www.thenewsobserver.com Open in urlscan Pro
104.196.37.2 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.thenewsobserver.com/
Submission: On November 25 via api (November 25th 2024, 11:12:34 am UTC) from CA — Scanned from CA

Summary HTTP 106 Redirects Links 10 Behaviour Indicators

Summary

This website contacted 31 IPs in 3 countries across 27 domains to perform 106 HTTP transactions. The main IP is 104.196.37.2, located in North Charleston, United States and belongs to GOOGLE-CLOUD-PLATFORM, US. The main domain is www.thenewsobserver.com.
TLS certificate: Issued by R11 on October 8th 2024. Valid for: 3 months.

This is the only time www.thenewsobserver.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
26	104.196.37.2 104.196.37.2	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	2607:f8b0:400... 2607:f8b0:4006:821::2008	15169 (GOOGLE) (GOOGLE)
1	20.150.38.36 20.150.38.36	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	3.168.102.39 3.168.102.39	16509 (AMAZON-02) (AMAZON-02)
1	52.216.52.248 52.216.52.248	16509 (AMAZON-02) (AMAZON-02)
3	172.67.39.148 172.67.39.148	13335 (CLOUDFLAR...) (CLOUDFLARENET)
33	142.251.40.194 142.251.40.194	15169 (GOOGLE) (GOOGLE)
1 1	52.85.61.94 52.85.61.94	16509 (AMAZON-02) (AMAZON-02)
3	2600:9000:26f... 2600:9000:26fa:3e00:1b:cadc:ef40:93a1	16509 (AMAZON-02) (AMAZON-02)
3	2607:f8b0:400... 2607:f8b0:4006:80e::200e	15169 (GOOGLE) (GOOGLE)
1	151.101.3.52 151.101.3.52	54113 (FASTLY) (FASTLY)
1	2600:9000:251... 2600:9000:2511:5e00:a:e047:754:f4a1	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700:10:... 2606:4700:10::6816:3556	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2620:100:a00b::4 2620:100:a00b::4	19750 (AS-CRITEO) (AS-CRITEO)
1	34.102.146.192 34.102.146.192	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	34.96.70.87 34.96.70.87	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	108.138.128.124 108.138.128.124	16509 (AMAZON-02) (AMAZON-02)
1	2a04:4e42::485 2a04:4e42::485	54113 (FASTLY) (FASTLY)
1	104.18.28.101 104.18.28.101	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2607:f8b0:400... 2607:f8b0:4006:821::2001	15169 (GOOGLE) (GOOGLE)
1	162.19.138.118 162.19.138.118	16276 (OVH OVH SAS) (OVH OVH SAS)
1 2	34.120.107.143 34.120.107.143	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	98.82.228.218 98.82.228.218	14618 (AMAZON-AES) (AMAZON-AES)
1	2620:100:a00b... 2620:100:a00b::12	19750 (AS-CRITEO) (AS-CRITEO)
1	2607:f8b0:400... 2607:f8b0:4006:806::2002	15169 (GOOGLE) (GOOGLE)
6	2607:f8b0:400... 2607:f8b0:4006:816::2001	15169 (GOOGLE) (GOOGLE)
1	35.190.39.111 35.190.39.111	15169 (GOOGLE) (GOOGLE)
1	34.98.64.218 34.98.64.218	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2607:f8b0:400... 2607:f8b0:4006:81d::2001	15169 (GOOGLE) (GOOGLE)
4	2607:f8b0:400... 2607:f8b0:4006:809::2001	15169 (GOOGLE) (GOOGLE)
2	142.250.81.228 142.250.81.228	15169 (GOOGLE) (GOOGLE)
106	31

26 104.196.37.2 (North Charleston, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 2.37.196.104.bc.googleusercontent.com

www.thenewsobserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:821::2008 (United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 20.150.38.36 (San Antonio, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

etypeproductionstorage1.blob.core.windows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.168.102.39 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-3-168-102-39.jfk52.r.cloudfront.net

cdn-images.mailchimp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.216.52.248 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-1.amazonaws.com

s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.67.39.148 (United States)

ASN13335 (CLOUDFLARENET, US)

static.addtoany.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

33 142.251.40.194 (Queens, United States)

ASN15169 (GOOGLE, US)
PTR: lga34s38-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ep1.adtrafficquality.google	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.85.61.94 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-52-85-61-94.ewr53.r.cloudfront.net

cmp.quantcast.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:26fa:3e00:1b:cadc:ef40:93a1 (United States)

ASN16509 (AMAZON-02, US)

cmp.inmobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:4006:80e::200e (United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.3.52 (San Francisco, United States)

ASN54113 (FASTLY, US)

cdnres.willyweather.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2511:5e00:a:e047:754:f4a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.prod.uidapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6816:3556 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:100:a00b::4 (United States)

ASN19750 (AS-CRITEO, US)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.146.192 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 192.146.102.34.bc.googleusercontent.com

oa.openxcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.96.70.87 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 87.70.96.34.bc.googleusercontent.com

invstatic101.creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.138.128.124 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-128-124.jfk50.r.cloudfront.net

tags.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42::485 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.28.101 (None, )

ASN13335 (CLOUDFLARENET, US)

cdn-ima.33across.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:821::2001 (United States)

ASN15169 (GOOGLE, US)

4b9515c33e3c77d56939994376f187ed.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.19.138.118 (Frankfurt am Main, Germany)

ASN16276 (OVH OVH SAS, FR)
PTR: ns31533569.ip-162-19-138.eu

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.120.107.143 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 143.107.120.34.bc.googleusercontent.com

oajs.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 98.82.228.218 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-98-82-228-218.compute-1.amazonaws.com

bcp.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:100:a00b::12 (United States)

ASN19750 (AS-CRITEO, US)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:806::2002 (United States)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2607:f8b0:4006:816::2001 (United States)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.39.111 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 111.39.190.35.bc.googleusercontent.com

esp.rtbhouse.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.64.218 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 218.64.98.34.bc.googleusercontent.com

google-bidout-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:81d::2001 (United States)

ASN15169 (GOOGLE, US)

9e820cfba3860f9f28d3081fdd93508e.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:4006:809::2001 (United States)

ASN15169 (GOOGLE, US)

ep2.adtrafficquality.google	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.81.228 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s74-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
26	thenewsobserver.com www.thenewsobserver.com	2 MB
22	googlesyndication.com 4b9515c33e3c77d56939994376f187ed.safeframe.googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 110 tpc.googlesyndication.com — Cisco Umbrella Rank: 173 9e820cfba3860f9f28d3081fdd93508e.safeframe.googlesyndication.com	203 KB
17	doubleclick.net securepubads.g.doubleclick.net — Cisco Umbrella Rank: 218	211 KB
6	adtrafficquality.google ep1.adtrafficquality.google — Cisco Umbrella Rank: 389 ep2.adtrafficquality.google — Cisco Umbrella Rank: 403	33 KB
3	openx.net 1 redirects oajs.openx.net — Cisco Umbrella Rank: 2931 google-bidout-d.openx.net — Cisco Umbrella Rank: 2790	502 B
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 36	21 KB
3	inmobi.com cmp.inmobi.com — Cisco Umbrella Rank: 5292	46 KB
3	addtoany.com static.addtoany.com — Cisco Umbrella Rank: 4382	28 KB
2	google.com www.google.com — Cisco Umbrella Rank: 3
2	crwdcntrl.net tags.crwdcntrl.net — Cisco Umbrella Rank: 1010 bcp.crwdcntrl.net — Cisco Umbrella Rank: 1026	13 KB
2	id5-sync.com cdn.id5-sync.com — Cisco Umbrella Rank: 1004 id5-sync.com — Cisco Umbrella Rank: 533	29 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 39	180 KB
1	rtbhouse.com esp.rtbhouse.com — Cisco Umbrella Rank: 4214	442 B
1	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 332	33 KB
1	criteo.com gum.criteo.com — Cisco Umbrella Rank: 450
1	33across.com cdn-ima.33across.com — Cisco Umbrella Rank: 1329	7 KB
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 318	898 B
1	creativecdn.com invstatic101.creativecdn.com — Cisco Umbrella Rank: 2700	1 KB
1	openxcdn.net oa.openxcdn.net — Cisco Umbrella Rank: 2357	8 KB
1	criteo.net static.criteo.net — Cisco Umbrella Rank: 793	13 KB
1	uidapi.com cdn.prod.uidapi.com — Cisco Umbrella Rank: 4220	4 KB
1	willyweather.com cdnres.willyweather.com — Cisco Umbrella Rank: 83668
1	quantcast.com 1 redirects cmp.quantcast.com — Cisco Umbrella Rank: 9019	603 B
1	amazonaws.com s3.amazonaws.com	140 KB
1	mailchimp.com cdn-images.mailchimp.com — Cisco Umbrella Rank: 6874	2 KB
1	windows.net etypeproductionstorage1.blob.core.windows.net — Cisco Umbrella Rank: 300761	224 KB
0	adatoolbar.com Failed adatoolbar.com Failed
106	27

	Domain	Requested by
26	www.thenewsobserver.com	www.thenewsobserver.com
17	securepubads.g.doubleclick.net	www.thenewsobserver.com securepubads.g.doubleclick.net www.googletagservices.com pagead2.googlesyndication.com
14	pagead2.googlesyndication.com	securepubads.g.doubleclick.net pagead2.googlesyndication.com
6	tpc.googlesyndication.com	securepubads.g.doubleclick.net
4	ep2.adtrafficquality.google	securepubads.g.doubleclick.net ep2.adtrafficquality.google
3	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
3	cmp.inmobi.com	www.thenewsobserver.com cmp.quantcast.com cmp.inmobi.com
3	static.addtoany.com	www.thenewsobserver.com static.addtoany.com
2	www.google.com	ep2.adtrafficquality.google
2	ep1.adtrafficquality.google	securepubads.g.doubleclick.net
2	oajs.openx.net	1 redirects www.thenewsobserver.com
2	www.googletagmanager.com	www.thenewsobserver.com www.googletagmanager.com
1	9e820cfba3860f9f28d3081fdd93508e.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	google-bidout-d.openx.net	oa.openxcdn.net
1	esp.rtbhouse.com	invstatic101.creativecdn.com
1	www.googletagservices.com	securepubads.g.doubleclick.net
1	gum.criteo.com	static.criteo.net
1	bcp.crwdcntrl.net	tags.crwdcntrl.net
1	id5-sync.com	cdn.id5-sync.com
1	4b9515c33e3c77d56939994376f187ed.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	cdn-ima.33across.com	securepubads.g.doubleclick.net
1	cdn.jsdelivr.net	securepubads.g.doubleclick.net
1	tags.crwdcntrl.net	securepubads.g.doubleclick.net
1	invstatic101.creativecdn.com	securepubads.g.doubleclick.net
1	oa.openxcdn.net	securepubads.g.doubleclick.net
1	static.criteo.net	securepubads.g.doubleclick.net
1	cdn.id5-sync.com	securepubads.g.doubleclick.net
1	cdn.prod.uidapi.com	securepubads.g.doubleclick.net
1	cdnres.willyweather.com	www.thenewsobserver.com
1	cmp.quantcast.com	1 redirects
1	s3.amazonaws.com	www.thenewsobserver.com
1	cdn-images.mailchimp.com	www.thenewsobserver.com
1	etypeproductionstorage1.blob.core.windows.net	www.thenewsobserver.com
0	adatoolbar.com Failed	www.thenewsobserver.com
106	34

This site contains links to these domains. Also see Links.

Domain
thenewsobserver.newsbank.com
publisher.etype.services
www.etypeservices.com
www.legacy.com
classadz.vdata.com
www.facebook.com

Subject Issuer	Validity	Valid
thenewsobserver.com R11	`2024-10-08` - `2025-01-06`	3 months	crt.sh
*.google-analytics.com WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh
*.blob.core.windows.net Microsoft Azure RSA TLS Issuing CA 08	`2024-10-30` - `2025-04-28`	6 months	crt.sh
cdn-images.mailchimp.com Amazon RSA 2048 M02	`2024-06-24` - `2025-07-22`	a year	crt.sh
s3.amazonaws.com Amazon RSA 2048 M01	`2024-09-18` - `2025-09-16`	a year	crt.sh
static.addtoany.com WE1	`2024-11-03` - `2025-02-01`	3 months	crt.sh
*.g.doubleclick.net WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh
*.willyweather.com R10	`2024-10-05` - `2025-01-03`	3 months	crt.sh
cmp.inmobi.com Sectigo ECC Organization Validation Secure Server CA	`2024-07-31` - `2025-07-31`	a year	crt.sh
cdn.prod.uidapi.com Amazon RSA 2048 M03	`2024-11-20` - `2025-12-20`	a year	crt.sh
id5-sync.com WE1	`2024-09-30` - `2024-12-29`	3 months	crt.sh
*.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-09-24` - `2024-12-21`	3 months	crt.sh
oa.openxcdn.net WR3	`2024-11-13` - `2025-02-11`	3 months	crt.sh
invstatic101.creativecdn.com WR3	`2024-10-15` - `2025-01-13`	3 months	crt.sh
*.crwdcntrl.net Amazon RSA 2048 M02	`2024-09-07` - `2025-10-07`	a year	crt.sh
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2024 Q3	`2024-07-30` - `2025-08-31`	a year	crt.sh
*.33across.com Sectigo RSA Domain Validation Secure Server CA	`2024-09-05` - `2025-09-30`	a year	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-09-24` - `2024-12-25`	3 months	crt.sh
tpc.googlesyndication.com WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh
esp.rtbhouse.com WR3	`2024-10-22` - `2025-01-20`	3 months	crt.sh
*.openx.net RapidSSL TLS RSA CA G1	`2024-08-14` - `2025-08-18`	a year	crt.sh
adtrafficquality.google WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh
*.google.com WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh

This page contains 17 frames:

Primary Page: https://www.thenewsobserver.com/
Frame ID: C22E60B4B3CEDE21DDAADF4B7F12C6B2
Requests: 60 HTTP requests in this frame

Frame: https://cdnres.willyweather.com/widget/loadView.html?id=114747
Frame ID: 6CB35D704D80873F354833421ADB7FF3
Requests: 1 HTTP requests in this frame

Frame: https://static.addtoany.com/menu/sm.25.html
Frame ID: D17C0CB2CCB8B50DCB5F0042EC428316
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/static/topics/topics_frame.html
Frame ID: 7BE40E88695DDBEF727EEB5E70AA4A48
Requests: 1 HTTP requests in this frame

Frame: https://4b9515c33e3c77d56939994376f187ed.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 532A950123C744574859878C4ED40A27
Requests: 1 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=www.thenewsobserver.com&gdpr=0&gdpr_consent=
Frame ID: 3C7B3CEDA57D28383ADB7664C8BE0A30
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuoxAYBkbuBxOMSIkmQk6SuJHj9QbgCWo514b87i3fY8d6ljpnro5fb4vMkFVuR1Eh1CruKlwLPhM3ye0A5R1EUIYbKe1HZm2Qm_HnS93LbCiQdYUgKg_IvsUe09p8h00kBxo6QeUjJ-YtcNE7XJYd9rEz5KuL5_ActVLztwr_sJOwgzqxBrl7OPRW4YcqRvwod-RoQHszMG1ktkjp5TD8LICUj76PAlu-JFaWNImm3AG46dx1FruZPn7V6d9yLvBiaOAGiNJchX1GYPyyK2J0Hx1ejFFq7HePseo55bzUQSTS1hZgTZqyhxFvNSYp5y6AjSSkL_ZnPLNWsovZP698GJhwuLsj6iEFf1xBZXmt1Xsr7Pd7fmUP2EAiNI7H4xYT7nkR_NU4SqG1rflt_gRs3s3Dn6TOX_8bVG3U0CUM&sai=AMfl-YRpZsltuxkrn5fhISBWtmFtD1nBfrj8Alkjcf22xjy6RlkDRsGAjNkjIPVOGnhhoZXoUfVBhvbVpJXf_ZBCoWZQlfn3_uTPKI_E-Q2i3i5V27DNwlXHkfITHSVl5teJsvjVWP_oS9rr6b_xFhkV&sig=Cg0ArKJSzG1NQGcGRpoIEAE&uach_m=%5BUACH%5D&urlfix=1&adurl=
Frame ID: C547EB5EED932F7A20334A4E8B514F09
Requests: 13 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstUUbUId05g07wzw4Dhem9f-e9eHZ1dVI30iY4xYxHKEIJkYSSiVxpZ7y59b0XGiGZuXkHOcrJEMcB70qjIS9rCI_SRUQ0du5CdOiIDC1bvpWSZqVbboFA8fGLD-s7Yho5eoH2RN0l7Ec3cgdyx_BDcdBvJvUV2XHXshXkHNY3e_yXdSLtCZxKtQgTBHRq3uZyPoxeg9h7zkRep5luYev7-GK8tJCRHBbvGpdCSl8Jxjl1GGzXk-T1LZ-BUrd3SpFd0Ie2GKPjWfuL1dMv_ahJevPulKMLE9-4FVWbtk4XX0aCjrVaTkZmU0rwgbX0GdjO7ze0oxpwuPV66eXmqm4xfXcuQc4A2a5Tw0K6G6inQBgT2XjU3rd8Av5dur6lUgoTHilt82hjTPpe5z71Pn6G_90QW4X7AO04y&sai=AMfl-YSIp-NCPk7anwqWi39riiNLFTQZLQh4Oy2MyJBJBsTSz-wf9SOJv7pNh8wppyEGh5OiEc3fK_Y9lwP8592ZExyUsOmfFvgjfSr8CYLFq7NBiL413EEF3eydaNGnu5CNYbQPs2hebMfyMzMqlnAR&sig=Cg0ArKJSzLZIrfONHUvREAE&uach_m=%5BUACH%5D&adurl=
Frame ID: 18941158075FFBAAA367AC294CEC9F1C
Requests: 8 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvmruG0KKNBLXPPGdNHbz772B18AAuEAZ7WdJBWowc8zFNWU-UfqYpZzczFi7nAyebR475nogEaCnIHOladioA59JMCLSmfYDGuoBhLsPWkTybnsU8bih_SdGOnvxNQ2qDJnPv0saRx4UVxEJUdi503BSjHlsWVH6WmT5BtiVsn6RRJ5XE4kp4lMS6BJWtG8O7K3HODlLoyZQEG8nQ9aNY9LXKA2O0cFyFvo-1vbWKWs33tFURMQ4mctjSPyCeGlJPGjYkvzNsm4HMY0snuvr0M18EU0dO9eSsixx7ekpbuCsfIPw7tw3OMkvjOVhaLNTpRgdvd7WkCuQFWH-U7BpK-_GcwVdajIK-SlLz8q4gyiz6LfHNiCEkGyPmPsh0KypqIc5QoMwwnRaakyhnL0gTLtjVTdoitrpee&sai=AMfl-YSrungUA-A5UEzKm0569m0dtSQ5dDPwuHj41v9OpnUMdyiCIXMpcWJD2t-9TKIr7wGEt-5K_dsC1EKb615x_2hfctWgkFDnlAJePvSSEajO1kzvX_xLAcNOHlTVEV-c1I9itP1u-BTVnSMmelma&sig=Cg0ArKJSzHSQRGoryDvtEAE&uach_m=%5BUACH%5D&adurl=
Frame ID: ECC6510735129B0216E7BB8933DF95B0
Requests: 8 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuAMunwufDF8NZXF7Np3E_Y_g9RCKsWQ-EEh1cJl8yGLEXIYTbHoagHRpwoymEqLlQziIFuIw7uzfOSBkQG3sUORh6CTBXjUig9k_7K1xn8P0K830IDFFVktmiqYIXU-1a5gNRi7rCPFLgcwU8TnGHrQQP23_X4JDV57X0CYuJAUVh8f8tFjFCAAzhVWepfYsM1OVBFsmpPgAm6d_65j82ipLQAGemLUP_NbiaVC7L1ZgV6PcN1ieLVDm0jVhrC_FQOUuoZeFjgWzcvAX1MGJmaCH2JuZamVv56xkoAhdjagemlbygPZUQW2GZfWjS-WWW7PEXhn809iOjZaD2PDrdbp5ml-AExjN08LJq9eO5pKK2Wptdp4OcOTezQKJJ7IThfXmjjCBhXaXsAer9Jl6BHcw&sai=AMfl-YTlCOtJo_3Mu40krYDkEJR0ElEXQX_UnfzM1vGun3zzsgAS_IfnZ3Ws9kdr8pYnRyEtLMSaXRujl8cEdUseZsOXypAfyWIHZDrV9VvP0HVrqvT06tTjAN8Je6zYG78QhY3aPhQ2U4MFfH0HUZdQ&sig=Cg0ArKJSzHwklpI2LXLhEAE&uach_m=%5BUACH%5D&adurl=
Frame ID: 1CA46229CFF5123A40E364C5C6E31B9D
Requests: 9 HTTP requests in this frame

