URL: https://la-iforgot.live/
Submission: On November 06 via automatic, source certstream-suspicious — Scanned from DE

Summary

This website contacted 15 IPs in 3 countries across 11 domains to perform 53 HTTP transactions. The main IP is 103.155.92.140, located in Malaysia and belongs to HOSTKEY-RU-AS, NL. The main domain is la-iforgot.live.
TLS certificate: Issued by R3 on November 5th 2021. Valid for: 3 months.
This is the only time la-iforgot.live was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

Domain Requested by
9 g1.nyt.com la-iforgot.live
g1.nyt.com
8 la-iforgot.live la-iforgot.live
7 news.google.com la-iforgot.live
rumcdn.geoedge.be
news.google.com
www.gstatic.com
4 www.gstatic.com news.google.com
www.gstatic.com
3 myaccount.nytimes.com la-iforgot.live
myaccount.nytimes.com
3 c.amazon-adsystem.com la-iforgot.live
c.amazon-adsystem.com
3 securepubads.g.doubleclick.net la-iforgot.live
rumcdn.geoedge.be
securepubads.g.doubleclick.net
2 rumcdn.geoedge.be la-iforgot.live
rumcdn.geoedge.be
2 a.et.nytimes.com la-iforgot.live
1 play.google.com www.gstatic.com
1 fonts.gstatic.com news.google.com
1 c.go-mpulse.net s.go-mpulse.net
1 hblg.media.net la-iforgot.live
1 contextual.media.net la-iforgot.live
1 s.go-mpulse.net la-iforgot.live
1 samizdat-graphql.nytimes.com la-iforgot.live
1 www.googletagmanager.com la-iforgot.live
1 static01.nyt.com la-iforgot.live
0 als-svc.nytimes.com Failed la-iforgot.live
53 19
Subject Issuer Validity Valid
*.la-iforgot.live
R3
2021-11-05 -
2022-02-03
3 months crt.sh
nytimes.com
Sectigo RSA Domain Validation Secure Server CA
2020-01-03 -
2022-04-06
2 years crt.sh
*.google-analytics.com
GTS CA 1C3
2021-10-18 -
2022-01-10
3 months crt.sh
akstat.io
DigiCert SHA2 Secure Server CA
2021-06-08 -
2022-06-13
a year crt.sh
a.et.nytimes.com
GTS CA 1D4
2021-09-28 -
2021-12-27
3 months crt.sh
*.news.google.com
GTS CA 1C3
2021-10-18 -
2022-01-10
3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3
2021-10-18 -
2022-01-10
3 months crt.sh
gw.geoedge.be
Amazon
2021-10-13 -
2022-11-10
a year crt.sh
*.media.net
DigiCert SHA2 Secure Server CA
2021-04-12 -
2022-04-20
a year crt.sh
c.amazon-adsystem.com
Amazon
2021-07-06 -
2022-06-27
a year crt.sh
*.google.com
GTS CA 1C3
2021-10-18 -
2022-01-10
3 months crt.sh
*.gstatic.com
GTS CA 1C3
2021-10-18 -
2022-01-10
3 months crt.sh

This page contains 3 frames:

Primary Page: https://la-iforgot.live/
Frame ID: 815117A084D778405BBE4D9DE77E867D
Requests: 39 HTTP requests in this frame

Frame: https://myaccount.nytimes.com/auth/prefetch-assets
Frame ID: E78B42D117DFE144B636B0BA41621439
Requests: 3 HTTP requests in this frame

Frame: https://news.google.com/swg/_/ui/v1/serviceiframe?_=454488
Frame ID: EAAA5BE99A61F4C4624CAD6458DAA3D3
Requests: 10 HTTP requests in this frame

Screenshot

Page Title

Cómo los gatos se convirtieron en los amos del internet - The New York Times

Page Statistics

53
Requests

94 %
HTTPS

57 %
IPv6

11
Domains

19
Subdomains

15
IPs

3
Countries

1311 kB
Transfer

3412 kB
Size

7
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

53 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
la-iforgot.live/
257 KB
258 KB
Document
General
Full URL
https://la-iforgot.live/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
103.155.92.140 , Malaysia, ASN50867 (HOSTKEY-RU-AS, NL),
Reverse DNS
server1.kamon.la
Software
Apache /
Resource Hash
4102a37607eea4b64b6ab6e8f07a3b16ef00f2670638286fbb6694dc5d57b085

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

Date
Sat, 06 Nov 2021 00:32:22 GMT
Server
Apache
Last-Modified
Sat, 16 Oct 2021 18:01:08 GMT
Accept-Ranges
bytes
Content-Length
263556
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Content-Type
text/html
web-fonts.b1c035e4560e0216caf8f03326e0430712b61041.css
g1.nyt.com/fonts/css/
60 KB
10 KB
Stylesheet
General
Full URL
https://g1.nyt.com/fonts/css/web-fonts.b1c035e4560e0216caf8f03326e0430712b61041.css
Requested by
Host: la-iforgot.live
URL: https://la-iforgot.live/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.193.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
UploadServer /
Resource Hash
6de706923eaa7411b5bc9dfcc2de58c8950a85454fc1aa386f3537b19f861d5a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://la-iforgot.live/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

x-goog-hash
crc32c=i0q+3Q==, md5=Gy5SJh6FIQsSa1B2q6k1mw==
date
Sat, 06 Nov 2021 00:34:54 GMT
content-encoding
gzip
content-type
text/css; charset=utf-8
age
1983126
x-guploader-uploadid
ADPycdvM_HxElX7psfISEsaNQfEgnO2Zgx5cmB4AGrFveWBc7tmn1KIO6XBFRxV4kkQJuoRY7wL5yZmwCuWxcKNne2c
x-cache
HIT
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
content-length
9775
via
1.1 varnish
x-served-by
cache-hhn4046-HHN
accept-ranges
bytes
expires
Fri, 14 Oct 2022 01:42:47 GMT
last-modified
Tue, 06 Apr 2021 21:11:51 GMT
server
UploadServer
x-timer
S1636158894.051956,VS0,VE0
etag
"1b2e52261e85210b126b5076aba9359b"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS
x-goog-generation
1617743511910294
access-control-allow-origin
*
access-control-expose-headers
Content-Type
cache-control
public,max-age=31536000,immutable
x-goog-stored-content-length
9775
x-nyt-pagetype
web-font
timing-allow-origin
*
x-cache-hits
17525
global-69acc7c8fb6a313ed7e8641e4a88bf30.css
la-iforgot.live/vi-assets/static-assets/
0
0
Stylesheet
General
Full URL
https://la-iforgot.live/vi-assets/static-assets/global-69acc7c8fb6a313ed7e8641e4a88bf30.css
Requested by
Host: la-iforgot.live
URL: https://la-iforgot.live/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
103.155.92.140 , Malaysia, ASN50867 (HOSTKEY-RU-AS, NL),
Reverse DNS
server1.kamon.la
Software
Apache /
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://la-iforgot.live/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date
Sat, 06 Nov 2021 00:32:23 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5, max=100
Content-Length
315
Content-Type
text/html; charset=iso-8859-1
adslot-832d0fbc18f2d9494e99.js
la-iforgot.live/vi-assets/static-assets/
0
0
Script
General
Full URL
https://la-iforgot.live/vi-assets/static-assets/adslot-832d0fbc18f2d9494e99.js
Requested by
Host: la-iforgot.live
URL: https://la-iforgot.live/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
103.155.92.140 , Malaysia, ASN50867 (HOSTKEY-RU-AS, NL),
Reverse DNS
server1.kamon.la
Software
Apache /
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://la-iforgot.live/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date
Sat, 06 Nov 2021 00:32:23 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5, max=99
Content-Length
315
Content-Type
text/html; charset=iso-8859-1
16tucker-jumbo.jpg
static01.nyt.com/images/2016/10/16/opinion/sunday/16tucker/
77 KB
77 KB
Image
General
Full URL
https://static01.nyt.com/images/2016/10/16/opinion/sunday/16tucker/16tucker-jumbo.jpg?quality=75&auto=webp
Requested by
Host: la-iforgot.live
URL: https://la-iforgot.live/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.193.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
UploadServer /
Resource Hash
ad6503e2b2350a7f94175b139c9b08a265f56a32e3c89e72e3bf40e0b16937c3

