urlscan.io logo urlscan.io
SecurityTrails logo

go.sniply.site Open in urlscan Pro
2606:4700::6810:f34e  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://go.sniply.site/?url=https://nytimes.com/2022/10/18/theater/1776-broadway-sara-porkalob.html&utm_source=sniply&u...
Effective URL: https://go.sniply.site/web?url=https://nytimes.com/2022/10/18/theater/1776-broadway-sara-porkalob.html
Submission: On October 19 via manual from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 34 IPs in 3 countries across 23 domains to perform 119 HTTP transactions. The main IP is 2606:4700::6810:f34e, located in United States and belongs to CLOUDFLARENET, US. The main domain is go.sniply.site.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on October 3rd 2022. Valid for: a year.
This is the only time go.sniply.site was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 2 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
10 40 151.101.65.164 54113 (FASTLY)
2 34.192.116.222 14618 (AMAZON-AES)
5 151.101.129.164 54113 (FASTLY)
2 2600:9000:218... 16509 (AMAZON-02)
3 65.9.71.118 16509 (AMAZON-02)
7 2a00:1450:400... 15169 (GOOGLE)
1 34.107.148.139 396982 (GOOGLE-CL...)
8 2602:803:c004... 26667 (RUBICONPR...)
2 35.244.159.8 15169 (GOOGLE)
1 35.158.33.229 16509 (AMAZON-02)
1 37.252.173.62 29990 (ASN-APPNEX)
3 108.157.6.231 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
6 2a00:1450:400... 15169 (GOOGLE)
1 2 34.243.65.71 16509 (AMAZON-02)
1 2600:9000:239... 16509 (AMAZON-02)
1 3.65.193.119 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
3 2600:9000:223... 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
2 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
9 2600:1f18:1ac... 14618 (AMAZON-AES)
2 34.149.12.213 15169 (GOOGLE)
5 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 23.35.228.23 16625 (AKAMAI-AS)
1 13.248.245.213 16509 (AMAZON-02)
119 34
2    2606:4700::6810:f34e (United States)

ASN13335 (CLOUDFLARENET, US)
go.sniply.site
1    2606:4700::6810:5714 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.jsdelivr.net
40    151.101.65.164 (United States)

ASN54113 (FASTLY, US)
g1.nyt.com
nytimes.com
www.nytimes.com
static01.nyt.com
myaccount.nytimes.com
static01.nytimes.com
2    34.192.116.222 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-192-116-222.compute-1.amazonaws.com
a.et.nytimes.com
5    151.101.129.164 (United States)

ASN54113 (FASTLY, US)
samizdat-graphql.nytimes.com
2    2600:9000:2182:e800:4:b37b:9440:93a1 (United States)

ASN16509 (AMAZON-02, US)
rumcdn.geoedge.be
3    65.9.71.118 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-71-118.fra56.r.cloudfront.net
c.amazon-adsystem.com
7    2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
securepubads.g.doubleclick.net
1    34.107.148.139 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 139.148.107.34.bc.googleusercontent.com
prebid.media.net
8    2602:803:c004:200::143 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)
fastlane.rubiconproject.com
2    35.244.159.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com
nytimes-d.openx.net
u.openx.net
1    35.158.33.229 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-158-33-229.eu-central-1.compute.amazonaws.com
tlx.3lift.com
1    37.252.173.62 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 535.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
ib.adnxs.com
3    108.157.6.231 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-157-6-231.dus51.r.cloudfront.net
aax-dtb-cf.amazon-adsystem.com
1    2a00:1450:4001:802::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.de
1    2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.com
3    2a00:1450:4001:828::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com
2    2a00:1450:4001:827::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
6    2a00:1450:4001:829::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
tpc.googlesyndication.com
2    34.243.65.71 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-243-65-71.eu-west-1.compute.amazonaws.com
pixel.adsafeprotected.com
1    2600:9000:2394:d200:1e:a43d:b640:93a1 (United States)

ASN16509 (AMAZON-02, US)
secure-gl.imrworldwide.com
1    3.65.193.119 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-65-193-119.eu-central-1.compute.amazonaws.com
bs.serving-sys.com
1    2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagservices.com
3    2600:9000:223f:9e00:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)
static.adsafeprotected.com
1    2a00:1450:4001:82a::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
2    2a02:26f0:6c00::210:ba19 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
cdn.doubleverify.com
9    2600:1f18:1aca:4280:e955:3e30:9d62:70ae (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
dt.adsafeprotected.com
2    34.149.12.213 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 213.12.149.34.bc.googleusercontent.com
tps.doubleverify.com
tpsc-eu3.doubleverify.com
5    2a00:1450:4001:80b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com
1    2a00:1450:4001:811::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
1    23.35.228.23 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-228-23.deploy.static.akamaitechnologies.com
cs.media.net
1    13.248.245.213 (United States)

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com
eb2.3lift.com
Apex Domain
Subdomains		 Transfer
33 nytimes.com
nytimes.com — Cisco Umbrella Rank: 2847
www.nytimes.com — Cisco Umbrella Rank: 3344
a.et.nytimes.com — Cisco Umbrella Rank: 6396
samizdat-graphql.nytimes.com — Cisco Umbrella Rank: 8381 Failed
als-svc.nytimes.com Failed
myaccount.nytimes.com — Cisco Umbrella Rank: 12307
meter-svc.nytimes.com Failed
a.nytimes.com Failed
purr.nytimes.com Failed
static01.nytimes.com — Cisco Umbrella Rank: 11087
1 MB
14 adsafeprotected.com
pixel.adsafeprotected.com — Cisco Umbrella Rank: 620
static.adsafeprotected.com — Cisco Umbrella Rank: 594
dt.adsafeprotected.com — Cisco Umbrella Rank: 546
98 KB
14 googlesyndication.com
cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com
tpc.googlesyndication.com — Cisco Umbrella Rank: 147
pagead2.googlesyndication.com — Cisco Umbrella Rank: 104
137 KB
14 nyt.com
g1.nyt.com — Cisco Umbrella Rank: 9665
static01.nyt.com — Cisco Umbrella Rank: 5482
350 KB
8 rubiconproject.com
fastlane.rubiconproject.com — Cisco Umbrella Rank: 492
9 KB
7 doubleclick.net
securepubads.g.doubleclick.net — Cisco Umbrella Rank: 188
170 KB
6 amazon-adsystem.com
c.amazon-adsystem.com — Cisco Umbrella Rank: 313
aax-dtb-cf.amazon-adsystem.com — Cisco Umbrella Rank: 534
49 KB
4 doubleverify.com
cdn.doubleverify.com — Cisco Umbrella Rank: 482
tps.doubleverify.com — Cisco Umbrella Rank: 502
tpsc-eu3.doubleverify.com — Cisco Umbrella Rank: 9427
109 KB
2 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 44
2 KB
2 google.com
adservice.google.com — Cisco Umbrella Rank: 78
www.google.com — Cisco Umbrella Rank: 2
2 KB
2 3lift.com
tlx.3lift.com — Cisco Umbrella Rank: 585
eb2.3lift.com — Cisco Umbrella Rank: 373
758 B
2 openx.net
nytimes-d.openx.net — Cisco Umbrella Rank: 12616
u.openx.net — Cisco Umbrella Rank: 664
508 B
2 media.net
prebid.media.net — Cisco Umbrella Rank: 1238
cs.media.net — Cisco Umbrella Rank: 1392
865 B
2 geoedge.be
rumcdn.geoedge.be — Cisco Umbrella Rank: 1549
168 KB
2 sniply.site
go.sniply.site
56 KB
1 gstatic.com
fonts.gstatic.com
13 KB
1 googletagservices.com
www.googletagservices.com — Cisco Umbrella Rank: 193
47 KB
1 serving-sys.com
bs.serving-sys.com — Cisco Umbrella Rank: 1148
646 B
1 imrworldwide.com
secure-gl.imrworldwide.com — Cisco Umbrella Rank: 1494
753 B
1 google.de
adservice.google.de — Cisco Umbrella Rank: 8724
792 B
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 61
1 adnxs.com
ib.adnxs.com — Cisco Umbrella Rank: 232
746 B
1 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 394
25 KB
119 23
Domain Requested by
11 www.nytimes.com go.sniply.site
11 g1.nyt.com go.sniply.site
g1.nyt.com
10 nytimes.com 10 redirects
9 dt.adsafeprotected.com cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com
8 fastlane.rubiconproject.com www.nytimes.com
7 securepubads.g.doubleclick.net nytimes.com
rumcdn.geoedge.be
securepubads.g.doubleclick.net
cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com
www.googletagservices.com
6 tpc.googlesyndication.com cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com
rumcdn.geoedge.be
5 pagead2.googlesyndication.com securepubads.g.doubleclick.net
tpc.googlesyndication.com
www.googletagservices.com
5 samizdat-graphql.nytimes.com go.sniply.site
nytimes.com
3 static.adsafeprotected.com pixel.adsafeprotected.com
cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com
3 cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com securepubads.g.doubleclick.net
rumcdn.geoedge.be
cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com
3 myaccount.nytimes.com rumcdn.geoedge.be
myaccount.nytimes.com
3 aax-dtb-cf.amazon-adsystem.com c.amazon-adsystem.com
3 static01.nyt.com go.sniply.site
3 c.amazon-adsystem.com go.sniply.site
c.amazon-adsystem.com
2 cdn.doubleverify.com cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com
go.sniply.site
2 pixel.adsafeprotected.com 1 redirects cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com
2 static01.nytimes.com cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com
2 fonts.googleapis.com client
cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com
2 rumcdn.geoedge.be go.sniply.site
rumcdn.geoedge.be
2 a.et.nytimes.com go.sniply.site
2 go.sniply.site 1 redirects
1 tpsc-eu3.doubleverify.com cdn.doubleverify.com
1 eb2.3lift.com
1 u.openx.net
1 cs.media.net
1 www.google.com rumcdn.geoedge.be
1 tps.doubleverify.com cdn.doubleverify.com
1 fonts.gstatic.com fonts.googleapis.com
1 www.googletagservices.com cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com
1 bs.serving-sys.com cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com
1 secure-gl.imrworldwide.com cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com
1 adservice.google.com rumcdn.geoedge.be
1 adservice.google.de rumcdn.geoedge.be
1 www.googletagmanager.com go.sniply.site
1 ib.adnxs.com www.nytimes.com
1 tlx.3lift.com www.nytimes.com
1 nytimes-d.openx.net www.nytimes.com
1 prebid.media.net www.nytimes.com
1 cdn.jsdelivr.net go.sniply.site
0 purr.nytimes.com Failed nytimes.com
0 a.nytimes.com Failed nytimes.com
0 meter-svc.nytimes.com Failed nytimes.com
0 als-svc.nytimes.com Failed go.sniply.site
119 44
Subject Issuer Validity Valid
go.sniply.site
Cloudflare Inc ECC CA-3		 2022-10-03 -
2023-10-02		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-06-02 -
2023-06-01		 a year crt.sh
nytimes.com
Thawte RSA CA 2018		 2022-03-14 -
2023-04-14		 a year crt.sh
a.et.nytimes.com
R3		 2022-10-04 -
2023-01-02		 3 months crt.sh
gw.geoedge.be
Amazon		 2022-09-12 -
2023-10-10		 a year crt.sh
c.amazon-adsystem.com
Amazon		 2022-05-09 -
2023-04-18		 a year crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2022-09-12 -
2022-12-05		 3 months crt.sh
*.media.net
Sectigo RSA Domain Validation Secure Server CA		 2022-04-06 -
2023-05-04		 a year crt.sh
*.rubiconproject.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-03-08 -
2023-04-04		 a year crt.sh
*.openx.net
GeoTrust RSA CA 2018		 2022-07-21 -
2023-08-21		 a year crt.sh
*.3lift.com
Amazon		 2022-05-13 -
2023-06-11		 a year crt.sh
*.adnxs.com
GeoTrust ECC CA 2018		 2022-02-11 -
2023-03-14		 a year crt.sh
aax-dtb-mobile-cf.amazon-adsystem.com
Amazon		 2022-06-15 -
2023-06-15		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2022-09-12 -
2022-12-05		 3 months crt.sh
*.google.de
GTS CA 1C3		 2022-09-12 -
2022-12-05		 3 months crt.sh
*.google.com
GTS CA 1C3		 2022-09-26 -
2022-12-19		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2022-09-26 -
2022-12-19		 3 months crt.sh
tpc.googlesyndication.com
GTS CA 1C3		 2022-09-12 -
2022-12-05		 3 months crt.sh
fw.adsafeprotected.com
Amazon		 2022-04-28 -
2023-05-27		 a year crt.sh
*.imrworldwide.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-01-04 -
2023-02-03		 a year crt.sh
bs.serving-sys.com
Amazon		 2022-04-10 -
2023-05-09		 a year crt.sh
static.adsafeprotected.com
Amazon		 2022-08-06 -
2023-09-04		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2022-09-12 -
2022-12-05		 3 months crt.sh
*.doubleverify.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-07-05 -
2023-07-07		 a year crt.sh
dt.adsafeprotected.com
Amazon		 2022-04-10 -
2023-05-08		 a year crt.sh
*.tps.doubleverify.com
Go Daddy Secure Certificate Authority - G2		 2022-09-28 -
2023-10-30		 a year crt.sh
www.google.com
GTS CA 1C3		 2022-09-12 -
2022-12-05		 3 months crt.sh

This page contains 8 frames:

Primary Page: https://go.sniply.site/web?url=https://nytimes.com/2022/10/18/theater/1776-broadway-sara-porkalob.html
Frame ID: 3960A4E589B02FB56E996B0E4C80F96F
Requests: 72 HTTP requests in this frame

Frame: https://myaccount.nytimes.com/auth/prefetch-assets
Frame ID: 301C354F91CD8754611CB4B8DE4255E3
Requests: 3 HTTP requests in this frame

Frame: https://cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 7238CC3745829F4F4EB6D41D3D81DB14
Requests: 1 HTTP requests in this frame

Frame: https://cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 978B46CFCFBC6332F4C7E537D3B9EA9D
Requests: 30 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: F4089DCC39774C1F22571252E76D210C
Requests: 1 HTTP requests in this frame

Frame: https://cdn.doubleverify.com/dv-measurements3094.js
Frame ID: 2E30787B2A3CE8540285271CBFFFFA48
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 9D7A45CE847D650196E24208BC63DD55
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 1F66E23B8D813E0F27024C6790D1EA4B
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

For Broadway’s ‘1776’ Revival, the Drama Is Offstage - The New York Times

Page URL History Show full URLs

  1. https://go.sniply.site/?url=https://nytimes.com/2022/10/18/theater/1776-broadway-sara-porkalob.html... HTTP 302
    https://go.sniply.site/web?url=https://nytimes.com/2022/10/18/theater/1776-broadway-sara-porkalob.html Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)
Overall confidence: 100%
Detected patterns
  • tpc\.googlesyndication\.com/safeframe
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.openx\.net
Overall confidence: 100%
Detected patterns
  • adnxs\.com/[^"]*(?:prebid|/pb\.js)
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.rubiconproject\.com
Overall confidence: 100%
Detected patterns
  • serving-sys\.com/
Overall confidence: 100%
Detected patterns
  • <link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
  • //cdn\.jsdelivr\.net/

Page Statistics

119
Requests

83 %
HTTPS

58 %
IPv6

23
Domains

44
Subdomains

34
IPs

3
Countries

2461 kB
Transfer

7520 kB
Size

12
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://go.sniply.site/?url=https://nytimes.com/2022/10/18/theater/1776-broadway-sara-porkalob.html&utm_source=sniply&utm_campaign=sniply&utm_medium=sniply,IFRAME:https://go.sniply.site/? HTTP 302
    https://go.sniply.site/web?url=https://nytimes.com/2022/10/18/theater/1776-broadway-sara-porkalob.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 2
  • https://nytimes.com/vi-assets/static-assets/global-f449cfd9976ad673ef2b7ab5098b85be.css HTTP 301
  • https://www.nytimes.com/vi-assets/static-assets/global-f449cfd9976ad673ef2b7ab5098b85be.css
Request Chain 3
  • https://nytimes.com/vi-assets/static-assets/adslot-163eed3eb592753ba35a.js HTTP 301
  • https://www.nytimes.com/vi-assets/static-assets/adslot-163eed3eb592753ba35a.js
Request Chain 41
  • https://nytimes.com/vi-assets/static-assets/vendor-d8fa676cbc7246181cc1.js HTTP 301
  • https://www.nytimes.com/vi-assets/static-assets/vendor-d8fa676cbc7246181cc1.js
Request Chain 42
  • https://nytimes.com/vi-assets/static-assets/story-5180fbd9346edeced60a.js HTTP 301
  • https://www.nytimes.com/vi-assets/static-assets/story-5180fbd9346edeced60a.js
Request Chain 43
  • https://nytimes.com/vi-assets/static-assets/main-0041cb61d7352a12316e.js HTTP 301
  • https://www.nytimes.com/vi-assets/static-assets/main-0041cb61d7352a12316e.js
Request Chain 50
  • https://nytimes.com/vi-assets/static-assets/vendors~audio~bestsellers~byline~capsule~collections~explainer~home~liveAsset~markets~paidpost~revie~4a3ef3d2-7f0d21b9b656320c166f.js HTTP 301
  • https://www.nytimes.com/vi-assets/static-assets/vendors~audio~bestsellers~byline~capsule~collections~explainer~home~liveAsset~markets~paidpost~revie~4a3ef3d2-7f0d21b9b656320c166f.js
Request Chain 51
  • https://nytimes.com/vi-assets/static-assets/vendors~audio~byline~capsule~clientSideCapsule~collections~explainer~liveAsset~paidpost~slideshow~st~5ec95911-824144bf9c921d79b374.js HTTP 301
  • https://www.nytimes.com/vi-assets/static-assets/vendors~audio~byline~capsule~clientSideCapsule~collections~explainer~liveAsset~paidpost~slideshow~st~5ec95911-824144bf9c921d79b374.js
Request Chain 52
  • https://nytimes.com/vi-assets/static-assets/vendors~audio~capsule~card~clientSideCapsule~collections~explainer~home~liveAsset~paidpost~story~tre~698cb9e2-3fafe57b731fc315298f.js HTTP 301
  • https://www.nytimes.com/vi-assets/static-assets/vendors~audio~capsule~card~clientSideCapsule~collections~explainer~home~liveAsset~paidpost~story~tre~698cb9e2-3fafe57b731fc315298f.js
Request Chain 65
  • https://nytimes.com/vi-assets/static-assets/comments-f9ad8ad9dc5aec5cc776.js HTTP 301
  • https://www.nytimes.com/vi-assets/static-assets/comments-f9ad8ad9dc5aec5cc776.js
Request Chain 69
  • https://nytimes.com/vi-assets/static-assets/clientSideCapsule-efc21f60e100aa26bedf.js HTTP 301
  • https://www.nytimes.com/vi-assets/static-assets/clientSideCapsule-efc21f60e100aa26bedf.js
Request Chain 92
  • https://pixel.adsafeprotected.com/rfw/st/1204993/66236240/skeleton.js?adsafe_url=https%3A%2F%2Fgo.sniply.site&adsafe_type=y&adsafe_url=https%3A%2F%2Fgo.sniply.site%2F&adsafe_type=e&adsafe_url=https%3A%2F%2Fcbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fcbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&adsafe_type=d&adsafe_jsinfo=,id:5fd5ec8d-1d00-735e-4e4c-fede177d375f,c:rv9ZBd,sl:na,em:true,fr:false,thd:1,mn:jsserver-primary-5b58464db-6fm9r,rg:ie,pt:1-5-15,mu:10000,br:c,bru:c,an:n,oam:0,scm:oHpDvn1.TpQLI1.pzSwa1,mtim:117,mot:0,app:0,maw:0,fm:tkIMCla+11%7C12%7C13%7C14*.1204993-66236240,idMap:14*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:1,renddet:DIV.qs.sn,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:1,cnod:1,gm:0,tt:rjss,et:136,oid:da107bd6-4fbd-11ed-ac86-8218928189a5,v:19.8.358,sp:1,st:0,fwm:1,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
  • https://static.adsafeprotected.com/skeleton.js

119 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request web
go.sniply.site/
Redirect Chain
  • https://go.sniply.site/?url=https://nytimes.com/2022/10/18/theater/1776-broadway-sara-porkalob.html&utm_source=sniply&utm_campaign=sniply&utm_medium=sniply,IFRAME:https://go.sniply.site/?
  • https://go.sniply.site/web?url=https://nytimes.com/2022/10/18/theater/1776-broadway-sara-porkalob.html
225 KB
56 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://go.sniply.site/web?url=https://nytimes.com/2022/10/18/theater/1776-broadway-sara-porkalob.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:f34e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
eebcc48124e5dde69bd60e8d930962cb76946b24c849673565c52c2cfc107be7

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
private
cf-cache-status
MISS
cf-ray
75ca58823b639bf8-FRA
content-encoding
br
content-type
text/html; charset=utf-8
date
Wed, 19 Oct 2022 14:53:53 GMT
last-modified
Wed, 19 Oct 2022 14:53:52 GMT
server
cloudflare
vary
Accept-Encoding
x-do-app-origin
e2f22dc9-1a27-4af8-a676-4b1b49254249
x-do-orig-status
200