Frame: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Frame ID: FD1CC4AF8047CCD77F8C9EAC79C0B9A4
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/static/topics/topics_frame.html
Frame ID: 546725E6912435F71B0B685E6D0649C1
Requests: 1 HTTP requests in this frame

Frame: https://9e820cfba3860f9f28d3081fdd93508e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: D598D8BEB295AA75D1A09727E2626A0F
Requests: 1 HTTP requests in this frame

Frame: https://ep2.adtrafficquality.google/sodar/sodar2/232/runner.html
Frame ID: DA00E28FB5B5707FC8799EF7D8CE6307
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 9F9E8793F0C6C6B1C269AE9A19BED409
Requests: 1 HTTP requests in this frame

Frame: https://ep2.adtrafficquality.google/sodar/sodar2/232/runner.html
Frame ID: FF7184454ACFD857D6F9E11B46A4ABDC
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 9317BC4B4CC64A0CF5E6A29EDD7CB68E
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

The News Observer, Blue Ridge, Georgia

Detected technologies

AddToAny (Widgets) Expand

Overall confidence: 100%
Detected patterns

addtoany\.com/menu/page\.js

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googletagservices\.com/tag/js/gpt(?:_mobile)?\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

MailChimp (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

s3\.amazonaws\.com/downloads\.mailchimp\.com/js/mc-validate\.js
cdn-images\.mailchimp\.com/[^>]*\.css

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

106
Requests

95 %
HTTPS

42 %
IPv6

27
Domains

34
Subdomains

31
IPs

3
Countries

3334 kB
Transfer

6443 kB
Size

23
Cookies

10 Outgoing links

These are links going to different origins than the main page.

URL: https://thenewsobserver.newsbank.com/
Title: Extended Search

Search URL Search Domain Scan URL

URL: https://publisher.etype.services/The-News-Observer
Title: Renew

Search URL Search Domain Scan URL

URL: https://www.etypeservices.com/Privacy.aspx
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://www.legacy.com/us/obituaries/thenewsobserver/browse
Title: Obituaries

Search URL Search Domain Scan URL

URL: https://classadz.vdata.com/CommunityNewspapersMurphy/Advertising/Advertiser
Title: Place a classified

Search URL Search Domain Scan URL

URL: https://www.facebook.com/The-News-Observer-740175116028857/
Title: square-facebook

Search URL Search Domain Scan URL

URL: https://publisher.etype.services/The-News-Observer/e-paper-special-edition/44DC5235FF0D7327

Search URL Search Domain Scan URL

URL: https://publisher.etype.services/The-News-Observer/e-paper-special-edition/A0BF0B60BD663546

Search URL Search Domain Scan URL

URL: https://publisher.etype.services/The-News-Observer/e-paper-special-edition/8980C1F466BB8704

Search URL Search Domain Scan URL

URL: https://publisher.etype.services/The-News-Observer/e-paper-special-edition/3C45FBD671454263

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 14

https://cmp.quantcast.com/choice/6Fv0cGNfc_bw8/www.themoneytizer.com/choice.js HTTP 301
https://cmp.inmobi.com/choice/6Fv0cGNfc_bw8/www.themoneytizer.com/choice.js?tag_version=V2

Request Chain 55

https://oajs.openx.net/esp?url=https%3A%2F%2Fwww.thenewsobserver.com%2F&rid=esp HTTP 302
https://oajs.openx.net/esp?url=https%3A%2F%2Fwww.thenewsobserver.com%2F&rid=esp&cc=1

106 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.thenewsobserver.com/ 70 KB
13 KB 214ms
84ms Document
text/html 104.196.37.2
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.thenewsobserver.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.196.37.2 North Charleston, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

2.37.196.104.bc.googleusercontent.com

Software

nginx/1.18.0 /

Resource Hash

37ec45f49bf2dbd2a7f49901c2370e3ed2a2b32f7f82ce86da60841ce2b8aa75

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data: blob:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' blob: https:; worker-src blob:; frame-src 'unsafe-inline' https: data:; frame-ancestors 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff nosniff
X-Frame-Options	SAMEORIGIN SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

cache-control: must-revalidate, no-cache, private
content-encoding: gzip
content-language: en
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data: blob:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' blob: https:; worker-src blob:; frame-src 'unsafe-inline' https: data:; frame-ancestors 'unsafe-inline' https: data:;
content-type: text/html; charset=UTF-8
date: Mon, 25 Nov 2024 03:24:26 GMT
expires: Sun, 19 Nov 1978 05:00:00 GMT
referrer-policy: no-referrer
server: nginx/1.18.0
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
x-content-type-options: nosniff nosniff
x-default-cache: default_cache
x-drupal-cache: HIT
x-drupal-dynamic-cache: MISS
x-frame-options: SAMEORIGIN SAMEORIGIN
x-generator: Drupal 9 (https://www.drupal.org)
x-ua-compatible: IE=edge
x-xss-protection: 1; mode=block

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 213 KB
77 KB 303ms
52ms Script
application/javascript 2607:f8b0:4006:821::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-26466179-22

Requested by

Host: www.thenewsobserver.com
URL: https://www.thenewsobserver.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:821::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

b834a04658eb06d010124d22861feb8ed132ba375cab4151b7605a874e6eaef6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Mon, 25 Nov 2024 11:12:21 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 25 Nov 2024 11:12:21 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 78458
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 css_qCYVQcwlz_blv9ryQYiokRbIGMa5710Ds6bC6xFuX78.css
www.thenewsobserver.com/sites/thenewsobserver.etypegoogle7.com/files/css/ 9 KB
3 KB 67ms
61ms Stylesheet
text/css 104.196.37.2
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.thenewsobserver.com/sites/thenewsobserver.etypegoogle7.com/files/css/css_qCYVQcwlz_blv9ryQYiokRbIGMa5710Ds6bC6xFuX78.css

Requested by

Host: www.thenewsobserver.com
URL: https://www.thenewsobserver.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.196.37.2 North Charleston, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

2.37.196.104.bc.googleusercontent.com

Software

nginx/1.18.0 /

Resource Hash

a8261541cc25cff6e5bfdaf24188a89116c818c6b9ef5d03b3a6c2eb116e5fbf

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data: blob:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' blob: https:; worker-src blob:; frame-src 'unsafe-inline' https: data:; frame-ancestors 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

content-encoding: gzip
etag: W/"665de24b-24cb"
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
date: Mon, 25 Nov 2024 11:12:20 GMT
content-type: text/css
last-modified: Mon, 03 Jun 2024 15:33:31 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-default-cache: default_cache
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data: blob:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' blob: https:; worker-src blob:; frame-src 'unsafe-inline' https: data:; frame-ancestors 'unsafe-inline' https: data:;
cache-control: max-age=315360000
referrer-policy: no-referrer
x-xss-protection: 1; mode=block
server: nginx/1.18.0

GET
H2 200 css_R5hpuNas9Jc5YQQsSdT8qk-e_qOOjpcG6HzIrflbJpg.css
www.thenewsobserver.com/sites/thenewsobserver.etypegoogle7.com/files/css/ 364 KB
58 KB 66ms
60ms Stylesheet
text/css 104.196.37.2
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.thenewsobserver.com/sites/thenewsobserver.etypegoogle7.com/files/css/css_R5hpuNas9Jc5YQQsSdT8qk-e_qOOjpcG6HzIrflbJpg.css

Requested by

Host: www.thenewsobserver.com
URL: https://www.thenewsobserver.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.196.37.2 North Charleston, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

2.37.196.104.bc.googleusercontent.com

Software

nginx/1.18.0 /

Resource Hash

479869b8d6acf4973961042c49d4fcaa4f9efea38e8e9706e87cc8adf95b2698

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data: blob:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' blob: https:; worker-src blob:; frame-src 'unsafe-inline' https: data:; frame-ancestors 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

content-encoding: gzip
etag: W/"665de24b-5ae60"
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
date: Mon, 25 Nov 2024 11:12:20 GMT
content-type: text/css
last-modified: Mon, 03 Jun 2024 15:33:31 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-default-cache: default_cache
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data: blob:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' blob: https:; worker-src blob:; frame-src 'unsafe-inline' https: data:; frame-ancestors 'unsafe-inline' https: data:;
cache-control: max-age=315360000
referrer-policy: no-referrer
x-xss-protection: 1; mode=block
server: nginx/1.18.0

GET
H2 200 js_P1NGcVaP41NJGJkUdicGZ5z4_V6DssyGg4AN_ryfFrE.js Show response
www.thenewsobserver.com/sites/thenewsobserver.etypegoogle7.com/files/js/ 377 B
904 B 106ms
100ms Script
application/javascript 104.196.37.2
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.thenewsobserver.com/sites/thenewsobserver.etypegoogle7.com/files/js/js_P1NGcVaP41NJGJkUdicGZ5z4_V6DssyGg4AN_ryfFrE.js

Requested by

Host: www.thenewsobserver.com
URL: https://www.thenewsobserver.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.196.37.2 North Charleston, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

2.37.196.104.bc.googleusercontent.com

Software

nginx/1.18.0 /

Resource Hash

3f534671568fe35349189914762706679cf8fd5e83b2cc8683800dfebc9f16b1

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data: blob:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' blob: https:; worker-src blob:; frame-src 'unsafe-inline' https: data:; frame-ancestors 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

content-encoding: gzip
etag: W/"665de24b-179"
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
date: Mon, 25 Nov 2024 11:12:20 GMT
content-type: application/javascript
last-modified: Mon, 03 Jun 2024 15:33:31 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-default-cache: default_cache
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data: blob:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' blob: https:; worker-src blob:; frame-src 'unsafe-inline' https: data:; frame-ancestors 'unsafe-inline' https: data:;
cache-control: max-age=315360000
referrer-policy: no-referrer
x-xss-protection: 1; mode=block
server: nginx/1.18.0

GET
H2 200 image001_0.jpg
www.thenewsobserver.com/sites/thenewsobserver.etypegoogle7.com/files/ 38 KB
38 KB 117ms
112ms Image
image/jpeg 104.196.37.2
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.thenewsobserver.com/sites/thenewsobserver.etypegoogle7.com/files/image001_0.jpg
Requested by: Host: www.thenewsobserver.com
URL: https://www.thenewsobserver.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.196.37.2 North Charleston, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 2.37.196.104.bc.googleusercontent.com
Software: nginx/1.18.0 /
Resource Hash: 752d55c576fa27805d9277c3f5f06dab0d21620d765512218eb87ca82dedb2e1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

cache-control: max-age=315360000, public
etag: "5d7bd86c-97b4"
expires: Thu, 31 Dec 2037 23:55:55 GMT
accept-ranges: bytes
content-length: 38836
date: Mon, 25 Nov 2024 11:12:20 GMT
content-type: image/jpeg
last-modified: Fri, 13 Sep 2019 17:57:00 GMT
server: nginx/1.18.0

GET
H2 200 Bridge%203-WEB.jpg
www.thenewsobserver.com/sites/thenewsobserver.etypegoogle7.com/files/2024-11/ 284 KB
284 KB 118ms
114ms Image
image/jpeg 104.196.37.2
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.thenewsobserver.com/sites/thenewsobserver.etypegoogle7.com/files/2024-11/Bridge%203-WEB.jpg
Requested by: Host: www.thenewsobserver.com
URL: https://www.thenewsobserver.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.196.37.2 North Charleston, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 2.37.196.104.bc.googleusercontent.com
Software: nginx/1.18.0 /
Resource Hash: f4c54a5204de64002c85d1bf3bba343c3a6b1e2f3f230de72fa9f002a3992ba8

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

cache-control: max-age=315360000, public
etag: "673cd07d-46ee3"
expires: Thu, 31 Dec 2037 23:55:55 GMT
accept-ranges: bytes
content-length: 290531
date: Mon, 25 Nov 2024 11:12:20 GMT
content-type: image/jpeg
last-modified: Tue, 19 Nov 2024 17:53:01 GMT
server: nginx/1.18.0

GET
H/1.1 200
OK thumbnail.jpg
etypeproductionstorage1.blob.core.windows.net/$web/Production_Prod/Publications/237/ 223 KB
224 KB 387ms
119ms Image
image/jpeg 20.150.38.36
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://etypeproductionstorage1.blob.core.windows.net/$web/Production_Prod/Publications/237/thumbnail.jpg
Requested by: Host: www.thenewsobserver.com
URL: https://www.thenewsobserver.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 20.150.38.36 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 03a0f78ade69887cafb42769c5d7661ec10b220adc579f058a966176e2509211

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
ETag: 0x8DD09536FE721DA
x-ms-request-id: de2e421f-d01e-0064-732a-3fb4aa000000
Content-Length: 228679
Date: Mon, 25 Nov 2024 11:12:20 GMT
Content-Type: .jpg
Last-Modified: Wed, 20 Nov 2024 11:06:52 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-blob-type: BlockBlob

GET
H2 200 classic-10_7.css
cdn-images.mailchimp.com/embedcode/ 4 KB
2 KB 133ms
26ms Stylesheet
text/css 3.168.102.39
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-images.mailchimp.com/embedcode/classic-10_7.css
Requested by: Host: www.thenewsobserver.com
URL: https://www.thenewsobserver.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.168.102.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-168-102-39.jfk52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 613b1a7b4e9e279b4bcceed16041478402a795ac76653535589480190b3aa1c0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

x-amz-cf-pop: JFK52-P6
content-encoding: gzip
x-amz-version-id: null
etag: W/"ae0fc9b84c30cada1784022044962394"
age: 31316
via: 1.1 afbdd645eabdfd8277097dc541b708a6.cloudfront.net (CloudFront)
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: EpiC4wv8fv6cDhNqAd9S0ztHcN_wozrweemAtiMtFMF0tV43Of5xnQ==
date: Mon, 25 Nov 2024 02:30:26 GMT
content-type: text/css
vary: accept-encoding
server: AmazonS3
last-modified: Thu, 17 Dec 2015 16:52:30 GMT

GET
H/1.1 200
OK mc-validate.js Show response
s3.amazonaws.com/downloads.mailchimp.com/js/ 140 KB
140 KB 133ms
51ms Script
application/javascript 52.216.52.248
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js
Requested by: Host: www.thenewsobserver.com
URL: https://www.thenewsobserver.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.216.52.248 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: b15aceb04dbf5604df5617cfe984f48479cb131c1df02825d1c24e9f35d01857

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Cache-Control: public,max-age=2592000
ETag: "6465dd4a8331265e6629cd069e03504c"
x-amz-request-id: Y4DPK052M70G5J72
Accept-Ranges: bytes
Content-Length: 143249
Date: Mon, 25 Nov 2024 11:12:22 GMT
Last-Modified: Mon, 20 Aug 2018 17:42:38 GMT
Content-Type: application/javascript
Server: AmazonS3
x-amz-id-2: y4GMHD9Dv0c2XsYcuCq4eYx0XE/rEuFGZ6C8pMha/DU++Ky4zfoUDP39UDW9OnN+YKf262Vfm3o=

GET
H2 200 js_y57geBL-K47QfSLZFcl_jtxJKKl-i8yIkHt048E1tQc.js Show response
www.thenewsobserver.com/sites/thenewsobserver.etypegoogle7.com/files/js/ 99 KB
34 KB 63ms
55ms Script
application/javascript 104.196.37.2
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.thenewsobserver.com/sites/thenewsobserver.etypegoogle7.com/files/js/js_y57geBL-K47QfSLZFcl_jtxJKKl-i8yIkHt048E1tQc.js

Requested by

Host: www.thenewsobserver.com
URL: https://www.thenewsobserver.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.196.37.2 North Charleston, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

2.37.196.104.bc.googleusercontent.com

Software

nginx/1.18.0 /

Resource Hash

cb9ee07812fe2b8ed07d22d915c97f8edc4928a97e8bcc88907b74e3c135b507

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data: blob:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' blob: https:; worker-src blob:; frame-src 'unsafe-inline' https: data:; frame-ancestors 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

content-encoding: gzip
etag: W/"665de24b-18a46"
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
date: Mon, 25 Nov 2024 11:12:21 GMT
content-type: application/javascript
last-modified: Mon, 03 Jun 2024 15:33:31 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-default-cache: default_cache
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data: blob:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' blob: https:; worker-src blob:; frame-src 'unsafe-inline' https: data:; frame-ancestors 'unsafe-inline' https: data:;
cache-control: max-age=315360000
referrer-policy: no-referrer
x-xss-protection: 1; mode=block
server: nginx/1.18.0

GET
H3 200 page.js Show response
static.addtoany.com/menu/ 3 KB
2 KB 79ms
41ms Script
application/javascript 172.67.39.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/page.js

Requested by

Host: www.thenewsobserver.com
URL: https://www.thenewsobserver.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.39.148 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2471f4232ccca845a9da8b10e5be81e7323faa5891b9715f425661505f183434

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"3ae23968c16ec39faa9f97db5ea5195b"
age: 16753
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=A%2FoB2Z3Df%2FUk54b%2BoVMlRl2jse%2BsEEP5r8dhozkKVvQu6pnOWTupV1ZVAeUf1fVl0QRu2dcrrG%2FdVJ63Uni4yEoG%2Bv1j7g4e63AqEqbpT%2B2sJoNGCgEEOkKwLWY119rexEKU9mhQw%2B%2B%2BSSLnirWVIKjO"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 25 Nov 2024 11:12:21 GMT
content-type: application/javascript
vary: Accept-Encoding
priority: u=3,i=?0
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: max-age=86400, stale-while-revalidate=30, public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
speculation-rules: "/cdn-cgi/speculation"
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8e81340469f73773-YYZ
access-control-allow-origin: *
server: cloudflare

GET
H2 200 js_fuSCs3Gd0zKHZ_Wwseiqaem5HY2aOEwZFtYa2Ic7_aQ.js Show response
www.thenewsobserver.com/sites/thenewsobserver.etypegoogle7.com/files/js/ 21 KB
7 KB 64ms
57ms Script
application/javascript 104.196.37.2
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.thenewsobserver.com/sites/thenewsobserver.etypegoogle7.com/files/js/js_fuSCs3Gd0zKHZ_Wwseiqaem5HY2aOEwZFtYa2Ic7_aQ.js

