www.nwitimes.com Open in urlscan Pro
192.104.182.209 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://email.mail.nwitimes.com/e/c/eyJlbWFpbF9pZCI6ImRnVHM4d2NBQUt2MUM2cjFDd0dKNEM0ZWZ2N3VvWi1NQW5oM3VFbz0iLCJocmVmIjoiaHR0cHM6...
Effective URL:
https://www.nwitimes.com/privacy/
Submission: On August 13 via api (August 13th 2023, 8:33:13 pm UTC) from US — Scanned from DE

Summary HTTP 75 Redirects Links 15 Behaviour Indicators

Summary

This website contacted 16 IPs in 3 countries across 15 domains to perform 75 HTTP transactions. The main IP is 192.104.182.209, located in United States and belongs to LEE-ASN, US. The main domain is www.nwitimes.com. The Cisco Umbrella rank of the primary domain is 256959.
TLS certificate: Issued by GTS CA 1P5 on July 19th 2023. Valid for: 3 months.

This is the only time www.nwitimes.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	2600:9000:223... 2600:9000:223c:1c00:1e:44af:df00:93a1	16509 (AMAZON-02) (AMAZON-02)
1 8	192.104.182.209 192.104.182.209	10668 (LEE-ASN) (LEE-ASN)
22	104.16.133.24 104.16.133.24	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	2600:9000:245... 2600:9000:2450:2e00:3:b7e:8940:93a1	16509 (AMAZON-02) (AMAZON-02)
3	18.173.189.135 18.173.189.135	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:812::2003	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:830::2008	15169 (GOOGLE) (GOOGLE)
3	18.173.187.96 18.173.187.96	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
1 2	15.197.193.217 15.197.193.217	16509 (AMAZON-02) (AMAZON-02)
1	18.173.159.138 18.173.159.138	16509 (AMAZON-02) (AMAZON-02)
2	2001:4860:480... 2001:4860:4802:38::178	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:828::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:81c::200e	15169 (GOOGLE) (GOOGLE)
4	18.165.191.170 18.165.191.170	16509 (AMAZON-02) (AMAZON-02)
1	35.166.226.67 35.166.226.67	16509 (AMAZON-02) (AMAZON-02)
75	16

1 2600:9000:223c:1c00:1e:44af:df00:93a1 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

email.mail.nwitimes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 192.104.182.209 (United States) 1 redirects

ASN10668 (LEE-ASN, US)
PTR: cms.chicago2.vip.townnews.com

nwitimes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.nwitimes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 104.16.133.24 (None, )

ASN13335 (CLOUDFLARENET, US)

bloximages.chicago2.vip.townnews.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2600:9000:2450:2e00:3:b7e:8940:93a1 (United States)

ASN16509 (AMAZON-02, US)

cmp.osano.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.173.189.135 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-173-189-135.muc50.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:812::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:830::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.173.187.96 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-173-187-96.muc50.r.cloudfront.net

tagan.adlightning.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 15.197.193.217 (Seattle, United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

insight.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.173.159.138 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-173-159-138.muc50.r.cloudfront.net

d1eoo1tco6rr5e.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:38::178 (United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ampcid.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81c::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ampcid.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 18.165.191.170 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-165-191-170.zrh55.r.cloudfront.net

cdn.segment.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.166.226.67 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-166-226-67.us-west-2.compute.amazonaws.com

api.segment.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
22	townnews.com bloximages.chicago2.vip.townnews.com — Cisco Umbrella Rank: 19525	317 KB
9	nwitimes.com 2 redirects email.mail.nwitimes.com nwitimes.com — Cisco Umbrella Rank: 225600 www.nwitimes.com — Cisco Umbrella Rank: 256959	79 KB
7	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 65	586 KB
6	osano.com cmp.osano.com — Cisco Umbrella Rank: 5562	111 KB
4	segment.com cdn.segment.com — Cisco Umbrella Rank: 1579	34 KB
3	adlightning.com tagan.adlightning.com — Cisco Umbrella Rank: 2462	83 KB
3	amazon-adsystem.com c.amazon-adsystem.com — Cisco Umbrella Rank: 357	64 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 54	22 KB
2	adsrvr.org 1 redirects insight.adsrvr.org — Cisco Umbrella Rank: 581	408 B
2	doubleclick.net securepubads.g.doubleclick.net — Cisco Umbrella Rank: 206	155 KB
2	gstatic.com www.gstatic.com	13 KB
1	segment.io api.segment.io — Cisco Umbrella Rank: 1174	175 B
1	google.de ampcid.google.de — Cisco Umbrella Rank: 67796	369 B
1	google.com ampcid.google.com — Cisco Umbrella Rank: 2411	440 B
1	cloudfront.net d1eoo1tco6rr5e.cloudfront.net	668 B
75	15

	Domain	Requested by
22	bloximages.chicago2.vip.townnews.com	www.nwitimes.com
7	www.googletagmanager.com	www.nwitimes.com cmp.osano.com
7	www.nwitimes.com	www.nwitimes.com
6	cmp.osano.com	www.nwitimes.com cmp.osano.com
4	cdn.segment.com	cmp.osano.com cdn.segment.com
3	tagan.adlightning.com	www.nwitimes.com cmp.osano.com
3	c.amazon-adsystem.com	www.nwitimes.com c.amazon-adsystem.com
2	www.google-analytics.com	cmp.osano.com
2	insight.adsrvr.org	1 redirects d1eoo1tco6rr5e.cloudfront.net
2	securepubads.g.doubleclick.net	cmp.osano.com
2	www.gstatic.com	www.nwitimes.com
1	api.segment.io	cdn.segment.com
1	ampcid.google.de	www.google-analytics.com
1	ampcid.google.com	www.google-analytics.com
1	d1eoo1tco6rr5e.cloudfront.net	cmp.osano.com
1	nwitimes.com	1 redirects
1	email.mail.nwitimes.com	1 redirects
75	17

This site contains links to these domains. Also see Links.

Domain
subscriberservices.lee.net
legacy.memoriams.com
www.stringr.com
thetimesmediacompany.com
autos.nwitimes.com
nwitimes.column.us
www.legacy.com
www.networkadvertising.org
www.google.com
lee.net
bloxcms.com
bloxdigital.com

Subject Issuer	Validity	Valid
nwitimes.com GTS CA 1P5	`2023-07-19` - `2023-10-17`	3 months	crt.sh
bloximages.chicago2.vip.townnews.com GeoTrust TLS RSA CA G1	`2023-03-13` - `2024-04-12`	a year	crt.sh
cmp.osano.com Amazon RSA 2048 M02	`2023-02-21` - `2023-09-30`	7 months	crt.sh
c.amazon-adsystem.com Amazon RSA 2048 M01	`2023-02-28` - `2024-02-17`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2023-07-17` - `2023-10-09`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-07-17` - `2023-10-09`	3 months	crt.sh
*.adlightning.com Amazon RSA 2048 M01	`2023-07-08` - `2024-08-05`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-07-17` - `2023-10-09`	3 months	crt.sh
*.cloudfront.net Amazon RSA 2048 M01	`2022-12-08` - `2023-12-07`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2023-04-12` - `2024-05-13`	a year	crt.sh
*.google.com GTS CA 1C3	`2023-07-17` - `2023-10-09`	3 months	crt.sh
*.google.de GTS CA 1C3	`2023-07-17` - `2023-10-09`	3 months	crt.sh
*.segment.com Amazon RSA 2048 M01	`2023-02-24` - `2024-01-12`	a year	crt.sh
*.segment.io Amazon RSA 2048 M01	`2023-02-10` - `2024-02-10`	a year	crt.sh

This page contains 4 frames:

Primary Page: https://www.nwitimes.com/privacy/
Frame ID: C0613323873016A3C2932A9DFF91C441
Requests: 70 HTTP requests in this frame

Frame: https://cmp.osano.com/
Frame ID: 75F531BC0606796CF43BB20F6935E81A
Requests: 1 HTTP requests in this frame

Frame: https://d1eoo1tco6rr5e.cloudfront.net/nebsjkp/21usqg2/iframe
Frame ID: F657B34AE00ABBF5A4EBC4F4762079C7
Requests: 2 HTTP requests in this frame

Frame: https://cmp.osano.com/
Frame ID: 75C5E0F88287B91DEEEA82F8C09B81E8
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Privacy | nwitimes.com

Page URL History Show full URLs

https://email.mail.nwitimes.com/e/c/eyJlbWFpbF9pZCI6ImRnVHM4d2NBQUt2MUM2cjFDd0dKNEM0ZWZ2N3VvWi1NQW5oM3VFbz0i... HTTP 302
https://nwitimes.com/privacy/ HTTP 301
https://www.nwitimes.com/privacy/ Page URL

Detected technologies

Firebase (Databases) Expand

Overall confidence: 100%
Detected patterns

/firebasejs/([\d.]+)/firebase

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Segment (Analytics) Expand

Overall confidence: 100%
Detected patterns

cdn\.segment\.com/analytics\.js

TrackJs (Analytics) Expand

Overall confidence: 100%
Detected patterns

tracker\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

75
Requests

84 %
HTTPS

50 %
IPv6

15
Domains

17
Subdomains

16
IPs

3
Countries

1464 kB
Transfer

4834 kB
Size

3
Cookies

15 Outgoing links

These are links going to different origins than the main page.

URL: https://subscriberservices.lee.net/subscriberservices/Content/paymentpagesingle.aspx?Domain=nwitimes.com&SubscriberLevel=DOP&Return=https%3A%2F%2Fwww.nwitimes.com%2Fprivacy%2F#tracking-source=header&ir=true
Title: Subscribe $1 for 6 months

Search URL Search Domain Scan URL

URL: https://legacy.memoriams.com/network/TheTimesofNorthwestIndiana/Obituaries?online=1&utm_campaign=consumerdirect&utm_source=lee&utm_medium=np_s&utm_content=nwitimes
Title: Share a story

Search URL Search Domain Scan URL

URL: https://www.stringr.com/xliQhSkXoCb
Title: Share video

Search URL Search Domain Scan URL

URL: https://thetimesmediacompany.com/
Title: The Times Media Company

Search URL Search Domain Scan URL

URL: https://autos.nwitimes.com/
Title: Cars

Search URL Search Domain Scan URL

URL: https://nwitimes.column.us/search
Title: Public Notices

Search URL Search Domain Scan URL

URL: https://subscriberservices.lee.net/subscriberservices/Content/AccountStatus.aspx?Domain=nwitimes.com
Title: My Subscription

Search URL Search Domain Scan URL

URL: https://www.legacy.com/obituaries/nwitimes
Title: Obituaries

Search URL Search Domain Scan URL

URL: http://www.networkadvertising.org/
Title: Network Advertising Initiative's

Search URL Search Domain Scan URL

URL: https://www.google.com/policies/technologies/ads/
Title: Click here

Search URL Search Domain Scan URL

URL: http://www.networkadvertising.org/choices/
Title: http://www.networkadvertising.org/choices/

Search URL Search Domain Scan URL

URL: http://nwitimes.column.us/search
Title: Legal Notices

Search URL Search Domain Scan URL

URL: http://lee.net/careers/opportunities/?utm_source=newspaper&utm_medium=blox&utm_campaign=workhere
Title: Work here

