-8 cache-control public,max-age=31536000 x-nyt-app-webview 0 x-nyt-route vi-assets x-nyt-edge-cache HIT x-cache-hits 10308 date Mon, 13 Dec 2021 12:24:39 GMT x-api-version F-X x-cache HIT x-goog-storage-class MULTI_REGIONAL x-goog-metageneration 1 content-length 1978 last-modified Mon, 15 Nov 2021 16:22:53 GMT server UploadServer strict-transport-security max-age=63072000; preload x-goog-hash crc32c=top12A==, md5=NXH30aDfqedHsgHgf9lJKw== x-goog-generation 1636993373398720 expires Tue, 15 Nov 2022 16:52:21 GMT x-gdpr 1 x-goog-stored-content-length 5676 accept-ranges bytes
GET H2	200	adslot-842af71a017389f7a9f8.js Show response www.nytimes.com/vi-assets/static-assets/	19 KB 8 KB	10ms 10ms	Script application/javascript	151.101.129.164 FASTLY
General Check archive.org Show headers Download Go to Full URL https://www.nytimes.com/vi-assets/static-assets/adslot-842af71a017389f7a9f8.js Requested by Host: www.nytimes.com URL: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.129.164 , United States, ASN54113 (FASTLY, US), Reverse DNS Software UploadServer / Resource Hash 50355741f769814c4013442a54e5735c5e1ee9e80728a214e5a02b74f9b42b39 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report; Strict-Transport-Security max-age=63072000; preload Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers content-security-policy upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report; content-encoding gzip age 510617 x-guploader-uploadid ADPycdtq-U8v06eKXv7DKsOdBp5qmcsCQq9kCBae-vy42gwkIPFPoGVFVzx6TpWBJCIx6L4QwP49cNQdIe-iRfUGjw5Shokflg x-goog-stored-content-encoding identity x-origin-time 2021-12-07 14:35:52 UTC x-served-by cache-hhn4062-HHN x-timer S1639398279.466054,VS0,VE1 etag "375b831456b5901a3bd46f7201ba7b7c" vary Accept-Encoding, Fastly-SSL onion-location https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/adslot-842af71a017389f7a9f8.js content-type application/javascript cache-control public,max-age=31536000 x-nyt-app-webview 0 x-nyt-route vi-assets x-nyt-edge-cache HIT x-cache-hits 14173 date Mon, 13 Dec 2021 12:24:39 GMT x-api-version F-X x-cache HIT x-goog-storage-class MULTI_REGIONAL x-goog-metageneration 1 content-length 6968 last-modified Tue, 07 Dec 2021 14:29:43 GMT server UploadServer strict-transport-security max-age=63072000; preload x-goog-hash crc32c=jVwjkQ==, md5=N1uDFFa1kBo71G9yAbp7fA== x-goog-generation 1638887382912931 expires Wed, 07 Dec 2022 14:34:21 GMT x-gdpr 1 x-goog-stored-content-length 19532 accept-ranges bytes
GET H2	200	merlin_198333042_152e09ee-ea0e-4834-a969-9c9708a28694-superJumbo.jpg static01.nyt.com/images/2021/12/02/world/00russia-crypto-01/	515 KB 516 KB	29ms 13ms	Image image/webp	151.101.129.164 FASTLY
General Check archive.org Show headers Download Go to Show image Full URL https://static01.nyt.com/images/2021/12/02/world/00russia-crypto-01/merlin_198333042_152e09ee-ea0e-4834-a969-9c9708a28694-superJumbo.jpg?quality=75&auto=webp Requested by Host: www.nytimes.com URL: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.129.164 , United States, ASN54113 (FASTLY, US), Reverse DNS Software UploadServer / Resource Hash caf90d615d21d458627834cc1b5ab04a110fd20512e9e6a0fd694d96dbcfd7e4 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.nytimes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Mon, 13 Dec 2021 12:24:39 GMT via 1.1 varnish, 1.1 varnish age 8541 x-guploader-uploadid ADPycdvltXKgF-QCHrqdX7dZH5n_nSbAadJvMWFQj_FGrW-JdFM5TnPPF7s2oeNrO33etiq16kpXP5aZBsEMAEfVv10UiyuKMw x-cache HIT, HIT fastly-io-info ifsz=844547 idim=2048x1365 ifmt=jpeg ofsz=527318 odim=2048x1365 ofmt=webp x-goog-storage-class MULTI_REGIONAL fastly-stats io=1 content-length 527318 x-served-by cache-bwi5156-BWI, cache-hhn4062-HHN x-nyt-gcs-bucket cms-gke-prd-publish-images-storage server UploadServer x-timer S1639398279.493860,VS0,VE3 etag "TM+eD90xJYRebPqmLLvxRcGCvQ9ZKsxirDBqC5dXKys" vary Accept x-goog-hash crc32c=8Mf8Tw==, md5=J2UImu8bq4hlOUGYeYc5eA== content-type image/webp access-control-allow-origin * expires Mon, 06 Dec 2021 10:01:21 GMT cache-control max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public accept-ranges bytes timing-allow-origin * x-cache-hits 1, 1
GET H2	200	author-andrew-e-kramer-thumbLarge.png static01.nyt.com/images/2018/10/15/multimedia/author-andrew-e-kramer/	20 KB 20 KB	27ms 12ms	Image image/png	151.101.129.164 FASTLY
General Check archive.org Show headers Download Go to Show image Full URL https://static01.nyt.com/images/2018/10/15/multimedia/author-andrew-e-kramer/author-andrew-e-kramer-thumbLarge.png Requested by Host: www.nytimes.com URL: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.129.164 , United States, ASN54113 (FASTLY, US), Reverse DNS Software UploadServer / Resource Hash 2f47ff8da9a9b9653550fc51c1872488a976e20da51dba25dfe4c8760dcda068 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.nytimes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Mon, 13 Dec 2021 12:24:39 GMT via 1.1 varnish, 1.1 varnish age 436029 x-guploader-uploadid ADPycdtQZQT8OrGWHBXFtXY3V2eo1-yEducoQzwPU5R4t4XsX1d1pxCbYAbs_sg9lc-s4eXU9G0UYlFOXlRIAhi2ZX7Nl3QJJQ x-cache HIT, HIT x-goog-storage-class MULTI_REGIONAL content-length 20048 x-served-by cache-bwi5175-BWI, cache-hhn4062-HHN x-nyt-gcs-bucket cms-gke-prd-publish-images-storage last-modified Mon, 15 Oct 2018 19:13:58 GMT server UploadServer x-timer S1639398279.493689,VS0,VE1 etag "51f7124fcfbe0e26b3f437bc273e25b8" vary Origin x-goog-hash crc32c=4gAm1A==, md5=UfcST8++Diaz9De8Jz4luA== content-type image/png access-control-allow-origin * expires Fri, 12 Nov 2021 18:51:04 GMT cache-control max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public accept-ranges bytes timing-allow-origin * x-cache-hits 1, 1
GET H2	200	vendor-8773c5d4e22e0ef62be0.js Show response www.nytimes.com/vi-assets/static-assets/	251 KB 77 KB	58ms 55ms	Script application/javascript	151.101.129.164 FASTLY
General Check archive.org Show headers Download Go to Full URL https://www.nytimes.com/vi-assets/static-assets/vendor-8773c5d4e22e0ef62be0.js Requested by Host: www.nytimes.com URL: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.129.164 , United States, ASN54113 (FASTLY, US), Reverse DNS Software UploadServer / Resource Hash bd7dc480d00cbcff9d222504dff438f974318b9d961f5c173493699cd28d37f2 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report; Strict-Transport-Security max-age=63072000; preload Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers content-security-policy upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report; content-encoding gzip age 1017497 x-guploader-uploadid ADPycdtRJfmxw0Jp8-ocwxuFZwzAYrKLCdey8C60UQ9waKMF1MjnxP3X0eXtCezr79M9Jp4E5LpgczY1C5I539A1qaE x-goog-stored-content-encoding identity x-origin-time 2021-12-01 17:47:14 UTC x-served-by cache-hhn4062-HHN x-timer S1639398280.502267,VS0,VE1 etag "735667c6fbb31f728c373d0eb65cf58f" vary Accept-Encoding, Fastly-SSL onion-location https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/vendor-8773c5d4e22e0ef62be0.js content-type application/javascript cache-control public,max-age=31536000 x-nyt-app-webview 0 x-nyt-route vi-assets x-nyt-edge-cache HIT x-cache-hits 14291 date Mon, 13 Dec 2021 12:24:39 GMT x-api-version F-X x-cache HIT x-goog-storage-class MULTI_REGIONAL x-goog-metageneration 1 content-length 77252 last-modified Wed, 01 Dec 2021 17:32:59 GMT server UploadServer strict-transport-security max-age=63072000; preload x-goog-hash crc32c=8g622w==, md5=c1ZnxvuzH3KMNz0Otlz1jw== x-goog-generation 1638379978970261 expires Thu, 01 Dec 2022 17:46:21 GMT x-gdpr 1 x-goog-stored-content-length 257076 accept-ranges bytes
GET H2	200	story-015ac3df9c557a3a3fe1.js Show response www.nytimes.com/vi-assets/static-assets/	1 MB 299 KB	66ms 64ms	Script application/javascript	151.101.129.164 FASTLY
General Check archive.org Show headers Download Go to Full URL https://www.nytimes.com/vi-assets/static-assets/story-015ac3df9c557a3a3fe1.js Requested by Host: www.nytimes.com URL: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.129.164 , United States, ASN54113 (FASTLY, US), Reverse DNS Software UploadServer / Resource Hash 9d51ac4fb9a42858c112a239bc1c476768a84b92142c0d5707e649c2d40d8549 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report; Strict-Transport-Security max-age=63072000; preload Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers content-security-policy upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report; content-encoding gzip age 243717 x-guploader-uploadid ADPycdvhiXLxIPouBQ0cX8YYtlDlhQiGBNQPydWqwgxbVDsQ0s9TMwEVnv3lL6tVxRB2ArYkHAs57yHEK80Emi-_9pj3XibsOw x-goog-stored-content-encoding identity x-origin-time 2021-12-10 16:42:43 UTC x-served-by cache-hhn4062-HHN x-timer S1639398280.504808,VS0,VE1 etag "99a088b4945c7909eccdb8095dc71745" vary Accept-Encoding, Fastly-SSL onion-location https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/story-015ac3df9c557a3a3fe1.js content-type application/javascript cache-control public,max-age=31536000 x-nyt-app-webview 0 x-nyt-route vi-assets x-nyt-edge-cache HIT x-cache-hits 1093 date Mon, 13 Dec 2021 12:24:39 GMT x-api-version F-X x-cache HIT x-goog-storage-class MULTI_REGIONAL x-goog-metageneration 1 content-length 305623 last-modified Fri, 10 Dec 2021 15:46:23 GMT server UploadServer strict-transport-security max-age=63072000; preload x-goog-hash crc32c=q2NVuA==, md5=maCItJRceQnszbgJXccXRQ== x-goog-generation 1639151183216584 expires Sat, 10 Dec 2022 16:42:42 GMT x-gdpr 1 x-goog-stored-content-length 1152223 accept-ranges bytes
GET H2	200	ShareToolbarGiftTest-b4b7121553197d87a125.js Show response www.nytimes.com/vi-assets/static-assets/	23 KB 8 KB	69ms 67ms	Script application/javascript	151.101.129.164 FASTLY
General Check archive.org Show headers Download Go to Full URL https://www.nytimes.com/vi-assets/static-assets/ShareToolbarGiftTest-b4b7121553197d87a125.js Requested by Host: www.nytimes.com URL: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.129.164 , United States, ASN54113 (FASTLY, US), Reverse DNS Software UploadServer / Resource Hash 058c064e8d4d0a17b6f5042e7e20d7070e49b7db5c2d99471dcb7b4c12a82335 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report; Strict-Transport-Security max-age=63072000; preload Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers content-security-policy upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report; content-encoding gzip age 390807 x-guploader-uploadid ADPycduV696Jw7yFE5SlUCcDI-CLA1TyAqG6TizMvXfOMA4yeUOc6syMeWFjpG5iWFkYaJTAzUkzfqrnGZMINOLEyUyDlKJxvg x-goog-stored-content-encoding identity x-origin-time 2021-12-08 23:51:12 UTC x-served-by cache-hhn4062-HHN x-timer S1639398280.504885,VS0,VE1 etag "50da5df7038b9ed32f02a784c7623e88" vary Accept-Encoding, Fastly-SSL onion-location https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/ShareToolbarGiftTest-b4b7121553197d87a125.js content-type application/javascript cache-control public,max-age=31536000 x-nyt-app-webview 0 x-nyt-route vi-assets x-nyt-edge-cache HIT x-cache-hits 9574 date Mon, 13 Dec 2021 12:24:39 GMT x-api-version F-X x-cache HIT x-goog-storage-class MULTI_REGIONAL x-goog-metageneration 1 content-length 7507 last-modified Wed, 08 Dec 2021 23:25:30 GMT server UploadServer strict-transport-security max-age=63072000; preload x-goog-hash crc32c=Hn9gGw==, md5=UNpd9wOLntMvAqeEx2I+iA== x-goog-generation 1639005930602270 expires Thu, 08 Dec 2022 23:51:12 GMT x-gdpr 1 x-goog-stored-content-length 23171 accept-ranges bytes
GET H2	200	collections-2bbcbd19361a123430a3.js Show response www.nytimes.com/vi-assets/static-assets/	1 MB 304 KB	69ms 67ms	Script application/javascript	151.101.129.164 FASTLY
General Check archive.org Show headers Download Go to Full URL https://www.nytimes.com/vi-assets/static-assets/collections-2bbcbd19361a123430a3.js Requested by Host: www.nytimes.com URL: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.129.164 , United States, ASN54113 (FASTLY, US), Reverse DNS Software UploadServer / Resource Hash 366f915facc62f8768af9c1355ad813f768c62ba234ab31838f0cf66c512ce9e Security Headers Name Value Content-Security-Policy upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report; Strict-Transport-Security max-age=63072000; preload Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers content-security-policy upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report; content-encoding gzip age 243719 x-guploader-uploadid ADPycdvFGSMKdNjChBzyOCIRnDoGO_atgGa_8nv3sUJ1KhyHkPHO1ylOLtOmwfSEXIWWUTZHBqULoRhM5l4YnsgVAjYFgyyePg x-goog-stored-content-encoding identity x-origin-time 2021-12-10 16:42:40 UTC x-served-by cache-hhn4062-HHN x-timer S1639398280.504952,VS0,VE0 etag "2ebd65f952bb64a346b9f5dc963dc08b" vary Accept-Encoding, Fastly-SSL onion-location https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/collections-2bbcbd19361a123430a3.js content-type application/javascript cache-control public,max-age=31536000 x-nyt-app-webview 0 x-nyt-route vi-assets x-nyt-edge-cache HIT x-cache-hits 641 date Mon, 13 Dec 2021 12:24:39 GMT x-api-version F-X x-cache HIT x-goog-storage-class MULTI_REGIONAL x-goog-metageneration 1 content-length 310593 last-modified Fri, 10 Dec 2021 15:46:22 GMT server UploadServer strict-transport-security max-age=63072000; preload x-goog-hash crc32c=ZrkBrQ==, md5=Lr1l+VK7ZKNGufXclj3Aiw== x-goog-generation 1639151182074509 expires Sat, 10 Dec 2022 16:42:40 GMT x-gdpr 1 x-goog-stored-content-length 1203547 accept-ranges bytes
GET H2	200	main-3c7d1bf403a3e122d0a0.js Show response www.nytimes.com/vi-assets/static-assets/	1 MB 362 KB	81ms 79ms	Script application/javascript	151.101.129.164 FASTLY
General Check archive.org Show headers Download Go to Full URL https://www.nytimes.com/vi-assets/static-assets/main-3c7d1bf403a3e122d0a0.js Requested by Host: www.nytimes.com URL: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.129.164 , United States, ASN54113 (FASTLY, US), Reverse DNS Software UploadServer / Resource Hash 1b4b64fc71bff598417774212237b15c6549efd8bed284470c13fa61a44b0cd1 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report; Strict-Transport-Security max-age=63072000; preload Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers content-security-policy upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report; content-encoding gzip age 243736 x-guploader-uploadid ADPycdv_jj_FFc4vy7aBmKs51ZRe1grcxUCwC6_V3_q8a8FDAdI_IrHLql4U36iPRKvrllfWatqK3QJqjvVKQH6PofrkFWO5Rw x-goog-stored-content-encoding identity x-origin-time 2021-12-10 16:42:23 UTC x-served-by cache-hhn4062-HHN x-timer S1639398280.505042,VS0,VE0 etag "bfe843b4027df476bc8106331d253a72" vary Accept-Encoding, Fastly-SSL onion-location https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/main-3c7d1bf403a3e122d0a0.js content-type application/javascript cache-control public,max-age=31536000 x-nyt-app-webview 0 x-nyt-route vi-assets x-nyt-edge-cache HIT x-cache-hits 1519 date Mon, 13 Dec 2021 12:24:39 GMT x-api-version F-X x-cache HIT x-goog-storage-class MULTI_REGIONAL x-goog-metageneration 1 content-length 369143 last-modified Fri, 10 Dec 2021 15:46:23 GMT server UploadServer strict-transport-security max-age=63072000; preload x-goog-hash crc32c=TRBdFw==, md5=v+hDtAJ99Ha8gQYzHSU6cg== x-goog-generation 1639151183069552 expires Sat, 10 Dec 2022 16:42:23 GMT x-gdpr 1 x-goog-stored-content-length 1271666 accept-ranges bytes
GET H2	200	gtm.js Show response www.googletagmanager.com/	361 KB 96 KB	97ms 45ms	Script application/javascript	2a00:1450:4001:80e::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtm.js?id=GTM-P528B3&gtm_auth=tfAzqo1rYDLgYhmTnSjPqw&gtm_preview=env-130&gtm_cookies_win=x Requested by Host: www.nytimes.com URL: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 8a597a5a0374af5d5adb2c46a466221a0d5e7f656536b5aabcb8c3822370de31 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.nytimes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Mon, 13 Dec 2021 12:24:39 GMT content-encoding br vary * cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 97934 x-xss-protection 0 pragma no-cache server Google Tag Manager strict-transport-security max-age=31536000; includeSubDomains content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true access-control-allow-headers Cache-Control expires Fri, 01 Jan 1990 00:00:00 GMT
OPTIONS H2	200	v2 samizdat-graphql.nytimes.com/graphql/ Frame	0 0	131ms 52ms	Preflight	151.101.129.164 FASTLY
General Check archive.org Show headers Download Go to Full URL https://samizdat-graphql.nytimes.com/graphql/v2 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.129.164 , United States, ASN54113 (FASTLY, US), Reverse DNS Software samizdat-graphql-bb8f425 / Resource Hash Request headers Accept */* Access-Control-Request-Method POST Access-Control-Request-Headers content-type,nyt-app-type,nyt-app-version,nyt-token Origin https://www.nytimes.com User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Sec-Fetch-Mode cors Response headers cache-control max-age=30 access-control-allow-methods GET, POST access-control-max-age 300 x-datadog-trace-id 4b2e52b8fba91f48-24ef4b56af201a82-1 access-control-allow-headers content-type, nyt-app-type, nyt-app-version, nyt-token access-control-allow-origin https://www.nytimes.com server samizdat-graphql-bb8f425 x-b3-traceid 4b2e52b8fba91f48-24ef4b56af201a82-1 access-control-allow-credentials true via 1.1 google, 1.1 varnish accept-ranges bytes date Mon, 13 Dec 2021 12:24:39 GMT age 97 x-nyt-meridiem PM x-nyt-continent EU x-nyt-country DE x-nyt-region HE x-nyt-audience-target-flat EU:PM x-samizdat-query-exe-id 962e6f089c5a57bf samizdat-x-instance 025c1983 samizdat-x-canary false x-served-by cache-cdg20748-CDG x-cache HIT x-cache-hits 1 x-timer S1639398280.575441,VS0,VE1 vary Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers timing-allow-origin * content-length 0
POST H2	200	track a.et.nytimes.com/	0 0	206ms 137ms	Ping application/json	2a00:1450:4001:809::2013 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://a.et.nytimes.com/track Requested by Host: www.nytimes.com URL: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:809::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://www.nytimes.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers
POST H2	200	v2 Show response samizdat-graphql.nytimes.com/graphql/	148 B 817 B	76ms 74ms	XHR application/json	151.101.129.164 FASTLY
General Check archive.org Show headers Download Go to Full URL https://samizdat-graphql.nytimes.com/graphql/v2 Requested by Host: www.nytimes.com URL: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.129.164 , United States, ASN54113 (FASTLY, US), Reverse DNS Software samizdat-graphql-bb8f425 / Resource Hash 1a4921877a651d0873db28503f132aed42da17b71b686c676d5067d239b1e389 Request headers Referer https://www.nytimes.com/ nyt-app-version 0.0.5 nyt-token MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs+/oUCTBmD/cLdmcecrnBMHiU/pxQCn2DDyaPKUOXxi4p0uUSZQzsuq1pJ1m5z1i0YGPd1U1OeGHAChWtqoxC7bFMCXcwnE1oyui9G1uobgpm1GdhtwkR7ta7akVTcsF8zxiXx7DNXIPd2nIJFH83rmkZueKrC4JVaNzjvD+Z03piLn5bHWU6+w+rA+kyJtGgZNTXKyPh6EC6o5N+rknNMG5+CdTq35p8f99WjFawSvYgP9V64kgckbTbtdJ6YhVP58TnuYgr12urtwnIqWP9KSJ1e5vmgf3tunMqWNm6+AnsqNj8mCLdCuc5cEB74CwUeQcP2HQQmbCddBy2y0mEwIDAQAB Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 nyt-app-type project-vi Content-Type application/json Response headers x-samizdat-query-sup-code date Mon, 13 Dec 2021 12:24:39 GMT content-encoding gzip x-nyt-meridiem PM x-b3-traceid 6697dd4fc3e0580a-5e683e992f5069fd-1 age 57 x-cache HIT samizdat-x-instance 3f32df02 x-samizdat-query-field-errors 0 x-cache-hits 3 x-samizdat-query-exe-id 321b8d8faf6a91f0 content-length 123 samizdat-x-canary false x-nyt-continent EU server samizdat-graphql-bb8f425 x-timer S1639398280.626111,VS0,VE0 x-nyt-region HE x-served-by cache-hhn4062-HHN vary Accept-Encoding, Samizdat-X-Personalize, x-nyt-is-anonymous, Origin content-type application/json via 1.1 google, 1.1 varnish x-nyt-audience-target-flat EU:PM cache-control max-age=30 access-control-allow-credentials true x-nyt-country DE x-datadog-trace-id 6697dd4fc3e0580a-5e683e992f5069fd-1 accept-ranges bytes timing-allow-origin * access-control-allow-origin https://www.nytimes.com access-control-expose-headers x-nyt-audience-target-flat, x-nyt-continent, x-nyt-country, x-nyt-region, x-nyt-meridiem, x-nyt-gmt-offset
GET H2	200	swg.js Show response news.google.com/swg/js/v1/	139 KB 44 KB	143ms 44ms	Script text/javascript	2a00:1450:4001:809::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://news.google.com/swg/js/v1/swg.js Requested by Host: www.nytimes.com URL: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash a7baa007c35a2be99bbefd42c149d7bf7d6b38268c7873193d497a08404fe112 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.nytimes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Mon, 13 Dec 2021 11:49:27 GMT content-encoding gzip x-content-type-options nosniff age 2112 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/news-frontend cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 44196 x-xss-protection 0 last-modified Wed, 08 Dec 2021 19:29:32 GMT server sffe cross-origin-opener-policy same-origin; report-to="news-frontend" vary Accept-Encoding report-to {"group":"news-frontend","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/news-frontend"}]} content-type text/javascript cache-control public, max-age=3000 accept-ranges bytes expires Mon, 13 Dec 2021 12:39:27 GMT
GET H2	200	gpt.js Show response securepubads.g.doubleclick.net/tag/js/	78 KB 27 KB	103ms 52ms	Script text/javascript	142.250.185.66 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://securepubads.g.doubleclick.net/tag/js/gpt.js Requested by Host: www.nytimes.com URL: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.185.66 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s48-in-f2.1e100.net Software sffe / Resource Hash 1907478e8fa62801a1db26be87cab0755288131c9c8e80320582e560825df3cc Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.nytimes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Mon, 13 Dec 2021 12:24:39 GMT content-encoding gzip x-content-type-options nosniff server sffe etag "1069 / 685 of 1000 / last-modified: 1639397097" vary Accept-Encoding report-to {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]} content-type text/javascript cache-control private, max-age=900, stale-while-revalidate=3600 timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 26912 x-xss-protection 0 cross-origin-opener-policy-report-only same-origin; report-to="ads-gpt-scs" expires Mon, 13 Dec 2021 12:24:39 GMT
GET H2	200	als Show response als-svc.nytimes.com/	2 KB 3 KB	387ms 238ms	XHR application/json	35.244.188.62 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://als-svc.nytimes.com/als?uri=nyt%3A%2F%2Farticle%2F2177413b-f7a2-5ada-95b7-93755d88e643&typ=&prop=nyt&plat=web Requested by Host: www.nytimes.com URL: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.244.188.62 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS 62.188.244.35.bc.googleusercontent.com Software / Resource Hash d9896c32cb5e1b03864c653d5bb4933de0c771357f585251a2e18ed0558b06d1 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.nytimes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Mon, 13 Dec 2021 12:24:39 GMT via 1.1 google access-control-allow-headers DNT, X-CustomHeader, Keep-Alive, User-Agent, X-Requested-With, If-Modified-Since, Cache-Control, Content-Type, Cookie, Accept, x-requested-by, x-api-key, nyt-a access-control-allow-methods GET, OPTIONS content-type application/json; charset=utf-8 access-control-allow-origin https://www.nytimes.com cache-control private, no-store, no-cache, must-revalidate, max-age=0 access-control-allow-credentials true alt-svc clear
GET H2	200	.status a.et.nytimes.com//	0 0	199ms 145ms	Fetch application/json	2a00:1450:4001:809::2013 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://a.et.nytimes.com//.status Requested by Host: www.nytimes.com URL: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:809::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software / Resource Hash Request headers accept */* Referer https://www.nytimes.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 content-type text/plain;charset=UTF-8 Response headers
GET H2	200	icon-whatsapp-17x17-000-eb3ac0d36c11bd5a497046cb82515de2.svg www.nytimes.com/vi-assets/static-assets/	1 KB 1 KB	183ms 182ms	Image image/svg+xml	151.101.129.164 FASTLY
General Check archive.org Show headers Download Go to Show image Full URL https://www.nytimes.com/vi-assets/static-assets/icon-whatsapp-17x17-000-eb3ac0d36c11bd5a497046cb82515de2.svg Requested by Host: www.nytimes.com URL: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.129.164 , United States, ASN54113 (FASTLY, US), Reverse DNS Software UploadServer / Resource Hash 6980dd89438ca9eddd7b94b191e66619511bc01e3a03af49a8c331ccc5d56d54 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report; Strict-Transport-Security max-age=63072000; preload Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers content-security-policy upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report; content-encoding gzip age 1170099 x-guploader-uploadid ADPycdtlO1L3Js-D0EnjhSH8QvTkl-QdrXBWYd8Pc9QGEhd1qzvMkXhhRWfNsaM4iL44z5n52fwxjEQws9uAJysOx4OAoXXBnw x-goog-stored-content-encoding identity x-origin-time 2021-11-29 23:23:00 UTC x-served-by cache-hhn4062-HHN x-timer S1639398280.517002,VS0,VE1 etag "f5e6ba8f0613f5244e1e8ba2c4f8dd1a" vary Accept-Encoding, Fastly-SSL onion-location https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/icon-whatsapp-17x17-000-eb3ac0d36c11bd5a497046cb82515de2.svg content-type image/svg+xml cache-control public,max-age=31536000 x-nyt-app-webview 0 x-nyt-route vi-assets x-nyt-edge-cache HIT x-cache-hits 6525 date Mon, 13 Dec 2021 12:24:39 GMT x-api-version F-X x-cache HIT x-goog-storage-class MULTI_REGIONAL x-goog-metageneration 1 content-length 645 last-modified Mon, 29 Nov 2021 22:08:56 GMT server UploadServer strict-transport-security max-age=63072000; preload x-goog-hash crc32c=GTQy+Q==, md5=9ea6jwYT9SROHouixPjdGg== x-goog-generation 1638223736626123 expires Tue, 29 Nov 2022 23:23:00 GMT x-gdpr 1 x-goog-stored-content-length 1162 accept-ranges bytes