Requested by

Host: www.thenewsobserver.com
URL: https://www.thenewsobserver.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.196.37.2 North Charleston, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

2.37.196.104.bc.googleusercontent.com

Software

nginx/1.18.0 /

Resource Hash

7ee482b3719dd3328767f5b0b1e8aa69e9b91d8d9a384c1916d61ad8873bfda4

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data: blob:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' blob: https:; worker-src blob:; frame-src 'unsafe-inline' https: data:; frame-ancestors 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

content-encoding: gzip
etag: W/"665de24c-537d"
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
date: Mon, 25 Nov 2024 11:12:21 GMT
content-type: application/javascript
last-modified: Mon, 03 Jun 2024 15:33:32 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-default-cache: default_cache
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data: blob:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' blob: https:; worker-src blob:; frame-src 'unsafe-inline' https: data:; frame-ancestors 'unsafe-inline' https: data:;
cache-control: max-age=315360000
referrer-policy: no-referrer
x-xss-protection: 1; mode=block
server: nginx/1.18.0

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 107 KB
32 KB 108ms
51ms Script
text/javascript 142.251.40.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: www.thenewsobserver.com
URL: https://www.thenewsobserver.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.194 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s38-in-f2.1e100.net

Software

cafe /

Resource Hash

b58010772aeb689c400ed5d6e3012640cce0bf8b812ff5fa8ed14d072532cec9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

content-encoding: br
etag: 251 / 20052 / m202411180101 / config-hash: 79477889192541496
x-content-type-options: nosniff
expires: Mon, 25 Nov 2024 11:12:21 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Mon, 25 Nov 2024 11:12:21 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
content-disposition: attachment; filename="f.txt"
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 33244
x-xss-protection: 0
server: cafe

GET e687213560c8b
adatoolbar.com/wp-json/onlineada/v1/accessibility-toolbar/ 0
0

GET
H2

200

choice.js Show response
cmp.inmobi.com/choice/6Fv0cGNfc_bw8/www.themoneytizer.com/
Redirect Chain

https://cmp.quantcast.com/choice/6Fv0cGNfc_bw8/www.themoneytizer.com/choice.js
https://cmp.inmobi.com/choice/6Fv0cGNfc_bw8/www.themoneytizer.com/choice.js?tag_version=V2

4 KB
2 KB

170ms
26ms

Script
application/javascript

2600:9000:26fa:3e00:1b:cadc:ef40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cmp.inmobi.com/choice/6Fv0cGNfc_bw8/www.themoneytizer.com/choice.js?tag_version=V2
Requested by: Host: www.thenewsobserver.com
URL: https://www.thenewsobserver.com/
Protocol: H2
Server: 2600:9000:26fa:3e00:1b:cadc:ef40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: abc4c24f7cdeabcfa58f96fb120ba7fd52263fe7e3394d24db1ec7ecaee8cc45

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

vary: Access-Control-Request-Headers,Access-Control-Request-Method,Origin,Accept-Encoding
cache-control: max-age=900
content-encoding: br
etag: W/"2f952b6e5c723f68a451eda821ff0ce5"
age: 22
cross-origin-resource-policy: cross-origin
via: 1.1 86f58a7ba760944d1efd0f2fe2242e1e.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: _fI4GGgjOt0OoDHEERR9gvd3JNzcZPrblzQGIAGmykovdAzzoUnoxw==
date: Mon, 25 Nov 2024 11:12:00 GMT
content-type: application/javascript
last-modified: Mon, 01 Jul 2024 09:12:25 GMT
server: AmazonS3
x-amz-cf-pop: JFK52-P1
x-amz-server-side-encryption: AES256

Redirect headers

etag: "408e9e32ff11d19e90e67eb67eb171dc"
age: 44
x-cache: Hit from cloudfront
x-amz-cf-id: HQSf1t9LlvQY7HxJ0C920lPIbuYSZIoxrZOMmKfWfwyp73jo0bl3kw==
date: Mon, 25 Nov 2024 11:11:38 GMT
last-modified: Wed, 15 Nov 2023 20:03:11 GMT
vary: Access-Control-Request-Headers,Access-Control-Request-Method,Origin,Accept-Encoding
cache-control: max-age=3600
location: https://cmp.inmobi.com/choice/6Fv0cGNfc_bw8/www.themoneytizer.com/choice.js?tag_version=V2
cross-origin-resource-policy: cross-origin
via: 1.1 6e01480ef7aa01c23bf600698a613304.cloudfront.net (CloudFront)
accept-ranges: bytes
content-length: 0
x-amz-cf-pop: EWR53-P1
server: AmazonS3
x-amz-website-redirect-location: https://cmp.inmobi.com/choice/6Fv0cGNfc_bw8/www.themoneytizer.com/choice.js?tag_version=V2
x-amz-server-side-encryption: AES256

GET
H2 200 loading.gif
www.thenewsobserver.com/themes/tiempos/images/ 59 KB
59 KB 46ms
43ms Image
image/gif 104.196.37.2
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.thenewsobserver.com/themes/tiempos/images/loading.gif
Requested by: Host: www.thenewsobserver.com
URL: https://www.thenewsobserver.com/sites/thenewsobserver.etypegoogle7.com/files/css/css_R5hpuNas9Jc5YQQsSdT8qk-e_qOOjpcG6HzIrflbJpg.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.196.37.2 North Charleston, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 2.37.196.104.bc.googleusercontent.com
Software: nginx/1.18.0 /
Resource Hash: 431b428df9a9cccde8d4de067400ee8fba8173e82787f3a05b5502d966b05d89

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

cache-control: max-age=315360000, public
etag: "631e340e-ea08"
expires: Thu, 31 Dec 2037 23:55:55 GMT
accept-ranges: bytes
content-length: 59912
date: Mon, 25 Nov 2024 11:12:21 GMT
content-type: image/gif
last-modified: Sun, 11 Sep 2022 19:16:30 GMT
server: nginx/1.18.0

GET
H2 200 Petrona-VariableFont_wght.ttf
www.thenewsobserver.com/fonts/Petrona/ 211 KB
211 KB 114ms
109ms Font
application/octet-stream 104.196.37.2
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.thenewsobserver.com/fonts/Petrona/Petrona-VariableFont_wght.ttf
Requested by: Host: www.thenewsobserver.com
URL: https://www.thenewsobserver.com/sites/thenewsobserver.etypegoogle7.com/files/css/css_R5hpuNas9Jc5YQQsSdT8qk-e_qOOjpcG6HzIrflbJpg.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.196.37.2 North Charleston, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 2.37.196.104.bc.googleusercontent.com
Software: nginx/1.18.0 /
Resource Hash: c5fb9773e1b7b1c8c078b650a644c6370a14d0e0ac67667d58ca8dbb027dcce3

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.thenewsobserver.com
Referer

Response headers

cache-control: max-age=315360000, public
etag: "641b301f-34b24"
expires: Thu, 31 Dec 2037 23:55:55 GMT
accept-ranges: bytes
content-length: 215844
date: Mon, 25 Nov 2024 11:12:21 GMT
content-type: application/octet-stream
last-modified: Wed, 22 Mar 2023 16:43:11 GMT
server: nginx/1.18.0

GET
H2 200 fa-solid-900.woff2
www.thenewsobserver.com/libraries/fontawesome-free-6.4.2-web/webfonts/ 147 KB
147 KB 177ms
172ms Font
application/octet-stream 104.196.37.2
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.thenewsobserver.com/libraries/fontawesome-free-6.4.2-web/webfonts/fa-solid-900.woff2

Requested by

Host: www.thenewsobserver.com
URL: https://www.thenewsobserver.com/sites/thenewsobserver.etypegoogle7.com/files/css/css_R5hpuNas9Jc5YQQsSdT8qk-e_qOOjpcG6HzIrflbJpg.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.196.37.2 North Charleston, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

2.37.196.104.bc.googleusercontent.com

Software

nginx/1.18.0 /

Resource Hash

886c86112a804ef1ddd1cb206af4c8c40e34b73c26652ca231404aa35a6b30d9

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data: blob:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' blob: https:; worker-src blob:; frame-src 'unsafe-inline' https: data:; frame-ancestors 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.thenewsobserver.com
Referer

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-default-cache: default_cache
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data: blob:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' blob: https:; worker-src blob:; frame-src 'unsafe-inline' https: data:; frame-ancestors 'unsafe-inline' https: data:;
etag: "651af831-24a04"
x-content-type-options: nosniff
referrer-policy: no-referrer
accept-ranges: bytes
content-length: 150020
date: Mon, 25 Nov 2024 11:12:21 GMT
x-xss-protection: 1; mode=block
content-type: application/octet-stream
last-modified: Mon, 02 Oct 2023 17:04:49 GMT
server: nginx/1.18.0
x-frame-options: SAMEORIGIN

GET
H2 200 fa-brands-400.woff2
www.thenewsobserver.com/libraries/fontawesome-free-6.4.2-web/webfonts/ 107 KB
108 KB 178ms
173ms Font
application/octet-stream 104.196.37.2
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.thenewsobserver.com/libraries/fontawesome-free-6.4.2-web/webfonts/fa-brands-400.woff2

Requested by

Host: www.thenewsobserver.com
URL: https://www.thenewsobserver.com/sites/thenewsobserver.etypegoogle7.com/files/css/css_R5hpuNas9Jc5YQQsSdT8qk-e_qOOjpcG6HzIrflbJpg.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.196.37.2 North Charleston, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

2.37.196.104.bc.googleusercontent.com

Software

nginx/1.18.0 /

Resource Hash

faae6fc0aa94cc5bde5076647c817a23206096a1cbeda10d1c6f3d89d6163ed1

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data: blob:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' blob: https:; worker-src blob:; frame-src 'unsafe-inline' https: data:; frame-ancestors 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.thenewsobserver.com
Referer

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-default-cache: default_cache
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data: blob:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' blob: https:; worker-src blob:; frame-src 'unsafe-inline' https: data:; frame-ancestors 'unsafe-inline' https: data:;
etag: "651af831-1acf0"
x-content-type-options: nosniff
referrer-policy: no-referrer
accept-ranges: bytes
content-length: 109808
date: Mon, 25 Nov 2024 11:12:21 GMT
x-xss-protection: 1; mode=block
content-type: application/octet-stream
last-modified: Mon, 02 Oct 2023 17:04:49 GMT
server: nginx/1.18.0
x-frame-options: SAMEORIGIN

GET
H2 200 Brittany%20Patterson-WEB.jpg
www.thenewsobserver.com/sites/thenewsobserver.etypegoogle7.com/files/styles/article_thumbnail_230_scale_/public/2024-11/ 8 KB
8 KB 53ms
44ms Image
image/jpeg 104.196.37.2
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.thenewsobserver.com/sites/thenewsobserver.etypegoogle7.com/files/styles/article_thumbnail_230_scale_/public/2024-11/Brittany%20Patterson-WEB.jpg?itok=kcZZ_5ZM

Requested by

Host: www.thenewsobserver.com
URL: https://www.thenewsobserver.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.196.37.2 North Charleston, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

2.37.196.104.bc.googleusercontent.com

Software

nginx/1.18.0 /

Resource Hash

a354c1206370420a046d44d779d08863441f754c5e705f5c71741dc7de1ed1f1

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data: blob:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' blob: https:; worker-src blob:; frame-src 'unsafe-inline' https: data:; frame-ancestors 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

etag: "673de906-1e42"
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
date: Mon, 25 Nov 2024 11:12:21 GMT
content-type: image/jpeg
last-modified: Wed, 20 Nov 2024 13:49:58 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-default-cache: default_cache
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data: blob:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' blob: https:; worker-src blob:; frame-src 'unsafe-inline' https: data:; frame-ancestors 'unsafe-inline' https: data:;
cache-control: max-age=315360000
referrer-policy: no-referrer
accept-ranges: bytes
content-length: 7746
x-xss-protection: 1; mode=block
server: nginx/1.18.0

GET
H2 200 HJ%20FeedFannin.1-WEB.jpg
www.thenewsobserver.com/sites/thenewsobserver.etypegoogle7.com/files/styles/article_thumbnail_230_scale_/public/2024-11/ 23 KB
23 KB 55ms
46ms Image
image/jpeg 104.196.37.2
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.thenewsobserver.com/sites/thenewsobserver.etypegoogle7.com/files/styles/article_thumbnail_230_scale_/public/2024-11/HJ%20FeedFannin.1-WEB.jpg?itok=wZid-hC5

Requested by

Host: www.thenewsobserver.com
URL: https://www.thenewsobserver.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.196.37.2 North Charleston, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

2.37.196.104.bc.googleusercontent.com

Software

nginx/1.18.0 /

Resource Hash

4b3a62be94449ba6ef0da42a279c626a9e430752ef8cc5acb3e5d56f617634a7

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data: blob:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' blob: https:; worker-src blob:; frame-src 'unsafe-inline' https: data:; frame-ancestors 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

etag: "673de906-5a8d"
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
date: Mon, 25 Nov 2024 11:12:21 GMT
content-type: image/jpeg
last-modified: Wed, 20 Nov 2024 13:49:58 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-default-cache: default_cache
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data: blob:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' blob: https:; worker-src blob:; frame-src 'unsafe-inline' https: data:; frame-ancestors 'unsafe-inline' https: data:;
cache-control: max-age=315360000
referrer-policy: no-referrer
accept-ranges: bytes
content-length: 23181
x-xss-protection: 1; mode=block
server: nginx/1.18.0

GET
H2 200 MMfido4-WEB.jpg
www.thenewsobserver.com/sites/thenewsobserver.etypegoogle7.com/files/styles/article_thumbnail_230_scale_/public/2024-11/ 31 KB
31 KB 57ms
48ms Image
image/jpeg 104.196.37.2
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.thenewsobserver.com/sites/thenewsobserver.etypegoogle7.com/files/styles/article_thumbnail_230_scale_/public/2024-11/MMfido4-WEB.jpg?itok=xTZ4cjWf

Requested by

Host: www.thenewsobserver.com
URL: https://www.thenewsobserver.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.196.37.2 North Charleston, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

2.37.196.104.bc.googleusercontent.com

Software

nginx/1.18.0 /

Resource Hash

6d0606b113ee7f28f506837511c0a430ea1049138b7a9158e3ec58e832e4f8cd

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data: blob:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' blob: https:; worker-src blob:; frame-src 'unsafe-inline' https: data:; frame-ancestors 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

etag: "673de906-7a43"
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
date: Mon, 25 Nov 2024 11:12:21 GMT
content-type: image/jpeg
last-modified: Wed, 20 Nov 2024 13:49:58 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-default-cache: default_cache
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data: blob:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' blob: https:; worker-src blob:; frame-src 'unsafe-inline' https: data:; frame-ancestors 'unsafe-inline' https: data:;
cache-control: max-age=315360000
referrer-policy: no-referrer
accept-ranges: bytes
content-length: 31299
x-xss-protection: 1; mode=block
server: nginx/1.18.0

GET
H2 200 Rings%201-WEB.jpg
www.thenewsobserver.com/sites/thenewsobserver.etypegoogle7.com/files/styles/article_thumbnail_230_scale_/public/2024-11/ 21 KB
21 KB 59ms
50ms Image
image/jpeg 104.196.37.2
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.thenewsobserver.com/sites/thenewsobserver.etypegoogle7.com/files/styles/article_thumbnail_230_scale_/public/2024-11/Rings%201-WEB.jpg?itok=2-3IKDog

Requested by

Host: www.thenewsobserver.com
URL: https://www.thenewsobserver.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.196.37.2 North Charleston, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

2.37.196.104.bc.googleusercontent.com

Software

nginx/1.18.0 /

Resource Hash

15254931d3b4908c107be87e7f07935984423db9d98f7f4a1e7679700ada455f

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data: blob:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' blob: https:; worker-src blob:; frame-src 'unsafe-inline' https: data:; frame-ancestors 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

etag: "673de906-530a"
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
date: Mon, 25 Nov 2024 11:12:21 GMT
content-type: image/jpeg
last-modified: Wed, 20 Nov 2024 13:49:58 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-default-cache: default_cache
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data: blob:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' blob: https:; worker-src blob:; frame-src 'unsafe-inline' https: data:; frame-ancestors 'unsafe-inline' https: data:;
cache-control: max-age=315360000
referrer-policy: no-referrer
accept-ranges: bytes
content-length: 21258
x-xss-protection: 1; mode=block
server: nginx/1.18.0

GET
H2 200 Flag%205-WEB.jpg
www.thenewsobserver.com/sites/thenewsobserver.etypegoogle7.com/files/styles/article_thumbnail_230_scale_/public/2024-11/ 21 KB
22 KB 59ms
51ms Image
image/jpeg 104.196.37.2
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.thenewsobserver.com/sites/thenewsobserver.etypegoogle7.com/files/styles/article_thumbnail_230_scale_/public/2024-11/Flag%205-WEB.jpg?itok=qd9dXNQb

Requested by

Host: www.thenewsobserver.com
URL: https://www.thenewsobserver.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.196.37.2 North Charleston, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

2.37.196.104.bc.googleusercontent.com

Software

nginx/1.18.0 /

Resource Hash

4c83815a23a46d47272242611075a71b5e298229efaacc2d95adb75d26698405

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data: blob:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' blob: https:; worker-src blob:; frame-src 'unsafe-inline' https: data:; frame-ancestors 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

etag: "673de906-54cd"
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
date: Mon, 25 Nov 2024 11:12:21 GMT
content-type: image/jpeg
last-modified: Wed, 20 Nov 2024 13:49:58 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-default-cache: default_cache
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data: blob:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' blob: https:; worker-src blob:; frame-src 'unsafe-inline' https: data:; frame-ancestors 'unsafe-inline' https: data:;
cache-control: max-age=315360000
referrer-policy: no-referrer
accept-ranges: bytes
content-length: 21709
x-xss-protection: 1; mode=block
server: nginx/1.18.0

GET
H2 200 Vidalia%204-WEB.jpg
www.thenewsobserver.com/sites/thenewsobserver.etypegoogle7.com/files/styles/article_thumbnail_230_scale_/public/2024-11/ 23 KB
23 KB 61ms
54ms Image
image/jpeg 104.196.37.2
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.thenewsobserver.com/sites/thenewsobserver.etypegoogle7.com/files/styles/article_thumbnail_230_scale_/public/2024-11/Vidalia%204-WEB.jpg?itok=-9oQ_5wt

Requested by

Host: www.thenewsobserver.com
URL: https://www.thenewsobserver.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.196.37.2 North Charleston, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

2.37.196.104.bc.googleusercontent.com

Software

nginx/1.18.0 /

Resource Hash

8207c64c2d40e1f6928cc842973112c37086e554d756200c171094fcd1627171

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data: blob:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' blob: https:; worker-src blob:; frame-src 'unsafe-inline' https: data:; frame-ancestors 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

etag: "673de906-5af4"
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
date: Mon, 25 Nov 2024 11:12:21 GMT
content-type: image/jpeg
last-modified: Wed, 20 Nov 2024 13:49:58 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-default-cache: default_cache
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data: blob:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' blob: https:; worker-src blob:; frame-src 'unsafe-inline' https: data:; frame-ancestors 'unsafe-inline' https: data:;
cache-control: max-age=315360000
referrer-policy: no-referrer
accept-ranges: bytes
content-length: 23284
x-xss-protection: 1; mode=block
server: nginx/1.18.0