Search URL Search Domain Scan URL

URL: https://bloxcms.com/
Title: BLOX Content Management System

Search URL Search Domain Scan URL

URL: https://bloxdigital.com/
Title: bloxdigital.com

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://email.mail.nwitimes.com/e/c/eyJlbWFpbF9pZCI6ImRnVHM4d2NBQUt2MUM2cjFDd0dKNEM0ZWZ2N3VvWi1NQW5oM3VFbz0iLCJocmVmIjoiaHR0cHM6Ly9ud2l0aW1lcy5jb20vcHJpdmFjeS8iLCJpbnRlcm5hbCI6ImVjZjMwNzA2OGE3N2FiZjUwYiIsImxpbmtfaWQiOjd9/4358643627b05949da3ad9f806e3f8ce1c86527966910bf86d3a51c9d13d8099 HTTP 302
https://nwitimes.com/privacy/ HTTP 301
https://www.nwitimes.com/privacy/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 46

https://insight.adsrvr.org/tags/nebsjkp/21usqg2/iframe HTTP 303
https://d1eoo1tco6rr5e.cloudfront.net/nebsjkp/21usqg2/iframe

75 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
www.nwitimes.com/privacy/
Redirect Chain

https://email.mail.nwitimes.com/e/c/eyJlbWFpbF9pZCI6ImRnVHM4d2NBQUt2MUM2cjFDd0dKNEM0ZWZ2N3VvWi1NQW5oM3VFbz0iLCJocmVmIjoiaHR0cHM6Ly9ud2l0aW1lcy5jb20vcHJpdmFjeS8iLCJpbnRlcm5hbCI6ImVjZjMwNzA2OGE3N2FiZ...
https://nwitimes.com/privacy/
https://www.nwitimes.com/privacy/

137 KB
36 KB

106ms
100ms

Document
text/html

192.104.182.209
LEE-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nwitimes.com/privacy/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.104.182.209 , United States, ASN10668 (LEE-ASN, US),

Reverse DNS

cms.chicago2.vip.townnews.com

Software

Resource Hash

09a962b79056fa6952737d70d8dea1a8f2304dbc7d50f51d603e7593d7676c5c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 21194
cache-control: public, max-age=10
content-encoding: gzip
content-length: 34382
content-security-policy: upgrade-insecure-requests
content-type: text/html; charset=UTF-8
date: Sun, 13 Aug 2023 14:39:53 GMT
etag: W/933648518a94c1e3eb16430be8a097ea
last-modified: Sun, 13 Aug 2023 14:39:53 GMT
link: <https://bloximages.chicago2.vip.townnews.com>; rel=preconnect dns-prefetch; crossorigin <https://bloximages.chicago2.vip.townnews.com/nwitimes.com/shared-content/art/tncms/templates/libraries/flex/components/jquery/resources/scripts/jquery.min.d6d18fcf88750a16d256e72626e676a6.js>; rel=preload; as=script </shared-content/art/tncms/user/user.js>; rel=preload; as=script <https://bloximages.chicago2.vip.townnews.com/nwitimes.com/shared-content/art/tncms/templates/libraries/flex/components/bootstrap/resources/scripts/bootstrap.min.d457560d3dfbf1d56a225eb99d7b0702.js>; rel=preload; as=script <https://bloximages.chicago2.vip.townnews.com/nwitimes.com/shared-content/art/tncms/templates/libraries/flex/components/plugins/resources/scripts/common.08a61544f369cc43bf02e71b2d10d49f.js>; rel=preload; as=script <https://bloximages.chicago2.vip.townnews.com/nwitimes.com/shared-content/art/tncms/templates/libraries/flex/components/template/resources/scripts/tnt.b36ccd6c63f37a5c53e27315d402bd25.js>; rel=preload; as=script <https://bloximages.chicago2.vip.townnews.com/nwitimes.com/shared-content/art/tncms/templates/libraries/flex/components/template/resources/scripts/application.3c64d611e594b45dd35b935162e79d85.js>; rel=preload; as=script <https://bloximages.chicago2.vip.townnews.com/nwitimes.com/shared-content/art/tncms/templates/libraries/flex/components/template/resources/scripts/tnt.navigation.accessibility.7a9170240d21440159b9bd59db72933b.js>; rel=preload; as=script
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: X-IPCountry, X-Townnews-Now-API-Version, Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-loop: 1
x-robots-tag: noarchive
x-tncms: 1.70.8; app1; 0.28s; 5.4M
x-ua-compatible: IE=edge
x-vcache: HIT
x-xss-protection: 1; mode=block

Redirect headers

age: 52224
cache-control: public, max-age=10
content-encoding: gzip
content-length: 1468
content-security-policy: upgrade-insecure-requests
content-type: text/html; charset=UTF-8
date: Sun, 13 Aug 2023 06:02:42 GMT
link: <https://bloximages.chicago2.vip.townnews.com>; rel=preconnect dns-prefetch; crossorigin
location: https://www.nwitimes.com/privacy/
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-loop: 1
x-robots-tag: noarchive
x-tncms: 1.70.8; app14; 0.01s; 1.3M
x-tncms-bot-tier: 1
x-vcache: HIT
x-xss-protection: 1; mode=block

GET
H2 200 jquery.min.d6d18fcf88750a16d256e72626e676a6.js Show response
bloximages.chicago2.vip.townnews.com/nwitimes.com/shared-content/art/tncms/templates/libraries/flex/components/jquery/resources/scripts/ 98 KB
34 KB 63ms
26ms Script
application/x-javascript 104.16.133.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/nwitimes.com/shared-content/art/tncms/templates/libraries/flex/components/jquery/resources/scripts/jquery.min.d6d18fcf88750a16d256e72626e676a6.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.133.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bad3f4a20b737202b4cb52ce0124a2ae5d54be0002feb42790867ee446425332

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nwitimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sun, 13 Aug 2023 20:33:07 GMT
strict-transport-security: max-age=604800
content-encoding: br
cf-cache-status: HIT
age: 395739
cross-origin-resource-policy: cross-origin
last-modified: Wed, 07 Jul 2021 20:09:22 GMT
x-vcache: MISS
server: cloudflare
etag: W/"60e609f2-1882c"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 7f63bb3749569be0-FRA
expires: Thu, 21 Mar 2024 07:22:31 GMT

GET
H2 200 user.js Show response
www.nwitimes.com/shared-content/art/tncms/user/ 3 KB
2 KB 102ms
99ms Script
application/x-javascript 192.104.182.209
LEE-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://www.nwitimes.com/shared-content/art/tncms/user/user.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.104.182.209 , United States, ASN10668 (LEE-ASN, US),
Reverse DNS: cms.chicago2.vip.townnews.com
Software: /
Resource Hash: c6e6da77dacb153a6384cca89b97bef3a39bd73cb3f3b997d0002ff0c1c4dc86

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nwitimes.com/privacy/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sun, 13 Aug 2023 20:28:11 GMT
content-encoding: gzip
last-modified: Thu, 10 Aug 2023 20:49:22 GMT
x-vcache: HIT
age: 296
etag: W/"64d54d52-c04"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=600
accept-ranges: bytes
content-length: 1419
service-worker-allowed: /

GET
H2 200 bootstrap.min.d457560d3dfbf1d56a225eb99d7b0702.js Show response
bloximages.chicago2.vip.townnews.com/nwitimes.com/shared-content/art/tncms/templates/libraries/flex/components/bootstrap/resources/scripts/ 39 KB
11 KB 57ms
20ms Script
application/x-javascript 104.16.133.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/nwitimes.com/shared-content/art/tncms/templates/libraries/flex/components/bootstrap/resources/scripts/bootstrap.min.d457560d3dfbf1d56a225eb99d7b0702.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.133.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

93eac8b1fb14d0863561633dfdf563013c023393aabfb122e3be7256629d9235

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nwitimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sun, 13 Aug 2023 20:33:07 GMT
strict-transport-security: max-age=604800
content-encoding: br
cf-cache-status: HIT
age: 9736895
cross-origin-resource-policy: cross-origin
last-modified: Fri, 06 Sep 2019 14:16:03 GMT
x-vcache: MISS
server: cloudflare
etag: W/"5d726a23-9bd8"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 7f63bb3749589be0-FRA
expires: Tue, 02 Apr 2024 19:24:27 GMT

GET
H2 200 common.08a61544f369cc43bf02e71b2d10d49f.js Show response
bloximages.chicago2.vip.townnews.com/nwitimes.com/shared-content/art/tncms/templates/libraries/flex/components/plugins/resources/scripts/ 32 KB
12 KB 63ms
26ms Script
application/x-javascript 104.16.133.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/nwitimes.com/shared-content/art/tncms/templates/libraries/flex/components/plugins/resources/scripts/common.08a61544f369cc43bf02e71b2d10d49f.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.133.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ddd1991e3d8ce67431989f8cca95743706d110f064ed2b3609041a3f20e50d2c

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nwitimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sun, 13 Aug 2023 20:33:07 GMT
strict-transport-security: max-age=604800
content-encoding: br
cf-cache-status: HIT
age: 15657310
last-modified: Thu, 21 Jul 2022 21:07:04 GMT
x-vcache: MISS
server: cloudflare
etag: W/"62d9bff8-8154"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 7f63bb3749689be0-FRA
expires: Wed, 26 Jul 2023 07:37:47 GMT

GET
H2 200 tnt.b36ccd6c63f37a5c53e27315d402bd25.js Show response
bloximages.chicago2.vip.townnews.com/nwitimes.com/shared-content/art/tncms/templates/libraries/flex/components/template/resources/scripts/ 23 KB
6 KB 62ms
26ms Script
application/x-javascript 104.16.133.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/nwitimes.com/shared-content/art/tncms/templates/libraries/flex/components/template/resources/scripts/tnt.b36ccd6c63f37a5c53e27315d402bd25.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.133.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aa59d2979c85d4fec938c960a0c4e7138cd122db113331b2974113869007dc46

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nwitimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sun, 13 Aug 2023 20:33:07 GMT
strict-transport-security: max-age=604800
content-encoding: br
cf-cache-status: HIT
age: 4410897
cross-origin-resource-policy: cross-origin
last-modified: Fri, 23 Jun 2023 17:09:55 GMT
x-vcache: MISS
server: cloudflare
etag: W/"6495d1e3-5cda"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 7f63bb3749659be0-FRA
expires: Sat, 22 Jun 2024 19:01:32 GMT

GET
H2 200 application.3c64d611e594b45dd35b935162e79d85.js Show response
bloximages.chicago2.vip.townnews.com/nwitimes.com/shared-content/art/tncms/templates/libraries/flex/components/template/resources/scripts/ 4 KB
2 KB 62ms
25ms Script
application/x-javascript 104.16.133.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/nwitimes.com/shared-content/art/tncms/templates/libraries/flex/components/template/resources/scripts/application.3c64d611e594b45dd35b935162e79d85.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.133.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

076f281a9257ad662f34badb12393195fdca0dc2fde9acd1f1628b9674a96aee

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nwitimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sun, 13 Aug 2023 20:33:07 GMT
strict-transport-security: max-age=604800
content-encoding: br
cf-cache-status: HIT
age: 4410897
cross-origin-resource-policy: cross-origin
last-modified: Fri, 23 Jun 2023 18:40:28 GMT
x-vcache: MISS
server: cloudflare
etag: W/"6495e71c-10fa"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 7f63bb3749629be0-FRA
expires: Sat, 22 Jun 2024 19:01:32 GMT

GET
H2 200 tnt.navigation.accessibility.7a9170240d21440159b9bd59db72933b.js Show response
bloximages.chicago2.vip.townnews.com/nwitimes.com/shared-content/art/tncms/templates/libraries/flex/components/template/resources/scripts/ 2 KB
962 B 56ms
19ms Script
application/x-javascript 104.16.133.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/nwitimes.com/shared-content/art/tncms/templates/libraries/flex/components/template/resources/scripts/tnt.navigation.accessibility.7a9170240d21440159b9bd59db72933b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.133.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