GET H2	200	franklin-normal-500.d6c06a3d84a57100edad5bf9b84ff739.woff2 g1.nyt.com/fonts/family/franklin/	19 KB 20 KB	104ms 40ms	Font application/octet-stream	151.101.65.164 FASTLY
General Check archive.org Show headers Download Go to Full URL https://g1.nyt.com/fonts/family/franklin/franklin-normal-500.d6c06a3d84a57100edad5bf9b84ff739.woff2 Requested by Host: g1.nyt.com URL: https://g1.nyt.com/fonts/css/web-fonts.b1c035e4560e0216caf8f03326e0430712b61041.css Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.65.164 , United States, ASN54113 (FASTLY, US), Reverse DNS Software UploadServer / Resource Hash 1c7536005d0e28de66f559cbd59e83e9c5c4301553668cbbb8cb0dfa753e33c6 Request headers Referer https://g1.nyt.com/fonts/css/web-fonts.b1c035e4560e0216caf8f03326e0430712b61041.css Origin https://www.nytimes.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers x-goog-hash crc32c=ImeYUg==, md5=1sBqPYSlcQDtrVv5uE/3OQ== date Mon, 13 Dec 2021 12:24:39 GMT via 1.1 varnish content-type application/octet-stream age 5834543 x-guploader-uploadid ADPycdv_daBJz1GMbDv51CbbcmgvIEki9m2Vbyc2RlpNHfjikXqOwydbx02JYNMon2CphKiQnbieVibYJ2n6-cIuvVY x-cache HIT x-goog-storage-class STANDARD x-goog-metageneration 1 x-goog-stored-content-encoding identity content-length 19836 x-served-by cache-hhn4072-HHN accept-ranges bytes expires Thu, 06 Oct 2022 23:42:16 GMT last-modified Wed, 15 Sep 2021 19:43:04 GMT server UploadServer x-timer S1639398280.582726,VS0,VE0 etag "d6c06a3d84a57100edad5bf9b84ff739" access-control-allow-methods GET, OPTIONS x-goog-generation 1631734984052902 access-control-allow-origin * access-control-expose-headers Content-Type cache-control public,max-age=31536000,immutable x-goog-stored-content-length 19836 x-nyt-pagetype web-font timing-allow-origin * x-cache-hits 9857
GET H2	200	franklin-normal-700.b44c88f09ca7ce914b836d4ae72891b8.woff2 g1.nyt.com/fonts/family/franklin/	20 KB 20 KB	163ms 99ms	Font application/octet-stream	151.101.65.164 FASTLY
General Check archive.org Show headers Download Go to Full URL https://g1.nyt.com/fonts/family/franklin/franklin-normal-700.b44c88f09ca7ce914b836d4ae72891b8.woff2 Requested by Host: g1.nyt.com URL: https://g1.nyt.com/fonts/css/web-fonts.b1c035e4560e0216caf8f03326e0430712b61041.css Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.65.164 , United States, ASN54113 (FASTLY, US), Reverse DNS Software UploadServer / Resource Hash 156f9b4a184dd0f31c929ce45c89e94a07148f97fc371cc7fde39ff04b706b57 Request headers Referer https://g1.nyt.com/fonts/css/web-fonts.b1c035e4560e0216caf8f03326e0430712b61041.css Origin https://www.nytimes.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers x-goog-hash crc32c=PQVxAw==, md5=tEyI8JynzpFLg21K5yiRuA== date Mon, 13 Dec 2021 12:24:39 GMT via 1.1 varnish content-type application/octet-stream age 1080319 x-guploader-uploadid ADPycdtX4MNbT6QPezVCT7YrY3yujYPe9pEU9CNfFp1wTobv5fHyXsHYBVGUJ_l1a3OVBc8t-akvK3w37GbgV4tKf-Y x-cache HIT x-goog-storage-class STANDARD x-goog-metageneration 1 x-goog-stored-content-encoding identity content-length 20312 x-served-by cache-hhn4072-HHN accept-ranges bytes expires Thu, 01 Dec 2022 00:19:20 GMT last-modified Wed, 15 Sep 2021 19:43:04 GMT server UploadServer x-timer S1639398280.582946,VS0,VE0 etag "b44c88f09ca7ce914b836d4ae72891b8" access-control-allow-methods GET, OPTIONS x-goog-generation 1631734984061911 access-control-allow-origin * access-control-expose-headers Content-Type cache-control public,max-age=31536000,immutable x-goog-stored-content-length 20312 x-nyt-pagetype web-font timing-allow-origin * x-cache-hits 9759
GET H2	200	cheltenham-normal-400.a3ed7afe3eaa0a873f3fbd379f8c491b.woff2 g1.nyt.com/fonts/family/cheltenham/	28 KB 29 KB	241ms 177ms	Font application/octet-stream	151.101.65.164 FASTLY
General Check archive.org Show headers Download Go to Full URL https://g1.nyt.com/fonts/family/cheltenham/cheltenham-normal-400.a3ed7afe3eaa0a873f3fbd379f8c491b.woff2 Requested by Host: g1.nyt.com URL: https://g1.nyt.com/fonts/css/web-fonts.b1c035e4560e0216caf8f03326e0430712b61041.css Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.65.164 , United States, ASN54113 (FASTLY, US), Reverse DNS Software UploadServer / Resource Hash 48c17df8a89e5c3acb4127a265cce50218716f0dfdf7ad265267d4a013f01b2f Request headers Referer https://g1.nyt.com/fonts/css/web-fonts.b1c035e4560e0216caf8f03326e0430712b61041.css Origin https://www.nytimes.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers x-goog-hash crc32c=qrdFGQ==, md5=o+16/j6qCoc/P703n4xJGw== date Mon, 13 Dec 2021 12:24:39 GMT via 1.1 varnish content-type application/octet-stream age 2806217 x-guploader-uploadid ADPycdsbmB0iGXrnj0YJIZxZlMCd46_nNAOz3Po7oc1jbUFbh_TztelAet_j9dEfjgeGE8bMBAavINFKWZRKFcfT-wI x-cache HIT x-goog-storage-class STANDARD x-goog-metageneration 1 x-goog-stored-content-encoding identity content-length 29076 x-served-by cache-hhn4072-HHN accept-ranges bytes expires Fri, 11 Nov 2022 00:54:21 GMT last-modified Wed, 15 Sep 2021 19:43:02 GMT server UploadServer x-timer S1639398280.583339,VS0,VE0 etag "a3ed7afe3eaa0a873f3fbd379f8c491b" access-control-allow-methods GET, OPTIONS x-goog-generation 1631734982705223 access-control-allow-origin * access-control-expose-headers Content-Type cache-control public,max-age=31536000,immutable x-goog-stored-content-length 29076 x-nyt-pagetype web-font timing-allow-origin * x-cache-hits 6431
GET H2	200	cheltenham-small-normal-400.108ce298d451197b23fefceb3e36959f.woff2 g1.nyt.com/fonts/family/cheltenham-small/	20 KB 20 KB	163ms 99ms	Font application/octet-stream	151.101.65.164 FASTLY
General Check archive.org Show headers Download Go to Full URL https://g1.nyt.com/fonts/family/cheltenham-small/cheltenham-small-normal-400.108ce298d451197b23fefceb3e36959f.woff2 Requested by Host: g1.nyt.com URL: https://g1.nyt.com/fonts/css/web-fonts.b1c035e4560e0216caf8f03326e0430712b61041.css Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.65.164 , United States, ASN54113 (FASTLY, US), Reverse DNS Software UploadServer / Resource Hash 7e600a56d48ef1c596bf57dab35afecd2d31a8d2672b045efdde1fec1a0f0f07 Request headers Referer https://g1.nyt.com/fonts/css/web-fonts.b1c035e4560e0216caf8f03326e0430712b61041.css Origin https://www.nytimes.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers x-goog-hash crc32c=jpfQKQ==, md5=EIzimNRRGXsj/vzrPjaVnw== date Mon, 13 Dec 2021 12:24:39 GMT via 1.1 varnish content-type application/octet-stream age 2204102 x-guploader-uploadid ADPycduOrhjba74-CeRc3F9k_9vFN2QMWqkEBhI_NbkUXB0LpkmOIsecIGAI0nwwt8znlr9CmC9Sum3OzIxqJbC3VsM x-cache HIT x-goog-storage-class STANDARD x-goog-metageneration 1 x-goog-stored-content-encoding identity content-length 20136 x-served-by cache-hhn4072-HHN accept-ranges bytes expires Fri, 18 Nov 2022 00:09:37 GMT last-modified Wed, 15 Sep 2021 19:43:03 GMT server UploadServer x-timer S1639398280.582900,VS0,VE0 etag "108ce298d451197b23fefceb3e36959f" access-control-allow-methods GET, OPTIONS x-goog-generation 1631734983132414 access-control-allow-origin * access-control-expose-headers Content-Type cache-control public,max-age=31536000,immutable x-goog-stored-content-length 20136 x-nyt-pagetype web-font timing-allow-origin * x-cache-hits 5420
GET H2	200	franklin-normal-300.bc7be4c5d8cacb780f896c5cbe0c0d7f.woff2 g1.nyt.com/fonts/family/franklin/	20 KB 20 KB	162ms 98ms	Font application/octet-stream	151.101.65.164 FASTLY
General Check archive.org Show headers Download Go to Full URL https://g1.nyt.com/fonts/family/franklin/franklin-normal-300.bc7be4c5d8cacb780f896c5cbe0c0d7f.woff2 Requested by Host: g1.nyt.com URL: https://g1.nyt.com/fonts/css/web-fonts.b1c035e4560e0216caf8f03326e0430712b61041.css Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.65.164 , United States, ASN54113 (FASTLY, US), Reverse DNS Software UploadServer / Resource Hash 254043432874ecaf0cf3d6d69907109b373057290d615453060544935d1cb8b9 Request headers Referer https://g1.nyt.com/fonts/css/web-fonts.b1c035e4560e0216caf8f03326e0430712b61041.css Origin https://www.nytimes.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers x-goog-hash crc32c=XjpPGQ==, md5=vHvkxdjKy3gPiWxcvgwNfw== date Mon, 13 Dec 2021 12:24:39 GMT via 1.1 varnish content-type application/octet-stream age 555637 x-guploader-uploadid ADPycdvguO2mx3sOr0sEItkbTCS6VYw5607ol5Cdjn4Ba5uNSxr3mAy1HlNnzDldObwTCkxXLsY9QZhRtA4fAdDDKUi9LXjaRw x-cache HIT x-goog-storage-class STANDARD x-goog-metageneration 1 x-goog-stored-content-encoding identity content-length 20172 x-served-by cache-hhn4072-HHN accept-ranges bytes expires Wed, 07 Dec 2022 02:04:02 GMT last-modified Wed, 15 Sep 2021 19:43:04 GMT server UploadServer x-timer S1639398280.583001,VS0,VE0 etag "bc7be4c5d8cacb780f896c5cbe0c0d7f" access-control-allow-methods GET, OPTIONS x-goog-generation 1631734983906454 access-control-allow-origin * access-control-expose-headers Content-Type cache-control public,max-age=31536000,immutable x-goog-stored-content-length 20172 x-nyt-pagetype web-font timing-allow-origin * x-cache-hits 8395
GET H2	200	cheltenham-italic-700.f99a0459024509f157a3352e5de4f873.woff2 g1.nyt.com/fonts/family/cheltenham/	28 KB 29 KB	160ms 97ms	Font application/octet-stream	151.101.65.164 FASTLY
General Check archive.org Show headers Download Go to Full URL https://g1.nyt.com/fonts/family/cheltenham/cheltenham-italic-700.f99a0459024509f157a3352e5de4f873.woff2 Requested by Host: g1.nyt.com URL: https://g1.nyt.com/fonts/css/web-fonts.b1c035e4560e0216caf8f03326e0430712b61041.css Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.65.164 , United States, ASN54113 (FASTLY, US), Reverse DNS Software UploadServer / Resource Hash 2ccd0ce11738369585c6f39ed2cde7b3b3b1c25c12fc30047218aa201d6add76 Request headers Referer https://g1.nyt.com/fonts/css/web-fonts.b1c035e4560e0216caf8f03326e0430712b61041.css Origin https://www.nytimes.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers x-goog-hash crc32c=4NwmFQ==, md5=+ZoEWQJFCfFXozUuXeT4cw== date Mon, 13 Dec 2021 12:24:39 GMT via 1.1 varnish content-type application/octet-stream age 2204121 x-guploader-uploadid ADPycduIAYo83mhM8t6_oelrSd3hudE-s6pHbvE2CefgZV4ceeWFAVdUImSxXVET8ZL9YtfGVlHReDPdAjBqto4bxLM x-cache HIT x-goog-storage-class STANDARD x-goog-metageneration 1 x-goog-stored-content-encoding identity content-length 28620 x-served-by cache-hhn4072-HHN accept-ranges bytes expires Fri, 18 Nov 2022 00:09:17 GMT last-modified Wed, 15 Sep 2021 19:43:02 GMT server UploadServer x-timer S1639398280.583295,VS0,VE0 etag "f99a0459024509f157a3352e5de4f873" access-control-allow-methods GET, OPTIONS x-goog-generation 1631734982696426 access-control-allow-origin * access-control-expose-headers Content-Type cache-control public,max-age=31536000,immutable x-goog-stored-content-length 28620 x-nyt-pagetype web-font timing-allow-origin * x-cache-hits 4018
GET H2	200	cheltenham-normal-300.7ea91ebd036309e1fe756ee3aab272da.woff2 g1.nyt.com/fonts/family/cheltenham/	27 KB 27 KB	103ms 39ms	Font application/octet-stream	151.101.65.164 FASTLY
General Check archive.org Show headers Download Go to Full URL https://g1.nyt.com/fonts/family/cheltenham/cheltenham-normal-300.7ea91ebd036309e1fe756ee3aab272da.woff2 Requested by Host: g1.nyt.com URL: https://g1.nyt.com/fonts/css/web-fonts.b1c035e4560e0216caf8f03326e0430712b61041.css Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.65.164 , United States, ASN54113 (FASTLY, US), Reverse DNS Software UploadServer / Resource Hash e444fdaa833e612d239cf21a335b8322ad8cb7c7ba697ec978bdb454f5059519 Request headers Referer https://g1.nyt.com/fonts/css/web-fonts.b1c035e4560e0216caf8f03326e0430712b61041.css Origin https://www.nytimes.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers x-goog-hash crc32c=rNQ9pA==, md5=fqkevQNjCeH+dW7jqrJy2g== date Mon, 13 Dec 2021 12:24:39 GMT via 1.1 varnish content-type application/octet-stream age 1687496 x-guploader-uploadid ADPycdtKHSXecei8L0qjYtsbwQPyxWYVl1efquEk_SRtqwZpe84w0b8STr-Wc92hRndkLHzCXERGejF3fMe2re-xSLVQL7HtjA x-cache HIT x-goog-storage-class STANDARD x-goog-metageneration 1 x-goog-stored-content-encoding identity content-length 27260 x-served-by cache-hhn4072-HHN accept-ranges bytes expires Wed, 23 Nov 2022 23:39:43 GMT last-modified Wed, 15 Sep 2021 19:43:02 GMT server UploadServer x-timer S1639398280.582818,VS0,VE0 etag "7ea91ebd036309e1fe756ee3aab272da" access-control-allow-methods GET, OPTIONS x-goog-generation 1631734982738365 access-control-allow-origin * access-control-expose-headers Content-Type cache-control public,max-age=31536000,immutable x-goog-stored-content-length 27260 x-nyt-pagetype web-font timing-allow-origin * x-cache-hits 6317
GET H2	200	imperial-normal-400.6131cd77b6e216c7693ed925f4309ffc.woff2 g1.nyt.com/fonts/family/imperial/	26 KB 26 KB	160ms 97ms	Font application/octet-stream	151.101.65.164 FASTLY
General Check archive.org Show headers Download Go to Full URL https://g1.nyt.com/fonts/family/imperial/imperial-normal-400.6131cd77b6e216c7693ed925f4309ffc.woff2 Requested by Host: g1.nyt.com URL: https://g1.nyt.com/fonts/css/web-fonts.b1c035e4560e0216caf8f03326e0430712b61041.css Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.65.164 , United States, ASN54113 (FASTLY, US), Reverse DNS Software UploadServer / Resource Hash b32e3879c83af441e675efa49587cb894bdd3c10420475f79879fbfb7a69766b Request headers Referer https://g1.nyt.com/fonts/css/web-fonts.b1c035e4560e0216caf8f03326e0430712b61041.css Origin https://www.nytimes.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers x-goog-hash crc32c=ZzOuxA==, md5=YTHNd7biFsdpPtkl9DCf/A== date Mon, 13 Dec 2021 12:24:39 GMT via 1.1 varnish content-type application/octet-stream age 3401219 x-guploader-uploadid ADPycdsPgT4lcseauEpJLQy0Zsg30Moickqr1VqZgSIgCB1QoXGXeqKooxxgUjtaoY-NEecarL-ob9XvEbblsldRDB3zOZzgsw x-cache HIT x-goog-storage-class STANDARD x-goog-metageneration 1 x-goog-stored-content-encoding identity content-length 26504 x-served-by cache-hhn4072-HHN accept-ranges bytes expires Fri, 04 Nov 2022 03:37:39 GMT last-modified Wed, 15 Sep 2021 19:43:04 GMT server UploadServer x-timer S1639398280.583200,VS0,VE0 etag "6131cd77b6e216c7693ed925f4309ffc" access-control-allow-methods GET, OPTIONS x-goog-generation 1631734984460387 access-control-allow-origin * access-control-expose-headers Content-Type cache-control public,max-age=31536000,immutable x-goog-stored-content-length 26504 x-nyt-pagetype web-font timing-allow-origin * x-cache-hits 9424
GET H2	200	ATH8A-MAMN8-XPXCH-N5KAX-8D239 Show response s.go-mpulse.net/boomerang/	205 KB 49 KB	179ms 28ms	Script application/javascript	2a02:26f0:6c00:2b9::11a6 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://s.go-mpulse.net/boomerang/ATH8A-MAMN8-XPXCH-N5KAX-8D239 Requested by Host: www.nytimes.com URL: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 2a02:26f0:6c00:2b9::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash 09ebd7f407439990aac227e70da23e1a819e8e30282928e324370805f480bec4 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.nytimes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Mon, 13 Dec 2021 12:24:39 GMT content-encoding br last-modified Thu, 07 Oct 2021 14:21:31 GMT vary Accept-Encoding content-type application/javascript; charset=utf-8 cache-control max-age=604800 timing-allow-origin * content-length 50393
GET H2	200	prefetch-assets Show response myaccount.nytimes.com/auth/ Frame 04D8	393 B 713 B	95ms 47ms	Document text/html	151.101.129.164 FASTLY
General Check archive.org Show headers Download Go to Full URL https://myaccount.nytimes.com/auth/prefetch-assets Requested by Host: www.nytimes.com URL: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.129.164 , United States, ASN54113 (FASTLY, US), Reverse DNS Software Google Frontend / Express Resource Hash 188ddfbd61938b815f68a545789428142a6b63b35caa7f3f754213cd599d7de1 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://www.nytimes.com/ Response headers content-type text/html; charset=utf-8 x-powered-by Express x-datadog-trace-id 3380471259569303728 x-datadog-parent-id 3380471259569303728 x-datadog-sampled 0 x-datadog-sampling-priority -1 strict-transport-security max-age=31536000; includeSubDomains x-content-type-options nosniff x-nyt-backend lire-ui etag W/"189-5NYSN6B/DQVUu/9CyoJKhPjcQlE" content-encoding gzip x-cloud-trace-context 169f8fe36335f5cd70eeec5dea2a27e0 server Google Frontend cache-control public, max-age=600 x-datadome-timer (null),VE117 accept-ranges bytes date Mon, 13 Dec 2021 12:24:39 GMT via 1.1 varnish age 576 x-served-by cache-hhn4062-HHN x-cache HIT x-cache-hits 11 vary Accept-Encoding x-api-version F-X content-length 277
GET H2	200	pubads_impl_2021120601.js Show response securepubads.g.doubleclick.net/gpt/	348 KB 117 KB	43ms 42ms	Script text/javascript	142.250.185.66 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.185.66 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s48-in-f2.1e100.net Software sffe / Resource Hash 2d5ae5a515a688823dc98d032242c2ed6f490a74c4281bdd599567898f9fa675 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.nytimes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Mon, 13 Dec 2021 12:24:39 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 119476 x-xss-protection 0 last-modified Mon, 06 Dec 2021 09:34:20 GMT server sffe vary Accept-Encoding report-to {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]} content-type text/javascript cache-control private, immutable, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="ads-gpt-scs" expires Mon, 13 Dec 2021 12:24:39 GMT
GET H3	200	ppub_config Show response securepubads.g.doubleclick.net/pagead/	1 KB 373 B	75ms 34ms	XHR application/json	142.250.185.66 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.nytimes.com Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.185.66 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s48-in-f2.1e100.net Software cafe / Resource Hash f363bbbb9c92fc7de3f692ce3df694dfd78a71573bdf63cda6448b92e4934fa9 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.nytimes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Mon, 13 Dec 2021 12:24:39 GMT content-encoding gzip x-content-type-options nosniff p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 346 x-xss-protection 0 server cafe report-to {"group":"gfe-default_product_name","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/default_product_name"}]} content-type application/json; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=3600, stale-while-revalidate=3600 timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="gfe-default_product_name" expires Mon, 13 Dec 2021 12:24:39 GMT
GET H2	200	vendors~answerpage~audio~bestsellers~byline~capsule~collections~explainer~home~hubpage~liveblog~mark~58f33aa8-9ae59f4271c74bf6f99d.js Show response www.nytimes.com/vi-assets/static-assets/	42 KB 15 KB	15ms 15ms	Script application/javascript	151.101.129.164 FASTLY
General Check archive.org Show headers Download Go to Full URL https://www.nytimes.com/vi-assets/static-assets/vendors~answerpage~audio~bestsellers~byline~capsule~collections~explainer~home~hubpage~liveblog~mark~58f33aa8-9ae59f4271c74bf6f99d.js Requested by Host: www.nytimes.com URL: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.129.164 , United States, ASN54113 (FASTLY, US), Reverse DNS Software UploadServer / Resource Hash a8a2179c51efda9e02ef253bcefea84a74a813c62ca60165d91bd707474a7eb7 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report; Strict-Transport-Security max-age=63072000; preload Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers content-security-policy upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report; content-encoding gzip age 510465 x-guploader-uploadid ADPycdtOb70eOXy08OXITAgH6KwL88hwsF-VkCXAks-8W-YHqyf8LGqGC1_N5MHieXrzP05VZMpTP5bqIJfYQbukInUaK0Jy2g x-goog-stored-content-encoding identity x-origin-time 2021-12-07 14:36:54 UTC x-served-by cache-hhn4062-HHN x-timer S1639398280.823938,VS0,VE1 etag "78a99925b9e9cc9403df297dfb5b706f" vary Accept-Encoding, Fastly-SSL onion-location https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/vendors~answerpage~audio~bestsellers~byline~capsule~collections~explainer~home~hubpage~liveblog~mark~58f33aa8-9ae59f4271c74bf6f99d.js content-type application/javascript cache-control public,max-age=31536000 x-nyt-app-webview 0 x-nyt-route vi-assets x-nyt-edge-cache HIT x-cache-hits 13650 date Mon, 13 Dec 2021 12:24:39 GMT x-api-version F-X x-cache HIT x-goog-storage-class MULTI_REGIONAL x-goog-metageneration 1 content-length 13719 last-modified Tue, 07 Dec 2021 14:29:44 GMT server UploadServer strict-transport-security max-age=63072000; preload x-goog-hash crc32c=DlSlzA==, md5=eKmZJbnpzJQD3yl9+1twbw== x-goog-generation 1638887384214800 expires Wed, 07 Dec 2022 14:36:53 GMT x-gdpr 1 x-goog-stored-content-length 43465 accept-ranges bytes
GET H2	200	vendors~audio~byline~capsule~clientSideCapsule~collections~explainer~liveblog~paidpost~programmables~9b4c8899-9ef218bd61e5e13a2ad6.js Show response www.nytimes.com/vi-assets/static-assets/	67 KB 14 KB	13ms 13ms	Script application/javascript	151.101.129.164 FASTLY
General Check archive.org Show headers Download Go to Full URL https://www.nytimes.com/vi-assets/static-assets/vendors~audio~byline~capsule~clientSideCapsule~collections~explainer~liveblog~paidpost~programmables~9b4c8899-9ef218bd61e5e13a2ad6.js Requested by Host: www.nytimes.com URL: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.129.164 , United States, ASN54113 (FASTLY, US), Reverse DNS Software UploadServer / Resource Hash ce9e7c3b2f350d3cbf09d888f5d9c2d9f9265511f9cb22741fc2c305c1f23d28 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report; Strict-Transport-Security max-age=63072000; preload Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers content-security-policy upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report; content-encoding gzip age 1170200 x-guploader-uploadid ADPycdvGUOLoNRAP7mNI0N4C4_3cvb0OAxpF07viGvCsdSVYg6nmHjL3qiq145N4YbMn1F1oQzBUGDdS9UBBm0toaw9FCF7rHQ x-goog-stored-content-encoding identity x-origin-time 2021-11-29 23:21:19 UTC x-served-by cache-hhn4062-HHN x-timer S1639398280.824072,VS0,VE1 etag "1f07e564ed71fd10d1ee5152fbbf331f" vary Accept-Encoding, Fastly-SSL onion-location https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/vendors~audio~byline~capsule~clientSideCapsule~collections~explainer~liveblog~paidpost~programmables~9b4c8899-9ef218bd61e5e13a2ad6.js content-type application/javascript cache-control public,max-age=31536000 x-nyt-app-webview 0 x-nyt-route vi-assets x-nyt-edge-cache HIT x-cache-hits 11478 date Mon, 13 Dec 2021 12:24:39 GMT x-api-version F-X x-cache HIT x-goog-storage-class MULTI_REGIONAL x-goog-metageneration 1 content-length 13209 last-modified Mon, 29 Nov 2021 22:08:57 GMT server UploadServer strict-transport-security max-age=63072000; preload x-goog-hash crc32c=YDeaTg==, md5=HwflZO1x/RDR7lFS+78zHw== x-goog-generation 1638223737447772 expires Tue, 29 Nov 2022 23:21:19 GMT x-gdpr 1 x-goog-stored-content-length 68207 accept-ranges bytes
GET H2	200	vendors~audio~capsule~clientSideCapsule~collections~explainer~home~liveblog~paidpost~story~trending~video-30fd3b05a7be1f8caaf9.js Show response www.nytimes.com/vi-assets/static-assets/	21 KB 5 KB	14ms 14ms	Script application/javascript	151.101.129.164 FASTLY
General Check archive.org Show headers Download Go to Full URL https://www.nytimes.com/vi-assets/static-assets/vendors~audio~capsule~clientSideCapsule~collections~explainer~home~liveblog~paidpost~story~trending~video-30fd3b05a7be1f8caaf9.js Requested by Host: www.nytimes.com URL: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.129.164 , United States, ASN54113 (FASTLY, US), Reverse DNS Software UploadServer / Resource Hash 2cf2c5d7d5cdbee916b1b7fb89d3b1c8cdeb6e4a7ef38b5e8587a212680a0b54 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report; Strict-Transport-Security max-age=63072000; preload Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers content-security-policy upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report; content-encoding gzip age 2204280 x-guploader-uploadid ADPycdtLsVg8q2F3l3m6X_344P2ssuZP-QBgTZwNolyEsxIibrug2VIclSPjz3VjmZLk9NxguekHM7YuUV9dMdaTelpA4e1hNw x-goog-stored-content-encoding identity x-origin-time 2021-11-18 00:06:39 UTC x-served-by cache-hhn4062-HHN x-timer S1639398280.824164,VS0,VE1 etag "7de0b37ad545cc1901fce2f3d9cf792f" vary Accept-Encoding, Fastly-SSL onion-location https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/vendors~audio~capsule~clientSideCapsule~collections~explainer~home~liveblog~paidpost~story~trending~video-30fd3b05a7be1f8caaf9.js content-type application/javascript cache-control public,max-age=31536000 x-nyt-app-webview 0 x-nyt-route vi-assets x-nyt-edge-cache HIT x-cache-hits 12055 date Mon, 13 Dec 2021 12:24:39 GMT x-api-version F-X x-cache HIT x-goog-storage-class MULTI_REGIONAL x-goog-metageneration 1 content-length 5010 last-modified Wed, 17 Nov 2021 23:38:19 GMT server UploadServer strict-transport-security max-age=63072000; preload x-goog-hash crc32c=rnW+5g==, md5=feCzetVFzBkB/OLz2c95Lw== x-goog-generation 1637192299676365 expires Fri, 18 Nov 2022 00:06:39 GMT x-gdpr 1 x-goog-stored-content-length 21996 accept-ranges bytes
GET H3	200	swg-button.css news.google.com/swg/js/v1/	21 KB 6 KB	25ms 8ms	Stylesheet text/css	2a00:1450:4001:809::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://news.google.com/swg/js/v1/swg-button.css Requested by Host: news.google.com URL: https://news.google.com/swg/js/v1/swg.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 128921b242c2b1953c2a1691cfd681f716ecbe620ec1a2424a644b9487c23760 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.nytimes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Mon, 13 Dec 2021 11:42:46 GMT content-encoding gzip x-content-type-options nosniff age 2513 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/news-frontend cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 6439 x-xss-protection 0 last-modified Wed, 03 Nov 2021 17:26:21 GMT server sffe cross-origin-opener-policy same-origin; report-to="news-frontend" vary Accept-Encoding report-to {"group":"news-frontend","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/news-frontend"}]} content-type text/css cache-control public, max-age=3000 accept-ranges bytes expires Mon, 13 Dec 2021 12:32:46 GMT
