cdnseurevipbot.secureweb.top Open in urlscan Pro
2606:4700:3031::ac43:a761 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://cdnseurevipbot.secureweb.top/
Submission: On November 07 via api (November 7th 2023, 7:00:34 am UTC) from US — Scanned from US

Summary HTTP 193 Redirects Links 294 Behaviour Indicators

Summary

This website contacted 45 IPs in 1 countries across 25 domains to perform 193 HTTP transactions. The main IP is 2606:4700:3031::ac43:a761, located in United States and belongs to CLOUDFLARENET, US. The main domain is cdnseurevipbot.secureweb.top.
TLS certificate: Issued by E1 on October 10th 2023. Valid for: 3 months.

This is the only time cdnseurevipbot.secureweb.top was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
36	2606:4700:303... 2606:4700:3031::ac43:a761	13335 (CLOUDFLAR...) (CLOUDFLARENET)
40	151.101.1.164 151.101.1.164	54113 (FASTLY) (FASTLY)
1	108.138.129.64 108.138.129.64	16509 (AMAZON-02) (AMAZON-02)
2	2607:f8b0:400... 2607:f8b0:4006:81e::2008	15169 (GOOGLE) (GOOGLE)
3	151.101.65.164 151.101.65.164	54113 (FASTLY) (FASTLY)
6	52.54.49.121 52.54.49.121	14618 (AMAZON-AES) (AMAZON-AES)
3	2600:9000:20f... 2600:9000:20f0:2600:4:b37b:9440:93a1	16509 (AMAZON-02) (AMAZON-02)
3	18.238.64.130 18.238.64.130	16509 (AMAZON-02) (AMAZON-02)
4	2607:f8b0:400... 2607:f8b0:4006:81f::2002	15169 (GOOGLE) (GOOGLE)
1	35.227.252.103 35.227.252.103	15169 (GOOGLE) (GOOGLE)
2 4	68.67.179.155 68.67.179.155	29990 (ASN-APPNEX) (ASN-APPNEX)
5	2602:803:c002... 2602:803:c002:200::62	26667 (RUBICONPR...) (RUBICONPROJECT)
1	34.120.63.153 34.120.63.153	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	72.44.43.210 72.44.43.210	14618 (AMAZON-AES) (AMAZON-AES)
1	18.160.156.21 18.160.156.21	16509 (AMAZON-02) (AMAZON-02)
5	99.86.71.49 99.86.71.49	() ()
2	2607:f8b0:400... 2607:f8b0:4006:81e::2001	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:4006:80d::2002	15169 (GOOGLE) (GOOGLE)
17	2607:f8b0:400... 2607:f8b0:4006:822::2002	15169 (GOOGLE) (GOOGLE)
8	2607:f8b0:400... 2607:f8b0:4006:816::2001	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:80f::2002	15169 (GOOGLE) (GOOGLE)
3 4	142.251.40.226 142.251.40.226	15169 (GOOGLE) (GOOGLE)
2 4	172.64.151.101 172.64.151.101	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	2607:f8b0:400... 2607:f8b0:4006:820::2006	15169 (GOOGLE) (GOOGLE)
1	2600:9000:213... 2600:9000:2137:1000:10:43f:4352:ad61	16509 (AMAZON-02) (AMAZON-02)
2	142.251.32.98 142.251.32.98	15169 (GOOGLE) (GOOGLE)
1 1	2607:f8b0:400... 2607:f8b0:4006:817::200e	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:a::9	15169 (GOOGLE) (GOOGLE)
2	13.249.21.101 13.249.21.101	16509 (AMAZON-02) (AMAZON-02)
2 4	99.86.74.78 99.86.74.78	16509 (AMAZON-02) (AMAZON-02)
3	142.251.41.2 142.251.41.2	15169 (GOOGLE) (GOOGLE)
1	23.195.92.23 23.195.92.23	16625 (AKAMAI-AS) (AKAMAI-AS)
1 2	34.98.64.218 34.98.64.218	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2 3	35.71.139.29 35.71.139.29	16509 (AMAZON-02) (AMAZON-02)
2 2	35.71.131.137 35.71.131.137	16509 (AMAZON-02) (AMAZON-02)
2	34.218.8.146 34.218.8.146	16509 (AMAZON-02) (AMAZON-02)
1	44.211.112.71 44.211.112.71	14618 (AMAZON-AES) (AMAZON-AES)
1 2	142.251.40.198 142.251.40.198	15169 (GOOGLE) (GOOGLE)
1	2600:9000:254... 2600:9000:2548:8c00:18:1fcd:353:c61	16509 (AMAZON-02) (AMAZON-02)
2	2606:4700:20:... 2606:4700:20::681a:d12	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2607:f8b0:400... 2607:f8b0:4006:80b::2002	15169 (GOOGLE) (GOOGLE)
1	23.23.164.244 23.23.164.244	14618 (AMAZON-AES) (AMAZON-AES)
1	20.40.202.2 20.40.202.2	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2606:4700:20:... 2606:4700:20::681a:6e5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2607:f8b0:400... 2607:f8b0:4006:808::2004	15169 (GOOGLE) (GOOGLE)
4	2606:4700:20:... 2606:4700:20::ac43:479c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
193	45

36 2606:4700:3031::ac43:a761 (United States)

ASN13335 (CLOUDFLARENET, US)

cdnseurevipbot.secureweb.top	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

40 151.101.1.164 (United States)

ASN54113 (FASTLY, US)

g1.nyt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
static01.nyt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.nytimes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
a1.nyt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.138.129.64 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-129-64.jfk50.r.cloudfront.net

www.datadoghq-browser-agent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:81e::2008 (United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.65.164 (United States)

ASN54113 (FASTLY, US)

samizdat-graphql.nytimes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 52.54.49.121 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-54-49-121.compute-1.amazonaws.com

a.et.nytimes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:20f0:2600:4:b37b:9440:93a1 (United States)

ASN16509 (AMAZON-02, US)

rumcdn.geoedge.be	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.238.64.130 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-238-64-130.jfk52.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:4006:81f::2002 (United States)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.227.252.103 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 103.252.227.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 68.67.179.155 (North Bergen, United States) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 579.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2602:803:c002:200::62 (United States)

ASN26667 (RUBICONPROJECT, US)

fastlane.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.120.63.153 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 153.63.120.34.bc.googleusercontent.com

prebid.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 72.44.43.210 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-72-44-43-210.compute-1.amazonaws.com

tlx.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.160.156.21 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-160-156-21.iah50.r.cloudfront.net

config.aps.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 99.86.71.49 (United States)

ASN- ()
PTR: server-99-86-71-49.iah50.r.cloudfront.net

aax.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:81e::2001 (United States)

ASN15169 (GOOGLE, US)

df0465b83c4db80fe7208c6394ee3d1e.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:80d::2002 (United States)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2607:f8b0:4006:822::2002 (United States)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2607:f8b0:4006:816::2001 (United States)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:80f::2002 (United States)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.251.40.226 (Queens, United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: lga34s39-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 172.64.151.101 (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2607:f8b0:4006:820::2006 (United States)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2137:1000:10:43f:4352:ad61 (United States)

ASN16509 (AMAZON-02, US)

gw.geoedge.be	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.251.32.98 (Queens, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s77-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:817::200e (United States) 1 redirects

ASN15169 (GOOGLE, US)

gcdn.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:a::9 (United States)

ASN15169 (GOOGLE, US)

r4---sn-ab5sznzl.c.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.249.21.101 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-249-21-101.iah50.r.cloudfront.net

dd.nytimes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 99.86.74.78 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: server-99-86-74-78.iah50.r.cloudfront.net

sb.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.251.41.2 (Queens, United States)

ASN15169 (GOOGLE, US)
PTR: lga34s40-in-f2.1e100.net

ade.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.195.92.23 (Secaucus, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-195-92-23.deploy.static.akamaitechnologies.com

cs.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.98.64.218 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 218.64.98.34.bc.googleusercontent.com

nytimes-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.71.139.29 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: afb83dd09526a6517.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.71.131.137 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.218.8.146 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-218-8-146.us-west-2.compute.amazonaws.com

prod.tahoe-analytics.publishers.advertising.a2z.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 44.211.112.71 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-211-112-71.compute-1.amazonaws.com

meter-svc.nytimes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.251.40.198 (Queens, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: lga34s38-in-f6.1e100.net

5290727.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2548:8c00:18:1fcd:353:c61 (United States)

ASN16509 (AMAZON-02, US)

static.chartbeat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::681a:d12 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.brandmetrics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:80b::2002 (United States)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.23.164.244 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-23-23-164-244.compute-1.amazonaws.com

pnytimes.chartbeat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 20.40.202.2 (Des Moines, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

collector.brandmetrics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::681a:6e5 (United States)

ASN13335 (CLOUDFLARENET, US)

platform.iteratehq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:808::2004 (United States)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:20::ac43:479c (United States)

ASN13335 (CLOUDFLARENET, US)

iteratehq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
39	nyt.com g1.nyt.com — Cisco Umbrella Rank: 7214 static01.nyt.com — Cisco Umbrella Rank: 5347 a1.nyt.com — Cisco Umbrella Rank: 6906	922 KB
36	secureweb.top cdnseurevipbot.secureweb.top	959 KB
30	googlesyndication.com df0465b83c4db80fe7208c6394ee3d1e.safeframe.googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 97 tpc.googlesyndication.com — Cisco Umbrella Rank: 149 ade.googlesyndication.com — Cisco Umbrella Rank: 301	170 KB
14	doubleclick.net 4 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 196 googleads.g.doubleclick.net — Cisco Umbrella Rank: 33 cm.g.doubleclick.net — Cisco Umbrella Rank: 245 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 439 5290727.fls.doubleclick.net — Cisco Umbrella Rank: 7412	216 KB
13	nytimes.com samizdat-graphql.nytimes.com — Cisco Umbrella Rank: 5747 a.et.nytimes.com — Cisco Umbrella Rank: 5208 als-svc.nytimes.com Failed www.nytimes.com — Cisco Umbrella Rank: 3593 dd.nytimes.com — Cisco Umbrella Rank: 7435 purr.nytimes.com Failed a.nytimes.com Failed meter-svc.nytimes.com — Cisco Umbrella Rank: 17109	144 KB
10	2mdn.net 1 redirects s0.2mdn.net — Cisco Umbrella Rank: 300 gcdn.2mdn.net — Cisco Umbrella Rank: 1173 r4---sn-ab5sznzl.c.2mdn.net — Cisco Umbrella Rank: 73504	812 KB
9	amazon-adsystem.com c.amazon-adsystem.com — Cisco Umbrella Rank: 306 config.aps.amazon-adsystem.com — Cisco Umbrella Rank: 598 aax.amazon-adsystem.com — Cisco Umbrella Rank: 394	71 KB
6	iteratehq.com platform.iteratehq.com — Cisco Umbrella Rank: 5915 iteratehq.com — Cisco Umbrella Rank: 5338	32 KB
5	rubiconproject.com fastlane.rubiconproject.com — Cisco Umbrella Rank: 513	4 KB
4	scorecardresearch.com 2 redirects sb.scorecardresearch.com — Cisco Umbrella Rank: 172	1 KB
4	casalemedia.com 2 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 625	2 KB
4	3lift.com 2 redirects tlx.3lift.com — Cisco Umbrella Rank: 572 eb2.3lift.com — Cisco Umbrella Rank: 417	2 KB
4	adnxs.com 2 redirects ib.adnxs.com — Cisco Umbrella Rank: 246	3 KB
4	geoedge.be rumcdn.geoedge.be — Cisco Umbrella Rank: 2295 gw.geoedge.be — Cisco Umbrella Rank: 2817	109 KB
3	brandmetrics.com cdn.brandmetrics.com — Cisco Umbrella Rank: 2806 collector.brandmetrics.com — Cisco Umbrella Rank: 3212	20 KB
3	openx.net 1 redirects rtb.openx.net — Cisco Umbrella Rank: 695 nytimes-d.openx.net — Cisco Umbrella Rank: 12828	865 B
2	google.com adservice.google.com — Cisco Umbrella Rank: 105 www.google.com — Cisco Umbrella Rank: 2	1 KB
2	a2z.com prod.tahoe-analytics.publishers.advertising.a2z.com — Cisco Umbrella Rank: 2576	374 B
2	adsrvr.org 2 redirects match.adsrvr.org — Cisco Umbrella Rank: 353	716 B
2	media.net prebid.media.net — Cisco Umbrella Rank: 1335 cs.media.net — Cisco Umbrella Rank: 1513	1 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 35	182 KB
1	chartbeat.net pnytimes.chartbeat.net — Cisco Umbrella Rank: 6725	201 B
1	chartbeat.com static.chartbeat.com — Cisco Umbrella Rank: 1585	24 KB
1	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 212	60 KB
1	datadoghq-browser-agent.com www.datadoghq-browser-agent.com — Cisco Umbrella Rank: 1471	48 KB
193	25