75845ddd51e5f375f7b7aa868937566eb92118d0ee118cd3154db1a95d7b8dd0

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nwitimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sun, 13 Aug 2023 20:33:07 GMT
strict-transport-security: max-age=604800
content-encoding: br
cf-cache-status: HIT
age: 15657310
last-modified: Thu, 23 Jun 2022 13:40:11 GMT
x-vcache: MISS
server: cloudflare
etag: W/"62b46d3b-9ae"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 7f63bb37495c9be0-FRA
expires: Thu, 06 Jul 2023 19:01:12 GMT

GET
H2 200 bootstrap.min.87df60d54091cf1e8f8173c2e568260c.css
bloximages.chicago2.vip.townnews.com/nwitimes.com/shared-content/art/tncms/templates/libraries/flex/components/bootstrap/resources/styles/ 107 KB
18 KB 53ms
17ms Stylesheet
text/css 104.16.133.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/nwitimes.com/shared-content/art/tncms/templates/libraries/flex/components/bootstrap/resources/styles/bootstrap.min.87df60d54091cf1e8f8173c2e568260c.css

Requested by

Host: www.nwitimes.com
URL: https://www.nwitimes.com/privacy/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.133.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

296ffff5be5fa17a541df8e925d24e473ced64d535f543542bebc15759b761fd

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nwitimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sun, 13 Aug 2023 20:33:07 GMT
strict-transport-security: max-age=604800
content-encoding: br
cf-cache-status: HIT
age: 7706965
cross-origin-resource-policy: cross-origin
last-modified: Thu, 11 May 2023 20:00:28 GMT
x-vcache: MISS
server: cloudflare
etag: W/"645d495c-1ac2e"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 7f63bb3749499be0-FRA
expires: Wed, 15 May 2024 15:01:18 GMT

GET
H2 200 layout.c16df073a4f45c16eb2b8a91ceb7b785.css
bloximages.chicago2.vip.townnews.com/nwitimes.com/shared-content/art/tncms/templates/libraries/flex/components/template/resources/styles/ 154 KB
28 KB 60ms
24ms Stylesheet
text/css 104.16.133.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/nwitimes.com/shared-content/art/tncms/templates/libraries/flex/components/template/resources/styles/layout.c16df073a4f45c16eb2b8a91ceb7b785.css

Requested by

Host: www.nwitimes.com
URL: https://www.nwitimes.com/privacy/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.133.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

38a8c69764cb608dd9ab1a715c2bcc582d8ffdf33ea486a8926234bf68d5733c

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nwitimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sun, 13 Aug 2023 20:33:07 GMT
strict-transport-security: max-age=604800
content-encoding: br
cf-cache-status: HIT
age: 1038269
cross-origin-resource-policy: cross-origin
last-modified: Wed, 26 Jul 2023 20:07:12 GMT
x-vcache: MISS
server: cloudflare
etag: W/"64c17cf0-26681"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 7f63bb37494c9be0-FRA
expires: Wed, 31 Jul 2024 19:01:19 GMT

GET
H2 200 lee.ds.css
bloximages.chicago2.vip.townnews.com/nwitimes.com/content/tncms/live/libraries/flex/components/lee_ds_v3/resources/styles/ 96 KB
17 KB 54ms
18ms Stylesheet
text/css 104.16.133.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/nwitimes.com/content/tncms/live/libraries/flex/components/lee_ds_v3/resources/styles/lee.ds.css?_dc=1691737282

Requested by

Host: www.nwitimes.com
URL: https://www.nwitimes.com/privacy/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.133.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

04da122e70371bba47c7c58135bfed4f21d1545c72ba51d8cbc0d43276f834f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nwitimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sun, 13 Aug 2023 20:33:07 GMT
strict-transport-security: max-age=604800
content-encoding: br
cf-cache-status: HIT
age: 203027
cross-origin-resource-policy: cross-origin
last-modified: Fri, 11 Aug 2023 07:01:22 GMT
x-vcache: MISS
server: cloudflare
etag: W/"64d5dcc2-17f3c"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 7f63bb37494f9be0-FRA
expires: Sat, 10 Aug 2024 07:06:34 GMT

GET
H2 200 flex-notification-controls.e115619c5ab5d4eb38fbd29cc0d2ea9b.css
bloximages.chicago2.vip.townnews.com/nwitimes.com/shared-content/art/tncms/templates/libraries/flex/components/block/resources/styles/ 6 KB
2 KB 61ms
25ms Stylesheet
text/css 104.16.133.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/nwitimes.com/shared-content/art/tncms/templates/libraries/flex/components/block/resources/styles/flex-notification-controls.e115619c5ab5d4eb38fbd29cc0d2ea9b.css

Requested by

Host: www.nwitimes.com
URL: https://www.nwitimes.com/privacy/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.133.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4ef0cb2e94b5b79911d8647651823f8c4a39b0f1192bf85b2caa9ce9db3fd7e1

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nwitimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sun, 13 Aug 2023 20:33:07 GMT
strict-transport-security: max-age=604800
content-encoding: br
cf-cache-status: HIT
age: 15657310
last-modified: Tue, 10 May 2022 15:15:27 GMT
x-vcache: MISS
server: cloudflare
etag: W/"627a818f-189c"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 7f63bb3749539be0-FRA
expires: Thu, 25 May 2023 16:12:51 GMT

GET
H2 200 access.js Show response
www.nwitimes.com/shared-content/art/tncms/api/ 87 KB
35 KB 191ms
190ms Script
application/x-javascript 192.104.182.209
LEE-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://www.nwitimes.com/shared-content/art/tncms/api/access.js
Requested by: Host: www.nwitimes.com
URL: https://www.nwitimes.com/privacy/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.104.182.209 , United States, ASN10668 (LEE-ASN, US),
Reverse DNS: cms.chicago2.vip.townnews.com
Software: /
Resource Hash: 955becd6590ca9099279669e95771cf8d4d519ff8643dc8c398b6daaba6061a8

Request headers

Referer: https://www.nwitimes.com/privacy/
Origin: https://www.nwitimes.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sun, 13 Aug 2023 20:29:53 GMT
content-encoding: gzip
last-modified: Fri, 07 Apr 2023 20:21:14 GMT
x-vcache: HIT
age: 193
etag: W/"64307b3a-15cd7"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=600
accept-ranges: bytes
content-length: 35387
service-worker-allowed: /

GET
H2 200 osano.js Show response
cmp.osano.com/16CVqQSid6k3038vU/fef0f8b2-698d-45ee-89c5-d8fbf51fbfb7/ 337 KB
77 KB 84ms
22ms Script
application/javascript 2600:9000:2450:2e00:3:b7e:8940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cmp.osano.com/16CVqQSid6k3038vU/fef0f8b2-698d-45ee-89c5-d8fbf51fbfb7/osano.js

Requested by

Host: www.nwitimes.com
URL: https://www.nwitimes.com/privacy/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2450:2e00:3:b7e:8940:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

df40f72baec4406ceb8e7c8a0e787c3b56afd552c98d58aa38a5870c42c3ae05

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nwitimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Fri, 11 Aug 2023 19:04:39 GMT
content-encoding: br
via: 1.1 2971432b3eda9556fb62405145d20a88.cloudfront.net (CloudFront)
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-amz-cf-pop: CDG50-P4
age: 178108
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 77906
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 11 Aug 2023 18:49:41 GMT
server: CloudFront
etag: "fa71fcb479e432df6ce53ab9a83d280b"
x-frame-options: SAMEORIGIN
vary: Origin
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=86400, s-maxage=86400, must-revalidate, proxy-revalidate, no-transform
x-amz-cf-id: WUVMZh1hx7fhqhKiXwp0TsKdo-bt780sWnkPPX3uC4hzBof_zMqsPg==

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 246 KB
60 KB 39ms
7ms Script
application/javascript 18.173.189.135
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: www.nwitimes.com
URL: https://www.nwitimes.com/privacy/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.189.135 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-189-135.muc50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c7fe6da239be5e83a3d053138d413293ac50686169f09bade4ac60edf7f60120

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nwitimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sun, 13 Aug 2023 19:49:33 GMT
content-encoding: gzip
via: 1.1 cb0a9b0d01a1b0cc9278d9875ce23c92.cloudfront.net (CloudFront), 1.1 99a7400285d83f528f50f54d665628e2.cloudfront.net (CloudFront)
last-modified: Thu, 10 Aug 2023 20:50:40 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P1, MUC50-P4
age: 2615
x-amz-server-side-encryption: AES256
etag: W/"a7247ead77dd201b1e56acf0e565194b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public, max-age=3600
x-amz-cf-id: WJypa-32SKPNPPneQ70NKpakr84U32iPRkzCZrqxEvyaOenbNe_EgQ==

GET
H2 200 nwitimes.com.js Show response
bloximages.chicago2.vip.townnews.com/leetemplates.com/content/tncms/live/global/resources/scripts/falcon/ 9 KB
2 KB 155ms
120ms Script
application/x-javascript 104.16.133.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/leetemplates.com/content/tncms/live/global/resources/scripts/falcon/nwitimes.com.js?_dc=1691937593

Requested by

Host: www.nwitimes.com
URL: https://www.nwitimes.com/privacy/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.133.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

375de2c6c1fc22a6d09ed7a01c6377d08ce773110b843085d225406f0d150bee

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nwitimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sun, 13 Aug 2023 20:33:07 GMT
strict-transport-security: max-age=604800
content-encoding: br
cf-cache-status: HIT
cross-origin-resource-policy: cross-origin
last-modified: Sun, 13 Aug 2023 05:03:36 GMT
x-vcache: MISS
server: cloudflare
etag: W/"64d86428-229c"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 7f63bb37495a9be0-FRA
expires: Mon, 12 Aug 2024 14:40:27 GMT

GET
H2 200 tnt.notify.a814fe612f2dcba9061edc229aeaf90b.js Show response
bloximages.chicago2.vip.townnews.com/nwitimes.com/shared-content/art/tncms/templates/libraries/flex/components/template/resources/scripts/ 3 KB
1 KB 21ms
17ms Script
application/x-javascript 104.16.133.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/nwitimes.com/shared-content/art/tncms/templates/libraries/flex/components/template/resources/scripts/tnt.notify.a814fe612f2dcba9061edc229aeaf90b.js

Requested by

Host: www.nwitimes.com
URL: https://www.nwitimes.com/privacy/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.133.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

15c5217bab15791da899bebeec1b32e57bcd02d20f8847c6440f47ededcdf625

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nwitimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sun, 13 Aug 2023 20:33:08 GMT
strict-transport-security: max-age=604800
content-encoding: br
cf-cache-status: HIT
age: 15657310
last-modified: Thu, 23 Jun 2022 13:40:09 GMT
x-vcache: MISS
server: cloudflare
etag: W/"62b46d39-db8"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 7f63bb390b959be0-FRA
expires: Thu, 06 Jul 2023 19:01:12 GMT

GET
H2 200 tnt.notify.panel.bacbeac9a1ca6ee75b79b21a0e2e99f2.js Show response
bloximages.chicago2.vip.townnews.com/nwitimes.com/shared-content/art/tncms/templates/libraries/flex/components/template/resources/scripts/ 7 KB
2 KB 35ms
32ms Script
application/x-javascript 104.16.133.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/nwitimes.com/shared-content/art/tncms/templates/libraries/flex/components/template/resources/scripts/tnt.notify.panel.bacbeac9a1ca6ee75b79b21a0e2e99f2.js

Requested by

Host: www.nwitimes.com
URL: https://www.nwitimes.com/privacy/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.133.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3b6854831be14d28fdfdb1758ebebe2893bf8e5be5f176b8d3e1b1b0f874d90e