GET H3	200	serviceiframe Show response news.google.com/swg/_/ui/v1/ Frame CAE5	23 KB 7 KB	76ms 76ms	Document text/html	2a00:1450:4001:809::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://news.google.com/swg/_/ui/v1/serviceiframe?_=455388 Requested by Host: news.google.com URL: https://news.google.com/swg/js/v1/swg.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 0e6273977d504bd5bfa911128e95355c758a32bef01e6f28dae3e793b49a72cb Security Headers Name Value Content-Security-Policy script-src 'report-sample' 'nonce-udl2GqNfvWCucR9Dbacw/w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/SubscribewithgoogleClientUi/cspreport;worker-src 'self' script-src 'nonce-udl2GqNfvWCucR9Dbacw/w' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com;report-uri /_/SubscribewithgoogleClientUi/cspreport require-trusted-types-for 'script';report-uri /_/SubscribewithgoogleClientUi/cspreport Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://www.nytimes.com/ Response headers content-type text/html; charset=utf-8 vary Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site x-ua-compatible IE=edge cache-control no-cache, no-store, max-age=0, must-revalidate pragma no-cache expires Mon, 01 Jan 1990 00:00:00 GMT date Mon, 13 Dec 2021 12:24:39 GMT p3p CP="This is not a P3P policy! See g.co/p3phelp for more info." strict-transport-security max-age=31536000 cross-origin-resource-policy same-site content-security-policy script-src 'report-sample' 'nonce-udl2GqNfvWCucR9Dbacw/w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/SubscribewithgoogleClientUi/cspreport;worker-src 'self' script-src 'nonce-udl2GqNfvWCucR9Dbacw/w' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com;report-uri /_/SubscribewithgoogleClientUi/cspreport require-trusted-types-for 'script';report-uri /_/SubscribewithgoogleClientUi/cspreport content-encoding gzip server ESF x-xss-protection 0 x-content-type-options nosniff alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H3	200	loader.svg news.google.com/swg/js/v1/	0 1 KB	9ms 9ms	Other image/svg+xml	2a00:1450:4001:809::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://news.google.com/swg/js/v1/loader.svg Requested by Host: news.google.com URL: https://news.google.com/swg/js/v1/swg.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.nytimes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Mon, 13 Dec 2021 11:43:06 GMT content-encoding gzip x-content-type-options nosniff age 2493 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/news-frontend cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 1049 x-xss-protection 0 last-modified Mon, 16 Mar 2020 18:14:05 GMT server sffe cross-origin-opener-policy same-origin; report-to="news-frontend" vary Accept-Encoding report-to {"group":"news-frontend","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/news-frontend"}]} content-type image/svg+xml cache-control public, max-age=3000 accept-ranges bytes expires Mon, 13 Dec 2021 12:33:06 GMT
GET H3	200	entitlements Show response news.google.com/swg/_/api/v1/publication/nytimes.com/	2 B 58 B	119ms 117ms	Fetch application/json	2a00:1450:4001:809::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://news.google.com/swg/_/api/v1/publication/nytimes.com/entitlements Requested by Host: news.google.com URL: https://news.google.com/swg/js/v1/swg.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a Security Headers Name Value Content-Security-Policy require-trusted-types-for 'script';report-uri /_/SubscribewithgoogleClientHttp/cspreport Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Accept text/plain, application/json Referer https://www.nytimes.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Mon, 13 Dec 2021 12:24:40 GMT content-encoding gzip x-content-type-options nosniff p3p CP="This is not a P3P policy! See g.co/p3phelp for more info." cross-origin-resource-policy cross-origin content-disposition attachment; filename="json.txt"; filename*=UTF-8''json.txt strict-transport-security max-age=31536000 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" x-xss-protection 0 pragma no-cache server ESF cross-origin-opener-policy same-origin x-frame-options SAMEORIGIN access-control-allow-methods GET, POST content-type application/json; charset=utf-8 access-control-allow-origin https://www.nytimes.com cache-control no-cache, no-store, max-age=0, must-revalidate access-control-allow-credentials true content-security-policy require-trusted-types-for 'script';report-uri /_/SubscribewithgoogleClientHttp/cspreport expires Mon, 01 Jan 1990 00:00:00 GMT
GET H2	200	index.js Show response myaccount.nytimes.com/lire_ui/js/common/abra/ Frame 04D8	2 KB 1 KB	21ms 17ms	Script application/javascript	151.101.129.164 FASTLY
General Check archive.org Show headers Download Go to Full URL https://myaccount.nytimes.com/lire_ui/js/common/abra/index.js Requested by Host: myaccount.nytimes.com URL: https://myaccount.nytimes.com/auth/prefetch-assets Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.129.164 , United States, ASN54113 (FASTLY, US), Reverse DNS Software Google Frontend / Resource Hash 182331bf2d6618498776e7ea1d47fea5bc968c4ebcc0de38e1b2129f610b28e6 Request headers Accept-Language de-DE,de;q=0.9 Referer https://myaccount.nytimes.com/auth/prefetch-assets User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Mon, 13 Dec 2021 12:24:39 GMT content-encoding gzip x-api-version F-X age 424 x-cache HIT x-cache-hits 6 content-length 1252 x-served-by cache-hhn4062-HHN server Google Frontend etag "5C5aiA" content-type application/javascript via 1.1 varnish x-cloud-trace-context 025873280fe7118c58fb8e3d6be6cb45 cache-control public, max-age=600 x-datadome-timer (null),VE113 accept-ranges bytes x-nyt-backend lire-ui expires Sun, 12 Dec 2021 17:12:36 GMT
GET H2	200	unified-lire.bundle.js Show response myaccount.nytimes.com/lire_ui/js/ Frame 04D8	393 KB 133 KB	21ms 18ms	Script application/javascript	151.101.129.164 FASTLY
General Check archive.org Show headers Download Go to Full URL https://myaccount.nytimes.com/lire_ui/js/unified-lire.bundle.js?v=556dcb9 Requested by Host: myaccount.nytimes.com URL: https://myaccount.nytimes.com/auth/prefetch-assets Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.129.164 , United States, ASN54113 (FASTLY, US), Reverse DNS Software Google Frontend / Resource Hash f22a0b77826e19285bf8c13746bc95b4004cea07758517f93670038aaf297e68 Request headers Accept-Language de-DE,de;q=0.9 Referer https://myaccount.nytimes.com/auth/prefetch-assets User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Mon, 13 Dec 2021 12:24:39 GMT content-encoding gzip x-api-version F-X age 328 x-cache HIT x-cache-hits 6 content-length 136420 x-served-by cache-hhn4062-HHN server Google Frontend etag "5C5aiA" content-type application/javascript via 1.1 varnish x-cloud-trace-context 5cf8bd30a49916bbcc5352d4e1b3ff27;o=1 cache-control public, max-age=600 x-datadome-timer (null),VE216 accept-ranges bytes x-nyt-backend lire-ui expires Thu, 18 Nov 2021 00:28:01 GMT
POST H2	200	track a.et.nytimes.com/	0 0	116ms 110ms	Ping application/json	2a00:1450:4001:809::2013 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://a.et.nytimes.com/track Requested by Host: www.nytimes.com URL: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:809::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://www.nytimes.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers
POST H2	200	track a.et.nytimes.com/	0 0	100ms 99ms	Ping application/json	2a00:1450:4001:809::2013 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://a.et.nytimes.com/track Requested by Host: www.nytimes.com URL: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:809::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://www.nytimes.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers
GET H2	200	tags.js Show response dd.nytimes.com/	223 KB 41 KB	82ms 14ms	Script text/javascript	143.204.209.20 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://dd.nytimes.com/tags.js Requested by Host: t.co URL: https://t.co/PJ4yzIBJiy Protocol H2 Security TLS 1.3, , AES_128_GCM Server 143.204.209.20 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-143-204-209-20.fra53.r.cloudfront.net Software Apache / Resource Hash f2b4a00964fa4dd1a82d88defe013cd4001df72f037764ac619af0945e2e322e Security Headers Name Value Strict-Transport-Security max-age=15768000 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.nytimes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers strict-transport-security max-age=15768000 content-encoding gzip etag "37b7b-5d2a557c6fb17-gzip" age 3005 x-cache Hit from cloudfront content-length 41269 access-control-allow-origin * last-modified Wed, 08 Dec 2021 16:54:27 GMT server Apache date Mon, 13 Dec 2021 11:34:43 GMT vary Accept-Encoding content-type text/javascript via 1.1 960a66a5b9d832814160983d391e997c.cloudfront.net (CloudFront) cache-control max-age=3600, public x-amz-cf-pop FRA53-C1 accept-ranges bytes x-amz-cf-id txgeDgMxcOFJD-HJ6-sQdLT8FBLz9b0rVAeVYHwrOMzCYQSzf5XThQ== expires Mon, 13 Dec 2021 12:34:35 GMT
POST H3	204	cspreport news.google.com/_/SubscribewithgoogleClientUi/ Frame CAE5	0 22 B	60ms 60ms	Other text/html	2a00:1450:4001:809::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://news.google.com/_/SubscribewithgoogleClientUi/cspreport Requested by Host: t.co URL: https://t.co/PJ4yzIBJiy Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Content-Security-Policy require-trusted-types-for 'script';report-uri /_/SubscribewithgoogleClientUi/cspreport, script-src 'report-sample' 'nonce-axcvy8+MQNcFKp0VF2AUgA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/SubscribewithgoogleClientUi/cspreport;worker-src 'self', script-src 'nonce-axcvy8+MQNcFKp0VF2AUgA' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com;report-uri /_/SubscribewithgoogleClientUi/cspreport Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Referer https://news.google.com/swg/_/ui/v1/serviceiframe?_=455388 Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Content-Type application/csp-report Response headers pragma no-cache date Mon, 13 Dec 2021 12:24:40 GMT x-content-type-options nosniff server ESF x-frame-options SAMEORIGIN content-type text/html; charset=utf-8 cache-control no-cache, no-store, max-age=0, must-revalidate cross-origin-resource-policy cross-origin content-security-policy require-trusted-types-for 'script';report-uri /_/SubscribewithgoogleClientUi/cspreport, script-src 'report-sample' 'nonce-axcvy8+MQNcFKp0VF2AUgA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/SubscribewithgoogleClientUi/cspreport;worker-src 'self', script-src 'nonce-axcvy8+MQNcFKp0VF2AUgA' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com;report-uri /_/SubscribewithgoogleClientUi/cspreport strict-transport-security max-age=31536000 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 x-xss-protection 0 expires Mon, 01 Jan 1990 00:00:00 GMT
GET H2	200	integrator.js Show response adservice.google.de/adsid/	107 B 792 B	51ms 21ms	Script application/javascript	2a00:1450:4001:803::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://adservice.google.de/adsid/integrator.js?domain=www.nytimes.com Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.nytimes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers timing-allow-origin * date Mon, 13 Dec 2021 12:24:40 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info." cache-control private, no-cache, no-store cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type application/javascript; charset=UTF-8 alt-svc h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43" content-length 100 x-xss-protection 0
GET H2	200	integrator.js Show response adservice.google.com/adsid/	107 B 549 B	50ms 21ms	Script application/javascript	2a00:1450:4001:811::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://adservice.google.com/adsid/integrator.js?domain=www.nytimes.com Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.nytimes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers timing-allow-origin * date Mon, 13 Dec 2021 12:24:40 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info." cache-control private, no-cache, no-store cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type application/javascript; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 100 x-xss-protection 0
GET H3	200	ads Show response securepubads.g.doubleclick.net/gampad/	21 KB 10 KB	215ms 214ms	XHR text/plain	142.250.185.66 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2348016933657495&correlator=3331916060508567&output=ldjh&impl=fif&eid=31061814%2C31063914&vrg=2021120601&ptt=17&npa=1&sc=1&sfv=1-0-38&ecs=20211213&iu_parts=29390238%2Cnyt%2Cworld%2Ceurope&enc_prev_ius=%2F0%2F1%2F2%2F3&prev_iu_szs=320x50%7C728x90%7C970x90%7C970x250%7C1605x300&fluid=height&prev_scp=div%3Dtop%26pos%3Dtop%26request_time%3D549&cust_params=cookie%3Dprivate%26als_test_clientside%3Dweb_none_none_none_v3-1-18.437987937808554773_20211213122439%26mktg%3Dadv_1%252Cengagement_0%252Ctype_anon%252Cckgf%252Cdiggf%252Cfrmckf%252Cfrmcoref%252Cfrmeduf%252Cfrmhdf%252Cfrmxwf%252Cgatef%252Cgifteef%252Cgifterf%252Coptf%252Cxwgf%252Clogf%252Cabf%26sub%3Danon%26edn%3Dus%26test%3Dprojectvi%26ver%3Dvi%26template%3Darticle%26hasVideo%3Dfalse%26vp%3Dlarge%26als_test%3D1639396447439%26prop%3Dnyt%26plat%3Dweb%26brandsensitive%3Dfalse%26org%3Dfederationtowersmoscowrussia%26geo%3Dmoscowrussia%252Crussia%26des%3Dcomputersecurity%252Cvirtualcurrency%252Cextortionandblackmail%252Cpoliticsandgovernment%252Ccyberwarfareanddefense%252Ccyberattacksandhackers%252Cunitedstatesinternationalrelat%26auth%3Dandrewekramer%26coll%3Dworldnews%252Ceurope%26artlen%3Dmedium%26ledemedsz%3Dnone%26typ%3Dart%26section%3Dworld%26si_section%3Dworld%26id%3D100000008088026%26pt%3Dnt10%252Cnt12%252Cnt13%252Cnt14%252Cnt15%252Cnt16%252Cnt17%252Cnt18%252Cnt2%252Cnt21%252Cnt3%252Cnt6%252Cnt8%252Cnt9%252Cpt11%26gscat%3Dneg_ibmtest%252Cneg_citi_aa%252Cneg_mastercard%252Cneg_capitalone%252Cneg_ibm%252Cneg_ms_safe%252Cneg_google%252Cneg_chanel%252Cneg_hearts%252Cneg_mtb%252Cneg_orep%252Cneg_bofa%252Cneg_bp%252Cneg_cathay%252Cgs_tech_computing%252Cgs_tech%252Cneg_mktg_safe_q4_2019%252Cgv_crime%252Cggl_wrk_collab%252Cgs_business%252Cneg_msft%252Cgs_economy%252Cgs_economy_misc%252Cgs_politics_misc%252Cgs_business_misc%252Cgs_business_energy%252Cgs_t%26tt%3D5%26mt%3DMT3%252CMT7%26abra_dfp%3Ddfp_disp_incr_1_test%252Cdfp_als_home_1_als%252Cdfp_adslot4v2_1_external%252Cmkt_dfp_hd_paywall_zip_0_control%252Cdfp_als_1_als%252Cdfp_messaging_flexframe_ctr_2_noheadnosummary%26sov%3D4%26page_view_id%3DvjiMptIcbravbo_zLhYaoWV3%26uap%3Dbrowser%26aid%3DzxdncqY1GMNkpz7VmDYK2X%26purr%3Dnpa&cookie_enabled=1&bc=31&abxe=1&lmt=1639396783&dt=1639398279998&dlt=1639398279436&idt=537&frm=20&biw=1600&bih=1200&oid=2&adxs=0&adys=76&adks=1524529580&ucis=1&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-russia-bitcoin.html&ref=https%3A%2F%2Ft.co%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1600x90&msz=1600x0&ga_vid=2030314818.1639398280&ga_sid=1639398280&ga_hid=544488254&ga_fc=false&fws=4&ohw=1600&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1 Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.185.66 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s48-in-f2.1e100.net Software cafe / Resource Hash 77544f6aee2c12eeb8df851776052c850d18fac6ba7a955c132511c12aff8d4f Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.nytimes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Mon, 13 Dec 2021 12:24:40 GMT content-encoding br x-content-type-options nosniff google-mediationgroup-id -2 p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 9738 x-xss-protection 0 google-lineitem-id 5574462643 pragma no-cache server cafe google-mediationtag-id -2 google-creative-id 138335725231 report-to {"group":"gfe-default_product_name","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/default_product_name"}]} content-type text/plain; charset=UTF-8 access-control-allow-origin https://www.nytimes.com cache-control no-cache, must-revalidate access-control-allow-credentials true timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="gfe-default_product_name" expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	container.html Show response 6b6573d65a3d03ca7f42da81b4a41b6a.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 4B5C	6 KB 4 KB	69ms 14ms	Document text/html	2a00:1450:4001:80f::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://6b6573d65a3d03ca7f42da81b4a41b6a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://www.nytimes.com/ Response headers accept-ranges bytes vary Accept-Encoding content-encoding gzip content-type text/html cross-origin-resource-policy cross-origin cross-origin-opener-policy-report-only same-origin; report-to="ads-gpt-scs" report-to {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]} timing-allow-origin * content-length 3108 date Mon, 13 Dec 2021 12:24:40 GMT expires Tue, 13 Dec 2022 12:24:40 GMT cache-control public, immutable, max-age=31536000 last-modified Tue, 02 Mar 2021 20:17:03 GMT x-content-type-options nosniff server sffe x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
OPTIONS H2	200	v2 samizdat-graphql.nytimes.com/graphql/ Frame	0 0	17ms 16ms	Preflight	151.101.129.164 FASTLY
General Check archive.org Show headers Download Go to Full URL https://samizdat-graphql.nytimes.com/graphql/v2 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.129.164 , United States, ASN54113 (FASTLY, US), Reverse DNS Software samizdat-graphql-bb8f425 / Resource Hash Request headers Accept */* Access-Control-Request-Method POST Access-Control-Request-Headers content-type,nyt-app-type,nyt-app-version,nyt-token Origin https://www.nytimes.com User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Sec-Fetch-Mode cors Response headers cache-control max-age=30 access-control-allow-methods GET, POST access-control-max-age 300 x-datadog-trace-id 6a2d81e3961295ee-475d7d59b91bdd50-1 access-control-allow-headers content-type, nyt-app-type, nyt-app-version, nyt-token access-control-allow-origin https://www.nytimes.com server samizdat-graphql-bb8f425 x-b3-traceid 6a2d81e3961295ee-475d7d59b91bdd50-1 access-control-allow-credentials true via 1.1 google, 1.1 varnish accept-ranges bytes date Mon, 13 Dec 2021 12:24:40 GMT age 1 x-nyt-meridiem PM x-nyt-continent EU x-nyt-country DE x-nyt-region HE x-nyt-audience-target-flat EU:PM x-samizdat-query-exe-id baa5bda36e440035 samizdat-x-instance e6a308cc samizdat-x-canary false x-served-by cache-cdg20748-CDG x-cache HIT x-cache-hits 1 x-timer S1639398280.454289,VS0,VE1 vary Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers timing-allow-origin * content-length 0
OPTIONS H2	200	v2 samizdat-graphql.nytimes.com/graphql/ Frame	0 0	19ms 16ms	Preflight	151.101.129.164 FASTLY
General Check archive.org Show headers Download Go to Full URL https://samizdat-graphql.nytimes.com/graphql/v2 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.129.164 , United States, ASN54113 (FASTLY, US), Reverse DNS Software samizdat-graphql-bb8f425 / Resource Hash Request headers Accept */* Access-Control-Request-Method POST Access-Control-Request-Headers content-type,nyt-app-type,nyt-app-version,nyt-token Origin https://www.nytimes.com User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Sec-Fetch-Mode cors Response headers cache-control max-age=30 access-control-allow-methods GET, POST access-control-max-age 300 x-datadog-trace-id 6a2d81e3961295ee-475d7d59b91bdd50-1 access-control-allow-headers content-type, nyt-app-type, nyt-app-version, nyt-token access-control-allow-origin https://www.nytimes.com server samizdat-graphql-bb8f425 x-b3-traceid 6a2d81e3961295ee-475d7d59b91bdd50-1 access-control-allow-credentials true via 1.1 google, 1.1 varnish accept-ranges bytes date Mon, 13 Dec 2021 12:24:40 GMT age 1 x-nyt-meridiem PM x-nyt-continent EU x-nyt-country DE x-nyt-region HE x-nyt-audience-target-flat EU:PM x-samizdat-query-exe-id 8f782501e5432bdd samizdat-x-instance e6a308cc samizdat-x-canary false x-served-by cache-cdg20748-CDG x-cache HIT x-cache-hits 2 x-timer S1639398280.481177,VS0,VE1 vary Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers timing-allow-origin * content-length 0
OPTIONS H2	200	v2 samizdat-graphql.nytimes.com/graphql/ Frame	0 0	17ms 16ms	Preflight	151.101.129.164 FASTLY
General Check archive.org Show headers Download Go to Full URL https://samizdat-graphql.nytimes.com/graphql/v2 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.129.164 , United States, ASN54113 (FASTLY, US), Reverse DNS Software samizdat-graphql-bb8f425 / Resource Hash Request headers Accept */* Access-Control-Request-Method POST Access-Control-Request-Headers content-type,nyt-app-type,nyt-app-version,nyt-token Origin https://www.nytimes.com User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Sec-Fetch-Mode cors Response headers cache-control max-age=30 access-control-allow-methods GET, POST access-control-max-age 300 x-datadog-trace-id 6a2d81e3961295ee-475d7d59b91bdd50-1 access-control-allow-headers content-type, nyt-app-type, nyt-app-version, nyt-token access-control-allow-origin https://www.nytimes.com server samizdat-graphql-bb8f425 x-b3-traceid 6a2d81e3961295ee-475d7d59b91bdd50-1 access-control-allow-credentials true via 1.1 google, 1.1 varnish accept-ranges bytes date Mon, 13 Dec 2021 12:24:40 GMT age 1 x-nyt-meridiem PM x-nyt-continent EU x-nyt-country DE x-nyt-region HE x-nyt-audience-target-flat EU:PM x-samizdat-query-exe-id 9a7b9ff13b18ce0f samizdat-x-instance e6a308cc samizdat-x-canary false x-served-by cache-cdg20748-CDG x-cache HIT x-cache-hits 3 x-timer S1639398281.519865,VS0,VE1 vary Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers timing-allow-origin * content-length 0
POST H2	200	v2 Show response samizdat-graphql.nytimes.com/graphql/	104 B 367 B	155ms 148ms	XHR application/json	151.101.129.164 FASTLY
General Check archive.org Show headers Download Go to Full URL https://samizdat-graphql.nytimes.com/graphql/v2 Requested by Host: www.nytimes.com URL: https://www.nytimes.com/vi-assets/static-assets/main-3c7d1bf403a3e122d0a0.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.129.164 , United States, ASN54113 (FASTLY, US), Reverse DNS Software samizdat-graphql-bb8f425 / Resource Hash b6c3cebe16410a231e7cce2f2377fc4f504b51e29b0c6e326b6779c41b1e94a0 Request headers nyt-token MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs+/oUCTBmD/cLdmcecrnBMHiU/pxQCn2DDyaPKUOXxi4p0uUSZQzsuq1pJ1m5z1i0YGPd1U1OeGHAChWtqoxC7bFMCXcwnE1oyui9G1uobgpm1GdhtwkR7ta7akVTcsF8zxiXx7DNXIPd2nIJFH83rmkZueKrC4JVaNzjvD+Z03piLn5bHWU6+w+rA+kyJtGgZNTXKyPh6EC6o5N+rknNMG5+CdTq35p8f99WjFawSvYgP9V64kgckbTbtdJ6YhVP58TnuYgr12urtwnIqWP9KSJ1e5vmgf3tunMqWNm6+AnsqNj8mCLdCuc5cEB74CwUeQcP2HQQmbCddBy2y0mEwIDAQAB Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 nyt-app-type project-vi content-type application/json accept */* Referer https://www.nytimes.com/ nyt-app-version 0.0.5 Response headers x-samizdat-query-sup-code date Mon, 13 Dec 2021 12:24:40 GMT content-encoding gzip x-nyt-meridiem PM x-b3-traceid 58bb6eaee30cadc8-7e21125ad1f96473-1 x-cache MISS samizdat-x-instance 48bc3591 x-samizdat-query-field-errors 0 x-cache-hits 0 x-samizdat-query-exe-id 23d121ada830cc46 via 1.1 google, 1.1 varnish samizdat-x-canary false x-nyt-region HE server samizdat-graphql-bb8f425 x-timer S1639398280.471670,VS0,VE144 x-nyt-continent EU x-served-by cache-hhn4062-HHN vary Accept-Encoding, Samizdat-X-Personalize, x-nyt-is-anonymous, Origin content-type application/json access-control-allow-origin https://www.nytimes.com x-nyt-audience-target-flat EU:PM cache-control private, no-store access-control-allow-credentials true x-nyt-country DE x-datadog-trace-id 58bb6eaee30cadc8-7e21125ad1f96473-1 accept-ranges bytes timing-allow-origin * access-control-expose-headers x-nyt-audience-target-flat, x-nyt-continent, x-nyt-country, x-nyt-region, x-nyt-meridiem, x-nyt-gmt-offset
GET H2	200	meter.js Show response meter-svc.nytimes.com/	649 B 1 KB	219ms 174ms	XHR application/json	35.241.35.241 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://meter-svc.nytimes.com/meter.js?sourceApp=vi&url=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-russia-bitcoin.html&referer=https%3A%2F%2Ft.co%2F&pageviewID=vjiMptIcbravbo_zLhYaoWV3 Requested by Host: www.nytimes.com URL: https://www.nytimes.com/vi-assets/static-assets/main-3c7d1bf403a3e122d0a0.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.241.35.241 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS 241.35.241.35.bc.googleusercontent.com Software / Resource Hash 7da51291634224caa292285e359d52fead4f50b1697edd757041210f0dfa9c20 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.nytimes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Mon, 13 Dec 2021 12:24:40 GMT via 1.1 google access-control-allow-headers DNT, X-CustomHeader, Keep-Alive, User-Agent, X-Requested-With, If-Modified-Since, Cache-Control, Content-Type, Cookie, Accept, x-requested-by, x-api-key, * vary Accept-Encoding access-control-allow-methods GET, POST, PUT, OPTIONS content-type application/json access-control-allow-origin https://www.nytimes.com access-control-expose-headers Set-Cookie cache-control private, no-store, no-cache, must-revalidate, max-age=0 access-control-allow-credentials true alt-svc clear content-length 649
POST H2	200	v2 Show response samizdat-graphql.nytimes.com/graphql/	62 B 764 B	112ms 108ms	XHR application/json	151.101.129.164 FASTLY