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://la-iforgot.live/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Sat, 06 Nov 2021 00:34:54 GMT
via
1.1 varnish, 1.1 varnish
age
111001
x-amz-meta-goog-reserved-file-mtime
1476556203
x-guploader-uploadid
ADPycdtt1Ln4Z3N7d4GER7cGVM-fnrD-d7DxtLHnRXyOZwQJHn-beBaROLxXsEenRz7zC3ZKp9rl5boqvWBFkSACNeT6_FUAuw
x-cache
HIT, HIT
fastly-io-info
ifsz=213390 idim=1024x829 ifmt=jpeg ofsz=78382 odim=1024x829 ofmt=webp
x-goog-storage-class
MULTI_REGIONAL
fastly-stats
io=1
content-length
78382
x-served-by
cache-bwi5151-BWI, cache-hhn4046-HHN
x-nyt-gcs-bucket
cms-gke-prd-publish-images-storage
server
UploadServer
x-timer
S1636158894.161632,VS0,VE1
etag
"yznNoPhpDjhHD+HI7xB77OJhWz1DLtAHm3r+z5MGg20"
vary
Accept
x-goog-hash
crc32c=tCHBkA==, md5=3PBfAwYJAf59tje4+dhAew==
content-type
image/webp
access-control-allow-origin
*
expires
Thu, 21 Oct 2021 17:06:11 GMT
cache-control
max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
accept-ranges
bytes
timing-allow-origin
*
x-cache-hits
1, 1
vendor-16c0ed8d57f729e175f0.js
la-iforgot.live/vi-assets/static-assets/
0
0
Script
General
Full URL
https://la-iforgot.live/vi-assets/static-assets/vendor-16c0ed8d57f729e175f0.js
Requested by
Host: la-iforgot.live
URL: https://la-iforgot.live/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
103.155.92.140 , Malaysia, ASN50867 (HOSTKEY-RU-AS, NL),
Reverse DNS
server1.kamon.la
Software
Apache /
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://la-iforgot.live/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date
Sat, 06 Nov 2021 00:32:23 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5, max=99
Content-Length
315
Content-Type
text/html; charset=iso-8859-1
story-b896e801778ca7df15f6.js
la-iforgot.live/vi-assets/static-assets/
0
0
Script
General
Full URL
https://la-iforgot.live/vi-assets/static-assets/story-b896e801778ca7df15f6.js
Requested by
Host: la-iforgot.live
URL: https://la-iforgot.live/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
103.155.92.140 , Malaysia, ASN50867 (HOSTKEY-RU-AS, NL),
Reverse DNS
server1.kamon.la
Software
Apache /
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://la-iforgot.live/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date
Sat, 06 Nov 2021 00:32:23 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5, max=100
Content-Length
315
Content-Type
text/html; charset=iso-8859-1
opinion-53e9ac2386b034b4f253.js
la-iforgot.live/vi-assets/static-assets/
0
0
Script
General
Full URL
https://la-iforgot.live/vi-assets/static-assets/opinion-53e9ac2386b034b4f253.js
Requested by
Host: la-iforgot.live
URL: https://la-iforgot.live/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
103.155.92.140 , Malaysia, ASN50867 (HOSTKEY-RU-AS, NL),
Reverse DNS
server1.kamon.la
Software
Apache /
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://la-iforgot.live/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date
Sat, 06 Nov 2021 00:32:23 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5, max=98
Content-Length
315
Content-Type
text/html; charset=iso-8859-1
main-e29443cf6c92a4985193.js
la-iforgot.live/vi-assets/static-assets/
0
0
Script
General
Full URL
https://la-iforgot.live/vi-assets/static-assets/main-e29443cf6c92a4985193.js
Requested by
Host: la-iforgot.live
URL: https://la-iforgot.live/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
103.155.92.140 , Malaysia, ASN50867 (HOSTKEY-RU-AS, NL),
Reverse DNS
server1.kamon.la
Software
Apache /
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://la-iforgot.live/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date
Sat, 06 Nov 2021 00:32:23 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5, max=98
Content-Length
315
Content-Type
text/html; charset=iso-8859-1
gtm.js
www.googletagmanager.com/
347 KB
0
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-P528B3&gtm_auth=tfAzqo1rYDLgYhmTnSjPqw&gtm_preview=env-130&gtm_cookies_win=x
Requested by
Host: la-iforgot.live
URL: https://la-iforgot.live/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://la-iforgot.live/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Sat, 06 Nov 2021 00:34:56 GMT
content-encoding
br
vary
*
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
97661
x-xss-protection
0
pragma
no-cache
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 01 Jan 1990 00:00:00 GMT
v2
samizdat-graphql.nytimes.com/graphql/ Frame
0
0
Preflight
General
Full URL
https://samizdat-graphql.nytimes.com/graphql/v2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.193.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
samizdat-graphql-0db0afa /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
content-type,nyt-app-type,nyt-app-version,nyt-token
Origin
https://la-iforgot.live
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

cache-control
max-age=30
server
samizdat-graphql-0db0afa
via
1.1 google, 1.1 varnish
accept-ranges
bytes
date
Sat, 06 Nov 2021 00:34:54 GMT
age
0
x-nyt-meridiem
AM
x-nyt-continent
EU
x-nyt-country
DE
x-nyt-region
BY
x-nyt-audience-target-flat
EU:AM
x-samizdat-query-exe-id
a0a9bd0b887af8c9
samizdat-x-instance
c9663f13
samizdat-x-canary
false
x-served-by
cache-hhn4074-HHN
x-cache
MISS
x-cache-hits
0
x-timer
S1636158894.176859,VS0,VE145
vary
Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers
timing-allow-origin
*
content-length
0
ATH8A-MAMN8-XPXCH-N5KAX-8D239
s.go-mpulse.net/boomerang/
205 KB
49 KB
Script
General
Full URL
https://s.go-mpulse.net/boomerang/ATH8A-MAMN8-XPXCH-N5KAX-8D239
Requested by
Host: la-iforgot.live
URL: https://la-iforgot.live/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2a02:26f0:1700:391::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
09ebd7f407439990aac227e70da23e1a819e8e30282928e324370805f480bec4

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://la-iforgot.live/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Sat, 06 Nov 2021 00:34:54 GMT
content-encoding
br
last-modified
Thu, 07 Oct 2021 14:21:31 GMT
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
max-age=604800
timing-allow-origin
*
content-length
50393
track
a.et.nytimes.com/
0
0
Ping
General
Full URL
https://a.et.nytimes.com/track
Requested by
Host: la-iforgot.live
URL: https://la-iforgot.live/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.74.211 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s02-in-f19.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://la-iforgot.live/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

v2
samizdat-graphql.nytimes.com/graphql/
0
0

swg.js
news.google.com/swg/js/v1/
155 KB
47 KB
Script
General
Full URL
https://news.google.com/swg/js/v1/swg.js
Requested by
Host: la-iforgot.live
URL: https://la-iforgot.live/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ea390a1cee52abebea3ae394e6ce4f18d3b34bca61ac934805be7a417a40d4fc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://la-iforgot.live/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Sat, 06 Nov 2021 00:23:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
659
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/news-frontend
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
47132
x-xss-protection
0
last-modified
Wed, 03 Nov 2021 17:26:21 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="news-frontend"
vary
Accept-Encoding
report-to
{"group":"news-frontend","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/news-frontend"}]}
content-type
text/javascript
cache-control
public, max-age=3000
accept-ranges
bytes
expires
Sat, 06 Nov 2021 01:13:56 GMT
gpt.js
securepubads.g.doubleclick.net/tag/js/
79 KB
27 KB
Script
General
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: la-iforgot.live
URL: https://la-iforgot.live/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s07-in-f2.1e100.net
Software
sffe /
Resource Hash
6716e7c9082bd0a706128a88da56548b13172dbd0acbf72fd13d391dc6fd2ba0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://la-iforgot.live/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Sat, 06 Nov 2021 00:34:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1035 / 119 of 1000 / last-modified: 1636149938"
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
27044
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Sat, 06 Nov 2021 00:34:54 GMT
als
als-svc.nytimes.com/
0
0

grumi-ip.js
rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/
11 KB
5 KB
Script
General
Full URL
https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi-ip.js
Requested by
Host: la-iforgot.live
URL: https://la-iforgot.live/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:a800:4:b37b:9440:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
4dc4abcd99f7976c1a0938575631974c55fa42bf76681e84ca56aeea3180966e

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://la-iforgot.live/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Fri, 05 Nov 2021 23:55:03 GMT
content-encoding
br
last-modified
Sun, 20 Jun 2021 12:01:44 GMT
server
AmazonS3
age
2391
etag
W/"1f2e2e253216d7dc0988459b5390d3aa"
vary
Accept-Encoding
x-cache
Hit from cloudfront
x-amz-version-id
UgidX3YBxLDhdBNvPnb6SUmetVWhuwbo
via
1.1 bee9d99ac2913ec4167e166e6bdb691e.cloudfront.net (CloudFront)
cache-control
public, max-age: 14400, stale-while-revalidate=14400, immutable
x-amz-cf-pop
FRA50-C1
content-type
application/javascript
x-amz-cf-id
chThJwXho-6iHXN0qcYWuGy9TSKfeWgSDUshZ8qj5haM-w2K_hPaqA==
bidexchange.js
contextual.media.net/
423 KB
96 KB
Script
General
Full URL
https://contextual.media.net/bidexchange.js?cid=8CU2553YN&dn=www.nytimes.com&https=1
Requested by
Host: la-iforgot.live
URL: https://la-iforgot.live/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-93.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
a3f825bc3ef7a82cae015dfae5a5df6db55d64c6c7968656727bbac7169013ea
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://la-iforgot.live/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security
max-age=604800
content-encoding
gzip
server
Apache
date
Sat, 06 Nov 2021 00:34:54 GMT
vary
Accept-Encoding
x-mnet-h
E
content-type
text/javascript; charset=utf-8
cache-control
max-age=1800
expires
Sat, 06 Nov 2021 01:04:54 GMT
apstag.js
c.amazon-adsystem.com/aax2/
133 KB
36 KB
Script
General
Full URL
https://c.amazon-adsystem.com/aax2/apstag.js
Requested by
Host: la-iforgot.live
URL: https://la-iforgot.live/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.95.188 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-95-188.fra50.r.cloudfront.net
Software
Server /
Resource Hash
973fe12f5130be123a73261e3956030b8a1c380f8cd8234e319b51bda6892898