Redirect headers

cache-control
private
cf-cache-status
MISS
cf-ray
75ca58806e9e9bf8-FRA
content-type
text/html; charset=utf-8
date
Wed, 19 Oct 2022 14:53:52 GMT
location
/web?url=https://nytimes.com/2022/10/18/theater/1776-broadway-sara-porkalob.html
server
cloudflare
vary
Accept-Encoding
x-do-app-origin
e2f22dc9-1a27-4af8-a676-4b1b49254249
x-do-orig-status
302
bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/ 		152 KB
25 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css
Requested by
Host: go.sniply.site
URL: https://go.sniply.site/web?url=https://nytimes.com/2022/10/18/theater/1776-broadway-sara-porkalob.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5714 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7633b7c0c97d19e682feee8afa2738523fcb2a14544a550572caeecd2eefe66b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://go.sniply.site/
Origin
https://go.sniply.site
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 19 Oct 2022 14:53:53 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
10217910
x-jsd-version
5.0.2
content-encoding
br
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by
cache-fra19173-FRA, cache-cdg20747-CDG
x-jsd-version-type
version
server
cloudflare
etag
W/"260c5-fByeBXPlzqi603M74vxjqoxo6o0"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=V4wIlzqEJeBj353LmdJExmDU8pXxOUtzD%2BHXg%2F8rCXEn6ie4%2F4%2FuYj%2BcBZUgE%2B39B31O2y742KRBoM4%2FqMLoMT0giQWIUCoUfeRFTVzdYiuOVhL8KM6YoyZkIWdrzLakF02gb8D6E5DTjouCIGc%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin
*
cf-ray
75ca5886ce67903c-FRA
web-fonts.d05a02583ca20b8afd5115f3ef8f1b8d134f743d.css
g1.nyt.com/fonts/css/ 		60 KB
10 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://g1.nyt.com/fonts/css/web-fonts.d05a02583ca20b8afd5115f3ef8f1b8d134f743d.css
Requested by
Host: go.sniply.site
URL: https://go.sniply.site/web?url=https://nytimes.com/2022/10/18/theater/1776-broadway-sara-porkalob.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.65.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
UploadServer /
Resource Hash
18ddec635c94f0004919a4c299f1e5bdf1e5cc0efc263669fc343d5cfc6144f3
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; preload; includeSubdomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://go.sniply.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

expires
Tue, 26 Sep 2023 23:57:20 GMT
date
Wed, 19 Oct 2022 14:53:53 GMT
content-encoding
gzip
via
1.1 varnish
strict-transport-security
max-age=63072000; preload; includeSubdomains
age
1954593
x-guploader-uploadid
ADPycdt5eJHms-t-Z8CQ0DDQ83jJeh6_srp9aooVcYPoYZy4MsGxdSUdXt7jYYuyfMkhW7DJBOS0-UnWS3VuL4GQ6j8HNpztuCF1
x-cache
HIT
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
content-length
9789
x-served-by
cache-hhn4042-HHN
last-modified
Tue, 03 May 2022 17:15:49 GMT
server
UploadServer
x-timer
S1666191233.149662,VS0,VE0
etag
"0ae5b8ecb62ff6424a71dc89303213f5"
vary
Accept-Encoding
x-goog-generation
1651598149653041
x-goog-hash
crc32c=YzYKVQ==, md5=CuW47LYv9kJKcdyJMDIT9Q==
content-type
text/css; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
Content-Type
cache-control
public,max-age=31536000,immutable
access-control-allow-methods
GET, OPTIONS
x-goog-stored-content-length
9789
accept-ranges
bytes
x-nyt-pagetype
web-font
timing-allow-origin
*
x-cache-hits
41460
global-f449cfd9976ad673ef2b7ab5098b85be.css
www.nytimes.com/vi-assets/static-assets/
Redirect Chain
  • https://nytimes.com/vi-assets/static-assets/global-f449cfd9976ad673ef2b7ab5098b85be.css
  • https://www.nytimes.com/vi-assets/static-assets/global-f449cfd9976ad673ef2b7ab5098b85be.css
6 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.nytimes.com/vi-assets/static-assets/global-f449cfd9976ad673ef2b7ab5098b85be.css
Requested by
Host: go.sniply.site
URL: https://go.sniply.site/web?url=https://nytimes.com/2022/10/18/theater/1776-broadway-sara-porkalob.html
Protocol
H2
Server
151.101.65.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
UploadServer /
Resource Hash
57bc281be64ff5ec8e3c2258640df6097a32f08ac5a2c346f214300eb430f176
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
Strict-Transport-Security max-age=63072000; preload; includeSubdomains
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://go.sniply.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-encoding
gzip
age
601435
x-guploader-uploadid
ADPycdvEJl1hmZGugRdfuWY4nDpRq2KtbSvJL6QJydJNImne_yAf6FwUdm5b5jSr_NhlUWEqFcu-KDxldlvzQY2xtkU_cGQqE_bQ
x-goog-stored-content-encoding
identity
x-origin-time
2022-10-12 15:50:01 UTC
x-served-by
cache-hhn4042-HHN
x-timer
S1666191233.169882,VS0,VE1
etag
"e74f8b7c668251280cf3e52e20455a1c"
vary
Accept-Encoding, Fastly-SSL
x-goog-generation
1665437996107668
content-type
text/css; charset=utf-8
x-frame-options
DENY
onion-location
https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/global-f449cfd9976ad673ef2b7ab5098b85be.css
cache-control
public,max-age=31536000
x-nyt-app-webview
0
x-nyt-route
vi-assets
x-nyt-edge-cache
HIT
x-cache-hits
11945
expires
Thu, 12 Oct 2023 15:49:58 GMT
date
Wed, 19 Oct 2022 14:53:53 GMT
strict-transport-security
max-age=63072000; preload; includeSubdomains
x-api-version
F-X
x-cache
HIT
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
content-length
1968
last-modified
Wed, 12 Oct 2022 15:40:50 GMT
server
UploadServer
x-goog-hash
crc32c=jAKqfw==, md5=50+LfGaCUSgM8+UuIEVaHA==
x-gdpr
1
x-goog-stored-content-length
5656
accept-ranges
bytes

Redirect headers

date
Wed, 19 Oct 2022 14:53:53 GMT
content-security-policy
upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
strict-transport-security
max-age=63072000; preload
x-api-version
F-0
x-cache
HIT
content-length
0
x-served-by
cache-hhn4042-HHN
server
Varnish
x-frame-options
DENY
onion-location
https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/global-f449cfd9976ad673ef2b7ab5098b85be.css
location
https://www.nytimes.com/vi-assets/static-assets/global-f449cfd9976ad673ef2b7ab5098b85be.css
x-gdpr
1
x-nyt-app-webview
0
x-nyt-route
vi-assets
x-nyt-edge-cache
HIT
accept-ranges
bytes
retry-after
0
x-cache-hits
0
adslot-163eed3eb592753ba35a.js
www.nytimes.com/vi-assets/static-assets/
Redirect Chain
  • https://nytimes.com/vi-assets/static-assets/adslot-163eed3eb592753ba35a.js
  • https://www.nytimes.com/vi-assets/static-assets/adslot-163eed3eb592753ba35a.js
21 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.nytimes.com/vi-assets/static-assets/adslot-163eed3eb592753ba35a.js
Requested by
Host: go.sniply.site
URL: https://go.sniply.site/web?url=https://nytimes.com/2022/10/18/theater/1776-broadway-sara-porkalob.html
Protocol
H2
Server
151.101.65.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
UploadServer /
Resource Hash
70ea4e02c495fa95ff1f91ff189838908b685048661a69f863288217c0c64b27
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
Strict-Transport-Security max-age=63072000; preload; includeSubdomains
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://go.sniply.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-encoding
gzip
age
82746
x-guploader-uploadid
ADPycdstxMPaUTEDav9CXUNfbdftXH2VZxvWAh4Br5a6RC3hu9mcpAUTtjTr7n8M82764dK4e9scY1t9991U9otIL7pahalRoEp7
x-goog-stored-content-encoding
identity
x-origin-time
2022-10-18 15:54:47 UTC
x-served-by
cache-hhn4042-HHN
x-timer
S1666191233.169842,VS0,VE1
etag
"4b778dee101a04141cfc71adb4c18666"
vary
Accept-Encoding, Fastly-SSL
x-goog-generation
1666107803354002
content-type
application/javascript
x-frame-options
DENY
onion-location
https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/adslot-163eed3eb592753ba35a.js
cache-control
public,max-age=31536000
x-nyt-app-webview
0
x-nyt-route
vi-assets
x-nyt-edge-cache
HIT
x-cache-hits
3065
expires
Wed, 18 Oct 2023 15:54:47 GMT
date
Wed, 19 Oct 2022 14:53:53 GMT
strict-transport-security
max-age=63072000; preload; includeSubdomains
x-api-version
F-X
x-cache
HIT
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
content-length
7712
last-modified
Tue, 18 Oct 2022 15:43:23 GMT
server
UploadServer
x-goog-hash
crc32c=X9Fmlw==, md5=S3eN7hAaBBQc/HGttMGGZg==
x-gdpr
1
x-goog-stored-content-length
21998
accept-ranges
bytes

Redirect headers

date
Wed, 19 Oct 2022 14:53:53 GMT
content-security-policy
upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
strict-transport-security
max-age=63072000; preload
x-api-version
F-0
x-cache
HIT
content-length
0
x-served-by
cache-hhn4042-HHN
server
Varnish
x-frame-options
DENY
onion-location
https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/adslot-163eed3eb592753ba35a.js
location
https://www.nytimes.com/vi-assets/static-assets/adslot-163eed3eb592753ba35a.js
x-gdpr
1
x-nyt-app-webview
0
x-nyt-route
vi-assets
x-nyt-edge-cache
HIT
accept-ranges
bytes
retry-after
0
x-cache-hits
0
track
a.et.nytimes.com/ 		0
0 		Ping
General
Check archive.org
Download Go to
Full URL
https://a.et.nytimes.com/track
Requested by
Host: go.sniply.site
URL: https://go.sniply.site/web?url=https://nytimes.com/2022/10/18/theater/1776-broadway-sara-porkalob.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.192.116.222 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-192-116-222.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://go.sniply.site/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers
v2
samizdat-graphql.nytimes.com/graphql/ 		0
0
v2
samizdat-graphql.nytimes.com/graphql/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://samizdat-graphql.nytimes.com/graphql/v2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.129.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
envoy /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; preload; includeSubdomains

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,nyt-app-type,nyt-app-version,nyt-token
Access-Control-Request-Method
POST
Origin
https://go.sniply.site
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

accept-ranges
bytes
age
0
cache-control
max-age=30
content-length
0
date
Wed, 19 Oct 2022 14:53:53 GMT
samizdat-x-canary
false
samizdat-x-instance
19015e65
server
envoy
strict-transport-security
max-age=63072000; preload; includeSubdomains
timing-allow-origin
*
vary
Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers
via
1.1 google, 1.1 varnish
x-b3-traceid
7a368a8e143249ac-714f3d81a04c7d2a-0
x-cache
MISS
x-cache-hits
0
x-datadog-trace-id
7a368a8e143249ac-714f3d81a04c7d2a-0
x-envoy-decorator-operation
graphql-v1.samizdat.nyti.nyt.net:443/*
x-envoy-upstream-service-time
16
x-nyt-audience-target-flat
EU:PM
x-nyt-continent
EU
x-nyt-country
DE
x-nyt-edge-cache
MISS
x-nyt-meridiem
PM
x-nyt-region
BY
x-samizdat-query-exe-id
81d0956b39e808a1
x-samizdat-query-field-errors
0
x-served-by
cache-hhn4041-HHN
x-timer
S1666191233.258713,VS0,VE110
als
als-svc.nytimes.com/ 		0
0
grumi-ip.js
rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/ 		12 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi-ip.js
Requested by
Host: go.sniply.site
URL: https://go.sniply.site/web?url=https://nytimes.com/2022/10/18/theater/1776-broadway-sara-porkalob.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2182:e800:4:b37b:9440:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
8d50c94e062cfbcd2b5b804e9bdb01755941dc851812cdbeea3c6dc928651f8c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://go.sniply.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 19 Oct 2022 13:24:10 GMT
content-encoding
br
via
1.1 88bc7a9e54e3765a2fd64d3e80cc8216.cloudfront.net (CloudFront)
x-amz-version-id
Mqcx_zR74cdahkfMHQ_goA6GNC2IAMU3
last-modified
Tue, 06 Sep 2022 10:54:03 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-C1
age
5384
etag
W/"8ad2beee52c2abad4a49b927b72d3048"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
public, max-age: 14400, stale-while-revalidate=14400, immutable
x-amz-cf-id
D1DmAvEGj5LzUuHTmqH4joj9de__DS5cpIhpEtWed3TpV7h05Eyl_A==
apstag.js
c.amazon-adsystem.com/aax2/ 		176 KB
44 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/aax2/apstag.js
Requested by
Host: go.sniply.site
URL: https://go.sniply.site/web?url=https://nytimes.com/2022/10/18/theater/1776-broadway-sara-porkalob.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.71.118 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-71-118.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
6d5aeb863142a8ddac2ae6d950ad4995d72ecb88e8657e7d9c505459dc930ba7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://go.sniply.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 19 Oct 2022 14:12:40 GMT
content-encoding
gzip
via
1.1 c80fd33b8f8c4dff5488cc52ba797aa6.cloudfront.net (CloudFront), 1.1 14b10bd09a0531ef477d0a404ca26900.cloudfront.net (CloudFront)
last-modified
Thu, 06 Oct 2022 22:15:20 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P1, FRA56-C1
age
2474
etag
W/"13600701857be6a3c4cd98a7b8e7133a"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
public, max-age=3600
x-amz-cf-id
j4hw8OVbmaozZaba7o2M1EiEv_9YN1fY0ethp584U10diiRAnXvrUg==
prebid6.8.0.js
www.nytimes.com/ads/ 		241 KB
74 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.nytimes.com/ads/prebid6.8.0.js
Requested by
Host: go.sniply.site
URL: https://go.sniply.site/web?url=https://nytimes.com/2022/10/18/theater/1776-broadway-sara-porkalob.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.65.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
UploadServer /
Resource Hash
eea5762a3d58a2d45a7ad522cb4a1d8bd13829901b4ebe78aa3f31bb394af143
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
Strict-Transport-Security max-age=63072000; preload; includeSubdomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://go.sniply.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-encoding
gzip
age
601431
x-guploader-uploadid
ADPycdug07LDdOORDZ3qsPc8fgxo__jznYgnDrZdw5sVEXGh2_8ov0KRPoUV1DwP-SE9AOwIVOVp_RS6c5xUYcYZ8C5hcw
x-goog-stored-content-encoding
identity
x-origin-time
2022-10-12 15:50:02 UTC
x-served-by
cache-hhn4042-HHN
x-timer
S1666191233.244608,VS0,VE1
etag
"d535a8e9911ccbdf7afbe80381111f2e"
vary
Accept-Encoding, Fastly-SSL
x-goog-generation
1643135620637982
content-type
text/javascript
access-control-allow-origin
*
onion-location
https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/ads/prebid6.8.0.js
cache-control
max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-nyt-app-webview
0
x-nyt-route
ads-static-assets
x-nyt-edge-cache
HIT
x-cache-hits
3679
expires
Wed, 12 Oct 2022 15:50:01 GMT
date
Wed, 19 Oct 2022 14:53:53 GMT
strict-transport-security
max-age=63072000; preload; includeSubdomains
x-api-version
F-X
x-cache
HIT
x-goog-storage-class
REGIONAL
x-goog-metageneration
2
content-length
75471
last-modified
Tue, 25 Jan 2022 18:33:40 GMT
server
UploadServer
x-goog-hash
crc32c=B27QAA==, md5=1TWo6ZEcy996++gDgREfLg==
x-gdpr
1
x-goog-stored-content-length
246938
accept-ranges
bytes
gpt.js
securepubads.g.doubleclick.net/tag/js/ 		79 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: nytimes.com
URL: https://nytimes.com/vi-assets/static-assets/adslot-163eed3eb592753ba35a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e83bc53cda9096673cc887bce1f7091eee51b8f13307abb474e0f752c8dffb57
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://go.sniply.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 19 Oct 2022 14:53:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
27613
x-xss-protection
0
server
sffe
etag
"1368 / 756 of 1000 / last-modified: 1666177533"
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Wed, 19 Oct 2022 14:53:53 GMT
franklin-normal-500.0f4aea3d462cdb64748629efcbbf36bc.woff2
g1.nyt.com/fonts/family/franklin/ 		19 KB
20 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://g1.nyt.com/fonts/family/franklin/franklin-normal-500.0f4aea3d462cdb64748629efcbbf36bc.woff2
Requested by
Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.d05a02583ca20b8afd5115f3ef8f1b8d134f743d.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.65.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
UploadServer /
Resource Hash
0b904723c5938b523c9ae329ba2b763681cb1de225c8f202d11012cbfd533f1f
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; preload; includeSubdomains

Request headers

Referer
https://g1.nyt.com/fonts/css/web-fonts.d05a02583ca20b8afd5115f3ef8f1b8d134f743d.css
Origin
https://go.sniply.site
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

expires
Thu, 07 Sep 2023 10:14:00 GMT
date
Wed, 19 Oct 2022 14:53:53 GMT
via
1.1 varnish
strict-transport-security
max-age=63072000; preload; includeSubdomains
age
3645592
x-guploader-uploadid
ADPycdvs34e7FTDEnYwVWJ23ft0O2Vrpi0RmMJnG1qO8aqV3zHFk10CLtqOFrq2W_nuWtgRnPg15F27HMk_g8WHQ3j0aytsdIiId
x-cache
HIT
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
content-length
19816
x-served-by
cache-hhn4058-HHN
last-modified
Tue, 03 May 2022 17:15:51 GMT
server
UploadServer
x-timer
S1666191233.272172,VS0,VE0
etag
"0f4aea3d462cdb64748629efcbbf36bc"
x-goog-generation
1651598151017654
content-type
application/octet-stream
access-control-allow-origin
*
x-goog-hash
crc32c=bdL0Mw==, md5=D0rqPUYs22R0hinvy782vA==
access-control-expose-headers
Content-Type
cache-control
public,max-age=31536000,immutable
access-control-allow-methods
GET, OPTIONS
x-goog-stored-content-length
19816
accept-ranges
bytes
x-nyt-pagetype
web-font
timing-allow-origin
*
x-cache-hits
37845
franklin-normal-700.91eaf6b5642463af4091160b4bbfdfcb.woff2
g1.nyt.com/fonts/family/franklin/ 		20 KB
20 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://g1.nyt.com/fonts/family/franklin/franklin-normal-700.91eaf6b5642463af4091160b4bbfdfcb.woff2
Requested by
Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.d05a02583ca20b8afd5115f3ef8f1b8d134f743d.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.65.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
UploadServer /
Resource Hash
b5221e0636a97505ae38720d4ef182d35be5fb47d2628428db4fc918ab7ee30e
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; preload; includeSubdomains

Request headers

Referer
https://g1.nyt.com/fonts/css/web-fonts.d05a02583ca20b8afd5115f3ef8f1b8d134f743d.css
Origin
https://go.sniply.site
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

expires
Tue, 12 Sep 2023 22:46:09 GMT
date
Wed, 19 Oct 2022 14:53:53 GMT
via
1.1 varnish
strict-transport-security
max-age=63072000; preload; includeSubdomains
age
3168463
x-guploader-uploadid
ADPycdvm3PblP2ctU_Q0fGF3ZRVUHPvI2UTz3DL6fQ8RfvpsMbTsiK1b5bAzLPRJxbmAFpOsu3xQkPXbmA1Ja03j0YoGJg
x-cache
HIT
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
content-length
20276
x-served-by
cache-hhn4058-HHN
last-modified
Tue, 03 May 2022 17:15:51 GMT
server
UploadServer
x-timer
S1666191233.272603,VS0,VE0
etag
"91eaf6b5642463af4091160b4bbfdfcb"
x-goog-generation
1651598151054057
content-type
application/octet-stream
access-control-allow-origin
*
x-goog-hash
crc32c=teZvhg==, md5=ker2tWQkY69AkRYLS7/fyw==
access-control-expose-headers
Content-Type
cache-control
public,max-age=31536000,immutable
access-control-allow-methods
GET, OPTIONS
x-goog-stored-content-length
20276
accept-ranges
bytes
x-nyt-pagetype
web-font
timing-allow-origin
*
x-cache-hits
37776
cheltenham-normal-400.a3ed7afe3eaa0a873f3fbd379f8c491b.woff2
g1.nyt.com/fonts/family/cheltenham/ 		28 KB
29 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://g1.nyt.com/fonts/family/cheltenham/cheltenham-normal-400.a3ed7afe3eaa0a873f3fbd379f8c491b.woff2
Requested by
Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.d05a02583ca20b8afd5115f3ef8f1b8d134f743d.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.65.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
UploadServer /
Resource Hash
48c17df8a89e5c3acb4127a265cce50218716f0dfdf7ad265267d4a013f01b2f
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; preload; includeSubdomains

Request headers

Referer
https://g1.nyt.com/fonts/css/web-fonts.d05a02583ca20b8afd5115f3ef8f1b8d134f743d.css
Origin
https://go.sniply.site
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

expires
Fri, 11 Nov 2022 00:54:21 GMT
date
Wed, 19 Oct 2022 14:53:53 GMT
via
1.1 varnish
strict-transport-security
max-age=63072000; preload; includeSubdomains
age
29599173
x-guploader-uploadid
ADPycdsbmB0iGXrnj0YJIZxZlMCd46_nNAOz3Po7oc1jbUFbh_TztelAet_j9dEfjgeGE8bMBAavINFKWZRKFcfT-wI
x-cache
HIT
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
content-length
29076
x-served-by
cache-hhn4058-HHN
last-modified
Wed, 15 Sep 2021 19:43:02 GMT
server
UploadServer
x-timer
S1666191233.272587,VS0,VE0
etag
"a3ed7afe3eaa0a873f3fbd379f8c491b"
x-goog-generation
1631734982705223
content-type
application/octet-stream
access-control-allow-origin
*
x-goog-hash
crc32c=qrdFGQ==, md5=o+16/j6qCoc/P703n4xJGw==
access-control-expose-headers
Content-Type
cache-control
public,max-age=31536000,immutable
access-control-allow-methods
GET, OPTIONS
x-goog-stored-content-length
29076
accept-ranges
bytes
x-nyt-pagetype
web-font
timing-allow-origin
*
x-cache-hits
25951
cheltenham-small-normal-400.108ce298d451197b23fefceb3e36959f.woff2
g1.nyt.com/fonts/family/cheltenham-small/ 		20 KB
20 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://g1.nyt.com/fonts/family/cheltenham-small/cheltenham-small-normal-400.108ce298d451197b23fefceb3e36959f.woff2
Requested by
Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.d05a02583ca20b8afd5115f3ef8f1b8d134f743d.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.65.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
UploadServer /
Resource Hash
7e600a56d48ef1c596bf57dab35afecd2d31a8d2672b045efdde1fec1a0f0f07
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; preload; includeSubdomains

Request headers

Referer
https://g1.nyt.com/fonts/css/web-fonts.d05a02583ca20b8afd5115f3ef8f1b8d134f743d.css
Origin
https://go.sniply.site
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

expires
Fri, 18 Nov 2022 00:09:37 GMT
date
Wed, 19 Oct 2022 14:53:53 GMT
via
1.1 varnish
strict-transport-security
max-age=63072000; preload; includeSubdomains
age
28997056
x-guploader-uploadid
ADPycduOrhjba74-CeRc3F9k_9vFN2QMWqkEBhI_NbkUXB0LpkmOIsecIGAI0nwwt8znlr9CmC9Sum3OzIxqJbC3VsM
x-cache
HIT
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
content-length
20136
x-served-by
cache-hhn4058-HHN
last-modified
Wed, 15 Sep 2021 19:43:03 GMT
server
UploadServer
x-timer
S1666191233.272561,VS0,VE0
etag
"108ce298d451197b23fefceb3e36959f"
x-goog-generation
1631734983132414
content-type
application/octet-stream
access-control-allow-origin
*
x-goog-hash
crc32c=jpfQKQ==, md5=EIzimNRRGXsj/vzrPjaVnw==
access-control-expose-headers
Content-Type
cache-control
public,max-age=31536000,immutable
access-control-allow-methods
GET, OPTIONS
x-goog-stored-content-length
20136
accept-ranges
bytes
x-nyt-pagetype
web-font
timing-allow-origin
*
x-cache-hits
14936
cheltenham-normal-700.530cfb72378419eedb60da7e266ad5f1.woff2
g1.nyt.com/fonts/family/cheltenham/ 		28 KB
28 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://g1.nyt.com/fonts/family/cheltenham/cheltenham-normal-700.530cfb72378419eedb60da7e266ad5f1.woff2
Requested by
Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.d05a02583ca20b8afd5115f3ef8f1b8d134f743d.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.65.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
UploadServer /
Resource Hash
564385e5dd8a1058fd759445c33b2c554d409528496b9d91533eeb079f6415de
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; preload; includeSubdomains