General Check archive.org Show headers Download Go to Full URL https://samizdat-graphql.nytimes.com/graphql/v2 Requested by Host: www.nytimes.com URL: https://www.nytimes.com/vi-assets/static-assets/main-3c7d1bf403a3e122d0a0.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.129.164 , United States, ASN54113 (FASTLY, US), Reverse DNS Software samizdat-graphql-bb8f425 / Resource Hash 078a5d6e227e8d58076090356e2b36a3999c610e88ca735fe3eceeeb72a4477c Request headers nyt-token MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs+/oUCTBmD/cLdmcecrnBMHiU/pxQCn2DDyaPKUOXxi4p0uUSZQzsuq1pJ1m5z1i0YGPd1U1OeGHAChWtqoxC7bFMCXcwnE1oyui9G1uobgpm1GdhtwkR7ta7akVTcsF8zxiXx7DNXIPd2nIJFH83rmkZueKrC4JVaNzjvD+Z03piLn5bHWU6+w+rA+kyJtGgZNTXKyPh6EC6o5N+rknNMG5+CdTq35p8f99WjFawSvYgP9V64kgckbTbtdJ6YhVP58TnuYgr12urtwnIqWP9KSJ1e5vmgf3tunMqWNm6+AnsqNj8mCLdCuc5cEB74CwUeQcP2HQQmbCddBy2y0mEwIDAQAB Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 nyt-app-type project-vi content-type application/json accept */* Referer https://www.nytimes.com/ nyt-app-version 0.0.5 Response headers x-samizdat-query-sup-code date Mon, 13 Dec 2021 12:24:40 GMT content-encoding gzip x-nyt-meridiem PM x-b3-traceid 5800fc94244725a3-6163964d99bf58a3-1 age 0 x-cache MISS samizdat-x-instance 3f32df02 x-samizdat-query-field-errors 0 x-cache-hits 0 x-samizdat-query-exe-id a6f074d4432f637b content-length 77 samizdat-x-canary false x-nyt-continent EU server samizdat-graphql-bb8f425 x-timer S1639398280.496200,VS0,VE103 x-nyt-region HE x-served-by cache-hhn4062-HHN vary Accept-Encoding, Samizdat-X-Personalize, x-nyt-is-anonymous, Origin content-type application/json via 1.1 google, 1.1 varnish x-nyt-audience-target-flat EU:PM cache-control max-age=30 access-control-allow-credentials true x-nyt-country DE x-datadog-trace-id 5800fc94244725a3-6163964d99bf58a3-1 accept-ranges bytes timing-allow-origin * access-control-allow-origin https://www.nytimes.com access-control-expose-headers x-nyt-audience-target-flat, x-nyt-continent, x-nyt-country, x-nyt-region, x-nyt-meridiem, x-nyt-gmt-offset
POST H2	200	v2 Show response samizdat-graphql.nytimes.com/graphql/	41 KB 7 KB	161ms 161ms	XHR application/json	151.101.129.164 FASTLY
General Check archive.org Show headers Download Go to Full URL https://samizdat-graphql.nytimes.com/graphql/v2 Requested by Host: www.nytimes.com URL: https://www.nytimes.com/vi-assets/static-assets/main-3c7d1bf403a3e122d0a0.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.129.164 , United States, ASN54113 (FASTLY, US), Reverse DNS Software samizdat-graphql-bb8f425 / Resource Hash 7f3f6b366cc9f0797a44e0e7bae084f6c08e3e27882b5c96bdd256b7553dcc37 Request headers nyt-token MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs+/oUCTBmD/cLdmcecrnBMHiU/pxQCn2DDyaPKUOXxi4p0uUSZQzsuq1pJ1m5z1i0YGPd1U1OeGHAChWtqoxC7bFMCXcwnE1oyui9G1uobgpm1GdhtwkR7ta7akVTcsF8zxiXx7DNXIPd2nIJFH83rmkZueKrC4JVaNzjvD+Z03piLn5bHWU6+w+rA+kyJtGgZNTXKyPh6EC6o5N+rknNMG5+CdTq35p8f99WjFawSvYgP9V64kgckbTbtdJ6YhVP58TnuYgr12urtwnIqWP9KSJ1e5vmgf3tunMqWNm6+AnsqNj8mCLdCuc5cEB74CwUeQcP2HQQmbCddBy2y0mEwIDAQAB Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 nyt-app-type project-vi content-type application/json accept */* Referer https://www.nytimes.com/ nyt-app-version 0.0.5 Response headers x-samizdat-query-sup-code date Mon, 13 Dec 2021 12:24:40 GMT content-encoding gzip x-nyt-meridiem PM x-b3-traceid 1b5574ada76826ab-146d0e5688c3e5c3-1 access-control-allow-origin https://www.nytimes.com x-cache MISS samizdat-x-instance 025c1983 x-samizdat-query-field-errors 0 x-cache-hits 0 x-samizdat-query-exe-id c19f2ef12a8085e2 samizdat-x-canary false x-nyt-continent EU last-modified Mon, 13 Dec 2021 12:24:40 GMT server samizdat-graphql-bb8f425 x-timer S1639398281.533205,VS0,VE154 x-nyt-region HE x-served-by cache-hhn4062-HHN vary Accept-Encoding, Samizdat-X-Fastly-Unique-Id, Samizdat-X-Personalize, x-nyt-is-anonymous, Origin content-type application/json via 1.1 google, 1.1 varnish x-nyt-audience-target-flat EU:PM cache-control private, no-store access-control-allow-credentials true x-nyt-country DE x-datadog-trace-id 1b5574ada76826ab-146d0e5688c3e5c3-1 accept-ranges bytes timing-allow-origin * access-control-expose-headers x-nyt-audience-target-flat, x-nyt-continent, x-nyt-country, x-nyt-region, x-nyt-meridiem, x-nyt-gmt-offset
GET H2	200	comments-0a1dfd52672a062c8cc4.js Show response www.nytimes.com/vi-assets/static-assets/	50 KB 16 KB	9ms 9ms	Script application/javascript	151.101.129.164 FASTLY
General Check archive.org Show headers Download Go to Full URL https://www.nytimes.com/vi-assets/static-assets/comments-0a1dfd52672a062c8cc4.js Requested by Host: www.nytimes.com URL: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.129.164 , United States, ASN54113 (FASTLY, US), Reverse DNS Software UploadServer / Resource Hash fa62493565e278323699c3ad190faf7c068564196891e60af4ca1d4beb689e87 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report; Strict-Transport-Security max-age=63072000; preload Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers content-security-policy upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report; content-encoding gzip age 1756817 x-guploader-uploadid ADPycdt_PjY0frfBSRK_ZEeiKVluPUVxVr2y0nTBqXTj71k0cn9EjXbkNmDz_3pvBCrJdYs_BMGK2EGj4vpfXhRA75tmTYYv_Q x-goog-stored-content-encoding identity x-origin-time 2021-11-23 04:24:23 UTC x-served-by cache-hhn4062-HHN x-timer S1639398281.531676,VS0,VE1 etag "904191d83172706539f75e99eca7012f" vary Accept-Encoding, Fastly-SSL onion-location https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/comments-0a1dfd52672a062c8cc4.js content-type application/javascript cache-control public,max-age=31536000 x-nyt-app-webview 0 x-nyt-route vi-assets x-nyt-edge-cache HIT x-cache-hits 10988 date Mon, 13 Dec 2021 12:24:40 GMT x-api-version F-X x-cache HIT x-goog-storage-class MULTI_REGIONAL x-goog-metageneration 1 content-length 14991 last-modified Wed, 17 Nov 2021 18:05:44 GMT server UploadServer strict-transport-security max-age=63072000; preload x-goog-hash crc32c=Pu4Lkw==, md5=kEGR2DFycGU5916Z7KcBLw== x-goog-generation 1637172344771815 expires Wed, 23 Nov 2022 04:24:23 GMT x-gdpr 1 x-goog-stored-content-length 51109 accept-ranges bytes
GET H2	200	requestHandler Show response www.nytimes.com/svc/community/V3/	3 KB 3 KB	120ms 120ms	Script application/json	151.101.129.164 FASTLY
General Check archive.org Show headers Download Go to Full URL https://www.nytimes.com/svc/community/V3/requestHandler?url=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-russia-bitcoin.html&cmd=GetCommentSummary&method=get&callback=jsonp_1639398280550_36083 Requested by Host: www.nytimes.com URL: https://www.nytimes.com/vi-assets/static-assets/vendor-8773c5d4e22e0ef62be0.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.129.164 , United States, ASN54113 (FASTLY, US), Reverse DNS Software nginx / Resource Hash 10a887e74844b4978566b30c45eee091ef28301fd1b5b0c8a41804e3ecf11d77 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report; Strict-Transport-Security max-age=63072000; preload Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Mon, 13 Dec 2021 12:24:40 GMT vary Accept-Encoding, Fastly-SSL x-api-version F-X age 0 x-cache MISS x-origin-time 2021-12-13 12:24:40 UTC x-served-by cache-hhn4062-HHN server nginx x-timer S1639398281.554715,VS0,VE113 strict-transport-security max-age=63072000; preload onion-location https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/svc/community/V3/requestHandler?callback=<esi:include%20src="/esi/jsonp-callback"/>&cmd=GetCommentSummary&method=get&url=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-russia-bitcoin.html content-type application/json x-gdpr 1 access-control-allow-credentials true x-nyt-route community-svc-cacheable content-security-policy upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report; x-nyt-edge-cache MISS x-nyt-app-webview 0 x-cache-hits 0
GET H2	200	purr-cache purr.nytimes.com/v1/	0 0	168ms 113ms	Fetch text/html	2a00:1450:4001:809::2013 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://purr.nytimes.com/v1/purr-cache Requested by Host: www.nytimes.com URL: https://www.nytimes.com/vi-assets/static-assets/main-3c7d1bf403a3e122d0a0.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:809::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Frontend / Resource Hash Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.nytimes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Mon, 13 Dec 2021 12:24:40 GMT server Google Frontend vary Origin content-type text/html access-control-allow-origin https://www.nytimes.com x-cloud-trace-context 1cc532c45f646e0475ab0e3ac4f75170 cache-control private access-control-allow-credentials true content-length 0 expires Mon, 13 Dec 2021 12:24:40 GMT
GET H2	200	data-layer Show response a.nytimes.com/svc/nyt/	2 KB 2 KB	188ms 134ms	XHR application/json	2a00:1450:4001:809::2013 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://a.nytimes.com/svc/nyt/data-layer?sourceApp=nyt-vi&caller_id=nyt-vi&referrer=https%3A%2F%2Ft.co%2F&assetUrl=http%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-russia-bitcoin.html&jkcb=1639398280553 Requested by Host: www.nytimes.com URL: https://www.nytimes.com/vi-assets/static-assets/main-3c7d1bf403a3e122d0a0.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:809::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Frontend / Resource Hash 1d47957dd240f013e2838ad5df0f1b80124f70ca9da97e5970fc2fd87a71b854 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.nytimes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Mon, 13 Dec 2021 12:24:40 GMT content-encoding gzip x-appengine-log-flush-count 1 server Google Frontend vary Accept-Encoding access-control-allow-methods GET, PUT, POST, DELETE, OPTIONS content-type application/json; charset=UTF-8 access-control-allow-origin https://www.nytimes.com x-cloud-trace-context 844ac246cd9a6123e360b6b091f68876 cache-control private access-control-allow-credentials true access-control-allow-headers Content-Type, x-requested-by, * content-length 1076 expires Mon, 13 Dec 2021 12:24:40 GMT
POST H2	200	track a.et.nytimes.com/	0 0	108ms 108ms	Ping application/json	2a00:1450:4001:809::2013 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://a.et.nytimes.com/track Requested by Host: www.nytimes.com URL: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:809::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://www.nytimes.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers
GET H2	200	franklin-normal-600.abe1b34d5a429f8e034860c86c483446.woff2 g1.nyt.com/fonts/family/franklin/	20 KB 20 KB	17ms 17ms	Font application/octet-stream	151.101.65.164 FASTLY
General Check archive.org Show headers Download Go to Full URL https://g1.nyt.com/fonts/family/franklin/franklin-normal-600.abe1b34d5a429f8e034860c86c483446.woff2 Requested by Host: g1.nyt.com URL: https://g1.nyt.com/fonts/css/web-fonts.b1c035e4560e0216caf8f03326e0430712b61041.css Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.65.164 , United States, ASN54113 (FASTLY, US), Reverse DNS Software UploadServer / Resource Hash 382754535c8544a1771a47b0f27d04402334c75c0b83cb0b18d88b20e271e3ab Request headers Referer https://g1.nyt.com/fonts/css/web-fonts.b1c035e4560e0216caf8f03326e0430712b61041.css Origin https://www.nytimes.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers x-goog-hash crc32c=JJVCDg==, md5=q+GzTVpCn44DSGDIbEg0Rg== date Mon, 13 Dec 2021 12:24:40 GMT via 1.1 varnish content-type application/octet-stream age 1072721 x-guploader-uploadid ADPycdvzcCfEtq6rQhQ7OVo_LbiYueAWtyvuoFYYxbGS147rQEL_tM0YbGPlwl3lsdxJCn0D8gc3sdeMM1OKD6NzCi8 x-cache HIT x-goog-storage-class STANDARD x-goog-metageneration 1 x-goog-stored-content-encoding identity content-length 20212 x-served-by cache-hhn4072-HHN accept-ranges bytes expires Thu, 01 Dec 2022 02:26:00 GMT last-modified Wed, 15 Sep 2021 19:43:04 GMT server UploadServer x-timer S1639398281.987523,VS0,VE0 etag "abe1b34d5a429f8e034860c86c483446" access-control-allow-methods GET, OPTIONS x-goog-generation 1631734984010934 access-control-allow-origin * access-control-expose-headers Content-Type cache-control public,max-age=31536000,immutable x-goog-stored-content-length 20212 x-nyt-pagetype web-font timing-allow-origin * x-cache-hits 8202
GET H3	200	ads Show response securepubads.g.doubleclick.net/gampad/	418 B 253 B	60ms 60ms	XHR text/plain	142.250.185.66 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2348016933657495&correlator=3331916060508567&output=ldjh&impl=fif&eid=31061814%2C31063914&vrg=2021120601&ptt=17&npa=1&sc=1&sfv=1-0-38&ecs=20211213&iu_parts=29390238%2Cnyt%2Cworld%2Ceurope&enc_prev_ius=%2F0%2F1%2F2%2F3&prev_iu_szs=150x50&prev_scp=div%3Dsponsor%26pos%3Dsponsor%26request_time%3D1110&cust_params=cookie%3Dprivate%26als_test_clientside%3Dweb_none_none_none_v3-1-18.437987937808554773_20211213122439%26mktg%3Dadv_1%252Cengagement_0%252Ctype_anon%252Cckgf%252Cdiggf%252Cfrmckf%252Cfrmcoref%252Cfrmeduf%252Cfrmhdf%252Cfrmxwf%252Cgatef%252Cgifteef%252Cgifterf%252Coptf%252Cxwgf%252Clogf%252Cabf%26sub%3Danon%26edn%3Dus%26test%3Dprojectvi%26ver%3Dvi%26template%3Darticle%26hasVideo%3Dfalse%26vp%3Dlarge%26als_test%3D1639396447439%26prop%3Dnyt%26plat%3Dweb%26brandsensitive%3Dfalse%26org%3Dfederationtowersmoscowrussia%26geo%3Dmoscowrussia%252Crussia%26des%3Dcomputersecurity%252Cvirtualcurrency%252Cextortionandblackmail%252Cpoliticsandgovernment%252Ccyberwarfareanddefense%252Ccyberattacksandhackers%252Cunitedstatesinternationalrelat%26auth%3Dandrewekramer%26coll%3Dworldnews%252Ceurope%26artlen%3Dmedium%26ledemedsz%3Dnone%26typ%3Dart%26section%3Dworld%26si_section%3Dworld%26id%3D100000008088026%26pt%3Dnt10%252Cnt12%252Cnt13%252Cnt14%252Cnt15%252Cnt16%252Cnt17%252Cnt18%252Cnt2%252Cnt21%252Cnt3%252Cnt6%252Cnt8%252Cnt9%252Cpt11%26gscat%3Dneg_ibmtest%252Cneg_citi_aa%252Cneg_mastercard%252Cneg_capitalone%252Cneg_ibm%252Cneg_ms_safe%252Cneg_google%252Cneg_chanel%252Cneg_hearts%252Cneg_mtb%252Cneg_orep%252Cneg_bofa%252Cneg_bp%252Cneg_cathay%252Cgs_tech_computing%252Cgs_tech%252Cneg_mktg_safe_q4_2019%252Cgv_crime%252Cggl_wrk_collab%252Cgs_business%252Cneg_msft%252Cgs_economy%252Cgs_economy_misc%252Cgs_politics_misc%252Cgs_business_misc%252Cgs_business_energy%252Cgs_t%26tt%3D5%26mt%3DMT3%252CMT7%26abra_dfp%3Ddfp_disp_incr_1_test%252Cdfp_als_home_1_als%252Cdfp_adslot4v2_1_external%252Cmkt_dfp_hd_paywall_zip_0_control%252Cdfp_als_1_als%252Cdfp_messaging_flexframe_ctr_2_noheadnosummary%26sov%3D4%26page_view_id%3DvjiMptIcbravbo_zLhYaoWV3%26uap%3Dbrowser%26aid%3DzxdncqY1GMNkpz7VmDYK2X%26purr%3Dnpa%26bt%3D%26typ_materials%3D%2523news%2523&cookie_enabled=1&bc=31&abxe=1&lmt=1639396783&dt=1639398280989&dlt=1639398279436&idt=537&frm=20&biw=1600&bih=1200&oid=2&adxs=-12245933&adys=-12245933&adks=3020965484&ucis=2&ifi=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-russia-bitcoin.html&ref=https%3A%2F%2Ft.co%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=150x16&msz=0x0&ga_vid=2030314818.1639398280&ga_sid=1639398280&ga_hid=544488254&ga_fc=false&fws=132&ohw=1600&btvi=-1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1 Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.185.66 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s48-in-f2.1e100.net Software cafe / Resource Hash 4d4dcc503ca6bac94957a2d8ef381f5c29bb397de2fa5c85a503750d0369b218 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.nytimes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Mon, 13 Dec 2021 12:24:41 GMT content-encoding br x-content-type-options nosniff google-mediationgroup-id -2 p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 220 x-xss-protection 0 google-lineitem-id -2 pragma no-cache server cafe google-mediationtag-id -2 google-creative-id -2 report-to {"group":"gfe-default_product_name","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/default_product_name"}]} content-type text/plain; charset=UTF-8 access-control-allow-origin https://www.nytimes.com cache-control no-cache, must-revalidate access-control-allow-credentials true timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="gfe-default_product_name" expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	merlin_198332982_0442fcf8-e449-45ac-b338-7b1b80d1993c-superJumbo.jpg static01.nyt.com/images/2021/12/02/world/00russia-crypto-02/	346 KB 346 KB	12ms 12ms	Image image/webp	151.101.129.164 FASTLY
General Check archive.org Show headers Download Go to Show image Full URL https://static01.nyt.com/images/2021/12/02/world/00russia-crypto-02/merlin_198332982_0442fcf8-e449-45ac-b338-7b1b80d1993c-superJumbo.jpg?quality=75&auto=webp Requested by Host: www.nytimes.com URL: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.129.164 , United States, ASN54113 (FASTLY, US), Reverse DNS Software UploadServer / Resource Hash 52626d4fd13a1b43d6ac2bf38df0aa331038b36fd5fcf283234645aef88ce7d5 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.nytimes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Mon, 13 Dec 2021 12:24:41 GMT via 1.1 varnish, 1.1 varnish age 8073 x-guploader-uploadid ADPycdsrFbhKHRPbZkIllfOfagtj2jW7HWifC_2_oeqy8oITV2DU1qYiAgzNRukz_YkCXS1UwmN3Kund6x7TxOJNbQ x-cache MISS, HIT fastly-io-info ifsz=758311 idim=2048x1365 ifmt=jpeg ofsz=353986 odim=2048x1365 ofmt=webp x-goog-storage-class MULTI_REGIONAL fastly-stats io=1 content-length 353986 x-served-by cache-bwi5121-BWI, cache-hhn4062-HHN x-nyt-gcs-bucket cms-gke-prd-publish-images-storage server UploadServer x-timer S1639398281.010252,VS0,VE2 etag "XHlbDHs7m/2KRGh8cq5M8QWvFKYgKPifLwudJw9hZ7c" vary Accept x-goog-hash crc32c=WLpwQw==, md5=Rd2FU+FZLjIKCrFfKw5ApA== content-type image/webp access-control-allow-origin * expires Mon, 06 Dec 2021 10:03:21 GMT cache-control max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public accept-ranges bytes timing-allow-origin * x-cache-hits 0, 1
POST H2	200	track a.et.nytimes.com/	0 0	113ms 113ms	Ping application/json	2a00:1450:4001:809::2013 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://a.et.nytimes.com/track Requested by Host: www.nytimes.com URL: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:809::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://www.nytimes.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers
POST H2	200	track a.et.nytimes.com/	0 0	101ms 101ms	Ping application/json	2a00:1450:4001:809::2013 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://a.et.nytimes.com/track Requested by Host: www.nytimes.com URL: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:809::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://www.nytimes.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers
POST H2	200	track a.et.nytimes.com/	0 0	105ms 105ms	Ping application/json	2a00:1450:4001:809::2013 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://a.et.nytimes.com/track Requested by Host: www.nytimes.com URL: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:809::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://www.nytimes.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers
GET H3	200	swg-button.css news.google.com/swg/js/v1/ Frame CAE5	21 KB 6 KB	15ms 14ms	Stylesheet text/css	2a00:1450:4001:809::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://news.google.com/swg/js/v1/swg-button.css Requested by Host: news.google.com URL: https://news.google.com/swg/_/ui/v1/serviceiframe?_=455388 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 128921b242c2b1953c2a1691cfd681f716ecbe620ec1a2424a644b9487c23760 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://news.google.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Mon, 13 Dec 2021 11:42:46 GMT content-encoding gzip x-content-type-options nosniff age 2515 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/news-frontend cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 6439 x-xss-protection 0 last-modified Wed, 03 Nov 2021 17:26:21 GMT server sffe cross-origin-opener-policy same-origin; report-to="news-frontend" vary Accept-Encoding report-to {"group":"news-frontend","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/news-frontend"}]} content-type text/css cache-control public, max-age=3000 accept-ranges bytes expires Mon, 13 Dec 2021 12:32:46 GMT
GET H2	200	m=_b,_tp Show response www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.4eSN_71pnvk.es5.O/am=AgAI/d=1/excm=_b,_tp,serviceiframeview/ed=1/dg=0/wt=2/esmo=1/rs=ABXT... Frame CAE5	160 KB 57 KB	36ms 9ms	Script text/javascript	2a00:1450:4001:82a::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.4eSN_71pnvk.es5.O/am=AgAI/d=1/excm=_b,_tp,serviceiframeview/ed=1/dg=0/wt=2/esmo=1/rs=ABXTjI5L3LLXZ0Fgis6GByEmucK6c1cajA/m=_b,_tp Requested by Host: news.google.com URL: https://news.google.com/swg/_/ui/v1/serviceiframe?_=455388 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 16eac1eb2aae66e8bab630958963fabc35cff3ca7935d724c0de9c5ab32299c4 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://news.google.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Thu, 09 Dec 2021 16:46:48 GMT content-encoding gzip x-content-type-options nosniff age 329873 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/subscribewithgoogle-boq-js-css-signers cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 57574 x-xss-protection 0 last-modified Thu, 09 Dec 2021 02:53:28 GMT server sffe vary Accept-Encoding, Origin report-to {"group":"boq-infra/subscribewithgoogle-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/subscribewithgoogle-boq-js-css-signers"}]} content-type text/javascript; charset=UTF-8 cache-control public, immutable, max-age=31536000 accept-ranges bytes cross-origin-opener-policy-report-only same-origin; report-to="boq-infra/subscribewithgoogle-boq-js-css-signers" expires Fri, 09 Dec 2022 16:46:48 GMT
POST H2	200	track a.et.nytimes.com/	0 0	103ms 103ms	Ping application/json	2a00:1450:4001:809::2013 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://a.et.nytimes.com/track Requested by Host: www.nytimes.com URL: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:809::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://www.nytimes.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers
GET H3	200	container.html Show response 6b6573d65a3d03ca7f42da81b4a41b6a.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame BAAB	6 KB 3 KB	25ms 10ms	Document text/html	2a00:1450:4001:80f::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://6b6573d65a3d03ca7f42da81b4a41b6a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://www.nytimes.com/ Response headers accept-ranges bytes vary Accept-Encoding content-encoding gzip content-type text/html cross-origin-resource-policy cross-origin cross-origin-opener-policy-report-only same-origin; report-to="ads-gpt-scs" report-to {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]} timing-allow-origin * content-length 3108 date Mon, 13 Dec 2021 12:24:40 GMT expires Tue, 13 Dec 2022 12:24:40 GMT last-modified Tue, 02 Mar 2021 20:17:03 GMT x-content-type-options nosniff server sffe x-xss-protection 0 cache-control public, immutable, max-age=31536000 age 1 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
POST H2	200	/ Show response dd.nytimes.com/js/	231 B 574 B	37ms 15ms	XHR application/json	143.204.209.20 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://dd.nytimes.com/js/ Requested by Host: dd.nytimes.com URL: https://dd.nytimes.com/tags.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 143.204.209.20 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-143-204-209-20.fra53.r.cloudfront.net Software DataDome / Resource Hash 4cecc12ef7f7e8609c1fa910d513ea52dd3304ddc06a75014588510e04c78b8f Request headers Referer https://www.nytimes.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Content-type application/x-www-form-urlencoded Response headers pragma no-cache date Mon, 13 Dec 2021 12:24:41 GMT via 1.1 86ef89199388021c33b079c598103b12.cloudfront.net (CloudFront) server DataDome x-amz-cf-pop FRA53-C1 x-cache Miss from cloudfront content-type application/json;charset=utf-8 access-control-allow-origin * cache-control no-cache, no-store, must-revalidate content-length 231 x-amz-cf-id Kd4FoxMuYbTUBp9fMqvKOEO65rkNAR2J8y0ZSsHEHv6_bfyiBFB2sQ== expires 0
GET H2	200	/ Show response mwcm.nytimes.com/capi/metered_assets/	78 KB 16 KB	497ms 488ms	Fetch application/json	151.101.129.164 FASTLY
General Check archive.org Show headers Download Go to Full URL https://mwcm.nytimes.com/capi/metered_assets/?plat=web&mc=0&mr=1&ma=1&counted=false&granted=false&gwtype=PAYWALL&us=anon&context-type=&assettype=timebound&areas=barOne&areas=dock&areas=inlineUnit&areas=truncator&areas=gateway Requested by Host: www.nytimes.com URL: https://www.nytimes.com/vi-assets/static-assets/main-3c7d1bf403a3e122d0a0.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.129.164 , United States, ASN54113 (FASTLY, US), Reverse DNS Software Google Frontend / Resource Hash fb8981dce90caebe3bf4455cc82666efb3cc7d48fc2d5228d540f2573884a983 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Mon, 13 Dec 2021 12:24:41 GMT content-encoding gzip access-control-allow-origin https://www.nytimes.com x-cache MISS x-served-by cache-hhn4062-HHN expires Mon, 13 Dec 2021 12:24:41 GMT server Google Frontend x-cmots-campaign-names {"barOne":"MAG_web_nonsub_all_monthly-sale","dock":"MAG_web_all_Monthly-Sale-dock","gateway":"MAG_web_nonsub_all_monthly-sale","inlineUnit":"MAG_web_nonsub_all_monthly-sale","truncator":"MAG-web_all_non-mobile-all_welcome-killset"} x-timer S1639398281.277680,VS0,VE480 vary x-nyt-user-status, x-nyt-country, x-nyt-continent, x-nyt-device, X-NYT-Currency, x-nyt-ipsegments-edu-b2b, x-nyt-last-known-type, Accept-Encoding, Fastly-SSL, Origin access-control-allow-methods GET, PUT, POST, DELETE, OPTIONS content-type application/json; charset=utf-8 via 1.1 varnish x-cloud-trace-context c64375d9dbb7d13ab6a386cef07a7841 cache-control private, no-cache, no-store, must-revalidate access-control-allow-credentials true x-nyt-route mwcm-muassets accept-ranges bytes access-control-allow-headers Content-Type, x-requested-by, * x-cache-hits 0
GET H2	200	analytics.js Show response www.google-analytics.com/	49 KB 20 KB	31ms 7ms	Script text/javascript	2a00:1450:4001:809::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/analytics.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-P528B3&gtm_auth=tfAzqo1rYDLgYhmTnSjPqw&gtm_preview=env-130&gtm_cookies_win=x Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210 Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.nytimes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers strict-transport-security max-age=10886400; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff last-modified Tue, 02 Nov 2021 17:39:06 GMT server Golfe2 age 2987 date Mon, 13 Dec 2021 11:34:54 GMT vary Accept-Encoding content-type text/javascript cache-control public, max-age=7200 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 20006 expires Mon, 13 Dec 2021 13:34:54 GMT