	Domain	Requested by
36	cdnseurevipbot.secureweb.top	cdnseurevipbot.secureweb.top rumcdn.geoedge.be www.datadoghq-browser-agent.com
25	static01.nyt.com	cdnseurevipbot.secureweb.top www.datadoghq-browser-agent.com
17	pagead2.googlesyndication.com	rumcdn.geoedge.be pagead2.googlesyndication.com tpc.googlesyndication.com s0.2mdn.net df0465b83c4db80fe7208c6394ee3d1e.safeframe.googlesyndication.com www.datadoghq-browser-agent.com
12	g1.nyt.com	cdnseurevipbot.secureweb.top g1.nyt.com
8	s0.2mdn.net	rumcdn.geoedge.be s0.2mdn.net df0465b83c4db80fe7208c6394ee3d1e.safeframe.googlesyndication.com
8	tpc.googlesyndication.com	rumcdn.geoedge.be s0.2mdn.net
6	a.et.nytimes.com	cdnseurevipbot.secureweb.top www.datadoghq-browser-agent.com
5	aax.amazon-adsystem.com	www.datadoghq-browser-agent.com
5	fastlane.rubiconproject.com	www.nytimes.com
4	iteratehq.com	www.datadoghq-browser-agent.com
4	sb.scorecardresearch.com	2 redirects cdnseurevipbot.secureweb.top
4	dsum-sec.casalemedia.com	2 redirects googleads.g.doubleclick.net
4	cm.g.doubleclick.net	3 redirects googleads.g.doubleclick.net
4	ib.adnxs.com	2 redirects www.nytimes.com googleads.g.doubleclick.net
4	securepubads.g.doubleclick.net	cdnseurevipbot.secureweb.top rumcdn.geoedge.be www.datadoghq-browser-agent.com
3	eb2.3lift.com	2 redirects cdnseurevipbot.secureweb.top
3	ade.googlesyndication.com	df0465b83c4db80fe7208c6394ee3d1e.safeframe.googlesyndication.com
3	c.amazon-adsystem.com	cdnseurevipbot.secureweb.top www.datadoghq-browser-agent.com
3	rumcdn.geoedge.be	cdnseurevipbot.secureweb.top rumcdn.geoedge.be
3	samizdat-graphql.nytimes.com	cdnseurevipbot.secureweb.top www.datadoghq-browser-agent.com
2	platform.iteratehq.com	cdnseurevipbot.secureweb.top platform.iteratehq.com
2	cdn.brandmetrics.com	www.googletagmanager.com rumcdn.geoedge.be
2	a1.nyt.com	cdnseurevipbot.secureweb.top www.googletagmanager.com
2	5290727.fls.doubleclick.net	1 redirects www.googletagmanager.com
2	prod.tahoe-analytics.publishers.advertising.a2z.com	www.datadoghq-browser-agent.com
2	match.adsrvr.org	2 redirects
2	nytimes-d.openx.net	1 redirects cdnseurevipbot.secureweb.top
2	dd.nytimes.com	cdnseurevipbot.secureweb.top www.datadoghq-browser-agent.com
2	googleads4.g.doubleclick.net	rumcdn.geoedge.be
2	googleads.g.doubleclick.net	rumcdn.geoedge.be
2	df0465b83c4db80fe7208c6394ee3d1e.safeframe.googlesyndication.com	securepubads.g.doubleclick.net rumcdn.geoedge.be
2	www.googletagmanager.com	cdnseurevipbot.secureweb.top www.googletagmanager.com
1	www.google.com	rumcdn.geoedge.be
1	collector.brandmetrics.com	cdn.brandmetrics.com
1	pnytimes.chartbeat.net	cdnseurevipbot.secureweb.top
1	adservice.google.com	5290727.fls.doubleclick.net
1	static.chartbeat.com	cdnseurevipbot.secureweb.top
1	meter-svc.nytimes.com	www.datadoghq-browser-agent.com
1	cs.media.net	cdnseurevipbot.secureweb.top
1	r4---sn-ab5sznzl.c.2mdn.net	df0465b83c4db80fe7208c6394ee3d1e.safeframe.googlesyndication.com
1	gcdn.2mdn.net	1 redirects
1	gw.geoedge.be	rumcdn.geoedge.be
1	www.googletagservices.com	rumcdn.geoedge.be
1	config.aps.amazon-adsystem.com	c.amazon-adsystem.com
1	tlx.3lift.com	www.nytimes.com
1	prebid.media.net	www.nytimes.com
1	rtb.openx.net	www.nytimes.com
1	www.nytimes.com	cdnseurevipbot.secureweb.top
1	www.datadoghq-browser-agent.com	cdnseurevipbot.secureweb.top
0	a.nytimes.com Failed	www.datadoghq-browser-agent.com
0	purr.nytimes.com Failed	www.datadoghq-browser-agent.com
0	als-svc.nytimes.com Failed	cdnseurevipbot.secureweb.top
193	52

This site contains links to these domains. Also see Links.

Domain
www.nytimes.com
cn.nytimes.com
cooking.nytimes.com
theathletic.com
help.nytimes.com
www.nytco.com
nytmediakit.com
www.tbrandstudio.com

Subject Issuer	Validity	Valid
secureweb.top E1	`2023-10-10` - `2024-01-08`	3 months	crt.sh
nytimes.com Thawte RSA CA 2018	`2023-03-22` - `2024-04-21`	a year	crt.sh
*.datadoghq-browser-agent.com DigiCert TLS RSA SHA256 2020 CA1	`2023-01-14` - `2024-01-16`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
a.et.nytimes.com R3	`2023-09-13` - `2023-12-12`	3 months	crt.sh
gw.geoedge.be Amazon RSA 2048 M01	`2023-08-12` - `2024-09-09`	a year	crt.sh
c.amazon-adsystem.com Amazon RSA 2048 M01	`2023-02-28` - `2024-02-17`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
*.openx.net RapidSSL TLS RSA CA G1	`2023-08-18` - `2024-08-18`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2023-02-13` - `2024-03-15`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2023-03-05` - `2024-04-03`	a year	crt.sh
prebid.media.net GTS CA 1D4	`2023-10-28` - `2024-01-26`	3 months	crt.sh
*.3lift.com Amazon RSA 2048 M02	`2023-04-13` - `2024-05-11`	a year	crt.sh
config.aps.amazon-adsystem.com Amazon RSA 2048 M02	`2023-02-20` - `2024-03-20`	a year	crt.sh
aax-dtb-mobile-cf.amazon-adsystem.com Amazon RSA 2048 M01	`2023-03-16` - `2024-03-08`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
dd.nytimes.com Sectigo RSA Domain Validation Secure Server CA	`2023-03-08` - `2024-04-06`	a year	crt.sh
*.media.net DigiCert TLS RSA SHA256 2020 CA1	`2023-02-10` - `2024-02-18`	a year	crt.sh
prod.tahoe-analytics.publishers.advertising.a2z.com Amazon RSA 2048 M01	`2023-02-21` - `2024-03-21`	a year	crt.sh
meter-svc.nytimes.com R3	`2023-10-20` - `2024-01-18`	3 months	crt.sh
*.chartbeat.com Thawte TLS RSA CA G1	`2023-05-16` - `2024-06-06`	a year	crt.sh
brandmetrics.com GTS CA 1P5	`2023-11-04` - `2024-02-02`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
*.chartbeat.net Thawte RSA CA 2018	`2022-12-19` - `2023-12-30`	a year	crt.sh
*.brandmetrics.com Go Daddy Secure Certificate Authority - G2	`2023-05-10` - `2024-06-10`	a year	crt.sh
iteratehq.com E1	`2023-09-24` - `2023-12-23`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh

This page contains 10 frames:

Primary Page: https://cdnseurevipbot.secureweb.top/
Frame ID: 11BBFF5226886CA9EC527F2F5FA75E9E
Requests: 137 HTTP requests in this frame

Frame: https://df0465b83c4db80fe7208c6394ee3d1e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: F9103B9A95F1597A6134E8207F499DE3
Requests: 1 HTTP requests in this frame

Frame: https://df0465b83c4db80fe7208c6394ee3d1e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 37564B94D60995ABE3FA9164815B117A
Requests: 24 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIuw7wEQ3bWDAhjPuKzvATAB&v=APEucNVV1eE7tQzctOSIJjUNu58Xu0QHqBR1QIJkUFgi4GOy7TF_JTQW_ld1tqLRH2oIZvaxsmrKGcmKrS8ooGvfU_X-Dx4w1w
Frame ID: 2A27FA3201DF13DFC073B1408F7DDDD6
Requests: 5 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/12319632516142108353/index.html?e=69&leftOffset=0&topOffset=0&c=ogxtjz6WZ8&t=1&renderingType=2&ev=01_250
Frame ID: 2D8A4C6C05FDFC8D26943213D3ABCE47
Requests: 10 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 11BE4D15E29261EB641A175716DBDEB9
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/4WwaGfWzeDAeGvs0ZrtmWMJUG7fu6zGPBJzQt4duOkA.js
Frame ID: E9C80B02906303B3C7309A0B34C00AD5
Requests: 1 HTTP requests in this frame

Frame: https://5290727.fls.doubleclick.net/activityi;dc_pre=CJH3trSosYIDFYMPwQodtUMCkw;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=2627093378772;auiddc=2020073537.1699340428;u17=https%3A%2F%2Fcdnseurevipbot.secureweb.top%2F;u5=;u18=;gtm=45He3b60v72703797;gcd=11l1l1l1l1;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fcdnseurevipbot.secureweb.top%2F
Frame ID: CFB50E1DDB4DFB05E69304A809CAD1CF
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 177739D8976B590979F42CD6B8711B1C
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: C42E65218180FCA7181025D9A99CDAF8
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

The New York Times - Breaking News, US News, World News and VideosGroupGroupGroup

Detected technologies

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Datadome (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Prebid (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.com/[^"]*(?:prebid|/pb\.js)

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

Page Statistics

193
Requests

92 %
HTTPS

43 %
IPv6

25
Domains

52
Subdomains

45
IPs

1
Countries

3780 kB
Transfer

9300 kB
Size

30
Cookies

294 Outgoing links

These are links going to different origins than the main page.

URL: https://www.nytimes.com/es/
Title: Español

Search URL Search Domain Scan URL

URL: https://cn.nytimes.com/
Title: 中文

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/todayspaper
Title: Today’s Paper

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/us
Title: U.S.

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/politics
Title: Politics

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/nyregion
Title: New York

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/column/california-today
Title: California

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/education
Title: Education

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/health
Title: Health

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/obituaries
Title: Obituaries

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/science
Title: Science

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/climate
Title: Climate

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/sports
Title: Sports

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/business
Title: Business

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/technology
Title: Tech

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/upshot
Title: The Upshot

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/magazine
Title: The Magazine

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/news-event/2024-election
Title: 2024 Elections

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/topic/organization/us-supreme-court
Title: Supreme Court

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/topic/organization/us-congress
Title: Congress

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/spotlight/joe-biden
Title: Biden Administration

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/live/2023/11/06/us/trump-biden-times-siena-poll-updates
Title: Times/Siena Poll

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/live/2023/11/06/nyregion/trump-fraud-trial
Title: Trump’s Civil Fraud Trial

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/newsletters/morning-briefing
Title: The MorningMake sense of the day’s news and ideas.