Request headers

Referer
https://g1.nyt.com/fonts/css/web-fonts.d05a02583ca20b8afd5115f3ef8f1b8d134f743d.css
Origin
https://go.sniply.site
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

expires
Wed, 23 Aug 2023 22:48:34 GMT
date
Wed, 19 Oct 2022 14:53:53 GMT
via
1.1 varnish
strict-transport-security
max-age=63072000; preload; includeSubdomains
age
4896319
x-guploader-uploadid
ADPycdsBx_PN14La3G8D02jaonwBQj46HSoaPqal5fBOvHqXGN3mRtWA6O3rK5vTJ89LPnPFAbq-tNtSTlPnwxYX7iVfWQ
x-cache
HIT
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
content-length
28276
x-served-by
cache-hhn4058-HHN
last-modified
Tue, 03 May 2022 17:15:49 GMT
server
UploadServer
x-timer
S1666191233.272532,VS0,VE0
etag
"530cfb72378419eedb60da7e266ad5f1"
x-goog-generation
1651598149856995
content-type
application/octet-stream
access-control-allow-origin
*
x-goog-hash
crc32c=O9qQIA==, md5=Uwz7cjeEGe7bYNp+JmrV8Q==
access-control-expose-headers
Content-Type
cache-control
public,max-age=31536000,immutable
access-control-allow-methods
GET, OPTIONS
x-goog-stored-content-length
28276
accept-ranges
bytes
x-nyt-pagetype
web-font
timing-allow-origin
*
x-cache-hits
24162
18seventeen-one-1-ab23-jumbo.jpg
static01.nyt.com/images/2022/10/18/multimedia/18seventeen-one-1-ab23/ 		50 KB
50 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static01.nyt.com/images/2022/10/18/multimedia/18seventeen-one-1-ab23/18seventeen-one-1-ab23-jumbo.jpg?quality=75&auto=webp
Requested by
Host: go.sniply.site
URL: https://go.sniply.site/web?url=https://nytimes.com/2022/10/18/theater/1776-broadway-sara-porkalob.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.65.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
UploadServer /
Resource Hash
0d1d6cd60aa888adcd8d92c5883cdf2523a2e85334a7c73d55911e86429053cf
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; preload; includeSubdomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://go.sniply.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

expires
Tue, 18 Oct 2022 22:04:31 GMT
date
Wed, 19 Oct 2022 14:53:53 GMT
via
1.1 varnish, 1.1 varnish
strict-transport-security
max-age=63072000; preload; includeSubdomains
age
60562
x-guploader-uploadid
ADPycdtc3Mg--C8GcvCqUhOg3oWm_ovPZcS2ac3RAAGlWLTlTTdQuNodbT_oZ-Vc6Ctljr3f-f1lCLV23rHcb3miemf2SjrkUBQV
x-cache
HIT, HIT
fastly-io-info
ifsz=136377 idim=1024x683 ifmt=jpeg ofsz=50704 odim=1024x683 ofmt=webp
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
fastly-stats
io=1
content-length
50704
x-served-by
cache-iad-kcgs7200064-IAD, cache-hhn4042-HHN
server
UploadServer
x-timer
S1666191233.323448,VS0,VE2
etag
"cvCtG/bsF8Twrs6IzAMKcEfRSctcjCgWVmJHF3+sQQ0"
vary
Accept
x-goog-generation
1666130566851746
content-type
image/webp
access-control-allow-origin
*
x-goog-hash
crc32c=AsNvlA==, md5=yt/IfJujCesLsWJZzyE+BA==
cache-control
max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-goog-stored-content-length
136377
accept-ranges
bytes
timing-allow-origin
*
x-cache-hits
8, 1
author-michael-paulson-thumbLarge-v3.png
static01.nyt.com/images/2018/02/20/multimedia/author-michael-paulson/ 		21 KB
21 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static01.nyt.com/images/2018/02/20/multimedia/author-michael-paulson/author-michael-paulson-thumbLarge-v3.png
Requested by
Host: go.sniply.site
URL: https://go.sniply.site/web?url=https://nytimes.com/2022/10/18/theater/1776-broadway-sara-porkalob.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.65.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
UploadServer /
Resource Hash
9dd9f3eb741e25464a7391dff38bda6d2a364f870bef83158ac9079bcd3ef2cb
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; preload; includeSubdomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://go.sniply.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

expires
Tue, 11 Oct 2022 05:47:40 GMT
date
Wed, 19 Oct 2022 14:53:53 GMT
via
1.1 varnish, 1.1 varnish
strict-transport-security
max-age=63072000; preload; includeSubdomains
age
119173
x-guploader-uploadid
ADPycdtDg4vEARJe0vnhTP0KGooqQBaBAQhfgAUS-b-m8WoPljyu9Tmal6M_GJ71Q67M7H_d4x_-W3sdruQkemeI2UFZMg
x-cache
HIT, HIT
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-length
21337
x-served-by
cache-iad-kjyo7100141-IAD, cache-hhn4042-HHN
last-modified
Fri, 20 May 2022 14:08:35 GMT
server
UploadServer
x-timer
S1666191233.323634,VS0,VE1
etag
"d74f32dc7d3eb49458fd49bd649028b0"
vary
Origin
x-goog-generation
1653055715673164
content-type
image/png
access-control-allow-origin
*
x-goog-hash
crc32c=2KLgHw==, md5=108y3H0+tJRY/Um9ZJAosA==
cache-control
max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-goog-stored-content-length
21337
accept-ranges
bytes
timing-allow-origin
*
x-cache-hits
3494, 1
author-jennifer-schuessler-thumbLarge-v2.png
static01.nyt.com/images/2018/02/16/multimedia/author-jennifer-schuessler/ 		23 KB
23 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static01.nyt.com/images/2018/02/16/multimedia/author-jennifer-schuessler/author-jennifer-schuessler-thumbLarge-v2.png
Requested by
Host: go.sniply.site
URL: https://go.sniply.site/web?url=https://nytimes.com/2022/10/18/theater/1776-broadway-sara-porkalob.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.65.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
UploadServer /
Resource Hash
8ce9061fedb1cfa7f6e3fddbd6467919c6c7138c63ba6cc2bcfee7dedeb48881
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; preload; includeSubdomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://go.sniply.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

expires
Tue, 27 Sep 2022 06:39:12 GMT
date
Wed, 19 Oct 2022 14:53:53 GMT
via
1.1 varnish, 1.1 varnish
strict-transport-security
max-age=63072000; preload; includeSubdomains
age
115589
x-guploader-uploadid
ADPycdsQ59UsrxmSxVT9KcKVrGY-95xUfp4nnpTOjhEMXKD-2mwCoPtktbxolZ7KoHnzYfhjUaXTHp_hpbI0awdQ5hbvgA
x-cache
HIT, HIT
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
content-length
23530
x-served-by
cache-iad-kcgs7200148-IAD, cache-hhn4042-HHN
last-modified
Tue, 12 Jun 2018 21:55:27 GMT
server
UploadServer
x-timer
S1666191233.323643,VS0,VE9
etag
"26d4ce448e3c5c9ef801260ad2f43e44"
vary
Origin
x-goog-generation
1528840527352579
content-type
image/png
access-control-allow-origin
*
x-goog-hash
crc32c=k/4xoA==, md5=JtTORI48XJ74ASYK0vQ+RA==
cache-control
max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-goog-stored-content-length
23530
accept-ranges
bytes
timing-allow-origin
*
x-cache-hits
1, 1
imperial-normal-400.6131cd77b6e216c7693ed925f4309ffc.woff2
g1.nyt.com/fonts/family/imperial/ 		26 KB
26 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://g1.nyt.com/fonts/family/imperial/imperial-normal-400.6131cd77b6e216c7693ed925f4309ffc.woff2
Requested by
Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.d05a02583ca20b8afd5115f3ef8f1b8d134f743d.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.65.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
UploadServer /
Resource Hash
b32e3879c83af441e675efa49587cb894bdd3c10420475f79879fbfb7a69766b
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; preload; includeSubdomains

Request headers

Referer
https://g1.nyt.com/fonts/css/web-fonts.d05a02583ca20b8afd5115f3ef8f1b8d134f743d.css
Origin
https://go.sniply.site
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

expires
Thu, 14 Sep 2023 00:21:15 GMT
date
Wed, 19 Oct 2022 14:53:53 GMT
via
1.1 varnish
strict-transport-security
max-age=63072000; preload; includeSubdomains
age
3076358
x-guploader-uploadid
ADPycduFUD6H5jrgwFPuYZwTe49fTmo-WfpKMTjkBkRK3an5_c0WgAg_Pv22NoHfHQXEANeTENKarRwdJxpaoq5fOBviRTlfMwFs
x-cache
HIT
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
content-length
26504
x-served-by
cache-hhn4058-HHN
last-modified
Tue, 03 May 2022 17:15:51 GMT
server
UploadServer
x-timer
S1666191233.273476,VS0,VE0
etag
"6131cd77b6e216c7693ed925f4309ffc"
x-goog-generation
1651598151578179
content-type
application/octet-stream
access-control-allow-origin
*
x-goog-hash
crc32c=ZzOuxA==, md5=YTHNd7biFsdpPtkl9DCf/A==
access-control-expose-headers
Content-Type
cache-control
public,max-age=31536000,immutable
access-control-allow-methods
GET, OPTIONS
x-goog-stored-content-length
26504
accept-ranges
bytes
x-nyt-pagetype
web-font
timing-allow-origin
*
x-cache-hits
36538
cheltenham-italic-700.f99a0459024509f157a3352e5de4f873.woff2
g1.nyt.com/fonts/family/cheltenham/ 		28 KB
29 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://g1.nyt.com/fonts/family/cheltenham/cheltenham-italic-700.f99a0459024509f157a3352e5de4f873.woff2
Requested by
Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.d05a02583ca20b8afd5115f3ef8f1b8d134f743d.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.65.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
UploadServer /
Resource Hash
2ccd0ce11738369585c6f39ed2cde7b3b3b1c25c12fc30047218aa201d6add76
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; preload; includeSubdomains

Request headers

Referer
https://g1.nyt.com/fonts/css/web-fonts.d05a02583ca20b8afd5115f3ef8f1b8d134f743d.css
Origin
https://go.sniply.site
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

expires
Wed, 06 Sep 2023 22:35:47 GMT
date
Wed, 19 Oct 2022 14:53:53 GMT
via
1.1 varnish
strict-transport-security
max-age=63072000; preload; includeSubdomains
age
3687485
x-guploader-uploadid
ADPycdsL_Z8R85VywzJni4AFuUbbB-YhB4-FxkrvoDIO_LEvEB6ntqV_8Ou0Sb0JKAEiOCGf-QIQkIKwhLlO_QCvC0uoqQ
x-cache
HIT
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
content-length
28620
x-served-by
cache-hhn4058-HHN
last-modified
Tue, 03 May 2022 17:15:49 GMT
server
UploadServer
x-timer
S1666191233.273440,VS0,VE0
etag
"f99a0459024509f157a3352e5de4f873"
x-goog-generation
1651598149661480
content-type
application/octet-stream
access-control-allow-origin
*
x-goog-hash
crc32c=4NwmFQ==, md5=+ZoEWQJFCfFXozUuXeT4cw==
access-control-expose-headers
Content-Type
cache-control
public,max-age=31536000,immutable
access-control-allow-methods
GET, OPTIONS
x-goog-stored-content-length
28620
accept-ranges
bytes
x-nyt-pagetype
web-font
timing-allow-origin
*
x-cache-hits
15610
cheltenham-normal-300.7ea91ebd036309e1fe756ee3aab272da.woff2
g1.nyt.com/fonts/family/cheltenham/ 		27 KB
27 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://g1.nyt.com/fonts/family/cheltenham/cheltenham-normal-300.7ea91ebd036309e1fe756ee3aab272da.woff2
Requested by
Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.d05a02583ca20b8afd5115f3ef8f1b8d134f743d.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.65.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
UploadServer /
Resource Hash
e444fdaa833e612d239cf21a335b8322ad8cb7c7ba697ec978bdb454f5059519
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; preload; includeSubdomains

Request headers

Referer
https://g1.nyt.com/fonts/css/web-fonts.d05a02583ca20b8afd5115f3ef8f1b8d134f743d.css
Origin
https://go.sniply.site
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

expires
Wed, 27 Sep 2023 01:18:20 GMT
date
Wed, 19 Oct 2022 14:53:53 GMT
via
1.1 varnish
strict-transport-security
max-age=63072000; preload; includeSubdomains
age
1949732
x-guploader-uploadid
ADPycdtnXvjfcc08mmrusiXD7K2TMwE9quvvpLAIaDTG-LQi9EYRDU6FaPwuCpIQ0STJX7ZxFZmvXwm8NtEZt6C2KQCH8A
x-cache
HIT
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
content-length
27260
x-served-by
cache-hhn4058-HHN
last-modified
Tue, 03 May 2022 17:15:49 GMT
server
UploadServer
x-timer
S1666191233.273407,VS0,VE0
etag
"7ea91ebd036309e1fe756ee3aab272da"
x-goog-generation
1651598149597753
content-type
application/octet-stream
access-control-allow-origin
*
x-goog-hash
crc32c=rNQ9pA==, md5=fqkevQNjCeH+dW7jqrJy2g==
access-control-expose-headers
Content-Type
cache-control
public,max-age=31536000,immutable
access-control-allow-methods
GET, OPTIONS
x-goog-stored-content-length
27260
accept-ranges
bytes
x-nyt-pagetype
web-font
timing-allow-origin
*
x-cache-hits
27136
franklin-normal-300.a6479a5200f9a6352bdb71589c27c9c3.woff2
g1.nyt.com/fonts/family/franklin/ 		20 KB
20 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://g1.nyt.com/fonts/family/franklin/franklin-normal-300.a6479a5200f9a6352bdb71589c27c9c3.woff2
Requested by
Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.d05a02583ca20b8afd5115f3ef8f1b8d134f743d.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.65.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
UploadServer /
Resource Hash
284b0236a4042298beab7fbd92e85285533473c1316488a1fd2e0aa3522f607a
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; preload; includeSubdomains

Request headers

Referer
https://g1.nyt.com/fonts/css/web-fonts.d05a02583ca20b8afd5115f3ef8f1b8d134f743d.css
Origin
https://go.sniply.site
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

expires
Wed, 20 Sep 2023 01:22:45 GMT
date
Wed, 19 Oct 2022 14:53:53 GMT
via
1.1 varnish
strict-transport-security
max-age=63072000; preload; includeSubdomains
age
2554268
x-guploader-uploadid
ADPycdsIzDP0UpfwaLo5DWzHaVRnZwStX8ySiZ9FXOEzkx8uJZt59gyIliX0kXa3zICwEBQNR4gn-6RzkkV0dsxuOyV9Dg
x-cache
HIT
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
content-length
20136
x-served-by
cache-hhn4058-HHN
last-modified
Tue, 03 May 2022 17:15:51 GMT
server
UploadServer
x-timer
S1666191233.276593,VS0,VE0
etag
"a6479a5200f9a6352bdb71589c27c9c3"
x-goog-generation
1651598150991608
content-type
application/octet-stream
access-control-allow-origin
*
x-goog-hash
crc32c=pRBawg==, md5=pkeaUgD5pjUr23FYnCfJww==
access-control-expose-headers
Content-Type
cache-control
public,max-age=31536000,immutable
access-control-allow-methods
GET, OPTIONS
x-goog-stored-content-length
20136
accept-ranges
bytes
x-nyt-pagetype
web-font
timing-allow-origin
*
x-cache-hits
31706
imperial-normal-700.024693f96c8f2c457e4a6a8d02a636b7.woff2
g1.nyt.com/fonts/family/imperial/ 		25 KB
25 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://g1.nyt.com/fonts/family/imperial/imperial-normal-700.024693f96c8f2c457e4a6a8d02a636b7.woff2
Requested by
Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.d05a02583ca20b8afd5115f3ef8f1b8d134f743d.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.65.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
UploadServer /
Resource Hash
a931fed0c94dffa9e7b8c2211bbef72da62d20b73cd718be5d515bd8962cf078
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; preload; includeSubdomains

Request headers

Referer
https://g1.nyt.com/fonts/css/web-fonts.d05a02583ca20b8afd5115f3ef8f1b8d134f743d.css
Origin
https://go.sniply.site
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

expires
Wed, 19 Apr 2023 01:12:28 GMT
date
Wed, 19 Oct 2022 14:53:53 GMT
via
1.1 varnish
strict-transport-security
max-age=63072000; preload; includeSubdomains
age
15860483
x-guploader-uploadid
ADPycdt9Y-ZJ1VzExRe-xlrYIsar2OcW0pZuASehzAjni3nxVRdTmnQ08jQzKWhXLBcf3bo3SCiZ6szBYGmR-xwwE9kPpA
x-cache
HIT
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
content-length
25680
x-served-by
cache-hhn4058-HHN
last-modified
Wed, 15 Sep 2021 19:43:04 GMT
server
UploadServer
x-timer
S1666191233.304568,VS0,VE0
etag
"024693f96c8f2c457e4a6a8d02a636b7"
x-goog-generation
1631734984530255
content-type
application/octet-stream
access-control-allow-origin
*
x-goog-hash
crc32c=VQvFEQ==, md5=AkaT+WyPLEV+SmqNAqY2tw==
access-control-expose-headers
Content-Type
cache-control
public,max-age=31536000,immutable
access-control-allow-methods
GET, OPTIONS
x-goog-stored-content-length
25680
accept-ranges
bytes
x-nyt-pagetype
web-font
timing-allow-origin
*
x-cache-hits
17314
prebid
prebid.media.net/rtb/ 		338 B
455 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.media.net/rtb/prebid?cid=8CU4WQK98
Requested by
Host: www.nytimes.com
URL: https://www.nytimes.com/ads/prebid6.8.0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.148.139 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
139.148.107.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
83e6f2592c322f513c535afa75afdfbe15918f36444b19719e75be6a3deafac1

Request headers

Referer
https://go.sniply.site/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 19 Oct 2022 14:53:53 GMT
content-encoding
gzip
via
1.1 google
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://go.sniply.site
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
alt-svc
clear
fastlane.json
fastlane.rubiconproject.com/a/api/ 		333 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=12330&site_id=378266&zone_id=2088370&size_id=2&alt_size_ids=55%2C57&rf=https%3A%2F%2Fgo.sniply.site%2Fweb%3Furl%3Dhttps%3A%2F%2Fnytimes.com%2F2022%2F10%2F18%2Ftheater%2F1776-broadway-sara-porkalob.html&tg_i.invCode=nyt_theater_top&tk_flint=pbjs_lite_v6.8.0&x_source.tid=34e61f94-5230-42bd-be30-cecca021a2ca&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.395927106369262
Requested by
Host: www.nytimes.com
URL: https://www.nytimes.com/ads/prebid6.8.0.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
2602:803:c004:200::143 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
58e9421a90a07cbdfc8fdcd11e1753a9bf6460911eab1b9d353388b1e5ceff79

Request headers

Referer
https://go.sniply.site/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Wed, 19 Oct 2022 14:53:53 GMT
Server
nginx/1.21.4
Vary
Accept-Encoding
Content-Type
application/json
Access-Control-Allow-Origin
https://go.sniply.site
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
333
Expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		334 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=12330&site_id=378266&zone_id=2088372&size_id=2&alt_size_ids=55%2C57&rf=https%3A%2F%2Fgo.sniply.site%2Fweb%3Furl%3Dhttps%3A%2F%2Fnytimes.com%2F2022%2F10%2F18%2Ftheater%2F1776-broadway-sara-porkalob.html&tg_i.invCode=nyt_theater_mid1&tk_flint=pbjs_lite_v6.8.0&x_source.tid=d61740cc-fd68-468a-ad66-49b750610c87&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.14297938624092588
Requested by
Host: www.nytimes.com
URL: https://www.nytimes.com/ads/prebid6.8.0.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
2602:803:c004:200::143 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
0fc70e85011c4b3c42154f1902e117d43da1287c4e08fe551183273eec9028ae

Request headers

Referer
https://go.sniply.site/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Wed, 19 Oct 2022 14:53:53 GMT
Server
nginx/1.21.4
Vary
Accept-Encoding
Content-Type
application/json
Access-Control-Allow-Origin
https://go.sniply.site
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
334
Expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		334 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=12330&site_id=378266&zone_id=2088372&size_id=2&alt_size_ids=55%2C57&rf=https%3A%2F%2Fgo.sniply.site%2Fweb%3Furl%3Dhttps%3A%2F%2Fnytimes.com%2F2022%2F10%2F18%2Ftheater%2F1776-broadway-sara-porkalob.html&tg_i.invCode=nyt_theater_mid2&tk_flint=pbjs_lite_v6.8.0&x_source.tid=6b63800d-16d7-459a-b990-222c8f75a1f5&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.12868969197888225
Requested by
Host: www.nytimes.com
URL: https://www.nytimes.com/ads/prebid6.8.0.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
2602:803:c004:200::143 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
c639b339b35d74f08362d9317c50fd84dd0c30b8f304a066ef64c6aa66064402

Request headers

Referer
https://go.sniply.site/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Wed, 19 Oct 2022 14:53:53 GMT
Server
nginx/1.21.4
Vary
Accept-Encoding
Content-Type
application/json
Access-Control-Allow-Origin
https://go.sniply.site
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
334
Expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		334 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=12330&site_id=378266&zone_id=2088372&size_id=2&alt_size_ids=55%2C57&rf=https%3A%2F%2Fgo.sniply.site%2Fweb%3Furl%3Dhttps%3A%2F%2Fnytimes.com%2F2022%2F10%2F18%2Ftheater%2F1776-broadway-sara-porkalob.html&tg_i.invCode=nyt_theater_mid3&tk_flint=pbjs_lite_v6.8.0&x_source.tid=afb31468-7b9a-4a5b-bb25-0a4ba180e59d&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.39568011515219004
Requested by
Host: www.nytimes.com
URL: https://www.nytimes.com/ads/prebid6.8.0.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
2602:803:c004:200::143 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
d083d17244eaf09c710e2954853e0218ea1cc483dbdec22c47828d7c799496f3

Request headers

Referer
https://go.sniply.site/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Wed, 19 Oct 2022 14:53:53 GMT
Server
nginx/1.21.4
Vary
Accept-Encoding
Content-Type
application/json
Access-Control-Allow-Origin
https://go.sniply.site
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
334
Expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		334 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=12330&site_id=378266&zone_id=2088372&size_id=2&alt_size_ids=55%2C57&rf=https%3A%2F%2Fgo.sniply.site%2Fweb%3Furl%3Dhttps%3A%2F%2Fnytimes.com%2F2022%2F10%2F18%2Ftheater%2F1776-broadway-sara-porkalob.html&tg_i.invCode=nyt_theater_mid4&tk_flint=pbjs_lite_v6.8.0&x_source.tid=91ea5395-3c02-4519-b7ae-72fa147ef328&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.30491138049554545
Requested by
Host: www.nytimes.com
URL: https://www.nytimes.com/ads/prebid6.8.0.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
2602:803:c004:200::143 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
cc5abef11b04b5947264f1dcad58d0aa0181e21ac8258a1b9a6fcc56b381b2b3

Request headers

Referer
https://go.sniply.site/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Wed, 19 Oct 2022 14:53:53 GMT
Server
nginx/1.21.4
Vary
Accept-Encoding
Content-Type
application/json
Access-Control-Allow-Origin
https://go.sniply.site
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
334
Expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		334 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=12330&site_id=378266&zone_id=2088372&size_id=2&alt_size_ids=55%2C57&rf=https%3A%2F%2Fgo.sniply.site%2Fweb%3Furl%3Dhttps%3A%2F%2Fnytimes.com%2F2022%2F10%2F18%2Ftheater%2F1776-broadway-sara-porkalob.html&tg_i.invCode=nyt_theater_mid5&tk_flint=pbjs_lite_v6.8.0&x_source.tid=8a758dac-9ada-4ff7-aee3-5cec4e8f1034&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.6282882148271685
Requested by
Host: www.nytimes.com
URL: https://www.nytimes.com/ads/prebid6.8.0.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
2602:803:c004:200::143 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
496f3d6a84d22bf0e322593740b3b6bfee2f48009c4064135d1f11743d365674

Request headers

Referer
https://go.sniply.site/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Wed, 19 Oct 2022 14:53:53 GMT
Server
nginx/1.21.4
Vary
Accept-Encoding
Content-Type
application/json
Access-Control-Allow-Origin
https://go.sniply.site
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
334
Expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		334 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=12330&site_id=378266&zone_id=2088372&size_id=2&alt_size_ids=55%2C57&rf=https%3A%2F%2Fgo.sniply.site%2Fweb%3Furl%3Dhttps%3A%2F%2Fnytimes.com%2F2022%2F10%2F18%2Ftheater%2F1776-broadway-sara-porkalob.html&tg_i.invCode=nyt_theater_mid6&tk_flint=pbjs_lite_v6.8.0&x_source.tid=144f2c2c-6fd7-4afa-a9c5-f4af4affce96&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.9716661080723867
Requested by
Host: www.nytimes.com
URL: https://www.nytimes.com/ads/prebid6.8.0.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
2602:803:c004:200::143 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
7b36b6c1d3523b6a2aa21e89f40e56623b034a4d87755329ddb35b288eedfbb1

Request headers

Referer
https://go.sniply.site/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Wed, 19 Oct 2022 14:53:53 GMT
Server
nginx/1.21.4
Vary
Accept-Encoding
Content-Type
application/json
Access-Control-Allow-Origin
https://go.sniply.site
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
334
Expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		336 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=12330&site_id=378266&zone_id=2088374&size_id=2&alt_size_ids=55%2C57&rf=https%3A%2F%2Fgo.sniply.site%2Fweb%3Furl%3Dhttps%3A%2F%2Fnytimes.com%2F2022%2F10%2F18%2Ftheater%2F1776-broadway-sara-porkalob.html&tg_i.invCode=nyt_theater_bottom&tk_flint=pbjs_lite_v6.8.0&x_source.tid=cf16fd8b-a879-4edb-ad52-8cf924f60acf&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.2025578523509628
Requested by
Host: www.nytimes.com
URL: https://www.nytimes.com/ads/prebid6.8.0.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
2602:803:c004:200::143 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
03dad70ef36749578735875c4d32320eb9c060a939b67788c8bdd33b0335fbdb