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://la-iforgot.live/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Sat, 06 Nov 2021 00:34:42 GMT
content-encoding
gzip
age
12
x-cache
Hit from cloudfront
timing-allow-origin
*
server
Server
x-amz-rid
0H364CG5X9F6FKC8890T
etag
fc2e1be4d234471752ea2ebee7e63d1e
vary
Accept-Encoding
x-amz-version-id
okBBdl4mniljyIhAB_yWlERThSsUPvbQ
via
1.1 fb8c0300277bd0137c1693d3d64ab550.cloudfront.net (CloudFront)
cache-control
public, max-age=900
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
UDbmz0tSDvxlb9PorNy47RYJ8YBUs9sjvukflrs5uG7rgbLbDEmLHA==
.status
a.et.nytimes.com//
0
0
Fetch
General
Full URL
https://a.et.nytimes.com//.status
Requested by
Host: la-iforgot.live
URL: https://la-iforgot.live/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.74.211 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s02-in-f19.1e100.net
Software
/
Resource Hash

Request headers

accept
*/*
Referer
https://la-iforgot.live/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
content-type
text/plain;charset=UTF-8

Response headers

icon-whatsapp-17x17-000-b100d38495ee541e2e4f30bcaf9bfe0c.svg
la-iforgot.live/vi-assets/static-assets/
315 B
315 B
Image
General
Full URL
https://la-iforgot.live/vi-assets/static-assets/icon-whatsapp-17x17-000-b100d38495ee541e2e4f30bcaf9bfe0c.svg
Requested by
Host: la-iforgot.live
URL: https://la-iforgot.live/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
103.155.92.140 , Malaysia, ASN50867 (HOSTKEY-RU-AS, NL),
Reverse DNS
server1.kamon.la
Software
Apache /
Resource Hash
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://la-iforgot.live/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date
Sat, 06 Nov 2021 00:32:23 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5, max=99
Content-Length
315
Content-Type
text/html; charset=iso-8859-1
franklin-normal-500.d6c06a3d84a57100edad5bf9b84ff739.woff2
g1.nyt.com/fonts/family/franklin/
19 KB
20 KB
Font
General
Full URL
https://g1.nyt.com/fonts/family/franklin/franklin-normal-500.d6c06a3d84a57100edad5bf9b84ff739.woff2
Requested by
Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.b1c035e4560e0216caf8f03326e0430712b61041.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.193.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
UploadServer /
Resource Hash
1c7536005d0e28de66f559cbd59e83e9c5c4301553668cbbb8cb0dfa753e33c6

Request headers

Referer
https://g1.nyt.com/fonts/css/web-fonts.b1c035e4560e0216caf8f03326e0430712b61041.css
Origin
https://la-iforgot.live
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

x-goog-hash
crc32c=ImeYUg==, md5=1sBqPYSlcQDtrVv5uE/3OQ==
date
Sat, 06 Nov 2021 00:34:54 GMT
via
1.1 varnish
content-type
application/octet-stream
age
2595158
x-guploader-uploadid
ADPycdv_daBJz1GMbDv51CbbcmgvIEki9m2Vbyc2RlpNHfjikXqOwydbx02JYNMon2CphKiQnbieVibYJ2n6-cIuvVY
x-cache
HIT
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
content-length
19836
x-served-by
cache-hhn4029-HHN
accept-ranges
bytes
expires
Thu, 06 Oct 2022 23:42:16 GMT
last-modified
Wed, 15 Sep 2021 19:43:04 GMT
server
UploadServer
x-timer
S1636158894.190682,VS0,VE0
etag
"d6c06a3d84a57100edad5bf9b84ff739"
access-control-allow-methods
GET, OPTIONS
x-goog-generation
1631734984052902
access-control-allow-origin
*
access-control-expose-headers
Content-Type
cache-control
public,max-age=31536000,immutable
x-goog-stored-content-length
19836
x-nyt-pagetype
web-font
timing-allow-origin
*
x-cache-hits
47927
franklin-normal-700.b44c88f09ca7ce914b836d4ae72891b8.woff2
g1.nyt.com/fonts/family/franklin/
20 KB
20 KB
Font
General
Full URL
https://g1.nyt.com/fonts/family/franklin/franklin-normal-700.b44c88f09ca7ce914b836d4ae72891b8.woff2
Requested by
Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.b1c035e4560e0216caf8f03326e0430712b61041.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.193.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
UploadServer /
Resource Hash
156f9b4a184dd0f31c929ce45c89e94a07148f97fc371cc7fde39ff04b706b57

Request headers

Referer
https://g1.nyt.com/fonts/css/web-fonts.b1c035e4560e0216caf8f03326e0430712b61041.css
Origin
https://la-iforgot.live
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

x-goog-hash
crc32c=PQVxAw==, md5=tEyI8JynzpFLg21K5yiRuA==
date
Sat, 06 Nov 2021 00:34:54 GMT
via
1.1 varnish
content-type
application/octet-stream
age
2477074
x-guploader-uploadid
ADPycduMrvbBtYoR0wp-qirK7m-M3mZFTMbWH7wNSL00Vn51TGt14qtQGnmEr5pCiVOi3kd9wekVLJCLVjeFFTxE7V0dKkwcdw
x-cache
HIT
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
content-length
20312
x-served-by
cache-hhn4029-HHN
accept-ranges
bytes
expires
Sat, 08 Oct 2022 08:30:20 GMT
last-modified
Wed, 15 Sep 2021 19:43:04 GMT
server
UploadServer
x-timer
S1636158894.191175,VS0,VE0
etag
"b44c88f09ca7ce914b836d4ae72891b8"
access-control-allow-methods
GET, OPTIONS
x-goog-generation
1631734984061911
access-control-allow-origin
*
access-control-expose-headers
Content-Type
cache-control
public,max-age=31536000,immutable
x-goog-stored-content-length
20312
x-nyt-pagetype
web-font
timing-allow-origin
*
x-cache-hits
47258
cheltenham-normal-400.a3ed7afe3eaa0a873f3fbd379f8c491b.woff2
g1.nyt.com/fonts/family/cheltenham/
28 KB
29 KB
Font
General
Full URL
https://g1.nyt.com/fonts/family/cheltenham/cheltenham-normal-400.a3ed7afe3eaa0a873f3fbd379f8c491b.woff2
Requested by
Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.b1c035e4560e0216caf8f03326e0430712b61041.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.193.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
UploadServer /
Resource Hash
48c17df8a89e5c3acb4127a265cce50218716f0dfdf7ad265267d4a013f01b2f

Request headers

Referer
https://g1.nyt.com/fonts/css/web-fonts.b1c035e4560e0216caf8f03326e0430712b61041.css
Origin
https://la-iforgot.live
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

x-goog-hash
crc32c=qrdFGQ==, md5=o+16/j6qCoc/P703n4xJGw==
date
Sat, 06 Nov 2021 00:34:54 GMT
via
1.1 varnish
content-type
application/octet-stream
age
6542438
x-guploader-uploadid
ADPycduWewO8INHWShUuSlcqHSBkJA4-_JP2G-iiGmI3ZpQUHH9LMPyPLOXQN_5_yY5dQXt8vBNLq0XQj2wOuABqPhOkE6CsCA
x-cache
HIT
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
content-length
29076
x-served-by
cache-hhn4029-HHN
accept-ranges
bytes
expires
Mon, 22 Aug 2022 07:14:15 GMT
last-modified
Wed, 21 Jul 2021 17:23:53 GMT
server
UploadServer
x-timer
S1636158894.191031,VS0,VE0
etag
"a3ed7afe3eaa0a873f3fbd379f8c491b"
access-control-allow-methods
GET, OPTIONS
x-goog-generation
1626888233197339
access-control-allow-origin
*
access-control-expose-headers
Content-Type
cache-control
public,max-age=31536000,immutable
x-goog-stored-content-length
29076
x-nyt-pagetype
web-font
timing-allow-origin
*
x-cache-hits
31623
cheltenham-small-normal-400.108ce298d451197b23fefceb3e36959f.woff2
g1.nyt.com/fonts/family/cheltenham-small/
20 KB
20 KB
Font
General
Full URL
https://g1.nyt.com/fonts/family/cheltenham-small/cheltenham-small-normal-400.108ce298d451197b23fefceb3e36959f.woff2
Requested by
Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.b1c035e4560e0216caf8f03326e0430712b61041.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.193.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
UploadServer /
Resource Hash
7e600a56d48ef1c596bf57dab35afecd2d31a8d2672b045efdde1fec1a0f0f07