GET H3	200	activityi;dc_pre=CMKa08Hi4PQCFc-RGwodw6wJVw;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=7399315201023;gtm=2wgc10;auiddc=2041699940.1639398281;u17=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fw... Show response 5290727.fls.doubleclick.net/ Frame B735 Redirect Chain https://5290727.fls.doubleclick.net/activityi;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=7399315201023;gtm=2wgc10;auiddc=2041699940.1639398281;u17=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2... https://5290727.fls.doubleclick.net/activityi;dc_pre=CMKa08Hi4PQCFc-RGwodw6wJVw;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=7399315201023;gtm=2wgc10;auiddc=2041699940.1639398281;u17=https%3A%2F%2F...	567 B 408 B	56ms 41ms	Document text/html	142.250.185.102 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://5290727.fls.doubleclick.net/activityi;dc_pre=CMKa08Hi4PQCFc-RGwodw6wJVw;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=7399315201023;gtm=2wgc10;auiddc=2041699940.1639398281;u17=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-russia-bitcoin.html;ps=1;~oref=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-russia-bitcoin.html? Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-P528B3&gtm_auth=tfAzqo1rYDLgYhmTnSjPqw&gtm_preview=env-130&gtm_cookies_win=x Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.185.102 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s49-in-f6.1e100.net Software cafe / Resource Hash 9d69a3deb3833eed32ebb768f3e66b59e43c5a43523beae6eefbbb84c01cbc29 Security Headers Name Value Strict-Transport-Security max-age=21600 X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer about:blank Response headers p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" timing-allow-origin * cross-origin-resource-policy cross-origin date Mon, 13 Dec 2021 12:24:41 GMT expires Mon, 13 Dec 2021 12:24:41 GMT cache-control private, max-age=0 strict-transport-security max-age=21600 content-type text/html; charset=UTF-8 x-content-type-options nosniff content-encoding gzip server cafe content-length 383 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" cross-origin-opener-policy-report-only same-origin; report-to="gfe-default_product_name" report-to {"group":"gfe-default_product_name","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/default_product_name"}]} Redirect headers p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" timing-allow-origin * cross-origin-resource-policy cross-origin date Mon, 13 Dec 2021 12:24:41 GMT pragma no-cache expires Fri, 01 Jan 1990 00:00:00 GMT cache-control no-cache, must-revalidate follow-only-when-prerender-shown 1 strict-transport-security max-age=21600 location https://5290727.fls.doubleclick.net/activityi;dc_pre=CMKa08Hi4PQCFc-RGwodw6wJVw;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=7399315201023;gtm=2wgc10;auiddc=2041699940.1639398281;u17=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-russia-bitcoin.html;ps=1;~oref=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-russia-bitcoin.html? content-type text/html; charset=UTF-8 x-content-type-options nosniff server cafe content-length 0 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" cross-origin-opener-policy-report-only same-origin; report-to="gfe-default_product_name" report-to {"group":"gfe-default_product_name","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/default_product_name"}]}
GET H2	200	chartbeat.js Show response static.chartbeat.com/js/	36 KB 14 KB	27ms 9ms	Script application/x-javascript	2600:9000:2057:5600:18:1fcd:34f:cdc1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://static.chartbeat.com/js/chartbeat.js Requested by Host: t.co URL: https://t.co/PJ4yzIBJiy Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2057:5600:18:1fcd:34f:cdc1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash e2c28f3e8b6a2e5170859e67cff3e8240e6b888d02005306ef3d2129f5cbd74c Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.nytimes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Mon, 13 Dec 2021 11:07:11 GMT content-encoding gzip last-modified Thu, 28 Oct 2021 00:27:20 GMT server nginx age 4650 etag W/"6179ee68-8e96" vary Accept-Encoding x-cache Hit from cloudfront content-type application/x-javascript via 1.1 c275031486c6f7b744b8d30847e98b14.cloudfront.net (CloudFront) cache-control max-age=7200 cross-origin-resource-policy cross-origin x-amz-cf-pop FRA6-C1 x-amz-cf-id 0io6xag5ObVdfZkzQ91H8Ua2MXDBA2no3ZELjzVL4y02fljMcQShag== expires Mon, 13 Dec 2021 13:07:11 GMT
GET H2	200	show-ads.js Show response a1.nyt.com/analytics/	45 B 628 B	15ms 6ms	Script application/javascript	151.101.129.164 FASTLY
General Check archive.org Show headers Download Go to Full URL https://a1.nyt.com/analytics/show-ads.js Requested by Host: t.co URL: https://t.co/PJ4yzIBJiy Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.129.164 , United States, ASN54113 (FASTLY, US), Reverse DNS Software UploadServer / Resource Hash 8aa1e610b22079cb84a89491850b86860036e3f2c9750a367d839b9a6a63d306 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.nytimes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers x-goog-hash crc32c=nM1/Pw==, md5=HSkdp5JFa9AVtmTuERml4A== date Mon, 13 Dec 2021 12:24:41 GMT content-encoding gzip content-type application/javascript age 27284 x-guploader-uploadid ADPycdsibVoXQmfd_2bN94DYNLqt1DJtInYzNKiC2H0RY7L8wwJ89rTfbLZTZZzJ0YQC7bfkadEVWDLh0sGiDYJJaQ x-cache HIT x-goog-storage-class REGIONAL x-goog-metageneration 2 x-goog-stored-content-encoding identity content-length 65 via 1.1 varnish x-served-by cache-hhn4062-HHN accept-ranges bytes expires Mon, 23 Aug 2021 07:13:52 GMT last-modified Thu, 17 Dec 2020 21:19:35 GMT server UploadServer x-timer S1639398281.354252,VS0,VE0 etag "1d291da792456bd015b664ee1119a5e0" vary Accept-Encoding access-control-allow-methods GET, OPTIONS x-goog-generation 1608239975905841 access-control-allow-origin * access-control-expose-headers Content-Type cache-control public,max-age=86400 x-goog-stored-content-length 45 x-nyt-pagetype nyt-dti-analytic timing-allow-origin * x-cache-hits 874
POST H2	200	track a.et.nytimes.com/	0 0	112ms 111ms	Ping application/json	2a00:1450:4001:809::2013 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://a.et.nytimes.com/track Requested by Host: www.nytimes.com URL: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:809::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://www.nytimes.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers
GET H2	200	activityi;register_conversion=1;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=7399315201023;gtm=2wgc10;auiddc=2041699940.1639398281;u17=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurop... 5290727.fls.doubleclick.net/	0 0	31ms 16ms	Image text/html	142.250.185.102 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://5290727.fls.doubleclick.net/activityi;register_conversion=1;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=7399315201023;gtm=2wgc10;auiddc=2041699940.1639398281;u17=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-russia-bitcoin.html;ps=1;~oref=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-russia-bitcoin.html? Requested by Host: www.nytimes.com URL: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.185.102 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s49-in-f6.1e100.net Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.nytimes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers
GET H2	200	/ insight.adsrvr.org/track/pxl/	70 B 261 B	204ms 32ms	Image image/gif	52.223.40.198 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://insight.adsrvr.org/track/pxl/?adv=bomn82o&ct=0:s2f54xh&fmt=3&ttl=43200&gtmcb=752947734 Requested by Host: www.nytimes.com URL: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.223.40.198 , United States, ASN16509 (AMAZON-02, US), Reverse DNS a6370ebea231e0c9a.awsglobalaccelerator.com Software / Resource Hash 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.nytimes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers pragma no-cache date Mon, 13 Dec 2021 12:24:41 GMT cache-control private,no-cache, must-revalidate x-aspnet-version 4.0.30319 content-type image/gif p3p CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
POST H2	200	track a.et.nytimes.com/	0 0	100ms 100ms	Ping application/json	2a00:1450:4001:809::2013 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://a.et.nytimes.com/track Requested by Host: www.nytimes.com URL: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:809::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://www.nytimes.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers
GET H2	200	KFOmCnqEu92Fr1Mu4mxK.woff2 fonts.gstatic.com/s/roboto/v18/ Frame CAE5	15 KB 16 KB	147ms 7ms	Font font/woff2	2a00:1450:4001:82b::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 Requested by Host: news.google.com URL: https://news.google.com/swg/_/ui/v1/serviceiframe?_=455388 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://news.google.com/ Origin https://news.google.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Tue, 07 Dec 2021 17:06:41 GMT x-content-type-options nosniff age 501480 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 15344 x-xss-protection 0 last-modified Mon, 16 Oct 2017 17:32:55 GMT server sffe report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="apps-themes" expires Wed, 07 Dec 2022 17:06:41 GMT
GET H3	200	m=byfTOb,lsjVmc,LEikZe Show response www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.4eSN_71pnvk.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.uewZWcn_Cs4.L.B1... Frame CAE5	37 KB 13 KB	23ms 8ms	Script text/javascript	2a00:1450:4001:82a::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.4eSN_71pnvk.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.uewZWcn_Cs4.L.B1.O/am=AgAI/d=1/exm=_b,_tp/excm=_b,_tp,serviceiframeview/esmo=1/ed=1/wt=2/rs=ABXTjI5kfIQ74-8tGq-F-HAdYZnSquv4Qw/ee=cEt90b:ws9Tlc;uY49fb:COQbmf;Oj465e:KG2eXe;yxTchf:KUM7Z;qddgKe:xQtZb;wR5FRb:O1Gjze;iFQyKf:vfuNJf;dIoSBb:SpsfSb;NPKaK:SdcwHb;LBgRLc:SdcwHb;zxnPse:GkRiKb;NSEoX:lazG7b;nAFL3:NTMZac;oGtAuc:sOXFj;eBAeSb:zbML3c;io8t5d:yDVVkb;j7137d:KG2eXe;ul9GGd:JrBFQb;sP4Vbe:VwDzFe;kMFpHd:blwjVc;pXdRYb:MdUzUe;SNUn3:ZwDk9d/m=byfTOb,lsjVmc,LEikZe Requested by Host: www.gstatic.com URL: https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.4eSN_71pnvk.es5.O/am=AgAI/d=1/excm=_b,_tp,serviceiframeview/ed=1/dg=0/wt=2/esmo=1/rs=ABXTjI5L3LLXZ0Fgis6GByEmucK6c1cajA/m=_b,_tp Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 68414970e5ebeed5b7e4c413985c9e66ff415c493afc4bf8e64ed24467a14344 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://news.google.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Sat, 11 Dec 2021 20:46:21 GMT content-encoding gzip x-content-type-options nosniff age 142700 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/subscribewithgoogle-boq-js-css-signers cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 13600 x-xss-protection 0 last-modified Thu, 09 Dec 2021 00:01:46 GMT server sffe vary Accept-Encoding, Origin report-to {"group":"boq-infra/subscribewithgoogle-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/subscribewithgoogle-boq-js-css-signers"}]} content-type text/javascript; charset=UTF-8 cache-control public, immutable, max-age=31536000 accept-ranges bytes cross-origin-opener-policy-report-only same-origin; report-to="boq-infra/subscribewithgoogle-boq-js-css-signers" expires Sun, 11 Dec 2022 20:46:21 GMT
GET H2	200	ext.js Show response tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame BAAB	22 KB 7 KB	124ms 7ms	Script text/javascript	2a00:1450:4001:831::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js Requested by Host: 6b6573d65a3d03ca7f42da81b4a41b6a.safeframe.googlesyndication.com URL: https://6b6573d65a3d03ca7f42da81b4a41b6a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://6b6573d65a3d03ca7f42da81b4a41b6a.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Thu, 09 Dec 2021 18:05:39 GMT content-encoding gzip x-content-type-options nosniff age 325142 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 7022 x-xss-protection 0 last-modified Tue, 02 Mar 2021 20:17:03 GMT server sffe vary Accept-Encoding report-to {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]} content-type text/javascript cache-control public, immutable, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="ads-gpt-scs" expires Fri, 09 Dec 2022 18:05:39 GMT
GET H2	200	rx_lidar.js Show response www.googletagservices.com/activeview/js/current/ Frame BAAB	119 KB 37 KB	146ms 30ms	Script text/javascript	2a00:1450:4001:80e::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914 Requested by Host: 6b6573d65a3d03ca7f42da81b4a41b6a.safeframe.googlesyndication.com URL: https://6b6573d65a3d03ca7f42da81b4a41b6a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://6b6573d65a3d03ca7f42da81b4a41b6a.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Mon, 13 Dec 2021 12:24:41 GMT content-encoding gzip x-content-type-options nosniff content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 37305 x-xss-protection 0 server sffe cross-origin-opener-policy same-origin; report-to="active-view-scs-read-write-acl" etag "1638461285297402" vary Accept-Encoding report-to {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]} content-type text/javascript cache-control private, max-age=3000 accept-ranges bytes expires Mon, 13 Dec 2021 12:24:41 GMT
GET H3	200	m=xUdipf,blwjVc,fKUV3e,aurFic,ws9Tlc,COQbmf,U0aPgd,zG9H6c,NwH0H,OmgaI,gychg,lfpdyf,ZfAoz,PQaYAf,lPKSwe,yDVVkb,KG2eXe,DfBslb Show response www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.4eSN_71pnvk.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.uewZWcn_Cs4.L.B1... Frame CAE5	102 KB 35 KB	13ms 11ms	Script text/javascript	2a00:1450:4001:82a::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.4eSN_71pnvk.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.uewZWcn_Cs4.L.B1.O/am=AgAI/d=1/exm=LEikZe,_b,_tp,byfTOb,lsjVmc/excm=_b,_tp,serviceiframeview/esmo=1/ed=1/wt=2/rs=ABXTjI5kfIQ74-8tGq-F-HAdYZnSquv4Qw/ee=cEt90b:ws9Tlc;uY49fb:COQbmf;Oj465e:KG2eXe;yxTchf:KUM7Z;qddgKe:xQtZb;wR5FRb:O1Gjze;iFQyKf:vfuNJf;dIoSBb:SpsfSb;NPKaK:SdcwHb;LBgRLc:SdcwHb;zxnPse:GkRiKb;NSEoX:lazG7b;nAFL3:NTMZac;oGtAuc:sOXFj;eBAeSb:zbML3c;io8t5d:yDVVkb;j7137d:KG2eXe;ul9GGd:JrBFQb;sP4Vbe:VwDzFe;kMFpHd:blwjVc;pXdRYb:MdUzUe;SNUn3:ZwDk9d/m=xUdipf,blwjVc,fKUV3e,aurFic,ws9Tlc,COQbmf,U0aPgd,zG9H6c,NwH0H,OmgaI,gychg,lfpdyf,ZfAoz,PQaYAf,lPKSwe,yDVVkb,KG2eXe,DfBslb Requested by Host: www.gstatic.com URL: https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.4eSN_71pnvk.es5.O/am=AgAI/d=1/excm=_b,_tp,serviceiframeview/ed=1/dg=0/wt=2/esmo=1/rs=ABXTjI5L3LLXZ0Fgis6GByEmucK6c1cajA/m=_b,_tp Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 13cad5d2aa60f7e2ed1c5439addc8a741567b8289801208e1c55024b22e0d5b9 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://news.google.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Sat, 11 Dec 2021 09:49:33 GMT content-encoding gzip x-content-type-options nosniff age 182108 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/subscribewithgoogle-boq-js-css-signers cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 35580 x-xss-protection 0 last-modified Thu, 09 Dec 2021 00:01:46 GMT server sffe vary Accept-Encoding, Origin report-to {"group":"boq-infra/subscribewithgoogle-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/subscribewithgoogle-boq-js-css-signers"}]} content-type text/javascript; charset=UTF-8 cache-control public, immutable, max-age=31536000 accept-ranges bytes cross-origin-opener-policy-report-only same-origin; report-to="boq-infra/subscribewithgoogle-boq-js-css-signers" expires Sun, 11 Dec 2022 09:49:33 GMT
GET H2	200	ping pnytimes.chartbeat.net/	43 B 201 B	551ms 99ms	Image image/gif	54.197.115.220 AMAZON-AES
General Check archive.org Show headers Download Go to Show image Full URL https://pnytimes.chartbeat.net/ping?h=nytimes.com&p=nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-russia-bitcoin.html&u=DpqdGop3HZMByzISf&d=nytimes.com&g=16698&g0=world%2CEurope%2Cinternational_desk&g1=Andrew%20E.%20Kramer&n=1&f=00001&c=0&x=0&m=0&y=1200&o=1600&w=1200&j=45&R=1&W=0&I=0&E=0&e=0&r=https%3A%2F%2Ft.co%2F&b=2045&t=cPzkw9Hom3D38besoz1UjDrrf0G&V=129&i=Companies%20Linked%20to%20Russian%20Ransomware%20Hide%20in%20Plain%20Sight&tz=0&_acct=anon&sn=1&sv=UjPZaBKoJ9OBD1XmMZl6w6CeFD0&sr=https%3A%2F%2Ft.co%2F&sd=1&im=06679ff3&_ Requested by Host: www.nytimes.com URL: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.197.115.220 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-54-197-115-220.compute-1.amazonaws.com Software / Resource Hash cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.nytimes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers pragma no-cache date Mon, 13 Dec 2021 12:24:41 GMT cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif content-length 43 expires 0
POST H3	200	collect Show response www.google-analytics.com/j/	1 B 21 B	14ms 14ms	XHR text/plain	2a00:1450:4001:809::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/j/collect?v=1&_v=j96&a=544488254&t=pageview&_s=1&dl=http%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-russia-bitcoin.html&dr=https%3A%2F%2Ft.co%2F&ul=en-us&de=UTF-8&dt=Companies%20Linked%20to%20Russian%20Ransomware%20Hide%20in%20Plain%20Sight%20-%20The%20New%20York%20Times&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YAhAAEABAAAAAC~&jid=1119016878&gjid=1059040124&cid=2030314818.1639398280&tid=UA-58630905-2&_gid=1404870338.1639398281&_r=1&gtm=2wgc10P528B3&cg1=world&cg2=europe&cg3=article&cg4=news&cd1=http%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-russia-bitcoin.html&cd2=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-russia-bitcoin.html&cd3=&cd4=World&cd9=9&cd10=t.co&cd12=Europe&cd13=twitter&cd14=international_desk&cd15=earned&cd16=social&cd17=100000008088026&cd18=Andrew%20E.%20Kramer&cd19=Companies%20Linked%20to%20Russian%20Ransomware%20Hide%20in%20Plain%20Sight&cd20=&cd21=Article&cd23=World&cd25=Europe&cd26=2021&cd27=2021-12-06-05&cd28=Monday&cd29=05&cd30=1638981366336&cd32=World%20News%2CEurope&cd33=SECTION%2CSECTION&cd34=NEWS&cd36=06russia-crypto&cd37=1354&cd38=Foreign&cd42=nyt-vi&cd43=Computer%20Security%2CVirtual%20Currency%2CExtortion%20and%20Blackmail%2CPolitics%20and%20Government%2CCyberwarfare%20and%20Defense%2CCyberattacks%20and%20Hackers%2CUnited%20States%20International%20Relations&cd44=Federation%20Towers%20(Moscow%2C%20Russia)&cd46=Moscow%20(Russia)%2CRussia&cd48=December&cd49=long_1200_1600&cd51=nyt-vi&cd52=&cd53=Foreign&cd54=international_desk&cd55=0&cd56=anon&cd57=0&cd58=0&cd59=&cd60=&cd61=0&cd63=zxdncqY1GMNkpz7VmDYK2X&cd65=anon&cd67=0&cd95=&cd122=&cd123=&cd124=&cd125=&cd126=&cd127=&cd129=NaN&cd135=&cd139=&cd141=&cd142=&cd162=&cd163=&cd164=zxdncqY1GMNkpz7VmDYK2X&z=602558448 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://www.nytimes.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Content-Type text/plain Response headers pragma no-cache date Mon, 13 Dec 2021 12:24:41 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 content-type text/plain access-control-allow-origin https://www.nytimes.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 1 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H/1.1	200 OK	config.json Show response c.go-mpulse.net/api/	6 KB 2 KB	262ms 190ms	XHR application/json	2a02:26f0:6c00:1bb::11a6 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://c.go-mpulse.net/api/config.json?key=ATH8A-MAMN8-XPXCH-N5KAX-8D239&d=www.nytimes.com&t=5464661&v=1.720.0&sl=0&si=9a59a253-843e-4f58-aa35-80a78ca4660c-r41zt3&plugins=ConfigOverride,Continuity,PageParams,IFrameDelay,AutoXHR,SPA,History,Angular,Backbone,Ember,RT,CrossDomain,BW,PaintTiming,NavigationTiming,ResourceTiming,Memory,CACHE_RELOAD,Errors,TPAnalytics,UserTiming,Akamai,Early,EventTiming,LOGN&acao= Requested by Host: s.go-mpulse.net URL: https://s.go-mpulse.net/boomerang/ATH8A-MAMN8-XPXCH-N5KAX-8D239 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 2a02:26f0:6c00:1bb::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash 6bab4c8861377553938195533abf5261ba88d557def0ffb66f19f73151059627 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.nytimes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers Date Mon, 13 Dec 2021 12:24:41 GMT Content-Encoding gzip Vary Accept-Encoding Content-Type application/json Access-Control-Allow-Origin * Cache-Control private, max-age=300, stale-while-revalidate=60, stale-if-error=120 Connection keep-alive Timing-Allow-Origin * Content-Length 1562
POST H3	200	batchexecute Show response news.google.com/_/SubscribewithgoogleClientUi/data/ Frame CAE5	449 B 328 B	67ms 67ms	XHR application/json	2a00:1450:4001:809::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://news.google.com/_/SubscribewithgoogleClientUi/data/batchexecute?rpcids=SlvRf&f.sid=-4874912555554974003&bl=boq_subscribewithgoogleclientserver_20211208.11_p0&hl=de&soc-app=673&soc-platform=1&soc-device=1&_reqid=44682&rt=c Requested by Host: www.gstatic.com URL: https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.4eSN_71pnvk.es5.O/am=AgAI/d=1/excm=_b,_tp,serviceiframeview/ed=1/dg=0/wt=2/esmo=1/rs=ABXTjI5L3LLXZ0Fgis6GByEmucK6c1cajA/m=_b,_tp Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash ce008e6e7bd9b8fe1c5a45d96eff7eeeae19aedfbf891b206aae96f007ae9cce Security Headers Name Value Content-Security-Policy require-trusted-types-for 'script';report-uri /_/SubscribewithgoogleClientUi/cspreport Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers X-Same-Domain 1 Referer https://news.google.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Content-Type application/x-www-form-urlencoded;charset=UTF-8 Response headers date Mon, 13 Dec 2021 12:24:41 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy same-site content-disposition attachment; filename="response.bin"; filename*=UTF-8''response.bin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" x-xss-protection 0 pragma no-cache server ESF x-frame-options SAMEORIGIN strict-transport-security max-age=31536000 content-type application/json; charset=utf-8 vary Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site cache-control no-cache, no-store, max-age=0, must-revalidate content-security-policy require-trusted-types-for 'script';report-uri /_/SubscribewithgoogleClientUi/cspreport expires Mon, 01 Jan 1990 00:00:00 GMT
GET H3	200	m=Wt6vjf,hhhU8,FCpbqb,WhJNk Show response www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.4eSN_71pnvk.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.uewZWcn_Cs4.L.B1... Frame CAE5	17 KB 7 KB	9ms 8ms	Script text/javascript	2a00:1450:4001:82a::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.4eSN_71pnvk.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.uewZWcn_Cs4.L.B1.O/am=AgAI/d=1/exm=COQbmf,DfBslb,KG2eXe,LEikZe,NwH0H,OmgaI,PQaYAf,U0aPgd,ZfAoz,_b,_tp,aurFic,blwjVc,byfTOb,fKUV3e,gychg,lPKSwe,lfpdyf,lsjVmc,ws9Tlc,xUdipf,yDVVkb,zG9H6c/excm=_b,_tp,serviceiframeview/esmo=1/ed=1/wt=2/rs=ABXTjI5kfIQ74-8tGq-F-HAdYZnSquv4Qw/ee=cEt90b:ws9Tlc;uY49fb:COQbmf;Oj465e:KG2eXe;yxTchf:KUM7Z;qddgKe:xQtZb;wR5FRb:O1Gjze;iFQyKf:vfuNJf;dIoSBb:SpsfSb;NPKaK:SdcwHb;LBgRLc:SdcwHb;zxnPse:GkRiKb;NSEoX:lazG7b;nAFL3:NTMZac;oGtAuc:sOXFj;eBAeSb:zbML3c;io8t5d:yDVVkb;j7137d:KG2eXe;ul9GGd:JrBFQb;sP4Vbe:VwDzFe;kMFpHd:blwjVc;pXdRYb:MdUzUe;SNUn3:ZwDk9d/m=Wt6vjf,hhhU8,FCpbqb,WhJNk Requested by Host: www.gstatic.com URL: https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.4eSN_71pnvk.es5.O/am=AgAI/d=1/excm=_b,_tp,serviceiframeview/ed=1/dg=0/wt=2/esmo=1/rs=ABXTjI5L3LLXZ0Fgis6GByEmucK6c1cajA/m=_b,_tp Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 4167c604ee5a719f314eebb2329408b3ea76d3e72d09e113f155435e62444d1b Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://news.google.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Sat, 11 Dec 2021 12:33:41 GMT content-encoding gzip x-content-type-options nosniff age 172260 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/subscribewithgoogle-boq-js-css-signers cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 7293 x-xss-protection 0 last-modified Thu, 09 Dec 2021 00:01:46 GMT server sffe vary Accept-Encoding, Origin report-to {"group":"boq-infra/subscribewithgoogle-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/subscribewithgoogle-boq-js-css-signers"}]} content-type text/javascript; charset=UTF-8 cache-control public, immutable, max-age=31536000 accept-ranges bytes cross-origin-opener-policy-report-only same-origin; report-to="boq-infra/subscribewithgoogle-boq-js-css-signers" expires Sun, 11 Dec 2022 12:33:41 GMT
GET H3	200	view securepubads.g.doubleclick.net/pcs/ Frame BAAB	0 0	44ms 42ms	Fetch image/gif	142.250.185.66 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuyUmZLGCLMMEp674Z-oTdT9BFJoGD-dpc0sIkeI3hDwylCwdzTDiw_9itVs70PfP_3AII1s-jcDe0PcHp9imnnSx_aYoYOddGeAs9sj3etJ528mczS3p81zQruha2rQbx839e2SvzBM2yRgy75X9_mevVU5aPZ6DRUqXadefIjb3eFzVRaA2cbO5ummu-OOCAA7l6GvZRlVqt9n5Dvr2ZlMGjW8tZsg31qjpM68dG0jIR1BrHxwQEkF074S6My8-4MfPSLF-5R09rlHSAgD7iGXQ6b5oOUtBFxAD7tBtzVjKwzXULkqfcm84QnJTboJ26_zf9Pyl69DaRLp1Gu9bYtsmj1UTrarwGwshrYIl4&sai=AMfl-YSAAOF8_11l3uhrMFslurPlPr6eLr2eydWGd9LE1xx6V4Em-ax_UOSwNA-PSBd-KpXV7YEAgu2lbhd2q4CC0P66YEGunbHDmOalw7z04TNEyOBwFQQz-pwx0aMU5XDQ&sig=Cg0ArKJSzH4HeQIOcxcnEAE&uach_m=[UACH]&urlfix=1&adurl= Requested by Host: 6b6573d65a3d03ca7f42da81b4a41b6a.safeframe.googlesyndication.com URL: https://6b6573d65a3d03ca7f42da81b4a41b6a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.185.66 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s48-in-f2.1e100.net Software cafe / Resource Hash Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://6b6573d65a3d03ca7f42da81b4a41b6a.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers timing-allow-origin * date Mon, 13 Dec 2021 12:24:41 GMT x-content-type-options nosniff accept-ch Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version report-to {"group":"gfe-default_product_name","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/default_product_name"}]} p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" access-control-allow-origin * cache-control private server cafe cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 x-xss-protection 0 cross-origin-opener-policy-report-only same-origin; report-to="gfe-default_product_name"
GET H2	200	flex Show response www.nytimes.com/subscription/ads/461200-INTL-MorningBriefing/ Frame 4768	4 KB 2 KB	11ms 9ms	Document text/html	151.101.129.164 FASTLY