Request headers

Referer
https://go.sniply.site/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Wed, 19 Oct 2022 14:53:53 GMT
Server
nginx/1.21.4
Vary
Accept-Encoding
Content-Type
application/json
Access-Control-Allow-Origin
https://go.sniply.site
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
336
Expires
Wed, 17 Sep 1975 21:32:10 GMT
arj
nytimes-d.openx.net/w/1.0/ 		73 B
377 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://nytimes-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fgo.sniply.site%2Fweb%3Furl%3Dhttps%3A%2F%2Fnytimes.com%2F2022%2F10%2F18%2Ftheater%2F1776-broadway-sara-porkalob.html&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=34e61f94-5230-42bd-be30-cecca021a2ca%2Cd61740cc-fd68-468a-ad66-49b750610c87%2C6b63800d-16d7-459a-b990-222c8f75a1f5%2Cafb31468-7b9a-4a5b-bb25-0a4ba180e59d%2C91ea5395-3c02-4519-b7ae-72fa147ef328%2C8a758dac-9ada-4ff7-aee3-5cec4e8f1034%2C144f2c2c-6fd7-4afa-a9c5-f4af4affce96%2Ccf16fd8b-a879-4edb-ad52-8cf924f60acf&nocache=1666191233358&aus=728x90%2C970x90%2C970x250%7C728x90%2C970x90%2C970x250%7C728x90%2C970x90%2C970x250%7C728x90%2C970x90%2C970x250%7C728x90%2C970x90%2C970x250%7C728x90%2C970x90%2C970x250%7C728x90%2C970x90%2C970x250%7C728x90%2C970x90%2C970x250&divids=top%2Cstory-ad-1%2Cstory-ad-2%2Cstory-ad-3%2Cstory-ad-4%2Cstory-ad-5%2Cstory-ad-6%2Cbottom&aucs=%2C%2C%2C%2C%2C%2C%2C&auid=544112060%2C544112063%2C544112063%2C544112063%2C544112063%2C544112063%2C544112063%2C544112062&tps=aW52Y29kZT1ueXRfdGhlYXRlcl90b3A%3D%2CaW52Y29kZT1ueXRfdGhlYXRlcl9taWQx%2CaW52Y29kZT1ueXRfdGhlYXRlcl9taWQy%2CaW52Y29kZT1ueXRfdGhlYXRlcl9taWQz%2CaW52Y29kZT1ueXRfdGhlYXRlcl9taWQ0%2CaW52Y29kZT1ueXRfdGhlYXRlcl9taWQ1%2CaW52Y29kZT1ueXRfdGhlYXRlcl9taWQ2%2CaW52Y29kZT1ueXRfdGhlYXRlcl9ib3R0b20%3D
Requested by
Host: www.nytimes.com
URL: https://www.nytimes.com/ads/prebid6.8.0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
336766b2395779a61b078c520e063d9d7bf0b67c5cef860ddc3d7c5f6d8ebd84

Request headers

Referer
https://go.sniply.site/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 19 Oct 2022 14:53:53 GMT
content-encoding
gzip
via
1.1 google
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
content-type
application/json
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://go.sniply.site
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
79
expires
Mon, 26 Jul 1997 05:00:00 GMT
auction
tlx.3lift.com/header/ 		19 B
618 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tlx.3lift.com/header/auction?lib=prebid&v=6.8.0&referrer=https%3A%2F%2Fgo.sniply.site%2Fweb%3Furl%3Dhttps%3A%2F%2Fnytimes.com%2F2022%2F10%2F18%2Ftheater%2F1776-broadway-sara-porkalob.html&tmax=10000
Requested by
Host: www.nytimes.com
URL: https://www.nytimes.com/ads/prebid6.8.0.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.158.33.229 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-158-33-229.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://go.sniply.site/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 19 Oct 2022 14:53:53 GMT
accept-ch
sec-ch-save-data,sec-ch-ua-mobile,sec-ch-downlink,user-agent,sec-ch-ect,sec-ch-width,sec-ch-prefers-color-scheme,sec-ch-ua-bitness,sec-ch-ua,sec-ch-ua-arch,sec-ch-rtt,sec-ch-viewport-height,sec-ch-ua-platform,sec-ch-viewport-width,sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-dpr,sec-ch-device-memory
x-auction-status
12, 12, 12, 12, 12, 12, 12
content-type
application/json; charset=utf-8
access-control-allow-origin
https://go.sniply.site
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
19
x-xss-protection
0
expires
Thu, 15 Oct 1992 20:10:00 GMT
prebid
ib.adnxs.com/ut/v3/ 		53 B
746 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: www.nytimes.com
URL: https://www.nytimes.com/ads/prebid6.8.0.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.173.62 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
535.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
a68a70f7be9281f3f7148b38d7f5971f1dc946d3034a40e55021d0fb6fb78d73
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://go.sniply.site/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Wed, 19 Oct 2022 14:53:53 GMT
AN-X-Request-Uuid
ebfa0d32-fc55-4fdb-8afb-e82346c004b2
Server
nginx/1.21.3
Content-Type
application/json; charset=utf-8
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://go.sniply.site
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
X-Proxy-Origin
185.213.155.168; 185.213.155.168; 535.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length
53
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
grumi.js
rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/ 		511 KB
163 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi-ip.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2182:e800:4:b37b:9440:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a28a7919609e8803c6ef063aa4e91bad9fd5a220c73f0a064863c4ddfd0defea

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://go.sniply.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 19 Oct 2022 14:24:09 GMT
content-encoding
br
via
1.1 88bc7a9e54e3765a2fd64d3e80cc8216.cloudfront.net (CloudFront)
x-amz-version-id
pXZ_b.0Fe7vMMSgClrSTpnucy6yOwtWW
last-modified
Wed, 19 Oct 2022 12:49:10 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-C1
age
1784
etag
W/"cde283b9321b601881f24b6fd4f1299b"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
cache-control
public,max-age=3600,stale-while-revalidate=3600,immutable,must-revalidate
x-amz-cf-id
MWDEPIJYOqfA8DsjJYqBqeudZyTduTN3B8GtBcE1gU3UlG0TYrT6xw==
config
c.amazon-adsystem.com/cdn/prod/ 		0
301 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/cdn/prod/config?src=3030&u=https%3A%2F%2Fgo.sniply.site
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.71.118 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-71-118.fra56.r.cloudfront.net
Software
Server /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://go.sniply.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 19 Oct 2022 14:53:53 GMT
via
1.1 14b10bd09a0531ef477d0a404ca26900.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
FRA56-C1
x-cache
Miss from cloudfront
access-control-allow-origin
https://go.sniply.site
cache-control
max-age=21550, s-maxage=21600
access-control-allow-credentials
true
x-amz-cf-id
wu7vYvz34ioaHpolfLU52dB1Naw6tU2Mx-kMlGJ0NjlXyCY5L32HKg==
bid
aax-dtb-cf.amazon-adsystem.com/e/dtb/ 		64 B
504 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://aax-dtb-cf.amazon-adsystem.com/e/dtb/bid?src=3030&u=https%3A%2F%2Fgo.sniply.site%2Fweb%3Furl%3Dhttps%3A%2F%2Fnytimes.com%2F2022%2F10%2F18%2Ftheater%2F1776-broadway-sara-porkalob.html&pid=2pfOWgmtZxNNi&cb=0&ws=1600x1200&v=22.10.32118&t=2000&slots=%5B%7B%22sd%22%3A%22dfp-ad-top%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x90%22%2C%22970x250%22%5D%2C%22sn%22%3A%22dfp-ad-top_art_web%22%7D%2C%7B%22sd%22%3A%22top%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x90%22%2C%22970x250%22%5D%2C%22sn%22%3A%22top_art_web%22%7D%5D&pj=%7B%22si_section%22%3A%22theater%22%7D&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.157.6.231 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-157-6-231.dus51.r.cloudfront.net
Software
Server /
Resource Hash
d278491b1de51ad826d16be5ab27b1746999c02d45200f107218427e34eed798
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://go.sniply.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 19 Oct 2022 14:53:53 GMT
strict-transport-security
max-age=47474747; includeSubDomains; preload
via
1.1 5db4f6b1c04035a37ba6548e89b362be.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
DUS51-P2
x-amz-rid
82XRV4X3DTGCD3NSZV8C
vary
Accept-Encoding,User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://go.sniply.site
access-control-allow-credentials
true
timing-allow-origin
*
content-length
64
x-amz-cf-id
UGE1ATUW7LjGQU1QBoScBrq8pZgGrZ9L0SCgQL4-c0OIK-OvKU-45w==
aps_csm.js
c.amazon-adsystem.com/bao-csm/aps-comm/ 		6 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.71.118 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-71-118.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://go.sniply.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-amz-version-id
YousslGi_alc9N7i1PBVBMNtdY1LkTzi
content-encoding
gzip
via
1.1 579a21a67e4dc50a655a7c0e9675261c.cloudfront.net (CloudFront)
date
Wed, 19 Oct 2022 12:48:54 GMT
x-amz-cf-pop
FRA56-C1
age
7500
x-cache
Hit from cloudfront
last-modified
Thu, 06 Oct 2022 01:32:47 GMT
server
AmazonS3
etag
W/"a4d296427fc806b21335359e398c025c"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
vary
Accept-Encoding,Origin
x-amz-cf-id
Fkj0UoKQwiVUkyGIb_bZ1zgmaSB7Wv1ichrZaCevTDcX6UZAae_KZw==
vendor-d8fa676cbc7246181cc1.js
www.nytimes.com/vi-assets/static-assets/
Redirect Chain
  • https://nytimes.com/vi-assets/static-assets/vendor-d8fa676cbc7246181cc1.js
  • https://www.nytimes.com/vi-assets/static-assets/vendor-d8fa676cbc7246181cc1.js
158 KB
45 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.nytimes.com/vi-assets/static-assets/vendor-d8fa676cbc7246181cc1.js
Requested by
Host: go.sniply.site
URL: https://go.sniply.site/web?url=https://nytimes.com/2022/10/18/theater/1776-broadway-sara-porkalob.html
Protocol
H2
Server
151.101.65.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
UploadServer /
Resource Hash
f76bd0f5eddae1cb51a4bd6b85559a651980cd8baecb15e2a0f2761932030ca1
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
Strict-Transport-Security max-age=63072000; preload; includeSubdomains
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://go.sniply.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-encoding
gzip
age
171604
x-guploader-uploadid
ADPycduEmEjIjjSNOq8HA4IkjIY7P2uzsxLp02Ivq6FL0_KCZ8_aidZS4Zfpzi0dUWif8mHz5dGv3MHBq-PODtsM0s9_6AmSZfDX
x-goog-stored-content-encoding
identity
x-origin-time
2022-10-17 15:13:49 UTC
x-served-by
cache-hhn4042-HHN
x-timer
S1666191233.406918,VS0,VE1
etag
"8f5a711535e7ec57a7d5300b112abd7c"
vary
Accept-Encoding, Fastly-SSL
x-goog-generation
1666018882357509
content-type
application/javascript
x-frame-options
DENY
onion-location
https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/vendor-d8fa676cbc7246181cc1.js
cache-control
public,max-age=31536000
x-nyt-app-webview
0
x-nyt-route
vi-assets
x-nyt-edge-cache
HIT
x-cache-hits
6151
expires
Tue, 17 Oct 2023 15:13:49 GMT
date
Wed, 19 Oct 2022 14:53:53 GMT
strict-transport-security
max-age=63072000; preload; includeSubdomains
x-api-version
F-X
x-cache
HIT
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
content-length
45378
last-modified
Mon, 17 Oct 2022 15:01:22 GMT
server
UploadServer
x-goog-hash
crc32c=UbtBKQ==, md5=j1pxFTXn7Fen1TALESq9fA==
x-gdpr
1
x-goog-stored-content-length
162007
accept-ranges
bytes

Redirect headers

date
Wed, 19 Oct 2022 14:53:53 GMT
content-security-policy
upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
strict-transport-security
max-age=63072000; preload
x-api-version
F-0
x-cache
HIT
content-length
0
x-served-by
cache-hhn4042-HHN
server
Varnish
x-frame-options
DENY
onion-location
https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/vendor-d8fa676cbc7246181cc1.js
location
https://www.nytimes.com/vi-assets/static-assets/vendor-d8fa676cbc7246181cc1.js
x-gdpr
1
x-nyt-app-webview
0
x-nyt-route
vi-assets
x-nyt-edge-cache
HIT
accept-ranges
bytes
retry-after
0
x-cache-hits
0
story-5180fbd9346edeced60a.js
www.nytimes.com/vi-assets/static-assets/
Redirect Chain
  • https://nytimes.com/vi-assets/static-assets/story-5180fbd9346edeced60a.js
  • https://www.nytimes.com/vi-assets/static-assets/story-5180fbd9346edeced60a.js
1 MB
371 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.nytimes.com/vi-assets/static-assets/story-5180fbd9346edeced60a.js
Requested by
Host: go.sniply.site
URL: https://go.sniply.site/web?url=https://nytimes.com/2022/10/18/theater/1776-broadway-sara-porkalob.html
Protocol
H2
Server
151.101.65.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
UploadServer /
Resource Hash
b7752b4fa4e1fe4afc2259c91e874233e55a34751fdf04006ede11540a361d4f
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
Strict-Transport-Security max-age=63072000; preload; includeSubdomains
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://go.sniply.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-encoding
gzip
age
63372
x-guploader-uploadid
ADPycdsvo-Zm_cDZPVEcc6AsHvExR_fGvWJY9noZOYXO_9kxLoAvmWB7dpfhbi9lnsmfx_0_UHbWjk6gbX0zd4buf-WPxPfjOWGQ
x-goog-stored-content-encoding
identity
x-origin-time
2022-10-18 21:17:40 UTC
x-served-by
cache-hhn4042-HHN
x-timer
S1666191233.407296,VS0,VE1
etag
"49b2ad6467085fd017af776a99a80de0"
vary
Accept-Encoding, Fastly-SSL
x-goog-generation
1666127613106384
content-type
application/javascript
x-frame-options
DENY
onion-location
https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/story-5180fbd9346edeced60a.js
cache-control
public,max-age=31536000
x-nyt-app-webview
0
x-nyt-route
vi-assets
x-nyt-edge-cache
HIT
x-cache-hits
32
expires
Wed, 18 Oct 2023 21:17:40 GMT
date
Wed, 19 Oct 2022 14:53:53 GMT
strict-transport-security
max-age=63072000; preload; includeSubdomains
x-api-version
F-X
x-cache
HIT
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
content-length
379600
last-modified
Tue, 18 Oct 2022 21:13:33 GMT
server
UploadServer
x-goog-hash
crc32c=ZJGWdg==, md5=SbKtZGcIX9AXr3dqmagN4A==
x-gdpr
1
x-goog-stored-content-length
1395732
accept-ranges
bytes

Redirect headers

date
Wed, 19 Oct 2022 14:53:53 GMT
content-security-policy
upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
strict-transport-security
max-age=63072000; preload
x-api-version
F-0
x-cache
HIT
content-length
0
x-served-by
cache-hhn4042-HHN
server
Varnish
x-frame-options
DENY
onion-location
https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/story-5180fbd9346edeced60a.js
location
https://www.nytimes.com/vi-assets/static-assets/story-5180fbd9346edeced60a.js
x-gdpr
1
x-nyt-app-webview
0
x-nyt-route
vi-assets
x-nyt-edge-cache
HIT
accept-ranges
bytes
retry-after
0
x-cache-hits
0
main-0041cb61d7352a12316e.js
www.nytimes.com/vi-assets/static-assets/
Redirect Chain
  • https://nytimes.com/vi-assets/static-assets/main-0041cb61d7352a12316e.js
  • https://www.nytimes.com/vi-assets/static-assets/main-0041cb61d7352a12316e.js
1 MB
415 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.nytimes.com/vi-assets/static-assets/main-0041cb61d7352a12316e.js
Requested by
Host: go.sniply.site
URL: https://go.sniply.site/web?url=https://nytimes.com/2022/10/18/theater/1776-broadway-sara-porkalob.html
Protocol
H2
Server
151.101.65.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
UploadServer /
Resource Hash
dffa642fba88ea027ffa9179ec01f5d3e00f462435b1a0112b5b8189bf0ff0cd
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
Strict-Transport-Security max-age=63072000; preload; includeSubdomains
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://go.sniply.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-encoding
gzip
age
70132
x-guploader-uploadid
ADPycduuVcemw6j8EcDrURTMogSTDypOBmxqM_a0VQjWMYHHtKz2J6j3E1QorSimOTt6W5JIWyBf9mYP1UipdgeX0eFhQoxIcC4h
x-goog-stored-content-encoding
identity
x-origin-time
2022-10-18 19:25:18 UTC
x-served-by
cache-hhn4042-HHN
x-timer
S1666191233.406968,VS0,VE1
etag
"5b52139cde572e224e9fae4edab3609c"
vary
Accept-Encoding, Fastly-SSL
x-goog-generation
1666120293524449
content-type
application/javascript
x-frame-options
DENY
onion-location
https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/main-0041cb61d7352a12316e.js
cache-control
public,max-age=31536000
x-nyt-app-webview
0
x-nyt-route
vi-assets
x-nyt-edge-cache
HIT
x-cache-hits
100
expires
Wed, 18 Oct 2023 19:25:01 GMT
date
Wed, 19 Oct 2022 14:53:53 GMT
strict-transport-security
max-age=63072000; preload; includeSubdomains
x-api-version
F-X
x-cache
HIT
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
content-length
423921
last-modified
Tue, 18 Oct 2022 19:11:33 GMT
server
UploadServer
x-goog-hash
crc32c=OAP20Q==, md5=W1ITnN5XLiJOn65O2rNgnA==
x-gdpr
1
x-goog-stored-content-length
1464340
accept-ranges
bytes

Redirect headers

date
Wed, 19 Oct 2022 14:53:53 GMT
content-security-policy
upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
strict-transport-security
max-age=63072000; preload
x-api-version
F-0
x-cache
HIT
content-length
0
x-served-by
cache-hhn4042-HHN
server
Varnish
x-frame-options
DENY
onion-location
https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/main-0041cb61d7352a12316e.js
location
https://www.nytimes.com/vi-assets/static-assets/main-0041cb61d7352a12316e.js
x-gdpr
1
x-nyt-app-webview
0
x-nyt-route
vi-assets
x-nyt-edge-cache
HIT
accept-ranges
bytes
retry-after
0
x-cache-hits
0
prefetch-assets
myaccount.nytimes.com/auth/ Frame 301C 		393 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://myaccount.nytimes.com/auth/prefetch-assets
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi-ip.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.65.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
envoy / Express
Resource Hash
77c51b9b96e69e71adc8642653d1607ddc3a3965b4bd10eac59c2baccadbb798
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; preload; includeSubdomains
X-Content-Type-Options nosniff

Request headers

Referer
https://go.sniply.site/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
482
cache-control
public, max-age=600
content-encoding
gzip
content-length
277
content-security-policy-report-only
upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-type
text/html; charset=utf-8
date
Wed, 19 Oct 2022 14:53:53 GMT
etag
W/"189-fsQ/jfphfT4IsRJUlgehP1tHkC0"
server
envoy
strict-transport-security
max-age=63072000; preload; includeSubdomains
vary
Accept-Encoding
via
1.1 varnish
x-api-version
F-X
x-cache
HIT
x-cache-hits
9
x-cloud-trace-context
41a1b345acab9fb58a965027e6412999
x-content-type-options
nosniff
x-datadog-parent-id
6669094753719201125
x-datadog-sampled
1
x-datadog-sampling-priority
0
x-datadog-trace-id
1404747800576980362
x-envoy-decorator-operation
lire-ui.auth.nyti.nyt.net:443/*
x-envoy-upstream-service-time
2
x-nyt-backend
lire-ui
x-nyt-edge-cache
HIT
x-powered-by
Express
x-served-by
cache-hhn4042-HHN
gtm.js
www.googletagmanager.com/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-P528B3%3Em_auth=tfAzqo1rYDLgYhmTnSjPqw%3Em_preview=env-130%3Em_cookies_win=x
Requested by
Host: go.sniply.site
URL: https://go.sniply.site/web?url=https://nytimes.com/2022/10/18/theater/1776-broadway-sara-porkalob.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://go.sniply.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers
index.js
myaccount.nytimes.com/lire_ui/js/common/abra/ Frame 301C 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://myaccount.nytimes.com/lire_ui/js/common/abra/index.js
Requested by
Host: myaccount.nytimes.com
URL: https://myaccount.nytimes.com/auth/prefetch-assets
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.65.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
envoy /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; preload; includeSubdomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://myaccount.nytimes.com/auth/prefetch-assets
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 19 Oct 2022 14:53:53 GMT
x-envoy-decorator-operation
lire-ui.auth.nyti.nyt.net:443/*
via
1.1 varnish
strict-transport-security
max-age=63072000; preload; includeSubdomains
x-api-version
F-X
age
0
content-security-policy-report-only
upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
x-cache
MISS
x-envoy-upstream-service-time
29
content-length
308
x-served-by
cache-hhn4042-HHN
server
envoy
content-type
text/html; charset=UTF-8
x-cloud-trace-context
8f303ba250858d7838e05b12e1714e29
x-nyt-edge-cache
MISS
accept-ranges
bytes
x-cache-hits
0
unified-lire.bundle.js
myaccount.nytimes.com/lire_ui/js/ Frame 301C 		446 KB
149 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://myaccount.nytimes.com/lire_ui/js/unified-lire.bundle.js?v=cb2a643
Requested by
Host: myaccount.nytimes.com
URL: https://myaccount.nytimes.com/auth/prefetch-assets
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.65.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
envoy /
Resource Hash
4c3803d7a5072fcb6e08e1d85f8748b19a22f8e1adbf7a9414958ddc66df601e
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; preload; includeSubdomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://myaccount.nytimes.com/auth/prefetch-assets
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

expires
Wed, 12 Oct 2022 19:11:56 GMT
date
Wed, 19 Oct 2022 14:53:53 GMT
content-encoding
gzip
x-envoy-decorator-operation
lire-ui.auth.nyti.nyt.net:443/*
strict-transport-security
max-age=63072000; preload; includeSubdomains
via
1.1 varnish
x-api-version
F-X
age
527
content-security-policy-report-only
upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
x-cache
HIT
x-envoy-upstream-service-time
3
content-length
152040
x-served-by
cache-hhn4042-HHN
server
envoy
x-nyt-backend
lire-ui
etag
"i3R44A"
content-type
application/javascript
x-cloud-trace-context
b388ccb471bbaa6cf2120a539e360eb6
cache-control
public, max-age=600
x-nyt-edge-cache
HIT
accept-ranges
bytes
x-cache-hits
3
pubads_impl_2022101301.js
securepubads.g.doubleclick.net/gpt/ 		380 KB
128 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022101301.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi-ip.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1af2148d7bd5e2a0c9ddc1c5b9ff072996852f4f11ebc19695ba4ee08ddb9c4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://go.sniply.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 19 Oct 2022 13:22:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
5463
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
131264
x-xss-protection
0
last-modified
Thu, 13 Oct 2022 15:30:07 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Thu, 19 Oct 2023 13:22:50 GMT
ppub_config
securepubads.g.doubleclick.net/pagead/ 		47 B
83 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=go.sniply.site
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
b89e3fd498037d748b089661640b579dd8df1e0c91f8e8e12179bf88372737ad
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://go.sniply.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 19 Oct 2022 14:53:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
59
x-xss-protection
0
expires
Wed, 19 Oct 2022 14:53:53 GMT
vendors~audio~bestsellers~byline~capsule~collections~explainer~home~liveAsset~markets~paidpost~revie~4a3ef3d2-7f0d21b9b656320c166f.js
www.nytimes.com/vi-assets/static-assets/
Redirect Chain
  • https://nytimes.com/vi-assets/static-assets/vendors~audio~bestsellers~byline~capsule~collections~explainer~home~liveAsset~markets~paidpost~revie~4a3ef3d2-7f0d21b9b656320c166f.js
  • https://www.nytimes.com/vi-assets/static-assets/vendors~audio~bestsellers~byline~capsule~collections~explainer~home~liveAsset~markets~paidpost~revie~4a3ef3d2-7f0d21b9b656320c166f.js
44 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.nytimes.com/vi-assets/static-assets/vendors~audio~bestsellers~byline~capsule~collections~explainer~home~liveAsset~markets~paidpost~revie~4a3ef3d2-7f0d21b9b656320c166f.js
Requested by
Host: go.sniply.site
URL: https://go.sniply.site/web?url=https://nytimes.com/2022/10/18/theater/1776-broadway-sara-porkalob.html
Protocol
H2
Server
151.101.65.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
UploadServer /
Resource Hash
8c7b91cd68672ae21734ac0a40907719b576084ff6daf647a0ef4f4163f352fc
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
Strict-Transport-Security max-age=63072000; preload; includeSubdomains
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://go.sniply.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-encoding
gzip
age
82761
x-guploader-uploadid
ADPycdtmnnlmgny9iL16ByboL3NUrmN8AwdriLVVolWgykyjjxSFrF8BanvBOryt_wz_0Quv4Lr2Djc_2VgzvnTOv3Z6k5jAHdZW
x-goog-stored-content-encoding
identity
x-origin-time
2022-10-18 15:54:32 UTC
x-served-by
cache-hhn4042-HHN
x-timer
S1666191234.646243,VS0,VE1
etag
"938a365d337f931fb0333231303ee6a3"
vary
Accept-Encoding, Fastly-SSL
x-goog-generation
1666107804683214
content-type
application/javascript
x-frame-options
DENY
onion-location
https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/vendors~audio~bestsellers~byline~capsule~collections~explainer~home~liveAsset~markets~paidpost~revie~4a3ef3d2-7f0d21b9b656320c166f.js
cache-control
public,max-age=31536000
x-nyt-app-webview
0
x-nyt-route
vi-assets
x-nyt-edge-cache
HIT
x-cache-hits
2944
expires
Wed, 18 Oct 2023 15:54:32 GMT
date
Wed, 19 Oct 2022 14:53:53 GMT
strict-transport-security
max-age=63072000; preload; includeSubdomains
x-api-version
F-X
x-cache
HIT
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
content-length
13994
last-modified
Tue, 18 Oct 2022 15:43:24 GMT
server
UploadServer
x-goog-hash
crc32c=dhPcdA==, md5=k4o2XTN/kx+wMzIxMD7mow==
x-gdpr
1
x-goog-stored-content-length
45343
accept-ranges
bytes