Request headers

Referer
https://g1.nyt.com/fonts/css/web-fonts.b1c035e4560e0216caf8f03326e0430712b61041.css
Origin
https://la-iforgot.live
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

x-goog-hash
crc32c=jpfQKQ==, md5=EIzimNRRGXsj/vzrPjaVnw==
date
Sat, 06 Nov 2021 00:34:54 GMT
via
1.1 varnish
content-type
font/woff2
age
10024206
x-guploader-uploadid
ADPycdsgqMmwwuQ9Cio_j-du_R2MtI2plPY8V4UxrJLKWz4ZKAbyBhzu1A2wqG0zMPcPQVtqmhc3hvz4eQYC8EiHIZw
x-cache
HIT
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
content-length
20136
x-served-by
cache-hhn4029-HHN
accept-ranges
bytes
expires
Wed, 13 Jul 2022 00:04:48 GMT
last-modified
Tue, 06 Apr 2021 21:11:52 GMT
server
UploadServer
x-timer
S1636158894.190949,VS0,VE0
etag
"108ce298d451197b23fefceb3e36959f"
access-control-allow-methods
GET, OPTIONS
x-goog-generation
1617743512330182
access-control-allow-origin
*
access-control-expose-headers
Content-Type
cache-control
public,max-age=31536000,immutable
x-goog-stored-content-length
20136
x-nyt-pagetype
web-font
timing-allow-origin
*
x-cache-hits
27343
franklin-normal-300.bc7be4c5d8cacb780f896c5cbe0c0d7f.woff2
g1.nyt.com/fonts/family/franklin/
20 KB
20 KB
Font
General
Full URL
https://g1.nyt.com/fonts/family/franklin/franklin-normal-300.bc7be4c5d8cacb780f896c5cbe0c0d7f.woff2
Requested by
Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.b1c035e4560e0216caf8f03326e0430712b61041.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.193.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
UploadServer /
Resource Hash
254043432874ecaf0cf3d6d69907109b373057290d615453060544935d1cb8b9

Request headers

Referer
https://g1.nyt.com/fonts/css/web-fonts.b1c035e4560e0216caf8f03326e0430712b61041.css
Origin
https://la-iforgot.live
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

x-goog-hash
crc32c=XjpPGQ==, md5=vHvkxdjKy3gPiWxcvgwNfw==
date
Sat, 06 Nov 2021 00:34:54 GMT
via
1.1 varnish
content-type
application/octet-stream
age
4405031
x-guploader-uploadid
ADPycdtA5qf1miKHQKw3DLbR2msQlAHb9KQxXvuN0fQN94Q7QilUNrpiQ7oc8c5IQFGUbg1K5krqS15lTWf0gmca7Q
x-cache
HIT
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
content-length
20172
x-served-by
cache-hhn4029-HHN
accept-ranges
bytes
expires
Fri, 16 Sep 2022 00:57:43 GMT
last-modified
Wed, 15 Sep 2021 19:43:04 GMT
server
UploadServer
x-timer
S1636158894.191334,VS0,VE0
etag
"bc7be4c5d8cacb780f896c5cbe0c0d7f"
access-control-allow-methods
GET, OPTIONS
x-goog-generation
1631734983906454
access-control-allow-origin
*
access-control-expose-headers
Content-Type
cache-control
public,max-age=31536000,immutable
x-goog-stored-content-length
20172
x-nyt-pagetype
web-font
timing-allow-origin
*
x-cache-hits
43437
cheltenham-normal-300.7ea91ebd036309e1fe756ee3aab272da.woff2
g1.nyt.com/fonts/family/cheltenham/
27 KB
27 KB
Font
General
Full URL
https://g1.nyt.com/fonts/family/cheltenham/cheltenham-normal-300.7ea91ebd036309e1fe756ee3aab272da.woff2
Requested by
Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.b1c035e4560e0216caf8f03326e0430712b61041.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.193.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
UploadServer /
Resource Hash
e444fdaa833e612d239cf21a335b8322ad8cb7c7ba697ec978bdb454f5059519

Request headers

Referer
https://g1.nyt.com/fonts/css/web-fonts.b1c035e4560e0216caf8f03326e0430712b61041.css
Origin
https://la-iforgot.live
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

x-goog-hash
crc32c=rNQ9pA==, md5=fqkevQNjCeH+dW7jqrJy2g==
date
Sat, 06 Nov 2021 00:34:54 GMT
via
1.1 varnish
content-type
application/octet-stream
age
3191251
x-guploader-uploadid
ADPycdvywJ4BKP_DCf7QUQWm7Aqil85Rp3FJyYA6kcqIMyL5v7LRWpwqD4TRfY6wrzKuk1yap4Vk5DdpQdfFTVjPQV8
x-cache
HIT
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
content-length
27260
x-served-by
cache-hhn4029-HHN
accept-ranges
bytes
expires
Fri, 30 Sep 2022 02:07:23 GMT
last-modified
Wed, 15 Sep 2021 19:43:02 GMT
server
UploadServer
x-timer
S1636158894.190851,VS0,VE0
etag
"7ea91ebd036309e1fe756ee3aab272da"
access-control-allow-methods
GET, OPTIONS
x-goog-generation
1631734982738365
access-control-allow-origin
*
access-control-expose-headers
Content-Type
cache-control
public,max-age=31536000,immutable
x-goog-stored-content-length
27260
x-nyt-pagetype
web-font
timing-allow-origin
*
x-cache-hits
28265
cheltenham-cond-normal-700.9d3e47dbcdfcd125da0457426ac86b9b.woff2
g1.nyt.com/fonts/family/cheltenham-cond/
27 KB
28 KB
Font
General
Full URL
https://g1.nyt.com/fonts/family/cheltenham-cond/cheltenham-cond-normal-700.9d3e47dbcdfcd125da0457426ac86b9b.woff2
Requested by
Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.b1c035e4560e0216caf8f03326e0430712b61041.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.193.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
UploadServer /
Resource Hash
2c082aba999e16f4c51a223ab4fb7c72946832b9c176c3ee8fb25ae77d9a152a

Request headers

Referer
https://g1.nyt.com/fonts/css/web-fonts.b1c035e4560e0216caf8f03326e0430712b61041.css
Origin
https://la-iforgot.live
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

x-goog-hash
crc32c=0CLEpg==, md5=nT5H28380SXaBFdCashrmw==
date
Sat, 06 Nov 2021 00:34:54 GMT
via
1.1 varnish
content-type
application/octet-stream
age
4407165
x-guploader-uploadid
ADPycdsIYrntgB5DoDe9tgam8dI5LXqO1kq0invbQrUdIo8RzUfSJFNKo-pmfA0sjulFrkVYUWBS3BV2iQ4uqeyl8y0
x-cache
HIT
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
content-length
27900
x-served-by
cache-hhn4029-HHN
accept-ranges
bytes
expires
Fri, 16 Sep 2022 00:22:09 GMT
last-modified
Wed, 15 Sep 2021 19:43:03 GMT
server
UploadServer
x-timer
S1636158894.191257,VS0,VE0
etag
"9d3e47dbcdfcd125da0457426ac86b9b"
access-control-allow-methods
GET, OPTIONS
x-goog-generation
1631734983078895
access-control-allow-origin
*
access-control-expose-headers
Content-Type
cache-control
public,max-age=31536000,immutable
x-goog-stored-content-length
27900
x-nyt-pagetype
web-font
timing-allow-origin
*
x-cache-hits
13108
imperial-normal-400.6131cd77b6e216c7693ed925f4309ffc.woff2
g1.nyt.com/fonts/family/imperial/
26 KB
26 KB
Font
General
Full URL
https://g1.nyt.com/fonts/family/imperial/imperial-normal-400.6131cd77b6e216c7693ed925f4309ffc.woff2
Requested by
Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.b1c035e4560e0216caf8f03326e0430712b61041.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.193.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
UploadServer /
Resource Hash
b32e3879c83af441e675efa49587cb894bdd3c10420475f79879fbfb7a69766b