General Check archive.org Show headers Download Go to Full URL https://www.nytimes.com/subscription/ads/461200-INTL-MorningBriefing/flex Requested by Host: 6b6573d65a3d03ca7f42da81b4a41b6a.safeframe.googlesyndication.com URL: https://6b6573d65a3d03ca7f42da81b4a41b6a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.129.164 , United States, ASN54113 (FASTLY, US), Reverse DNS Software nginx / Resource Hash 9d9130b60b62cb531727fd072a625dea5826ab103aa34b8732041b6f8294c4fc Security Headers Name Value Content-Security-Policy upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report; Strict-Transport-Security max-age=63072000; preload Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://6b6573d65a3d03ca7f42da81b4a41b6a.safeframe.googlesyndication.com/ Response headers cache-control no-cache, no-store, must-revalidate content-encoding gzip content-type text/html;charset=UTF-8 expires 0 pragma no-cache server nginx x-origin-time 2021-12-13 12:24:26 UTC accept-ranges bytes date Mon, 13 Dec 2021 12:24:41 GMT age 16 x-served-by cache-hhn4062-HHN x-cache HIT x-cache-hits 1 x-timer S1639398282.551149,VS0,VE1 vary Accept-Encoding, X-NYT-Currency, X-NYT-Country, Fastly-SSL x-nyt-app-webview 0 access-control-allow-origin * access-control-allow-credentials true x-gdpr 1 onion-location https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/subscription/ads/461200-INTL-MorningBriefing/flex x-api-version F-X x-nyt-route mwcm-banner-ads content-security-policy upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report; strict-transport-security max-age=63072000; preload x-nyt-edge-cache HIT content-length 1079
GET H3	200	B23785176.271590857;dc_pre=CK3i3sHi4PQCFZCEewod0OMOpw;dc_trk_aid=466380832;dc_trk_cid=131426341;ord=850882950;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua= Show response ad.doubleclick.net/ddm/trackimpj/N296811.6440THENEWYORKTIMESCOMPA/ Frame BAAB Redirect Chain https://ad.doubleclick.net/ddm/trackimpj/N296811.6440THENEWYORKTIMESCOMPA/B23785176.271590857;dc_trk_aid=466380832;dc_trk_cid=131426341;ord=850882950;dc_lat=;dc_rdid=;tag_for_child_directed_treatme... https://ad.doubleclick.net/ddm/trackimpj/N296811.6440THENEWYORKTIMESCOMPA/B23785176.271590857;dc_pre=CK3i3sHi4PQCFZCEewod0OMOpw;dc_trk_aid=466380832;dc_trk_cid=131426341;ord=850882950;dc_lat=;dc_rd...	12 KB 9 KB	37ms 36ms	Script text/javascript	142.250.185.102 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://ad.doubleclick.net/ddm/trackimpj/N296811.6440THENEWYORKTIMESCOMPA/B23785176.271590857;dc_pre=CK3i3sHi4PQCFZCEewod0OMOpw;dc_trk_aid=466380832;dc_trk_cid=131426341;ord=850882950;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=? Requested by Host: 6b6573d65a3d03ca7f42da81b4a41b6a.safeframe.googlesyndication.com URL: https://6b6573d65a3d03ca7f42da81b4a41b6a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol H3 Server 142.250.185.102 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s49-in-f6.1e100.net Software cafe / Resource Hash 88ad123d6d80685e075b95d5ead67dd2c0eab008fa2d5ba49c023c49ef9ea1e9 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://6b6573d65a3d03ca7f42da81b4a41b6a.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Mon, 13 Dec 2021 12:24:41 GMT content-encoding br x-content-type-options nosniff p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 8898 x-xss-protection 0 pragma no-cache server cafe report-to {"group":"gfe-default_product_name","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/default_product_name"}]} content-type text/javascript; charset=UTF-8 cache-control no-cache, must-revalidate timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="gfe-default_product_name" expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers date Mon, 13 Dec 2021 12:24:41 GMT x-content-type-options nosniff p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 x-xss-protection 0 pragma no-cache server cafe report-to {"group":"gfe-default_product_name","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/default_product_name"}]} content-type text/html; charset=UTF-8 location https://ad.doubleclick.net/ddm/trackimpj/N296811.6440THENEWYORKTIMESCOMPA/B23785176.271590857;dc_pre=CK3i3sHi4PQCFZCEewod0OMOpw;dc_trk_aid=466380832;dc_trk_cid=131426341;ord=850882950;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=? cache-control no-cache, must-revalidate follow-only-when-prerender-shown 1 timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="gfe-default_product_name" expires Fri, 01 Jan 1990 00:00:00 GMT
POST H2	200	log Show response play.google.com/ Frame CAE5	131 B 672 B	49ms 18ms	XHR text/plain	2a00:1450:4001:829::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://play.google.com/log?format=json&hasfast=true Requested by Host: www.gstatic.com URL: https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.4eSN_71pnvk.es5.O/am=AgAI/d=1/excm=_b,_tp,serviceiframeview/ed=1/dg=0/wt=2/esmo=1/rs=ABXTjI5L3LLXZ0Fgis6GByEmucK6c1cajA/m=_b,_tp Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Playlog / Resource Hash 502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358 Security Headers Name Value X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Referer https://news.google.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Content-Type application/x-www-form-urlencoded;charset=UTF-8 Response headers date Mon, 13 Dec 2021 12:24:41 GMT content-encoding gzip server Playlog access-control-allow-headers X-Playlog-Web x-frame-options SAMEORIGIN p3p CP="This is not a P3P policy! See g.co/p3phelp for more info." access-control-allow-origin https://news.google.com cache-control private access-control-allow-credentials true cross-origin-resource-policy cross-origin content-type text/plain; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 131 x-xss-protection 0 expires Mon, 13 Dec 2021 12:24:41 GMT
GET H2	200	main-flex.css mwcm.nyt.com/dam/mkt_assets/crs/banners/461200-INTL-MorningBriefing/lib/ Frame 4768	188 KB 20 KB	15ms 8ms	Stylesheet text/css	151.101.129.164 FASTLY
General Check archive.org Show headers Download Go to Full URL https://mwcm.nyt.com/dam/mkt_assets/crs/banners/461200-INTL-MorningBriefing/lib/main-flex.css Requested by Host: www.nytimes.com URL: https://www.nytimes.com/subscription/ads/461200-INTL-MorningBriefing/flex Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.129.164 , United States, ASN54113 (FASTLY, US), Reverse DNS Software nginx / Resource Hash 2a4a53d519f1aa9785a22ebaa1028231d4c98b09e43913b3961bfafbc179e5e5 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.nytimes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Mon, 13 Dec 2021 12:24:41 GMT content-encoding gzip age 449137 x-cache HIT content-length 20422 x-served-by cache-hhn4062-HHN access-control-allow-origin * last-modified Tue, 28 Jan 2020 17:41:44 GMT server nginx x-timer S1639398282.576588,VS0,VE0 x-origin-server mwcm-pub-est09.prd.iad1.nyt.net vary Accept-Encoding content-type text/css;charset=UTF-8 via 1.1 varnish cache-control no-cache, must-revalidate accept-ranges bytes x-cache-hits 1946
GET H2	200	gsap.min.js Show response cdnjs.cloudflare.com/ajax/libs/gsap/3.0.5/ Frame 4768	55 KB 21 KB	44ms 23ms	Script application/javascript	2606:4700::6810:135e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/gsap/3.0.5/gsap.min.js Requested by Host: www.nytimes.com URL: https://www.nytimes.com/subscription/ads/461200-INTL-MorningBriefing/flex Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 0a441c4f1b90c992eacea5aa9ed1f7143c5e0ca315d26edcc3468ce5ea61e03a Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.nytimes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Mon, 13 Dec 2021 12:24:41 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} age 2225732 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 content-length 20311 timing-allow-origin * last-modified Mon, 04 May 2020 16:10:25 GMT server cloudflare cf-cdnjs-via cfworker/kv etag "5eb03e71-ddb1" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=15780000 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FhWEHgj1uaLYXyFlL63dyIgXUM1ZMwApPn5pe2qPBsFNOMMoTe3MgeLSDefrR3asOWIGcbHXTdERKzKpyZbEc%2Bu%2BI1VngmulAfk1U4ikKaMAiTfdv5LTYqUbxKPbhAJzeSEN0CZ7EBrAnAbTh3SOiv8E"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=utf-8 access-control-allow-origin * vary Accept-Encoding cache-control public, max-age=30672000 accept-ranges bytes cf-ray 6bcf2bbbfc98c2e0-FRA expires Sat, 03 Dec 2022 12:24:41 GMT
GET H2	200	1x1.png mwcm.nyt.com/dam/mkt_assets/crs/banners/461200-INTL-MorningBriefing/lib/images/ Frame 4768	111 B 249 B	15ms 15ms	Image image/png	151.101.129.164 FASTLY
General Check archive.org Show headers Download Go to Show image Full URL https://mwcm.nyt.com/dam/mkt_assets/crs/banners/461200-INTL-MorningBriefing/lib/images/1x1.png Requested by Host: www.nytimes.com URL: https://www.nytimes.com/subscription/ads/461200-INTL-MorningBriefing/flex Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.129.164 , United States, ASN54113 (FASTLY, US), Reverse DNS Software nginx / Resource Hash 7080e939b330842f1fc31607f4674bb91cd9f2f464e4419498879f8b96d6927b Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.nytimes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Mon, 13 Dec 2021 12:24:41 GMT via 1.1 varnish last-modified Tue, 28 Jan 2020 17:43:07 GMT server nginx age 459608 x-served-by cache-hhn4062-HHN x-cache HIT content-type image/png;charset=UTF-8 x-origin-server mwcm-pub-est05.prd.iad1.nyt.net cache-control no-cache, must-revalidate accept-ranges bytes x-timer S1639398282.599967,VS0,VE0 access-control-allow-origin * content-length 111 x-cache-hits 2344
GET H2	200	wordmark-Master-large-optimised-BLK.svg mwcm.nyt.com/dam/mkt_assets/crs/banners/461200-INTL-MorningBriefing/lib/images/ Frame 4768	6 KB 2 KB	7ms 7ms	Image image/svg+xml	151.101.129.164 FASTLY
General Check archive.org Show headers Download Go to Show image Full URL https://mwcm.nyt.com/dam/mkt_assets/crs/banners/461200-INTL-MorningBriefing/lib/images/wordmark-Master-large-optimised-BLK.svg Requested by Host: www.nytimes.com URL: https://www.nytimes.com/subscription/ads/461200-INTL-MorningBriefing/flex Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.129.164 , United States, ASN54113 (FASTLY, US), Reverse DNS Software nginx / Resource Hash 2e2ad92498142b965c76de6bb7df97f643c1700f52ea07d6c0849e8e1fb89d81 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.nytimes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Mon, 13 Dec 2021 12:24:41 GMT content-encoding gzip age 478239 x-cache HIT content-length 2272 x-served-by cache-hhn4062-HHN access-control-allow-origin * last-modified Tue, 28 Jan 2020 17:42:26 GMT server nginx x-timer S1639398282.644432,VS0,VE0 x-origin-server mwcm-pub-est05.prd.iad1.nyt.net vary Accept-Encoding content-type image/svg+xml;charset=UTF-8 via 1.1 varnish cache-control no-cache, must-revalidate accept-ranges bytes x-cache-hits 2341
GET H2	200	MorningBriefing-Icon-Vector.svg mwcm.nyt.com/dam/mkt_assets/crs/banners/461200-INTL-MorningBriefing/lib/images/ Frame 4768	2 KB 1023 B	7ms 7ms	Image image/svg+xml	151.101.129.164 FASTLY
General Check archive.org Show headers Download Go to Show image Full URL https://mwcm.nyt.com/dam/mkt_assets/crs/banners/461200-INTL-MorningBriefing/lib/images/MorningBriefing-Icon-Vector.svg Requested by Host: www.nytimes.com URL: https://www.nytimes.com/subscription/ads/461200-INTL-MorningBriefing/flex Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.129.164 , United States, ASN54113 (FASTLY, US), Reverse DNS Software nginx / Resource Hash 772cff71c9dab63854ecbe8dcd3c1b729b8069d77a6a9034418c5bc59d5e7d69 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.nytimes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Mon, 13 Dec 2021 12:24:41 GMT content-encoding gzip age 387274 x-cache HIT content-length 926 x-served-by cache-hhn4062-HHN access-control-allow-origin * last-modified Tue, 28 Jan 2020 17:42:53 GMT server nginx x-timer S1639398282.656603,VS0,VE0 x-origin-server mwcm-pub-est09.prd.iad1.nyt.net vary Accept-Encoding content-type image/svg+xml;charset=UTF-8 via 1.1 varnish cache-control no-cache, must-revalidate accept-ranges bytes x-cache-hits 2346
GET H2	200	logo-yellow-Box.svg mwcm.nyt.com/dam/mkt_assets/crs/banners/461200-INTL-MorningBriefing/lib/images/ Frame 4768	455 B 538 B	7ms 7ms	Image image/svg+xml	151.101.129.164 FASTLY
General Check archive.org Show headers Download Go to Show image Full URL https://mwcm.nyt.com/dam/mkt_assets/crs/banners/461200-INTL-MorningBriefing/lib/images/logo-yellow-Box.svg Requested by Host: www.nytimes.com URL: https://www.nytimes.com/subscription/ads/461200-INTL-MorningBriefing/flex Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.129.164 , United States, ASN54113 (FASTLY, US), Reverse DNS Software nginx / Resource Hash 0f5e453ef60b9f204a6fba9d03ffb668d15da5f30298848f98cd51e828166008 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.nytimes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Mon, 13 Dec 2021 12:24:41 GMT content-encoding gzip age 562076 x-cache HIT content-length 333 x-served-by cache-hhn4062-HHN access-control-allow-origin * last-modified Tue, 28 Jan 2020 17:42:41 GMT server nginx x-timer S1639398282.660440,VS0,VE0 x-origin-server mwcm-pub-est08.prd.iad1.nyt.net vary Accept-Encoding content-type image/svg+xml;charset=UTF-8 via 1.1 varnish cache-control no-cache, must-revalidate accept-ranges bytes x-cache-hits 2332
GET H2	200	flex-anim.js Show response mwcm.nyt.com/dam/mkt_assets/crs/banners/461200-INTL-MorningBriefing/lib/ Frame 4768	893 B 491 B	7ms 7ms	Script application/javascript	151.101.129.164 FASTLY
General Check archive.org Show headers Download Go to Full URL https://mwcm.nyt.com/dam/mkt_assets/crs/banners/461200-INTL-MorningBriefing/lib/flex-anim.js Requested by Host: www.nytimes.com URL: https://www.nytimes.com/subscription/ads/461200-INTL-MorningBriefing/flex Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.129.164 , United States, ASN54113 (FASTLY, US), Reverse DNS Software nginx / Resource Hash 3aa02381c78552ebedd8c76d29316a4d76c6c483af0683f00f8ed8bf37db47c7 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.nytimes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Mon, 13 Dec 2021 12:24:41 GMT content-encoding gzip age 561374 x-cache HIT content-length 339 x-served-by cache-hhn4062-HHN access-control-allow-origin * last-modified Tue, 28 Jan 2020 17:41:48 GMT server nginx x-timer S1639398282.587055,VS0,VE0 x-origin-server mwcm-pub-est09.prd.iad1.nyt.net vary Accept-Encoding content-type application/javascript;charset=UTF-8 via 1.1 varnish cache-control no-cache, must-revalidate accept-ranges bytes x-cache-hits 1940
GET H3	200	dc_pre=CMKa08Hi4PQCFc-RGwodw6wJVw;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=7399315201023;gtm=2wgc10;auiddc=*;u17=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-rus... adservice.google.com/ddm/fls/z/ Frame B735	42 B 63 B	67ms 52ms	Image image/gif	2a00:1450:4001:811::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://adservice.google.com/ddm/fls/z/dc_pre=CMKa08Hi4PQCFc-RGwodw6wJVw;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=7399315201023;gtm=2wgc10;auiddc=*;u17=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-russia-bitcoin.html;ps=1;~oref=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-russia-bitcoin.html Requested by Host: 5290727.fls.doubleclick.net URL: https://5290727.fls.doubleclick.net/activityi;dc_pre=CMKa08Hi4PQCFc-RGwodw6wJVw;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=7399315201023;gtm=2wgc10;auiddc=2041699940.1639398281;u17=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-russia-bitcoin.html;ps=1;~oref=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-russia-bitcoin.html? Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://5290727.fls.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers pragma no-cache date Mon, 13 Dec 2021 12:24:41 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	UFYwWwmt.js Show response tpc.googlesyndication.com/sodar/ Frame BAAB	41 KB 15 KB	25ms 8ms	Script text/javascript	2a00:1450:4001:831::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/sodar/UFYwWwmt.js Requested by Host: ad.doubleclick.net URL: https://ad.doubleclick.net/ddm/trackimpj/N296811.6440THENEWYORKTIMESCOMPA/B23785176.271590857;dc_trk_aid=466380832;dc_trk_cid=131426341;ord=850882950;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=? Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://6b6573d65a3d03ca7f42da81b4a41b6a.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Sat, 11 Dec 2021 22:03:31 GMT content-encoding gzip x-content-type-options nosniff age 138070 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 15207 x-xss-protection 0 last-modified Tue, 03 Mar 2020 20:15:00 GMT server sffe cross-origin-opener-policy same-origin; report-to="adspam-signals-scs" vary Accept-Encoding report-to {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]} content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Sun, 11 Dec 2022 22:03:31 GMT
GET H3	200	view securepubads.g.doubleclick.net/pcs/ Frame BAAB	0 0	43ms 43ms	Fetch image/gif	142.250.185.66 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsumV-SyVup48UpI-gJ5qdU51HdFk7mKIn2U1DKGEtSHItceiCvCKT2CioD80SPkoncK3RPjwY_vzUV-0UejuZWviYukA3h_gfgm2p-1NfjRJFPOj4-CnIFsNFAbWxH_3DnWP1J-dMi5X-wR8N7rIT0DsihC1c4WpWXuxEv3DYJ4af2smJSG_secEQlMrk0AcIatlzeq_-aQmyTE4tHA-LVdn1nrpHsYBitw_YfLHFFhAI9e5GlFMC40FhEIWO7nO91IVjda_uBWmVO2FbuRkPmBNgnnkspAsb9CtS4okuDImhdTsf5A36HT6YPl6OyRpFBZI2An&sai=AMfl-YSqI7go9vOBB9520xLLakzQ1kNvTJwRiizA2MYdZpc88gY5iQeS33UXlbHjnzzigFYWMqfKzzFx_hgw7o2Bp6Un4g4PhBVZcDh8h6YGH4tVKQ0-VPDJ1sK9rfZ1HGX2&sig=Cg0ArKJSzAftqdufvAbnEAE&uach_m=[UACH]&urlfix=1&adurl= Requested by Host: www.googletagservices.com URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914 Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.185.66 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s48-in-f2.1e100.net Software cafe / Resource Hash Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://6b6573d65a3d03ca7f42da81b4a41b6a.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Mon, 13 Dec 2021 12:24:41 GMT x-content-type-options nosniff access-control-allow-origin * p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 x-xss-protection 0 server cafe report-to {"group":"gfe-default_product_name","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/default_product_name"}]} content-type image/gif accept-ch Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version cache-control private timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="gfe-default_product_name" expires Mon, 13 Dec 2021 12:24:41 GMT
GET DATA	200 OK	truncated / Frame BAAB	216 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 3fc5da0f29f38c018b3c6b06cee2bc8a0685b43e7f1d37bff397b7636b1ea3e3 Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers Content-Type image/png
OPTIONS H3	200	log play.google.com/ Frame	0 0	30ms 15ms	Preflight text/plain	2a00:1450:4001:829::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://play.google.com/log?format=json&hasfast=true&authuser=0 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Playlog / Resource Hash Security Headers Name Value X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Accept */* Access-Control-Request-Method POST Access-Control-Request-Headers x-goog-authuser Origin https://news.google.com User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Sec-Fetch-Mode cors Response headers access-control-allow-origin https://news.google.com access-control-allow-methods GET, POST, OPTIONS access-control-max-age 86400 access-control-allow-credentials true access-control-allow-headers X-Playlog-Web,authorization,origin,x-goog-authuser content-type text/plain; charset=UTF-8 date Mon, 13 Dec 2021 12:24:41 GMT server Playlog content-length 0 x-xss-protection 0 x-frame-options SAMEORIGIN p3p CP="This is not a P3P policy! See g.co/p3phelp for more info." alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" expires Mon, 13 Dec 2021 12:24:41 GMT cache-control private
POST H3	200	log Show response play.google.com/ Frame CAE5	131 B 155 B	34ms 18ms	XHR text/plain	2a00:1450:4001:829::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://play.google.com/log?format=json&hasfast=true&authuser=0 Requested by Host: www.gstatic.com URL: https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.4eSN_71pnvk.es5.O/am=AgAI/d=1/excm=_b,_tp,serviceiframeview/ed=1/dg=0/wt=2/esmo=1/rs=ABXTjI5L3LLXZ0Fgis6GByEmucK6c1cajA/m=_b,_tp Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Playlog / Resource Hash 502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358 Security Headers Name Value X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://news.google.com/ X-Goog-AuthUser 0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Content-Type application/x-www-form-urlencoded;charset=UTF-8 Response headers date Mon, 13 Dec 2021 12:24:41 GMT content-encoding gzip server Playlog access-control-allow-headers X-Playlog-Web x-frame-options SAMEORIGIN p3p CP="This is not a P3P policy! See g.co/p3phelp for more info." access-control-allow-origin https://news.google.com cache-control private access-control-allow-credentials true cross-origin-resource-policy cross-origin content-type text/plain; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 131 x-xss-protection 0 expires Mon, 13 Dec 2021 12:24:41 GMT
OPTIONS H3	200	log play.google.com/ Frame	0 0	29ms 15ms	Preflight text/plain	2a00:1450:4001:829::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://play.google.com/log?format=json&hasfast=true&authuser=0 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Playlog / Resource Hash Security Headers Name Value X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Accept */* Access-Control-Request-Method POST Access-Control-Request-Headers x-goog-authuser Origin https://news.google.com User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Sec-Fetch-Mode cors Response headers access-control-allow-origin https://news.google.com access-control-allow-methods GET, POST, OPTIONS access-control-max-age 86400 access-control-allow-credentials true access-control-allow-headers X-Playlog-Web,authorization,origin,x-goog-authuser content-type text/plain; charset=UTF-8 date Mon, 13 Dec 2021 12:24:41 GMT server Playlog content-length 0 x-xss-protection 0 x-frame-options SAMEORIGIN p3p CP="This is not a P3P policy! See g.co/p3phelp for more info." alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" expires Mon, 13 Dec 2021 12:24:41 GMT cache-control private
POST H3	200	log Show response play.google.com/ Frame CAE5	131 B 155 B	35ms 20ms	XHR text/plain	2a00:1450:4001:829::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://play.google.com/log?format=json&hasfast=true&authuser=0 Requested by Host: www.gstatic.com URL: https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.4eSN_71pnvk.es5.O/am=AgAI/d=1/excm=_b,_tp,serviceiframeview/ed=1/dg=0/wt=2/esmo=1/rs=ABXTjI5L3LLXZ0Fgis6GByEmucK6c1cajA/m=_b,_tp Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Playlog / Resource Hash 502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358 Security Headers Name Value X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://news.google.com/ X-Goog-AuthUser 0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Content-Type application/x-www-form-urlencoded;charset=UTF-8 Response headers date Mon, 13 Dec 2021 12:24:41 GMT content-encoding gzip server Playlog access-control-allow-headers X-Playlog-Web x-frame-options SAMEORIGIN p3p CP="This is not a P3P policy! See g.co/p3phelp for more info." access-control-allow-origin https://news.google.com cache-control private access-control-allow-credentials true cross-origin-resource-policy cross-origin content-type text/plain; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 131 x-xss-protection 0 expires Mon, 13 Dec 2021 12:24:41 GMT
POST H3	200	log Show response play.google.com/ Frame CAE5	131 B 155 B	32ms 18ms	XHR text/plain	2a00:1450:4001:829::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://play.google.com/log?format=json&hasfast=true&authuser=0 Requested by Host: www.gstatic.com URL: https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.4eSN_71pnvk.es5.O/am=AgAI/d=1/excm=_b,_tp,serviceiframeview/ed=1/dg=0/wt=2/esmo=1/rs=ABXTjI5L3LLXZ0Fgis6GByEmucK6c1cajA/m=_b,_tp Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Playlog / Resource Hash 502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358 Security Headers Name Value X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://news.google.com/ X-Goog-AuthUser 0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Content-Type application/x-www-form-urlencoded;charset=UTF-8 Response headers date Mon, 13 Dec 2021 12:24:41 GMT content-encoding gzip server Playlog access-control-allow-headers X-Playlog-Web x-frame-options SAMEORIGIN p3p CP="This is not a P3P policy! See g.co/p3phelp for more info." access-control-allow-origin https://news.google.com cache-control private access-control-allow-credentials true cross-origin-resource-policy cross-origin content-type text/plain; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 131 x-xss-protection 0 expires Mon, 13 Dec 2021 12:24:41 GMT
OPTIONS H3	200	log play.google.com/ Frame	0 0	28ms 15ms	Preflight text/plain	2a00:1450:4001:829::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://play.google.com/log?format=json&hasfast=true&authuser=0 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Playlog / Resource Hash Security Headers Name Value X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Accept */* Access-Control-Request-Method POST Access-Control-Request-Headers x-goog-authuser Origin https://news.google.com User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Sec-Fetch-Mode cors Response headers access-control-allow-origin https://news.google.com access-control-allow-methods GET, POST, OPTIONS access-control-max-age 86400 access-control-allow-credentials true access-control-allow-headers X-Playlog-Web,authorization,origin,x-goog-authuser content-type text/plain; charset=UTF-8 date Mon, 13 Dec 2021 12:24:41 GMT server Playlog content-length 0 x-xss-protection 0 x-frame-options SAMEORIGIN p3p CP="This is not a P3P policy! See g.co/p3phelp for more info." alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" expires Mon, 13 Dec 2021 12:24:41 GMT cache-control private