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/newsletters/upshot
Title: The UpshotAnalysis that explains politics, policy and everyday life.

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/newsletters
Title: See all newsletters

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/column/the-daily
Title: The DailyThe biggest stories of our time, in 20 minutes a day.

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/column/election-run-up-podcast
Title: The Run-UpOn the campaign trail with Astead Herndon.

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/spotlight/podcasts
Title: See all podcasts

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/world
Title: World

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/world/africa
Title: Africa

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/world/americas
Title: Americas

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/world/asia
Title: Asia

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/world/australia
Title: Australia

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/world/canada
Title: Canada

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/world/europe
Title: Europe

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/world/middleeast
Title: Middle East

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/news-event/israel-hamas-gaza
Title: Israel-Hamas War

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/news-event/ukraine-russia
Title: Russia-Ukraine War

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/newsletters/morning-briefing-europe
Title: Morning Briefing: EuropeGet what you need to know to start your day.

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/newsletters/the-interpreter
Title: The InterpreterOriginal analysis on the week’s biggest global stories.

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/newsletters/australia-letter
Title: Australia LetterNews, features and opinion for readers in the region.

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/newsletters/canada-letter
Title: Canada LetterBackstories and analysis from our Canadian correspondents.

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/business/economy
Title: Economy

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/business/media
Title: Media

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/markets-overview
Title: Finance and Markets

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/business/dealbook
Title: DealBook

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/technology/personaltech
Title: Personal Tech

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/business/energy-environment
Title: Energy Transition

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/your-money
Title: Your Money

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/news-event/economy-business-us
Title: U.S. Economy

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/topic/subject/organized-labor
Title: Organized Labor

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/spotlight/artificial-intelligence
Title: The Age of A.I.

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/newsletters/dealbook
Title: DealBookThe most crucial business and policy news you need to know.

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/column/hard-fork
Title: Hard ForkOur tech journalists help you make sense of the rapidly changing tech world.

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/arts
Title: Arts

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/books
Title: Books

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/books/best-sellers
Title: Best Sellers

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/arts/dance
Title: Dance

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/movies
Title: Movies

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/arts/music
Title: Music

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/arts/television
Title: Television

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/theater
Title: Theater

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/spotlight/pop-culture
Title: Pop Culture

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/t-magazine
Title: T Magazine

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/arts/design
Title: Visual Arts

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/spotlight/critics-picks
Title: Critic’s Picks

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/spotlight/books-to-read
Title: What to Read

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/spotlight/what-to-watch
Title: What to Watch

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/column/playlist
Title: What to Listen To

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/interactive/2023/10/27/arts/music/music-fivemins-collection.html
Title: 5 Minutes to Make You Love Music

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/newsletters/read-like-the-wind
Title: Read Like the WindBook recommendations from our critics.

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/newsletters/watching
Title: WatchingStreaming TV and movie recommendations.

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/column/book-review-podcast
Title: Book ReviewThe podcast that takes you inside the literary world.

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/column/popcast-pop-music-podcast
Title: PopcastPop music news, new songs and albums, and artists of note.

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/spotlight/lifestyle
Title: Lifestyle

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/well
Title: Well

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/food
Title: Food

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/fashion/weddings
Title: Love

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/travel
Title: Travel

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/style
Title: Style

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/fashion
Title: Fashion

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/realestate
Title: Real Estate

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/column/modern-love
Title: Modern Love

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/column/the-hunt
Title: The Hunt

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/column/social-qs
Title: Social Q’s

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/column/the-ethicist
Title: The Ethicist

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/well/eat
Title: Eat

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/well/move
Title: Move

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/well/mind
Title: Mind

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/well/family
Title: Family

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/well/live
Title: Live

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/column/ask-well
Title: Ask Well

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/newsletters/open-thread-fashion
Title: Open ThreadThe latest news on what we wear, by our chief fashion critic.

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/newsletters/love-letter
Title: Love LetterReal stories of relationship highs, lows and woes.

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/column/modern-love-podcast
Title: Modern LoveThe complicated love lives of real people.

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/opinion
Title: Opinion

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/opinion/contributors
Title: Guest Essays

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/opinion/editorials
Title: Editorials

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/column/op-docs
Title: Op-Docs

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/spotlight/opinion-video
Title: Videos

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/opinion/letters
Title: Letters

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/opinion/politics
Title: Politics

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/opinion/international-world
Title: World

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/opinion/business-economics
Title: Business

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/opinion/technology
Title: Tech

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/opinion/environment
Title: Climate

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/opinion/health
Title: Health

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/section/opinion/culture
Title: Culture

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/column/charles-m-blow
Title: Charles M. Blow

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/column/jamelle-bouie
Title: Jamelle Bouie

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/column/david-brooks
Title: David Brooks

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/column/gail-collins
Title: Gail Collins

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/column/ross-douthat
Title: Ross Douthat

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/column/maureen-dowd
Title: Maureen Dowd

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/column/david-french
Title: David French

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/column/thomas-l-friedman
Title: Thomas L. Friedman

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/column/michelle-goldberg
Title: Michelle Goldberg

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/column/ezra-klein
Title: Ezra Klein

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/column/nicholas-kristof
Title: Nicholas Kristof

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/column/paul-krugman
Title: Paul Krugman

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/column/carlos-lozada
Title: Carlos Lozada

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/column/farhad-manjoo
Title: Farhad Manjoo

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/column/tressie-mcmillan-cottom
Title: Tressie McMillan Cottom

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/column/pamela-paul
Title: Pamela Paul

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/column/lydia-polgreen
Title: Lydia Polgreen

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/column/bret-stephens
Title: Bret Stephens

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/column/zeynep-tufekci
Title: Zeynep Tufekci

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/column/matter-of-opinion
Title: Matter of OpinionThoughts, aloud. With Michelle Cottle, Ross Douthat, Carlos Lozada and Lydia Polgreen.

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/column/ezra-klein-podcast
Title: The Ezra Klein ShowDiscussions of ideas that matter, plus book recommendations.

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/audio/app
Title: Download the Audio app on iOS.

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/column/the-headlines
Title: The Headlines

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/interactive/2022/podcasts/serial-productions.html
Title: Serial Productions

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/spotlight/reporter-reads
Title: Reporter Reads

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/spotlight/the-sunday-read
Title: The Sunday Read

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2023/10/19/podcasts/serial-kids-rutherford-county.html
Title: The Kids of Rutherford CountyA series about how one county illegally jailed children.

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/newsletters/audio
Title: AudioOur editors share their favorite listens from the New York Times Audio app.

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/subscription/all-access
Title: Learn more.

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/crosswords
Title: Games

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/puzzles/spelling-bee
Title: Spelling Bee

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/crosswords/game/mini
Title: The Mini Crossword

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/games/wordle/index.html
Title: Wordle

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/crosswords/game/daily/
Title: The Crossword

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/puzzles/vertex
Title: Vertex

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/games/connections
Title: Connections

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/puzzles/sudoku
Title: Sudoku

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/puzzles/letter-boxed
Title: Letter Boxed

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/puzzles/tiles
Title: Tiles

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/spotlight/spelling-bee-forum
Title: Spelling Bee Forum

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/spotlight/daily-crossword-column
Title: Wordplay Column

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/spotlight/wordle-review
Title: Wordle Review

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/article/submit-crossword-puzzles-the-new-york-times.html
Title: Submit a Crossword

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/spotlight/puzzle-making
Title: Meet Our Crossword Constructors

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2022/09/19/crosswords/mini-to-maestro-part-1.html
Title: Mini to Maestro

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/interactive/2022/upshot/wordle-bot.html
Title: Wordlebot

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/newsletters/gameplay
Title: GameplayPuzzles, brain teasers, solving tips and more.

Search URL Search Domain Scan URL

URL: https://cooking.nytimes.com/
Title: Cooking

Search URL Search Domain Scan URL

URL: https://cooking.nytimes.com/topics/easy-recipes
Title: Easy

Search URL Search Domain Scan URL

URL: https://cooking.nytimes.com/topics/dinner-recipes
Title: Dinner

Search URL Search Domain Scan URL

URL: https://cooking.nytimes.com/68861692-nyt-cooking/43843372-quick-recipes
Title: Quick

Search URL Search Domain Scan URL

URL: https://cooking.nytimes.com/topics/healthy-recipes
Title: Healthy

Search URL Search Domain Scan URL

URL: https://cooking.nytimes.com/topics/breakfast
Title: Breakfast

Search URL Search Domain Scan URL

URL: https://cooking.nytimes.com/topics/vegetarian
Title: Vegetarian

Search URL Search Domain Scan URL

URL: https://cooking.nytimes.com/topics/vegan-recipes
Title: Vegan

Search URL Search Domain Scan URL

URL: https://cooking.nytimes.com/topics/our-best-chicken-recipes
Title: Chicken

Search URL Search Domain Scan URL

URL: https://cooking.nytimes.com/topics/our-best-pasta-recipes
Title: Pasta

Search URL Search Domain Scan URL

URL: https://cooking.nytimes.com/topics/desserts
Title: Dessert

Search URL Search Domain Scan URL

URL: https://cooking.nytimes.com/thanksgiving
Title: Thanksgiving Recipes

Search URL Search Domain Scan URL

URL: https://cooking.nytimes.com/topics/easy-weeknight
Title: Easy Weeknight

Search URL Search Domain Scan URL

URL: https://cooking.nytimes.com/68861692-nyt-cooking/32998034-our-newest-recipes
Title: Newest Recipes

Search URL Search Domain Scan URL

URL: https://cooking.nytimes.com/68861692-nyt-cooking/2370458-one-pot-dinner-recipes
Title: One-Pot Meals

Search URL Search Domain Scan URL

URL: https://cooking.nytimes.com/68861692-nyt-cooking/950138-amazing-slow-cooker-recipes
Title: Slow Cooker Recipes

Search URL Search Domain Scan URL

URL: https://cooking.nytimes.com/topics/comfort-food
Title: Comfort Food

Search URL Search Domain Scan URL

URL: https://cooking.nytimes.com/topics/entertaining
Title: Party Recipes

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/newsletters/cooking
Title: The Cooking NewsletterCulinary inspiration from Sam Sifton and Melissa Clark.

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/newsletters/the-veggie
Title: The VeggieDelicious vegetarian recipes and tips from Tanya Sichynsky.

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/newsletters/five-weeknight-dishes
Title: Five Weeknight DishesDinner ideas for busy people from Emily Weinstein.

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/wirecutter/
Title: Wirecutter

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/wirecutter
Title: WirecutterReviews and recommendations for thousands of products.

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/wirecutter/kitchen-dining/
Title: Kitchen

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/wirecutter/electronics/
Title: Tech

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/wirecutter/sleep/
Title: Sleep

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/wirecutter/appliances/
Title: Appliances

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/wirecutter/home-garden/
Title: Home and Garden

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/wirecutter/make-a-plan/moving/
Title: Moving

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/wirecutter/travel/
Title: Travel

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/wirecutter/gifts/
Title: Gifts

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/wirecutter/deals/
Title: Deals

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/wirecutter/baby-kid/
Title: Baby and Kid

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/wirecutter/health-fitness/
Title: Health and Fitness

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/wirecutter/reviews/best-air-purifier/
Title: Air Purifier

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/wirecutter/reviews/best-electric-toothbrush/
Title: Electric Toothbrush

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/wirecutter/reviews/best-pressure-washer/
Title: Pressure Washer

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/wirecutter/reviews/best-cordless-stick-vacuum/
Title: Cordless Stick Vacuum

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/wirecutter/reviews/best-office-chair/
Title: Office Chair

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/wirecutter/reviews/best-robot-vacuum/
Title: Robot Vacuum

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/newsletters/the-recommendation
Title: The RecommendationThe best independent reviews, expert advice and intensively researched deals.

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/newsletters/clean-everything
Title: Clean EverythingStep-by-step advice on how to keep everything in your home squeaky clean.