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nwitimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sun, 13 Aug 2023 20:33:08 GMT
strict-transport-security: max-age=604800
content-encoding: br
cf-cache-status: HIT
age: 12646168
last-modified: Mon, 23 May 2022 19:54:05 GMT
x-vcache: MISS
server: cloudflare
etag: W/"628be65d-1ba0"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 7f63bb390b979be0-FRA
expires: Wed, 31 May 2023 19:01:14 GMT

GET
H2 200 firebase-app.js Show response
www.gstatic.com/firebasejs/6.6.2/ 11 KB
4 KB 48ms
8ms Script
text/javascript 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/firebasejs/6.6.2/firebase-app.js

Requested by

Host: www.nwitimes.com
URL: https://www.nwitimes.com/privacy/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b10a075758097bb0578287af03c76a9fcd82fa4607587109ae41fe2d24756600

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nwitimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 04:53:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 142760
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3945
x-xss-protection: 0
last-modified: Thu, 19 Sep 2019 21:11:52 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
vary: Accept-Encoding
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 11 Aug 2024 04:53:48 GMT

GET
H2 200 firebase-messaging.js Show response
www.gstatic.com/firebasejs/6.6.2/ 31 KB
9 KB 49ms
9ms Script
text/javascript 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/firebasejs/6.6.2/firebase-messaging.js

Requested by

Host: www.nwitimes.com
URL: https://www.nwitimes.com/privacy/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5e55a21dfa3a20ceb298737c8f4c517a83d7960468c7f53b3f33c567bacff3c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nwitimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 13:27:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 111940
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8653
x-xss-protection: 0
last-modified: Thu, 19 Sep 2019 21:11:54 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
vary: Accept-Encoding
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 11 Aug 2024 13:27:28 GMT

GET
H2 200 messaging.js Show response
www.nwitimes.com/shared-content/art/tncms/api/ 2 KB
1 KB 103ms
100ms Script
application/x-javascript 192.104.182.209
LEE-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://www.nwitimes.com/shared-content/art/tncms/api/messaging.js
Requested by: Host: www.nwitimes.com
URL: https://www.nwitimes.com/privacy/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.104.182.209 , United States, ASN10668 (LEE-ASN, US),
Reverse DNS: cms.chicago2.vip.townnews.com
Software: /
Resource Hash: adfa39b53589a91e67b4d82766750bee32371b51438f41dfbd6da0764719370e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nwitimes.com/privacy/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sun, 13 Aug 2023 20:29:04 GMT
content-encoding: gzip
last-modified: Thu, 10 Aug 2023 20:49:22 GMT
x-vcache: HIT
age: 243
etag: W/"64d54d52-9cb"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=600
accept-ranges: bytes
content-length: 885
service-worker-allowed: /

GET
H2 200 tnt.ads.adverts.66a3812a7b5c12fde8cd998fd691ad7d.js Show response
bloximages.chicago2.vip.townnews.com/nwitimes.com/shared-content/art/tncms/templates/libraries/flex/components/ads/resources/scripts/ 200 B
294 B 54ms
19ms Script
application/x-javascript 104.16.133.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/nwitimes.com/shared-content/art/tncms/templates/libraries/flex/components/ads/resources/scripts/tnt.ads.adverts.66a3812a7b5c12fde8cd998fd691ad7d.js

Requested by

Host: www.nwitimes.com
URL: https://www.nwitimes.com/privacy/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.133.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0ac4a1580edb443420c38896152a03c80c8fa8e5f1f09853896b810d87309a80

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nwitimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sun, 13 Aug 2023 20:33:07 GMT
strict-transport-security: max-age=604800
content-encoding: br
cf-cache-status: HIT
age: 15657310
last-modified: Thu, 21 Jul 2022 21:07:44 GMT
x-vcache: MISS
server: cloudflare
etag: W/"62d9c020-c8"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 7f63bb3749619be0-FRA
expires: Wed, 26 Jul 2023 09:30:58 GMT

GET
H2 200 tracking.js Show response
www.nwitimes.com/shared-content/art/tncms/ 3 KB
1 KB 192ms
191ms Script
application/x-javascript 192.104.182.209
LEE-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://www.nwitimes.com/shared-content/art/tncms/tracking.js
Requested by: Host: www.nwitimes.com
URL: https://www.nwitimes.com/privacy/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.104.182.209 , United States, ASN10668 (LEE-ASN, US),
Reverse DNS: cms.chicago2.vip.townnews.com
Software: /
Resource Hash: aa4391f03da55de95caebed478d3e1183fb01a3e8f1c5891a48e75717ed2bed9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nwitimes.com/privacy/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sun, 13 Aug 2023 20:31:29 GMT
content-encoding: gzip
last-modified: Thu, 10 Aug 2023 20:49:22 GMT
x-vcache: HIT
age: 97
etag: W/"64d54d52-a3a"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=600
accept-ranges: bytes
content-length: 1157
service-worker-allowed: /

GET
H2 200 prebid7.9.0.js Show response
bloximages.chicago2.vip.townnews.com/nwitimes.com/content/tncms/live/libraries/flex/components/ads_dfp/resources/scripts/ 197 KB
61 KB 69ms
35ms Script
application/x-javascript 104.16.133.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/nwitimes.com/content/tncms/live/libraries/flex/components/ads_dfp/resources/scripts/prebid7.9.0.js?_dc=1684220480

Requested by

Host: www.nwitimes.com
URL: https://www.nwitimes.com/privacy/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.133.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

77b109dd53ec2921d47af5eedcf39cbea8bc92bf8b59a970aa104c5ed2d5b3c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nwitimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sun, 13 Aug 2023 20:33:07 GMT
strict-transport-security: max-age=604800
content-encoding: br
cf-cache-status: HIT
age: 7736931
cross-origin-resource-policy: cross-origin
last-modified: Tue, 16 May 2023 07:01:20 GMT
x-vcache: MISS
server: cloudflare
etag: W/"64632a40-313f5"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 7f63bb37496b9be0-FRA
expires: Wed, 15 May 2024 07:06:39 GMT

GET
H2 200 lee.common.js Show response
bloximages.chicago2.vip.townnews.com/nwitimes.com/content/tncms/live/libraries/flex/components/lee_ds_v3/resources/scripts/ 9 KB
3 KB 60ms
26ms Script
application/x-javascript 104.16.133.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/nwitimes.com/content/tncms/live/libraries/flex/components/lee_ds_v3/resources/scripts/lee.common.js?_dc=1691737282

Requested by

Host: www.nwitimes.com
URL: https://www.nwitimes.com/privacy/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.133.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c2008966819bb51e24bb6cbf82ef28efeb4d678e20c3b61fc02bb5d45b45e74e

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nwitimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sun, 13 Aug 2023 20:33:07 GMT
strict-transport-security: max-age=604800
content-encoding: br
cf-cache-status: HIT
age: 216204
cross-origin-resource-policy: cross-origin
last-modified: Fri, 11 Aug 2023 07:01:22 GMT
x-vcache: MISS
server: cloudflare
etag: W/"64d5dcc2-2459"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 7f63bb37496a9be0-FRA
expires: Sat, 10 Aug 2024 07:06:34 GMT

GET
H2 200 fontawesome.b2419fcc3201a1f4e3293248c643da08.js Show response
bloximages.chicago2.vip.townnews.com/nwitimes.com/shared-content/art/tncms/templates/libraries/flex/components/plugins/resources/scripts/ 268 KB
97 KB 30ms
27ms Script
application/x-javascript 104.16.133.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/nwitimes.com/shared-content/art/tncms/templates/libraries/flex/components/plugins/resources/scripts/fontawesome.b2419fcc3201a1f4e3293248c643da08.js

Requested by

Host: www.nwitimes.com
URL: https://www.nwitimes.com/privacy/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.133.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

389f438844f7135c2be70a4a9f6654443a8c76482f1f0fbbea73b903c0d5cfad

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nwitimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sun, 13 Aug 2023 20:33:08 GMT
strict-transport-security: max-age=604800
content-encoding: br
cf-cache-status: HIT
age: 4669474
cross-origin-resource-policy: cross-origin
last-modified: Thu, 15 Jun 2023 22:03:56 GMT
x-vcache: MISS
server: cloudflare
etag: W/"648b8acc-430b9"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 7f63bb390b989be0-FRA
expires: Wed, 19 Jun 2024 19:01:32 GMT

GET
H2 200 tracker.js Show response
www.nwitimes.com/shared-content/art/stats/common/ 9 KB
3 KB 191ms
190ms Script
application/x-javascript 192.104.182.209
LEE-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://www.nwitimes.com/shared-content/art/stats/common/tracker.js
Requested by: Host: www.nwitimes.com
URL: https://www.nwitimes.com/privacy/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.104.182.209 , United States, ASN10668 (LEE-ASN, US),
Reverse DNS: cms.chicago2.vip.townnews.com
Software: /
Resource Hash: d50881e8cf2ac03741c7c31b98dcabdf91d458ed76766efc511b26a2b796dd0f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nwitimes.com/privacy/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sun, 13 Aug 2023 20:31:29 GMT
content-encoding: gzip
last-modified: Wed, 22 Mar 2023 14:02:33 GMT
x-vcache: HIT
age: 97
etag: W/"641b0a79-2200"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=600
accept-ranges: bytes
content-length: 3224
service-worker-allowed: /

GET
H2 200 295e891a-7a4e-11ec-896b-afd10bcf2b4e.png
bloximages.chicago2.vip.townnews.com/nwitimes.com/content/tncms/custom/image/ 7 KB
8 KB 19ms
17ms Image
image/webp 104.16.133.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/nwitimes.com/content/tncms/custom/image/295e891a-7a4e-11ec-896b-afd10bcf2b4e.png

Requested by

Host: www.nwitimes.com
URL: https://www.nwitimes.com/privacy/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.133.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7ba0e03fc02c15c4910af1d379b27c467d42ca396b62e17801ebc53fb8a661da

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nwitimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sun, 13 Aug 2023 20:33:08 GMT
strict-transport-security: max-age=604800
cf-cache-status: HIT
age: 12646386
cf-polished: origFmt=png, origSize=8941
cross-origin-resource-policy: cross-origin
content-disposition: inline; filename="295e891a-7a4e-11ec-896b-afd10bcf2b4e.webp"
content-length: 7616
cf-bgj: imgq:85,h2pri
last-modified: Fri, 21 Jan 2022 00:07:46 GMT
server: cloudflare
x-vcache: MISS
etag: "61e9f952-22ed"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-robots-tag: noarchive
cf-ray: 7f63bb390b9a9be0-FRA
expires: Sat, 16 Mar 2024 01:32:02 GMT

GET
H2 200 user_no_avatar.82c8fc38eb25dca10493a994ca1bfb90.png
bloximages.chicago2.vip.townnews.com/nwitimes.com/shared-content/art/tncms/templates/libraries/flex/components/themes/resources/images/ 978 B
1 KB 20ms
18ms Image
image/webp 104.16.133.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/nwitimes.com/shared-content/art/tncms/templates/libraries/flex/components/themes/resources/images/user_no_avatar.82c8fc38eb25dca10493a994ca1bfb90.png

Requested by

Host: www.nwitimes.com
URL: https://www.nwitimes.com/privacy/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.133.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6b96eb73da5fe3c20e4507bf752917f6d7978be8881c1dea934db282b028407d

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nwitimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sun, 13 Aug 2023 20:33:08 GMT
strict-transport-security: max-age=604800
cf-cache-status: HIT
age: 15657310
cf-polished: origFmt=png, origSize=3610
cross-origin-resource-policy: cross-origin
content-disposition: inline; filename="user_no_avatar.webp"
content-length: 978
cf-bgj: imgq:85,h2pri
last-modified: Thu, 02 Apr 2015 21:53:54 GMT
server: cloudflare
x-vcache: MISS
etag: "551dba72-e1a"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-robots-tag: noarchive
cf-ray: 7f63bb390b9d9be0-FRA
expires: Fri, 09 Feb 2024 18:24:12 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 222 KB
75 KB 40ms
15ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-PDQV3N