Redirect headers

date
Wed, 19 Oct 2022 14:53:53 GMT
content-security-policy
upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
strict-transport-security
max-age=63072000; preload
x-api-version
F-0
x-cache
HIT
content-length
0
x-served-by
cache-hhn4042-HHN
server
Varnish
x-frame-options
DENY
onion-location
https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/vendors~audio~bestsellers~byline~capsule~collections~explainer~home~liveAsset~markets~paidpost~revie~4a3ef3d2-7f0d21b9b656320c166f.js
location
https://www.nytimes.com/vi-assets/static-assets/vendors~audio~bestsellers~byline~capsule~collections~explainer~home~liveAsset~markets~paidpost~revie~4a3ef3d2-7f0d21b9b656320c166f.js
x-gdpr
1
x-nyt-app-webview
0
x-nyt-route
vi-assets
x-nyt-edge-cache
HIT
accept-ranges
bytes
retry-after
0
x-cache-hits
0
vendors~audio~byline~capsule~clientSideCapsule~collections~explainer~liveAsset~paidpost~slideshow~st~5ec95911-824144bf9c921d79b374.js
www.nytimes.com/vi-assets/static-assets/
Redirect Chain
  • https://nytimes.com/vi-assets/static-assets/vendors~audio~byline~capsule~clientSideCapsule~collections~explainer~liveAsset~paidpost~slideshow~st~5ec95911-824144bf9c921d79b374.js
  • https://www.nytimes.com/vi-assets/static-assets/vendors~audio~byline~capsule~clientSideCapsule~collections~explainer~liveAsset~paidpost~slideshow~st~5ec95911-824144bf9c921d79b374.js
67 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.nytimes.com/vi-assets/static-assets/vendors~audio~byline~capsule~clientSideCapsule~collections~explainer~liveAsset~paidpost~slideshow~st~5ec95911-824144bf9c921d79b374.js
Requested by
Host: go.sniply.site
URL: https://go.sniply.site/web?url=https://nytimes.com/2022/10/18/theater/1776-broadway-sara-porkalob.html
Protocol
H2
Server
151.101.65.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
UploadServer /
Resource Hash
021d83ded368491a9f0a1671fb7ca0ad89777d49843363c5347387c07d24ecaf
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
Strict-Transport-Security max-age=63072000; preload; includeSubdomains
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://go.sniply.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-encoding
gzip
age
601432
x-guploader-uploadid
ADPycduZUJgLTOoR40XLZ7yco1TPlJjB9Gj1cray2uRcq_Z4-okloUHpcCLIsa1Li4Sv_sOk_yhM1VGAUVVH96ACD2j3Ig
x-goog-stored-content-encoding
identity
x-origin-time
2022-10-12 15:50:02 UTC
x-served-by
cache-hhn4042-HHN
x-timer
S1666191234.646013,VS0,VE1
etag
"755e5720d464eee3ca9331f87d4a4c8d"
vary
Accept-Encoding, Fastly-SSL
x-goog-generation
1665581297825801
content-type
application/javascript
x-frame-options
DENY
onion-location
https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/vendors~audio~byline~capsule~clientSideCapsule~collections~explainer~liveAsset~paidpost~slideshow~st~5ec95911-824144bf9c921d79b374.js
cache-control
public,max-age=31536000
x-nyt-app-webview
0
x-nyt-route
vi-assets
x-nyt-edge-cache
HIT
x-cache-hits
12297
expires
Thu, 12 Oct 2023 15:50:01 GMT
date
Wed, 19 Oct 2022 14:53:53 GMT
strict-transport-security
max-age=63072000; preload; includeSubdomains
x-api-version
F-X
x-cache
HIT
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
content-length
13470
last-modified
Wed, 12 Oct 2022 15:40:51 GMT
server
UploadServer
x-goog-hash
crc32c=7Whslw==, md5=dV5XINRk7uPKkzH4fUpMjQ==
x-gdpr
1
x-goog-stored-content-length
68990
accept-ranges
bytes

Redirect headers

date
Wed, 19 Oct 2022 14:53:53 GMT
content-security-policy
upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
strict-transport-security
max-age=63072000; preload
x-api-version
F-0
x-cache
HIT
content-length
0
x-served-by
cache-hhn4042-HHN
server
Varnish
x-frame-options
DENY
onion-location
https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/vendors~audio~byline~capsule~clientSideCapsule~collections~explainer~liveAsset~paidpost~slideshow~st~5ec95911-824144bf9c921d79b374.js
location
https://www.nytimes.com/vi-assets/static-assets/vendors~audio~byline~capsule~clientSideCapsule~collections~explainer~liveAsset~paidpost~slideshow~st~5ec95911-824144bf9c921d79b374.js
x-gdpr
1
x-nyt-app-webview
0
x-nyt-route
vi-assets
x-nyt-edge-cache
HIT
accept-ranges
bytes
retry-after
0
x-cache-hits
0
vendors~audio~capsule~card~clientSideCapsule~collections~explainer~home~liveAsset~paidpost~story~tre~698cb9e2-3fafe57b731fc315298f.js
www.nytimes.com/vi-assets/static-assets/
Redirect Chain
  • https://nytimes.com/vi-assets/static-assets/vendors~audio~capsule~card~clientSideCapsule~collections~explainer~home~liveAsset~paidpost~story~tre~698cb9e2-3fafe57b731fc315298f.js
  • https://www.nytimes.com/vi-assets/static-assets/vendors~audio~capsule~card~clientSideCapsule~collections~explainer~home~liveAsset~paidpost~story~tre~698cb9e2-3fafe57b731fc315298f.js
21 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.nytimes.com/vi-assets/static-assets/vendors~audio~capsule~card~clientSideCapsule~collections~explainer~home~liveAsset~paidpost~story~tre~698cb9e2-3fafe57b731fc315298f.js
Requested by
Host: go.sniply.site
URL: https://go.sniply.site/web?url=https://nytimes.com/2022/10/18/theater/1776-broadway-sara-porkalob.html
Protocol
H2
Server
151.101.65.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
UploadServer /
Resource Hash
29cd49f61d6124f05a6cd8d781742624ea2205be8dcee00249e588e2a02737e2
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
Strict-Transport-Security max-age=63072000; preload; includeSubdomains
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://go.sniply.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-encoding
gzip
age
63372
x-guploader-uploadid
ADPycdsukj-PqzXvHnAMK2ba0QG4fxETrMdEJZQQ1hIRvr14x74kK0tKZC2qIgUzl_N09iTt7M_Ia1aSeRNKlVM4gmvEj2-NG0Ka
x-goog-stored-content-encoding
identity
x-origin-time
2022-10-18 21:17:41 UTC
x-served-by
cache-hhn4042-HHN
x-timer
S1666191234.646260,VS0,VE1
etag
"1cc0a195edd4322de916042d2d3ce9a5"
vary
Accept-Encoding, Fastly-SSL
x-goog-generation
1666127613222986
content-type
application/javascript
x-frame-options
DENY
onion-location
https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/vendors~audio~capsule~card~clientSideCapsule~collections~explainer~home~liveAsset~paidpost~story~tre~698cb9e2-3fafe57b731fc315298f.js
cache-control
public,max-age=31536000
x-nyt-app-webview
0
x-nyt-route
vi-assets
x-nyt-edge-cache
HIT
x-cache-hits
2083
expires
Wed, 18 Oct 2023 21:17:41 GMT
date
Wed, 19 Oct 2022 14:53:53 GMT
strict-transport-security
max-age=63072000; preload; includeSubdomains
x-api-version
F-X
x-cache
HIT
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
content-length
4953
last-modified
Tue, 18 Oct 2022 21:13:33 GMT
server
UploadServer
x-goog-hash
crc32c=VL7/VQ==, md5=HMChle3UMi3pFgQtLTzppQ==
x-gdpr
1
x-goog-stored-content-length
21765
accept-ranges
bytes

Redirect headers

date
Wed, 19 Oct 2022 14:53:53 GMT
content-security-policy
upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
strict-transport-security
max-age=63072000; preload
x-api-version
F-0
x-cache
HIT
content-length
0
x-served-by
cache-hhn4042-HHN
server
Varnish
x-frame-options
DENY
onion-location
https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/vendors~audio~capsule~card~clientSideCapsule~collections~explainer~home~liveAsset~paidpost~story~tre~698cb9e2-3fafe57b731fc315298f.js
location
https://www.nytimes.com/vi-assets/static-assets/vendors~audio~capsule~card~clientSideCapsule~collections~explainer~home~liveAsset~paidpost~story~tre~698cb9e2-3fafe57b731fc315298f.js
x-gdpr
1
x-nyt-app-webview
0
x-nyt-route
vi-assets
x-nyt-edge-cache
HIT
accept-ranges
bytes
retry-after
0
x-cache-hits
0
bid
aax-dtb-cf.amazon-adsystem.com/e/dtb/ 		23 B
461 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://aax-dtb-cf.amazon-adsystem.com/e/dtb/bid?src=3030&u=https%3A%2F%2Fgo.sniply.site%2Fweb%3Furl%3Dhttps%3A%2F%2Fnytimes.com%2F2022%2F10%2F18%2Ftheater%2F1776-broadway-sara-porkalob.html&pid=2pfOWgmtZxNNi&cb=1&ws=1600x1200&v=22.10.32118&t=2000&slots=%5B%7B%22sd%22%3A%22top%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x90%22%2C%22970x250%22%5D%2C%22sn%22%3A%22top_art_web%22%7D%5D&pj=%7B%22si_section%22%3A%22theater%22%7D&cfgv=1&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.157.6.231 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-157-6-231.dus51.r.cloudfront.net
Software
Server /
Resource Hash
89b4aa9e9bf8516c2ab7b5134f65d47b02071637259a14c9f60dccc207e05ce4
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://go.sniply.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 19 Oct 2022 14:53:53 GMT
strict-transport-security
max-age=47474747; includeSubDomains; preload
via
1.1 5db4f6b1c04035a37ba6548e89b362be.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
DUS51-P2
x-amz-rid
87Q3NYQ0JSC93B02RJGR
vary
Accept-Encoding,User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://go.sniply.site
access-control-allow-credentials
true
timing-allow-origin
*
content-length
23
x-amz-cf-id
vz103nnFLf9P4oyCKBshpj831h7fGMBPdspZYuhjaZLCFJyYIOigVQ==
integrator.js
adservice.google.de/adsid/ 		107 B
792 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=go.sniply.site
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi-ip.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://go.sniply.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 19 Oct 2022 14:53:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/javascript; charset=UTF-8
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
549 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=go.sniply.site
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi-ip.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://go.sniply.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 19 Oct 2022 14:53:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/javascript; charset=UTF-8
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/ 		52 KB
14 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1112449675761997&correlator=802637572682584&eid=31068458%2C44775019%2C31062930&output=ldjh&gdfp_req=1&vrg=2022101301&ptt=17&impl=fif&iu_parts=29390238%2Cnyt%2Ctheater&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=320x50%7C728x90%7C970x90%7C970x250%7C1605x300&fluid=height&ifi=1&adks=1591181310&sfv=1-0-38&fsapi=false&prev_scp=div%3Dtop%26pos%3Dtop%26amznbid%3D1%26amznp%3D1%26request_time%3D631&cust_params=als_test_clientside%3Dreqfailed_reqfailed_reqfailed_2171%26edn%3Dus%26test%3Dprojectvi%26ver%3Dvi%26template%3Darticle%26hasVideo%3Dfalse%26vp%3Dlarge%26als_test%3D1666190164673%26prop%3Dnyt%26plat%3Dweb%26brandsensitive%3Dfalse%26per%3Dporkalobsara%252Cpagejeffreyl%252Cpaulusdiane%26des%3Dtheater%252Ctheaterbroadway%252Crevolutionarywaramerican177583%252Craceandethnicity%252Cblackpeople%252Cfilipinoamericans%26auth%3Djenniferschuessler%252Cmichaelpaulson%26coll%3Dnewyork%252Carts%252Ctheater%26artlen%3Dmedium%26ledemedsz%3Dnone%26typ%3Dart%26section%3Dtheater%26si_section%3Dtheater%26id%3D100000008585516%26pt%3Dnt1%252Cnt11%252Cnt15%252Cnt17%252Cnt20%252Cnt5%252Cnt7%252Cpt13%252Cpt6%26gscat%3Dneg_citi_aa%252Cneg_ibmtest%252Cgs_entertain%252Cneg_mastercard%252Cgb_safe%252Cneg_google%252Cneg_capitalone%252Cneg_chan2%252Cneg_chanel%252Cneg_amex%252Cneg_gg1%252Cneg_ibm%252Cneg_mtb%252Cneg_debeer%252Cneg_rms%252Cgs_entertain_tv%252Cneg_ms_safe%252Cneg_bofa%252Cneg_mttl%252Cneg_unrest%252Cgv_safe%252Cgs_t%26is_viral%3Dhigh%26tt%3D21%252C53%26mt%3DMT10%252CMT5%26abra_dfp%3D%26sov%3D4%26page_view_id%3DFzu31cf5GaF-aIislJ99ULbA%26purr%3Dfull%26uap%3Dbrowser&sc=1&cookie_enabled=1&abxe=1&dt=1666191233710&lmt=1666191232&dlt=1666191233062&idt=613&adxs=0&adys=131&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fgo.sniply.site%2Fweb%3Furl%3Dhttps%3A%2F%2Fnytimes.com%2F2022%2F10%2F18%2Ftheater%2F1776-broadway-sara-porkalob.html&frm=20&vis=1&psz=1600x90&msz=1600x0&fws=4&ohw=1600&ga_vid=1086823683.1666191234&ga_sid=1666191234&ga_hid=356957692&ga_fc=false
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022101301.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
eedbada334dc991a5a3ed333c39343687d98ebc4d87946e6c90d27de5ae9f24b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://go.sniply.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 19 Oct 2022 14:53:53 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14362
x-xss-protection
0
google-lineitem-id
6110470209
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
138408578227
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://go.sniply.site
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
container.html
cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 7238 		6 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022101301.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://go.sniply.site/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, immutable, max-age=31536000
content-encoding
gzip
content-length
3108
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Wed, 19 Oct 2022 14:53:53 GMT
expires
Thu, 19 Oct 2023 14:53:53 GMT
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
v2
samizdat-graphql.nytimes.com/graphql/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://samizdat-graphql.nytimes.com/graphql/v2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.129.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
envoy /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; preload; includeSubdomains

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,nyt-app-type,nyt-app-version,nyt-token
Access-Control-Request-Method
POST
Origin
https://go.sniply.site
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

accept-ranges
bytes
age
1
cache-control
max-age=30
content-length
0
date
Wed, 19 Oct 2022 14:53:53 GMT
samizdat-x-canary
false
samizdat-x-instance
19015e65
server
envoy
strict-transport-security
max-age=63072000; preload; includeSubdomains
timing-allow-origin
*
vary
Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers
via
1.1 google, 1.1 varnish
x-b3-traceid
7a368a8e143249ac-714f3d81a04c7d2a-0
x-cache
HIT
x-cache-hits
1
x-datadog-trace-id
7a368a8e143249ac-714f3d81a04c7d2a-0
x-envoy-decorator-operation
graphql-v1.samizdat.nyti.nyt.net:443/*
x-envoy-upstream-service-time
16
x-nyt-audience-target-flat
EU:PM
x-nyt-continent
EU
x-nyt-country
DE
x-nyt-edge-cache
HIT
x-nyt-meridiem
PM
x-nyt-region
BY
x-samizdat-query-exe-id
9e8e66451c846c64
x-samizdat-query-field-errors
0
x-served-by
cache-hhn4041-HHN
x-timer
S1666191234.962236,VS0,VE1
v2
samizdat-graphql.nytimes.com/graphql/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://samizdat-graphql.nytimes.com/graphql/v2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.129.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
envoy /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; preload; includeSubdomains

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,nyt-app-type,nyt-app-version,nyt-token
Access-Control-Request-Method
POST
Origin
https://go.sniply.site
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

accept-ranges
bytes
age
1
cache-control
max-age=30
content-length
0
date
Wed, 19 Oct 2022 14:53:53 GMT
samizdat-x-canary
false
samizdat-x-instance
19015e65
server
envoy
strict-transport-security
max-age=63072000; preload; includeSubdomains
timing-allow-origin
*
vary
Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers
via
1.1 google, 1.1 varnish
x-b3-traceid
7a368a8e143249ac-714f3d81a04c7d2a-0
x-cache
HIT
x-cache-hits
2
x-datadog-trace-id
7a368a8e143249ac-714f3d81a04c7d2a-0
x-envoy-decorator-operation
graphql-v1.samizdat.nyti.nyt.net:443/*
x-envoy-upstream-service-time
16
x-nyt-audience-target-flat
EU:PM
x-nyt-continent
EU
x-nyt-country
DE
x-nyt-edge-cache
HIT
x-nyt-meridiem
PM
x-nyt-region
BY
x-samizdat-query-exe-id
97adec007f3f05bf
x-samizdat-query-field-errors
0
x-served-by
cache-hhn4041-HHN
x-timer
S1666191234.996983,VS0,VE1
v2
samizdat-graphql.nytimes.com/graphql/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://samizdat-graphql.nytimes.com/graphql/v2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.129.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
envoy /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; preload; includeSubdomains

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,nyt-app-type,nyt-app-version,nyt-token
Access-Control-Request-Method
POST
Origin
https://go.sniply.site
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

accept-ranges
bytes
age
1
cache-control
max-age=30
content-length
0
date
Wed, 19 Oct 2022 14:53:54 GMT
samizdat-x-canary
false
samizdat-x-instance
19015e65
server
envoy
strict-transport-security
max-age=63072000; preload; includeSubdomains
timing-allow-origin
*
vary
Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers
via
1.1 google, 1.1 varnish
x-b3-traceid
7a368a8e143249ac-714f3d81a04c7d2a-0
x-cache
HIT
x-cache-hits
3
x-datadog-trace-id
7a368a8e143249ac-714f3d81a04c7d2a-0
x-envoy-decorator-operation
graphql-v1.samizdat.nyti.nyt.net:443/*
x-envoy-upstream-service-time
16
x-nyt-audience-target-flat
EU:PM
x-nyt-continent
EU
x-nyt-country
DE
x-nyt-edge-cache
HIT
x-nyt-meridiem
PM
x-nyt-region
BY
x-samizdat-query-exe-id
b36941324fd7fb22
x-samizdat-query-field-errors
0
x-served-by
cache-hhn4041-HHN
x-timer
S1666191234.024944,VS0,VE1
v2
samizdat-graphql.nytimes.com/graphql/ 		0
0
meter.js
meter-svc.nytimes.com/ 		0
0
v2
samizdat-graphql.nytimes.com/graphql/ 		0
0
v2
samizdat-graphql.nytimes.com/graphql/ 		0
0
comments-f9ad8ad9dc5aec5cc776.js
www.nytimes.com/vi-assets/static-assets/
Redirect Chain
  • https://nytimes.com/vi-assets/static-assets/comments-f9ad8ad9dc5aec5cc776.js
  • https://www.nytimes.com/vi-assets/static-assets/comments-f9ad8ad9dc5aec5cc776.js
38 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.nytimes.com/vi-assets/static-assets/comments-f9ad8ad9dc5aec5cc776.js
Requested by
Host: go.sniply.site
URL: https://go.sniply.site/web?url=https://nytimes.com/2022/10/18/theater/1776-broadway-sara-porkalob.html
Protocol
H2
Server
151.101.65.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
UploadServer /
Resource Hash
d3b8d3a27af92f5f8b0f3ac8e880d7a219e26955b707ff1e84de71f18c587949
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
Strict-Transport-Security max-age=63072000; preload; includeSubdomains
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://go.sniply.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-encoding
gzip
age
82761
x-guploader-uploadid
ADPycdsoZEgd3SZ9liQr8T-jcIONeslIWnOqYz_iKI7obfuBDbXbc2latmLtLEYxuv01OppBebwOGiCgLIQ6MySjjaY1eRvbsod_
x-goog-stored-content-encoding
identity
x-origin-time
2022-10-18 15:54:33 UTC
x-served-by
cache-hhn4042-HHN
x-timer
S1666191234.278786,VS0,VE1
etag
"5dc8096071ad2fea5cdff3433f468e3c"
vary
Accept-Encoding, Fastly-SSL
x-goog-generation
1666107803431799
content-type
application/javascript
x-frame-options
DENY
onion-location
https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/comments-f9ad8ad9dc5aec5cc776.js
cache-control
public,max-age=31536000
x-nyt-app-webview
0
x-nyt-route
vi-assets
x-nyt-edge-cache
HIT
x-cache-hits
2507
expires
Wed, 18 Oct 2023 15:54:33 GMT
date
Wed, 19 Oct 2022 14:53:54 GMT
strict-transport-security
max-age=63072000; preload; includeSubdomains
x-api-version
F-X
x-cache
HIT
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
content-length
11259
last-modified
Tue, 18 Oct 2022 15:43:23 GMT
server
UploadServer
x-goog-hash
crc32c=f5J91g==, md5=XcgJYHGtL+pc3/NDP0aOPA==
x-gdpr
1
x-goog-stored-content-length
38445
accept-ranges
bytes