GET
H2 200 Kenneth%20boring_WEB.jpg
www.thenewsobserver.com/sites/thenewsobserver.etypegoogle7.com/files/styles/article_thumbnail_230_scale_/public/2023-01/ 18 KB
18 KB 63ms
56ms Image
image/jpeg 104.196.37.2
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.thenewsobserver.com/sites/thenewsobserver.etypegoogle7.com/files/styles/article_thumbnail_230_scale_/public/2023-01/Kenneth%20boring_WEB.jpg?itok=TevLouh9

Requested by

Host: www.thenewsobserver.com
URL: https://www.thenewsobserver.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.196.37.2 North Charleston, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

2.37.196.104.bc.googleusercontent.com

Software

nginx/1.18.0 /

Resource Hash

ab309d4dbe24aa0f4a0e5e4d7aeec790196fbdda107857c4360508eb64d0a296

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data: blob:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' blob: https:; worker-src blob:; frame-src 'unsafe-inline' https: data:; frame-ancestors 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

etag: "63d118da-4726"
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
date: Mon, 25 Nov 2024 11:12:21 GMT
content-type: image/jpeg
last-modified: Wed, 25 Jan 2023 11:56:10 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-default-cache: default_cache
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data: blob:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' blob: https:; worker-src blob:; frame-src 'unsafe-inline' https: data:; frame-ancestors 'unsafe-inline' https: data:;
cache-control: max-age=315360000
referrer-policy: no-referrer
accept-ranges: bytes
content-length: 18214
x-xss-protection: 1; mode=block
server: nginx/1.18.0

GET
H2 200 Holly%20Fehrmann_WEB.jpg
www.thenewsobserver.com/sites/thenewsobserver.etypegoogle7.com/files/styles/article_thumbnail_230_scale_/public/2023-01/ 16 KB
16 KB 62ms
55ms Image
image/jpeg 104.196.37.2
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.thenewsobserver.com/sites/thenewsobserver.etypegoogle7.com/files/styles/article_thumbnail_230_scale_/public/2023-01/Holly%20Fehrmann_WEB.jpg?itok=kJNKetAd

Requested by

Host: www.thenewsobserver.com
URL: https://www.thenewsobserver.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.196.37.2 North Charleston, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

2.37.196.104.bc.googleusercontent.com

Software

nginx/1.18.0 /

Resource Hash

cc3534cb92be2761fe3c31ea4db7283a0e92cabedf9c0bb3d61444cd871421a4

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data: blob:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' blob: https:; worker-src blob:; frame-src 'unsafe-inline' https: data:; frame-ancestors 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

etag: "63d118da-3f10"
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
date: Mon, 25 Nov 2024 11:12:21 GMT
content-type: image/jpeg
last-modified: Wed, 25 Jan 2023 11:56:10 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-default-cache: default_cache
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data: blob:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' blob: https:; worker-src blob:; frame-src 'unsafe-inline' https: data:; frame-ancestors 'unsafe-inline' https: data:;
cache-control: max-age=315360000
referrer-policy: no-referrer
accept-ranges: bytes
content-length: 16144
x-xss-protection: 1; mode=block
server: nginx/1.18.0

GET
H2 200 Ervin%20Thomason_WEB.jpg
www.thenewsobserver.com/sites/thenewsobserver.etypegoogle7.com/files/styles/article_thumbnail_230_scale_/public/2023-01/ 13 KB
13 KB 62ms
55ms Image
image/jpeg 104.196.37.2
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.thenewsobserver.com/sites/thenewsobserver.etypegoogle7.com/files/styles/article_thumbnail_230_scale_/public/2023-01/Ervin%20Thomason_WEB.jpg?itok=Xv25_Uw4

Requested by

Host: www.thenewsobserver.com
URL: https://www.thenewsobserver.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.196.37.2 North Charleston, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

2.37.196.104.bc.googleusercontent.com

Software

nginx/1.18.0 /

Resource Hash

6f35e32c7f68087ef5f05cd02aa7b27a216a8a72963b1cec026cca3f64ad0bed

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data: blob:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' blob: https:; worker-src blob:; frame-src 'unsafe-inline' https: data:; frame-ancestors 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

etag: "63d118da-3256"
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
date: Mon, 25 Nov 2024 11:12:21 GMT
content-type: image/jpeg
last-modified: Wed, 25 Jan 2023 11:56:10 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-default-cache: default_cache
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data: blob:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' blob: https:; worker-src blob:; frame-src 'unsafe-inline' https: data:; frame-ancestors 'unsafe-inline' https: data:;
cache-control: max-age=315360000
referrer-policy: no-referrer
accept-ranges: bytes
content-length: 12886
x-xss-protection: 1; mode=block
server: nginx/1.18.0

GET
H2 200 welcome_xmas.png
www.thenewsobserver.com/sites/thenewsobserver.etypegoogle7.com/files/styles/special_section/public/2024-11/ 295 KB
296 KB 64ms
58ms Image
image/png 104.196.37.2
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.thenewsobserver.com/sites/thenewsobserver.etypegoogle7.com/files/styles/special_section/public/2024-11/welcome_xmas.png?itok=MuTd0v_M

Requested by

Host: www.thenewsobserver.com
URL: https://www.thenewsobserver.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.196.37.2 North Charleston, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

2.37.196.104.bc.googleusercontent.com

Software

nginx/1.18.0 /

Resource Hash

c11eb343414340da434fbd691659c2b6c58b29c5ddae809819db988ac78030d4

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data: blob:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' blob: https:; worker-src blob:; frame-src 'unsafe-inline' https: data:; frame-ancestors 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

etag: "67349773-49c1c"
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
date: Mon, 25 Nov 2024 11:12:21 GMT
content-type: image/png
last-modified: Wed, 13 Nov 2024 12:11:31 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-default-cache: default_cache
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data: blob:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' blob: https:; worker-src blob:; frame-src 'unsafe-inline' https: data:; frame-ancestors 'unsafe-inline' https: data:;
cache-control: max-age=315360000
referrer-policy: no-referrer
accept-ranges: bytes
content-length: 302108
x-xss-protection: 1; mode=block
server: nginx/1.18.0

GET
H2 200 fallsports.jpg
www.thenewsobserver.com/sites/thenewsobserver.etypegoogle7.com/files/styles/special_section/public/2024-08/ 28 KB
29 KB 95ms
89ms Image
image/jpeg 104.196.37.2
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.thenewsobserver.com/sites/thenewsobserver.etypegoogle7.com/files/styles/special_section/public/2024-08/fallsports.jpg?itok=4Mt_fEY1

Requested by

Host: www.thenewsobserver.com
URL: https://www.thenewsobserver.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.196.37.2 North Charleston, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

2.37.196.104.bc.googleusercontent.com

Software

nginx/1.18.0 /

Resource Hash

68cbee18e58f0f55197b350eff1ab6cd4674e25ea8b308e8ad0f05f385c92d30

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data: blob:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' blob: https:; worker-src blob:; frame-src 'unsafe-inline' https: data:; frame-ancestors 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

etag: "66c5e565-7126"
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
date: Mon, 25 Nov 2024 11:12:21 GMT
content-type: image/jpeg
last-modified: Wed, 21 Aug 2024 13:02:29 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-default-cache: default_cache
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data: blob:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' blob: https:; worker-src blob:; frame-src 'unsafe-inline' https: data:; frame-ancestors 'unsafe-inline' https: data:;
cache-control: max-age=315360000
referrer-policy: no-referrer
accept-ranges: bytes
content-length: 28966
x-xss-protection: 1; mode=block
server: nginx/1.18.0

GET
H2 200 Screen%20Shot%202024-08-14%20at%2011.13.17%20AM.png
www.thenewsobserver.com/sites/thenewsobserver.etypegoogle7.com/files/styles/special_section/public/2024-08/ 354 KB
355 KB 98ms
92ms Image
image/png 104.196.37.2
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.thenewsobserver.com/sites/thenewsobserver.etypegoogle7.com/files/styles/special_section/public/2024-08/Screen%20Shot%202024-08-14%20at%2011.13.17%20AM.png?itok=yC6acLI2

Requested by

Host: www.thenewsobserver.com
URL: https://www.thenewsobserver.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.196.37.2 North Charleston, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

2.37.196.104.bc.googleusercontent.com

Software

nginx/1.18.0 /

Resource Hash

c793b26a0bb12d467e67b247fa006653fc8b9acef3849c79dbb1b201849ac9c4

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data: blob:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' blob: https:; worker-src blob:; frame-src 'unsafe-inline' https: data:; frame-ancestors 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

etag: "66bcd7db-58608"
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
date: Mon, 25 Nov 2024 11:12:21 GMT
content-type: image/png
last-modified: Wed, 14 Aug 2024 16:14:19 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-default-cache: default_cache
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data: blob:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' blob: https:; worker-src blob:; frame-src 'unsafe-inline' https: data:; frame-ancestors 'unsafe-inline' https: data:;
cache-control: max-age=315360000
referrer-policy: no-referrer
accept-ranges: bytes
content-length: 361992
x-xss-protection: 1; mode=block
server: nginx/1.18.0

GET
H2 200 Screen%20Shot%202024-06-19%20at%2012.38.13%20PM.png
www.thenewsobserver.com/sites/thenewsobserver.etypegoogle7.com/files/styles/special_section/public/2024-06/ 313 KB
314 KB 107ms
102ms Image
image/png 104.196.37.2
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.thenewsobserver.com/sites/thenewsobserver.etypegoogle7.com/files/styles/special_section/public/2024-06/Screen%20Shot%202024-06-19%20at%2012.38.13%20PM.png?itok=qJgT4JXI

Requested by

Host: www.thenewsobserver.com
URL: https://www.thenewsobserver.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.196.37.2 North Charleston, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

2.37.196.104.bc.googleusercontent.com

Software

nginx/1.18.0 /

Resource Hash

cfc6512c700c0e6e7d38f1be662ccd67a94bda4380e0ee397d82b65ef4cd6edb

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data: blob:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' blob: https:; worker-src blob:; frame-src 'unsafe-inline' https: data:; frame-ancestors 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

etag: "6673179e-4e41a"
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
date: Mon, 25 Nov 2024 11:12:21 GMT
content-type: image/png
last-modified: Wed, 19 Jun 2024 17:38:38 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-default-cache: default_cache
content-security-policy: default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data: blob:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' blob: https:; worker-src blob:; frame-src 'unsafe-inline' https: data:; frame-ancestors 'unsafe-inline' https: data:;
cache-control: max-age=315360000
referrer-policy: no-referrer
accept-ranges: bytes
content-length: 320538
x-xss-protection: 1; mode=block
server: nginx/1.18.0

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 299 KB
102 KB 55ms
52ms Script
application/javascript 2607:f8b0:4006:821::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-SYDC818VDF&l=dataLayer&cx=c&gtm=457e4bk0za200

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-26466179-22

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:821::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c617b3cda4bac6808c302346ba87bfd12646a96bf086da6d14f4ce737f56c04a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Mon, 25 Nov 2024 11:12:21 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 25 Nov 2024 11:12:21 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 104653
x-xss-protection: 0
server: Google Tag Manager

GET
H3 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202411180101/ 492 KB
152 KB 35ms
34ms Script
text/javascript 142.251.40.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202411180101/pubads_impl.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.194 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s38-in-f2.1e100.net

Software

cafe /

Resource Hash

b95fe6fcb4925330bf629fda90a1362a336b4a8b87bf9573d87927d78c186062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

content-encoding: br
etag: 1421939719645060458
age: 58
x-content-type-options: nosniff
expires: Tue, 25 Nov 2025 11:11:23 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Mon, 25 Nov 2024 11:11:23 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 155913
x-xss-protection: 0
server: cafe

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 1000 B
458 B 59ms
56ms XHR
application/json 142.251.40.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.thenewsobserver.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.194 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s38-in-f2.1e100.net

Software

cafe /

Resource Hash

245da6faa64930660fdb4cf3c7a559f3a70ddf31f44d5c2e6e93d6c802001ea8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
content-encoding: br
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Mon, 25 Nov 2024 11:12:21 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 433
date: Mon, 25 Nov 2024 11:12:21 GMT
x-xss-protection: 0
content-type: application/json; charset=UTF-8
content-disposition: attachment; filename="f.txt"
server: cafe

POST
H2 204 collect
www.google-analytics.com/g/ 0
0 104ms
39ms Fetch
text/plain 2607:f8b0:4006:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-SYDC818VDF&gtm=45je4bk0v893268615za200&_p=1732533141113&gcd=13l3l3l3l1l1&npa=0&dma=0&tcfd=10000&tag_exp=101925629~102067555~102067808~102077855~102081485&cid=796251583.1732533141&ul=en-ca&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=AAAI&_s=1&sid=1732533141&sct=1&seg=0&dl=https%3A%2F%2Fwww.thenewsobserver.com%2F&dt=The%20News%20Observer%2C%20Blue%20Ridge%2C%20Georgia&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=812
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-SYDC818VDF&l=dataLayer&cx=c&gtm=457e4bk0za200
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4006:80e::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:86:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:86:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://www.thenewsobserver.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 25 Nov 2024 11:12:21 GMT
content-type: text/plain
server: Golfe2

GET
H2 200 loadView.html
cdnres.willyweather.com/widget/ Frame 6CB3 0
0 423ms
375ms Document
text/html 151.101.3.52
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdnres.willyweather.com/widget/loadView.html?id=114747
Requested by: Host: www.thenewsobserver.com
URL: https://www.thenewsobserver.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.3.52 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache/2.4.46 (IUS) / PHP/7.4.33
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
age: 0
cache-control: max-age=60, public
content-encoding: gzip
content-length: 820
content-type: text/html; charset=UTF-8
date: Mon, 25 Nov 2024 11:12:21 GMT
server: Apache/2.4.46 (IUS)
vary: Accept-Encoding,User-Agent
via: 1.1 varnish
x-cache: MISS
x-cache-hits: 0
x-powered-by: PHP/7.4.33
x-served-by: cache-yul1970023-YUL
x-timer: S1732533142.516561,VS0,VE352

GET
H2 200 cmp2.js Show response
cmp.inmobi.com/tcfv2/53/ 167 KB
44 KB 30ms
29ms Script
text/javascript 2600:9000:26fa:3e00:1b:cadc:ef40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cmp.inmobi.com/tcfv2/53/cmp2.js?referer=www.themoneytizer.com
Requested by: Host: cmp.quantcast.com
URL: https://cmp.quantcast.com/choice/6Fv0cGNfc_bw8/www.themoneytizer.com/choice.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:26fa:3e00:1b:cadc:ef40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 7245e25d6b55f5e66b7525738c32f69601bf8c1230bbb79732e5b68bb9c77f15

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

access-control-max-age: 86400
content-encoding: br
etag: W/"e03797a824781372f42f2a38fe4756e3"
age: 17874
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
x-cache: Hit from cloudfront
x-amz-cf-id: ifWQm3uAQZrbKGi0-ivwnBFxtC9tPVJpjWjpCN1eV6bLL-p-DGl0UQ==
date: Mon, 25 Nov 2024 06:14:28 GMT
content-type: text/javascript;charset=UTF-8
vary: Accept-Encoding
last-modified: Mon, 03 Jun 2024 09:45:41 GMT
cache-control: max-age=172800
cross-origin-resource-policy: cross-origin
via: 1.1 86f58a7ba760944d1efd0f2fe2242e1e.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-amz-cf-pop: JFK52-P1
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H3 200 sm.25.html
static.addtoany.com/menu/ Frame D17C 0
0 65ms
39ms Document
text/html 172.67.39.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/sm.25.html

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/page.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.39.148 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-origin: *
age: 17612
alt-svc: h3=":443"; ma=86400
cache-control: max-age=315360000, immutable
cf-cache-status: HIT
cf-ray: 8e813406ff3cac88-YYZ
content-encoding: br
content-type: text/html; charset=utf-8
date: Mon, 25 Nov 2024 11:12:21 GMT
last-modified: Mon, 25 Nov 2024 06:18:49 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
priority: u=0,i
referrer-policy: strict-origin-when-cross-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OW4a0o%2Bu9SXIHmPT6luxfK%2Fr4dIth4jAzBi93cYUCboPltenVht2hdq158y2x5YaFyzsCZ5ixndtZqbvydcZ5AoibzpEkUuCmuSC9Q9fx24Wpv9XFDOFeOruFzNLm4GKfjS6hHzjPsGTRbTOiYpX9b3G"}],"group":"cf-nel","max_age":604800}
server: cloudflare
server-timing: cfExtPri
speculation-rules: "/cdn-cgi/speculation"
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
x-content-type-options: nosniff

GET
H3 200 core.junnp81e.js Show response
static.addtoany.com/menu/modules/ 70 KB
26 KB 69ms
36ms Script
application/javascript 172.67.39.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/modules/core.junnp81e.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/page.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.39.148 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0570581bf787cbb4a26d1508cf4ed96ef19d1a2465df5b9d5c4003813a2ebd35

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.thenewsobserver.com
Referer

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"e6e4834d2c3691bbe81e6cdbd5ea9b75"
age: 851
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TiHxHZztkRu3uNqjGJWh7WKLL%2FJuP4mFQIrFhsRkq3FtfFY6oPt3aBLRcZjwgTvog1ngzayYQo77Wac4kxxa%2B7tTqoaY09SA9M3zvUru43kCXVJMcQvf6eYM1SSKmzbg5SUQM4Kj"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 25 Nov 2024 11:12:21 GMT
content-type: application/javascript
vary: Accept-Encoding
priority: u=1,i=?0
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: max-age=315360000, immutable
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
speculation-rules: "/cdn-cgi/speculation"
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8e813406f9b1aadc-YYZ
access-control-allow-origin: *
server: cloudflare

GET
H2 200 geoip Show response
cmp.inmobi.com/ 39 B
322 B 86ms
31ms XHR
application/json 2600:9000:26fa:3e00:1b:cadc:ef40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cmp.inmobi.com/geoip
Requested by: Host: cmp.inmobi.com
URL: https://cmp.inmobi.com/tcfv2/53/cmp2.js?referer=www.themoneytizer.com
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:26fa:3e00:1b:cadc:ef40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: CloudFront /
Resource Hash: db02ff920a9b48402d5984f7b7b0c1e780d6c9190f82742ca3760ef79d519833

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: application/json, text/plain, */*
Referer

Response headers

access-control-expose-headers: *
via: 1.1 0ee1fe5fcafe794371111733608557fe.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-cache: FunctionGeneratedResponse from cloudfront
content-length: 39
x-amz-cf-id: 2TTYL-ceevcNT9bRVU1qQJfE08l3_eWMnwniJoAWeCL-VTX32k0x5A==
date: Mon, 25 Nov 2024 11:12:21 GMT
content-type: application/json
x-amz-cf-pop: JFK52-P1
server: CloudFront

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 31ms
30ms Script
text/javascript 2607:f8b0:4006:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-26466179-22

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80e::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

content-encoding: gzip
age: 3813
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:225:0"}],}
x-content-type-options: nosniff
expires: Mon, 25 Nov 2024 12:08:48 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 25 Nov 2024 10:08:48 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
content-type: text/javascript
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:225:0
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 20994
server: Golfe2

POST
H2 200 collect Show response
www.google-analytics.com/j/ 1 B
304 B 40ms
39ms XHR
text/plain 2607:f8b0:4006:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&aip=1&a=954902824&t=pageview&_s=1&dl=https%3A%2F%2Fwww.thenewsobserver.com%2F&ul=en-ca&de=UTF-8&dt=The%20News%20Observer%2C%20Blue%20Ridge%2C%20Georgia&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAUABAAAAACAAI~&jid=889316016&gjid=2020490474&cid=796251583.1732533141&tid=UA-26466179-22&_gid=1573842655.1732533142&_r=1&gtm=457e4bk0za200&gcd=13l3l3l3l3l1&dma=0&tcfd=10000&tag_exp=101925629~102067555~102067808~102077855~102081485&did=dMDhkMT&gdid=dMDhkMT&npa=1&z=1700882780