Requested by

Host: www.nwitimes.com
URL: https://www.nwitimes.com/privacy/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

576bfb12817ce7278cece3e76143ca6503df88cd6289929227ccd3e5c245798d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nwitimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sun, 13 Aug 2023 20:33:08 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 76362
x-xss-protection: 0
last-modified: Sun, 13 Aug 2023 18:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 13 Aug 2023 20:33:08 GMT

GET
H2 200 logo-tagline.png
bloximages.chicago2.vip.townnews.com/nwitimes.com/content/tncms/live/libraries/flex/components/lee_ds_v3/resources/images/ 5 KB
5 KB 18ms
16ms Image
image/webp 104.16.133.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/nwitimes.com/content/tncms/live/libraries/flex/components/lee_ds_v3/resources/images/logo-tagline.png?_dc=1691737282

Requested by

Host: www.nwitimes.com
URL: https://www.nwitimes.com/privacy/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.133.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3c01c1e199879f8b72679cc4d402684ba9e88c21b633547adbae6ba03a617fdc

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nwitimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sun, 13 Aug 2023 20:33:08 GMT
strict-transport-security: max-age=604800
cf-cache-status: HIT
age: 210275
cf-polished: origFmt=png, origSize=10949
cross-origin-resource-policy: cross-origin
content-disposition: inline; filename="logo-tagline.webp"
content-length: 5302
cf-bgj: imgq:85,h2pri
last-modified: Fri, 11 Aug 2023 07:01:22 GMT
server: cloudflare
x-vcache: MISS
etag: "64d5dcc2-2ac5"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-robots-tag: noarchive
cf-ray: 7f63bb390b9e9be0-FRA
expires: Sat, 10 Aug 2024 07:06:35 GMT

GET
H2 200 op.js Show response
tagan.adlightning.com/leeenterprises/ 49 KB
19 KB 42ms
8ms Script
application/javascript 18.173.187.96
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/leeenterprises/op.js
Requested by: Host: www.nwitimes.com
URL: https://www.nwitimes.com/privacy/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.187.96 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-187-96.muc50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 3c6ee072b06881b30460303643e87253a7646b138aeafa4c17fdd8ccc12022a6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nwitimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-amz-version-id: WgYUGXVwyEFAMupUFmIP6.6Mqlbr7pKW
content-encoding: gzip
via: 1.1 3d60650fd0c339e18e816ce29f9a0da0.cloudfront.net (CloudFront)
date: Sun, 13 Aug 2023 19:56:00 GMT
x-amz-cf-pop: MUC50-P4
age: 2230
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 19261
x-amz-meta-git_commit: e09f10f
last-modified: Sat, 12 Aug 2023 11:32:00 GMT
server: AmazonS3
etag: "28c558beb860956a11a06d47894064d7"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=3600
accept-ranges: bytes
x-amz-cf-id: 352ED9ECfjmsxiVMoFKjLr4-2Yj4_VAUp1lbv7EflByCt5O-tnVpgA==

GET
H2 200 nwitimes.com.js Show response
bloximages.chicago2.vip.townnews.com/nwitimes.com/content/tncms/live/libraries/flex/components/ads_dfp/resources/scripts/pb-config/ 2 KB
453 B 22ms
22ms Script
application/x-javascript 104.16.133.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/nwitimes.com/content/tncms/live/libraries/flex/components/ads_dfp/resources/scripts/pb-config/nwitimes.com.js?_dc=1684220480

Requested by

Host: www.nwitimes.com
URL: https://www.nwitimes.com/privacy/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.133.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e864753e4b2ed60803044c4266f04eeaaca8118244aec4827bda2c78800d31ab

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nwitimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sun, 13 Aug 2023 20:33:07 GMT
strict-transport-security: max-age=604800
content-encoding: br
cf-cache-status: HIT
age: 7728576
cross-origin-resource-policy: cross-origin
last-modified: Tue, 16 May 2023 07:01:20 GMT
x-vcache: MISS
server: cloudflare
etag: W/"64632a40-738"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 7f63bb38db579be0-FRA
expires: Wed, 15 May 2024 07:06:39 GMT

GET
H2 200 dfp.lazy.pbjs.js Show response
bloximages.chicago2.vip.townnews.com/nwitimes.com/content/tncms/live/libraries/flex/components/ads_dfp/resources/scripts/ 17 KB
4 KB 17ms
14ms Script
application/x-javascript 104.16.133.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/nwitimes.com/content/tncms/live/libraries/flex/components/ads_dfp/resources/scripts/dfp.lazy.pbjs.js?_dc=1684220480

Requested by

Host: www.nwitimes.com
URL: https://www.nwitimes.com/privacy/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.133.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1e9c3fe0bb7e27e1fef2af1cae6a8924b40d3240418da5d484c65c00dae8f10a

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nwitimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sun, 13 Aug 2023 20:33:08 GMT
strict-transport-security: max-age=604800
content-encoding: br
cf-cache-status: HIT
age: 7714631
cross-origin-resource-policy: cross-origin
last-modified: Tue, 16 May 2023 07:01:20 GMT
x-vcache: MISS
server: cloudflare
etag: W/"64632a40-447d"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 7f63bb390b949be0-FRA
expires: Wed, 15 May 2024 07:06:39 GMT

GET
BLOB 200
OK 465d315e-8be0-4618-8e22-a96b8c6a8947
https://www.nwitimes.com/ 390 B
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.nwitimes.com/465d315e-8be0-4618-8e22-a96b8c6a8947
Requested by: Host: www.nwitimes.com
URL: https://www.nwitimes.com/privacy/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 087466b06f57f691ce94f2058889ebd7c3f22b33d511fcdbd78aea93f4378edd

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Content-Length: 390
Content-Type: text/javascript

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 29ms
15ms XHR
application/javascript 18.173.189.135
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.189.135 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-189-135.muc50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nwitimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-amz-version-id: rBtfgJUMGYsy5fZuQwMAU7hSD.fVdF76
content-encoding: gzip
via: 1.1 21be3420a436f8727342146a9b19af68.cloudfront.net (CloudFront)
date: Sun, 13 Aug 2023 06:25:50 GMT
x-amz-cf-pop: MUC50-P4
age: 50838
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Sat, 24 Jun 2023 09:19:11 GMT
server: AmazonS3
etag: W/"a4d296427fc806b21335359e398c025c"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
vary: Accept-Encoding,Origin
x-amz-cf-id: TJlu22OOL_rP_998loDPi4sHbswQqCkP4F8mAn14ED9ABHCRY4-zHw==

GET
H2 200 config Show response
c.amazon-adsystem.com/cdn/prod/ 621 B
979 B 17ms
17ms XHR
application/json 18.173.189.135
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=3266&u=https%3A%2F%2Fwww.nwitimes.com
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.189.135 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-189-135.muc50.r.cloudfront.net
Software: Server /
Resource Hash: 3278dd5328ee5b87157934a4523397d9f2005c2d08c55dd4c7ab903de5bbb22c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nwitimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sun, 13 Aug 2023 18:01:58 GMT
via: 1.1 99a7400285d83f528f50f54d665628e2.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: MUC50-P4
age: 9069
x-cache: Hit from cloudfront
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://www.nwitimes.com
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
content-length: 621
x-amz-cf-id: ekAgDhPra8M1UQcxID_wDoB79qaMV65GZwr-aq1bSQv75RENWwp3iQ==

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 85 KB
28 KB 116ms
58ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: cmp.osano.com
URL: https://cmp.osano.com/16CVqQSid6k3038vU/fef0f8b2-698d-45ee-89c5-d8fbf51fbfb7/osano.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9f5a63fb50ffbc0bfeb62ebf9740d67cc9ce26c04c569a2f6ce7597d85e4a778

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nwitimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sun, 13 Aug 2023 20:33:08 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28513
x-xss-protection: 0
server: cafe
etag: 547 / 19582 / 31076943 / config-hash: 9566803040182507923
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sun, 13 Aug 2023 20:33:08 GMT

GET
H2 200 tracker.gif
www.nwitimes.com/shared-content/art/stats/common/ 0
145 B 100ms
100ms Image
image/gif 192.104.182.209
LEE-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.nwitimes.com/shared-content/art/stats/common/tracker.gif?tnms_rs=1600x1200x24&tnms_vtum=1&tnms_vt=1&tnms_vid=1691958788018160012001491613105004&tnms_dt=Privacy%20%7C%20nwitimes.com&tnms_upage=1&tnms_do=www.nwitimes.com&tnms_uri=/privacy/&tnms_ref=&rt=1691958788020
Requested by: Host: www.nwitimes.com
URL: https://www.nwitimes.com/privacy/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.104.182.209 , United States, ASN10668 (LEE-ASN, US),
Reverse DNS: cms.chicago2.vip.townnews.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nwitimes.com/privacy/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sun, 13 Aug 2023 20:33:08 GMT
last-modified: Thu, 16 Oct 2008 20:11:25 GMT
x-vcache: MISS
age: 0
etag: "48f79fed-0"
content-type: image/gif
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 0

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 543 KB
131 KB 107ms
106ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TDWDC2

Requested by

Host: cmp.osano.com
URL: https://cmp.osano.com/16CVqQSid6k3038vU/fef0f8b2-698d-45ee-89c5-d8fbf51fbfb7/osano.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

1192376834c97864c4ea49f9b8db362a21883c938f72ce31ea1ae5f2b0ff56b8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nwitimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sun, 13 Aug 2023 20:33:08 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 134158
x-xss-protection: 0
last-modified: Sun, 13 Aug 2023 18:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 13 Aug 2023 20:33:08 GMT

GET
H2 200 b-e09f10f-fd9abb4c.js Show response
tagan.adlightning.com/leeenterprises/ 84 KB
31 KB 11ms
11ms Script
application/javascript 18.173.187.96
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/leeenterprises/b-e09f10f-fd9abb4c.js
Requested by: Host: cmp.osano.com
URL: https://cmp.osano.com/16CVqQSid6k3038vU/fef0f8b2-698d-45ee-89c5-d8fbf51fbfb7/osano.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.187.96 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-187-96.muc50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 96bed4c8966020005f3394a56c5c3640550a16fb324eb04c328f1b9ee8a8bc48

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nwitimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 00:20:48 GMT
content-encoding: gzip
via: 1.1 3d60650fd0c339e18e816ce29f9a0da0.cloudfront.net (CloudFront)
x-amz-version-id: zhzD0.k4yK1QATUF8Zyk6eChx2be4yrB
x-amz-cf-pop: MUC50-P4
age: 4738341
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 31504
x-amz-meta-git_commit: e09f10f
last-modified: Mon, 05 Jun 2023 16:26:07 GMT
server: AmazonS3
etag: "9906aff1d286210259bcaf608003dd01"
content-type: application/javascript
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: 7HYKDc8CTihwhxJfCozcOOEtCw8Iv1IhqIh-trHn1Kgz8ta6zCn-xw==

GET
H2 200 bl-0211e21-49346898.js Show response
tagan.adlightning.com/leeenterprises/ 77 KB
33 KB 10ms
10ms Script
application/javascript 18.173.187.96
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/leeenterprises/bl-0211e21-49346898.js
Requested by: Host: cmp.osano.com
URL: https://cmp.osano.com/16CVqQSid6k3038vU/fef0f8b2-698d-45ee-89c5-d8fbf51fbfb7/osano.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.187.96 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-187-96.muc50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 8d8dfb12c2e7bd578a6b328ac18062eeee9fc7aed02d216e1b8815ec458cfd49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nwitimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 11:53:37 GMT
content-encoding: gzip
via: 1.1 3d60650fd0c339e18e816ce29f9a0da0.cloudfront.net (CloudFront)
x-amz-version-id: sbbQudOEbcVzw3yA.vMlAtW_K7sI8twy
x-amz-cf-pop: MUC50-P4
age: 117572
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 32871
x-amz-meta-git_commit: 0211e21
last-modified: Sat, 12 Aug 2023 11:31:14 GMT
server: AmazonS3
etag: "bfa9af330f77dd956298cdd65f621d09"
content-type: application/javascript
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: 5mVsR_8pSAYOF47d9eFPH5e4usVpd20ojX75hLccHHTfb7ZDgwTEfQ==