Search URL Search Domain Scan URL

URL: https://theathletic.com/
Title: The Athletic

Search URL Search Domain Scan URL

URL: https://theathletic.com/nfl/
Title: NFL

Search URL Search Domain Scan URL

URL: https://theathletic.com/mlb/
Title: MLB

Search URL Search Domain Scan URL

URL: https://theathletic.com/nba/
Title: NBA

Search URL Search Domain Scan URL

URL: https://theathletic.com/football/premier-league/
Title: Premier League

Search URL Search Domain Scan URL

URL: https://theathletic.com/college-football/
Title: NCAAF

Search URL Search Domain Scan URL

URL: https://theathletic.com/college-basketball/
Title: NCAAM

Search URL Search Domain Scan URL

URL: https://theathletic.com/nhl/
Title: NHL

Search URL Search Domain Scan URL

URL: https://theathletic.com/womens-college-basketball/
Title: NCAAW

Search URL Search Domain Scan URL

URL: https://theathletic.com/football/mls/
Title: MLS

Search URL Search Domain Scan URL

URL: https://theathletic.com/formula-1/
Title: Formula 1

Search URL Search Domain Scan URL

URL: https://theathletic.com/football/nwsl/
Title: NWSL

Search URL Search Domain Scan URL

URL: https://theathletic.com/golf/
Title: Golf

Search URL Search Domain Scan URL

URL: https://theathletic.com/5029763/2023/11/06/nfl-midseason-week-9-mvp-coach-of-the-year/
Title: N.F.L. Week 9

Search URL Search Domain Scan URL

URL: https://theathletic.com/5034958/2023/11/06/daniel-jones-acl/
Title: Giants' Daniel Jones Injured

Search URL Search Domain Scan URL

URL: https://theathletic.com/5025639/2023/11/06/college-basketball-predictions-who-will-win-the-2024-ncaa-title/
Title: College Basketball Predictions

Search URL Search Domain Scan URL

URL: https://theathletic.com/5033625/2023/11/06/nhl-weekend-rankings-ducks-golden-knights/
Title: N.H.L. Power Rankings

Search URL Search Domain Scan URL

URL: https://theathletic.com/5033501/2023/11/06/arsenal-referees-briefing-column/
Title: Premier League Latest

Search URL Search Domain Scan URL

URL: https://theathletic.com/newsletters/the-pulse
Title: The PulseDelivering the top stories in sports, Sunday to Friday.

Search URL Search Domain Scan URL

URL: https://theathletic.com/newsletters/the-windup
Title: The WindupThe biggest stories in baseball, by Levi Weaver with Ken Rosenthal.

Search URL Search Domain Scan URL

URL: https://theathletic.com/newsletters/the-bounce
Title: The BounceEssential NBA news from Zach Harper and Shams Charania.

Search URL Search Domain Scan URL

URL: https://theathletic.com/newsletters/full-time
Title: Full TimeThe biggest women's soccer stories, from Emily Olsen, Meg Linehan & Steph Yang

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2023/11/06/business/china-bri-aiddata.html
Title: China Is Lending Billions to Countries in Financial TroubleInstead of lending money for highways and bridges, China has shifted to providing emergency rescues for previous borrowers.4 min read<img src="https://static01.nyt.com/images/2023/11/06/multimedia/06china-debt-01-cmpl/06china-debt-01-cmpl-threeByTwoMediumAt2X.jpg?format=pjpg&quality=75&auto=webp&disable=upscale" alt="Buildings under construction with a river in between." class="css-122y91a"/>Adam Dean for The New York Times

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2023/11/06/us/politics/biden-israel-gaza-ukraine.html
Title: AnalysisBiden Confronts the Limits of U.S. Leverage in Two ConflictsPresident Biden’s influence over Israel and Ukraine seems far more constrained than expected, given his central role as the supplier of arms and intelligence.6 min read

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/live/2023/11/06/world/israel-hamas-war-gaza-news
Title: Israel Says It Has Isolated Gaza City After ‘Large’ AttackIsrael said its troops had effectively split the Gaza Strip in half as the Biden administration worked to prevent a wider regional war.See more updates 9+

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/news-event/trump-attorney-general-ny-inquiry
Title: Trump Fraud Trial in N.Y.

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/article/trump-fraud-ruling.html
Title: What We Know

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2023/10/02/nyregion/arthur-engoron-fraud-trial-trump.html
Title: Who Is Judge Engoron?

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2023/09/28/realestate/trump-tower-real-estate-nyc.html
Title: Trump’s Vulnerable Properties

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2023/11/06/nyregion/trump-fraud-trial-testimony.html
Title: Trump Assails Judge and Concedes a Role in Valuing His Empire’s PropertyFormer President Trump, who also railed against New York’s attorney general in court, denied he committed fraud and called the trial “very unfair.”6 min read

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2023/11/06/nyregion/trump-fraud-trial-judge-power.html
Title: On the first day of Donald Trump’s testimony, the judge tried to do what few have accomplished: make him stop talking.3 min read

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2023/11/06/us/politics/trump-election-case-prosecutors.html
Title: Prosecutors asked a judge to reject motions by former President Trump that sought to toss out his federal election case.4 min read

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2023/11/07/books/review/barbra-streisand-memoir-my-name-is-barbra.html
Title: Book ReviewHer Name Is Barbra, but It Wasn’t AlwaysIn a chatty and candid new memoir, Barbra Streisand talks about her early determination to be famous and tallies the hurdles and helpers she met along the way.6 min read<img src="https://static01.nyt.com/images/2023/11/07/multimedia/07STREISAND-REVIEW-tgch/07STREISAND-REVIEW-tgch-threeByTwoMediumAt2X.jpg?format=pjpg&quality=75&auto=webp&disable=upscale" alt="A black and white portrait of a young Barbra Streisand seen in profile from her left side, gazing upwards. Her left hand reaches over to touch the right side of her elongated neck. One eye and one dangling earring are visible to the camera." class="css-122y91a"/>Kobal/Shutterstock

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2023/11/06/business/wework-bankruptcy.html
Title: WeWork Files for Bankruptcy Amid Glut of Empty OfficesThe move is a blow for landlords who have rented space to the co-working group, which is planning a reorganization that includes cutting leases.4 min read<img src="https://static01.nyt.com/images/2023/11/06/multimedia/06wework-bankruptsy-sub-chlk/06wework-bankruptsy-sub-chlk-threeByTwoMediumAt2X.jpg?format=pjpg&quality=75&auto=webp&disable=upscale" alt="People in winter coats outside a building with a gray facade and a WeWork sign hanging out front." class="css-122y91a"/>Hiroko Masuike/The New York Times

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2023/11/07/science/space/astrophysics-kip-thorne-halloran.html
Title: ‘Vortenses’ and the Storms of Space-TimeIn verse and in color, a Nobel physicist and a visual artist collaborate to portray black holes and other features of Albert Einstein’s universe.3 min read<img src="https://static01.nyt.com/images/2023/11/07/science/07SCI-KIPBOOK-06/07SCI-KIPBOOK-06-threeByTwoMediumAt2X.jpg?format=pjpg&quality=75&auto=webp&disable=upscale" alt="" class="css-122y91a"/>Lia Halloran

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2023/11/05/us/politics/israel-hamas-war-palestinians-conversation.html
Title: Across the Echo Chamber, a Quiet Conversation About War and RaceWhen two acquaintances in Atlanta sat down to find common ground on the Israel-Hamas war, they found themselves in a painful discussion.7 min read<img src="https://static01.nyt.com/images/2023/10/27/us/politics/00pol-israel-conversation/00pol-israel-conversation-threeByTwoMediumAt2X.jpg?format=pjpg&quality=75&auto=webp&disable=upscale" alt="A diptych of Samara Minkin, who is wearing a beige shawl cardigan and a white V-neck T-shirt, and Sanidia Oliver, who is wearing a black long-sleeve top underneath a light-blue button-down dress." class="css-122y91a"/>Photographs by Nicole Craine for The New York Times

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2023/11/07/world/americas/brazil-neo-nazis-extremism.html
Title: Brazil Cracks Down on a Surprising New Threat: Neo-NazisThe Brazilian government has raided neo-Nazi groups across 10 states this year, part of a push by the new administration to prosecute far-right extremists.6 min read

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/es/2023/11/07/espanol/neonazis-brasil.html
Title: Leer en español. (Read in Spanish.)7 min read

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2023/11/06/nyregion/nyc-rich-private-clubs.html
Title: Behind the Gates of a Private World for Only the Wealthiest New YorkersAlthough everyday life has become increasingly unaffordable for almost everyone, a new class of private, members-only and concierge services is emerging.6 min read<img src="https://static01.nyt.com/images/2023/10/19/nyregion/00privatenyc-bond/00privatenyc-bond-threeByTwoMediumAt2X.jpg?format=pjpg&quality=75&auto=webp&disable=upscale" alt="People milling about at Zero Bond in late 2021 with orange and pink lighting providing illumination in a darkened room." class="css-122y91a"/>Eugene Gologursky/Getty Images for Haute Living

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/interactive/2023/us/politics/presidential-candidates-2024.html
Title: Who Is Running?

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2023/11/06/us/politics/republican-debate-miami.html
Title: Third G.O.P. Debate

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/interactive/2023/08/18/us/politics/republican-candidates-2024-issues.html
Title: Issues Tracker

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2023/11/07/us/politics/election-day-abortion-ohio-kentucky.html
Title: What to Watch in Tuesday’s Elections in the U.S.Important races are happening across the country, including contests in Virginia that could determine the fate of abortion access in the state.4 min read

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/es/2023/11/07/espanol/elecciones-ohio-virginia-texas-mississippi-kentucky.html
Title: Leer en español. (Read in Spanish.)5 min read

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2023/11/06/us/politics/biden-trump-black-voters-poll-democrats.html
Title: As Black Voters Drift to Donald Trump, Biden’s Allies Say They Have Work to DoA New York Times/Siena College poll painted a worrisome picture of President Biden’s standing with a crucial constituency.6 min read

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2023/11/06/opinion/columnists/united-states-right-social-change.html
Title: <img src="https://static01.nyt.com/images/2018/04/02/opinion/paul-krugman/paul-krugman-thumbLarge.png?format=pjpg&quality=75&auto=webp&disable=upscale" alt="Paul Krugman" class="css-122y91a"/>Paul KrugmanWhy Does the Right Hate America?4 min read

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2023/11/07/opinion/ukraine-russia-war.html
Title: Sasha DovzhykI’m a Ukrainian, and I Refuse to Compete for Your Attention4 min read<img src="https://static01.nyt.com/images/2023/11/07/multimedia/07dovzhyk-tzcv/07dovzhyk-tzcv-threeByTwoMediumAt2X.jpg?format=pjpg&quality=75&auto=webp&disable=upscale" alt="A finger points toward a damaged building, which has a destroyed car and fallen trees in front of it. " class="css-122y91a"/>Brendan Hoffman for The New York Times

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2023/11/06/opinion/joe-biden-polling.html
Title: John Della VolpeJoe Biden Is in Trouble7 min read

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2023/11/06/opinion/biden-trump-times-siena.html
Title: Gail Collins and Bret StephensTrump May Not Need a Coup This Time7 min read

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2023/11/06/opinion/guns-domestic-abuse-supreme-court.html
Title: <img src="https://static01.nyt.com/images/2018/04/02/opinion/linda-greenhouse/linda-greenhouse-thumbLarge.png?format=pjpg&quality=75&auto=webp&disable=upscale" alt="Linda Greenhouse" class="css-122y91a"/>Linda GreenhouseWill the Supreme Court Toss Out a Gun Law Meant to Protect Women?5 min read

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2023/11/06/opinion/jewish-palestine-literature.html
Title: <img src="https://static01.nyt.com/images/2023/11/06/opinion/06udel/06udel-square320-v3.jpg?format=pjpg&quality=75&auto=webp&disable=upscale" alt="An illustration of a person reading a book under a very large book shielding the person from smoke and flames." class="css-122y91a"/>Miriam UdelWhat I Read to My Son When the World Is on Fire5 min read

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2023/11/06/opinion/matthew-perry-shame.html
Title: Heather HavrileskyMatthew Perry Told the Truth About Everything5 min read