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80e::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: text/plain
Referer

Response headers

report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:175:0"}],}
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 25 Nov 2024 11:12:21 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: text/plain
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:175:0
access-control-allow-origin: https://www.thenewsobserver.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 1
server: Golfe2

GET
H3 200 topics_frame.html
securepubads.g.doubleclick.net/static/topics/ Frame 7BE4 0
0 77ms
26ms Document
text/html 142.251.40.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/static/topics/topics_frame.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202411180101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.194 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s38-in-f2.1e100.net

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
age: 1924
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3000, stale-while-revalidate=3600
content-encoding: br
content-length: 28994
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 25 Nov 2024 10:40:18 GMT
expires: Mon, 25 Nov 2024 11:30:18 GMT
last-modified: Mon, 18 Nov 2024 20:43:40 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK uid2SecureSignal.js Show response
cdn.prod.uidapi.com/ 3 KB
4 KB 125ms
26ms Script
text/javascript 2600:9000:2511:5e00:a:e047:754:f4a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.prod.uidapi.com/uid2SecureSignal.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202411180101/pubads_impl.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2511:5e00:a:e047:754:f4a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1764e898369c24be8d7d1cbcb82079c27f3898fbc1883f388a5c1008dd30c9e8

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

x-amz-version-id: 0u1R0tyw.MUCZY63NwBE.7D35dRY5mh8
ETag: "0537d8d06dd9dfbe911ad6bf6504f4bf"
Age: 17251
Connection: keep-alive
Via: 1.1 0252b483f7b420504a413a83f987b080.cloudfront.net (CloudFront)
Accept-Ranges: bytes
X-Cache: Hit from cloudfront
Content-Length: 3181
X-Amz-Cf-Id: MhozlgSXofpiSSySlyUOKN1CFMAcORHfCz9lmf_mLI3xYREuHPiyvw==
Date: Mon, 25 Nov 2024 06:24:52 GMT
Content-Type: text/javascript
Last-Modified: Wed, 31 Jul 2024 16:30:07 GMT
Server: AmazonS3
X-Amz-Cf-Pop: JFK50-P6
x-amz-server-side-encryption: AES256

GET
H2 200 esp.js Show response
cdn.id5-sync.com/api/1.0/ 101 KB
29 KB 78ms
29ms Script
text/javascript 2606:4700:10::6816:3556
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.id5-sync.com/api/1.0/esp.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202411180101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3556 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

59855ab21479dde905cf48ff3e82c9c15fcf97c96f99276952e263ede1f58916

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

x-amz-id-2: o6TWqepGTs+4w/MLbrstr2m+yX+O3cuxyK5GQJA/Z/gBrKpfvysiobSJPdHR+D42UcFib4Fo59A=
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: public, max-age=3600
content-encoding: br
cf-cache-status: HIT
etag: W/"a7da20199e9cb2cd9232f608481d0778"
age: 877
x-amz-request-id: MY1S3MK7A3C1S8SS
cf-ray: 8e81340a29a7a2dc-YUL
date: Mon, 25 Nov 2024 11:12:22 GMT
content-type: text/javascript;charset=utf-8
last-modified: Wed, 13 Nov 2024 11:06:09 GMT
vary: Accept-Encoding
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 publishertag.ids.js Show response
static.criteo.net/js/ld/ 42 KB
13 KB 114ms
42ms Script
text/javascript 2620:100:a00b::4
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.ids.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202411180101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a00b::4 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

nginx /

Resource Hash

1635d2075d3343c86490d2229c1fb868ad59d92958ef65e04cb65767c703e9f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

strict-transport-security: max-age=31536000; preload;
cache-control: max-age=86400, public
timing-allow-origin: *
content-encoding: gzip
etag: W/"670e3454-a69c"
cross-origin-resource-policy: cross-origin
expires: Tue, 26 Nov 2024 11:12:22 GMT
access-control-allow-origin: *
date: Mon, 25 Nov 2024 11:12:22 GMT
content-type: text/javascript
last-modified: Tue, 15 Oct 2024 09:22:28 GMT
server: nginx

GET
H2 200 esp.js Show response
oa.openxcdn.net/ 24 KB
8 KB 85ms
21ms Script
application/javascript 34.102.146.192
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://oa.openxcdn.net/esp.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202411180101/pubads_impl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.146.192 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 192.146.102.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

x-goog-metageneration: 1
content-encoding: gzip
x-goog-hash: crc32c=f21hYg==, md5=31VCuIvA42jGmZdUpbniug==
etag: "df5542b88bc0e368c6999754a5b9e2ba"
age: 2757
x-goog-stored-content-encoding: gzip
expires: Tue, 25 Nov 2025 10:26:25 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 7927
date: Mon, 25 Nov 2024 10:26:25 GMT
last-modified: Thu, 27 May 2021 18:30:51 GMT
content-type: application/javascript
x-guploader-uploadid: AFiumC7WX4Sjc-y3QJmFjqoDMC1UaPFG6ocjjYXBu6wuvEYsrza8Nl2p3gCDIByx7HtEXqR4HaEuz_ehzw
cache-control: no-transform
x-goog-storage-class: MULTI_REGIONAL
accept-ranges: bytes
x-goog-generation: 1622140251693895
content-length: 7927
server: UploadServer

GET
H2 200 encrypted-tag-g.js Show response
invstatic101.creativecdn.com/encrypted-signals/ 1 KB
1 KB 280ms
139ms Script
text/javascript 34.96.70.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://invstatic101.creativecdn.com/encrypted-signals/encrypted-tag-g.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202411180101/pubads_impl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.70.87 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 87.70.96.34.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: 839e11d5ea35fe60fd65d0da091762640d7b98144b58f553a8742d863bc60795

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

etag: 96161c00fc10ad819c09e1314f0ae5b4
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1213
date: Mon, 25 Nov 2024 11:12:22 GMT
content-type: text/javascript; charset=utf-8
last-modified: Thu, 14 Nov 2024 17:54:21 GMT
server: Google Frontend
x-cloud-trace-context: ef7886565e78cc35484686556d143d86

GET
H2 200 sync.min.js Show response
tags.crwdcntrl.net/lt/c/16589/ 43 KB
13 KB 95ms
29ms Script
text/javascript 108.138.128.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.crwdcntrl.net/lt/c/16589/sync.min.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202411180101/pubads_impl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.128.124 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-128-124.jfk50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 30b32e97f2e3e06deb742bf2e19daeb4f4657a956e836c2a25a7df2bc72f7500

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

vary: Accept-Encoding
cache-control: public, max-age=86400
content-encoding: gzip
etag: W/"7db46e1255a018ecf02f47b2c19c26c4"
age: 6462
via: 1.1 f7c13eeb01f01c4623bb4e70dbaa731a.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: gFblih2S9eLhRwCgErrk2JbbuumBXwTJ7QMb3Jd5umt5d5zRFt7sag==
date: Mon, 25 Nov 2024 09:24:41 GMT
content-type: text/javascript
last-modified: Tue, 20 Aug 2024 18:47:40 GMT
server: AmazonS3
x-amz-cf-pop: JFK50-P4
x-amz-server-side-encryption: AES256

GET
H2 200 pubcid.min.js Show response
cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/ 732 B
898 B 63ms
18ms Script
application/javascript 2a04:4e42::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/pubcid.min.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202411180101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

access-control-expose-headers: *
content-encoding: br
etag: W/"2dc-IrZxm/sP4aqtIfs1EfEw6Dg5q1Y"
age: 41919
x-content-type-options: nosniff
x-jsd-version-type: branch
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache: HIT, HIT
date: Mon, 25 Nov 2024 11:12:22 GMT
content-type: application/javascript; charset=utf-8
x-served-by: cache-fra-eddf8230042-FRA, cache-yul1970082-YUL
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
content-length: 439
x-jsd-version: master

GET
H2 200 ob.js Show response
cdn-ima.33across.com/ 17 KB
7 KB 87ms
29ms Script
application/javascript 104.18.28.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-ima.33across.com/ob.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202411180101/pubads_impl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.28.101 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9ffa45453324362cbc5cc78288e04513100c2d61baf3a969717ea5df3d0dbb39

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

cache-control: public, max-age=259200
content-encoding: gzip
cf-cache-status: HIT
etag: W/"671a7174-43df"
age: 539504
cf-ray: 8e81340a4c60ec72-YYZ
expires: Thu, 28 Nov 2024 11:12:22 GMT
date: Mon, 25 Nov 2024 11:12:22 GMT
content-type: application/javascript
last-modified: Thu, 24 Oct 2024 16:10:28 GMT
vary: Accept-Encoding
server: cloudflare

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 186 KB
25 KB 164ms
164ms Fetch
text/plain 142.251.40.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2565644911114274&correlator=2051489831406089&eid=31088831&output=ldjh&gdfp_req=1&vrg=202411180101&ptt=17&impl=fifs&gdpr=0&us_privacy=1---&iu_parts=116205717%2CCNI-Newsobserversidebarnetwork2%2CCNI-Newsobserversidebar3%2CCNI-Newsobserversidebarnetwork1%2CCNI-Newsobserversidebar2%2CCNI-Newsobserversidebar1%2CCNI-Newsobserverpromo%2CCNI-Newsobservermarketplace%2CCNI-Newsobservermidhome2%2CCNI-Newsobservermidhome%2CCNI-Newsobserverbanner&enc_prev_ius=%2F%2F0%2F1%2C%2F%2F0%2F2%2C%2F%2F0%2F3%2C%2F%2F0%2F4%2C%2F%2F0%2F5%2C%2F%2F0%2F6%2C%2F%2F0%2F7%2C%2F%2F0%2F8%2C%2F%2F0%2F9%2C%2F%2F0%2F10&prev_iu_szs=300x250%2C300x250%2C300x250%2C300x250%2C300x250%2C300x100%2C300x100%2C300x250%2C300x250%2C468x60%7C320x50&ifi=1&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1732533142068&lmt=1732533142&adxs=1172%2C1172%2C1172%2C1172%2C1172%2C1172%2C1172%2C847%2C128%2C404&adys=1785%2C1478%2C1454%2C1342%2C292%2C268%2C244%2C1483%2C1483%2C865&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=1%7C2%7C3%7C4%7C0%7C0%7C0%7C5%7C6%7C0&ucis=1%7C2%7C3%7C4%7C5%7C6%7C7%7C8%7C9%7Ca&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=-480&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fwww.thenewsobserver.com%2F&vis=1&psz=300x0%7C300x0%7C300x0%7C300x0%7C300x0%7C300x0%7C300x0%7C300x0%7C300x0%7C1019x0&msz=300x0%7C300x0%7C300x0%7C300x0%7C300x0%7C300x0%7C300x0%7C300x0%7C300x0%7C468x0&fws=4%2C4%2C4%2C4%2C4%2C4%2C4%2C4%2C4%2C4&ohw=324%2C324%2C324%2C324%2C324%2C324%2C324%2C1019%2C1019%2C1019&td=1&egid=22856&tan=e1b9a6af-713a-4b4f-b27d-fab2af9e306f%2Ce1b9a6af-713a-4b4f-b27d-fab2af9e3070%2Ce1b9a6af-713a-4b4f-b27d-fab2af9e3071%2Ce1b9a6af-713a-4b4f-b27d-fab2af9e3072%2Ce1b9a6af-713a-4b4f-b27d-fab2af9e3073%2Ce1b9a6af-713a-4b4f-b27d-fab2af9e3074%2Ce1b9a6af-713a-4b4f-b27d-fab2af9e3075%2Ce1b9a6af-713a-4b4f-b27d-fab2af9e3076%2Ce1b9a6af-713a-4b4f-b27d-fab2af9e3077%2Ce1b9a6af-713a-4b4f-b27d-fab2af9e3078&tdf=2&topics=9&tps=9&htps=10&a3p=EhkKCnB1YmNpZC5vcmcYpISXmLYySABSAghkEhwKDWNyd2RjbnRybC5uZXQYpISXmLYySABSAghkEhkKCnVpZGFwaS5jb20Yo4SXmLYySABSAghkEhQKBW9wZW54GKSEl5i2MkgAUgIIZBIbCgxpZDUtc3luYy5jb20YpISXmLYySABSAghkEh0KDmVzcC5jcml0ZW8uY29tGKSEl5i2MkgAUgIIZBIbCgwzM2Fjcm9zcy5jb20YpISXmLYySABSAghkEhcKCHJ0YmhvdXNlGKSEl5i2MkgAUgIIZA..&nt=1&psd=WzE1LFtdLG51bGwsM10.&dlt=1732533140826&idt=681&adks=230262869%2C1867038835%2C1780683417%2C2663202089%2C969011015%2C1211276501%2C2190328612%2C2409705891%2C3801367606%2C1024375588&frm=20&eoidce=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202411180101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.194 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s38-in-f2.1e100.net

Software

cafe /

Resource Hash

5a1cb599eaa342f69797c6e5bbe57329f9ccc64a09c88eebbf2f3f5ac96be8e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

content-encoding: br
google-lineitem-id: 5364072649,6804507097,-2,837437837,-2,-2,-2,-2,-2,4538441751
x-content-type-options: nosniff
google-mediationtag-id: -2
google-mediationgroup-id: -2,-2,-2,-2,-2,-2,-2,-2,-2,-2
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Mon, 25 Nov 2024 11:12:22 GMT
content-type: text/plain; charset=UTF-8
google-creative-id: 138311106457,138492813957,-2,90139483277,-2,-2,-2,-2,-2,138298558877
cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin: https://www.thenewsobserver.com
content-length: 25989
x-xss-protection: 0
server: cafe

GET
H2 200 container.html
4b9515c33e3c77d56939994376f187ed.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 532A 0
0 125ms
41ms Document
text/html 2607:f8b0:4006:821::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://4b9515c33e3c77d56939994376f187ed.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202411180101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:821::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 25 Nov 2024 11:12:22 GMT
expires: Mon, 25 Nov 2024 11:12:22 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 204 increment Show response
id5-sync.com/api/esp/ 0
239 B 352ms
115ms XHR
text/plain 162.19.138.118
OVH OVH SAS

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/api/esp/increment?counter=no-config

Requested by

Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/esp.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.118 Frankfurt am Main, Germany, ASN16276 (OVH OVH SAS, FR),

Reverse DNS

ns31533569.ip-162-19-138.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: text/plain
Referer

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-origin: https://www.thenewsobserver.com
date: Mon, 25 Nov 2024 11:12:21 GMT
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
access-control-allow-credentials: true

GET
H2

200

esp Show response
oajs.openx.net/
Redirect Chain

https://oajs.openx.net/esp?url=https%3A%2F%2Fwww.thenewsobserver.com%2F&rid=esp
https://oajs.openx.net/esp?url=https%3A%2F%2Fwww.thenewsobserver.com%2F&rid=esp&cc=1

85 B
193 B

50ms
49ms

Fetch
application/json

34.120.107.143
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://oajs.openx.net/esp?url=https%3A%2F%2Fwww.thenewsobserver.com%2F&rid=esp&cc=1
Requested by: Host: www.thenewsobserver.com
URL: https://www.thenewsobserver.com/
Protocol: H2
Server: 34.120.107.143 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 143.107.120.34.bc.googleusercontent.com
Software: / Express
Resource Hash: f8c045c1793dccff6dd56354369a0e2f0f5575afbc7f3bd07d8f8460e3e29576

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

etag: W/"55-d291CubrVnCISr2TrQJEgiWY8WA"
access-control-allow-credentials: true
via: 1.1 google
access-control-allow-origin: https://www.thenewsobserver.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 85
date: Mon, 25 Nov 2024 11:12:22 GMT
content-type: application/json; charset=utf-8
x-powered-by: Express
vary: Origin

Redirect headers

location: /esp?url=https%3A%2F%2Fwww.thenewsobserver.com%2F&rid=esp&cc=1
access-control-allow-credentials: true
via: 1.1 google
access-control-allow-origin: https://www.thenewsobserver.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Mon, 25 Nov 2024 11:12:22 GMT
x-powered-by: Express
vary: Origin

POST
H2 200 map Show response
bcp.crwdcntrl.net/6/ 156 B
539 B 123ms
43ms XHR
application/json 98.82.228.218
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://bcp.crwdcntrl.net/6/map
Requested by: Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/16589/sync.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 98.82.228.218 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-98-82-228-218.compute-1.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 8c161f599b9972d3803945fddec28338d696735b79190e1bb593d0355e1f1fbb

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer

Response headers

cache-control: no-cache
pragma: no-cache
access-control-allow-credentials: true
expires: 0
access-control-allow-origin: https://www.thenewsobserver.com
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
content-length: 156
date: Mon, 25 Nov 2024 11:12:22 GMT
content-type: application/json;charset=utf-8
x-server: 10.40.62.92
server: Jetty(9.4.38.v20210224)

GET
H2 200 syncframe
gum.criteo.com/ Frame 3C7B 0
0 102ms
33ms Document
text/html 2620:100:a00b::12
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=www.thenewsobserver.com&gdpr=0&gdpr_consent=

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.ids.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a00b::12 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 25 Nov 2024 11:12:21 GMT
server: Kestrel
server-processing-duration-in-ticks: 339257
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
x-robots-tag: noindex

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame C547 0
0 62ms
61ms Fetch
image/gif 142.251.40.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuoxAYBkbuBxOMSIkmQk6SuJHj9QbgCWo514b87i3fY8d6ljpnro5fb4vMkFVuR1Eh1CruKlwLPhM3ye0A5R1EUIYbKe1HZm2Qm_HnS93LbCiQdYUgKg_IvsUe09p8h00kBxo6QeUjJ-YtcNE7XJYd9rEz5KuL5_ActVLztwr_sJOwgzqxBrl7OPRW4YcqRvwod-RoQHszMG1ktkjp5TD8LICUj76PAlu-JFaWNImm3AG46dx1FruZPn7V6d9yLvBiaOAGiNJchX1GYPyyK2J0Hx1ejFFq7HePseo55bzUQSTS1hZgTZqyhxFvNSYp5y6AjSSkL_ZnPLNWsovZP698GJhwuLsj6iEFf1xBZXmt1Xsr7Pd7fmUP2EAiNI7H4xYT7nkR_NU4SqG1rflt_gRs3s3Dn6TOX_8bVG3U0CUM&sai=AMfl-YRpZsltuxkrn5fhISBWtmFtD1nBfrj8Alkjcf22xjy6RlkDRsGAjNkjIPVOGnhhoZXoUfVBhvbVpJXf_ZBCoWZQlfn3_uTPKI_E-Q2i3i5V27DNwlXHkfITHSVl5teJsvjVWP_oS9rr6b_xFhkV&sig=Cg0ArKJSzG1NQGcGRpoIEAE&uach_m=%5BUACH%5D&urlfix=1&adurl=

Requested by

Host: www.thenewsobserver.com
URL: https://www.thenewsobserver.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.194 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s38-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

cache-control: private
timing-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Mon, 25 Nov 2024 11:12:22 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 0
date: Mon, 25 Nov 2024 11:12:22 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ Frame C547 107 KB
33 KB 129ms
49ms Script
text/javascript 2607:f8b0:4006:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202411180101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:806::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