Redirect headers

date
Wed, 19 Oct 2022 14:53:54 GMT
content-security-policy
upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
strict-transport-security
max-age=63072000; preload
x-api-version
F-0
x-cache
HIT
content-length
0
x-served-by
cache-hhn4042-HHN
server
Varnish
x-frame-options
DENY
onion-location
https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/comments-f9ad8ad9dc5aec5cc776.js
location
https://www.nytimes.com/vi-assets/static-assets/comments-f9ad8ad9dc5aec5cc776.js
x-gdpr
1
x-nyt-app-webview
0
x-nyt-route
vi-assets
x-nyt-edge-cache
HIT
accept-ranges
bytes
retry-after
0
x-cache-hits
0
bid
aax-dtb-cf.amazon-adsystem.com/e/dtb/ 		23 B
461 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://aax-dtb-cf.amazon-adsystem.com/e/dtb/bid?src=3030&u=https%3A%2F%2Fgo.sniply.site%2Fweb%3Furl%3Dhttps%3A%2F%2Fnytimes.com%2F2022%2F10%2F18%2Ftheater%2F1776-broadway-sara-porkalob.html&pid=2pfOWgmtZxNNi&cb=2&ws=1600x1200&v=22.10.32118&t=2000&slots=%5B%7B%22sd%22%3A%22bottom%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x90%22%2C%22970x250%22%5D%2C%22sn%22%3A%22bottom_art_web%22%7D%5D&pj=%7B%22si_section%22%3A%22theater%22%7D&cfgv=1&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.157.6.231 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-157-6-231.dus51.r.cloudfront.net
Software
Server /
Resource Hash
5d7c7d25a0da74c0dd466120c3c09bd94cb982fc66ebc4a78675339f37323bf5
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://go.sniply.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 19 Oct 2022 14:53:54 GMT
strict-transport-security
max-age=47474747; includeSubDomains; preload
via
1.1 5db4f6b1c04035a37ba6548e89b362be.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
DUS51-P2
x-amz-rid
N6GDH7EPVCS0EVSRAFWP
vary
Accept-Encoding,User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://go.sniply.site
access-control-allow-credentials
true
timing-allow-origin
*
content-length
23
x-amz-cf-id
vy_WPL2fD9dbsfXM48_g8sr_bjg3nhepWmNJrK7XF477_We_xxJ99Q==
data-layer
a.nytimes.com/svc/nyt/ 		0
0
purr-cache
purr.nytimes.com/v1/ 		0
0
clientSideCapsule-efc21f60e100aa26bedf.js
www.nytimes.com/vi-assets/static-assets/
Redirect Chain
  • https://nytimes.com/vi-assets/static-assets/clientSideCapsule-efc21f60e100aa26bedf.js
  • https://www.nytimes.com/vi-assets/static-assets/clientSideCapsule-efc21f60e100aa26bedf.js
424 KB
103 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.nytimes.com/vi-assets/static-assets/clientSideCapsule-efc21f60e100aa26bedf.js
Requested by
Host: go.sniply.site
URL: https://go.sniply.site/web?url=https://nytimes.com/2022/10/18/theater/1776-broadway-sara-porkalob.html
Protocol
H2
Server
151.101.65.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
UploadServer /
Resource Hash
b9eee6f451967e18cd2c8aaab93824954b842046e10da8285b3ba993f91e29c7
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
Strict-Transport-Security max-age=63072000; preload; includeSubdomains
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://go.sniply.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-encoding
gzip
age
63372
x-guploader-uploadid
ADPycdvLMK969-BLk4KBuMcV9fSxarKg6jt7Mhn-nI3fYKkQJZC2AJihEJssOU3kmS4hIK3xvfwXS916UoWSqYMys1mvunCwizGU
x-goog-stored-content-encoding
identity
x-origin-time
2022-10-18 21:17:43 UTC
x-served-by
cache-hhn4042-HHN
x-timer
S1666191234.305417,VS0,VE1
etag
"ea4fba964fb1646687162cbab98e0123"
vary
Accept-Encoding, Fastly-SSL
x-goog-generation
1666127862238232
content-type
application/javascript
x-frame-options
DENY
onion-location
https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/clientSideCapsule-efc21f60e100aa26bedf.js
cache-control
public,max-age=31536000
x-nyt-app-webview
0
x-nyt-route
vi-assets
x-nyt-edge-cache
HIT
x-cache-hits
1327
expires
Wed, 18 Oct 2023 21:17:42 GMT
date
Wed, 19 Oct 2022 14:53:54 GMT
strict-transport-security
max-age=63072000; preload; includeSubdomains
x-api-version
F-X
x-cache
HIT
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
content-length
104591
last-modified
Tue, 18 Oct 2022 21:17:42 GMT
server
UploadServer
x-goog-hash
crc32c=pyw1xw==, md5=6k+6lk+xZGaHFiy6uY4BIw==
x-gdpr
1
x-goog-stored-content-length
433866
accept-ranges
bytes

Redirect headers

date
Wed, 19 Oct 2022 14:53:54 GMT
content-security-policy
upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
strict-transport-security
max-age=63072000; preload
x-api-version
F-0
x-cache
HIT
content-length
0
x-served-by
cache-hhn4042-HHN
server
Varnish
x-frame-options
DENY
onion-location
https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/clientSideCapsule-efc21f60e100aa26bedf.js
location
https://www.nytimes.com/vi-assets/static-assets/clientSideCapsule-efc21f60e100aa26bedf.js
x-gdpr
1
x-nyt-app-webview
0
x-nyt-route
vi-assets
x-nyt-edge-cache
HIT
accept-ranges
bytes
retry-after
0
x-cache-hits
0
ads
securepubads.g.doubleclick.net/gampad/ 		535 B
297 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1112449675761997&correlator=802637572682584&eid=31068458%2C44775019%2C31062930&output=ldjh&gdfp_req=1&vrg=2022101301&ptt=17&impl=fif&iu_parts=29390238%2Cnyt%2Ctheater&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=150x50&ifi=2&adks=475099390&sfv=1-0-38&fsapi=false&prev_scp=div%3Dsponsor%26pos%3Dsponsor%26request_time%3D978&cust_params=als_test_clientside%3Dreqfailed_reqfailed_reqfailed_2171%26edn%3Dus%26test%3Dprojectvi%26ver%3Dvi%26template%3Darticle%26hasVideo%3Dfalse%26vp%3Dlarge%26als_test%3D1666190164673%26prop%3Dnyt%26plat%3Dweb%26brandsensitive%3Dfalse%26per%3Dporkalobsara%252Cpagejeffreyl%252Cpaulusdiane%26des%3Dtheater%252Ctheaterbroadway%252Crevolutionarywaramerican177583%252Craceandethnicity%252Cblackpeople%252Cfilipinoamericans%26auth%3Djenniferschuessler%252Cmichaelpaulson%26coll%3Dnewyork%252Carts%252Ctheater%26artlen%3Dmedium%26ledemedsz%3Dnone%26typ%3Dart%26section%3Dtheater%26si_section%3Dtheater%26id%3D100000008585516%26pt%3Dnt1%252Cnt11%252Cnt15%252Cnt17%252Cnt20%252Cnt5%252Cnt7%252Cpt13%252Cpt6%26gscat%3Dneg_citi_aa%252Cneg_ibmtest%252Cgs_entertain%252Cneg_mastercard%252Cgb_safe%252Cneg_google%252Cneg_capitalone%252Cneg_chan2%252Cneg_chanel%252Cneg_amex%252Cneg_gg1%252Cneg_ibm%252Cneg_mtb%252Cneg_debeer%252Cneg_rms%252Cgs_entertain_tv%252Cneg_ms_safe%252Cneg_bofa%252Cneg_mttl%252Cneg_unrest%252Cgv_safe%252Cgs_t%26is_viral%3Dhigh%26tt%3D21%252C53%26mt%3DMT10%252CMT5%26abra_dfp%3D%26sov%3D4%26page_view_id%3DFzu31cf5GaF-aIislJ99ULbA%26purr%3Dfull%26uap%3Dbrowser&sc=1&cookie_enabled=1&abxe=1&dt=1666191234175&lmt=1666191232&dlt=1666191233062&idt=613&adxs=-12245933&adys=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=-1&ucis=2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fgo.sniply.site%2Fweb%3Furl%3Dhttps%3A%2F%2Fnytimes.com%2F2022%2F10%2F18%2Ftheater%2F1776-broadway-sara-porkalob.html&frm=20&vis=1&psz=150x16&msz=0x0&fws=132&ohw=1600&ga_vid=1086823683.1666191234&ga_sid=1666191234&ga_hid=356957692&ga_fc=false
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022101301.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
6caabf1cb16da773389e1f59e05c1c3d8feb5fc3727a8e7210cf7d41a7c25275
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://go.sniply.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 19 Oct 2022 14:53:54 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
266
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://go.sniply.site
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
container.html
cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 978B 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi-ip.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://go.sniply.site/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
1
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, immutable, max-age=31536000
content-encoding
gzip
content-length
3108
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Wed, 19 Oct 2022 14:53:53 GMT
expires
Thu, 19 Oct 2023 14:53:53 GMT
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
css
fonts.googleapis.com/ Frame 978B 		7 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600,700&display=swap
Requested by
Host: client
URL: about:client
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
b28bb10d1b574db881cdd742dbe4593c1344f78e3ba378350c51cbfcaec51da1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Wed, 19 Oct 2022 14:53:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 19 Oct 2022 13:29:51 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 19 Oct 2022 14:53:54 GMT
ext.js
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame 978B 		22 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js
Requested by
Host: cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com
URL: https://cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 03:07:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
474393
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7022
x-xss-protection
0
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Sat, 14 Oct 2023 03:07:21 GMT
css
fonts.googleapis.com/ Frame 978B 		6 KB
771 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600,700&lang=de
Requested by
Host: cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com
URL: https://cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e3a3e39fca849dd5ca088dcb3176b67eb7258689b1e4b63f7f410e8479a7bf64
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Wed, 19 Oct 2022 14:53:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 19 Oct 2022 14:53:54 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 19 Oct 2022 14:53:54 GMT
6593082971653515217
tpc.googlesyndication.com/simgad/ Frame 978B 		17 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/6593082971653515217?
Requested by
Host: cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com
URL: https://cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3c769ea94526a9cfc97719dbf3252392fe69508b831c6c4f962bb991b785ab18
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 12 Oct 2022 15:02:43 GMT
x-content-type-options
nosniff
age
604271
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
17447
x-xss-protection
0
last-modified
Mon, 03 Oct 2022 15:39:54 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Thu, 12 Oct 2023 15:02:43 GMT
0909_HighJewlery_copy.png
static01.nytimes.com/ads/adsolutions/Chanel/ Frame 978B 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static01.nytimes.com/ads/adsolutions/Chanel/0909_HighJewlery_copy.png
Requested by
Host: cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com
URL: https://cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.65.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
UploadServer /
Resource Hash
41bb037fbadead5d06371789c1cd80e58ef9b3acb29d74de85aaad85216eebfe
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; preload; includeSubdomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

expires
Mon, 10 Oct 2022 10:13:23 GMT
date
Wed, 19 Oct 2022 14:53:54 GMT
via
1.1 varnish, 1.1 varnish
strict-transport-security
max-age=63072000; preload; includeSubdomains
age
189629
x-guploader-uploadid
ADPycdvfkduyKRdgGnZxI018sstE_T30NNGSmZ-1as7-zqQ3bZ9LecrDc89kw7xXZePtyiZlpWIjGM1LRwuwADR_3ndv7XwbeEVo
x-cache
HIT, HIT
x-goog-storage-class
REGIONAL
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-length
2369
x-served-by
cache-iad-kcgs7200115-IAD, cache-hhn4042-HHN
last-modified
Fri, 09 Sep 2022 16:19:56 GMT
server
UploadServer
x-timer
S1666191234.378929,VS0,VE0
etag
"c183772b5aea18d7419fbfe6a7a5bf2e"
x-goog-generation
1662740396795143
content-type
image/png
access-control-allow-origin
*
x-goog-hash
crc32c=+yYrCA==, md5=wYN3K1rqGNdBn7/mp6W/Lg==
cache-control
max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-goog-stored-content-length
2369
accept-ranges
bytes
timing-allow-origin
*
x-cache-hits
1, 2
V20909_cta_cropped.png
static01.nytimes.com/ads/adsolutions/Chanel/ Frame 978B 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static01.nytimes.com/ads/adsolutions/Chanel/V20909_cta_cropped.png
Requested by
Host: cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com
URL: https://cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.65.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
UploadServer /
Resource Hash
8d6fd14dc16076e0af20e30dc8e4f7b6912902289a5076aee6c706f711bd57f2
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; preload; includeSubdomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

expires
Fri, 07 Oct 2022 20:08:50 GMT
date
Wed, 19 Oct 2022 14:53:54 GMT
via
1.1 varnish, 1.1 varnish
strict-transport-security
max-age=63072000; preload; includeSubdomains
age
413103
x-guploader-uploadid
ADPycdvyfH4gAXahciUYnD3nmGFGjy7yDTneYYWvr89vURXvrtk379wRsWn6WUprqPLcuniRtsaeNLCt7mDN4JjW8CjlyZVUAIHT
x-cache
HIT, HIT
x-goog-storage-class
REGIONAL
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-length
1541
x-served-by
cache-iad-kjyo7100148-IAD, cache-hhn4042-HHN
last-modified
Fri, 09 Sep 2022 16:32:59 GMT
server
UploadServer
x-timer
S1666191234.378998,VS0,VE0
etag
"7a73b7474cbee7a8e9238348054b0d83"
x-goog-generation
1662741179148974
content-type
image/png
access-control-allow-origin
*
x-goog-hash
crc32c=F/sD/Q==, md5=enO3R0y+56jpI4NIBUsNgw==
cache-control
max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-goog-stored-content-length
1541
accept-ranges
bytes
timing-allow-origin
*
x-cache-hits
2089, 3
skeleton.js
pixel.adsafeprotected.com/rjss/st/1204993/66236240/ Frame 978B 		47 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pixel.adsafeprotected.com/rjss/st/1204993/66236240/skeleton.js
Requested by
Host: cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com
URL: https://cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.243.65.71 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-243-65-71.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
7c588468d926408f81d90d67300a8f685e74142c97f36f06c170d4a4f1052ecf

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 19 Oct 2022 14:53:54 GMT
content-encoding
gzip
vary
accept-encoding
content-type
application/javascript;charset=utf-8
access-control-allow-origin
pixel.adsafeprotected.com
cache-control
no-cache
access-control-allow-credentials
true
expires
Wed, 31 Dec 1969 23:59:59 GMT
m
secure-gl.imrworldwide.com/cgi-bin/ Frame 978B 		44 B
753 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://secure-gl.imrworldwide.com/cgi-bin/m?ca=nlsn363605&cr=crtve&ce=nytimes&pc=nytimes_plc0001&ci=nlsnci1433&am=3&at=view&rt=banner&st=image&r=730065444
Requested by
Host: cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com
URL: https://cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2394:d200:1e:a43d:b640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
5ecb58845a9ac30e4eb4b18eb0e7431ba1fb195ce035309735efaee67421c7a3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 19 Oct 2022 14:53:54 GMT
via
1.1 2d8216898001f8ce3fde38c8796d2fa6.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS1-P2
x-cache
Miss from cloudfront
p3p
P3P policyref="http://secure-gl.imrworldwide.com/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
cross-origin-resource-policy
cross-origin
content-length
44
pragma
no-cache
server
nginx
accept-ch
Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-methods
POST, OPTIONS
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache
x-amz-cf-id
wTHvmlzzmmwkO8glLV3FpBrzLmFbAuLZfAiZUT1RsnvxPTvPAIKEUg==
expires
Thu, 01 Dec 1994 16:00:00 GMT
adServer.bs
bs.serving-sys.com/Serving/ Frame 978B 		42 B
646 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bs.serving-sys.com/Serving/adServer.bs?cn=display&c=19&pli=1078462382&gdpr=&gdpr_consent=&adid=1088460636&ord=730065444
Requested by
Host: cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com
URL: https://cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.65.193.119 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-65-193-119.eu-central-1.compute.amazonaws.com
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 19 Oct 2022 14:53:54 GMT
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
content-type
image/gif
access-control-allow-origin
*
p3p
CP="NOI DEVa OUR BUS UNI"
cache-control
no-cache, no-store
content-length
42
expires
Sun, 05-Jun-2005 22:00:00 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 978B 		152 KB
47 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com
URL: https://cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
18ffb82a05bcd7e430f57b9428d2a6990f127948e7ff14d66c3784a84f4330ee
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 19 Oct 2022 14:53:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
47415
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1665574756386403"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Wed, 19 Oct 2022 14:53:54 GMT
v2
samizdat-graphql.nytimes.com/graphql/ 		0
0
v2
samizdat-graphql.nytimes.com/graphql/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://samizdat-graphql.nytimes.com/graphql/v2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.129.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
envoy /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; preload; includeSubdomains

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,nyt-app-type,nyt-app-version,nyt-token
Access-Control-Request-Method
POST
Origin
https://go.sniply.site
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

accept-ranges
bytes
age
1
cache-control
max-age=30
content-length
0
date
Wed, 19 Oct 2022 14:53:54 GMT
samizdat-x-canary
false
samizdat-x-instance
19015e65
server
envoy
strict-transport-security
max-age=63072000; preload; includeSubdomains
timing-allow-origin
*
vary
Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers
via
1.1 google, 1.1 varnish
x-b3-traceid
7a368a8e143249ac-714f3d81a04c7d2a-0
x-cache
HIT
x-cache-hits
4
x-datadog-trace-id
7a368a8e143249ac-714f3d81a04c7d2a-0
x-envoy-decorator-operation
graphql-v1.samizdat.nyti.nyt.net:443/*
x-envoy-upstream-service-time
16
x-nyt-audience-target-flat
EU:PM
x-nyt-continent
EU
x-nyt-country
DE
x-nyt-edge-cache
HIT
x-nyt-meridiem
PM
x-nyt-region
BY
x-samizdat-query-exe-id
995e739effb5c22b
x-samizdat-query-field-errors
0
x-served-by
cache-hhn4041-HHN
x-timer
S1666191234.366868,VS0,VE1
view
securepubads.g.doubleclick.net/pcs/ Frame 978B 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsspQFXUqwTayRFcf--0XuynSigB9f7xat3S7WfuzUSSrR3lpy5MdK9UsL1BlBakGvG_lrQhHwIvS1d2KL2f5EVxCpFhHJNrW_JjEe82iwTtCnY0ZKdNM3GiXghHFWrpwf6jVe6glwH_GmmXhpAvSOO5YWlfBQbQTno04yugpCt3WEiPjJzJ_A4qVfyqV2x4ikkWOEWlEeZXiq8siav1UT3_0D0kvSKL3z3Qb-ebpQKtVK4iYeVwxKm64JSUPhNnIqx0KsUZNtCk0lgmyarJtWYWKfpmY8EHpUQYBRRKfYUF6nPKoSh4v4qQnsxzrtKUP2yLqDb_Bz1iFIV0U7V6HPRe&sai=AMfl-YRS_M_YerQM07EwZ0jI7uDxtHDOJfQMiCQiKKsjHr_xXnJW2llSM1kWdX2oR6zUmo-fqCN39mI_5V606byVrPJFaiqEd6XF54cMreJJIUu8DvtlBWvUCN8_tRaWHzDzOfgL&sig=Cg0ArKJSzD3ncfFKUEbLEAE&uach_m=[UACH]&urlfix=1&adurl=
Requested by
Host: cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com
URL: https://cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 19 Oct 2022 14:53:54 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
main.19.8.358.js
static.adsafeprotected.com/ Frame 978B 		195 KB
60 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.adsafeprotected.com/main.19.8.358.js
Requested by
Host: pixel.adsafeprotected.com
URL: https://pixel.adsafeprotected.com/rjss/st/1204993/66236240/skeleton.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223f:9e00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
da42947db2dbc8b734af5c4824cc9d4b7dcf3c3e239ea97734c635124dbdd2f1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Tue, 18 Oct 2022 23:05:15 GMT
x-amz-version-id
0sn4_UL9l8bkgP3Aut8sG_7WwLSS70Jz
content-encoding
gzip
via
1.1 63505de36d604e79a77328b302a7d4a2.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P5
age
56920
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Tue, 18 Oct 2022 17:05:47 GMT
server
AmazonS3
etag
W/"85e0b2aa9650a8cf76c0baf4d5352463"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=315360000
x-amz-cf-id
RPh0jrGyWSRQjh2ydajk4B7KIRmdnP-8dzWs_6WswOIu1pL_nn4kQw==
4656742526272248903
tpc.googlesyndication.com/simgad/ Frame 978B 		62 KB
62 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/4656742526272248903?
Requested by
Host: cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com
URL: https://cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0eeffde000fc70fdd6a64e9dbfd47b63c08cdcbb4ea42eaa8a0083155a488e32
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 12 Oct 2022 15:02:44 GMT
x-content-type-options
nosniff
age
604270
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
63125
x-xss-protection
0
last-modified
Tue, 04 Oct 2022 15:16:22 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Thu, 12 Oct 2023 15:02:44 GMT
container.html
cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 978B 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by
Host: cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com
URL: https://cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 19 Oct 2022 14:53:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3108
x-xss-protection
0
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/html
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Thu, 19 Oct 2023 14:53:53 GMT
6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
fonts.gstatic.com/s/sourcesanspro/v21/ Frame 978B 		13 KB
13 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/sourcesanspro/v21/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600,700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c124c88ca4fcb4336e97617647ef0d32441329371120c8eabaea0fea226560b0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 12 Oct 2022 19:26:22 GMT
x-content-type-options
nosniff
age
588452
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13036
x-xss-protection
0
last-modified
Wed, 27 Apr 2022 16:04:42 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 12 Oct 2023 19:26:22 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame 978B 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsv9DBnBFf80IpZi40eMYpUkoh9eughQVVufZRXqxf7QOrnHWo5z7Zf8wlNS07HbMcpHWW8zDwH7k9z5UxmPJM99MfoAhlM2IxWKZ4ZHmpfoQidF5668BCZFXUyeqrfGtsWoExEW_WBVJQodtnMOJHonPWx_Lzaogvtr0V_6kDsH6puLf0PtT-2RgvNMgvuy1-lm5-kF380TMyG1tMvcZ7qLguv-qyt64ayA9UWre98vIizYDZmHSZDItPkUOFqRRdqp-kha6hV8y6MvLiLybC4DYFndAsA7FevNxRogz9RvkCUjU6dQnnwjoqhtQKxM-bLCTbAs&sai=AMfl-YR8J18e0Ww71qFHU4-hFZpUI1xPX0P5a7dF8c6CCxBR1IRUMxVYO-2B50yuIDZttTshzFfcR7hQRHUeaA2hIL0MAqrMspz3jJ0ljlHxP5Y3uZwXceFXnqkss_bQL8nTZH1k&sig=Cg0ArKJSzNli1Tup6-VNEAE&uach_m=[UACH]&urlfix=1&adurl=
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 19 Oct 2022 14:53:54 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Wed, 19 Oct 2022 14:53:54 GMT
dvtp_src.js
cdn.doubleverify.com/ Frame 978B 		8 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.doubleverify.com/dvtp_src.js
Requested by
Host: cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com
URL: https://cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00::210:ba19 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
9dc99a92f9d68c0bb47cf55e03971e0f068090465859bd483c97bf9c6fdd32e3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date
Wed, 19 Oct 2022 14:53:54 GMT
Content-Encoding
gzip
Last-Modified
Mon, 19 Sep 2022 15:59:20 GMT
Server
Microsoft-IIS/10.0
ETag
"0fc3bc740ccd81:0"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=900
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
3314
truncated
/ Frame 978B 		214 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4b9d19cb895faeb381f3562ce2c02ccb9151e5d8b3e6fa16ee0b96cf0439ad5c

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Content-Type
image/png
skeleton.js
static.adsafeprotected.com/ Frame 978B
Redirect Chain
  • https://pixel.adsafeprotected.com/rfw/st/1204993/66236240/skeleton.js?adsafe_url=https%3A%2F%2Fgo.sniply.site&adsafe_type=y&adsafe_url=https%3A%2F%2Fgo.sniply.site%2F&adsafe_type=e&adsafe_url=https...
  • https://static.adsafeprotected.com/skeleton.js
17 B
465 B 		Script
General
Check archive.org
Download Go to
Full URL
https://static.adsafeprotected.com/skeleton.js
Requested by
Host: cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com
URL: https://cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Server
2600:9000:223f:9e00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
bdeed1e1c0751610c8f3dc2a5c78c93f841c366b36a7f7a54f5e6752c2656c05