Request headers

Referer
https://g1.nyt.com/fonts/css/web-fonts.b1c035e4560e0216caf8f03326e0430712b61041.css
Origin
https://la-iforgot.live
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

x-goog-hash
crc32c=ZzOuxA==, md5=YTHNd7biFsdpPtkl9DCf/A==
date
Sat, 06 Nov 2021 00:34:54 GMT
via
1.1 varnish
content-type
application/octet-stream
age
2594147
x-guploader-uploadid
ADPycduZPMCVdq1KgLg68mA4QWBKvNQehEpyEDdHEzNNJsRLcocsGMSwOLUfX9gYoUOFHdpZmURVmti4u4mLFHPGLSD_VDLdjQ
x-cache
HIT
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
content-length
26504
x-served-by
cache-hhn4029-HHN
accept-ranges
bytes
expires
Thu, 06 Oct 2022 23:59:07 GMT
last-modified
Wed, 15 Sep 2021 19:43:04 GMT
server
UploadServer
x-timer
S1636158894.191110,VS0,VE0
etag
"6131cd77b6e216c7693ed925f4309ffc"
access-control-allow-methods
GET, OPTIONS
x-goog-generation
1631734984460387
access-control-allow-origin
*
access-control-expose-headers
Content-Type
cache-control
public,max-age=31536000,immutable
x-goog-stored-content-length
26504
x-nyt-pagetype
web-font
timing-allow-origin
*
x-cache-hits
45216
prefetch-assets
myaccount.nytimes.com/auth/ Frame E78B
393 B
744 B
Document
General
Full URL
https://myaccount.nytimes.com/auth/prefetch-assets
Requested by
Host: la-iforgot.live
URL: https://la-iforgot.live/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.193.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Google Frontend / Express
Resource Hash
d66323c00bb7fbb0a5dd1c1e9af34129d7ba5b3050fa5b7a39e0fda361c2e352
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://la-iforgot.live/

Response headers

content-type
text/html; charset=utf-8
x-powered-by
Express
x-datadog-trace-id
932663498586599831
x-datadog-parent-id
932663498586599831
x-datadog-sampled
0
x-datadog-sampling-priority
-1
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
public, max-age=600
x-content-type-options
nosniff
x-nyt-backend
lire-ui
etag
W/"189-sZXBBShm9yU/2YuOCsTYXxoABUU"
content-encoding
gzip
x-cloud-trace-context
23d8f95e2ead969fb80dae064a9a77dd
server
Google Frontend
x-datadome-timer
(null),VE119
accept-ranges
bytes
date
Sat, 06 Nov 2021 00:34:54 GMT
via
1.1 varnish
age
519
x-served-by
cache-hhn4046-HHN
x-cache
HIT
x-cache-hits
5
vary
Accept-Encoding
x-api-version
F-X
content-length
276
grumi.js
rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/
338 KB
110 KB
Script
General
Full URL
https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi-ip.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:a800:4:b37b:9440:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
3cd62cee482792b0e5dcc9b45aa1ad0b589e84a8a9f0d694b877687f17ec4d52

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://la-iforgot.live/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Sat, 06 Nov 2021 00:25:02 GMT
content-encoding
br
last-modified
Fri, 05 Nov 2021 23:44:02 GMT
server
AmazonS3
age
593
etag
W/"6c23e1ff6f3c0b463eeeac274908ce44"
vary
Accept-Encoding
x-cache
Hit from cloudfront
x-amz-version-id
r15PyTUw3JONwkhKyKGWyUvptuk2yELa
via
1.1 bee9d99ac2913ec4167e166e6bdb691e.cloudfront.net (CloudFront)
cache-control
public,max-age=1800,stale-while-revalidate=3600,immutable,must-revalidate
x-amz-cf-pop
FRA50-C1
content-type
text/javascript
x-amz-cf-id
_pJ6ziZxuQoGRTeYx2SXX-7AQTTaYI8yBZOlWxRHb-cNspHqztxKZg==
config
c.amazon-adsystem.com/cdn/prod/
0
303 B
XHR
General
Full URL
https://c.amazon-adsystem.com/cdn/prod/config?src=3030&u=https%3A%2F%2Fla-iforgot.live%2F
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.95.188 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-95-188.fra50.r.cloudfront.net
Software
Server /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://la-iforgot.live/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Sat, 06 Nov 2021 00:34:53 GMT
via
1.1 fb8c0300277bd0137c1693d3d64ab550.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
FRA50-C1
x-cache
Miss from cloudfront
access-control-allow-origin
https://la-iforgot.live
cache-control
max-age=21550, s-maxage=21600
access-control-allow-credentials
true
x-amz-cf-id
SuJZpoQIN67ln5YEqqIrO4WLsWzgznHutbQAJVioaHm_tfvSThp3TA==
aps_csm.js
c.amazon-adsystem.com/bao-csm/aps-comm/
6 KB
3 KB
XHR
General
Full URL
https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.95.188 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-95-188.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://la-iforgot.live/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Sat, 06 Nov 2021 00:34:55 GMT
content-encoding
gzip
vary
Accept-Encoding,Origin
x-amz-cf-pop
FRA50-C1
x-cache
Miss from cloudfront
access-control-allow-origin
*
last-modified
Thu, 07 Oct 2021 01:02:33 GMT
server
AmazonS3
etag
W/"a4d296427fc806b21335359e398c025c"
access-control-max-age
3000
access-control-allow-methods
GET
x-amz-version-id
c91ZTIbLZrDqT0mloV_AD7.LNsTlhW69
via
1.1 009e5e3e32afcd1d135a7234c9da5521.cloudfront.net (CloudFront)
cache-control
public, max-age=86400
content-type
application/javascript
x-amz-cf-id
8UJ0EoBbFD5kMisl6Q9LisrGloSP8uqCwbCxj63CbowrwXRACNZtQw==
index.js
myaccount.nytimes.com/lire_ui/js/common/abra/ Frame E78B
2 KB
1 KB
Script
General
Full URL
https://myaccount.nytimes.com/lire_ui/js/common/abra/index.js
Requested by
Host: myaccount.nytimes.com
URL: https://myaccount.nytimes.com/auth/prefetch-assets
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.193.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Google Frontend /
Resource Hash
182331bf2d6618498776e7ea1d47fea5bc968c4ebcc0de38e1b2129f610b28e6

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://myaccount.nytimes.com/auth/prefetch-assets
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Sat, 06 Nov 2021 00:34:54 GMT
content-encoding
gzip
x-api-version
F-X
age
433
x-cache
HIT
x-cache-hits
5
content-length
1252
x-served-by
cache-hhn4046-HHN
server
Google Frontend
etag
"6dWG6w"
content-type
application/javascript
via
1.1 varnish
x-cloud-trace-context
612c50ba73a50346f5d695f5ef4f7b78
cache-control
public, max-age=600
x-datadome-timer
(null),VE115
accept-ranges
bytes
x-nyt-backend
lire-ui
expires
Fri, 05 Nov 2021 21:27:25 GMT
unified-lire.bundle.js
myaccount.nytimes.com/lire_ui/js/ Frame E78B
393 KB
133 KB
Script
General
Full URL
https://myaccount.nytimes.com/lire_ui/js/unified-lire.bundle.js?v=ac4af4f
Requested by
Host: myaccount.nytimes.com
URL: https://myaccount.nytimes.com/auth/prefetch-assets
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.193.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Google Frontend /
Resource Hash
70ac07a344cdbafad3e6c82c0aad7149c547e74cf74ac26928b5c101c54efb75

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://myaccount.nytimes.com/auth/prefetch-assets
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Sat, 06 Nov 2021 00:34:54 GMT
content-encoding
gzip
x-api-version
F-X
age
246
x-cache
HIT
x-cache-hits
3
content-length
136266
x-served-by
cache-hhn4046-HHN
server
Google Frontend
etag
"6dWG6w"
content-type
application/javascript
via
1.1 varnish
x-cloud-trace-context
21d528179f224335285e6d71f6a264ce
cache-control
public, max-age=600
x-datadome-timer
(null),VE152
accept-ranges
bytes
x-nyt-backend
lire-ui
expires
Wed, 03 Nov 2021 19:31:00 GMT
log
hblg.media.net/
35 B
194 B
Image
General
Full URL
https://hblg.media.net/log?logid=kfk&evtid=flog&itype=HB&adt=desktop&cid=8CU2553YN&ct=FRANKFURT&cc=DE&ugd=4&app=0&pht=1200&pid=8PRL4E7N3&dn=la-iforgot.live&servname=ssp-serving-6585669d88-h9bm6&svr=110212_302_110212_270_ssp&sc=HE&version=4&vh=1200&vw=1600&vsid=&vid=00001636158894355031177838088288&sspAbBucket=CONTROL&lw=1&dapp=green&itypeid=1&sd=1&adbd=0&npa=0&gdpr_enf=1&csex=0&gdfstr=Y-N&gdpr=1&csstr=&tcf_cmp=&tcf_status=&tcf_prp=&suc=0&usp_enf=1&usp_status=0&usp_ldf=&usp_string=&ufca=-1&coppa_status=&coppa_applied=&id_details=&abte=SSP_CLIENT&rtype=&lbr=0&mnkv=&pabte=&pc=&ccat=&floc_id=&floc_ver=&gfundl=400&gtd=401&inid=&ngfundl=800&rdl=800&a=0&r=209&lper=1&requrl=https%3A%2F%2Fla-iforgot.live%2F&kwrf=
Requested by
Host: la-iforgot.live
URL: https://la-iforgot.live/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-93.deploy.static.akamaitechnologies.com
Software
Jetty(9.4.35.v20201120) /
Resource Hash
796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://la-iforgot.live/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 06 Nov 2021 00:34:54 GMT
server
Jetty(9.4.35.v20201120)
content-type
image/gif
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
content-length
35
expires
Sat, 06 Nov 2021 00:34:54 GMT
pubads_impl_2021110201.js
securepubads.g.doubleclick.net/gpt/
346 KB
116 KB
Script
General
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021110201.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi-ip.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s07-in-f2.1e100.net
Software
sffe /
Resource Hash
50ad3a273dd7803066fae0fb2e4eec57cdfb969f449d86309527578d7e08d249
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://la-iforgot.live/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Sat, 06 Nov 2021 00:34:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
118932
x-xss-protection
0
last-modified
Tue, 02 Nov 2021 08:34:31 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
private, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Sat, 06 Nov 2021 00:34:54 GMT
ppub_config
securepubads.g.doubleclick.net/pagead/
34 B
74 B
XHR
General
Full URL
https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=la-iforgot.live
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s07-in-f2.1e100.net
Software
cafe /
Resource Hash
beb428894efd807561bf32aea1d9e684092090c78a92abb521e2a4627757e46d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://la-iforgot.live/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 06 Nov 2021 00:34:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
50
x-xss-protection
0
expires
Sat, 06 Nov 2021 00:34:54 GMT
config.json
c.go-mpulse.net/api/
68 B
346 B
XHR
General
Full URL
https://c.go-mpulse.net/api/config.json?key=ATH8A-MAMN8-XPXCH-N5KAX-8D239&d=la-iforgot.live&t=5453863&v=1.720.0&sl=0&si=ae878af0-319d-48f2-a534-e632c28d9012-r24ka5&plugins=ConfigOverride,Continuity,PageParams,IFrameDelay,AutoXHR,SPA,History,Angular,Backbone,Ember,RT,CrossDomain,BW,PaintTiming,NavigationTiming,ResourceTiming,Memory,CACHE_RELOAD,Errors,TPAnalytics,UserTiming,Akamai,Early,EventTiming,LOGN&acao=
Requested by
Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/ATH8A-MAMN8-XPXCH-N5KAX-8D239
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2a02:26f0:64:6b5::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
3217a6955b600825965f424d1cf73bc156ade880bcb4e16760cfe1771e2da89e