924e3e2d58904fddec9dc109a68d0527fc095722bc8cb1cba41980a03f7bcf61

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

content-encoding: br
etag: 228 / 20052 / m202411180101 / config-hash: 79477889192541496
x-content-type-options: nosniff
expires: Mon, 25 Nov 2024 11:12:22 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Mon, 25 Nov 2024 11:12:22 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
content-disposition: attachment; filename="f.txt"
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 33243
x-xss-protection: 0
server: cafe

GET
H3 200 ufs_web_display.js Show response
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame C547 217 KB
67 KB 29ms
27ms Script
text/javascript 142.251.40.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202411180101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.194 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s38-in-f2.1e100.net

Software

cafe /

Resource Hash

8d2678ff0715284456a48f52fa21c43a417bea04bcb4b6fcd516ab11dc047192

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

content-encoding: br
etag: 12158714353530318320
age: 1019
x-content-type-options: nosniff
expires: Mon, 25 Nov 2024 11:55:23 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Mon, 25 Nov 2024 10:55:23 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 69014
x-xss-protection: 0
server: cafe

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 1894 0
0 60ms
57ms Fetch
image/gif 142.251.40.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstUUbUId05g07wzw4Dhem9f-e9eHZ1dVI30iY4xYxHKEIJkYSSiVxpZ7y59b0XGiGZuXkHOcrJEMcB70qjIS9rCI_SRUQ0du5CdOiIDC1bvpWSZqVbboFA8fGLD-s7Yho5eoH2RN0l7Ec3cgdyx_BDcdBvJvUV2XHXshXkHNY3e_yXdSLtCZxKtQgTBHRq3uZyPoxeg9h7zkRep5luYev7-GK8tJCRHBbvGpdCSl8Jxjl1GGzXk-T1LZ-BUrd3SpFd0Ie2GKPjWfuL1dMv_ahJevPulKMLE9-4FVWbtk4XX0aCjrVaTkZmU0rwgbX0GdjO7ze0oxpwuPV66eXmqm4xfXcuQc4A2a5Tw0K6G6inQBgT2XjU3rd8Av5dur6lUgoTHilt82hjTPpe5z71Pn6G_90QW4X7AO04y&sai=AMfl-YSIp-NCPk7anwqWi39riiNLFTQZLQh4Oy2MyJBJBsTSz-wf9SOJv7pNh8wppyEGh5OiEc3fK_Y9lwP8592ZExyUsOmfFvgjfSr8CYLFq7NBiL413EEF3eydaNGnu5CNYbQPs2hebMfyMzMqlnAR&sig=Cg0ArKJSzLZIrfONHUvREAE&uach_m=%5BUACH%5D&adurl=

Requested by

Host: www.thenewsobserver.com
URL: https://www.thenewsobserver.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.194 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s38-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

cache-control: private
timing-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Mon, 25 Nov 2024 11:12:22 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 0
date: Mon, 25 Nov 2024 11:12:22 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20241120/r20110914/client/ Frame 1894 3 KB
2 KB 91ms
27ms Script
text/javascript 2607:f8b0:4006:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20241120/r20110914/client/window_focus_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202411180101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:816::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

944a37f694b55de268a0bf52dbae4e12f12c4ae09ee5c8d213ba05075c2865dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

content-encoding: br
etag: 6567774568227038691
age: 3119
x-content-type-options: nosniff
expires: Mon, 09 Dec 2024 10:20:23 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Mon, 25 Nov 2024 10:20:23 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=1209600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 1234
x-xss-protection: 0
server: cafe

GET
H3 200 ufs_web_display.js Show response
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame 1894 217 KB
0 2ms
2ms Script
text/javascript 142.251.40.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202411180101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.194 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s38-in-f2.1e100.net

Software

cafe /

Resource Hash

8d2678ff0715284456a48f52fa21c43a417bea04bcb4b6fcd516ab11dc047192

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

content-encoding: br
etag: 12158714353530318320
age: 1019
x-content-type-options: nosniff
expires: Mon, 25 Nov 2024 11:55:23 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Mon, 25 Nov 2024 10:55:23 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 69014
x-xss-protection: 0
server: cafe

GET
H2 200 17240973819629770483
tpc.googlesyndication.com/simgad/ Frame 1894 35 KB
36 KB 91ms
28ms Image
image/jpeg 2607:f8b0:4006:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/17240973819629770483

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202411180101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:816::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

15ef1fe86210bbfd5b6d051fe4598a6f9bfd8a99b35db22526897a56b1c56747

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

age: 78436
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
x-content-type-options: nosniff
expires: Mon, 24 Nov 2025 13:25:06 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
allow-fenced-frame-automatic-beacons: true
date: Sun, 24 Nov 2024 13:25:06 GMT
last-modified: Mon, 14 Oct 2024 19:07:48 GMT
content-type: image/jpeg
cache-control: public, max-age=31536000
timing-allow-origin: *
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
content-length: 36059
x-xss-protection: 0
server: sffe

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame ECC6 0
0 61ms
61ms Fetch
image/gif 142.251.40.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvmruG0KKNBLXPPGdNHbz772B18AAuEAZ7WdJBWowc8zFNWU-UfqYpZzczFi7nAyebR475nogEaCnIHOladioA59JMCLSmfYDGuoBhLsPWkTybnsU8bih_SdGOnvxNQ2qDJnPv0saRx4UVxEJUdi503BSjHlsWVH6WmT5BtiVsn6RRJ5XE4kp4lMS6BJWtG8O7K3HODlLoyZQEG8nQ9aNY9LXKA2O0cFyFvo-1vbWKWs33tFURMQ4mctjSPyCeGlJPGjYkvzNsm4HMY0snuvr0M18EU0dO9eSsixx7ekpbuCsfIPw7tw3OMkvjOVhaLNTpRgdvd7WkCuQFWH-U7BpK-_GcwVdajIK-SlLz8q4gyiz6LfHNiCEkGyPmPsh0KypqIc5QoMwwnRaakyhnL0gTLtjVTdoitrpee&sai=AMfl-YSrungUA-A5UEzKm0569m0dtSQ5dDPwuHj41v9OpnUMdyiCIXMpcWJD2t-9TKIr7wGEt-5K_dsC1EKb615x_2hfctWgkFDnlAJePvSSEajO1kzvX_xLAcNOHlTVEV-c1I9itP1u-BTVnSMmelma&sig=Cg0ArKJSzHSQRGoryDvtEAE&uach_m=%5BUACH%5D&adurl=

Requested by

Host: www.thenewsobserver.com
URL: https://www.thenewsobserver.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.194 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s38-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

cache-control: private
timing-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Mon, 25 Nov 2024 11:12:22 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 0
date: Mon, 25 Nov 2024 11:12:22 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20241120/r20110914/client/ Frame ECC6 3 KB
0 86ms
86ms Script
text/javascript 2607:f8b0:4006:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20241120/r20110914/client/window_focus_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202411180101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:816::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

944a37f694b55de268a0bf52dbae4e12f12c4ae09ee5c8d213ba05075c2865dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

content-encoding: br
etag: 6567774568227038691
age: 3119
x-content-type-options: nosniff
expires: Mon, 09 Dec 2024 10:20:23 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Mon, 25 Nov 2024 10:20:23 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=1209600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 1234
x-xss-protection: 0
server: cafe

GET
H3 200 ufs_web_display.js Show response
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame ECC6 217 KB
0 0ms
0ms Script
text/javascript 142.251.40.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202411180101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.194 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s38-in-f2.1e100.net

Software

cafe /

Resource Hash

8d2678ff0715284456a48f52fa21c43a417bea04bcb4b6fcd516ab11dc047192

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

content-encoding: br
etag: 12158714353530318320
age: 1019
x-content-type-options: nosniff
expires: Mon, 25 Nov 2024 11:55:23 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Mon, 25 Nov 2024 10:55:23 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 69014
x-xss-protection: 0
server: cafe

GET
H2 200 10109641924893859755
tpc.googlesyndication.com/simgad/ Frame ECC6 58 KB
58 KB 116ms
61ms Image
image/jpeg 2607:f8b0:4006:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/10109641924893859755

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202411180101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:816::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c13af4af594d64f37d71a553d03666924e113c31d6c9fa6f9725deeadb0f9398

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

age: 322180
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
x-content-type-options: nosniff
expires: Fri, 21 Nov 2025 17:42:42 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
allow-fenced-frame-automatic-beacons: true
date: Thu, 21 Nov 2024 17:42:42 GMT
last-modified: Mon, 08 Feb 2016 18:11:04 GMT
content-type: image/jpeg
cache-control: public, max-age=31536000
timing-allow-origin: *
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
content-length: 59624
x-xss-protection: 0
server: sffe

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 1CA4 0
0 59ms
58ms Fetch
image/gif 142.251.40.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuAMunwufDF8NZXF7Np3E_Y_g9RCKsWQ-EEh1cJl8yGLEXIYTbHoagHRpwoymEqLlQziIFuIw7uzfOSBkQG3sUORh6CTBXjUig9k_7K1xn8P0K830IDFFVktmiqYIXU-1a5gNRi7rCPFLgcwU8TnGHrQQP23_X4JDV57X0CYuJAUVh8f8tFjFCAAzhVWepfYsM1OVBFsmpPgAm6d_65j82ipLQAGemLUP_NbiaVC7L1ZgV6PcN1ieLVDm0jVhrC_FQOUuoZeFjgWzcvAX1MGJmaCH2JuZamVv56xkoAhdjagemlbygPZUQW2GZfWjS-WWW7PEXhn809iOjZaD2PDrdbp5ml-AExjN08LJq9eO5pKK2Wptdp4OcOTezQKJJ7IThfXmjjCBhXaXsAer9Jl6BHcw&sai=AMfl-YTlCOtJo_3Mu40krYDkEJR0ElEXQX_UnfzM1vGun3zzsgAS_IfnZ3Ws9kdr8pYnRyEtLMSaXRujl8cEdUseZsOXypAfyWIHZDrV9VvP0HVrqvT06tTjAN8Je6zYG78QhY3aPhQ2U4MFfH0HUZdQ&sig=Cg0ArKJSzHwklpI2LXLhEAE&uach_m=%5BUACH%5D&adurl=

Requested by

Host: www.thenewsobserver.com
URL: https://www.thenewsobserver.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.194 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s38-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

cache-control: private
timing-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Mon, 25 Nov 2024 11:12:22 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 0
date: Mon, 25 Nov 2024 11:12:22 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20241120/r20110914/client/ Frame 1CA4 3 KB
0 73ms
73ms Script
text/javascript 2607:f8b0:4006:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20241120/r20110914/client/window_focus_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202411180101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:816::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

944a37f694b55de268a0bf52dbae4e12f12c4ae09ee5c8d213ba05075c2865dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

content-encoding: br
etag: 6567774568227038691
age: 3119
x-content-type-options: nosniff
expires: Mon, 09 Dec 2024 10:20:23 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Mon, 25 Nov 2024 10:20:23 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=1209600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 1234
x-xss-protection: 0
server: cafe

GET
H3 200 ufs_web_display.js Show response
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame 1CA4 217 KB
0 2ms
2ms Script
text/javascript 142.251.40.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202411180101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.194 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s38-in-f2.1e100.net

Software

cafe /

Resource Hash

8d2678ff0715284456a48f52fa21c43a417bea04bcb4b6fcd516ab11dc047192

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

content-encoding: br
etag: 12158714353530318320
age: 1019
x-content-type-options: nosniff
expires: Mon, 25 Nov 2024 11:55:23 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Mon, 25 Nov 2024 10:55:23 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 69014
x-xss-protection: 0
server: cafe

GET
H2 200 15958780426469365769
tpc.googlesyndication.com/simgad/ Frame 1CA4 40 KB
40 KB 123ms
82ms Image
image/jpeg 2607:f8b0:4006:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/15958780426469365769

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202411180101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:816::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bfdbb26e65397d63e5cb1aed602499dac1c9e8128bf5f13dd3b8892ca2b422a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

age: 322180
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
x-content-type-options: nosniff
expires: Fri, 21 Nov 2025 17:42:42 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
allow-fenced-frame-automatic-beacons: true
date: Thu, 21 Nov 2024 17:42:42 GMT
last-modified: Fri, 20 Dec 2019 15:36:55 GMT
content-type: image/jpeg
cache-control: public, max-age=31536000
timing-allow-origin: *
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
content-length: 40658
x-xss-protection: 0
server: sffe

GET
DATA 200
OK truncated
/ Frame 1894 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8445ce80acc4cbe8714d3181c8f7330649ef1369d10ea653f20301fb6d729336

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame ECC6 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 75c1ae0aa428a4dc6f170ee12f28b6ff765ef8badf6fe03fccfde38b4bde12cb

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 1CA4 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e46f0f0848a08031c0e36f46abf30eb4a762d5a2c76f8fe5f1dbb55121ee75cb

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/png

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1894 0
0 57ms
56ms Fetch
image/gif 142.251.40.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=colleague-executed&name=4

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.194 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s38-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 0
date: Mon, 25 Nov 2024 11:12:22 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame ECC6 0
0 77ms
59ms Fetch
image/gif 142.251.40.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=colleague-executed&name=4

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.194 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s38-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 0
date: Mon, 25 Nov 2024 11:12:22 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1CA4 0
0 103ms
54ms Fetch
image/gif 142.251.40.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=colleague-executed&name=4

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.194 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s38-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 0
date: Mon, 25 Nov 2024 11:12:22 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1894 0
0 55ms
54ms Fetch
image/gif 142.251.40.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=reach&proto=CAlgAWACaAM%3D

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.194 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s38-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 0
date: Mon, 25 Nov 2024 11:12:22 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame ECC6 0
0 100ms
54ms Fetch
image/gif 142.251.40.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=reach&proto=CAlgAWACaAM%3D

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.194 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s38-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 0
date: Mon, 25 Nov 2024 11:12:22 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

POST
H2 200 encrypt Show response
esp.rtbhouse.com/ 177 B
442 B 263ms
136ms Fetch
application/json 35.190.39.111
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://esp.rtbhouse.com/encrypt
Requested by: Host: invstatic101.creativecdn.com
URL: https://invstatic101.creativecdn.com/encrypted-signals/encrypted-tag-g.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.39.111 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 111.39.190.35.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: e860fc2b6ec8bd770e5ef11f2219eeaf5ddba9daf27ccd6537438721ee2ccfbe

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: text/plain
Referer

Response headers

access-control-allow-credentials: true
access-control-allow-methods: POST
via: 1.1 google
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 177
date: Mon, 25 Nov 2024 11:12:22 GMT
content-type: application/json
x-cloud-trace-context: b46bedbbcd720122b660410a73746371
server: Google Frontend
access-control-allow-headers: X-Requested-With

GET
H3 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202411180101/ Frame C547 492 KB
0 0ms
0ms Script
text/javascript 142.251.40.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202411180101/pubads_impl.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.194 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s38-in-f2.1e100.net

Software

cafe /

Resource Hash

b95fe6fcb4925330bf629fda90a1362a336b4a8b87bf9573d87927d78c186062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

content-encoding: br
etag: 1421939719645060458
age: 58
x-content-type-options: nosniff
expires: Tue, 25 Nov 2025 11:11:23 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Mon, 25 Nov 2024 11:11:23 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 155913
x-xss-protection: 0
server: cafe

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ Frame C547 1000 B
0 1ms
1ms XHR
application/json 142.251.40.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.thenewsobserver.com

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.194 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s38-in-f2.1e100.net

Software

cafe /

Resource Hash

245da6faa64930660fdb4cf3c7a559f3a70ddf31f44d5c2e6e93d6c802001ea8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
content-encoding: br
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Mon, 25 Nov 2024 11:12:21 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 433
date: Mon, 25 Nov 2024 11:12:21 GMT
x-xss-protection: 0
content-type: application/json; charset=UTF-8
content-disposition: attachment; filename="f.txt"
server: cafe

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1CA4 0
0 131ms
53ms Fetch
image/gif 142.251.40.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=reach&proto=CAlgAWACaAM%3D

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.194 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s38-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 0
date: Mon, 25 Nov 2024 11:12:22 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 1894 0
0 57ms
56ms Fetch
image/gif 142.251.40.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstaf7rFkWyfUFBF9pVYTAcvtFSJt9par6Si9gKmHYfMQonBpe2PVr1NXeEBRpDpSc8eL4Hm73Ks3_cL8Rno9MLVpAoySUlFjo7dXTjufPxlDXF0nWJ0QKYgPWyY8F-z1hzTgylwdH7GJ99NHdxD5rJNxVde6Af9FQjNRX6qyZES-LbtSbhpqsJA_cFRppGbM-UTOMsQUhlLAfvb2dDF_AFS2_dFfoL7j0U368N1JcGFXPKDLw2tC6SoTRwYQudl-XmO2iI-zYC7X5fUU3HP3o8q4A-QLf5l2p2hZemGzEPZFjbNRM2dP94lk2nfyrDePV1kt24zRH7p2kTG68p-CGFXV8nsO-4lkEjg6H-Pn0WP8tLVlk_80H6RazaqqgY3lgxOdwA9Z5ixq_38-99zUQWtoUTfrb6EvZgmGm8&sai=AMfl-YSWhEU-uznbqQbYi5Gqq-Snkm1iNFTmf34sJGwsWTwWE-BDLYdJAifkwizOwFQEqfemTgEqrchp1eCTKsmx674tvZwP1Ku49V-bfXZ3YjBIlqyv7D3kxpYlmBe0Mc4MmOQ8qfmbOnArSyt4Y7Px&sig=Cg0ArKJSzHyIgmMLyMrKEAE&uach_m=%5BUACH%5D&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&adurl=

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.194 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s38-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

cache-control: private
timing-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Mon, 25 Nov 2024 11:12:22 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 0
date: Mon, 25 Nov 2024 11:12:22 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame ECC6 0
0 57ms
56ms Fetch
image/gif 142.251.40.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsv7UmYjKd9s3qKp57qM64d9Ws_ztoGJBCoGDmQt7Vsq-CUI4bKKWof8eIs8Nm0jL8pD2c_Q31xFB_u-IutNbhqAZ5hdOZ0m9tuR4PEszkMAi8xk9SzSp0PGb0UuGQCYh8zTFTCJpn2HU6yuikQBXeDfuKSXmJIvIdKYWynXEvK-PnhSHFR4zRF3vA_TiQzg1tgCOi9gjFJTZbJcv8W6B-gDps6d39y__Ct6BcdbwsK3l-Smazt6wj6lIXZxE1Dz1XqgCph9fHX2HYXWjJSG5e9KXDPEI3qMUpdPgdcA5UFyn3ebpMLCxQpPFj5h7cV0u7BXaXh86H3auTwNFx6hHMrFcyakPMXVZRhTqJQJMX1y4DB770rv0cBkAySV3-MW1eA0FNAw0iB3vEmufAjUdBWbLNHVgN-IKt-Ix5E&sai=AMfl-YS4b1JG5EKzS48Ex7bPxt8nSKRQuxUDxiPCTySMkpvaxVIYKqSOsxKErabTVcwnZvsKRTL_cukg8gmQCUmgcfI_Z8gWK4_6WeQfPy7NLj5ICU3jpnDdITCs3RTzeFrCJewGYOIcLUTfTZ6a7_gU&sig=Cg0ArKJSzPZmfsN5kJZBEAE&uach_m=%5BUACH%5D&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&adurl=