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308080102/ 400 KB
126 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308080102/pubads_impl.js?cb=31076943

Requested by

Host: cmp.osano.com
URL: https://cmp.osano.com/16CVqQSid6k3038vU/fef0f8b2-698d-45ee-89c5-d8fbf51fbfb7/osano.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d7e1d11e09ae5619685a66e50267d80bc6b716e2a3d9377b922ead3c32cba527

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nwitimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sun, 13 Aug 2023 17:18:45 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11663
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 129236
x-xss-protection: 0
server: cafe
etag: 3196626984536983108
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Mon, 12 Aug 2024 17:18:45 GMT

GET
H2 200 / Show response
cmp.osano.com/ Frame 75F5 4 KB
1 KB 18ms
17ms Document
text/html 2600:9000:2450:2e00:3:b7e:8940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cmp.osano.com/

Requested by

Host: cmp.osano.com
URL: https://cmp.osano.com/16CVqQSid6k3038vU/fef0f8b2-698d-45ee-89c5-d8fbf51fbfb7/osano.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2450:2e00:3:b7e:8940:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

a48b96eb4dbabdf7d10b4a7667062cd55b7c1f9aab381f05c916798ec4308f68

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.nwitimes.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 56805
content-encoding: gzip
content-type: text/html
date: Sun, 13 Aug 2023 04:46:24 GMT
etag: W/"287b497c992487af362d33204f87d28f"
last-modified: Thu, 21 Oct 2021 22:01:08 GMT
referrer-policy: strict-origin-when-cross-origin
server: AmazonS3
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Accept-Encoding Origin
via: 1.1 2971432b3eda9556fb62405145d20a88.cloudfront.net (CloudFront)
x-amz-cf-id: tA_eOADLWhd9ZuOsbjSHuaBuhdlK812uYb94QCZofi5xcK7GzoXGdw==
x-amz-cf-pop: CDG50-P4
x-amz-version-id: xT1PkIFehetvNf5lINcU02FbT3u47kBr
x-cache: Hit from cloudfront
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

OPTIONS
H2 200 de.json
cmp.osano.com/16CVqQSid6k3038vU/fef0f8b2-698d-45ee-89c5-d8fbf51fbfb7/ Frame 0
0 382ms
348ms Preflight 2600:9000:2450:2e00:3:b7e:8940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cmp.osano.com/16CVqQSid6k3038vU/fef0f8b2-698d-45ee-89c5-d8fbf51fbfb7/de.json

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2450:2e00:3:b7e:8940:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://www.nwitimes.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 86400
content-length: 0
date: Sun, 13 Aug 2023 20:33:09 GMT
referrer-policy: strict-origin-when-cross-origin
server: AmazonS3
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
via: 1.1 4bc6e08d9495b312ae3b91e801107f80.cloudfront.net (CloudFront)
x-amz-cf-id: q0k4Zs1jV46zt6zBZGYZArqE8AUcWZgcvCGjU86t9GzWFW1AiYSyWg==
x-amz-cf-pop: CDG50-P4
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 osano-ui.js Show response
cmp.osano.com/16CVqQSid6k3038vU/fef0f8b2-698d-45ee-89c5-d8fbf51fbfb7/ 97 KB
25 KB 16ms
16ms Script
application/javascript 2600:9000:2450:2e00:3:b7e:8940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cmp.osano.com/16CVqQSid6k3038vU/fef0f8b2-698d-45ee-89c5-d8fbf51fbfb7/osano-ui.js

Requested by

Host: cmp.osano.com
URL: https://cmp.osano.com/16CVqQSid6k3038vU/fef0f8b2-698d-45ee-89c5-d8fbf51fbfb7/osano.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2450:2e00:3:b7e:8940:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

5db5a6d1d232be59bc1e73238657a91954c6b1f46820b4d70b9ed21b5c74310f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nwitimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-amz-version-id: t9U0Yq5aAyziE5PuxWuSw7Y527jQccwT
content-encoding: gzip
via: 1.1 2971432b3eda9556fb62405145d20a88.cloudfront.net (CloudFront)
date: Sun, 13 Aug 2023 18:53:07 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-amz-cf-pop: CDG50-P4
age: 6147
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 11 Aug 2023 18:49:34 GMT
server: AmazonS3
etag: W/"8cfe8526892b531af5cb0ff34e906bc5"
vary: Accept-Encoding, Origin
content-type: application/javascript
cache-control: max-age=86400, no-transform, public
x-amz-cf-id: D_aAsRwGEc_Q4pkVMI36RKN77yWy7PgU_j1bclNTKiSd94qgY-FCkA==

GET
H2 200 de.json Show response
cmp.osano.com/16CVqQSid6k3038vU/fef0f8b2-698d-45ee-89c5-d8fbf51fbfb7/ 21 KB
7 KB 17ms
16ms XHR
application/json 2600:9000:2450:2e00:3:b7e:8940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cmp.osano.com/16CVqQSid6k3038vU/fef0f8b2-698d-45ee-89c5-d8fbf51fbfb7/de.json

Requested by

Host: cmp.osano.com
URL: https://cmp.osano.com/16CVqQSid6k3038vU/fef0f8b2-698d-45ee-89c5-d8fbf51fbfb7/osano.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2450:2e00:3:b7e:8940:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

624c19a4056c556176807b24f2d940561c57ea14b4a98f2bbdc11ea990eb0386

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json
Referer: https://www.nwitimes.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Content-Type: application/json

Response headers

x-amz-version-id: i4Jn.1cS1cw3xIK_K_2dm6OsA5oXjcAd
content-encoding: gzip
via: 1.1 4bc6e08d9495b312ae3b91e801107f80.cloudfront.net (CloudFront)
date: Sun, 13 Aug 2023 20:08:52 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-amz-cf-pop: CDG50-P4
age: 49907
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 11 Aug 2023 18:49:34 GMT
server: AmazonS3
etag: W/"ea7393166431a4c965a37a9a0027e3aa"
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: max-age=86400, no-transform, public
x-amz-cf-id: YM7WfZKhmcwAy5AOHRT4b9z8KRKDxG8nl_QoRe5T-y0z2HC5TlaQdQ==

GET
H/1.1

200
OK

iframe Show response
d1eoo1tco6rr5e.cloudfront.net/nebsjkp/21usqg2/ Frame F657
Redirect Chain

https://insight.adsrvr.org/tags/nebsjkp/21usqg2/iframe
https://d1eoo1tco6rr5e.cloudfront.net/nebsjkp/21usqg2/iframe

138 B
668 B

36ms
8ms

Document
text/html

18.173.159.138
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d1eoo1tco6rr5e.cloudfront.net/nebsjkp/21usqg2/iframe
Requested by: Host: cmp.osano.com
URL: https://cmp.osano.com/16CVqQSid6k3038vU/fef0f8b2-698d-45ee-89c5-d8fbf51fbfb7/osano.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.159.138 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-159-138.muc50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 3f7d4fce911e0a58ed4224b9f65d90a98d8bb7b76d25ad2610485b9baaa1d447

Request headers

Referer: https://www.nwitimes.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Age: 59889
Cache-Control: max-age=86400
Connection: keep-alive
Content-Length: 138
Content-Type: text/html
Date: Sun, 13 Aug 2023 03:55:00 GMT
ETag: "50351b1f6590b5c4886c111874e016a0"
Last-Modified: Fri, 01 Oct 2021 23:50:10 GMT
Server: AmazonS3
Via: 1.1 7ad01e16cb039e6f25a50f4e294fd0ae.cloudfront.net (CloudFront)
X-Amz-Cf-Id: YAzY3vmSdhiu52q52zgXusIoH8O_W5c1ndPime2Myr8GeIlpOuavjw==
X-Amz-Cf-Pop: MUC50-P3
X-Cache: Hit from cloudfront
x-amz-server-side-encryption: AES256

Redirect headers

content-length: 183
content-type: text/html; charset=UTF-8
date: Sun, 13 Aug 2023 20:33:08 GMT
location: https://d1eoo1tco6rr5e.cloudfront.net/nebsjkp/21usqg2/iframe
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET

GET
BLOB 200
OK ac230067-f412-47da-bbd1-346b852ee75b
https://www.nwitimes.com/ 390 B
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.nwitimes.com/ac230067-f412-47da-bbd1-346b852ee75b
Requested by: Host: www.nwitimes.com
URL: https://www.nwitimes.com/privacy/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 087466b06f57f691ce94f2058889ebd7c3f22b33d511fcdbd78aea93f4378edd

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Content-Length: 390
Content-Type: text/javascript

GET
BLOB 200
OK 17197435-8287-4fd4-8da5-86b569effc5c
https://www.nwitimes.com/ 390 B
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.nwitimes.com/17197435-8287-4fd4-8da5-86b569effc5c
Requested by: Host: www.nwitimes.com
URL: https://www.nwitimes.com/privacy/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 087466b06f57f691ce94f2058889ebd7c3f22b33d511fcdbd78aea93f4378edd

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Content-Length: 390
Content-Type: text/javascript

GET
BLOB 200
OK 20a97451-c930-40ac-b5af-ec1bfe448ccf
https://www.nwitimes.com/ 390 B
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.nwitimes.com/20a97451-c930-40ac-b5af-ec1bfe448ccf
Requested by: Host: www.nwitimes.com
URL: https://www.nwitimes.com/privacy/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 087466b06f57f691ce94f2058889ebd7c3f22b33d511fcdbd78aea93f4378edd

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Content-Length: 390
Content-Type: text/javascript

GET
BLOB 200
OK 9ed3aba2-54e2-46a6-aa5a-c0b267573949
https://www.nwitimes.com/ 390 B
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.nwitimes.com/9ed3aba2-54e2-46a6-aa5a-c0b267573949
Requested by: Host: www.nwitimes.com
URL: https://www.nwitimes.com/privacy/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 087466b06f57f691ce94f2058889ebd7c3f22b33d511fcdbd78aea93f4378edd

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Content-Length: 390
Content-Type: text/javascript

GET
BLOB 200
OK a476a179-aa38-4f15-bc3d-3895c3d7016c
https://www.nwitimes.com/ 390 B
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.nwitimes.com/a476a179-aa38-4f15-bc3d-3895c3d7016c
Requested by: Host: www.nwitimes.com
URL: https://www.nwitimes.com/privacy/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 087466b06f57f691ce94f2058889ebd7c3f22b33d511fcdbd78aea93f4378edd

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Content-Length: 390
Content-Type: text/javascript

GET
BLOB 200
OK 61957519-35cc-459c-8e6a-5a0ddbe878f6
https://www.nwitimes.com/ 390 B
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.nwitimes.com/61957519-35cc-459c-8e6a-5a0ddbe878f6
Requested by: Host: www.nwitimes.com
URL: https://www.nwitimes.com/privacy/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 087466b06f57f691ce94f2058889ebd7c3f22b33d511fcdbd78aea93f4378edd

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Content-Length: 390
Content-Type: text/javascript