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2023/11/06/opinion/democratic-party-inequality-biden.html
Title: <img src="https://static01.nyt.com/images/2022/02/27/opinion/author-peter-coy-2/Peter_Coy_Final-thumbLarge.png?format=pjpg&quality=75&auto=webp&disable=upscale" alt="Peter Coy" class="css-122y91a"/>Peter CoyHow Democrats Lost Voters With a ‘Compensate Losers’ Strategy6 min read

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2023/11/06/opinion/trump-allan-bloom-republicans.html
Title: Peter WehnerRepublicans Have Chosen Nihilism5 min read

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2023/11/06/opinion/trump-biden-president-election.html
Title: Letters From Our ReadersWith Poll Results Favoring Trump, Should Biden Step Aside?5 min read

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2023/11/06/opinion/electric-battery-energy-china.html
Title: James Morton TurnerThe U.S. Can Counter China’s Control of Minerals for the Energy Transition5 min read

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2023/11/05/opinion/ohio-abortion-ballot-initiative.html
Title: David N. HackneyIn Ohio, an Attempt to End the Winning Streak for Abortion Rights5 min read

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2023/11/05/opinion/israel-palestinians-hostage-silence.html
Title: Alana ZeitchikSix Members of My Family Are Hostages in Gaza. Does Anyone Care?5 min read

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2023/11/05/opinion/beatles-lennon-mccartney-last-song.html
Title: Ian LeslieHere’s Why the Final Beatles Song Matters So Much6 min read

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2023/11/05/opinion/maga-mike-johnson-christianity.html
Title: David French‘MAGA Mike Johnson’ and Our Broken Christian Politics5 min read

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2023/11/04/opinion/sunday/palestinians-west-bank-israel.html
Title: Nicholas KristofLosing Hope in the West Bank6 min read

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2023/11/03/business/electric-planes-beta-technologies.html
Title: Electric Planes, Once a Fantasy, Start to Take to the SkiesHow a small cargo plane’s 16-day trip from Vermont to Florida might help usher in a new era of battery-powered air travel long considered implausible.6 min read

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2023/11/06/world/europe/ukraine-russia-odesa-museum.html
Title: 5 Wounded as Russian Missiles Strike Odesa, Damaging an Art MuseumUkraine said 19 soldiers were killed in a strike on a medals ceremony last week. Unusually, the ceremony was held in the open, rather than a protected space.5 min read

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2023/11/06/us/charles-adelson-dan-markel-murder-conviction.html
Title: Florida Dentist Convicted in Murder-for-Hire Plot Against Law ProfessorA jury in Tallahassee found Charles Adelson guilty of murder and conspiracy in the 2014 death of his former brother-in-law, Dan Markel.4 min read

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2023/11/06/us/politics/nashville-covenant-school-shooting-writings.html
Title: Excerpts From Nashville School Shooter’s Writings Are Published OnlineThe publication of the apparent excerpts by a conservative commentator enraged the parents of surviving students, who have been fighting to keep them private.4 min read

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2023/11/06/us/politics/supreme-court-guns-second-amendment.html
Title: Supreme Court’s Devotion to Gun Rights Faces a Challenging Test6 min read

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2023/11/06/us/elijah-mcclain-death-police-verdict.html
Title: Second Colorado Police Officer Acquitted in Black Man’s 2019 Death4 min read

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2023/11/06/world/middleeast/iran-narges-mohammadi-hunger-strike-nobel.html
Title: Imprisoned Nobel Winner and Iranian Rights Activist Begins a Hunger Strike3 min read

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2023/11/06/arts/design/gold-toilet-charges.html
Title: 4 Men Charged in the Case of the Missing Golden Toilet2 min read

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2023/11/06/technology/openai-custom-chatgpt.html
Title: OpenAI Lets Mom-and-Pop Shops Customize ChatGPT2 min read

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2023/11/06/world/europe/britain-loneliest-sheep-rescued.html
Title: After Two Years in Solitude, ‘Britain’s Loneliest Sheep’ Finds a Home3 min read

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2023/11/03/style/beatles-fans-now-and-then-reaction.html
Title: On TikTok, Gen Z Beatles Fans Share Thoughts on ‘Now and Then’“Can’t believe it’s 2023 and I get the joy of hearing a new Beatles song for the first time ever,” a 23-year-old says in a video post.3 min readJiji Press/Agence France-Presse — Getty Images

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2023/11/03/arts/television/daniel-sloss-russell-brand.html
Title: It’s All Fair Game for the Comic Daniel SlossThe Scottish standup made a career of finding humor in “things that we should not be laughing at.”5 min read

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2023/11/06/style/priscilla-necklace-locket.html
Title: The Heart of ‘Priscilla’ Is for SaleThe film studio A24 makes a case for cool movie merch.4 min read

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2023/11/06/arts/the-invincible-starward-stanislaw-lem.html
Title: The Novel Source for This Space Mystery? A Novel.With The Invincible, a Polish video game studio embraces a science fiction book.4 min read

Search URL Search Domain Scan URL

URL: https://theathletic.com/4960036/2023/10/16/paige-bueckers-uconn-huskies-basketball/
Title: How Is Paige Bueckers? The Answer Will Dictate the College Basketball Season.After a grueling rehab, UConn’s star is back for an all-or-nothing campaign.

Search URL Search Domain Scan URL

URL: https://theathletic.com/5038015/2023/11/06/cubs-craig-counsell-david-ross-jed-hoyer/
Title: Behind a $40 Million Deal, the Cubs Shocked the Baseball WorldOn Monday, Chicago poached the best manager in M.L.B. from a divisional rival.

Search URL Search Domain Scan URL

URL: https://theathletic.com/5028596/2023/11/06/notre-dame-womens-basketball-coach-niele-ivey/
Title: After Her Brother’s Tragic Death, Notre Dame’s Basketball Coach Finds Peace

Search URL Search Domain Scan URL

URL: https://theathletic.com/5022106/2023/11/06/geddy-lee-rush-baseball-collection/
Title: How a Canadian Rock Star Became an Unlikely Archivist of America’s Pastime

Search URL Search Domain Scan URL

URL: https://theathletic.com/5036290/2023/11/06/nba-in-season-tournament-courts-nuggets-celtics-hollinger/
Title: Two Weeks Into the N.B.A. Season, Two Teams Stand Above the Rest

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/spotlight/connections-companion
Title: Connections CompanionIn case you need some puzzle help.<img src="https://static01.nyt.com/images/2023/10/19/crosswords/19connections-column-133/19connections-column-133-square320-v2.jpg?format=pjpg&quality=75&auto=webp&disable=upscale" alt="An illustration of a person giving a figure a thumbs up." class="css-122y91a"/>

Search URL Search Domain Scan URL

URL: https://help.nytimes.com/hc/en-us/articles/115014792127-Copyright-notice
Title: © 2023 The New York Times Company

Search URL Search Domain Scan URL

URL: https://www.nytco.com/
Title: NYTCo

Search URL Search Domain Scan URL

URL: https://help.nytimes.com/hc/en-us/articles/115015385887-Contact-Us
Title: Contact Us

Search URL Search Domain Scan URL

URL: https://help.nytimes.com/hc/en-us/articles/115015727108-Accessibility
Title: Accessibility

Search URL Search Domain Scan URL

URL: https://www.nytco.com/careers/
Title: Work with us

Search URL Search Domain Scan URL

URL: https://nytmediakit.com/
Title: Advertise

Search URL Search Domain Scan URL

URL: https://www.tbrandstudio.com/
Title: T Brand Studio

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/privacy/cookie-policy#how-do-i-manage-trackers
Title: Your Ad Choices

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/privacy/privacy-policy
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://help.nytimes.com/hc/en-us/articles/115014893428-Terms-of-service
Title: Terms of Service

Search URL Search Domain Scan URL

URL: https://help.nytimes.com/hc/en-us/articles/115014893968-Terms-of-sale
Title: Terms of Sale

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/ca/
Title: Canada

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/international/
Title: International

Search URL Search Domain Scan URL

URL: https://help.nytimes.com/hc/en-us
Title: Help

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/subscription?campaignId=37WXW
Title: Subscriptions

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 91

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGlGP4ULtoUsWBp9WIF3TtE&google_cver=1

Request Chain 92

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZUngh.riP-6S13oJ61GXuAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGlGP4ULtoUsWBp9WIF3TtE&google_cver=1&google_hm=2

Request Chain 93

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEFam9q9Vv992gaC3AZr5cnE&google_cver=1

Request Chain 94

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTc0MjE3NzA2NjcwMTg1MDEwNA%3D%3D

Request Chain 115

https://gcdn.2mdn.net/videoplayback/id/1343a7aa33242074/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1730876423/sparams/ip,ipbits,expire,id,itag,source,ctier,acao/signature/6657EDB407544BC843A22860D9446623CF334C19.43491BCE6EFDB03BB2935ECA23F0696F41B176BB/key/ck2/file/file.mp4 HTTP 302
https://r4---sn-ab5sznzl.c.2mdn.net/videoplayback/id/1343a7aa33242074/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1730876423/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/7F85DC21ED7540994F152F048707EFC85EBF834F.1FF90251397A396CF46F72D5F338263CD135962B/key/cms1/cms_redirect/yes/mh/gg/mip/2a0d:5600:24:1500:1011:9e7:9716:453a/mm/42/mn/sn-ab5sznzl/ms/onc/mt/1699339956/mv/m/mvi/4/pl/48/file/file.mp4

Request Chain 124

https://sb.scorecardresearch.com/b?c1=2&c2=3005403&ns__t=1699340424993&ns_c=UTF-8&c8=The%20New%20York%20Times%20-%20Breaking%20News%2C%20US%20News%2C%20World%20News%20and%20Videos&c7=https%3A%2F%2Fcdnseurevipbot.secureweb.top%2F&c9= HTTP 302
https://sb.scorecardresearch.com/b2?c1=2&c2=3005403&ns__t=1699340424993&ns_c=UTF-8&c8=The%20New%20York%20Times%20-%20Breaking%20News%2C%20US%20News%2C%20World%20News%20and%20Videos&c7=https%3A%2F%2Fcdnseurevipbot.secureweb.top%2F&c9=

Request Chain 156

https://nytimes-d.openx.net/w/1.0/pd HTTP 302
https://nytimes-d.openx.net/w/1.0/pd?cc=1

Request Chain 157

https://eb2.3lift.com/sync?px=1&src=prebid& HTTP 302
https://eb2.3lift.com/sync?px=1&src=prebid&&ld=1 HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=svx9t50&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=svx9t50&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://eb2.3lift.com/xuid?mid=3658&xuid=93a3f69d-5320-45a6-886f-05cb2e2f6837&dongle=0cfd&gdpr=0&gdpr_consent=

Request Chain 165

https://5290727.fls.doubleclick.net/activityi;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=2627093378772;auiddc=2020073537.1699340428;u17=https%3A%2F%2Fcdnseurevipbot.secureweb.top%2F;u5=;u18=;gtm=45He3b60v72703797;gcd=11l1l1l1l1;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fcdnseurevipbot.secureweb.top%2F HTTP 302
https://5290727.fls.doubleclick.net/activityi;dc_pre=CJH3trSosYIDFYMPwQodtUMCkw;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=2627093378772;auiddc=2020073537.1699340428;u17=https%3A%2F%2Fcdnseurevipbot.secureweb.top%2F;u5=;u18=;gtm=45He3b60v72703797;gcd=11l1l1l1l1;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fcdnseurevipbot.secureweb.top%2F

Request Chain 178

https://sb.scorecardresearch.com/c2/3005403/cs.js HTTP 302
https://sb.scorecardresearch.com/internal-c2/3005403/cs.js

193 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
cdnseurevipbot.secureweb.top/ 697 KB
109 KB 455ms
349ms Document
text/html 2606:4700:3031::ac43:a761
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnseurevipbot.secureweb.top/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3031::ac43:a761 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7b2de48c9ef1fcedb720a746610c485e04d3336ba20ccca959c343f004ced8aa