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://la-iforgot.live/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Sat, 06 Nov 2021 00:34:54 GMT
Cache-Control
public, max-age=300, stale-while-revalidate=60, stale-if-error=120
Connection
keep-alive
Timing-Allow-Origin
*
Content-Length
68
Content-Type
application/json
swg-button.css
news.google.com/swg/js/v1/
21 KB
6 KB
Stylesheet
General
Full URL
https://news.google.com/swg/js/v1/swg-button.css
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi-ip.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
128921b242c2b1953c2a1691cfd681f716ecbe620ec1a2424a644b9487c23760
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://la-iforgot.live/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Sat, 06 Nov 2021 00:02:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1930
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/news-frontend
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6439
x-xss-protection
0
last-modified
Wed, 03 Nov 2021 17:26:21 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="news-frontend"
vary
Accept-Encoding
report-to
{"group":"news-frontend","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/news-frontend"}]}
content-type
text/css
cache-control
public, max-age=3000
accept-ranges
bytes
expires
Sat, 06 Nov 2021 00:52:51 GMT
serviceiframe
news.google.com/swg/_/ui/v1/ Frame EAAA
23 KB
8 KB
Document
General
Full URL
https://news.google.com/swg/_/ui/v1/serviceiframe?_=454488
Requested by
Host: news.google.com
URL: https://news.google.com/swg/js/v1/swg.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e2fdd6a14fae898128ff331c142a6a743a6adc0560bb2dbc80a4b2482de3d702
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-CIiQBsvX+d6sZeUNloPWVQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/SubscribewithgoogleClientUi/cspreport;worker-src 'self' script-src 'nonce-CIiQBsvX+d6sZeUNloPWVQ' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com;report-uri /_/SubscribewithgoogleClientUi/cspreport require-trusted-types-for 'script';report-uri /_/SubscribewithgoogleClientUi/cspreport
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://la-iforgot.live/

Response headers

content-type
text/html; charset=utf-8
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-ua-compatible
IE=edge
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Sat, 06 Nov 2021 00:35:01 GMT
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
strict-transport-security
max-age=31536000
content-security-policy
script-src 'report-sample' 'nonce-CIiQBsvX+d6sZeUNloPWVQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/SubscribewithgoogleClientUi/cspreport;worker-src 'self' script-src 'nonce-CIiQBsvX+d6sZeUNloPWVQ' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com;report-uri /_/SubscribewithgoogleClientUi/cspreport require-trusted-types-for 'script';report-uri /_/SubscribewithgoogleClientUi/cspreport
cross-origin-resource-policy
same-site
content-encoding
gzip
server
ESF
x-xss-protection
0
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
loader.svg
news.google.com/swg/js/v1/
0
1 KB
Other
General
Full URL
https://news.google.com/swg/js/v1/loader.svg
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi-ip.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://la-iforgot.live/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Sat, 06 Nov 2021 00:05:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1788
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/news-frontend
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1049
x-xss-protection
0
last-modified
Mon, 16 Mar 2020 18:14:05 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"news-frontend","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/news-frontend"}]}
content-type
image/svg+xml
cache-control
public, max-age=3000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="news-frontend"
expires
Sat, 06 Nov 2021 00:55:13 GMT
entitlements
news.google.com/swg/_/api/v1/publication/nytimes.com/
0
0

cspreport
news.google.com/_/SubscribewithgoogleClientUi/ Frame EAAA
0
22 B
Other
General
Full URL
https://news.google.com/_/SubscribewithgoogleClientUi/cspreport
Requested by
Host: la-iforgot.live
URL: https://la-iforgot.live/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-7hJEUWB91NFKlCkBUt4xPQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/SubscribewithgoogleClientUi/cspreport;worker-src 'self', script-src 'nonce-7hJEUWB91NFKlCkBUt4xPQ' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com;report-uri /_/SubscribewithgoogleClientUi/cspreport, require-trusted-types-for 'script';report-uri /_/SubscribewithgoogleClientUi/cspreport
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://news.google.com/swg/_/ui/v1/serviceiframe?_=454488
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type
application/csp-report