GET
BLOB 200
OK f32a3385-40fa-44d8-80a9-09981234c992
https://www.nwitimes.com/ 390 B
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.nwitimes.com/f32a3385-40fa-44d8-80a9-09981234c992
Requested by: Host: www.nwitimes.com
URL: https://www.nwitimes.com/privacy/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 087466b06f57f691ce94f2058889ebd7c3f22b33d511fcdbd78aea93f4378edd

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Content-Length: 390
Content-Type: text/javascript

GET
H2 200 /
insight.adsrvr.org/track/pxl/ Frame F657 70 B
260 B 31ms
30ms Image
image/gif 15.197.193.217
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://insight.adsrvr.org/track/pxl/?adv=nebsjkp&ct=0:21usqg2&fmt=3
Requested by: Host: d1eoo1tco6rr5e.cloudfront.net
URL: https://d1eoo1tco6rr5e.cloudfront.net/nebsjkp/21usqg2/iframe
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.193.217 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d1eoo1tco6rr5e.cloudfront.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Sun, 13 Aug 2023 20:33:08 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 35ms
7ms Script
text/javascript 2001:4860:4802:38::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: cmp.osano.com
URL: https://cmp.osano.com/16CVqQSid6k3038vU/fef0f8b2-698d-45ee-89c5-d8fbf51fbfb7/osano.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:38::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nwitimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Sun, 13 Aug 2023 19:49:43 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 2605
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Sun, 13 Aug 2023 21:49:43 GMT

GET
BLOB 200
OK 22d350ec-5509-4395-b07c-a80ee255beff
https://www.nwitimes.com/ 390 B
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.nwitimes.com/22d350ec-5509-4395-b07c-a80ee255beff
Requested by: Host: www.nwitimes.com
URL: https://www.nwitimes.com/privacy/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 087466b06f57f691ce94f2058889ebd7c3f22b33d511fcdbd78aea93f4378edd

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Content-Length: 390
Content-Type: text/javascript

GET
H3 200 gtm.js Show response
www.googletagmanager.com/ 170 KB
61 KB 23ms
23ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5MTD44X&l=dataLayer

Requested by

Host: cmp.osano.com
URL: https://cmp.osano.com/16CVqQSid6k3038vU/fef0f8b2-698d-45ee-89c5-d8fbf51fbfb7/osano.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e1af08d1e62342b2abf565b1b5232d749d19079fe37d5a7ae4400919da660347

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nwitimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sun, 13 Aug 2023 20:33:08 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 62031
x-xss-protection: 0
last-modified: Sun, 13 Aug 2023 18:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 13 Aug 2023 20:33:08 GMT

GET
H3 200 gtm.js Show response
www.googletagmanager.com/ 189 KB
65 KB 24ms
24ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-WXMV2VZ&l=dataLayer

Requested by

Host: cmp.osano.com
URL: https://cmp.osano.com/16CVqQSid6k3038vU/fef0f8b2-698d-45ee-89c5-d8fbf51fbfb7/osano.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e31bfbcc67d4e54c267dd76b6caab718da1cba0a4aa93347c63075b7193d4248

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nwitimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sun, 13 Aug 2023 20:33:08 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66204
x-xss-protection: 0
last-modified: Sun, 13 Aug 2023 18:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 13 Aug 2023 20:33:08 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 253 KB
85 KB 31ms
30ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-EJ8C1VFYDH&l=dataLayer&cx=c

Requested by

Host: cmp.osano.com
URL: https://cmp.osano.com/16CVqQSid6k3038vU/fef0f8b2-698d-45ee-89c5-d8fbf51fbfb7/osano.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

57aea152733fd078d52d9fc1d617ad95da2cde5fc8e1172d240046a9e8f272f4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nwitimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sun, 13 Aug 2023 20:33:08 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 87407
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sun, 13 Aug 2023 20:33:08 GMT

GET
H2 200 / Show response
cmp.osano.com/ Frame 75C5 4 KB
1 KB 17ms
16ms Document
text/html 2600:9000:2450:2e00:3:b7e:8940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cmp.osano.com/

Requested by

Host: cmp.osano.com
URL: https://cmp.osano.com/16CVqQSid6k3038vU/fef0f8b2-698d-45ee-89c5-d8fbf51fbfb7/osano.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2450:2e00:3:b7e:8940:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

a48b96eb4dbabdf7d10b4a7667062cd55b7c1f9aab381f05c916798ec4308f68

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.nwitimes.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 56805
content-encoding: gzip
content-type: text/html
date: Sun, 13 Aug 2023 04:46:24 GMT
etag: W/"287b497c992487af362d33204f87d28f"
last-modified: Thu, 21 Oct 2021 22:01:08 GMT
referrer-policy: strict-origin-when-cross-origin
server: AmazonS3
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Accept-Encoding Origin
via: 1.1 2971432b3eda9556fb62405145d20a88.cloudfront.net (CloudFront)
x-amz-cf-id: AANNCP_y5x2s_7r1S9eirC7E-l9BeDasatNAJt2X0DQ-WgncV_SXhg==
x-amz-cf-pop: CDG50-P4
x-amz-version-id: xT1PkIFehetvNf5lINcU02FbT3u47kBr
x-cache: Hit from cloudfront
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 250 KB
85 KB 33ms
33ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-F8FFLLVDEZ&l=dataLayer&cx=c

Requested by

Host: cmp.osano.com
URL: https://cmp.osano.com/16CVqQSid6k3038vU/fef0f8b2-698d-45ee-89c5-d8fbf51fbfb7/osano.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

443aa4f8c7948d4f767da4ec05481b78ec7e5c879311cee01632e11d3ca8a646

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nwitimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sun, 13 Aug 2023 20:33:08 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 86519
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sun, 13 Aug 2023 20:33:08 GMT

POST
H2 200 publisher:getClientId Show response
ampcid.google.com/v1/ 74 B
440 B 54ms
14ms XHR
application/json 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ampcid.google.com/v1/publisher:getClientId?key=AIzaSyA65lEHUEizIsNtlbNo-l2K18dT680nsaM

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

991bfe84fec788f2b7d432b99a60c1e2aa2e799bc0137da8cf478299d0fc9a10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.nwitimes.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Content-Type: text/plain

Response headers

date: Sun, 13 Aug 2023 20:33:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.nwitimes.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 94
x-xss-protection: 0

GET
BLOB 200
OK 882ee687-c9b1-47b6-b9c0-6caa4d048d14
https://www.nwitimes.com/ 390 B
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.nwitimes.com/882ee687-c9b1-47b6-b9c0-6caa4d048d14
Requested by: Host: www.nwitimes.com
URL: https://www.nwitimes.com/privacy/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 087466b06f57f691ce94f2058889ebd7c3f22b33d511fcdbd78aea93f4378edd

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Content-Length: 390
Content-Type: text/javascript

POST
H2 200 publisher:getClientId Show response
ampcid.google.de/v1/ 3 B
369 B 54ms
14ms XHR
application/json 2a00:1450:4001:81c::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ampcid.google.de/v1/publisher:getClientId?key=AIzaSyA65lEHUEizIsNtlbNo-l2K18dT680nsaM

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.nwitimes.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Content-Type: text/plain

Response headers

date: Sun, 13 Aug 2023 20:33:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.nwitimes.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23
x-xss-protection: 0

GET
BLOB 200
OK 621bcc7f-4848-49c1-8ec3-25633a9b1dda
https://www.nwitimes.com/ 390 B
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.nwitimes.com/621bcc7f-4848-49c1-8ec3-25633a9b1dda
Requested by: Host: www.nwitimes.com
URL: https://www.nwitimes.com/privacy/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 087466b06f57f691ce94f2058889ebd7c3f22b33d511fcdbd78aea93f4378edd

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Content-Length: 390
Content-Type: text/javascript

GET
BLOB 200
OK a238b5a0-d680-4bd5-9c0e-a26204c1c6f9
https://www.nwitimes.com/ 390 B
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.nwitimes.com/a238b5a0-d680-4bd5-9c0e-a26204c1c6f9
Requested by: Host: www.nwitimes.com
URL: https://www.nwitimes.com/privacy/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 087466b06f57f691ce94f2058889ebd7c3f22b33d511fcdbd78aea93f4378edd

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Content-Length: 390
Content-Type: text/javascript

GET
H2 200 linkid.js Show response
www.google-analytics.com/plugins/ua/ 2 KB
1 KB 10ms
9ms Script
text/javascript 2001:4860:4802:38::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/plugins/ua/linkid.js

Requested by

Host: cmp.osano.com
URL: https://cmp.osano.com/16CVqQSid6k3038vU/fef0f8b2-698d-45ee-89c5-d8fbf51fbfb7/osano.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:38::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nwitimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sun, 13 Aug 2023 19:43:00 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3008
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 697
x-xss-protection: 0
last-modified: Fri, 30 Jun 2023 18:58:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Sun, 13 Aug 2023 20:43:00 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 248 KB
84 KB 18ms
16ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-4T2EB147B8&l=dataLayer&cx=c

Requested by

Host: cmp.osano.com
URL: https://cmp.osano.com/16CVqQSid6k3038vU/fef0f8b2-698d-45ee-89c5-d8fbf51fbfb7/osano.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

697ad41dfdf73b73db86e3ae24b607ffa5a8a1ab01d50031b96b47cb5d6e21be

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nwitimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sun, 13 Aug 2023 20:33:08 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 86190
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sun, 13 Aug 2023 20:33:08 GMT

GET
H2 200 analytics.min.js Show response
cdn.segment.com/analytics.js/v1/YNwPRuYDOjrAr7O9PCSVIw1QoK0Oimn6/ 105 KB
28 KB 58ms
20ms Script
text/javascript 18.165.191.170
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/analytics.js/v1/YNwPRuYDOjrAr7O9PCSVIw1QoK0Oimn6/analytics.min.js
Requested by: Host: cmp.osano.com
URL: https://cmp.osano.com/16CVqQSid6k3038vU/fef0f8b2-698d-45ee-89c5-d8fbf51fbfb7/osano.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.165.191.170 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-165-191-170.zrh55.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 889f22c89985d5d524e22a4a3ba00effd6d587d1598c027e2c942f29df388a34

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nwitimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-amz-version-id: VADLHxqLAcnHe94X1oIImE1OR.p_UIR0
content-encoding: br
via: 1.1 2bb98457c96f801517f8d0d98344cd3c.cloudfront.net (CloudFront)
date: Sun, 13 Aug 2023 20:32:03 GMT
x-amz-cf-pop: ZRH55-P1
age: 107
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 13 Jun 2023 00:53:37 GMT
server: AmazonS3
etag: W/"fa900885fd8fc4fb0c5173e831cc6174"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=120
vary: Accept-Encoding
x-amz-cf-id: 1MoNli-XbbcO4O0aDFOa8a7uhZ3oM208L7CY-8NBPznFf02TCfmUGg==

GET
H2 200 settings Show response
cdn.segment.com/v1/projects/YNwPRuYDOjrAr7O9PCSVIw1QoK0Oimn6/ 2 KB
1 KB 36ms
11ms Fetch
application/json 18.165.191.170
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/v1/projects/YNwPRuYDOjrAr7O9PCSVIw1QoK0Oimn6/settings
Requested by: Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/YNwPRuYDOjrAr7O9PCSVIw1QoK0Oimn6/analytics.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.165.191.170 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-165-191-170.zrh55.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 906cf7cfa93b1ab7d9c6f1775e47b97d2c6e0b223a8c7409d7884eb8700d90eb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nwitimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-amz-version-id: YuYoQpBFarPpw2CxRZbQUfespfEfBf9J
content-encoding: gzip
via: 1.1 e042bf1e56617a2fbe098f111a30b514.cloudfront.net (CloudFront)
date: Sun, 13 Aug 2023 19:48:17 GMT
x-amz-cf-pop: ZRH55-P1
age: 9397
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Mon, 05 Jun 2023 15:03:19 GMT
server: AmazonS3
etag: W/"fca6ee85f752e2683415f90d79146a75"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=10800
vary: Accept-Encoding
x-amz-cf-id: nZ44RV_-CaCVGoM4fKWxwM-TytfpdI7q0FzqzHQCpvTeoXjrFGuv2g==