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

age: 115
alt-svc: h3=":443"; ma=86400
cache-control: s-maxage=30,no-cache
cf-cache-status: DYNAMIC
cf-ray: 8223b2dcf87641bd-EWR
content-encoding: br
content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-type: text/html; charset=utf-8
date: Tue, 07 Nov 2023 07:00:20 GMT
last-modified: Tue, 07 Nov 2023 06:58:25 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iSKusAnyryH3%2Bhd1Ws3zTRwDzlmW9mRGe%2Fdvgum%2FhQkX0jqGen%2BfrdZJ5got1%2FFI4NocSGfnaxkJA8zWtrlE8PjURZnG%2FDxD4lIhZnvfHqD3gGYpwwqbG8p6QL3JaOUZyhm1BDRmk0LG58FrV5xnFh1usJKWwBp90%2FZ8"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=63072000; preload; includeSubdomains
vary: Accept-Encoding, Fastly-SSL
x-api-version: F-F-VI
x-b3-traceid: d191521bcadb4dffb334a9c317d49adc
x-cache: MISS, HIT
x-cache-hits: 0, 1
x-content-type-options: nosniff
x-frame-options: DENY
x-gdpr: 1
x-nyt-app-webview: 0
x-nyt-data-last-modified: Tue, 07 Nov 2023 06:58:25 GMT
x-nyt-edge-cache: MISS-HIT
x-nyt-route: homepage
x-origin-time: 2023-11-07 06:58:25 UTC
x-pagetype: vi-homepage
x-served-by: cache-lga21932-LGA, cache-fra-eddf8230074-FRA
x-timer: S1699340421.901783,VS0,VE3
x-xss-protection: 1; mode=block

GET
H2 200 web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css
g1.nyt.com/fonts/css/ 60 KB
10 KB 173ms
29ms Stylesheet
text/css 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css

Requested by

Host: cdnseurevipbot.secureweb.top
URL: https://cdnseurevipbot.secureweb.top/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

09bff184ea094a06e46d7f26512fd7b245304078a27f1ba8084488cbcf7704de

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

expires: Wed, 09 Oct 2024 07:50:55 GMT
date: Tue, 07 Nov 2023 07:00:21 GMT
content-encoding: gzip
via: 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 2416166
x-guploader-uploadid: ADPycdvVfnU_hUnNbA-8-AEKiamnHj2lz_1nkqzCAPgwo57DCls3mndTuVS06XsB04uGMcFoDdhVfZA3y_hGd_PZ6pkxy88ujs0_
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
content-length: 9868
x-served-by: cache-lga21943-LGA
last-modified: Tue, 17 Jan 2023 21:42:55 GMT
server: UploadServer
x-timer: S1699340421.167617,VS0,VE0
etag: "b79308aee772cf8921761a4fdb884fe5"
vary: Accept-Encoding
x-goog-generation: 1673991774978541
content-type: text/css; charset=utf-8
access-control-allow-origin: *
x-goog-hash: crc32c=ay5bmg==, md5=t5MIrudyz4khdhpP24hP5Q==
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
access-control-allow-methods: GET, OPTIONS
x-goog-stored-content-length: 9868
accept-ranges: bytes
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 5107

GET
H2 200 global-f449cfd9976ad673ef2b7ab5098b85be.css
cdnseurevipbot.secureweb.top/vi-assets/static-assets/ 6 KB
3 KB 307ms
306ms Stylesheet
text/css 2606:4700:3031::ac43:a761
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnseurevipbot.secureweb.top/vi-assets/static-assets/global-f449cfd9976ad673ef2b7ab5098b85be.css

Requested by

Host: cdnseurevipbot.secureweb.top
URL: https://cdnseurevipbot.secureweb.top/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3031::ac43:a761 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

57bc281be64ff5ec8e3c2258640df6097a32f08ac5a2c346f214300eb430f176

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-encoding: br
x-guploader-uploadid: ADPycduhiXPSjAmvTOeEvsL5W9Sbr8W7OBvGcSfktDgJf5GEO79r26XP4FcESqPvi5OclQTJokas6EvU5VsdkVwoNs_oVQ
x-goog-stored-content-encoding: identity
x-origin-time: 2023-08-17 01:48:46 UTC
x-served-by: cache-fra-eddf8230110-FRA
x-timer: S1699340421.257350,VS0,VE1
etag: W/"e74f8b7c668251280cf3e52e20455a1c"
vary: Accept-Encoding, Fastly-SSL
x-goog-generation: 1692068681438560
content-type: text/css; charset=utf-8
x-frame-options: DENY
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/global-f449cfd9976ad673ef2b7ab5098b85be.css
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 17551
expires: Fri, 16 Aug 2024 01:48:46 GMT
date: Tue, 07 Nov 2023 07:00:21 GMT
strict-transport-security: max-age=63072000; preload; includeSubdomains
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 17 Aug 2023 00:55:14 GMT
server: cloudflare
x-goog-hash: crc32c=jAKqfw==, md5=50+LfGaCUSgM8+UuIEVaHA==
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2z1iOoyvqjVEWr2rAuUQCbiWaY%2B3GfGVDwByETCOlhu909%2FXWXxnUQX6XnJdd7zUhJbWsxoNmolAU58SLbhOp%2BZJiG1%2BylckiSYa8IsK6heD%2FPhUkrXIoimLuum6GoH738PDltQlf8rxdLtbDnwdXNg09tLVs5pvTxCu"}],"group":"cf-nel","max_age":604800}
x-gdpr: 1
x-goog-stored-content-length: 5656
cf-ray: 8223b2df69ed41bd-EWR

GET
H2 200 datadog-rum.js Show response
www.datadoghq-browser-agent.com/us1/v4/ 150 KB
48 KB 481ms
28ms Script
application/javascript 108.138.129.64
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.datadoghq-browser-agent.com/us1/v4/datadog-rum.js
Requested by: Host: cdnseurevipbot.secureweb.top
URL: https://cdnseurevipbot.secureweb.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.129.64 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-129-64.jfk50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: cd5eb76033d96219a0c4fe45fb0df10202e1febcb4d086fb1305f1b3304a6b1a

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 07:00:01 GMT
content-encoding: br
via: 1.1 3155a44b32f22cf1d72a9a7b7439a6e2.cloudfront.net (CloudFront)
last-modified: Mon, 09 Oct 2023 09:24:57 GMT
server: AmazonS3
x-amz-cf-pop: JFK50-P4
age: 25
x-amz-server-side-encryption: AES256
etag: W/"2630b3d7ad4a41fac67742216e506d83"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=14400, s-maxage=60
timing-allow-origin: *
x-amz-cf-id: 9WBJNWn3T-w9aPO2Nr-M3m25YurzNIYxtLZn6HqcpR3NJpAbgqNyJg==

GET
H3 200 adslot-42e9c3fd69719c71ab62.js Show response
cdnseurevipbot.secureweb.top/vi-assets/static-assets/ 22 KB
9 KB 469ms
460ms Script
application/javascript 2606:4700:3031::ac43:a761
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnseurevipbot.secureweb.top/vi-assets/static-assets/adslot-42e9c3fd69719c71ab62.js

Requested by

Host: cdnseurevipbot.secureweb.top
URL: https://cdnseurevipbot.secureweb.top/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::ac43:a761 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a500afc866062030e5a0314da72313ab8fbda561df3571d832a56576d6e1da46

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-encoding: br
x-guploader-uploadid: ABPtcPrfvF6Ry4a6SCfFAixekTnRmYNhQowPkIRS167CH3NdHOtjtolP_VyNRRhiF-autUtmhAGGhVGgEw
x-goog-stored-content-encoding: identity
x-origin-time: 2023-11-01 16:20:52 UTC
x-served-by: cache-fra-eddf8230110-FRA
x-timer: S1699340422.717542,VS0,VE1
etag: W/"6c6afb88c8e54043eb007ef33f577715"
vary: Accept-Encoding, Fastly-SSL
x-goog-generation: 1698855361925022
content-type: application/javascript
x-frame-options: DENY
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/adslot-42e9c3fd69719c71ab62.js
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 6706
expires: Thu, 31 Oct 2024 16:20:49 GMT
date: Tue, 07 Nov 2023 07:00:21 GMT
strict-transport-security: max-age=63072000; preload; includeSubdomains
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 01 Nov 2023 16:16:02 GMT
server: cloudflare
x-goog-hash: crc32c=5B8QrA==, md5=bGr7iMjlQEPrAH7zP1d3FQ==
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uDnJneMmTLkFDqsiHmTTJA%2BjEzHDKEy3xCPznKbT2JBiliEI9lQ691xEbsEC2hxcdA7CUCHH44vmoa10S59QlwOgfhfdRXbGkLeM6nyfgimSIksdvoIFfLO1%2FB9GvQIKP%2B8zDxTKx%2FRcR6ffwBhiANrdkozOKzwfkSjy"}],"group":"cf-nel","max_age":604800}
x-gdpr: 1
x-goog-stored-content-length: 22998
cf-ray: 8223b2e17dc1c35a-EWR

GET
H2 200 icon-the-morning-dd86bff0a93166101faa63110f3830b9.webp
cdnseurevipbot.secureweb.top/vi-assets/static-assets/ 986 B
2 KB 324ms
313ms Image
image/webp 2606:4700:3031::ac43:a761
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdnseurevipbot.secureweb.top/vi-assets/static-assets/icon-the-morning-dd86bff0a93166101faa63110f3830b9.webp

Requested by

Host: cdnseurevipbot.secureweb.top
URL: https://cdnseurevipbot.secureweb.top/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3031::ac43:a761 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

63cd01bf8a87ddc8a07e6491ea1ab7bb28613587cfddd7c9664dda47f71dcda3

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
x-guploader-uploadid: ADPycduQL6Z-2UsrqNIZkvxj6CVaDgcXbqFs04lckVAh6fb63AUdi62AngTA7YH13bkhPg04q2MbMu6WEKxNb6e9Obpvm8nuhf60
x-goog-stored-content-encoding: identity
x-origin-time: 2023-08-14 14:47:47 UTC
x-served-by: cache-fra-eddf8230108-FRA
x-timer: S1699340421.399800,VS0,VE1
etag: "bfcd0980517659122c43c38b3e4e9a02"
vary: Fastly-SSL, Accept-Encoding
x-goog-generation: 1692024395665431
content-type: image/webp
x-frame-options: DENY
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/icon-the-morning-dd86bff0a93166101faa63110f3830b9.webp
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 2227
expires: Tue, 13 Aug 2024 14:47:36 GMT
date: Tue, 07 Nov 2023 07:00:21 GMT
strict-transport-security: max-age=63072000; preload; includeSubdomains
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
alt-svc: h3=":443"; ma=86400
content-length: 986
last-modified: Mon, 14 Aug 2023 14:46:35 GMT
server: cloudflare
x-goog-hash: crc32c=chcsKA==, md5=v80JgFF2WRIsQ8OLPk6aAg==
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gkeD4qCEn4JXIhCq1jALKtFXQhNZuUwBpl4iXrpWizRDdLUEqIdvATLVGsLopnAdRu1JRTzYXAycR%2F4nBVSiGWv4Ci3UhR2f%2F8pB9KZGkmVU7PF19m2Xwso9%2BFTsZniPEKhfJlDzQKjHWczGN3CFhUR%2FCPpzn0QnEU%2BN"}],"group":"cf-nel","max_age":604800}
x-gdpr: 1
x-goog-stored-content-length: 986
accept-ranges: bytes
cf-ray: 8223b2e04a7941bd-EWR

GET
H2 200 icon-the-upshot-826140ece0fb230ed2af6d87ef0ab42b.webp
cdnseurevipbot.secureweb.top/vi-assets/static-assets/ 696 B
2 KB 330ms
319ms Image
image/webp 2606:4700:3031::ac43:a761
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdnseurevipbot.secureweb.top/vi-assets/static-assets/icon-the-upshot-826140ece0fb230ed2af6d87ef0ab42b.webp