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.194 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s38-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

cache-control: private
timing-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Mon, 25 Nov 2024 11:12:22 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 0
date: Mon, 25 Nov 2024 11:12:22 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 1CA4 0
0 58ms
56ms Fetch
image/gif 142.251.40.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsst1uKtqqCKmDHMKzcsS3V782g3wQXihJ2yfqGkKJRtsrAVDvDScx0zhUI0Hg1EGD4xZiEpTIq6O_pf7KcYAEW49affPrmz3MN5oLLGl4MYZyoPRNHjHCwcmZ6JFlB9Wq2yPCzeDM5OucXjViLz5mFpbm_uEJhiLKgS9zEkjU0UAWldEJE4nAq69Ldixjo0EHHPBvbF58p8hvlla3AT0vQYLoT07PGtZh0wPmQt2bsq-2AWkONO8Vfx1mf8o2vVa8Iyh6j0XysLEYVLMT4zwuVtw9Mzne0O9DwCytsMTl1KPub_ncBUODBoSBUWcbQEACZ26OTfgzpK2QXrzysB870bbHLlof7_gA5zah_pFGCStxsIhGGy91yecPtoPG0P8t5alme6SRug8X-rc2utMHbmbWOH&sai=AMfl-YSs-Ano5YRs-8lxOo4AD_azxFCpsHSB66CGdjJoQSDl--3mGR6fOrJuk8BTVP0RIENMLGsxamb7kYin3Bx0WHNtBr2IUicvd9gUi4E53Ltn_xnx02R0MpXk72VAE2veAh_j2dgdeoNeMZ9MvWml&sig=Cg0ArKJSzFlU_mEVDfbkEAE&uach_m=%5BUACH%5D&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&adurl=

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.194 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s38-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

cache-control: private
timing-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Mon, 25 Nov 2024 11:12:22 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 0
date: Mon, 25 Nov 2024 11:12:22 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H2 200 pd
google-bidout-d.openx.net/w/1.0/ Frame FD1C 0
0 240ms
64ms Document
text/html 34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Requested by: Host: oa.openxcdn.net
URL: https://oa.openxcdn.net/esp.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-length: 454
content-type: text/html
date: Mon, 25 Nov 2024 11:12:22 GMT
p3p: CP="CUR ADM OUR NOR STA NID"
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
via: 1.1 google

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame C547 0
0 59ms
58ms Fetch
image/gif 142.251.40.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=colleague-executed&name=4

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.194 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s38-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 0
date: Mon, 25 Nov 2024 11:12:22 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame C547 0
0 81ms
54ms Fetch
image/gif 142.251.40.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=reach&proto=CAlgAWACaAM%3D

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.194 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s38-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 0
date: Mon, 25 Nov 2024 11:12:22 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
DATA 200
OK truncated
/ Frame C547 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b524397348e5f76c7eecf6962db4ab687cdc88b63dae369f0e59f6581e318ede

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/png

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame C547 0
0 56ms
56ms Fetch
image/gif 142.251.40.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvItlwOgKYlkYLwgknwTSWFU8kMewa1qPt4X_SL4sUCnzA_SueoU2cQn7cu04ULV-4bzrn7RXIFvHTfamN7oX3f01ZhzUkc1PSOTPx7KDxwAyO9kNn2IfkqJLMGSKLx8RPzByFgL43Ae6Ru2MMpcVkdEFNLWw7RWprhw8E18FTXetUou3QYbUVrz7Zag25Ubmf0uTt3PpBm-n_37_r6ITISoZj1v96VsIvN6e-p6JJxmnDgyjPPZgmzwhJoJzclD3bIf1jjOxnlmkWSEmJqAIpoe95oHk9ZaAaBwT2XuVF6mtOfeRfz6wqXNWDS6fj4HSHKUkx4jpIyTUTI_nBLpIV678VWwveYK91t8znaFeIgblGxz4_tvIH8dvy8WIZi1ydu4BF1E3f9WLF66FxVmLGNY-4vc4lbclDx8pNCGG5_Wg&sai=AMfl-YSajsiWtSJ-LSyIUIv7AXEMs2uA29YyKCBdC5WBm8R4AChY_jwIQ136JDNEwEowrS-hYMnj4qWPaej3ZEaV31NdO3cbO-sRjNfkVFMh6HB1A9-KvFCDibIg1dyoLUNcOCGrzLjKAv1h_Q-4QWLm&sig=Cg0ArKJSzFjIiIgeALOJEAE&uach_m=%5BUACH%5D&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&adurl=

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.194 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s38-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

cache-control: private
timing-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Mon, 25 Nov 2024 11:12:22 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 0
date: Mon, 25 Nov 2024 11:12:22 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 200 topics_frame.html
securepubads.g.doubleclick.net/static/topics/ Frame 5467 0
0 0ms
0ms Document
text/html 142.251.40.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/static/topics/topics_frame.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202411180101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.194 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s38-in-f2.1e100.net

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
age: 1924
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3000, stale-while-revalidate=3600
content-encoding: br
content-length: 28994
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 25 Nov 2024 10:40:18 GMT
expires: Mon, 25 Nov 2024 11:30:18 GMT
last-modified: Mon, 18 Nov 2024 20:43:40 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 sodar Show response
ep1.adtrafficquality.google/getconfig/ Frame C547 17 KB
13 KB 92ms
51ms XHR
application/json 142.251.40.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ep1.adtrafficquality.google/getconfig/sodar?sv=200&tid=gpt&tv=m202411180101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202411180101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.194 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s38-in-f2.1e100.net

Software

cafe /

Resource Hash

522b5a3d92921c52fc34ae2edbdc55014aa0fe4b6a47251ee7f7cc9dfb688ed0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

timing-allow-origin: *
content-encoding: br
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 13318
date: Mon, 25 Nov 2024 11:12:22 GMT
x-xss-protection: 0
content-type: application/json; charset=UTF-8
content-disposition: attachment; filename="f.txt"
server: cafe

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame C547 513 B
259 B 336ms
335ms Fetch
text/plain 142.251.40.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=901147675364106&correlator=3863163432941399&eid=31088726%2C31088831&output=ldjh&gdfp_req=1&vrg=202411180101&ptt=17&impl=fif&gdpr=0&iu_parts=132916964%3A116205717%2Cthenewsobserver.com&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ifi=1&sfv=1-0-40&eri=2&sc=1&cookie=ID%3D1c798a2bcc76f387%3AT%3D1732533142%3ART%3D1732533142%3AS%3DALNI_MbAoVk5UeOccjrnWKYlxbMcBLdqLg&gpic=UID%3D00000f9e60fe7cea%3AT%3D1732533142%3ART%3D1732533142%3AS%3DALNI_MYJEFLOj0CciCTw3g6WNfLYWX7jyA&abxe=1&dt=1732533142686&lmt=1732533142&adxs=1172&adys=2284&biw=1600&bih=1200&isw=300&ish=250&scr_x=0&scr_y=0&btvi=1&ucis=bn7jhlx7ys6f&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=-480&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&nhd=1&url=https%3A%2F%2Fwww.thenewsobserver.com%2F&ref=https%3A%2F%2Fwww.thenewsobserver.com%2F&top=https%3A%2F%2Fwww.thenewsobserver.com%2F&vis=1&psz=0x0&msz=300x0&fws=256&ohw=0&td=1&egid=42350&tan=36bdec8d-4601-4cb6-a6e8-b5ac6b00853f&tdf=2&topics=9&tps=9&htps=10&a3p=EhkKCnB1YmNpZC5vcmcY7YSXmLYySABSAghqEhoKDWNyd2RjbnRybC5uZXQSABjghpeYtjJIABIZCgp1aWRhcGkuY29tGKOEl5i2MkgAUgIIZBI-CgVvcGVueBIsZXlKcElqb2lOa1kxWVhSeU1sWlVja2RDTlVOR2IycE5ia3MyWnowOUluMD0YqIiXmLYySAASGwoMaWQ1LXN5bmMuY29tGJOIl5i2MkgAUgIIahIdCg5lc3AuY3JpdGVvLmNvbRikhJeYtjJIAFICCGQSGwoMMzNhY3Jvc3MuY29tGKSEl5i2MkgAUgIIZBIXCghydGJob3VzZRikhJeYtjJIAFICCGQ.&nt=1&psd=WzE1LFtdLG51bGwsM10.&dlt=1732533142278&idt=305&adks=3084281784&frm=23&eo_id_str=ID%3D641817732ed62118%3AT%3D1732533142%3ART%3D1732533142%3AS%3DAA-AfjYVs27UT7O-kpuTs8Nv0-6u

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202411180101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.194 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s38-in-f2.1e100.net

Software

cafe /

Resource Hash

d5e8edc2a258b3ffdd215ce13f2846e726b1783ca9dd9e6d7483f67e095bb93e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

content-encoding: br
google-lineitem-id: -2
observe-browsing-topics: ?1
x-content-type-options: nosniff
google-mediationtag-id: -2
google-mediationgroup-id: -2
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Mon, 25 Nov 2024 11:12:23 GMT
content-type: text/plain; charset=UTF-8
google-creative-id: -2
cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin: https://www.thenewsobserver.com
content-length: 229
x-xss-protection: 0
server: cafe

GET
H2 200 container.html
9e820cfba3860f9f28d3081fdd93508e.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame D598 0
0 126ms
42ms Document
text/html 2607:f8b0:4006:81d::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://9e820cfba3860f9f28d3081fdd93508e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202411180101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81d::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 25 Nov 2024 11:12:22 GMT
expires: Mon, 25 Nov 2024 11:12:22 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
ep2.adtrafficquality.google/sodar/ Frame C547 18 KB
7 KB 120ms
52ms Script
text/javascript 2607:f8b0:4006:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ep2.adtrafficquality.google/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202411180101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:809::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ff3de130872fe0fb5b770dfa2bc9f0daf8ab320403a34a60d089436f08d24f99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

content-encoding: gzip
etag: "1727224258380615"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
x-content-type-options: nosniff
expires: Mon, 25 Nov 2024 11:12:22 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 25 Nov 2024 11:12:22 GMT
content-type: text/javascript
vary: Accept-Encoding
cache-control: private, max-age=3000
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 6445
x-xss-protection: 0
server: sffe

GET
H2 200 runner.html
ep2.adtrafficquality.google/sodar/sodar2/232/ Frame DA00 0
0 80ms
25ms Document
text/html 2607:f8b0:4006:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ep2.adtrafficquality.google/sodar/sodar2/232/runner.html

Requested by

Host: ep2.adtrafficquality.google
URL: https://ep2.adtrafficquality.google/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:809::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
age: 114
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3000
content-encoding: gzip
content-length: 5005
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 25 Nov 2024 11:10:28 GMT
expires: Mon, 25 Nov 2024 12:00:28 GMT
last-modified: Mon, 23 Sep 2024 18:12:21 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe
www.google.com/recaptcha/api2/ Frame 9F9E 0
0 104ms
50ms Document
text/html 142.250.81.228
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: ep2.adtrafficquality.google
URL: https://ep2.adtrafficquality.google/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.81.228 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s74-in-f4.1e100.net

Software

ESF /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-I2biSxtVxTILoJOQAPggBg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-I2biSxtVxTILoJOQAPggBg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy-report-only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
cross-origin-resource-policy: cross-origin
date: Mon, 25 Nov 2024 11:12:23 GMT
expires: Mon, 25 Nov 2024 11:12:23 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
server: ESF
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 sodar Show response
ep1.adtrafficquality.google/getconfig/ 17 KB
13 KB 69ms
68ms XHR
application/json 142.251.40.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ep1.adtrafficquality.google/getconfig/sodar?sv=200&tid=gpt&tv=m202411180101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202411180101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.194 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s38-in-f2.1e100.net

Software

cafe /

Resource Hash

4c72e533c0537cb38689cd00a46046a33fef06d5d166c5cdc8c471572172e6d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

timing-allow-origin: *
content-encoding: br
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 13061
date: Mon, 25 Nov 2024 11:12:23 GMT
x-xss-protection: 0
content-type: application/json; charset=UTF-8
content-disposition: attachment; filename="f.txt"
server: cafe

GET
H2 200 new-favicon.jpg
www.thenewsobserver.com/sites/thenewsobserver.etypegoogle7.com/files/ 2 KB
2 KB 54ms
49ms Other
image/jpeg 104.196.37.2
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.thenewsobserver.com/sites/thenewsobserver.etypegoogle7.com/files/new-favicon.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.196.37.2 North Charleston, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 2.37.196.104.bc.googleusercontent.com
Software: nginx/1.18.0 /
Resource Hash: 2f59d9b294c4a4d9119f49171936df9f45e5ba70083b9a781516a3fd5a95f31c

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

cache-control: max-age=315360000, public
etag: "5d7bea6f-8a0"
expires: Thu, 31 Dec 2037 23:55:55 GMT
accept-ranges: bytes
content-length: 2208
date: Mon, 25 Nov 2024 11:12:23 GMT
content-type: image/jpeg
last-modified: Fri, 13 Sep 2019 19:13:51 GMT
server: nginx/1.18.0

GET
H2 200 sodar2.js Show response
ep2.adtrafficquality.google/sodar/ 18 KB
0 120ms
52ms Script
text/javascript 2607:f8b0:4006:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ep2.adtrafficquality.google/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202411180101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:809::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ff3de130872fe0fb5b770dfa2bc9f0daf8ab320403a34a60d089436f08d24f99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

content-encoding: gzip
etag: "1727224258380615"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
x-content-type-options: nosniff
expires: Mon, 25 Nov 2024 11:12:22 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 25 Nov 2024 11:12:22 GMT
content-type: text/javascript
vary: Accept-Encoding
cache-control: private, max-age=3000
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 6445
x-xss-protection: 0
server: sffe

GET
H2 200 runner.html
ep2.adtrafficquality.google/sodar/sodar2/232/ Frame FF71 0
0 4ms
4ms Document
text/html 2607:f8b0:4006:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ep2.adtrafficquality.google/sodar/sodar2/232/runner.html

Requested by

Host: ep2.adtrafficquality.google
URL: https://ep2.adtrafficquality.google/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:809::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
age: 114
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3000
content-encoding: gzip
content-length: 5005
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 25 Nov 2024 11:10:28 GMT
expires: Mon, 25 Nov 2024 12:00:28 GMT
last-modified: Mon, 23 Sep 2024 18:12:21 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe
www.google.com/recaptcha/api2/ Frame 9317 0
0 3ms
2ms Document
text/html 142.250.81.228
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: ep2.adtrafficquality.google
URL: https://ep2.adtrafficquality.google/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.81.228 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s74-in-f4.1e100.net

Software

ESF /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-I2biSxtVxTILoJOQAPggBg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-I2biSxtVxTILoJOQAPggBg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy-report-only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
cross-origin-resource-policy: cross-origin
date: Mon, 25 Nov 2024 11:12:23 GMT
expires: Mon, 25 Nov 2024 11:12:23 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
server: ESF
x-content-type-options: nosniff
x-xss-protection: 0

POST
H3 204 ping
pagead2.googlesyndication.com/pagead/ 0
0 54ms
52ms Fetch
text/html 142.251.40.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pagead2.googlesyndication.com/pagead/ping?e=1
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202411180101/pubads_impl.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.251.40.194 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS: lga34s38-in-f2.1e100.net
Software: /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer

Response headers

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 1CA4 42 B
65 B 55ms
55ms Fetch
image/gif 142.251.40.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssW_Ix9EB_Jn5kXezNSoE_ipCkaYdwc-9gTos3Qy426RhYPWWjwzU3X8ADNslFwyYESGnwU6jtOhMsbvkPD1OdaX3DE095GW8ypInQLQlExb96ruR9Kdr6u0ES2GRTr5RRZ6muWJX6Xc7Ol-dMJFaQ3rQjLym986Nt38_BcdyYc5mOmOTXK2LQEfwqb63Ul5N0jmQ&sig=Cg0ArKJSzKLGdWYB9g9QEAE&id=lidar2&mcvt=1000&p=865,403,925,871&tm=1097&tu=97.0999984741211&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20241120&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=3&adk=1024375588&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&co=2846594200&rst=1732533142343&rpt=214&isd=0&lsd=0&met=mue&wmsd=0&pbe=0&fle=0&vae=0&spb=0&sfl=0&ffslot=0&reach=8&io2=0

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.194 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s38-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Mon, 25 Nov 2024 11:12:23 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET sodar
ep1.adtrafficquality.google/pagead/ Frame C547 0
0

GET sodar
ep1.adtrafficquality.google/pagead/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: adatoolbar.com
URL: https://adatoolbar.com/wp-json/onlineada/v1/accessibility-toolbar/e687213560c8b

Domain: ep1.adtrafficquality.google
URL: https://ep1.adtrafficquality.google/pagead/sodar?id=sodar2&v=232&t=2&li=gpt_m202411180101&jk=901147675364106&bg=!iomlicbNAAaIaF9IqGg7ADQBe5WfOONmHX_kj4KK6ROJFEEnGCqOaLdBNsfmTsw2VAwLViZ0RxF38ILjPKkdKCHwFjhbAgAAAH9SAAAAA2gBB34ANgr9BAQvEp7iOE1GcIJWx71Y7KnVBJUhJIMJq-_Dni7rWq9I-B4nA1Xi-4jTz2kU91PsQbzAywoAh3S-vEV7FQOvaRdSBhxY_VmLfXQbu5iMp-Q-QD1gMJzwSvdoWgyHF1fxgqIY4TN9eB4rSxRE7esLyGto8zmwkb29UXI9x1MyFG2zJDuVybP6Z7_xgw7EHnTOAuWu_PgyTBSrdOhvh3JpGR0YxiLA-7OBt5icqqsSo5nsCX4RWhshVz5rgfrt25kCvlBg7Htc0fwDuOCl7Jc5peWDSkJikA8SuAx5-omjJKJJyJc8Oc9rbqHQ81TQQjwLmscGZWIbQggiUodEmvxXOCyO26ouM3C9Z-vGoR1JaZ0o0cJVGjsrkBvK6R_sGXX3-QzwtrEq19nNGHub0KuuvkJSmfqcKbNfYnPkpsroCRHw8pe-og9iIi6F3l9JDlZIKlGyHE2Frd1CWD0veAM2__uNWzpTzJT5Y_YHbMpJznvVNHCF4hwWAxehiINk9PC8x5LaEaKje3fe7BSxrh__HODkt_lYOsJok9DosTfLVsvXfpe3T53AlnB_nB0mRO7pCI0bIPCzyqWusmGp6l9QfvbMdEMVLYO734NPQp3hMVsC_OQ6Iy2D3TJQlk_FprgF0WoIZ9sLVI9inGpVdRU7jmLLgHV-sOxRxuuUGBbKc10pLqi2_rXNm2-ong-a7aLu09_VCIR3_ZJ7Q-XIO9sGbuF-E-CaXUXFdiPIK2BcqhBIHMt2g9mrV-pNHa1jsdzGXxb2Vsi14Emg8lWeupB2i3vNAc9E5n11Kzsu7b2oxqhRXTMYvT28wLi_AoGXj2P3a2bIwJtbAtET7JoJlf_F203M7kygX5i6e4pDEZUEhTGhSwz4YqQWZI84VZsIv0NL5YLYORKDoc8-PewuJC1Htn7MCXwX3MPoUJiPx3N8H_cRJgv6lCryx6O19BPN1tS1N95HKz0Spksl5XosXsSbTxhbnYkoWDoVcmDSoxGvT0ghaReV85qLYgXLHDpuNZdCyo8s0nSeQHBcRJh5QaBF0JHcUBzmTdF-waRszu6rKHacn2A9F7C1CitmOqJp50Hb4HvBY3w9uWiHlthIuES7LbInzmHkeTSJMjJDsmanlRM5Y2xTAfRrMhn5BojFfZQ2S_yoGR2FHMT2A-55zRc1ma6D7KKYsyKjypqjlF9uug