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Tue, 15 Feb 2022 13:58:04 GMT
x-amz-version-id
nylqTweorRThFHMBJSrf_fHcWx3KVKN3
via
1.1 63505de36d604e79a77328b302a7d4a2.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P5
age
21257751
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
content-length
17
last-modified
Mon, 17 Aug 2020 23:54:35 GMT
server
AmazonS3
etag
"53fab767ecbd3bf07990b10246befbd4"
content-type
application/javascript
cache-control
max-age=315360000
accept-ranges
bytes
x-amz-cf-id
Kwxd8vvqVIkEEoejJG1l8TICtvfWXsu0O2v004DQv8GosDLTCGXy1g==

Redirect headers

pragma
no-cache
date
Wed, 19 Oct 2022 14:53:54 GMT
server
nginx
x-server-name
app01.ie.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
location
https://static.adsafeprotected.com/skeleton.js
cache-control
no-cache
content-length
0
sca.17.6.2.js
static.adsafeprotected.com/ Frame F408 		91 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.adsafeprotected.com/sca.17.6.2.js
Requested by
Host: cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com
URL: https://cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223f:9e00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 21 Sep 2022 15:36:17 GMT
x-amz-version-id
go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding
gzip
via
1.1 63505de36d604e79a77328b302a7d4a2.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P5
age
2416658
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Tue, 20 Sep 2022 19:21:34 GMT
server
AmazonS3
etag
W/"1f3488247c90bb5de253d3d0cb3b7458"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=315360000
x-amz-cf-id
b3bxrB8QwE7SmfoeCam-JwDT_UY2iY8795nNTNSK6y8hXFi1smMOCw==
dt
dt.adsafeprotected.com/ Frame 978B 		43 B
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=1204993&asId=5fd5ec8d-1d00-735e-4e4c-fede177d375f&tv=%7Bc:rv9ZBY,pingTime:-3,time:182,type:v,clog:%5B%7Bpiv:-1,vs:n,r:,w:1600,h:0,t:135%7D,%7Bpiv:0,vs:o,r:l,t:181%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:1,cnod:1,gm:0,slTimes:%7Bi:0,o:182,n:181,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:135,wc:0.0.1600.1200,ac:NaN.NaN.1600.0,am:i,cc:NaN.NaN.1600.0,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B61~1,0~0%5D,as:%5B61~1600.0%5D%7D%7D,%7Bsl:o,t:181,wc:0.0.1600.1200,ac:NaN.NaN.1600.0,am:i,cc:NaN.NaN.1600.0,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B1~0%5D,as:%5B1~1600.0%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tkIMCla+11%7C12%7C13%7C14*.1204993-66236240,idMap:14*,rmeas:1,rend:1,renddet:DIV.qs.sn,siq:136%7D&br=c
Requested by
Host: cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com
URL: https://cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:1aca:4280:e955:3e30:9d62:70ae Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 19 Oct 2022 14:53:54 GMT
server
nginx
x-server-name
dt12.va.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
dt
dt.adsafeprotected.com/ Frame 978B 		43 B
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=1204993&asId=5fd5ec8d-1d00-735e-4e4c-fede177d375f&tv=%7Bc:rv9ZC0,pingTime:-6,time:184,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:1,cnod:1,gm:0,slTimes:%7Bi:0,o:184,n:181,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:135,wc:0.0.1600.1200,ac:NaN.NaN.1600.0,am:i,cc:NaN.NaN.1600.0,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B61~1,0~0%5D,as:%5B61~1600.0%5D%7D%7D,%7Bsl:o,t:181,wc:0.0.1600.1200,ac:NaN.NaN.1600.0,am:i,cc:NaN.NaN.1600.0,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B3~0%5D,as:%5B3~1600.0%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tkIMCla+11%7C12%7C13%7C14*.1204993-66236240,idMap:14*,rmeas:1,rend:1,renddet:DIV.qs.sn,siq:136%7D&tpiLookup=ao:go.sniply.site*&br=c
Requested by
Host: cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com
URL: https://cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:1aca:4280:e955:3e30:9d62:70ae Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 19 Oct 2022 14:53:54 GMT
server
nginx
x-server-name
dt09.va.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
dt
dt.adsafeprotected.com/ Frame 978B 		43 B
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=1204993&asId=5fd5ec8d-1d00-735e-4e4c-fede177d375f&tv=%7Bc:rv9ZC7,pingTime:-2,time:191,type:a,im:%7Bsf:1,pom:1,prf:%7BbdA:124,bdZ:264,beA:279,beZ:280,mfA:395,cmA:397,inA:397,inZ:402,prA:402,prZ:406,si:414,poA:415,poZ:430,cmZ:430,mfZ:430,loA:462,loZ:465,ltA:469,ltZ:469,mdA:280,mdZ:361%7D%7D,sca:%7Bdfp:%7Bdf:0%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:-1,vs:n,r:,w:1600,h:0,t:135%7D,%7Bpiv:0,vs:o,r:l,t:181%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:1,cnod:1,gm:0,slTimes:%7Bi:0,o:191,n:181,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:135,wc:0.0.1600.1200,ac:NaN.NaN.1600.0,am:i,cc:NaN.NaN.1600.0,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B61~1,0~0%5D,as:%5B61~1600.0%5D%7D%7D,%7Bsl:o,t:181,wc:0.0.1600.1200,ac:NaN.NaN.1600.0,am:i,cc:NaN.NaN.1600.0,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B10~0%5D,as:%5B10~1600.0%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tkIMCla+11%7C12%7C13%7C14*.1204993-66236240,idMap:14*,pd:CV8L.internal-pdf-viewer,rmeas:1,rend:1,renddet:DIV.qs.sn,siq:136,sinceFw:54,readyFired:true%7D&br=c
Requested by
Host: cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com
URL: https://cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:1aca:4280:e955:3e30:9d62:70ae Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 19 Oct 2022 14:53:54 GMT
server
nginx
x-server-name
dt20.va.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
dt
dt.adsafeprotected.com/ Frame 978B 		43 B
216 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=1204993&asId=5fd5ec8d-1d00-735e-4e4c-fede177d375f&tv=%7Bc:rv9ZCI,time:229,type:e,im:%7Bimprf:%7Bttecl:358,ecd:66,tsecr:1%7D%7D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:1,cnod:1,gm:0,slTimes:%7Bi:0,o:229,n:181,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:135,wc:0.0.1600.1200,ac:NaN.NaN.1600.0,am:i,cc:NaN.NaN.1600.0,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B61~1,0~0%5D,as:%5B61~1600.0%5D%7D%7D,%7Bsl:o,t:181,wc:0.0.1600.1200,ac:NaN.NaN.1600.0,am:i,cc:NaN.NaN.1600.0,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B48~0%5D,as:%5B48~1600.0%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tkIMCla+11%7C12%7C13%7C14*.1204993-66236240,idMap:14*,rmeas:1,rend:1,renddet:DIV.qs.sn,siq:136,sis:203%7D&br=c
Requested by
Host: cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com
URL: https://cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:1aca:4280:e955:3e30:9d62:70ae Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 19 Oct 2022 14:53:54 GMT
server
nginx
x-server-name
dt19.va.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
dv-measurements3094.js
cdn.doubleverify.com/ Frame 2E30 		545 KB
105 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.doubleverify.com/dv-measurements3094.js
Requested by
Host: go.sniply.site
URL: https://go.sniply.site/web?url=https://nytimes.com/2022/10/18/theater/1776-broadway-sara-porkalob.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00::210:ba19 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
540f48245870c99b467d8171b70e0fac699be40281033d7d90e4a70eb4666f0b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date
Wed, 19 Oct 2022 14:53:54 GMT
Content-Encoding
gzip
Last-Modified
Sun, 18 Sep 2022 19:04:54 GMT
Server
Microsoft-IIS/10.0
ETag
"0cf338991cbd81:0"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=946080900
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
106974
visit.js
tps.doubleverify.com/ Frame 2E30 		694 B
701 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tps.doubleverify.com/visit.js?gdpr=&gdpr_consent=&flvr=0&ttmms=87&ttfrms=34&brid=3&brver=106.0.5249.119&bridua=3&bds=1&tstype=128&eparams=DC4FC%3Dl9EEADTbpTauTau8%40%5DD%3F%3AA%3DJ%5DD%3AE6TauU2%3F4r92%3A%3Fl9EEADTbpTauTau8%40%5DD%3F%3AA%3DJ%5DD%3AE6Tar9EEADTbpTauTau437adg%60h_%6034_h_%605f277525%60267c_53%5DD2767C2%3E6%5D8%40%408%3D6DJ%3F5%3A42E%3A%40%3F%5D4%40%3EU2%26C%3Dl9EEADTbpTauTau8%40%5DD%3F%3AA%3DJ%5DD%3AE6TauH63TbuFC%3DTbs9EEADTbpTauTau%3FJE%3A%3E6D%5D4%40%3ETaua_aaTau%60_Tau%60gTauE962E6CTau%60ffe%5C3C%4025H2J%5CD2C2%5CA%40C%3C2%3D%403%5D9E%3E%3D&srcurlD=0&aUrlD=-1&ssl=https:&uid=1666191234887551&jsCallback=dvCallback_1666191234887961&dvtagver=6.1.src&navUa=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F106.0.5249.119%20Safari%2F537.36&htmlmsging=1&chro=1&hist=2&winh=0&winw=1600&wouh=1200&wouw=1600&scah=1200&scaw=1600&jsver=3094&tgjsver=3094&lvvn=28&m1=13&refD=1&referrer=https%3A%2F%2Fcbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&sfe=1&fcifrms=4&brh=2&sdf=2&dvp_epl=425&noc=4&nav_pltfrm=Win32&ctx=20447730&cmp=DV432810&btreg=6110470209138408578227&btadsrv=6110470209138408578227&adsrv=104&unit=0x0&turl=https%3A%2F%2Fgo.sniply.site%2Fweb%3Furl%3Dhttps%3A%2F%2Fnytimes.com%2F2022%2F10%2F18%2Ftheater%2F1776-broadway-sara-porkalob.html&seltag=1&sadv=31899278&ord=3083346921&litm=6110470209&scrt=138408578227&splc=/29390238/nyt/theater&adu=28671638&spos=top&errorURL=https://tps.doubleverify.com/visit.jpg&mib=0&dvp_scripthash=1&t2te=0&cb=1441998823&dvp_rcp=2&dvp_htec=1&dvp_seem=2&dvp_tuk=1&dvp_sukv=684377537948.3395&dvp_tukv=272099829.5545905&dvp_uuid=15562443851.536936&dvp_strhd=0.5999999046325684&dvpx_strhd=0.5999999046325684&dvp_tuid=1148195027288
Requested by
Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements3094.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
34.149.12.213 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
213.12.149.34.bc.googleusercontent.com
Software
/
Resource Hash
7d815cb2b40341861f29eebfce194e78ee85107e1852144435c496168a97ed9e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 19 Oct 2022 14:53:55 GMT
Content-Encoding
br
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/javascript
Cache-Control
max-age=0
Connection
close
Expires
10/18/2022 14:53:55
dt
dt.adsafeprotected.com/ Frame 978B 		43 B
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=1204993&asId=5fd5ec8d-1d00-735e-4e4c-fede177d375f&tv=%7Bc:rv9ZGD,pingTime:-10,time:471,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwwfHxNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTA2LjAuNTI0OS4xMTkgU2FmYXJpLzUzNy4zNnx8MXx8MXx8R29vZ2xlIEluYy58fG4-,ch:n,fsc:17.6.2v222222220002222202222222222222222222202222222220222202000022000220222222220000022202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022222000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200022002220222202,asp:1666191234959%7C%7C17c2b3dd9e14da81a1894d6aea43f410%7C%7C11b89db74b56b4ba918674d36e95a672%7C%7Cc6ee14033600a85684696a62a2325d84%7C%7Cc6c3c3e6a713ef22984d7cd8b1e44613%7C%7C73450d5f9080b8a49dd941451b7960b3%7C%7C965d3657aa8d08a4e26e9d96f867a1f7%7C%7Cc013f707ecad83363a084b3bdc1fa86c%7C%7C1663701684%7D
Requested by
Host: cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com
URL: https://cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:1aca:4280:e955:3e30:9d62:70ae Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 19 Oct 2022 14:53:55 GMT
server
nginx
x-server-name
dt28.va.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
.status
a.et.nytimes.com// 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://a.et.nytimes.com//.status
Requested by
Host: go.sniply.site
URL: https://go.sniply.site/web?url=https://nytimes.com/2022/10/18/theater/1776-broadway-sara-porkalob.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.192.116.222 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-192-116-222.compute-1.amazonaws.com
Software
/
Resource Hash

Request headers

accept
*/*
Referer
https://go.sniply.site/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
content-type
text/plain;charset=UTF-8

Response headers
sodar
pagead2.googlesyndication.com/getconfig/ 		14 KB
11 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022101301&st=env
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022101301.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
2e3ae675dcd021313427b3f6251bea6f944d4a3ee12f43e73dd78276c044897d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://go.sniply.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 19 Oct 2022 14:53:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11130
x-xss-protection
0
sodar2.js
tpc.googlesyndication.com/sodar/ 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi-ip.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://go.sniply.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 19 Oct 2022 14:53:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Wed, 19 Oct 2022 14:53:55 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 9D7A 		13 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi-ip.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://go.sniply.site/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
356
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Wed, 19 Oct 2022 14:47:59 GMT
expires
Thu, 19 Oct 2023 14:47:59 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame 1F66 		783 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi-ip.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
c98e4cc717c1931e817b70012707563dbeccc556fe72e59c739efadfcdd2eef1
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-a0Rtrfm-OCqem6kESKGkIA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://go.sniply.site/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private, max-age=300
content-encoding
gzip
content-length
513
content-security-policy
script-src 'report-sample' 'nonce-a0Rtrfm-OCqem6kESKGkIA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Wed, 19 Oct 2022 14:53:55 GMT
expires
Wed, 19 Oct 2022 14:53:55 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
7JEUJG1jVChIMuhiOxVurQN9pIQLeBNKr_aiZz5iC5Y.js
pagead2.googlesyndication.com/bg/ Frame 9D7A 		36 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/7JEUJG1jVChIMuhiOxVurQN9pIQLeBNKr_aiZz5iC5Y.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ec9114246d6354284832e8623b156ead037da4840b78134aaff6a2673e620b96
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 19 Oct 2022 07:49:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
25481
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15945
x-xss-protection
0
last-modified
Tue, 11 Oct 2022 09:38:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 19 Oct 2023 07:49:14 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame 1F66 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022101301&jk=1112449675761997&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers
generate_204
tpc.googlesyndication.com/ Frame 9D7A 		0
10 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/generate_204?5ekG0g
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 19 Oct 2022 14:53:55 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
sodar
pagead2.googlesyndication.com/pagead/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2022101301&jk=1112449675761997&bg=!cHOlczfNAAYeOJy_Pjg7ACkAdvg8Wj3XXmc02j3yvUJhKDtEva6-gddRvLS1Vr9-68Gr2yVwiwYuowIAAABUUgAAAAJoAQcKABwM3e0WMewdnI_CCx7AkVkUtxrozapDwVJeZQWomQKZaioZDSLcZi7iMfX9XtIJyolU8inwyFtkb-uTswuCb-04LZhp6xMGGFfO2he057sgP4tAVjls-0R-Am0cI92MCw-biyBjy1o0KQSlPOBle-y_Mq2fiB-nsietS3X_zTmT37nuu1qQ-seM0wCxTJozaL0j-CcVWKBJMHZVN6HyeNag7kAt1lBHSU4VZY5sejC4-_MsNRRkBeyVAJ4kvdkufcqbr_f4lzr7kklL26d8GVK5oVfu7SG_Eb7AMI3dtSq9uLKFnnbCspz3JhHp0rtALWV222DbO-RHvfLwMg4aXFu2ONmz__wBuKioTYOLcXy7jfMFvlM7XheDUMcc1r3NIUZlrGh4DrOZQ7azf0qzsXMqzGi3gSUn2D0bVc6bTgRqdNFUhWMW22LQkmYCIxk2x6dA20_WqKAXhafFJKx-PclX_XYjL9-8JMgLa7EbwaAh8oUScJnCp57EAF2evuhUbMG_wfN6kOCt6zjfCNDjKzEAAaeP0WO_z0-UvUD5egsRBKjJhPJJU0kEu3xCbnfuOhyvLnYyj6O-XZx2MMOj1hok-50IECM-dWWPk30rWP7eKIm9qziDNcoXJIPMN_9Jnss8IUQPW9Y78HCenW7W3ySooLdvR9QQS5YiG6QrbPjHKaSeSOay4-kK7x8iWcRH4ToSbosUaIIFfe3scmfNrrvksZJC-pQOSNeCGcMpi0KudH2hVrJ5s6pI4Ok1l2GRq1eT9nq5Xkfb74hTdftmMVhB8iLZeHao_H6I0Lplm_OTUt3lIVQbiwu6uOQnrxg7454ABo5nUxR_QQ7uAudpOkZdIhkKnhMkgBEhwsOO9IvImnBYOcephPa4yAxbVwo2nvDMfN0KE7px9kzTCww36aRzCmfmpBk8H24
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://go.sniply.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers
activeview
pagead2.googlesyndication.com/pcs/ Frame 978B 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvzDwyaUvooFUAYr7Ik5tvzzs4GBqAuQxRNZ1YM119qZLG-9kz83EJAQvsND1Imq4Khln0cX_VB4OyyHESzvPc_faKrzFlBmbnGj1jNOMhKrvsjMrfH&sig=Cg0ArKJSzK0UNlt4BVDIEAE&id=lidar2&mcvt=1000&p=148,0,418,1600&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20221012&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=7&adk=1591181310&rs=4&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1666191234209&rpt=360&isd=0&lsd=0&met=mue&wmsd=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 19 Oct 2022 14:53:56 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
dt
dt.adsafeprotected.com/ Frame 978B 		43 B
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=1204993&asId=5fd5ec8d-1d00-735e-4e4c-fede177d375f&tv=%7Bc:rv9ZZo,pingTime:1,time:1634,type:p,clog:%5B%7Bpiv:-1,vs:n,r:,w:1600,h:0,t:135%7D,%7Bpiv:0,vs:o,r:l,t:181%7D,%7Bpiv:100,vs:i,r:,h:270,t:633%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:1,cnod:1,gm:0,slTimes:%7Bi:1002,o:633,n:181,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:135,wc:0.0.1600.1200,ac:NaN.NaN.1600.0,am:i,cc:NaN.NaN.1600.0,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B61~1,0~0%5D,as:%5B61~1600.0%5D%7D%7D,%7Bsl:o,t:181,wc:0.0.1600.1200,ac:NaN.NaN.1600.0,am:i,cc:NaN.NaN.1600.0,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B452~0%5D,as:%5B452~1600.0%5D%7D%7D,%7Bsl:i,t:633,wc:0.0.1600.1200,ac:NaN.NaN.1600.270,am:i,cc:NaN.NaN.1600.270,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1002~100%5D,as:%5B1002~1600.270%5D%7D%7D%5D,slEventCount:3,em:true,fr:false,e:,tt:rjss,dtt:135,fm:tkIMCla+11%7C12%7C13%7C14*.1204993-66236240,idMap:14*,rmeas:1,rend:1,renddet:DIV.qs.sn,siq:136,sis:203%7D&br=c
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:1aca:4280:e955:3e30:9d62:70ae Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 19 Oct 2022 14:53:56 GMT
server
nginx
x-server-name
dt25.va.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
dt
dt.adsafeprotected.com/ Frame 978B 		43 B
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=1204993&asId=5fd5ec8d-1d00-735e-4e4c-fede177d375f&tv=%7Bc:rv9ZZp,pingTime:1,time:1635,type:pf,clog:%5B%7Bpiv:-1,vs:n,r:,w:1600,h:0,t:135%7D,%7Bpiv:0,vs:o,r:l,t:181%7D,%7Bpiv:100,vs:i,r:,h:270,t:633%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:1,cnod:1,gm:0,slTimes:%7Bi:1002,o:633,n:181,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:135,wc:0.0.1600.1200,ac:NaN.NaN.1600.0,am:i,cc:NaN.NaN.1600.0,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B61~1,0~0%5D,as:%5B61~1600.0%5D%7D%7D,%7Bsl:o,t:181,wc:0.0.1600.1200,ac:NaN.NaN.1600.0,am:i,cc:NaN.NaN.1600.0,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B452~0%5D,as:%5B452~1600.0%5D%7D%7D,%7Bsl:i,t:633,wc:0.0.1600.1200,ac:NaN.NaN.1600.270,am:i,cc:NaN.NaN.1600.270,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1002~100%5D,as:%5B1002~1600.270%5D%7D%7D%5D,slEventCount:3,em:true,fr:false,e:,tt:rjss,dtt:135,fm:tkIMCla+11%7C12%7C13%7C14*.1204993-66236240,idMap:14*,rmeas:1,rend:1,renddet:DIV.qs.sn,siq:136,sis:203%7D&br=c
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:1aca:4280:e955:3e30:9d62:70ae Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 19 Oct 2022 14:53:56 GMT
server
nginx
x-server-name
dt26.va.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
dt
dt.adsafeprotected.com/ Frame 978B 		43 B
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=1204993&asId=5fd5ec8d-1d00-735e-4e4c-fede177d375f&tv=%7Bc:rv9ZZp,pingTime:1,time:1635,type:c,clog:%5B%7Bpiv:-1,vs:n,r:,w:1600,h:0,t:135%7D,%7Bpiv:0,vs:o,r:l,t:181%7D,%7Bpiv:100,vs:i,r:,h:270,t:633%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:1,cnod:1,gm:0,slTimes:%7Bi:1002,o:633,n:181,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:135,wc:0.0.1600.1200,ac:NaN.NaN.1600.0,am:i,cc:NaN.NaN.1600.0,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B61~1,0~0%5D,as:%5B61~1600.0%5D%7D%7D,%7Bsl:o,t:181,wc:0.0.1600.1200,ac:NaN.NaN.1600.0,am:i,cc:NaN.NaN.1600.0,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B452~0%5D,as:%5B452~1600.0%5D%7D%7D,%7Bsl:i,t:633,wc:0.0.1600.1200,ac:NaN.NaN.1600.270,am:i,cc:NaN.NaN.1600.270,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1003~100%5D,as:%5B1003~1600.270%5D%7D%7D%5D,slEventCount:3,em:true,fr:false,e:,tt:rjss,dtt:135,fm:tkIMCla+11%7C12%7C13%7C14*.1204993-66236240,idMap:14*,rmeas:1,rend:1,renddet:DIV.qs.sn,siq:136,sis:203,metricId:TpQLI1,cmr:t%7D&br=c
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:1aca:4280:e955:3e30:9d62:70ae Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 19 Oct 2022 14:53:56 GMT
server
nginx
x-server-name
dt27.va.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
cksync.php
cs.media.net/ 		44 B
410 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cs.media.net/cksync.php?cs=8
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.35.228.23 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-228-23.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
1681cb2b2db935f48c843351945df3f3f77f79c1c8de28c4fa88d8b655c25ae2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://go.sniply.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 19 Oct 2022 14:53:56 GMT
Server
Apache
P3P
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Timing-Allow-Origin
*
Content-Length
44
X-MNET-HL2
E
Expires
Wed, 19 Oct 2022 14:53:56 GMT
pd
u.openx.net/w/1.0/ 		43 B
131 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://u.openx.net/w/1.0/pd
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://go.sniply.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 19 Oct 2022 14:53:56 GMT
content-encoding
gzip
via
1.1 google
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
content-type
image/gif
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
56
expires
Mon, 26 Jul 1997 05:00:00 GMT
sync
eb2.3lift.com/ 		37 B
140 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/sync?px=1&src=prebid&
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://go.sniply.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 19 Oct 2022 14:53:56 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
37
content-type
image/gif
event.png
tpsc-eu3.doubleverify.com/ Frame 2E30 		0
229 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://tpsc-eu3.doubleverify.com/event.png?impid=1e2e5c4f0e1b490eb684f051414f55d9&gdpr=&gdpr_consent=&dvp_gdpr_Error=3&dvp_gdv2_Error=3&vdur=162&eoid=11&msrjs=3094&sdf=67108866&vit=2&isvelg=1&rmi=16&tltms=0&tetms=8&msltms=66&vltms=162&sei=290&vetms=4&engms=1&engisel=1&dvp_dtcov=2&msrcanlm=456&msrcannum=4&ismms=41&isumms=40&nvr=6&isgmmims=41&isgmv4mims=41&elmtp=2&isbxdms=3040&b0=314&b11=2804&adhgt=270&adwdth=1600&vsos=23&dvp_vsosnmr=16&lftb=3118&sftb=3118&msrdp=0&naral=64&vct=512&vphgt=1200&vpwdth=1600&chgt=270&cwdth=1600&invcs=false&scrhgt=1200&scrwdth=1600&strp=0&advisonl=false&isiabvms=1240&isuiabvms=1240&isgmpims=40&isgmv4dpims=1240&ispmxpms=1240&engalms=39&engscrlms=342&dvp_pageEng=true&dvp_dpr=1&ttfurm=3199&cbust=1666191238054814
Requested by
Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements3094.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
34.149.12.213 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
213.12.149.34.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Pragma
no-cache
Date
Wed, 19 Oct 2022 14:53:58 GMT
Cache-Control
max-age=0
Access-Control-Allow-Credentials
true
Connection
close
Expires
10/18/2022 14:53:58
dt
dt.adsafeprotected.com/ Frame 978B 		43 B
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=1204993&asId=5fd5ec8d-1d00-735e-4e4c-fede177d375f&tv=%7Bc:rva0vD,pingTime:3,time:3633,type:c,clog:%5B%7Bpiv:-1,vs:n,r:,w:1600,h:0,t:135%7D,%7Bpiv:0,vs:o,r:l,t:181%7D,%7Bpiv:100,vs:i,r:,h:270,t:633%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:1,cnod:1,gm:0,slTimes:%7Bi:3001,o:633,n:181,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:135,wc:0.0.1600.1200,ac:NaN.NaN.1600.0,am:i,cc:NaN.NaN.1600.0,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B61~1,0~0%5D,as:%5B61~1600.0%5D%7D%7D,%7Bsl:o,t:181,wc:0.0.1600.1200,ac:NaN.NaN.1600.0,am:i,cc:NaN.NaN.1600.0,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B452~0%5D,as:%5B452~1600.0%5D%7D%7D,%7Bsl:i,t:633,wc:0.0.1600.1200,ac:NaN.NaN.1600.270,am:i,cc:NaN.NaN.1600.270,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B3001~100%5D,as:%5B3001~1600.270%5D%7D%7D%5D,slEventCount:3,em:true,fr:false,e:,tt:rjss,dtt:104,fm:tkIMCla+11%7C12%7C13%7C14*.1204993-66236240,idMap:14*,rmeas:1,rend:1,renddet:DIV.qs.sn,siq:136,sis:203,metricId:oHpDvn1,cmr:t%7D&br=c
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:1aca:4280:e955:3e30:9d62:70ae Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 19 Oct 2022 14:53:58 GMT
server
nginx
x-server-name
dt22.va.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
samizdat-graphql.nytimes.com
URL
https://samizdat-graphql.nytimes.com/graphql/v2
Domain
als-svc.nytimes.com
URL
https://als-svc.nytimes.com/als?uri=nyt%3A%2F%2Farticle%2F4e38d2ab-f6c4-571f-9ea0-149612dc1368&typ=&prop=nyt&plat=web
Domain
samizdat-graphql.nytimes.com
URL
https://samizdat-graphql.nytimes.com/graphql/v2
Domain
meter-svc.nytimes.com
URL
https://meter-svc.nytimes.com/meter.js?sourceApp=vi&url=https%3A%2F%2Fgo.sniply.site%2Fweb%3Furl%3Dhttps%3A%2F%2Fnytimes.com%2F2022%2F10%2F18%2Ftheater%2F1776-broadway-sara-porkalob.html&referer=https%3A%2F%2Fgo.sniply.site%2Fweb%3Furl%3Dhttps%3A%2F%2Fnytimes.com%2F2022%2F10%2F18%2Ftheater%2F1776-broadway-sara-porkalob.html&pageviewID=Fzu31cf5GaF-aIislJ99ULbA
Domain
samizdat-graphql.nytimes.com
URL
https://samizdat-graphql.nytimes.com/graphql/v2
Domain
samizdat-graphql.nytimes.com
URL
https://samizdat-graphql.nytimes.com/graphql/v2
Domain
a.nytimes.com
URL
https://a.nytimes.com/svc/nyt/data-layer?assetUrl=https%3A%2F%2Fgo.sniply.site%2Fweb%3Furl%3Dhttps%3A%2F%2Fnytimes.com%2F2022%2F10%2F18%2Ftheater%2F1776-broadway-sara-porkalob.html&caller_id=nyt-vi&jkcb=1666191234046&referrer=&sourceApp=nyt-vi
Domain
purr.nytimes.com
URL
https://purr.nytimes.com/v1/purr-cache
Domain
samizdat-graphql.nytimes.com
URL
https://samizdat-graphql.nytimes.com/graphql/v2