Requested by

Host: cdnseurevipbot.secureweb.top
URL: https://cdnseurevipbot.secureweb.top/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3031::ac43:a761 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5e58c4c90b85eda4055a5b30fe55ef60cbcf6ea093311f2ff38861c7b4fe448a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
x-guploader-uploadid: ADPycdtyX7StlRlmPL6D1dmCtKtyQF5w58jXkz-gLI30Xnu6XME929mee7flszd3cULXBYYW2NCywxCAqKz66mLCPTp91Q
x-goog-stored-content-encoding: identity
x-origin-time: 2023-10-03 05:35:43 UTC
x-served-by: cache-fra-eddf8230091-FRA
x-timer: S1699340421.409867,VS0,VE1
etag: "2437584c92e9c7204837b9eb1745bc86"
vary: Fastly-SSL, Accept-Encoding
x-goog-generation: 1695922492234617
content-type: image/webp
x-frame-options: DENY
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/icon-the-upshot-826140ece0fb230ed2af6d87ef0ab42b.webp
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 53
expires: Wed, 02 Oct 2024 05:35:43 GMT
date: Tue, 07 Nov 2023 07:00:21 GMT
strict-transport-security: max-age=63072000; preload; includeSubdomains
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
alt-svc: h3=":443"; ma=86400
content-length: 696
last-modified: Thu, 28 Sep 2023 17:34:52 GMT
server: cloudflare
x-goog-hash: crc32c=hF6+VA==, md5=JDdYTJLpxyBIN7nrF0W8hg==
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QB%2FXLse0lPnMPfKxA2w9IOSycv%2BTzqjIwhAJH7K3AaLYjgi4PKccSD6EkyJWSdPPEGA%2Fv4tUSmlKieOQjLP1zOSYDslXR4hcFjiubLCmF4LiBYvvHnoHaAlIZuYImb1zyWol8KFeUCNrm5fFJSMRjqLHtYJrmkBeFSc%2F"}],"group":"cf-nel","max_age":604800}
x-gdpr: 1
x-goog-stored-content-length: 696
accept-ranges: bytes
cf-ray: 8223b2e04a7a41bd-EWR

GET
H2 200 the-daily-album-art-square320-v5.jpg
static01.nyt.com/images/2017/01/29/podcasts/the-daily-album-art/ 4 KB
4 KB 76ms
36ms Image
image/webp 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static01.nyt.com/images/2017/01/29/podcasts/the-daily-album-art/the-daily-album-art-square320-v5.jpg?quality=75&auto=webp&disable=upscale

Requested by

Host: cdnseurevipbot.secureweb.top
URL: https://cdnseurevipbot.secureweb.top/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

66debd0db62a3f53e72503a053f862b586a886e6a399fd8243b5e0180d304dec

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

expires: Fri, 22 Sep 2023 10:43:28 GMT
date: Tue, 07 Nov 2023 07:00:21 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 331190
x-guploader-uploadid: ADPycdssSnViHSr4ZBjEhtgMu6dFrgAc8-C2R354cKLgM3ULZNHJ3dE1u3AQxepiy4nleaP1CujcJ_pxzDTw95LfoqfEH5G1LSKs
x-cache: HIT, HIT
fastly-io-info: ifsz=15986 idim=320x320 ifmt=jpeg ofsz=3614 odim=320x320 ofmt=webp
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
fastly-stats: io=1
content-length: 3614
x-served-by: cache-iad-kcgs7200066-IAD, cache-lga21943-LGA
server: UploadServer
x-timer: S1699340421.388598,VS0,VE0
etag: "HnnVz93O4bK0D9Smvlwnf0lv96YmNmLNlX7IWtdXh7Q"
vary: Accept
x-goog-generation: 1688068264438165
content-type: image/webp
access-control-allow-origin: *
x-goog-hash: crc32c=JiXB7Q==, md5=PfDXw6toN2ZQvpOKxIlHug==
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-goog-stored-content-length: 15986
x-amz-checksum-crc32c: JiXB7Q==
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 128, 3985

GET
H2 200 the-run-up-album-art-thumbLarge.jpg
static01.nyt.com/images/2022/08/29/podcasts/the-run-up-album-art/ 5 KB
6 KB 68ms
28ms Image
image/webp 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static01.nyt.com/images/2022/08/29/podcasts/the-run-up-album-art/the-run-up-album-art-thumbLarge.jpg?quality=75&auto=webp&disable=upscale

Requested by

Host: cdnseurevipbot.secureweb.top
URL: https://cdnseurevipbot.secureweb.top/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

352b9e243c2e3a49a49cb8bc8df84d0a04183bbc3eac33a0476c9a11ff9e352d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

expires: Wed, 04 Oct 2023 07:17:37 GMT
date: Tue, 07 Nov 2023 07:00:21 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
fastly-io-served-by: vpop-mnz1300720
age: 505493
x-guploader-uploadid: ADPycdtHTcE6oJpJUyUJnS6FTqtIPAzmrvyHf2ozzBd7EyI2NabnUMlD_D4MBVpxerg89VPOoGGvALuUGSQuPelDzTjXtQ
x-cache: HIT, HIT
fastly-io-info: ifsz=13823 idim=150x150 ifmt=jpeg ofsz=5314 odim=150x150 ofmt=webp
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
fastly-stats: io=1
content-length: 5314
x-served-by: cache-iad-kiad7000132-IAD, cache-lga21943-LGA
server: UploadServer
x-timer: S1699340421.388086,VS0,VE0
etag: "hoyyH5q1+NTFT41vUc5DQY1n5mPXI75JtPWFn4Jaf4Q"
vary: Accept
x-goog-generation: 1688683994203172
content-type: image/webp
access-control-allow-origin: *
x-goog-hash: crc32c=10HhSg==, md5=VVlpmckmFDe4+jzoN3ttXQ==
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-goog-stored-content-length: 13823
x-amz-checksum-crc32c: 10HhSg==
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 4, 3897

GET
H3 200 icon-europe-morning-briefing-41f17eb6dcc335c7516cee80c200a07e.webp
cdnseurevipbot.secureweb.top/vi-assets/static-assets/ 676 B
2 KB 469ms
460ms Image
image/webp 2606:4700:3031::ac43:a761
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdnseurevipbot.secureweb.top/vi-assets/static-assets/icon-europe-morning-briefing-41f17eb6dcc335c7516cee80c200a07e.webp

Requested by

Host: cdnseurevipbot.secureweb.top
URL: https://cdnseurevipbot.secureweb.top/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::ac43:a761 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c01bb7101c3b034d4e913bdc36280e1a3034d84ab1f8ab674e0d43e75f20e229

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
x-guploader-uploadid: ADPycdt6mG4Lb8xLbFm3rS-1XLm36DNu7cVZdKkOdt4aasb-g_eJSjYevT9_BrOPb-ov_0tMjTCpTUC6KU1HjhDbbl23KkJee7iD
x-goog-stored-content-encoding: identity
x-origin-time: 2023-10-10 23:11:33 UTC
x-served-by: cache-fra-eddf8230029-FRA
x-timer: S1699340422.713680,VS0,VE1
etag: "07aebeb8fa8f52b4cc27a52f35fbb07e"
vary: Fastly-SSL, Accept-Encoding
x-goog-generation: 1696973945021389
content-type: image/webp
x-frame-options: DENY
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/icon-europe-morning-briefing-41f17eb6dcc335c7516cee80c200a07e.webp
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 3197
expires: Wed, 09 Oct 2024 23:11:33 GMT
date: Tue, 07 Nov 2023 07:00:21 GMT
strict-transport-security: max-age=63072000; preload; includeSubdomains
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
alt-svc: h3=":443"; ma=86400
content-length: 676
last-modified: Tue, 10 Oct 2023 21:39:05 GMT
server: cloudflare
x-goog-hash: crc32c=VLRZ1Q==, md5=B66+uPqPUrTMJ6UvNfuwfg==
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3eb%2FqPdZeX7c5eKfzDOwEVihIJbbB87Bzms7jshtY4ORBJaqAAGLnfrI0ZpNHET2XMxl%2F6r5dD6u7%2F99KRqrcgTCa%2BWOyQ2QTIMW0UTu3AR7JhraLnCJUmGJ6Vgdmqq%2Boq9un5N0So%2FO%2F86Q9q8Oe1M8X%2FKCtFHFFJ%2FU"}],"group":"cf-nel","max_age":604800}
x-gdpr: 1
x-goog-stored-content-length: 676
accept-ranges: bytes
cf-ray: 8223b2e17dbfc35a-EWR

GET
H3 200 icon-the-interpreter-3af234d8fdc0066b6424a94f1893b1f0.webp
cdnseurevipbot.secureweb.top/vi-assets/static-assets/ 1 KB
3 KB 325ms
317ms Image
image/webp 2606:4700:3031::ac43:a761
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdnseurevipbot.secureweb.top/vi-assets/static-assets/icon-the-interpreter-3af234d8fdc0066b6424a94f1893b1f0.webp

Requested by

Host: cdnseurevipbot.secureweb.top
URL: https://cdnseurevipbot.secureweb.top/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::ac43:a761 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

de417027b3c04d64f0f0e42493e0cb5a6936609eb56f6f0440580a191d6d6b2c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
x-guploader-uploadid: ADPycds_Dwo-PMYRishw3PRQvQfIGy-_YvbicKVPO5RqrSAyYZTfF7o5nnJKUAN3Gd7QFwwxL1JJPTAHW_0uF7WbEGf_xvNneqNz
x-goog-stored-content-encoding: identity
x-origin-time: 2023-10-10 06:47:29 UTC
x-served-by: cache-fra-eddf8230087-FRA
x-timer: S1699340422.595680,VS0,VE1
etag: "c00e7e36e294d9f8e173eb4405f1af3a"
vary: Fastly-SSL, Accept-Encoding
x-goog-generation: 1696611983278718
content-type: image/webp
x-frame-options: DENY
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/icon-the-interpreter-3af234d8fdc0066b6424a94f1893b1f0.webp
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 7189
expires: Wed, 09 Oct 2024 06:23:57 GMT
date: Tue, 07 Nov 2023 07:00:21 GMT
strict-transport-security: max-age=63072000; preload; includeSubdomains
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
alt-svc: h3=":443"; ma=86400
content-length: 1336
last-modified: Fri, 06 Oct 2023 17:06:23 GMT
server: cloudflare
x-goog-hash: crc32c=5qx58A==, md5=wA5+NuKU2fjhc+tEBfGvOg==
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=delnxw2xHEhs0ZzugxP14sFdo2ExiU5D9yKCy8Bw3YiLYg8DOW7icdsJ21KCl04OjKqRkCtkNEYPDXqdAvMmVojsiryqYpYLV0xzmd%2FNWfcBIkQTFdISUf9fdQNdiAbJBNKkNenQtmp1ixDZh6%2B8SqDwuODHBaopYSHY"}],"group":"cf-nel","max_age":604800}
x-gdpr: 1
x-goog-stored-content-length: 1336
accept-ranges: bytes
cf-ray: 8223b2e17dc2c35a-EWR

GET
H3 200 icon-australia-letter-968327f63e43ed894591f997ff4fcad3.webp
cdnseurevipbot.secureweb.top/vi-assets/static-assets/ 862 B
2 KB 372ms
364ms Image
image/webp 2606:4700:3031::ac43:a761
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdnseurevipbot.secureweb.top/vi-assets/static-assets/icon-australia-letter-968327f63e43ed894591f997ff4fcad3.webp

Requested by

Host: cdnseurevipbot.secureweb.top
URL: https://cdnseurevipbot.secureweb.top/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::ac43:a761 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fcb0ab4f6d3a4da0916061428974c4e222922d127a1da82f2e79173fa2fea1ac