Domain: ep1.adtrafficquality.google
URL: https://ep1.adtrafficquality.google/pagead/sodar?id=sodar2&v=232&t=2&li=gpt_m202411180101&jk=2565644911114274&bg=!8_Cl8L_NAAaIaF9IqGg7ADQBe5WfONdm8E8Mc3PPnVJ6zyc2vFgwJztPBS1SI9SnItRMlSzLvpgCYopn0puOV3U8zvSOAgAAAEtSAAAAAmgBB34ANhCPC6G0WWa1gbsot-RZMJePd3pPyKuHecR8TsCkyw09Z9l2Tj8OTkzljVTMJnQxwCkUndEiwZkCmyPZNJAbxSIxc2v3xAkDJctENxWVtBuOaJdBcEAg2AqiEYksdW6hf9X4OuiPlTGzBpAW1Ji5m9sEaKbzixZOzCPX4zuuHg3CuDHHLythwozXPuiyd6bf0vEkDhUI0k5uXIKfsU-746tNNGFZQG2Tkqpc4aKcLaxxsAA8dEf6RHRc_oWJXyOjm27QKkUJL7HkfCVGJP-GqpBm6ZYig7EiLMyRRw3h4gqUQx0bYgp_wV1SdxZpLOemFKi7SAjFOLdCeD4amxQByVKuRVL2VWERcH05uLWPUg_oDed67e5-Q3XMyHrSLDsdcr_7-gSA9S9SB_0VZjJbMvB7F0VkGtYCGZCLNHpL_ONU4IC7AeTjjoM9trwwxi-ym_KGUIpdYZEFtG5OF2TsuYZMdcmm0KyQARAzVlq5D-U_OeZxFPZZcyH5tYUpnTSpogMEj2SASR8WDsQHGnRK2uEUutJLJcDV59IF9VftREXY0zOS95bFb5qCnnC37yLlV045_z4qrXOoohh_MpDVkSoQJFXTbxeRZHeov-6qH0HYOSfTRYT_uFmKYivS7iXJjzuz2ra7-nNQ9xN80ViqjTV0isArNXQiI2LCkCG4-nSFUT7F7cYcVc6kqd1d0J5uPmm-hv-Syo6MOyS8Jl9Vs2P8K78HtJJ3sbhLTZZAZfOs7ocvHZtmBJgOPxaQXMQkmEJg4bsV3dIqsb0SJy5SKbQewzAHndRlO0984T90vCAfNoqpuHKr7e-mPndjDcLrPh9_hUBOVCF_9riqXBoNYJHyVAl4twsJ_MK3HP72sutzQtzGKYbZe8ZUi0OJLXVbdLId9PE514pl6qRIK-95fJhJKmuuBwW2leezYyi7ZEjL8FBxQHAVlQyVNVVxhXJCVEk91QM

Verdicts & Comments Add Verdict or Comment

184 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

23 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.thenewsobserver.com/	1970-01-21 10:51:33	Name: _ga_SYDC818VDF Value: GS1.1.1732533141.1.0.1732533141.0.0.0
.www.thenewsobserver.com/	1970-01-21 10:37:09	Name: usprivacy Value: 1N--
.thenewsobserver.com/	1970-01-21 10:51:33	Name: _ga Value: GA1.2.796251583.1732533141
.thenewsobserver.com/	1970-01-21 01:16:59	Name: _gid Value: GA1.2.1573842655.1732533142
.thenewsobserver.com/	1970-01-21 01:15:33	Name: _gat_gtag_UA_26466179_22 Value: 1
.thenewsobserver.com/	1970-01-21 10:37:09	Name: __gads Value: ID=1c798a2bcc76f387:T=1732533142:RT=1732533142:S=ALNI_MbAoVk5UeOccjrnWKYlxbMcBLdqLg
.thenewsobserver.com/	1970-01-21 10:37:09	Name: __gpi Value: UID=00000f9e60fe7cea:T=1732533142:RT=1732533142:S=ALNI_MYJEFLOj0CciCTw3g6WNfLYWX7jyA
.thenewsobserver.com/	1970-01-21 05:34:45	Name: __eoi Value: ID=641817732ed62118:T=1732533142:RT=1732533142:S=AA-AfjYVs27UT7O-kpuTs8Nv0-6u
.openx.net/	1970-01-21 10:01:09	Name: i Value: e85e5ab6-bd95-4eb1-81e4-21688cc9caea\|1732533142
.crwdcntrl.net/	1970-01-21 07:44:20	Name: _cc_id Value: 39cd2c74034eb2a30c82167e720b25b8
.criteo.com/	1970-01-21 10:37:09	Name: uid Value: 9fee0413-0a01-4fea-8da8-787983a3d29d
.criteo.com/	1970-01-21 10:37:09	Name: receive-cookie-deprecation Value: 1
.thenewsobserver.com/	1970-01-21 01:15:33	Name: lotame_domain_check Value: thenewsobserver.com
.thenewsobserver.com/	1970-01-21 07:44:21	Name: _cc_id Value: 39cd2c74034eb2a30c82167e720b25b8
.thenewsobserver.com/	1970-01-21 01:16:59	Name: panoramaId_expiry Value: 1732619542254
.doubleclick.net/	1970-01-21 10:51:33	Name: IDE Value: AHWqTUnL8MLfODslZnwQoofh04ih5jiGfDEWysbe068fKzKh25FeUx2AsPjqSBwkRPg
.thenewsobserver.com/	1970-01-21 10:37:09	Name: cto_bundle Value: CL09eV9DYzFNSEZrT0VwMEQlMkZiNEUyTERMaU5VYnA0UVA2NUp5N2dSOHBjMW1NSTZjYzVWVTlRYmZ5YlNkcFhXYlpXd2dXSjFlMlF4bU9pcFVNJTJGOTR4SiUyQlF4VXhqanNzNTg5clNPU3duWnRkcnNJVENOMkFyTkIxbXRFdWNWSERreVJYZ3FXQmdDR3ZSeWI5QnJMT3ZicDFmUVA5b3JCOUFLS1lwbmZYUUQlMkJmN0h0WSUzRA
.openx.net/	1970-01-21 01:37:09	Name: pd Value: v2\|1732533142\|vMgavPkWgy
.adsrvr.org/	1970-01-21 10:01:09	Name: TDID Value: a65a2628-42a6-4073-837f-3670f614c0c3
.adsrvr.org/	1970-01-21 10:01:09	Name: TDCPM Value: CAEYBSABKAIyCwj2w5_EmNPGPRAFOAE.
.yahoo.com/	1970-01-21 10:01:30	Name: A3 Value: d=AQABBJZbRGcCEN5kIwYvhuS_aZFmHSMt6P0FEgEBAQGtRWdOZwAAAAAA_eMAAA&S=AQAAAmu2XnQ2ia1Jei0pY01FTfk
.amazon-adsystem.com/	1970-01-21 06:29:28	Name: ad-id Value: A5pyVhOgoUhRjtTcUV4atsQ
.amazon-adsystem.com/	1970-01-21 10:51:33	Name: ad-privacy Value: 0

27 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://www.thenewsobserver.com/ Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression ''unsafe-inline''
security	error	URL: https://www.thenewsobserver.com/(Line 246) Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression ''unsafe-inline''
security	error	URL: https://www.thenewsobserver.com/(Line 246) Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression ''unsafe-inline''
security	error	URL: about:blank Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression ''unsafe-inline''
security	error	URL: https://static.addtoany.com/menu/page.js Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression ''unsafe-inline''
javascript	error	URL: https://www.thenewsobserver.com/ Message: Access to script at 'https://adatoolbar.com/wp-json/onlineada/v1/accessibility-toolbar/e687213560c8b' from origin 'https://www.thenewsobserver.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://adatoolbar.com/wp-json/onlineada/v1/accessibility-toolbar/e687213560c8b Message: Failed to load resource: net::ERR_FAILED
security	error	URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202411180101/pubads_impl.js(Line 32) Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression ''unsafe-inline''
security	error	URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202411180101/pubads_impl.js(Line 32) Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression ''unsafe-inline''
security	error	URL: https://static.criteo.net/js/ld/publishertag.ids.js Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression ''unsafe-inline''
security	error	URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202411180101/pubads_impl.js(Line 32) Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression ''unsafe-inline''
security	error	URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202411180101/pubads_impl.js(Line 32) Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression ''unsafe-inline''
security	error	URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202411180101/pubads_impl.js(Line 32) Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression ''unsafe-inline''
security	error	URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202411180101/pubads_impl.js(Line 32) Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression ''unsafe-inline''
security	error	URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202411180101/pubads_impl.js(Line 32) Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression ''unsafe-inline''
security	error	URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202411180101/pubads_impl.js(Line 32) Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression ''unsafe-inline''
security	error	URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202411180101/pubads_impl.js(Line 32) Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression ''unsafe-inline''
security	error	URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202411180101/pubads_impl.js(Line 32) Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression ''unsafe-inline''
security	error	URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202411180101/pubads_impl.js(Line 32) Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression ''unsafe-inline''
security	error	URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202411180101/pubads_impl.js(Line 32) Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression ''unsafe-inline''
security	error	URL: https://oa.openxcdn.net/esp.js Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression ''unsafe-inline''
security	error	URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202411180101/pubads_impl.js(Line 32) Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression ''unsafe-inline''
security	error	URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202411180101/pubads_impl.js(Line 32) Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression ''unsafe-inline''
security	error	URL: https://ep2.adtrafficquality.google/sodar/sodar2.js(Line 25) Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression ''unsafe-inline''
security	error	URL: https://ep2.adtrafficquality.google/sodar/sodar2.js(Line 25) Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression ''unsafe-inline''
security	error	URL: https://ep2.adtrafficquality.google/sodar/sodar2.js(Line 25) Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression ''unsafe-inline''
security	error	URL: https://ep2.adtrafficquality.google/sodar/sodar2.js(Line 25) Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression ''unsafe-inline''

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data: blob:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' blob: https:; worker-src blob:; frame-src 'unsafe-inline' https: data:; frame-ancestors 'unsafe-inline' https: data:;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff nosniff
X-Frame-Options	SAMEORIGIN SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

4b9515c33e3c77d56939994376f187ed.safeframe.googlesyndication.com
9e820cfba3860f9f28d3081fdd93508e.safeframe.googlesyndication.com
adatoolbar.com
bcp.crwdcntrl.net
cdn-ima.33across.com
cdn-images.mailchimp.com
cdn.id5-sync.com
cdn.jsdelivr.net
cdn.prod.uidapi.com
cdnres.willyweather.com
cmp.inmobi.com
cmp.quantcast.com
ep1.adtrafficquality.google
ep2.adtrafficquality.google
esp.rtbhouse.com
etypeproductionstorage1.blob.core.windows.net
google-bidout-d.openx.net
gum.criteo.com
id5-sync.com
invstatic101.creativecdn.com
oa.openxcdn.net
oajs.openx.net
pagead2.googlesyndication.com
s3.amazonaws.com
securepubads.g.doubleclick.net
static.addtoany.com
static.criteo.net
tags.crwdcntrl.net
tpc.googlesyndication.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.thenewsobserver.com
adatoolbar.com
ep1.adtrafficquality.google
104.18.28.101
104.196.37.2
108.138.128.124
142.250.81.228
142.251.40.194
151.101.3.52
162.19.138.118
172.67.39.148
20.150.38.36
2600:9000:2511:5e00:a:e047:754:f4a1
2600:9000:26fa:3e00:1b:cadc:ef40:93a1
2606:4700:10::6816:3556
2607:f8b0:4006:806::2002
2607:f8b0:4006:809::2001
2607:f8b0:4006:80e::200e
2607:f8b0:4006:816::2001
2607:f8b0:4006:81d::2001
2607:f8b0:4006:821::2001
2607:f8b0:4006:821::2008
2620:100:a00b::12
2620:100:a00b::4
2a04:4e42::485
3.168.102.39
34.102.146.192
34.120.107.143
34.96.70.87
34.98.64.218
35.190.39.111
52.216.52.248
52.85.61.94
98.82.228.218
03a0f78ade69887cafb42769c5d7661ec10b220adc579f058a966176e2509211
0570581bf787cbb4a26d1508cf4ed96ef19d1a2465df5b9d5c4003813a2ebd35
15254931d3b4908c107be87e7f07935984423db9d98f7f4a1e7679700ada455f
15ef1fe86210bbfd5b6d051fe4598a6f9bfd8a99b35db22526897a56b1c56747
1635d2075d3343c86490d2229c1fb868ad59d92958ef65e04cb65767c703e9f6
1764e898369c24be8d7d1cbcb82079c27f3898fbc1883f388a5c1008dd30c9e8
245da6faa64930660fdb4cf3c7a559f3a70ddf31f44d5c2e6e93d6c802001ea8
2471f4232ccca845a9da8b10e5be81e7323faa5891b9715f425661505f183434
2f59d9b294c4a4d9119f49171936df9f45e5ba70083b9a781516a3fd5a95f31c
30b32e97f2e3e06deb742bf2e19daeb4f4657a956e836c2a25a7df2bc72f7500
37ec45f49bf2dbd2a7f49901c2370e3ed2a2b32f7f82ce86da60841ce2b8aa75
3f534671568fe35349189914762706679cf8fd5e83b2cc8683800dfebc9f16b1
431b428df9a9cccde8d4de067400ee8fba8173e82787f3a05b5502d966b05d89
479869b8d6acf4973961042c49d4fcaa4f9efea38e8e9706e87cc8adf95b2698
4b3a62be94449ba6ef0da42a279c626a9e430752ef8cc5acb3e5d56f617634a7
4c72e533c0537cb38689cd00a46046a33fef06d5d166c5cdc8c471572172e6d4
4c83815a23a46d47272242611075a71b5e298229efaacc2d95adb75d26698405
522b5a3d92921c52fc34ae2edbdc55014aa0fe4b6a47251ee7f7cc9dfb688ed0
544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9
59855ab21479dde905cf48ff3e82c9c15fcf97c96f99276952e263ede1f58916
5a1cb599eaa342f69797c6e5bbe57329f9ccc64a09c88eebbf2f3f5ac96be8e3
613b1a7b4e9e279b4bcceed16041478402a795ac76653535589480190b3aa1c0
68cbee18e58f0f55197b350eff1ab6cd4674e25ea8b308e8ad0f05f385c92d30
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6d0606b113ee7f28f506837511c0a430ea1049138b7a9158e3ec58e832e4f8cd
6f35e32c7f68087ef5f05cd02aa7b27a216a8a72963b1cec026cca3f64ad0bed
7245e25d6b55f5e66b7525738c32f69601bf8c1230bbb79732e5b68bb9c77f15
752d55c576fa27805d9277c3f5f06dab0d21620d765512218eb87ca82dedb2e1
75c1ae0aa428a4dc6f170ee12f28b6ff765ef8badf6fe03fccfde38b4bde12cb
7ee482b3719dd3328767f5b0b1e8aa69e9b91d8d9a384c1916d61ad8873bfda4
8207c64c2d40e1f6928cc842973112c37086e554d756200c171094fcd1627171
839e11d5ea35fe60fd65d0da091762640d7b98144b58f553a8742d863bc60795
8445ce80acc4cbe8714d3181c8f7330649ef1369d10ea653f20301fb6d729336
886c86112a804ef1ddd1cb206af4c8c40e34b73c26652ca231404aa35a6b30d9
8c161f599b9972d3803945fddec28338d696735b79190e1bb593d0355e1f1fbb
8d2678ff0715284456a48f52fa21c43a417bea04bcb4b6fcd516ab11dc047192
924e3e2d58904fddec9dc109a68d0527fc095722bc8cb1cba41980a03f7bcf61
944a37f694b55de268a0bf52dbae4e12f12c4ae09ee5c8d213ba05075c2865dd
9ffa45453324362cbc5cc78288e04513100c2d61baf3a969717ea5df3d0dbb39
a354c1206370420a046d44d779d08863441f754c5e705f5c71741dc7de1ed1f1
a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e
a8261541cc25cff6e5bfdaf24188a89116c818c6b9ef5d03b3a6c2eb116e5fbf
ab309d4dbe24aa0f4a0e5e4d7aeec790196fbdda107857c4360508eb64d0a296
abc4c24f7cdeabcfa58f96fb120ba7fd52263fe7e3394d24db1ec7ecaee8cc45
b15aceb04dbf5604df5617cfe984f48479cb131c1df02825d1c24e9f35d01857
b524397348e5f76c7eecf6962db4ab687cdc88b63dae369f0e59f6581e318ede
b58010772aeb689c400ed5d6e3012640cce0bf8b812ff5fa8ed14d072532cec9
b834a04658eb06d010124d22861feb8ed132ba375cab4151b7605a874e6eaef6
b95fe6fcb4925330bf629fda90a1362a336b4a8b87bf9573d87927d78c186062
bfdbb26e65397d63e5cb1aed602499dac1c9e8128bf5f13dd3b8892ca2b422a7
c11eb343414340da434fbd691659c2b6c58b29c5ddae809819db988ac78030d4
c13af4af594d64f37d71a553d03666924e113c31d6c9fa6f9725deeadb0f9398
c5fb9773e1b7b1c8c078b650a644c6370a14d0e0ac67667d58ca8dbb027dcce3
c617b3cda4bac6808c302346ba87bfd12646a96bf086da6d14f4ce737f56c04a
c793b26a0bb12d467e67b247fa006653fc8b9acef3849c79dbb1b201849ac9c4
cb9ee07812fe2b8ed07d22d915c97f8edc4928a97e8bcc88907b74e3c135b507
cc3534cb92be2761fe3c31ea4db7283a0e92cabedf9c0bb3d61444cd871421a4
cfc6512c700c0e6e7d38f1be662ccd67a94bda4380e0ee397d82b65ef4cd6edb
d5e8edc2a258b3ffdd215ce13f2846e726b1783ca9dd9e6d7483f67e095bb93e
db02ff920a9b48402d5984f7b7b0c1e780d6c9190f82742ca3760ef79d519833
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e46f0f0848a08031c0e36f46abf30eb4a762d5a2c76f8fe5f1dbb55121ee75cb
e860fc2b6ec8bd770e5ef11f2219eeaf5ddba9daf27ccd6537438721ee2ccfbe
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f4c54a5204de64002c85d1bf3bba343c3a6b1e2f3f230de72fa9f002a3992ba8
f8c045c1793dccff6dd56354369a0e2f0f5575afbc7f3bd07d8f8460e3e29576
faae6fc0aa94cc5bde5076647c817a23206096a1cbeda10d1c6f3d89d6163ed1
ff3de130872fe0fb5b770dfa2bc9f0daf8ab320403a34a60d089436f08d24f99

www.thenewsobserver.com Open in urlscan Pro 104.196.37.2 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

106 Requests

95 %HTTPS

42 %IPv6

27 Domains

34 Subdomains

31 IPs

3 Countries

3334 kBTransfer

6443 kBSize

23 Cookies

10 Outgoing links

Redirected requests

106 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.thenewsobserver.com Open in urlscan Pro
104.196.37.2 Public Scan

Screenshot
Live screenshot

Full Image

106
Requests

95 %
HTTPS

42 %
IPv6

27
Domains

34
Subdomains

31
IPs

3
Countries

3334 kB
Transfer

6443 kB
Size

23
Cookies

106 HTTP transactions
4 data transactions