GET H2	200	karnak-normal-900.woff2 g1.nyt.com/fonts/family/karnak/ Frame 4768	21 KB 21 KB	9ms 9ms	Font application/octet-stream	151.101.65.164 FASTLY
General Check archive.org Show headers Download Go to Full URL https://g1.nyt.com/fonts/family/karnak/karnak-normal-900.woff2 Requested by Host: mwcm.nyt.com URL: https://mwcm.nyt.com/dam/mkt_assets/crs/banners/461200-INTL-MorningBriefing/lib/main-flex.css Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.65.164 , United States, ASN54113 (FASTLY, US), Reverse DNS Software UploadServer / Resource Hash 1fe37d55e6324e8660e627fdf1cd545c9a84f80963bc07f3a564434043650a09 Request headers Referer https://mwcm.nyt.com/ Origin https://www.nytimes.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers x-goog-hash crc32c=5QA+9Q==, md5=dVL+P92ZUq7akebFoq3Fnw== date Mon, 13 Dec 2021 12:24:41 GMT via 1.1 varnish content-type application/octet-stream age 2810257 x-guploader-uploadid ADPycduf3ce3e4H0N_E1VfuqtOF3b5MqdVIFs1Ro5oS8p0NsKLQHuqlTGDqa24xjhwwajxhMGkBbRre6ZL3f0KmWshE x-cache HIT x-goog-storage-class STANDARD x-goog-metageneration 1 x-goog-stored-content-encoding identity content-length 21288 x-served-by cache-hhn4072-HHN accept-ranges bytes expires Thu, 10 Nov 2022 23:47:04 GMT last-modified Wed, 15 Sep 2021 19:43:05 GMT server UploadServer x-timer S1639398282.665765,VS0,VE0 etag "7552fe3fdd9952aeda91e6c5a2adc59f" access-control-allow-methods GET, OPTIONS x-goog-generation 1631734985053271 access-control-allow-origin * access-control-expose-headers Content-Type cache-control public,max-age=31536000,immutable x-goog-stored-content-length 21288 x-nyt-pagetype web-font timing-allow-origin * x-cache-hits 1739
GET H2	200	franklin-normal-700.woff g1.nyt.com/fonts/family/franklin/ Frame 4768	27 KB 27 KB	14ms 13ms	Font application/octet-stream	151.101.65.164 FASTLY
General Check archive.org Show headers Download Go to Full URL https://g1.nyt.com/fonts/family/franklin/franklin-normal-700.woff Requested by Host: mwcm.nyt.com URL: https://mwcm.nyt.com/dam/mkt_assets/crs/banners/461200-INTL-MorningBriefing/lib/main-flex.css Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.65.164 , United States, ASN54113 (FASTLY, US), Reverse DNS Software UploadServer / Resource Hash e0176d88d71adf58cc9e76c0bbc1fb1ad091a7d7e058ff82e5d9fb50618e8ba1 Request headers Referer https://mwcm.nyt.com/ Origin https://www.nytimes.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers x-goog-hash crc32c=44i2vg==, md5=oZLbMQk12KiCgy4syD8hGQ== date Mon, 13 Dec 2021 12:24:41 GMT via 1.1 varnish content-type application/octet-stream age 4620559 x-guploader-uploadid ADPycdt0WWcxI2j4oQT_GtAY-PThQkkg4rdejGbCjgKhuKRsl5CDqtMth5zzlx9QjRx6Ot-JFS4ptRopLw8-UyE4sHlcD7UDdA x-cache HIT x-goog-storage-class STANDARD x-goog-metageneration 1 x-goog-stored-content-encoding identity content-length 27688 x-served-by cache-hhn4072-HHN accept-ranges bytes expires Fri, 21 Oct 2022 00:55:22 GMT last-modified Wed, 15 Sep 2021 19:43:04 GMT server UploadServer x-timer S1639398282.665967,VS0,VE0 etag "a192db310935d8a882832e2cc83f2119" access-control-allow-methods GET, OPTIONS x-goog-generation 1631734984103192 access-control-allow-origin * access-control-expose-headers Content-Type cache-control public,max-age=31536000,immutable x-goog-stored-content-length 27688 x-nyt-pagetype web-font timing-allow-origin * x-cache-hits 3295
GET H2	200	franklin-normal-900.woff2 g1.nyt.com/fonts/family/franklin/ Frame 4768	23 KB 24 KB	13ms 13ms	Font application/octet-stream	151.101.65.164 FASTLY
General Check archive.org Show headers Download Go to Full URL https://g1.nyt.com/fonts/family/franklin/franklin-normal-900.woff2 Requested by Host: mwcm.nyt.com URL: https://mwcm.nyt.com/dam/mkt_assets/crs/banners/461200-INTL-MorningBriefing/lib/main-flex.css Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.65.164 , United States, ASN54113 (FASTLY, US), Reverse DNS Software UploadServer / Resource Hash 4480a115e7a5fb372866a640bde21c6f108061985cfd7c2a55ef80d7087ab2bc Request headers Referer https://mwcm.nyt.com/ Origin https://www.nytimes.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers x-goog-hash crc32c=HKyQLA==, md5=x2Y6v1UQYXkA0xoIKpwujQ== date Mon, 13 Dec 2021 12:24:41 GMT via 1.1 varnish content-type application/octet-stream age 387851 x-guploader-uploadid ADPycdsQ7f1c1InQyyB0ynHIa0fXC-CTflH7i9o74wj8e440tmP2Y502lN_Rx0fUZSxt9Xgfj2mM3h_3Iq3ChRRhGzKcfai27g x-cache HIT x-goog-storage-class STANDARD x-goog-metageneration 1 x-goog-stored-content-encoding identity content-length 23864 x-served-by cache-hhn4072-HHN accept-ranges bytes expires Fri, 09 Dec 2022 00:40:30 GMT last-modified Wed, 15 Sep 2021 19:43:04 GMT server UploadServer x-timer S1639398282.666032,VS0,VE0 etag "c7663abf5510617900d31a082a9c2e8d" access-control-allow-methods GET, OPTIONS x-goog-generation 1631734984077645 access-control-allow-origin * access-control-expose-headers Content-Type cache-control public,max-age=31536000,immutable x-goog-stored-content-length 23864 x-nyt-pagetype web-font timing-allow-origin * x-cache-hits 1552
GET H2	200	franklin-normal-500.woff g1.nyt.com/fonts/family/franklin/ Frame 4768	27 KB 27 KB	19ms 19ms	Font font/woff	151.101.65.164 FASTLY
General Check archive.org Show headers Download Go to Full URL https://g1.nyt.com/fonts/family/franklin/franklin-normal-500.woff Requested by Host: mwcm.nyt.com URL: https://mwcm.nyt.com/dam/mkt_assets/crs/banners/461200-INTL-MorningBriefing/lib/main-flex.css Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.65.164 , United States, ASN54113 (FASTLY, US), Reverse DNS Software UploadServer / Resource Hash 44ce733e1c9cedefd832ff0b571555695fb7f8dbff7a066d3de45c446e44bb45 Request headers Referer https://mwcm.nyt.com/ Origin https://www.nytimes.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers x-goog-hash crc32c=tEQkCg==, md5=QUdY3gmNxkS2iK+gMdNfmw== date Mon, 13 Dec 2021 12:24:41 GMT via 1.1 varnish content-type font/woff age 13263536 x-guploader-uploadid ADPycdtcX6zdWVtIlrLWXoy3MBMjHzz_Rg_LD0TuoP7aobuyL76Fi93GWjfvkxT2kk8j28PaCgOg-QROUKjiqwObkID-AyCfRg x-cache HIT x-goog-storage-class STANDARD x-goog-metageneration 1 x-goog-stored-content-encoding identity content-length 27196 x-served-by cache-hhn4072-HHN accept-ranges bytes expires Wed, 13 Jul 2022 00:05:44 GMT last-modified Tue, 06 Apr 2021 21:11:53 GMT server UploadServer x-timer S1639398282.666237,VS0,VE0 etag "414758de098dc644b688afa031d35f9b" access-control-allow-methods GET, OPTIONS x-goog-generation 1617743513131086 access-control-allow-origin * access-control-expose-headers Content-Type cache-control public,max-age=31536000,immutable x-goog-stored-content-length 27196 x-nyt-pagetype web-font timing-allow-origin * x-cache-hits 3230
GET H3	200	Enqz_20U.html Show response tpc.googlesyndication.com/sodar/ Frame C9EA	22 KB 8 KB	9ms 8ms	Document text/html	2a00:1450:4001:831::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/sodar/Enqz_20U.html Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://6b6573d65a3d03ca7f42da81b4a41b6a.safeframe.googlesyndication.com/ Response headers accept-ranges bytes vary Accept-Encoding content-encoding gzip content-type text/html cross-origin-resource-policy cross-origin cross-origin-opener-policy same-origin; report-to="adspam-signals-scs" report-to {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]} timing-allow-origin * content-length 8395 date Thu, 09 Dec 2021 18:05:45 GMT expires Fri, 09 Dec 2022 18:05:45 GMT last-modified Tue, 03 Mar 2020 20:15:00 GMT x-content-type-options nosniff server sffe x-xss-protection 0 cache-control public, max-age=31536000 age 325136 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H2	200	U_DPXy_vflqTjVU_YutWJm0axOJE633NQGMGFEhf2s0.js Show response pagead2.googlesyndication.com/bg/ Frame C9EA	35 KB 14 KB	30ms 7ms	Script text/javascript	2a00:1450:4001:812::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/bg/U_DPXy_vflqTjVU_YutWJm0axOJE633NQGMGFEhf2s0.js Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 53f0cf5f2fef7e5a938d553f62eb56266d1ac4e244eb7dcd40630614485fdacd Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://tpc.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Sun, 12 Dec 2021 23:33:12 GMT content-encoding br x-content-type-options nosniff age 46289 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 13577 x-xss-protection 0 last-modified Mon, 06 Dec 2021 19:18:00 GMT server sffe cross-origin-opener-policy same-origin; report-to="botguard-scs" vary Accept-Encoding report-to {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]} content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes expires Mon, 12 Dec 2022 23:33:12 GMT
GET H2	200	main.css mwcm.nyt.com/.resources/mkt-wcm/dist/templates/pages/lp/gbb3/css/	103 KB 14 KB	8ms 8ms	Stylesheet text/css	151.101.129.164 FASTLY
General Check archive.org Show headers Download Go to Full URL https://mwcm.nyt.com/.resources/mkt-wcm/dist/templates/pages/lp/gbb3/css/main.css Requested by Host: www.nytimes.com URL: https://www.nytimes.com/vi-assets/static-assets/main-3c7d1bf403a3e122d0a0.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.129.164 , United States, ASN54113 (FASTLY, US), Reverse DNS Software nginx / Resource Hash c0ec4afe344c086bc95ae4593c092460b527a5a5c0704e1c05cef34b2b648000 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.nytimes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Mon, 13 Dec 2021 12:24:41 GMT content-encoding gzip age 330297 x-cache HIT content-length 14690 x-served-by cache-hhn4062-HHN access-control-allow-origin * last-modified Mon, 06 Dec 2021 22:44:54 GMT server nginx x-timer S1639398282.785605,VS0,VE0 x-origin-server mwcm-pub-est10.prd.iad1.nyt.net vary Accept-Encoding content-type text/css;charset=UTF-8 via 1.1 varnish cache-control no-cache, must-revalidate accept-ranges bytes x-cache-hits 1913
GET H2	200	untitled5 mwcm.nyt.com/dam/LP/payment-methods/	2 KB 1 KB	9ms 8ms	Image image/svg+xml	151.101.129.164 FASTLY
General Check archive.org Show headers Download Go to Show image Full URL https://mwcm.nyt.com/dam/LP/payment-methods/untitled5 Requested by Host: www.nytimes.com URL: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.129.164 , United States, ASN54113 (FASTLY, US), Reverse DNS Software nginx / Resource Hash 3c47a3721853fb9785f419f0b177c253c67ec3d3876e44718f6094f1b0c5c52e Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.nytimes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Mon, 13 Dec 2021 12:24:41 GMT content-encoding gzip age 508963 x-cache HIT content-length 1081 x-served-by cache-hhn4062-HHN access-control-allow-origin * last-modified Fri, 30 Jul 2021 18:46:05 GMT server nginx x-timer S1639398282.786094,VS0,VE0 x-origin-server mwcm-pub-est01.prd.iad1.nyt.net vary Accept-Encoding content-type image/svg+xml;charset=UTF-8 via 1.1 varnish cache-control no-cache, must-revalidate accept-ranges bytes x-cache-hits 9
GET H2	200	untitled2 mwcm.nyt.com/dam/LP/payment-methods/	6 KB 3 KB	9ms 8ms	Image image/svg+xml	151.101.129.164 FASTLY
General Check archive.org Show headers Download Go to Show image Full URL https://mwcm.nyt.com/dam/LP/payment-methods/untitled2 Requested by Host: www.nytimes.com URL: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.129.164 , United States, ASN54113 (FASTLY, US), Reverse DNS Software nginx / Resource Hash 6aec5046b00d1e1d628b212d99cffd4d938263d111e7fa394539165c340e8bdc Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.nytimes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Mon, 13 Dec 2021 12:24:41 GMT content-encoding gzip age 456906 x-cache HIT content-length 2844 x-served-by cache-hhn4062-HHN access-control-allow-origin * last-modified Mon, 28 Jun 2021 15:37:03 GMT server nginx x-timer S1639398282.786184,VS0,VE0 x-origin-server mwcm-pub-est08.prd.iad1.nyt.net vary Accept-Encoding content-type image/svg+xml;charset=UTF-8 via 1.1 varnish cache-control no-cache, must-revalidate accept-ranges bytes x-cache-hits 8
GET H2	200	untitled4 mwcm.nyt.com/dam/LP/payment-methods/	790 B 523 B	9ms 9ms	Image image/svg+xml	151.101.129.164 FASTLY
General Check archive.org Show headers Download Go to Show image Full URL https://mwcm.nyt.com/dam/LP/payment-methods/untitled4 Requested by Host: www.nytimes.com URL: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.129.164 , United States, ASN54113 (FASTLY, US), Reverse DNS Software nginx / Resource Hash 3bda03c62fd1d0deac48897f0b79be87afe71bb0ad6c1b2ae88124e1ce3a0a49 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.nytimes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Mon, 13 Dec 2021 12:24:41 GMT content-encoding gzip age 391670 x-cache HIT content-length 383 x-served-by cache-hhn4062-HHN access-control-allow-origin * last-modified Mon, 28 Jun 2021 17:13:08 GMT server nginx x-timer S1639398282.786259,VS0,VE0 x-origin-server mwcm-pub-est05.prd.iad1.nyt.net vary Accept-Encoding content-type image/svg+xml;charset=UTF-8 via 1.1 varnish cache-control no-cache, must-revalidate accept-ranges bytes x-cache-hits 8
GET H2	200	common.js Show response mwcm.nyt.com/.resources/mkt-wcm/dist/	220 KB 69 KB	8ms 8ms	Script application/javascript	151.101.129.164 FASTLY
General Check archive.org Show headers Download Go to Full URL https://mwcm.nyt.com/.resources/mkt-wcm/dist/common.js Requested by Host: www.nytimes.com URL: https://www.nytimes.com/vi-assets/static-assets/main-3c7d1bf403a3e122d0a0.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.129.164 , United States, ASN54113 (FASTLY, US), Reverse DNS Software nginx / Resource Hash c9ecff36f11833ac5b741e8348a8a80eb5cad243c45bd857ba92202a8e5451e4 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.nytimes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Mon, 13 Dec 2021 12:24:41 GMT content-encoding gzip age 330297 x-cache HIT content-length 70433 x-served-by cache-hhn4062-HHN access-control-allow-origin * last-modified Mon, 06 Dec 2021 22:44:54 GMT server nginx x-timer S1639398282.791571,VS0,VE0 x-origin-server mwcm-pub-est10.prd.iad1.nyt.net vary Accept-Encoding content-type application/javascript;charset=UTF-8 via 1.1 varnish cache-control no-cache, must-revalidate accept-ranges bytes x-cache-hits 2425
GET H2	200	main.js Show response mwcm.nyt.com/.resources/mkt-wcm/dist/templates/pages/lp/gbb3/js/src/	23 KB 6 KB	14ms 14ms	Script application/javascript	151.101.129.164 FASTLY
General Check archive.org Show headers Download Go to Full URL https://mwcm.nyt.com/.resources/mkt-wcm/dist/templates/pages/lp/gbb3/js/src/main.js Requested by Host: www.nytimes.com URL: https://www.nytimes.com/vi-assets/static-assets/main-3c7d1bf403a3e122d0a0.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.129.164 , United States, ASN54113 (FASTLY, US), Reverse DNS Software nginx / Resource Hash d09b7b0c955ad436b296c77df5c697479e1ca306619ba3e065fcc9a1342bcc7f Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.nytimes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Mon, 13 Dec 2021 12:24:41 GMT content-encoding gzip age 330298 x-cache HIT content-length 6090 x-served-by cache-hhn4062-HHN access-control-allow-origin * last-modified Mon, 06 Dec 2021 22:44:54 GMT server nginx x-timer S1639398282.792254,VS0,VE0 x-origin-server mwcm-pub-est09.prd.iad1.nyt.net vary Accept-Encoding content-type application/javascript;charset=UTF-8 via 1.1 varnish cache-control no-cache, must-revalidate accept-ranges bytes x-cache-hits 1992
GET H2	200	franklin-normal-800.fdc7cad17deeec2db1fe2f9f8c0520ed.woff2 g1.nyt.com/fonts/family/franklin/	24 KB 24 KB	9ms 9ms	Font application/octet-stream	151.101.65.164 FASTLY
General Check archive.org Show headers Download Go to Full URL https://g1.nyt.com/fonts/family/franklin/franklin-normal-800.fdc7cad17deeec2db1fe2f9f8c0520ed.woff2 Requested by Host: g1.nyt.com URL: https://g1.nyt.com/fonts/css/web-fonts.b1c035e4560e0216caf8f03326e0430712b61041.css Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.65.164 , United States, ASN54113 (FASTLY, US), Reverse DNS Software UploadServer / Resource Hash 1a48c22120ff01abb38156633970addec986b69af1e59bfaf9b8abb6673f78c7 Request headers Referer https://g1.nyt.com/fonts/css/web-fonts.b1c035e4560e0216caf8f03326e0430712b61041.css Origin https://www.nytimes.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers x-goog-hash crc32c=b25SxA==, md5=/cfK0X3u7C2x/i+fjAUg7Q== date Mon, 13 Dec 2021 12:24:41 GMT via 1.1 varnish content-type application/octet-stream age 555719 x-guploader-uploadid ADPycdsM45IrPMPivF_8h6yPPqhAyFMvBOlx58tkw04XZ1dsS0TrHJ4Aha5EF4VBAbdb2gnC4QSuS4CMfTd2fz7ImuFOJX9Eqg x-cache HIT x-goog-storage-class STANDARD x-goog-metageneration 1 x-goog-stored-content-encoding identity content-length 24184 x-served-by cache-hhn4072-HHN accept-ranges bytes expires Wed, 07 Dec 2022 02:02:42 GMT last-modified Wed, 15 Sep 2021 19:43:04 GMT server UploadServer x-timer S1639398282.829605,VS0,VE0 etag "fdc7cad17deeec2db1fe2f9f8c0520ed" access-control-allow-methods GET, OPTIONS x-goog-generation 1631734984069574 access-control-allow-origin * access-control-expose-headers Content-Type cache-control public,max-age=31536000,immutable x-goog-stored-content-length 24184 x-nyt-pagetype web-font timing-allow-origin * x-cache-hits 3775
POST H2	200	track a.et.nytimes.com/	0 0	108ms 108ms	Ping application/json	2a00:1450:4001:809::2013 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://a.et.nytimes.com/track Requested by Host: www.nytimes.com URL: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:809::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://www.nytimes.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers
GET H2	200	data-layer Show response a.nytimes.com/svc/nyt/	950 B 971 B	118ms 117ms	XHR application/json	2a00:1450:4001:809::2013 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://a.nytimes.com/svc/nyt/data-layer Requested by Host: mwcm.nyt.com URL: https://mwcm.nyt.com/.resources/mkt-wcm/dist/common.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:809::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Frontend / Resource Hash 24e3d469741bf16afc2dc0e87eda9dd491d13a6784e454205e5fec90e1d1f175 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.nytimes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Mon, 13 Dec 2021 12:24:41 GMT content-encoding gzip x-appengine-log-flush-count 1 server Google Frontend vary Accept-Encoding access-control-allow-methods GET, PUT, POST, DELETE, OPTIONS content-type application/json; charset=UTF-8 access-control-allow-origin https://www.nytimes.com x-cloud-trace-context 6a8a2d09fc1618bdd0fd620dfd44639f cache-control private access-control-allow-credentials true access-control-allow-headers Content-Type, x-requested-by, * content-length 487 expires Mon, 13 Dec 2021 12:24:41 GMT
GET H3	200	activityi;dc_pre=CIjO9cHi4PQCFdAYGwodYdMCUQ;src=5290727;type=remar0;cat=gatew0;ord=1;num=8146863952030;gtm=2wgc10;auiddc=2041699940.1639398281;u17=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fw... Show response 5290727.fls.doubleclick.net/ Frame 2FCE Redirect Chain https://5290727.fls.doubleclick.net/activityi;src=5290727;type=remar0;cat=gatew0;ord=1;num=8146863952030;gtm=2wgc10;auiddc=2041699940.1639398281;u17=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2... https://5290727.fls.doubleclick.net/activityi;dc_pre=CIjO9cHi4PQCFdAYGwodYdMCUQ;src=5290727;type=remar0;cat=gatew0;ord=1;num=8146863952030;gtm=2wgc10;auiddc=2041699940.1639398281;u17=https%3A%2F%2F...	567 B 410 B	124ms 123ms	Document text/html	142.250.185.102 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://5290727.fls.doubleclick.net/activityi;dc_pre=CIjO9cHi4PQCFdAYGwodYdMCUQ;src=5290727;type=remar0;cat=gatew0;ord=1;num=8146863952030;gtm=2wgc10;auiddc=2041699940.1639398281;u17=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-russia-bitcoin.html;ps=1;~oref=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-russia-bitcoin.html? Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-P528B3&gtm_auth=tfAzqo1rYDLgYhmTnSjPqw&gtm_preview=env-130&gtm_cookies_win=x Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.185.102 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s49-in-f6.1e100.net Software cafe / Resource Hash 991f27ed2d9741a240277767b39f2bb4b11f9e270feefa19e1a43de106fa91fe Security Headers Name Value Strict-Transport-Security max-age=21600 X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer about:blank Response headers p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" timing-allow-origin * cross-origin-resource-policy cross-origin date Mon, 13 Dec 2021 12:24:41 GMT expires Mon, 13 Dec 2021 12:24:41 GMT cache-control private, max-age=0 strict-transport-security max-age=21600 content-type text/html; charset=UTF-8 x-content-type-options nosniff content-encoding gzip server cafe content-length 385 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" cross-origin-opener-policy-report-only same-origin; report-to="gfe-default_product_name" report-to {"group":"gfe-default_product_name","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/default_product_name"}]} Redirect headers p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" timing-allow-origin * cross-origin-resource-policy cross-origin date Mon, 13 Dec 2021 12:24:41 GMT pragma no-cache expires Fri, 01 Jan 1990 00:00:00 GMT cache-control no-cache, must-revalidate follow-only-when-prerender-shown 1 strict-transport-security max-age=21600 location https://5290727.fls.doubleclick.net/activityi;dc_pre=CIjO9cHi4PQCFdAYGwodYdMCUQ;src=5290727;type=remar0;cat=gatew0;ord=1;num=8146863952030;gtm=2wgc10;auiddc=2041699940.1639398281;u17=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-russia-bitcoin.html;ps=1;~oref=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-russia-bitcoin.html? content-type text/html; charset=UTF-8 x-content-type-options nosniff server cafe content-length 0 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" cross-origin-opener-policy-report-only same-origin; report-to="gfe-default_product_name" report-to {"group":"gfe-default_product_name","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/default_product_name"}]}
POST H2	200	track a.et.nytimes.com/	0 0	109ms 108ms	Ping application/json	2a00:1450:4001:809::2013 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://a.et.nytimes.com/track Requested by Host: www.nytimes.com URL: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:809::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://www.nytimes.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers
GET H3	200	activityi;register_conversion=1;src=5290727;type=remar0;cat=gatew0;ord=1;num=8146863952030;gtm=2wgc10;auiddc=2041699940.1639398281;u17=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurop... 5290727.fls.doubleclick.net/	0 0	17ms 16ms	Image text/html	142.250.185.102 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://5290727.fls.doubleclick.net/activityi;register_conversion=1;src=5290727;type=remar0;cat=gatew0;ord=1;num=8146863952030;gtm=2wgc10;auiddc=2041699940.1639398281;u17=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-russia-bitcoin.html;ps=1;~oref=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-russia-bitcoin.html? Requested by Host: www.nytimes.com URL: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.185.102 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s49-in-f6.1e100.net Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.nytimes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers
GET H3	200	collect www.google-analytics.com/	35 B 55 B	7ms 7ms	Image image/gif	2a00:1450:4001:809::200e GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google-analytics.com/collect?v=1&_v=j96&a=544488254&t=event&ni=1&_s=1&dl=http%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-russia-bitcoin.html&dr=https%3A%2F%2Ft.co%2F&ul=en-us&de=UTF-8&dt=Companies%20Linked%20to%20Russian%20Ransomware%20Hide%20in%20Plain%20Sight%20-%20The%20New%20York%20Times&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=gateway&ea=impression&el=MAG_web_nonsub_all_monthly-sale&ev=0&_u=aAjAAEABAAAAAC~&jid=&gjid=&cid=2030314818.1639398280&tid=UA-58630905-2&_gid=1404870338.1639398281&gtm=2wgc10P528B3&cg1=world&cg2=europe&cg3=article&cg4=news&cd1=http%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-russia-bitcoin.html&cd2=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-russia-bitcoin.html&cd3=&cd4=World&cd9=9&cd10=t.co&cd12=Europe&cd13=twitter&cd14=international_desk&cd15=earned&cd16=social&cd17=100000008088026&cd18=Andrew%20E.%20Kramer&cd19=Companies%20Linked%20to%20Russian%20Ransomware%20Hide%20in%20Plain%20Sight&cd20=&cd21=Article&cd23=World&cd25=Europe&cd26=2021&cd27=2021-12-06-05&cd28=Monday&cd29=05&cd30=2021-12-08T16%3A36%3A06.336Z&cd32=World%20News%2CEurope&cd33=SECTION%2CSECTION&cd34=NEWS&cd36=06russia-crypto&cd37=1354&cd38=Foreign&cd42=nyt-vi&cd43=Computer%20Security%2CVirtual%20Currency%2CExtortion%20and%20Blackmail%2CPolitics%20and%20Government%2CCyberwarfare%20and%20Defense%2CCyberattacks%20and%20Hackers%2CUnited%20States%20International%20Relations&cd44=Federation%20Towers%20(Moscow%2C%20Russia)&cd46=Moscow%20(Russia)%2CRussia&cd48=December&cd49=long_1200_1600&cd51=nyt-vi&cd52=&cd53=Foreign&cd54=international_desk&cd55=0&cd56=anon&cd57=0&cd58=0&cd59=&cd60=&cd61=0&cd63=zxdncqY1GMNkpz7VmDYK2X&cd65=anon&cd67=0&cd95=&cd122=&cd123=&cd124=&cd125=&cd126=&cd127=&cd129=NaN&cd135=&cd139=&cd141=&cd142=&cd162=&cd163=&cd164=zxdncqY1GMNkpz7VmDYK2X&z=835636161 Requested by Host: www.nytimes.com URL: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015 Security Headers Name Value X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.nytimes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers pragma no-cache date Mon, 13 Dec 2021 02:03:02 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 age 37299 content-type image/gif access-control-allow-origin * cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 35 expires Mon, 01 Jan 1990 00:00:00 GMT
GET H2	200	cheltenham-normal-200.40ccfe2cc61a71e6617e56162d49b896.woff2 g1.nyt.com/fonts/family/cheltenham/	26 KB 26 KB	9ms 9ms	Font application/octet-stream	151.101.65.164 FASTLY