Verdicts & Comments Add Verdict or Comment

89 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation number| viHeadScriptSize object| NYTD object| vi boolean| hybrid function| initWebview function| nyt_et object| UnifiedTracking function| Abra object| swgUserInfoXhrObject object| dataLayer object| userXhrObject function| userXhrRefresh object| _interactiveRegistry function| registerInteractive function| getInteractiveBridge function| onInitNativeAds object| webpackJsonp object| adClientUtils object| AdSlot4 object| AdSlot object| googletag object| grumi object| apstag string| sov function| pbjsChunk object| pbjs object| _pbjsGlobals object| mnet boolean| apstagLOADED object| __preloadedData object| ggeac object| google_tag_data object| google_js_reporting_queue object| regeneratorRuntime function| __extends function| __assign function| __rest function| __decorate function| __param function| __metadata function| __awaiter function| __generator function| __exportStar function| __createBinding function| __values function| __read function| __spread function| __spreadArrays function| __spreadArray function| __await function| __asyncGenerator function| __asyncDelegator function| __asyncValues function| __makeTemplateObject function| __importStar function| __importDefault function| __classPrivateFieldGet function| __classPrivateFieldSet object| __SECRET_LIGHTS__ undefined| google_measure_js_timing object| googleToken object| googleIMState function| processGoogleToken number| google_unique_id object| gaGlobal string| slotElement function| sprintf function| vsprintf object| meter boolean| NYT_VI_RENDERED boolean| hasStartedMeasuringUserStateRequest string| ASSETTYPE boolean| initialDeviceTypeResizeCallback object| GoogleGcLKhOms object| google_image_requests

12 Cookies

Domain/Path Name / Value
bs.serving-sys.com/Serving Name: S_1078462382
Value: 5999618581843275405
.rubiconproject.com/ Name: khaos
Value: L9FR8NTD-4-9BC3
.rubiconproject.com/ Name: audit
Value: 1|hLZGFuTafB2zpIgCHAXjxz5APvdogVCbaTd6KyMQnavCRi4Lg8bJK7At2i6TsQpwlwf7H+N3Bxn5p3l/tTBpW8xuhZpbWKLt8P1naHyEYMk=
.nytimes.com/ Name: nyt-a
Value: cEVjKRUiBEOdRbSbAf4gpoVH
.et.nytimes.com/ Name: sessionActive
Value: true
.et.nytimes.com/ Name: sessionIndex
Value: 1|1666191233508|cEVjKRUiBEOdRbSbAf4gpoVH|1666191233508
.et.nytimes.com/ Name: et-ppvid
Value: https://go.sniply.site/web=Fzu31cf5GaF-aIislJ99ULbA
.doubleclick.net/ Name: IDE
Value: AHWqTUkJSnjqsQ9hXUJl-FuqWXATEI3iR8YftXCYgFdkNU2IbUktWRDLPgAK_RY1LmI
.sniply.site/ Name: __gads
Value: ID=b9899a138f3688b3:T=1666191234:S=ALNI_MZmeyAmEXBkuG5QawsonsbpCkQnHg
.sniply.site/ Name: __gpi
Value: UID=00000b13726e7b0a:T=1666191234:RT=1666191234:S=ALNI_MbnDVaP0WmJeHV0narraYtT8XJA7Q
.serving-sys.com/ Name: A6
Value: 10U9tsxJ3t1007N3000000000
.serving-sys.com/ Name: u2
Value: 3acb1c0d-9bc0-4065-8d75-15c4c26f1fc64Jk060

21 Console Messages

Source Level URL
Text
javascript error URL: https://go.sniply.site/web?url=https://nytimes.com/2022/10/18/theater/1776-broadway-sara-porkalob.html
Message:
Access to XMLHttpRequest at 'https://samizdat-graphql.nytimes.com/graphql/v2' from origin 'https://go.sniply.site' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://samizdat-graphql.nytimes.com/graphql/v2
Message:
Failed to load resource: net::ERR_FAILED
security error URL: https://myaccount.nytimes.com/auth/prefetch-assets
Message:
The Content Security Policy directive 'upgrade-insecure-requests' is ignored when delivered in a report-only policy.
network error URL: https://www.googletagmanager.com/gtm.js?id=GTM-P528B3%3Em_auth=tfAzqo1rYDLgYhmTnSjPqw%3Em_preview=env-130%3Em_cookies_win=x
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://myaccount.nytimes.com/lire_ui/js/common/abra/index.js
Message:
Failed to load resource: the server responded with a status of 404 ()
javascript error URL: https://go.sniply.site/web?url=https://nytimes.com/2022/10/18/theater/1776-broadway-sara-porkalob.html
Message:
Access to XMLHttpRequest at 'https://als-svc.nytimes.com/als?uri=nyt%3A%2F%2Farticle%2F4e38d2ab-f6c4-571f-9ea0-149612dc1368&typ=&prop=nyt&plat=web' from origin 'https://go.sniply.site' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://als-svc.nytimes.com/als?uri=nyt%3A%2F%2Farticle%2F4e38d2ab-f6c4-571f-9ea0-149612dc1368&typ=&prop=nyt&plat=web
Message:
Failed to load resource: net::ERR_FAILED
javascript error URL: https://go.sniply.site/web?url=https://nytimes.com/2022/10/18/theater/1776-broadway-sara-porkalob.html
Message:
Access to XMLHttpRequest at 'https://samizdat-graphql.nytimes.com/graphql/v2' from origin 'https://go.sniply.site' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://samizdat-graphql.nytimes.com/graphql/v2
Message:
Failed to load resource: net::ERR_FAILED
javascript error URL: https://go.sniply.site/web?url=https://nytimes.com/2022/10/18/theater/1776-broadway-sara-porkalob.html
Message:
Access to XMLHttpRequest at 'https://samizdat-graphql.nytimes.com/graphql/v2' from origin 'https://go.sniply.site' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://samizdat-graphql.nytimes.com/graphql/v2
Message:
Failed to load resource: net::ERR_FAILED
javascript error URL: https://go.sniply.site/web?url=https://nytimes.com/2022/10/18/theater/1776-broadway-sara-porkalob.html
Message:
Access to XMLHttpRequest at 'https://samizdat-graphql.nytimes.com/graphql/v2' from origin 'https://go.sniply.site' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://samizdat-graphql.nytimes.com/graphql/v2
Message:
Failed to load resource: net::ERR_FAILED
javascript error URL: https://go.sniply.site/web?url=https://nytimes.com/2022/10/18/theater/1776-broadway-sara-porkalob.html
Message:
Access to XMLHttpRequest at 'https://samizdat-graphql.nytimes.com/graphql/v2' from origin 'https://go.sniply.site' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://samizdat-graphql.nytimes.com/graphql/v2
Message:
Failed to load resource: net::ERR_FAILED
javascript error URL: https://go.sniply.site/web?url=https://nytimes.com/2022/10/18/theater/1776-broadway-sara-porkalob.html
Message:
Access to fetch at 'https://purr.nytimes.com/v1/purr-cache' from origin 'https://go.sniply.site' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
network error URL: https://purr.nytimes.com/v1/purr-cache
Message:
Failed to load resource: net::ERR_FAILED
javascript error URL: https://go.sniply.site/web?url=https://nytimes.com/2022/10/18/theater/1776-broadway-sara-porkalob.html
Message:
Access to XMLHttpRequest at 'https://a.nytimes.com/svc/nyt/data-layer?assetUrl=https%3A%2F%2Fgo.sniply.site%2Fweb%3Furl%3Dhttps%3A%2F%2Fnytimes.com%2F2022%2F10%2F18%2Ftheater%2F1776-broadway-sara-porkalob.html&caller_id=nyt-vi&jkcb=1666191234046&referrer=&sourceApp=nyt-vi' from origin 'https://go.sniply.site' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://a.nytimes.com/svc/nyt/data-layer?assetUrl=https%3A%2F%2Fgo.sniply.site%2Fweb%3Furl%3Dhttps%3A%2F%2Fnytimes.com%2F2022%2F10%2F18%2Ftheater%2F1776-broadway-sara-porkalob.html&caller_id=nyt-vi&jkcb=1666191234046&referrer=&sourceApp=nyt-vi
Message:
Failed to load resource: net::ERR_FAILED
javascript error URL: https://go.sniply.site/web?url=https://nytimes.com/2022/10/18/theater/1776-broadway-sara-porkalob.html
Message:
Access to XMLHttpRequest at 'https://meter-svc.nytimes.com/meter.js?sourceApp=vi&url=https%3A%2F%2Fgo.sniply.site%2Fweb%3Furl%3Dhttps%3A%2F%2Fnytimes.com%2F2022%2F10%2F18%2Ftheater%2F1776-broadway-sara-porkalob.html&referer=https%3A%2F%2Fgo.sniply.site%2Fweb%3Furl%3Dhttps%3A%2F%2Fnytimes.com%2F2022%2F10%2F18%2Ftheater%2F1776-broadway-sara-porkalob.html&pageviewID=Fzu31cf5GaF-aIislJ99ULbA' from origin 'https://go.sniply.site' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://meter-svc.nytimes.com/meter.js?sourceApp=vi&url=https%3A%2F%2Fgo.sniply.site%2Fweb%3Furl%3Dhttps%3A%2F%2Fnytimes.com%2F2022%2F10%2F18%2Ftheater%2F1776-broadway-sara-porkalob.html&referer=https%3A%2F%2Fgo.sniply.site%2Fweb%3Furl%3Dhttps%3A%2F%2Fnytimes.com%2F2022%2F10%2F18%2Ftheater%2F1776-broadway-sara-porkalob.html&pageviewID=Fzu31cf5GaF-aIislJ99ULbA
Message:
Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.et.nytimes.com
a.nytimes.com
aax-dtb-cf.amazon-adsystem.com
adservice.google.com
adservice.google.de
als-svc.nytimes.com
bs.serving-sys.com
c.amazon-adsystem.com
cbf2581901bc0901d7affdad1aef40db.safeframe.googlesyndication.com
cdn.doubleverify.com
cdn.jsdelivr.net
cs.media.net
dt.adsafeprotected.com
eb2.3lift.com
fastlane.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
g1.nyt.com
go.sniply.site
ib.adnxs.com
meter-svc.nytimes.com
myaccount.nytimes.com
nytimes-d.openx.net
nytimes.com
pagead2.googlesyndication.com
pixel.adsafeprotected.com
prebid.media.net
purr.nytimes.com
rumcdn.geoedge.be
samizdat-graphql.nytimes.com
secure-gl.imrworldwide.com
securepubads.g.doubleclick.net
static.adsafeprotected.com
static01.nyt.com
static01.nytimes.com
tlx.3lift.com
tpc.googlesyndication.com
tps.doubleverify.com
tpsc-eu3.doubleverify.com
u.openx.net
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.nytimes.com
a.nytimes.com
als-svc.nytimes.com
meter-svc.nytimes.com
purr.nytimes.com
samizdat-graphql.nytimes.com
108.157.6.231
13.248.245.213
151.101.129.164
151.101.65.164
23.35.228.23
2600:1f18:1aca:4280:e955:3e30:9d62:70ae
2600:9000:2182:e800:4:b37b:9440:93a1
2600:9000:223f:9e00:8:48e:53c0:93a1
2600:9000:2394:d200:1e:a43d:b640:93a1
2602:803:c004:200::143
2606:4700::6810:5714
2606:4700::6810:f34e
2a00:1450:4001:802::2008
2a00:1450:4001:808::2002
2a00:1450:4001:80b::2002
2a00:1450:4001:811::2004
2a00:1450:4001:827::2002
2a00:1450:4001:827::200a
2a00:1450:4001:828::2001
2a00:1450:4001:829::2001
2a00:1450:4001:829::2002
2a00:1450:4001:82a::2003
2a00:1450:4001:82b::2002
2a02:26f0:6c00::210:ba19
3.65.193.119
34.107.148.139
34.149.12.213
34.192.116.222
34.243.65.71
35.158.33.229
35.244.159.8
37.252.173.62
65.9.71.118
01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd
021d83ded368491a9f0a1671fb7ca0ad89777d49843363c5347387c07d24ecaf
03dad70ef36749578735875c4d32320eb9c060a939b67788c8bdd33b0335fbdb
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
0b904723c5938b523c9ae329ba2b763681cb1de225c8f202d11012cbfd533f1f
0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5
0d1d6cd60aa888adcd8d92c5883cdf2523a2e85334a7c73d55911e86429053cf
0eeffde000fc70fdd6a64e9dbfd47b63c08cdcbb4ea42eaa8a0083155a488e32
0fc70e85011c4b3c42154f1902e117d43da1287c4e08fe551183273eec9028ae
1681cb2b2db935f48c843351945df3f3f77f79c1c8de28c4fa88d8b655c25ae2
18ddec635c94f0004919a4c299f1e5bdf1e5cc0efc263669fc343d5cfc6144f3
18ffb82a05bcd7e430f57b9428d2a6990f127948e7ff14d66c3784a84f4330ee
1af2148d7bd5e2a0c9ddc1c5b9ff072996852f4f11ebc19695ba4ee08ddb9c4a
284b0236a4042298beab7fbd92e85285533473c1316488a1fd2e0aa3522f607a
29cd49f61d6124f05a6cd8d781742624ea2205be8dcee00249e588e2a02737e2
2ccd0ce11738369585c6f39ed2cde7b3b3b1c25c12fc30047218aa201d6add76
2e3ae675dcd021313427b3f6251bea6f944d4a3ee12f43e73dd78276c044897d
336766b2395779a61b078c520e063d9d7bf0b67c5cef860ddc3d7c5f6d8ebd84
3c769ea94526a9cfc97719dbf3252392fe69508b831c6c4f962bb991b785ab18
41bb037fbadead5d06371789c1cd80e58ef9b3acb29d74de85aaad85216eebfe
47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292
48c17df8a89e5c3acb4127a265cce50218716f0dfdf7ad265267d4a013f01b2f
496f3d6a84d22bf0e322593740b3b6bfee2f48009c4064135d1f11743d365674
4b9d19cb895faeb381f3562ce2c02ccb9151e5d8b3e6fa16ee0b96cf0439ad5c
4c3803d7a5072fcb6e08e1d85f8748b19a22f8e1adbf7a9414958ddc66df601e
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
540f48245870c99b467d8171b70e0fac699be40281033d7d90e4a70eb4666f0b
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
564385e5dd8a1058fd759445c33b2c554d409528496b9d91533eeb079f6415de
57bc281be64ff5ec8e3c2258640df6097a32f08ac5a2c346f214300eb430f176
58e9421a90a07cbdfc8fdcd11e1753a9bf6460911eab1b9d353388b1e5ceff79
5d7c7d25a0da74c0dd466120c3c09bd94cb982fc66ebc4a78675339f37323bf5
5ecb58845a9ac30e4eb4b18eb0e7431ba1fb195ce035309735efaee67421c7a3
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6caabf1cb16da773389e1f59e05c1c3d8feb5fc3727a8e7210cf7d41a7c25275
6d5aeb863142a8ddac2ae6d950ad4995d72ecb88e8657e7d9c505459dc930ba7
70ea4e02c495fa95ff1f91ff189838908b685048661a69f863288217c0c64b27
7633b7c0c97d19e682feee8afa2738523fcb2a14544a550572caeecd2eefe66b
77c51b9b96e69e71adc8642653d1607ddc3a3965b4bd10eac59c2baccadbb798
7b36b6c1d3523b6a2aa21e89f40e56623b034a4d87755329ddb35b288eedfbb1
7c588468d926408f81d90d67300a8f685e74142c97f36f06c170d4a4f1052ecf
7d815cb2b40341861f29eebfce194e78ee85107e1852144435c496168a97ed9e
7e600a56d48ef1c596bf57dab35afecd2d31a8d2672b045efdde1fec1a0f0f07
83e6f2592c322f513c535afa75afdfbe15918f36444b19719e75be6a3deafac1
89b4aa9e9bf8516c2ab7b5134f65d47b02071637259a14c9f60dccc207e05ce4
8c7b91cd68672ae21734ac0a40907719b576084ff6daf647a0ef4f4163f352fc
8ce9061fedb1cfa7f6e3fddbd6467919c6c7138c63ba6cc2bcfee7dedeb48881
8d50c94e062cfbcd2b5b804e9bdb01755941dc851812cdbeea3c6dc928651f8c
8d6fd14dc16076e0af20e30dc8e4f7b6912902289a5076aee6c706f711bd57f2
9dc99a92f9d68c0bb47cf55e03971e0f068090465859bd483c97bf9c6fdd32e3
9dd9f3eb741e25464a7391dff38bda6d2a364f870bef83158ac9079bcd3ef2cb
a28a7919609e8803c6ef063aa4e91bad9fd5a220c73f0a064863c4ddfd0defea
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a68a70f7be9281f3f7148b38d7f5971f1dc946d3034a40e55021d0fb6fb78d73
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a931fed0c94dffa9e7b8c2211bbef72da62d20b73cd718be5d515bd8962cf078
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b28bb10d1b574db881cdd742dbe4593c1344f78e3ba378350c51cbfcaec51da1
b32e3879c83af441e675efa49587cb894bdd3c10420475f79879fbfb7a69766b
b5221e0636a97505ae38720d4ef182d35be5fb47d2628428db4fc918ab7ee30e
b7752b4fa4e1fe4afc2259c91e874233e55a34751fdf04006ede11540a361d4f
b89e3fd498037d748b089661640b579dd8df1e0c91f8e8e12179bf88372737ad
b9eee6f451967e18cd2c8aaab93824954b842046e10da8285b3ba993f91e29c7
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bdeed1e1c0751610c8f3dc2a5c78c93f841c366b36a7f7a54f5e6752c2656c05
c124c88ca4fcb4336e97617647ef0d32441329371120c8eabaea0fea226560b0
c639b339b35d74f08362d9317c50fd84dd0c30b8f304a066ef64c6aa66064402
c98e4cc717c1931e817b70012707563dbeccc556fe72e59c739efadfcdd2eef1
cc5abef11b04b5947264f1dcad58d0aa0181e21ac8258a1b9a6fcc56b381b2b3
d083d17244eaf09c710e2954853e0218ea1cc483dbdec22c47828d7c799496f3
d278491b1de51ad826d16be5ab27b1746999c02d45200f107218427e34eed798
d3b8d3a27af92f5f8b0f3ac8e880d7a219e26955b707ff1e84de71f18c587949
da42947db2dbc8b734af5c4824cc9d4b7dcf3c3e239ea97734c635124dbdd2f1
dffa642fba88ea027ffa9179ec01f5d3e00f462435b1a0112b5b8189bf0ff0cd
e3a3e39fca849dd5ca088dcb3176b67eb7258689b1e4b63f7f410e8479a7bf64
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e444fdaa833e612d239cf21a335b8322ad8cb7c7ba697ec978bdb454f5059519
e83bc53cda9096673cc887bce1f7091eee51b8f13307abb474e0f752c8dffb57
ec9114246d6354284832e8623b156ead037da4840b78134aaff6a2673e620b96
eea5762a3d58a2d45a7ad522cb4a1d8bd13829901b4ebe78aa3f31bb394af143
eebcc48124e5dde69bd60e8d930962cb76946b24c849673565c52c2cfc107be7
eedbada334dc991a5a3ed333c39343687d98ebc4d87946e6c90d27de5ae9f24b
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f76bd0f5eddae1cb51a4bd6b85559a651980cd8baecb15e2a0f2761932030ca1