GET
H2 200 ajs-destination.bundle.0f003b5e4b03680982b4.js Show response
cdn.segment.com/analytics-next/bundles/ 9 KB
3 KB 12ms
12ms Script
application/javascript 18.165.191.170
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/analytics-next/bundles/ajs-destination.bundle.0f003b5e4b03680982b4.js
Requested by: Host: cmp.osano.com
URL: https://cmp.osano.com/16CVqQSid6k3038vU/fef0f8b2-698d-45ee-89c5-d8fbf51fbfb7/osano.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.165.191.170 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-165-191-170.zrh55.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 3e2bce089186ecc5310b103ce3056fce92ce32e1db3d5e2db4c1dab4fa87c175

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nwitimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sun, 25 Jun 2023 08:38:33 GMT
x-amz-version-id: eWEyumgRzKZMPVHvkdDPG4xjeVkYZJc9
content-encoding: br
via: 1.1 2bb98457c96f801517f8d0d98344cd3c.cloudfront.net (CloudFront)
x-amz-cf-pop: ZRH55-P1
age: 4276476
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Sun, 25 Jun 2023 08:05:19 GMT
server: AmazonS3
etag: W/"5c08e208387787e375df16faad0e6cd2"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
vary: Accept-Encoding
x-amz-cf-id: 8xBguWC-OiSJ5hIQN6R6Svs1GmfvIGeXqQ4jgdIsce3ahDXSvwbDtw==

GET
H2 200 schemaFilter.bundle.f63551a29dc1697f71b6.js Show response
cdn.segment.com/analytics-next/bundles/ 2 KB
1 KB 12ms
11ms Script
application/javascript 18.165.191.170
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/analytics-next/bundles/schemaFilter.bundle.f63551a29dc1697f71b6.js
Requested by: Host: cmp.osano.com
URL: https://cmp.osano.com/16CVqQSid6k3038vU/fef0f8b2-698d-45ee-89c5-d8fbf51fbfb7/osano.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.165.191.170 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-165-191-170.zrh55.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: b79a43a28dc356d07de97ee365a01d714812e2eb02b15397cefb226d2a019a83

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nwitimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Wed, 26 Jul 2023 17:24:59 GMT
x-amz-version-id: z9.duCzpxRT4R19RwDYbcbNoSmoR01Uk
content-encoding: br
via: 1.1 2bb98457c96f801517f8d0d98344cd3c.cloudfront.net (CloudFront)
x-amz-cf-pop: ZRH55-P1
age: 1566491
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Wed, 26 Jul 2023 16:08:23 GMT
server: AmazonS3
etag: W/"2a359f6227308e4ee31623f9381ae1d7"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
vary: Accept-Encoding
x-amz-cf-id: Us_8_QkopRU3mr1HR1TA7en4TiOVyUcJiJxOABtCcOQyxwMzKzFgJA==

POST
H2 200 p Show response
api.segment.io/v1/ 21 B
175 B 530ms
173ms Fetch
application/json 35.166.226.67
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.segment.io/v1/p

Requested by

Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/YNwPRuYDOjrAr7O9PCSVIw1QoK0Oimn6/analytics.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.166.226.67 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-166-226-67.us-west-2.compute.amazonaws.com

Software

Resource Hash

12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.nwitimes.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.nwitimes.com
date: Sun, 13 Aug 2023 20:33:09 GMT
strict-transport-security: max-age=31536000
content-length: 21
vary: Origin
content-type: application/json

Verdicts & Comments Add Verdict or Comment

99 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.nwitimes.com/	1970-01-20 14:42:30	Name: _pbjs_userid_consent_data Value: 3524755945110770
.nwitimes.com/	1970-01-20 13:59:22	Name: AMP_TOKEN Value: %24NOT_FOUND
www.nwitimes.com/	1970-01-20 22:44:54	Name: ajs_anonymous_id Value: 55420b56-f6ea-4070-86c7-efe41291f851

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ampcid.google.com
ampcid.google.de
api.segment.io
bloximages.chicago2.vip.townnews.com
c.amazon-adsystem.com
cdn.segment.com
cmp.osano.com
d1eoo1tco6rr5e.cloudfront.net
email.mail.nwitimes.com
insight.adsrvr.org
nwitimes.com
securepubads.g.doubleclick.net
tagan.adlightning.com
www.google-analytics.com
www.googletagmanager.com
www.gstatic.com
www.nwitimes.com
104.16.133.24
15.197.193.217
18.165.191.170
18.173.159.138
18.173.187.96
18.173.189.135
192.104.182.209
2001:4860:4802:38::178
2600:9000:223c:1c00:1e:44af:df00:93a1
2600:9000:2450:2e00:3:b7e:8940:93a1
2a00:1450:4001:812::2003
2a00:1450:4001:81c::200e
2a00:1450:4001:828::2002
2a00:1450:4001:828::200e
2a00:1450:4001:830::2008
35.166.226.67
04da122e70371bba47c7c58135bfed4f21d1545c72ba51d8cbc0d43276f834f9
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
076f281a9257ad662f34badb12393195fdca0dc2fde9acd1f1628b9674a96aee
087466b06f57f691ce94f2058889ebd7c3f22b33d511fcdbd78aea93f4378edd
09a962b79056fa6952737d70d8dea1a8f2304dbc7d50f51d603e7593d7676c5c
0ac4a1580edb443420c38896152a03c80c8fa8e5f1f09853896b810d87309a80
1192376834c97864c4ea49f9b8db362a21883c938f72ce31ea1ae5f2b0ff56b8
12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254
15c5217bab15791da899bebeec1b32e57bcd02d20f8847c6440f47ededcdf625
1e9c3fe0bb7e27e1fef2af1cae6a8924b40d3240418da5d484c65c00dae8f10a
296ffff5be5fa17a541df8e925d24e473ced64d535f543542bebc15759b761fd
3278dd5328ee5b87157934a4523397d9f2005c2d08c55dd4c7ab903de5bbb22c
375de2c6c1fc22a6d09ed7a01c6377d08ce773110b843085d225406f0d150bee
389f438844f7135c2be70a4a9f6654443a8c76482f1f0fbbea73b903c0d5cfad
38a8c69764cb608dd9ab1a715c2bcc582d8ffdf33ea486a8926234bf68d5733c
3b6854831be14d28fdfdb1758ebebe2893bf8e5be5f176b8d3e1b1b0f874d90e
3c01c1e199879f8b72679cc4d402684ba9e88c21b633547adbae6ba03a617fdc
3c6ee072b06881b30460303643e87253a7646b138aeafa4c17fdd8ccc12022a6
3e2bce089186ecc5310b103ce3056fce92ce32e1db3d5e2db4c1dab4fa87c175
3f7d4fce911e0a58ed4224b9f65d90a98d8bb7b76d25ad2610485b9baaa1d447
443aa4f8c7948d4f767da4ec05481b78ec7e5c879311cee01632e11d3ca8a646
4ef0cb2e94b5b79911d8647651823f8c4a39b0f1192bf85b2caa9ce9db3fd7e1
576bfb12817ce7278cece3e76143ca6503df88cd6289929227ccd3e5c245798d
57aea152733fd078d52d9fc1d617ad95da2cde5fc8e1172d240046a9e8f272f4
5db5a6d1d232be59bc1e73238657a91954c6b1f46820b4d70b9ed21b5c74310f
624c19a4056c556176807b24f2d940561c57ea14b4a98f2bbdc11ea990eb0386
697ad41dfdf73b73db86e3ae24b607ffa5a8a1ab01d50031b96b47cb5d6e21be
6b96eb73da5fe3c20e4507bf752917f6d7978be8881c1dea934db282b028407d
75845ddd51e5f375f7b7aa868937566eb92118d0ee118cd3154db1a95d7b8dd0
77b109dd53ec2921d47af5eedcf39cbea8bc92bf8b59a970aa104c5ed2d5b3c0
7ba0e03fc02c15c4910af1d379b27c467d42ca396b62e17801ebc53fb8a661da
889f22c89985d5d524e22a4a3ba00effd6d587d1598c027e2c942f29df388a34
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8d8dfb12c2e7bd578a6b328ac18062eeee9fc7aed02d216e1b8815ec458cfd49
906cf7cfa93b1ab7d9c6f1775e47b97d2c6e0b223a8c7409d7884eb8700d90eb
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
93eac8b1fb14d0863561633dfdf563013c023393aabfb122e3be7256629d9235
955becd6590ca9099279669e95771cf8d4d519ff8643dc8c398b6daaba6061a8
96bed4c8966020005f3394a56c5c3640550a16fb324eb04c328f1b9ee8a8bc48
991bfe84fec788f2b7d432b99a60c1e2aa2e799bc0137da8cf478299d0fc9a10
9f5a63fb50ffbc0bfeb62ebf9740d67cc9ce26c04c569a2f6ce7597d85e4a778
a48b96eb4dbabdf7d10b4a7667062cd55b7c1f9aab381f05c916798ec4308f68
aa4391f03da55de95caebed478d3e1183fb01a3e8f1c5891a48e75717ed2bed9
aa59d2979c85d4fec938c960a0c4e7138cd122db113331b2974113869007dc46
adfa39b53589a91e67b4d82766750bee32371b51438f41dfbd6da0764719370e
b10a075758097bb0578287af03c76a9fcd82fa4607587109ae41fe2d24756600
b79a43a28dc356d07de97ee365a01d714812e2eb02b15397cefb226d2a019a83
bad3f4a20b737202b4cb52ce0124a2ae5d54be0002feb42790867ee446425332
c2008966819bb51e24bb6cbf82ef28efeb4d678e20c3b61fc02bb5d45b45e74e
c6e6da77dacb153a6384cca89b97bef3a39bd73cb3f3b997d0002ff0c1c4dc86
c7fe6da239be5e83a3d053138d413293ac50686169f09bade4ac60edf7f60120
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
d50881e8cf2ac03741c7c31b98dcabdf91d458ed76766efc511b26a2b796dd0f
d7e1d11e09ae5619685a66e50267d80bc6b716e2a3d9377b922ead3c32cba527
ddd1991e3d8ce67431989f8cca95743706d110f064ed2b3609041a3f20e50d2c
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
df40f72baec4406ceb8e7c8a0e787c3b56afd552c98d58aa38a5870c42c3ae05
e1af08d1e62342b2abf565b1b5232d749d19079fe37d5a7ae4400919da660347
e31bfbcc67d4e54c267dd76b6caab718da1cba0a4aa93347c63075b7193d4248
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e864753e4b2ed60803044c4266f04eeaaca8118244aec4827bda2c78800d31ab
f5e55a21dfa3a20ceb298737c8f4c517a83d7960468c7f53b3f33c567bacff3c

www.nwitimes.com Open in urlscan Pro 192.104.182.209 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

75 Requests

84 %HTTPS

50 %IPv6

15 Domains

17 Subdomains

16 IPs

3 Countries

1464 kBTransfer

4834 kBSize

3 Cookies

15 Outgoing links

Page URL History

Redirected requests

75 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.nwitimes.com Open in urlscan Pro
192.104.182.209 Public Scan

Screenshot
Live screenshot

Full Image

75
Requests

84 %
HTTPS

50 %
IPv6

15
Domains

17
Subdomains

16
IPs

3
Countries

1464 kB
Transfer

4834 kB
Size

3
Cookies

75 HTTP transactions
0 data transactions