General Check archive.org Show headers Download Go to Full URL https://g1.nyt.com/fonts/family/cheltenham/cheltenham-normal-200.40ccfe2cc61a71e6617e56162d49b896.woff2 Requested by Host: g1.nyt.com URL: https://g1.nyt.com/fonts/css/web-fonts.b1c035e4560e0216caf8f03326e0430712b61041.css Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.65.164 , United States, ASN54113 (FASTLY, US), Reverse DNS Software UploadServer / Resource Hash 4f837869b80c34ed1a128362a6ed24ff5ebdae743dc55eb3c183ae9c8b5f4ca3 Request headers Referer https://g1.nyt.com/fonts/css/web-fonts.b1c035e4560e0216caf8f03326e0430712b61041.css Origin https://www.nytimes.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers x-goog-hash crc32c=kUZRqw==, md5=QMz+LMYaceZhflYWLUm4lg== date Mon, 13 Dec 2021 12:24:41 GMT via 1.1 varnish content-type application/octet-stream age 2204403 x-guploader-uploadid ADPycdvKEZjcsHoQ6AIjXGw_dxXaWmeXxll8NtRiTSsbJNQ_qTkc8Zw1Li-2ZDoJcqwbxSRZeDF446RVn82wSNDKAw x-cache HIT x-goog-storage-class STANDARD x-goog-metageneration 1 x-goog-stored-content-encoding identity content-length 26448 x-served-by cache-hhn4072-HHN accept-ranges bytes expires Fri, 18 Nov 2022 00:04:39 GMT last-modified Wed, 15 Sep 2021 19:43:02 GMT server UploadServer x-timer S1639398282.943121,VS0,VE0 etag "40ccfe2cc61a71e6617e56162d49b896" access-control-allow-methods GET, OPTIONS x-goog-generation 1631734982612741 access-control-allow-origin * access-control-expose-headers Content-Type cache-control public,max-age=31536000,immutable x-goog-stored-content-length 26448 x-nyt-pagetype web-font timing-allow-origin * x-cache-hits 5416
GET H3	204	gen_204 pagead2.googlesyndication.com/pagead/ Frame C9EA	0 20 B	58ms 43ms	Image image/gif	2a00:1450:4001:812::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BEkKbiTu3YaW2I5WM7_UPz5GVIAAAAAA4AeAEAg&bg=!-_il-LzNAAZKWFskSlg7ACkAdvg8WsxkbVjnZoqYNVGCNnDX1m5SIT1NjehmA1gJo3imp16wfjl2dwIAAADwUgAAAA1oAQeZAwvXXHLAAXZmZMR-jdtM9C8pAH1dR87Pmp203rJSq1Hijj4zmChbVIKa8LrY6PYkpTYHp3O6yYE6xCW7g5MTyV6C9dHEgLHz0yWc5r7AK3AoSCSGOSjbiLO8XyasXrHUME0A9AO2Sepv1djy56S5KocEINoT1VCVDutFxsMDLanu2yceAwjtAs90GNkeP5tMLtZznCMD8ZloquPUwsuz7Jxgtg502G-HF2y4u95t1nYVJVV0Co3YLoKD5HM2JVdJ9S5cTFUndQtr4xWVDtWTSmY724jMzRbofZmZwYIyqYBU3a0jOql3YQ-AE8rdirVxBz0ACsikc6co7vYpgCors17Iu6Bvr3uWIPDxUgxoF8zB7Nq0x2m3eEiOzOAdGkTS0ks-S7ah5E9vSAy6gKRZDjAwE2pvz7QqCRCpb8ffGeSM47R5QdkTpGknDmkUWJG7KTZW0-IQxEBzRaCC1piAyMm_bv0OHLj8bPswWpupseUYexRUgIYPr3FcJW6tJxlsl38-_MKkKJZR_7YCk8z2vUCsZBd2GEhRVz_ddshWyoNw3F4GIf7ndmJV2BdIA3Y91lhJi6jDvc5zhcOM8crUG_RF0wI8H7ojl7ovwEHtcXWnS6Ft6egZw85UkBLTWINnqMT3socfvvq4PDE1AAt8l_oWMsmj4nj_lPO-LKH_j7hFwp7zdHuMUt7qyYsLVKhfwvNpqJ5Fq9F4lNU5sAqqiLq5ibZDiXT8xr4ksiznJ49z-diibrv_zTH2uShqQxyWlRznhT915CTLyaYLmDzGARLRlLuvrclA_3PDaQAalY6knTS79YXiWFGPn1cG0cey_EasoDNMYIxgA-7gTDcdHVqeolbuoEPSg2n-ZP1yBypwDCcvjlEe_oJ5zUrq_tmpr6EZhttHAh0WDkGqW35Wyd5Rx64504b2vCq5yKsfy-dTyVpTr14uniVgwAg6hNImk2bKuF0R3vvqej1Gi0ISYyifTc-lkXCtS7ryeChGh9v0t7sZ6Ji5Di1Id0UEMDtlI_a17MfE8fmmYKkshw Requested by Host: www.nytimes.com URL: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://tpc.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers pragma no-cache date Mon, 13 Dec 2021 12:24:42 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	dc_pre=CIjO9cHi4PQCFdAYGwodYdMCUQ;src=5290727;type=remar0;cat=gatew0;ord=1;num=8146863952030;gtm=2wgc10;auiddc=*;u17=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-rus... adservice.google.com/ddm/fls/z/ Frame 2FCE	42 B 63 B	52ms 52ms	Image image/gif	2a00:1450:4001:811::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://adservice.google.com/ddm/fls/z/dc_pre=CIjO9cHi4PQCFdAYGwodYdMCUQ;src=5290727;type=remar0;cat=gatew0;ord=1;num=8146863952030;gtm=2wgc10;auiddc=*;u17=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-russia-bitcoin.html;ps=1;~oref=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-russia-bitcoin.html Requested by Host: 5290727.fls.doubleclick.net URL: https://5290727.fls.doubleclick.net/activityi;dc_pre=CIjO9cHi4PQCFdAYGwodYdMCUQ;src=5290727;type=remar0;cat=gatew0;ord=1;num=8146863952030;gtm=2wgc10;auiddc=2041699940.1639398281;u17=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-russia-bitcoin.html;ps=1;~oref=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-russia-bitcoin.html? Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://5290727.fls.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers pragma no-cache date Mon, 13 Dec 2021 12:24:42 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	sodar Show response pagead2.googlesyndication.com/getconfig/	11 KB 8 KB	38ms 22ms	XHR application/json	2a00:1450:4001:812::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021120601&st=env Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 2784670840d6408f7230cab627c7dc0b8419227282bf08f9c8120d74cf274932 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.nytimes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers timing-allow-origin * date Mon, 13 Dec 2021 12:24:42 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" access-control-allow-origin * cache-control private cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type application/json; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 8512 x-xss-protection 0
GET H2	200	loader.js Show response platform.iteratehq.com/	2 KB 1 KB	64ms 21ms	Script application/javascript	2606:4700:3037::6815:24db CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://platform.iteratehq.com/loader.js Requested by Host: t.co URL: https://t.co/PJ4yzIBJiy Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3037::6815:24db , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash ca2c526397c805f1ebe50aef75409bc359bd1dc6d403882ef0c5bc6c42aa3742 Security Headers Name Value Strict-Transport-Security max-age=0; includeSubDomains Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.nytimes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Mon, 13 Dec 2021 12:24:42 GMT content-encoding br vary Accept-Encoding cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 150 alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 x-amz-request-id 08ZKGBN96CESE87X x-amz-id-2 MLsCGtU3oNDYYha8t6jxEkBYN83J0LcZ8s2YcBAamXuc9hB6Rz358+Aj3xkXW8GsSPk5zNM8Vk4= last-modified Tue, 30 Nov 2021 17:45:47 GMT server cloudflare etag W/"0fd20432cf9f2bf6cab535d117f99af7" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=0; includeSubDomains report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JOgr%2FKinGdsbAH5jEzRN%2FmuDZUVmCDkOFtMigDwG89GIOlOgEpTAQsKtkk%2BgqE6aqIDtNxev3YRLesUrpEKCS%2FprlcPiZcEO2dnx9Tq8DDY21UrGAWuqsvKouQDpmwzEjx%2FAYVlEFBJ9o7zygRwyaiubklb0"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=1800 cf-ray 6bcf2bbfbc154e0e-FRA
POST H2	204	/ 684dd32a.akstat.io/	0 202 B	461ms 447ms	Ping image/gif	2a02:26f0:6c00:2b9::11a6 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://684dd32a.akstat.io/ Requested by Host: s.go-mpulse.net URL: https://s.go-mpulse.net/boomerang/ATH8A-MAMN8-XPXCH-N5KAX-8D239 Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 2a02:26f0:6c00:2b9::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Xss-Protection 0 Request headers Referer https://www.nytimes.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Content-Type application/x-www-form-urlencoded Response headers pragma no-cache date Mon, 13 Dec 2021 12:24:42 GMT content-type image/gif access-control-allow-origin https://www.nytimes.com cache-control max-age=0, no-cache, no-store access-control-allow-credentials true timing-allow-origin * x-xss-protection 0 expires Mon, 13 Dec 2021 12:24:42 GMT
GET H3	200	sodar2.js Show response tpc.googlesyndication.com/sodar/	17 KB 6 KB	21ms 21ms	Script text/javascript	2a00:1450:4001:831::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/sodar/sodar2.js Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.nytimes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Mon, 13 Dec 2021 12:24:42 GMT content-encoding gzip x-content-type-options nosniff server sffe cross-origin-opener-policy same-origin; report-to="adspam-signals-scs" etag "1637097310169751" vary Accept-Encoding report-to {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]} content-type text/javascript cache-control private, max-age=3000 accept-ranges bytes alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 6386 x-xss-protection 0 expires Mon, 13 Dec 2021 12:24:42 GMT
GET H3	200	runner.html Show response tpc.googlesyndication.com/sodar/sodar2/225/ Frame A4C0	13 KB 5 KB	7ms 7ms	Document text/html	2a00:1450:4001:831::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/sodar2.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://www.nytimes.com/ Response headers accept-ranges bytes vary Accept-Encoding content-encoding gzip content-type text/html cross-origin-resource-policy cross-origin cross-origin-opener-policy same-origin; report-to="adspam-signals-scs" report-to {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]} content-length 5046 date Mon, 13 Dec 2021 10:36:17 GMT expires Tue, 13 Dec 2022 10:36:17 GMT last-modified Mon, 21 Jun 2021 20:47:05 GMT x-content-type-options nosniff server sffe x-xss-protection 0 cache-control public, max-age=31536000 age 6505 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H2	200	aframe Show response www.google.com/recaptcha/api2/ Frame 8B5A	783 B 1 KB	40ms 17ms	Document text/html	2a00:1450:4001:80e::2004 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google.com/recaptcha/api2/aframe Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/sodar2.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software GSE / Resource Hash d3599338f6263cc29728ae1802b6d54521634045b942354955dfafbdf629c273 Security Headers Name Value Content-Security-Policy script-src 'report-sample' 'nonce-TBzUnDc9COOI9a31rxJF4w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://www.nytimes.com/ Response headers cross-origin-resource-policy cross-origin cross-origin-embedder-policy require-corp report-to {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} expires Mon, 13 Dec 2021 12:24:42 GMT date Mon, 13 Dec 2021 12:24:42 GMT cache-control private, max-age=300 content-type text/html; charset=utf-8 content-security-policy script-src 'report-sample' 'nonce-TBzUnDc9COOI9a31rxJF4w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1 content-encoding gzip x-content-type-options nosniff x-xss-protection 1; mode=block content-length 514 server GSE alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H3	200	sdk-prod-ea25a135bde1cf14d4a7.js Show response platform.iteratehq.com/	895 KB 259 KB	86ms 62ms	Script application/javascript	2606:4700:3037::6815:24db CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://platform.iteratehq.com/sdk-prod-ea25a135bde1cf14d4a7.js Requested by Host: platform.iteratehq.com URL: https://platform.iteratehq.com/loader.js Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3037::6815:24db , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 8fbac64874e4c3d8ab829798f73a3f4ad05a5ac15d22be98b881d422b3b4f5fe Security Headers Name Value Strict-Transport-Security max-age=0; includeSubDomains Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.nytimes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Mon, 13 Dec 2021 12:24:42 GMT content-encoding br vary Accept-Encoding cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 1103843 alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 x-amz-request-id C5QB3A71MZMB9WFV x-amz-id-2 LTdnxJnEY2EN4udA00uVg/UyQC3YsQ/hi7X/Fj/+EyFyQ8R0gdhbf4WtRmUqgho2WB+/70VnlD4= last-modified Tue, 30 Nov 2021 17:45:43 GMT server cloudflare etag W/"01d2b1c2c22259161a931f5d15e1a312" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=0; includeSubDomains report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X1%2FUTKvbPOV5Hvg8qYL6nWF5JFyMYLqnOL3ybJDWq9WQBnz1OdxyF9hnXzVpg%2FRhcXBkBtIgRs%2BVH98beyUYmd2JzH8BObjJXlq2vCRXP9nhkvoOjFTm%2Bd3VXulLhrHmJ6U90lo8Bk7vincCRjD9tP0JL7tP"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=31536000 cf-ray 6bcf2bc01ef183a6-MXP
GET H3	200	style-2bdbffb0210cc2e386f1.css platform.iteratehq.com/	130 KB 12 KB	66ms 43ms	Stylesheet text/css	2606:4700:3037::6815:24db CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://platform.iteratehq.com/style-2bdbffb0210cc2e386f1.css Requested by Host: platform.iteratehq.com URL: https://platform.iteratehq.com/loader.js Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3037::6815:24db , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash f348468a5b39755c98091989fdafd4be48ccdbfaf75273cd4fd87333e43a7fda Security Headers Name Value Strict-Transport-Security max-age=0; includeSubDomains Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.nytimes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Mon, 13 Dec 2021 12:24:42 GMT content-encoding br vary Accept-Encoding cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 11284251 alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 x-amz-request-id ZGW8170PETPYYJ77 x-amz-id-2 Rpcug3D6YPhcmH43lZFCWQXvj0nvPKJHbYYOC0m9qxtaWLsa4CzKpdn33GO7qiR0yBzhg1VLwJQ= last-modified Wed, 04 Aug 2021 21:51:28 GMT server cloudflare etag W/"4737fd744e2551cae9a2bc8884efd7ba" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=0; includeSubDomains report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GwNeYYRKAAwzsNZcWZ9dH5i426%2BVYquok0T4o9zYt3vhk4ldnxSrVUY3J0cL9ukAR8d95s2L24RpIvb%2BQ9%2BfIGuQsd519tdBTiU6mevZVdT0TROqPwSWZCM1H97IPiBn%2FLyVHXxvLCbjG0AIprw10Ux%2Bzcou"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=31536000 cf-ray 6bcf2bc01ef583a6-MXP
GET H3	200	A3sS0H_86Eu8poIaUPJJxUQpsgwPL9Z0aaC7WTcRMFE.js Show response pagead2.googlesyndication.com/bg/ Frame A4C0	35 KB 13 KB	7ms 7ms	Script text/javascript	2a00:1450:4001:812::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/bg/A3sS0H_86Eu8poIaUPJJxUQpsgwPL9Z0aaC7WTcRMFE.js Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 037b12d07ffce84bbca6821a50f249c54429b20c0f2fd67469a0bb5937113051 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://tpc.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Mon, 13 Dec 2021 12:23:21 GMT content-encoding br x-content-type-options nosniff age 81 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 13610 x-xss-protection 0 last-modified Mon, 06 Dec 2021 19:18:00 GMT server sffe cross-origin-opener-policy same-origin; report-to="botguard-scs" vary Accept-Encoding report-to {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]} content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes expires Tue, 13 Dec 2022 12:23:21 GMT
GET H3	204	sodar pagead2.googlesyndication.com/pagead/ Frame 8B5A	0 0	48ms 48ms	Image text/html	2a00:1450:4001:812::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2021120601&jk=2348016933657495&rc= Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.google.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers
GET H/1.1	200 OK	results.txt Show response xhubpok7munruynxhofa-pg9nso-c55947a80-clientnsv4-s.akamaihd.net/eum/ Redirect Chain https://trial-eum-clientnsv4-s.akamaihd.net/eum/getdns.txt?c=pg9nsowb2 https://xhubpok7munruynxhofa-pg9nso-c55947a80-clientnsv4-s.akamaihd.net/eum/results.txt	8 B 312 B	69ms 7ms	XHR text/plain	95.101.27.37 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://xhubpok7munruynxhofa-pg9nso-c55947a80-clientnsv4-s.akamaihd.net/eum/results.txt Protocol HTTP/1.1 Server 95.101.27.37 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a95-101-27-37.deploy.static.akamaitechnologies.com Software AkamaiNetStorage / Resource Hash 662efaf46c617ddbcb8ff4a2a8f64cffd3d93630f1003f8e66511f369b87730f Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.nytimes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers Date Mon, 13 Dec 2021 12:24:42 GMT Last-Modified Wed, 08 May 2013 07:51:12 GMT Server AkamaiNetStorage ETag "402e7a087747cb56c718bde84651f96a:1367999472" Content-Type text/plain Access-Control-Allow-Origin * Connection keep-alive Accept-Ranges bytes Content-Length 8 Redirect headers Location https://xhubpok7munruynxhofa-pg9nso-c55947a80-clientnsv4-s.akamaihd.net/eum/results.txt Date Mon, 13 Dec 2021 12:24:42 GMT Server AkamaiGHost Connection keep-alive Access-Control-Allow-Origin * Content-Length 0
GET H/1.1	200 OK	results.txt Show response eaaqvsaaeaajakqce3ygyaaaabq3oo4k-pg9nso-f0589f45a-clienttons-s.akamaihd.net/eum/ Redirect Chain https://trial-eum-clienttons-s.akamaihd.net/eum/getdns.txt?c=pg9nsowb2 https://eaaqvsaaeaajakqce3ygyaaaabq3oo4k-pg9nso-f0589f45a-clienttons-s.akamaihd.net/eum/results.txt	8 B 312 B	70ms 6ms	XHR text/plain	2a02:26f0:6c00::210:ba13 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://eaaqvsaaeaajakqce3ygyaaaabq3oo4k-pg9nso-f0589f45a-clienttons-s.akamaihd.net/eum/results.txt Protocol HTTP/1.1 Server 2a02:26f0:6c00::210:ba13 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software AkamaiNetStorage / Resource Hash 662efaf46c617ddbcb8ff4a2a8f64cffd3d93630f1003f8e66511f369b87730f Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.nytimes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers Date Mon, 13 Dec 2021 12:24:42 GMT Last-Modified Wed, 08 May 2013 07:51:12 GMT Server AkamaiNetStorage ETag "402e7a087747cb56c718bde84651f96a:1367999472" Content-Type text/plain Access-Control-Allow-Origin * Connection keep-alive Accept-Ranges bytes Content-Length 8 Redirect headers Location https://eaaqvsaaeaajakqce3ygyaaaabq3oo4k-pg9nso-f0589f45a-clienttons-s.akamaihd.net/eum/results.txt Date Mon, 13 Dec 2021 12:24:42 GMT Server AkamaiGHost Connection keep-alive Access-Control-Allow-Origin * Content-Length 0
GET H3	204	gen_204 pagead2.googlesyndication.com/pagead/	0 20 B	43ms 42ms	Image image/gif	2a00:1450:4001:812::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2021120601&jk=2348016933657495&bg=!NzSlNHDNAAZKWFskSlg7ACkAdvg8WjbhyJSTM3DXL6HW5-4hU1gY7bFqntSmyCOCf3kospQFo-EnvAIAAABQUgAAAApoAQeZArw04o8a_Kr1Ht67L9di-2pAknYQHGuVH6pEgJxOu8WnQX6iIC5aE07Ay6OBtMFMOkfPsz2R6UMxNtai9scDjByUcx7XoPWSE1KIe0R4clOcMAsdqzXiljOPlmrvzPmShrJdfzpXBUUSsM_-Gv39hGHfUfdeHh4ILBaa-SIAmw3jErPSYBK6AmoKYrkNLlMX0OLnwRZQMFSeazelTbNZ3sDwvzVevNcToxywiFBtElGFDaScU4RmtwZ4RXIUVtqpxMiPDqBY4QAp5wRRSc0nffKU8o5Acoa_AY27QbVTkOjzPsJBdQGw3zy-mXx5LXJV012y6sMib8-feMflO3x9uwIFDhvAvUwyqqNOLqrVuFZvCkj6eT7X9m93wwGogMF5bTsCFJ02YvrPTajb17yWO4nPUFzIsoX9-WnjiHzSGeqBwddjGkez5JVQ1X6apuyv873FeChN_FSOX86U27JrYCERqlOcsba3ZQKn1EMHp3ip3lB117ohzYdU9eehZzd1Ip0IJRYOps3HYCFyAqxIu38k62eLiqmEYIGbM4ykAT_yYej60nNivlub4X1t7iep0honiCG2Ou0gxK9Gm-002d0qkvzlAsTjyT0FuO8FCotgsQbycsgHlD9_EJLTvnbLmFSgf_owO974HN_1hsp_tER6z3-2Ics-zDo-T_Rqjm77BdinOgl0p672atO1BQJcDpqgcsifsC8UwPbQWZL93u9n-VQjFVBG97Ip0r86KC78fnwOEVZHrTj0WWc_ktK2BIF7E9qtTNuTWQBsrwz1jy2fT3YrE8pVs67RNkfbMRl54acMlcH1xqGgKprzfKFwe1PAo8Z6719vIVbFWwTfhrueMOEzdnOcbQoNmSEd9zmU9yZUHpMQ33ZlKa__zzo2l4GrSov4IzLVGwLvvv5iW1NpTjR3Sh4IOXhd-Hcj Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.nytimes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers pragma no-cache date Mon, 13 Dec 2021 12:24:42 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H3	200	embed Show response iteratehq.com/api/v1/surveys/	298 B 1 KB	180ms 156ms	Fetch application/json	2606:4700:3032::ac43:c7c7 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://iteratehq.com/api/v1/surveys/embed Requested by Host: platform.iteratehq.com URL: https://platform.iteratehq.com/sdk-prod-ea25a135bde1cf14d4a7.js Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3032::ac43:c7c7 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 81d39f6b90f346a8c4656f0ca5066c6f7154832878af6e98b3d3133a8c6d5ded Security Headers Name Value Strict-Transport-Security max-age=0; includeSubDomains Request headers User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Referer https://www.nytimes.com/ Accept-Language de-DE,de;q=0.9 Authorization Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJjb21wYW55X2lkIjoiNWMwOThiM2QxNjU0YzEwMDAxMmM2OGY5IiwiaWF0IjoxNTQ0MTI5MzQxfQ.UI13nEXGs0udbZxhjyFLruAEed42XwFO4fZlCqOgY1o Content-Type application/json Response headers date Mon, 13 Dec 2021 12:24:43 GMT content-encoding br cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Origin report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2OL57omn%2FH8Zbyb90IV6X2drIbebq%2FxCWbb6flMifndX1ZfrO9tswXnCdhsa%2Fg92LA8cdPfq2ZDiJPISTo4KEDzffZIHXCbeYOFmAfQ7wURz%2B7XPhYUchXKPRSUs8UTM4cyPPVWsBaxgzTZL"}],"group":"cf-nel","max_age":604800} content-type application/json access-control-allow-origin * access-control-allow-credentials true strict-transport-security max-age=0; includeSubDomains cf-ray 6bcf2bc44a2c3755-MXP alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
OPTIONS H2	200	embed iteratehq.com/api/v1/surveys/ Frame	0 0	436ms 138ms	Preflight	2606:4700:3032::ac43:c7c7 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://iteratehq.com/api/v1/surveys/embed Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3032::ac43:c7c7 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=0; includeSubDomains Request headers Accept */* Access-Control-Request-Method POST Access-Control-Request-Headers authorization,content-type Origin https://www.nytimes.com User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Sec-Fetch-Mode cors Response headers date Mon, 13 Dec 2021 12:24:42 GMT content-length 0 access-control-allow-credentials true access-control-allow-headers Authorization, Content-Type access-control-allow-methods POST access-control-allow-origin * vary Origin Access-Control-Request-Method Access-Control-Request-Headers cf-cache-status DYNAMIC expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3SRuK%2BhuL1p0XYG%2FKMuj4YT8yNzLyN9PwfzOcemCgLk8avYiRAZz4ErCQpYqyorO4B9CSRl80YHLTV3qfGel9cilv6Df2M6Y9WJktfbki1tK6ynds2dHhyLhhk7NzDQ1h2z0pdqj7%2Biv6ics"}],"group":"cf-nel","max_age":604800} nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=0; includeSubDomains server cloudflare cf-ray 6bcf2bc3391dd618-MXP alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
GET H3	200	activeview Show response pagead2.googlesyndication.com/pcs/ Frame BAAB	42 B 64 B	40ms 39ms	Fetch image/gif	2a00:1450:4001:812::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstcM0IAkdT8Uy0Z8myewyLbbbhYHnrCyj42P7dDjtZR9WKR3m_4e6FkVQysefYdGLevDcuobiEtGFZQsr9Az4FKVpWM6JQrdlg_YgXTNTuHdyMz5t9F&sig=Cg0ArKJSzG0IdT6-uQI_EAE&id=lidar2&mcvt=1001&p=93,0,367,1600&mtos=1001,1001,1001,1001,1001&tos=1001,0,0,0,0&v=20211202&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=7&adk=1524529580&rs=4&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1639398281107&rpt=528&isd=0&lsd=0&met=mue&wmsd=0 Requested by Host: www.googletagservices.com URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://6b6573d65a3d03ca7f42da81b4a41b6a.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers pragma no-cache date Mon, 13 Dec 2021 12:24:42 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" access-control-allow-origin * cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H2	200	track a.et.nytimes.com/	0 0	111ms 111ms	Ping application/json	2a00:1450:4001:809::2013 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://a.et.nytimes.com/track Requested by Host: www.nytimes.com URL: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:809::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://www.nytimes.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers
POST H2	200	track a.et.nytimes.com/	0 0	103ms 102ms	Ping application/json	2a00:1450:4001:809::2013 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://a.et.nytimes.com/track Requested by Host: www.nytimes.com URL: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:809::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://www.nytimes.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers
POST H2	200	ZaVnC4dhaV0-HeboJ6818lTuKxRBececk4jDqTCENG6P3EEnbph5RHWdBPvQT3HRVFQSGDmsPzXTyYrsnJS80IznOeaWt-m6EIiNmwnfwv6WiKXpRRMNYg== Show response collectors.sumologic.com/receiver/v1/http/	0 518 B	116ms 116ms	XHR text/plain	44.195.111.128
General Check archive.org Show headers Download Go to Full URL https://collectors.sumologic.com/receiver/v1/http/ZaVnC4dhaV0-HeboJ6818lTuKxRBececk4jDqTCENG6P3EEnbph5RHWdBPvQT3HRVFQSGDmsPzXTyYrsnJS80IznOeaWt-m6EIiNmwnfwv6WiKXpRRMNYg==?callback=logSent Requested by Host: mwcm.nyt.com URL: https://mwcm.nyt.com/.resources/mkt-wcm/dist/common.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 44.195.111.128 -, , ASN (), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=15552000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers X-Sumo-Name Frontend Monitoring X-Sumo-Category mwcm-prd X-Sumo-Host https://mwcm-pub.prd.nytimes.com Referer https://www.nytimes.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Content-Type application/json Response headers date Mon, 13 Dec 2021 12:24:47 GMT x-content-type-options nosniff x-frame-options SAMEORIGIN content-type text/plain access-control-allow-origin https://www.nytimes.com access-control-allow-credentials true strict-transport-security max-age=15552000 vary Origin content-length 0 x-xss-protection 1; mode=block
OPTIONS H2	200	ZaVnC4dhaV0-HeboJ6818lTuKxRBececk4jDqTCENG6P3EEnbph5RHWdBPvQT3HRVFQSGDmsPzXTyYrsnJS80IznOeaWt-m6EIiNmwnfwv6WiKXpRRMNYg== collectors.sumologic.com/receiver/v1/http/ Frame	0 0	456ms 111ms	Preflight	44.195.111.128
General Check archive.org Show headers Download Go to Full URL https://collectors.sumologic.com/receiver/v1/http/ZaVnC4dhaV0-HeboJ6818lTuKxRBececk4jDqTCENG6P3EEnbph5RHWdBPvQT3HRVFQSGDmsPzXTyYrsnJS80IznOeaWt-m6EIiNmwnfwv6WiKXpRRMNYg==?callback=logSent Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 44.195.111.128 -, , ASN (), Reverse DNS Software / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=15552000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Accept */* Access-Control-Request-Method POST Access-Control-Request-Headers content-type,x-sumo-category,x-sumo-host,x-sumo-name Origin https://www.nytimes.com User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Sec-Fetch-Mode cors Response headers date Mon, 13 Dec 2021 12:24:47 GMT content-length 0 access-control-allow-origin https://www.nytimes.com access-control-allow-credentials true access-control-max-age 86400 access-control-allow-methods GET,POST,HEAD,OPTIONS access-control-allow-headers X-Requested-With,Content-Type,Accept,Origin,Content-Encoding,X-Sumo-Host,X-Sumo-Category,X-Sumo-Name,X-Sumo-Client,X-Sumo-Metadata,X-Sumo-Dimensions x-content-type-options nosniff x-frame-options SAMEORIGIN x-xss-protection 1; mode=block strict-transport-security max-age=15552000 allow GET, HEAD, POST, PUT, TRACE, OPTIONS