Response headers

pragma
no-cache
date
Sat, 06 Nov 2021 00:35:03 GMT
x-content-type-options
nosniff
server
ESF
x-frame-options
SAMEORIGIN
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'report-sample' 'nonce-7hJEUWB91NFKlCkBUt4xPQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/SubscribewithgoogleClientUi/cspreport;worker-src 'self', script-src 'nonce-7hJEUWB91NFKlCkBUt4xPQ' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com;report-uri /_/SubscribewithgoogleClientUi/cspreport, require-trusted-types-for 'script';report-uri /_/SubscribewithgoogleClientUi/cspreport
strict-transport-security
max-age=31536000
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Mon, 01 Jan 1990 00:00:00 GMT
swg-button.css
news.google.com/swg/js/v1/ Frame EAAA
21 KB
6 KB
Stylesheet
General
Full URL
https://news.google.com/swg/js/v1/swg-button.css
Requested by
Host: news.google.com
URL: https://news.google.com/swg/_/ui/v1/serviceiframe?_=454488
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
128921b242c2b1953c2a1691cfd681f716ecbe620ec1a2424a644b9487c23760
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://news.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Sat, 06 Nov 2021 00:02:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1932
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/news-frontend
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6439
x-xss-protection
0
last-modified
Wed, 03 Nov 2021 17:26:21 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="news-frontend"
vary
Accept-Encoding
report-to
{"group":"news-frontend","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/news-frontend"}]}
content-type
text/css
cache-control
public, max-age=3000
accept-ranges
bytes
expires
Sat, 06 Nov 2021 00:52:51 GMT
m=_b,_tp
www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.rzR5idIYoeY.es5.O/am=AgAE/d=1/excm=_b,_tp,serviceiframeview/ed=1/dg=0/wt=2/esmo=1/rs=ABXT... Frame EAAA
158 KB
56 KB
Script
General
Full URL
https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.rzR5idIYoeY.es5.O/am=AgAE/d=1/excm=_b,_tp,serviceiframeview/ed=1/dg=0/wt=2/esmo=1/rs=ABXTjI5uBk8J-qapjX4PZA5ULnWMWOLEOQ/m=_b,_tp
Requested by
Host: news.google.com
URL: https://news.google.com/swg/_/ui/v1/serviceiframe?_=454488
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e37155f596d4bcd9653eb5a65a20896c1e1a1d64bb3f1fa00a1753b85d91e2b7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://news.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Fri, 05 Nov 2021 19:07:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
19670
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/subscribewithgoogle-boq-js-css-signers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
56907
x-xss-protection
0
last-modified
Fri, 05 Nov 2021 01:50:19 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"boq-infra/subscribewithgoogle-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/subscribewithgoogle-boq-js-css-signers"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="boq-infra/subscribewithgoogle-boq-js-css-signers"
expires
Sat, 05 Nov 2022 19:07:16 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame EAAA
15 KB
16 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: news.google.com
URL: https://news.google.com/swg/_/ui/v1/serviceiframe?_=454488
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://news.google.com/
Origin
https://news.google.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Thu, 04 Nov 2021 06:41:55 GMT
x-content-type-options
nosniff
age
150791
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15344
x-xss-protection
0
last-modified
Mon, 16 Oct 2017 17:32:55 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Fri, 04 Nov 2022 06:41:55 GMT
m=byfTOb,lsjVmc,LEikZe
www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.rzR5idIYoeY.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.CKv6I837Gsc.L.B1... Frame EAAA
37 KB
13 KB
Script
General
Full URL
https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.rzR5idIYoeY.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.CKv6I837Gsc.L.B1.O/am=AgAE/d=1/exm=_b,_tp/excm=_b,_tp,serviceiframeview/esmo=1/ed=1/wt=2/rs=ABXTjI627hygHEQxVa9O-b6C_0ktMtuT9w/m=byfTOb,lsjVmc,LEikZe
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.rzR5idIYoeY.es5.O/am=AgAE/d=1/excm=_b,_tp,serviceiframeview/ed=1/dg=0/wt=2/esmo=1/rs=ABXTjI5uBk8J-qapjX4PZA5ULnWMWOLEOQ/m=_b,_tp
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
868b96a3a848a614466041ee8e8de1c703ecba31feb9ce6da5b1dd8e5af0cbcb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://news.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Fri, 05 Nov 2021 19:45:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
17370
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/subscribewithgoogle-boq-js-css-signers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13638
x-xss-protection
0
last-modified
Fri, 05 Nov 2021 01:50:19 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"boq-infra/subscribewithgoogle-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/subscribewithgoogle-boq-js-css-signers"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="boq-infra/subscribewithgoogle-boq-js-css-signers"
expires
Sat, 05 Nov 2022 19:45:39 GMT
m=xUdipf,blwjVc,fKUV3e,aurFic,ws9Tlc,COQbmf,U0aPgd,zG9H6c,NwH0H,OmgaI,gychg,lfpdyf,ZfAoz,PQaYAf,lPKSwe,yDVVkb,KG2eXe,DfBslb
www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.rzR5idIYoeY.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.CKv6I837Gsc.L.B1... Frame EAAA
101 KB
34 KB
Script
General
Full URL
https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.rzR5idIYoeY.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.CKv6I837Gsc.L.B1.O/am=AgAE/d=1/exm=LEikZe,_b,_tp,byfTOb,lsjVmc/excm=_b,_tp,serviceiframeview/esmo=1/ed=1/wt=2/rs=ABXTjI627hygHEQxVa9O-b6C_0ktMtuT9w/m=xUdipf,blwjVc,fKUV3e,aurFic,ws9Tlc,COQbmf,U0aPgd,zG9H6c,NwH0H,OmgaI,gychg,lfpdyf,ZfAoz,PQaYAf,lPKSwe,yDVVkb,KG2eXe,DfBslb
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.rzR5idIYoeY.es5.O/am=AgAE/d=1/excm=_b,_tp,serviceiframeview/ed=1/dg=0/wt=2/esmo=1/rs=ABXTjI5uBk8J-qapjX4PZA5ULnWMWOLEOQ/m=_b,_tp
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
be26eb6fdc3bf0f02d594d24a9b2c4960da024bfb44387894392c6e06fa4530f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://news.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Fri, 05 Nov 2021 19:45:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
17370
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/subscribewithgoogle-boq-js-css-signers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35173
x-xss-protection
0
last-modified
Fri, 05 Nov 2021 01:50:19 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"boq-infra/subscribewithgoogle-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/subscribewithgoogle-boq-js-css-signers"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="boq-infra/subscribewithgoogle-boq-js-css-signers"
expires
Sat, 05 Nov 2022 19:45:39 GMT
batchexecute
news.google.com/_/SubscribewithgoogleClientUi/data/ Frame EAAA
140 B
175 B
XHR
General
Full URL
https://news.google.com/_/SubscribewithgoogleClientUi/data/batchexecute?rpcids=SlvRf&f.sid=-2297298365197546526&bl=boq_subscribewithgoogleclientserver_20211104.13_p0&hl=de&soc-app=673&soc-platform=1&soc-device=1&_reqid=2110&rt=c
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.rzR5idIYoeY.es5.O/am=AgAE/d=1/excm=_b,_tp,serviceiframeview/ed=1/dg=0/wt=2/esmo=1/rs=ABXTjI5uBk8J-qapjX4PZA5ULnWMWOLEOQ/m=_b,_tp
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
8c5fd7a9f7a695f842b622ca85f8f8b5d41efcd2db271152e51668c71ee876a8
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/SubscribewithgoogleClientUi/cspreport
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

X-Same-Domain
1
Referer
https://news.google.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type
application/x-www-form-urlencoded;charset=UTF-8

Response headers

date
Sat, 06 Nov 2021 00:35:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
same-site
content-disposition
attachment; filename="response.bin"; filename*=UTF-8''response.bin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
pragma
no-cache
server
ESF
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
content-type
application/json; charset=utf-8
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-security-policy
require-trusted-types-for 'script';report-uri /_/SubscribewithgoogleClientUi/cspreport
expires
Mon, 01 Jan 1990 00:00:00 GMT
m=Wt6vjf,hhhU8,FCpbqb,WhJNk
www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.rzR5idIYoeY.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.CKv6I837Gsc.L.B1... Frame EAAA
17 KB
7 KB
Script
General
Full URL
https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.rzR5idIYoeY.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.CKv6I837Gsc.L.B1.O/am=AgAE/d=1/exm=COQbmf,DfBslb,KG2eXe,LEikZe,NwH0H,OmgaI,PQaYAf,U0aPgd,ZfAoz,_b,_tp,aurFic,blwjVc,byfTOb,fKUV3e,gychg,lPKSwe,lfpdyf,lsjVmc,ws9Tlc,xUdipf,yDVVkb,zG9H6c/excm=_b,_tp,serviceiframeview/esmo=1/ed=1/wt=2/rs=ABXTjI627hygHEQxVa9O-b6C_0ktMtuT9w/m=Wt6vjf,hhhU8,FCpbqb,WhJNk
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.rzR5idIYoeY.es5.O/am=AgAE/d=1/excm=_b,_tp,serviceiframeview/ed=1/dg=0/wt=2/esmo=1/rs=ABXTjI5uBk8J-qapjX4PZA5ULnWMWOLEOQ/m=_b,_tp
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8e745f3d49292fa9a442b32a10ed84a7654efc1e6db535c56f71747f73cce57c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://news.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Fri, 05 Nov 2021 19:45:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
17371
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/subscribewithgoogle-boq-js-css-signers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7213
x-xss-protection
0
last-modified
Fri, 05 Nov 2021 01:50:19 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"boq-infra/subscribewithgoogle-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/subscribewithgoogle-boq-js-css-signers"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="boq-infra/subscribewithgoogle-boq-js-css-signers"
expires
Sat, 05 Nov 2022 19:45:39 GMT
log
play.google.com/ Frame EAAA
131 B
672 B
XHR
General
Full URL
https://play.google.com/log?format=json&hasfast=true
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.rzR5idIYoeY.es5.O/am=AgAE/d=1/excm=_b,_tp,serviceiframeview/ed=1/dg=0/wt=2/esmo=1/rs=ABXTjI5uBk8J-qapjX4PZA5ULnWMWOLEOQ/m=_b,_tp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Playlog /
Resource Hash
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://news.google.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type
application/x-www-form-urlencoded;charset=UTF-8

Response headers

date
Sat, 06 Nov 2021 00:35:11 GMT
content-encoding
gzip
server
Playlog
access-control-allow-headers
X-Playlog-Web
x-frame-options
SAMEORIGIN
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
access-control-allow-origin
https://news.google.com
cache-control
private
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
content-type
text/plain; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
131
x-xss-protection
0
expires
Sat, 06 Nov 2021 00:35:11 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
samizdat-graphql.nytimes.com
URL
https://samizdat-graphql.nytimes.com/graphql/v2
Domain
als-svc.nytimes.com
URL
https://als-svc.nytimes.com/als?uri=https%3A%2F%2Fwww.nytimes.com%2Fpages%2Findex.html&typ=&prop=nyt&plat=web
Domain
news.google.com
URL
https://news.google.com/swg/_/api/v1/publication/nytimes.com/entitlements

Verdicts & Comments Add Verdict or Comment

62 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler object| marks object| observer number| viHeadScriptSize object| NYTD object| vi boolean| hybrid object| BOOMR function| nyt_et object| UnifiedTracking function| Abra object| swgUserInfoXhrObject object| dataLayer object| userXhrObject function| userXhrRefresh object| _interactiveRegistry function| registerInteractive function| getInteractiveBridge boolean| SwGEntitlement function| onInitNativeAds object| webpackJsonp function| testCookie function| placeGpt undefined| purrCookie object| googletag object| AdSlot4 object| grumi object| advBidxc object| apstag object| __preloadedData function| BOOMR_check_doc_domain object| ErrorStackParser object| UserTimingCompression object| BOOMR_mq boolean| apstagLOADED string| DEFAULT string| TEST_DATA_DELIMITER string| LOGS_PAGE_VIEW_ID string| LOGS_PAGE_VIEW_ID_MATCH function| isSet function| isStringSet function| isFunction function| isArray function| any function| getDOMElementFromTagName function| getSection function| getPageViewId function| getTestData function| getCustomBidRequestParams function| exposeApis function| init object| ggeac object| google_js_reporting_queue undefined| google_measure_js_timing object| UrlCache object| SUBSCRIPTIONS object| SWG

7 Cookies

Domain/Path Name / Value
.media.net/ Name: gdpr_status
Value: 1
la-iforgot.live/ Name: mnet_session_depth
Value: 1%7C1636158894356
.nytimes.com/ Name: nyt-a
Value: lIaUiurTukbWWu0xBLAFpvGK
.et.nytimes.com/ Name: sessionActive
Value: true
.et.nytimes.com/ Name: sessionIndex
Value: 1|1636158894620|lIaUiurTukbWWu0xBLAFpvGK|1636158894620
.et.nytimes.com/ Name: et-ppvid
Value: https://la-iforgot.live/=Q4xN-L4svuI0z0LFd57XPh4v
.google.com/ Name: NID
Value: 511=XIRRaoO0_iwOKiKaGl7znMMxyeHrAaIXyjSb4CNPYfrZPJvxG5UBeiYC90z_-ms302VhKKeeGRYYUbvzgifOFt9QJDvwNj0ZZWDRjiJxagBoa6vFIu-dLRlmsURGZOd-O_eSggAfmLFP-liIzUkvbeGGvNRRkFy9gZUDL96jMxA

15 Console Messages

Source Level URL
Text
network error URL: https://la-iforgot.live/vi-assets/static-assets/global-69acc7c8fb6a313ed7e8641e4a88bf30.css
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
network error URL: https://la-iforgot.live/vi-assets/static-assets/adslot-832d0fbc18f2d9494e99.js
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
network error URL: https://la-iforgot.live/vi-assets/static-assets/main-e29443cf6c92a4985193.js
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
network error URL: https://la-iforgot.live/vi-assets/static-assets/icon-whatsapp-17x17-000-b100d38495ee541e2e4f30bcaf9bfe0c.svg
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
network error URL: https://la-iforgot.live/vi-assets/static-assets/vendor-16c0ed8d57f729e175f0.js
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
network error URL: https://la-iforgot.live/vi-assets/static-assets/story-b896e801778ca7df15f6.js
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
network error URL: https://la-iforgot.live/vi-assets/static-assets/opinion-53e9ac2386b034b4f253.js
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
javascript error URL: https://la-iforgot.live/
Message:
Access to XMLHttpRequest at 'https://als-svc.nytimes.com/als?uri=https%3A%2F%2Fwww.nytimes.com%2Fpages%2Findex.html&typ=&prop=nyt&plat=web' from origin 'https://la-iforgot.live' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://als-svc.nytimes.com/als?uri=https%3A%2F%2Fwww.nytimes.com%2Fpages%2Findex.html&typ=&prop=nyt&plat=web
Message:
Failed to load resource: net::ERR_FAILED
javascript error URL: https://la-iforgot.live/
Message:
Access to XMLHttpRequest at 'https://samizdat-graphql.nytimes.com/graphql/v2' from origin 'https://la-iforgot.live' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://samizdat-graphql.nytimes.com/graphql/v2
Message:
Failed to load resource: net::ERR_FAILED
network error URL: https://c.go-mpulse.net/api/config.json?key=ATH8A-MAMN8-XPXCH-N5KAX-8D239&d=la-iforgot.live&t=5453863&v=1.720.0&sl=0&si=ae878af0-319d-48f2-a534-e632c28d9012-r24ka5&plugins=ConfigOverride,Continuity,PageParams,IFrameDelay,AutoXHR,SPA,History,Angular,Backbone,Ember,RT,CrossDomain,BW,PaintTiming,NavigationTiming,ResourceTiming,Memory,CACHE_RELOAD,Errors,TPAnalytics,UserTiming,Akamai,Early,EventTiming,LOGN&acao=
Message:
Failed to load resource: the server responded with a status of 403 (Forbidden)
javascript error URL: https://la-iforgot.live/
Message:
Access to fetch at 'https://news.google.com/swg/_/api/v1/publication/nytimes.com/entitlements' from origin 'https://la-iforgot.live' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
network error URL: https://news.google.com/swg/_/api/v1/publication/nytimes.com/entitlements
Message:
Failed to load resource: net::ERR_FAILED
security error (Line 6)
Message:
This document requires 'TrustedScript' assignment.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.et.nytimes.com
als-svc.nytimes.com
c.amazon-adsystem.com
c.go-mpulse.net
contextual.media.net
fonts.gstatic.com
g1.nyt.com
hblg.media.net
la-iforgot.live
myaccount.nytimes.com
news.google.com
play.google.com
rumcdn.geoedge.be
s.go-mpulse.net
samizdat-graphql.nytimes.com
securepubads.g.doubleclick.net
static01.nyt.com
www.googletagmanager.com
www.gstatic.com
als-svc.nytimes.com
news.google.com
samizdat-graphql.nytimes.com
103.155.92.140
142.250.186.130
142.250.74.211
143.204.95.188
151.101.193.164
2.18.235.93
2600:9000:2156:a800:4:b37b:9440:93a1
2a00:1450:4001:808::2003
2a00:1450:4001:808::200e
2a00:1450:4001:827::200e
2a00:1450:4001:82a::2008
2a00:1450:4001:830::2003
2a02:26f0:1700:391::11a6
2a02:26f0:64:6b5::11a6
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
09ebd7f407439990aac227e70da23e1a819e8e30282928e324370805f480bec4
128921b242c2b1953c2a1691cfd681f716ecbe620ec1a2424a644b9487c23760
156f9b4a184dd0f31c929ce45c89e94a07148f97fc371cc7fde39ff04b706b57
182331bf2d6618498776e7ea1d47fea5bc968c4ebcc0de38e1b2129f610b28e6
1c7536005d0e28de66f559cbd59e83e9c5c4301553668cbbb8cb0dfa753e33c6
254043432874ecaf0cf3d6d69907109b373057290d615453060544935d1cb8b9
2c082aba999e16f4c51a223ab4fb7c72946832b9c176c3ee8fb25ae77d9a152a
3217a6955b600825965f424d1cf73bc156ade880bcb4e16760cfe1771e2da89e
3cd62cee482792b0e5dcc9b45aa1ad0b589e84a8a9f0d694b877687f17ec4d52
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
4102a37607eea4b64b6ab6e8f07a3b16ef00f2670638286fbb6694dc5d57b085
48c17df8a89e5c3acb4127a265cce50218716f0dfdf7ad265267d4a013f01b2f
4dc4abcd99f7976c1a0938575631974c55fa42bf76681e84ca56aeea3180966e
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358
50ad3a273dd7803066fae0fb2e4eec57cdfb969f449d86309527578d7e08d249
6716e7c9082bd0a706128a88da56548b13172dbd0acbf72fd13d391dc6fd2ba0
6de706923eaa7411b5bc9dfcc2de58c8950a85454fc1aa386f3537b19f861d5a
70ac07a344cdbafad3e6c82c0aad7149c547e74cf74ac26928b5c101c54efb75
796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90
7e600a56d48ef1c596bf57dab35afecd2d31a8d2672b045efdde1fec1a0f0f07
868b96a3a848a614466041ee8e8de1c703ecba31feb9ce6da5b1dd8e5af0cbcb
8c5fd7a9f7a695f842b622ca85f8f8b5d41efcd2db271152e51668c71ee876a8
8e745f3d49292fa9a442b32a10ed84a7654efc1e6db535c56f71747f73cce57c
973fe12f5130be123a73261e3956030b8a1c380f8cd8234e319b51bda6892898
a3f825bc3ef7a82cae015dfae5a5df6db55d64c6c7968656727bbac7169013ea
ad6503e2b2350a7f94175b139c9b08a265f56a32e3c89e72e3bf40e0b16937c3
b32e3879c83af441e675efa49587cb894bdd3c10420475f79879fbfb7a69766b
be26eb6fdc3bf0f02d594d24a9b2c4960da024bfb44387894392c6e06fa4530f
beb428894efd807561bf32aea1d9e684092090c78a92abb521e2a4627757e46d
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
d66323c00bb7fbb0a5dd1c1e9af34129d7ba5b3050fa5b7a39e0fda361c2e352
e2fdd6a14fae898128ff331c142a6a743a6adc0560bb2dbc80a4b2482de3d702
e37155f596d4bcd9653eb5a65a20896c1e1a1d64bb3f1fa00a1753b85d91e2b7
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e444fdaa833e612d239cf21a335b8322ad8cb7c7ba697ec978bdb454f5059519
ea390a1cee52abebea3ae394e6ce4f18d3b34bca61ac934805be7a417a40d4fc