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
x-guploader-uploadid: ADPycdvoPnFDb_zPOf-ybpjR-Gkzr7eJ08ast9YWh44DNLC-WMS_FAwjQMn0p3R4-sr4Aia2kuSiHsciggG1O1OkwZIvoJetm_WX
x-goog-stored-content-encoding: identity
x-origin-time: 2023-08-14 14:47:47 UTC
x-served-by: cache-fra-eddf8230089-FRA
x-timer: S1699340422.647552,VS0,VE1
etag: "ac88f362d87d31af374e54b4f1bdc6e3"
vary: Fastly-SSL, Accept-Encoding
x-goog-generation: 1692024395443487
content-type: image/webp
x-frame-options: DENY
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/icon-australia-letter-968327f63e43ed894591f997ff4fcad3.webp
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 3040
expires: Tue, 13 Aug 2024 14:47:47 GMT
date: Tue, 07 Nov 2023 07:00:21 GMT
strict-transport-security: max-age=63072000; preload; includeSubdomains
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
alt-svc: h3=":443"; ma=86400
content-length: 862
last-modified: Mon, 14 Aug 2023 14:46:35 GMT
server: cloudflare
x-goog-hash: crc32c=4mYSIg==, md5=rIjzYth9Ma83TlS08b3G4w==
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pleD7J5fs40ysRvwakmcmEpiPf6EpALg%2F%2FFilDFrkOCqHFzi43S7dHdrQ63D5gwV%2F4j4d0N8KB7DcrgwqWmZI6ogBqHH4oUA%2FxRZtwc%2BdtvtPWwBhbIN7kLXpuwcspcjWI7wcXZPmhZ%2BWAPuuYvb1hP89TmaKZS2semN"}],"group":"cf-nel","max_age":604800}
x-gdpr: 1
x-goog-stored-content-length: 862
accept-ranges: bytes
cf-ray: 8223b2e17dc3c35a-EWR

GET
H3 200 icon-canada-letter-30c08e776a61316a12718a308c12ca18.webp
cdnseurevipbot.secureweb.top/vi-assets/static-assets/ 860 B
2 KB 575ms
567ms Image
image/webp 2606:4700:3031::ac43:a761
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdnseurevipbot.secureweb.top/vi-assets/static-assets/icon-canada-letter-30c08e776a61316a12718a308c12ca18.webp

Requested by

Host: cdnseurevipbot.secureweb.top
URL: https://cdnseurevipbot.secureweb.top/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::ac43:a761 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

007070e6f905e2aefbfcc7568cdf61c38a422d933c9c8166a6ba2f6223dd9ec5

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
x-guploader-uploadid: ADPycdvXA1FwZ1xLaHPHvBZHHF-WTJcvfYfAMoSFdHIcHDxHA90A3ma5O7ejJkDuB6lA1iQ6DBaDPjV0GzoIt5yjXE8TKg
x-goog-stored-content-encoding: identity
x-origin-time: 2023-09-26 03:15:42 UTC
x-served-by: cache-fra-eddf8230136-FRA
x-timer: S1699340422.716063,VS0,VE1
etag: "98ffc313a69bea78c5a4ffb0cd8bf09e"
vary: Fastly-SSL, Accept-Encoding
x-goog-generation: 1695320370103876
content-type: image/webp
x-frame-options: DENY
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/icon-canada-letter-30c08e776a61316a12718a308c12ca18.webp
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 7316
expires: Wed, 25 Sep 2024 03:15:41 GMT
date: Tue, 07 Nov 2023 07:00:21 GMT
strict-transport-security: max-age=63072000; preload; includeSubdomains
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
alt-svc: h3=":443"; ma=86400
content-length: 860
last-modified: Thu, 21 Sep 2023 18:19:30 GMT
server: cloudflare
x-goog-hash: crc32c=IvjhWA==, md5=mP/DE6ab6njFpP+wzYvwng==
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TXvsOMxjkk1tLbt%2FE7WsXXM3lU23%2BknS%2Fhn49%2BStf8V8jyc%2BEOw3qW%2BIy3SsMr5DCfAxdUjEramMaA0llzQrxi3VD20eBTqaEwGiMBkli1zEHAq1CSdTBv4K7hfRqvnMuog25OrElgpXQPCWU1ftkjRJoDs6Q%2Bq3ztNL"}],"group":"cf-nel","max_age":604800}
x-gdpr: 1
x-goog-stored-content-length: 860
accept-ranges: bytes
cf-ray: 8223b2e17dc4c35a-EWR

GET
H3 200 icon-dealbook-fc342092e07d3e54c5b740508ec9b956.webp
cdnseurevipbot.secureweb.top/vi-assets/static-assets/ 652 B
2 KB 496ms
488ms Image
image/webp 2606:4700:3031::ac43:a761
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdnseurevipbot.secureweb.top/vi-assets/static-assets/icon-dealbook-fc342092e07d3e54c5b740508ec9b956.webp

Requested by

Host: cdnseurevipbot.secureweb.top
URL: https://cdnseurevipbot.secureweb.top/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::ac43:a761 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e7f4ae3d77496807413afb4a0d56451b31667200c0293d3e89df130190e1f10b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
x-guploader-uploadid: ADPycduDGMRVpGCKz12d1-1bSBsOitOTK0r_Ej9bSps-jSVUCEDXoW--zOOqiRQiS6mDFb6GUkKesoGR4zFSLcP_zPNbwwfy-dwz
x-goog-stored-content-encoding: identity
x-origin-time: 2023-10-10 04:33:55 UTC
x-served-by: cache-fra-eddf8230135-FRA
x-timer: S1699340422.715056,VS0,VE1
etag: "98014cde1d5d5ee7342a2bef5387c8a8"
vary: Fastly-SSL, Accept-Encoding
x-goog-generation: 1696611983243709
content-type: image/webp
x-frame-options: DENY
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/icon-dealbook-fc342092e07d3e54c5b740508ec9b956.webp
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 5129
expires: Wed, 09 Oct 2024 04:33:54 GMT
date: Tue, 07 Nov 2023 07:00:21 GMT
strict-transport-security: max-age=63072000; preload; includeSubdomains
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
alt-svc: h3=":443"; ma=86400
content-length: 652
last-modified: Fri, 06 Oct 2023 17:06:23 GMT
server: cloudflare
x-goog-hash: crc32c=/vnRlQ==, md5=mAFM3h1dXuc0KivvU4fIqA==
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=znYDtW4WnuZ7eN4zbweFEPBCg3wVeT4ttkdJriFZK2YE4GyCAfK6icR4osbfeAbVUe9d8mMTqmPTptUSKHxWV4NtR8OVK1Pu7o8gpXsRaQN3hcqnI%2FfvUlt2JNT045NZzblzSotANI5UkGoWiPjvrmrA0zCdLOTLZbKo"}],"group":"cf-nel","max_age":604800}
x-gdpr: 1
x-goog-stored-content-length: 652
accept-ranges: bytes
cf-ray: 8223b2e17dc5c35a-EWR

GET
H2 200 hard-fork-album-art-square320-v2.png
static01.nyt.com/images/2022/09/28/podcasts/hard-fork-album-art/ 116 KB
117 KB 69ms
31ms Image
image/webp 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static01.nyt.com/images/2022/09/28/podcasts/hard-fork-album-art/hard-fork-album-art-square320-v2.png?quality=75&auto=webp&disable=upscale

Requested by

Host: cdnseurevipbot.secureweb.top
URL: https://cdnseurevipbot.secureweb.top/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

5ed9e9f81abee651d7645c6ae932a099ff7595eb893df2bd66306c818adf5a39

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

expires: Tue, 10 Oct 2023 05:34:06 GMT
date: Tue, 07 Nov 2023 07:00:21 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
fastly-io-served-by: vpop-mnz1300714
age: 343695
x-guploader-uploadid: ADPycdulbB1uSrQH1DH1e9iQT9pQg6UhvS1tcY0TPdJHo3hOTQS1o5jGCYT_JzoZfYiGCucP3DPcnlW046xT17NR6eRQ0g
x-cache: HIT, HIT
fastly-io-info: ifsz=171964 idim=320x320 ifmt=png ofsz=118748 odim=320x320 ofmt=webp
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
fastly-stats: io=1
content-length: 118748
x-served-by: cache-iad-kjyo7100038-IAD, cache-lga21943-LGA
server: UploadServer
x-timer: S1699340421.388547,VS0,VE0
etag: "MIre+hRw2cMgJa2uP+CeD5Zo0tG02ZYiidiRIV/6TxQ"
vary: Accept
x-goog-generation: 1666018564084320
content-type: image/webp
access-control-allow-origin: *
x-goog-hash: crc32c=rwW/FQ==, md5=QcPAglE24zD6+D1DXSLedQ==
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-goog-stored-content-length: 171964
x-amz-checksum-crc32c: rwW/FQ==
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 56, 3946

GET
H3 200 icon-read-like-the-wind-b4c96c99529e1967200b4e98206c6371.webp
cdnseurevipbot.secureweb.top/vi-assets/static-assets/ 788 B
2 KB 522ms
515ms Image
image/webp 2606:4700:3031::ac43:a761
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdnseurevipbot.secureweb.top/vi-assets/static-assets/icon-read-like-the-wind-b4c96c99529e1967200b4e98206c6371.webp

Requested by

Host: cdnseurevipbot.secureweb.top
URL: https://cdnseurevipbot.secureweb.top/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::ac43:a761 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

41d61937d6f1b2b8887f735949cb30f7be1f3027a5d495621672f0d8fd3f9d14

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
x-guploader-uploadid: ADPycdso6MjLoxV7P4mDehnu4kBnMgUT16fDu7q_8oDmBLqNHoD0Hen2gIfgtwq4MyjckDiABcshKkjhu1_40MeUHPo4gdAu77-J
x-goog-stored-content-encoding: identity
x-origin-time: 2023-10-11 08:45:39 UTC
x-served-by: cache-fra-eddf8230035-FRA
x-timer: S1699340422.717758,VS0,VE1
etag: "0167446aebebfe34aa60d544d95c5818"
vary: Fastly-SSL, Accept-Encoding
x-goog-generation: 1696611983266512
content-type: image/webp
x-frame-options: DENY
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/icon-read-like-the-wind-b4c96c99529e1967200b4e98206c6371.webp
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 7258
expires: Thu, 10 Oct 2024 08:45:39 GMT
date: Tue, 07 Nov 2023 07:00:21 GMT
strict-transport-security: max-age=63072000; preload; includeSubdomains
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
alt-svc: h3=":443"; ma=86400
content-length: 788
last-modified: Tue, 10 Oct 2023 21:39:05 GMT
server: cloudflare
x-goog-hash: crc32c=z6+8Rg==, md5=AWdEauvr/jSqYNVE2VxYGA==
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=izsAI64v%2Bw8UqIHu0bjVh04YBxoKVjW2x%2FbKs%2FiOkdIPFMg%2FBa%2F9iBS%2B1e5xjBaBw5qzoeWG3A0OvEi0QoipmSeQ5QV7I1USVfCZ8%2FSO2U9YIekiGSVhfAnEsyvYsANolOUP52MCU0Gv%2Fx32wkuuZzNRBzePBD5PgzGe"}],"group":"cf-nel","max_age":604800}
x-gdpr: 1
x-goog-stored-content-length: 788
accept-ranges: bytes
cf-ray: 8223b2e17dc6c35a-EWR

GET
H3 200 icon-watching-0fa860946d704b26aae6f0a562f26011.webp
cdnseurevipbot.secureweb.top/vi-assets/static-assets/ 534 B
2 KB 523ms
516ms Image
image/webp 2606:4700:3031::ac43:a761
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdnseurevipbot.secureweb.top/vi-assets/static-assets/icon-watching-0fa860946d704b26aae6f0a562f26011.webp

Requested by

Host: cdnseurevipbot.secureweb.top
URL: https://cdnseurevipbot.secureweb.top/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::ac43:a761 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc288edaf30d3566c6a43f7db44c69243ef51481f3ae50a4b35868d6ac11706a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
x-guploader-uploadid: ADPycds3MqopKMr99VQjxiuQw0Ih2PpOJ8dooOH9AJ1sUCYsTrOeVKaVGlbaoWAwNnMh67wIvSN8PXXr_Gloe74jMNl6n78bEc6l
x-goog-stored-content-encoding: identity
x-origin-time: 2023-10-11 05:04:22 UTC
x-served-by: cache-fra-eddf8230082-FRA
x-timer: S1699340422.714677,VS0,VE1
etag: "9237616fe80765aedc1571c6438498bc"
vary: Fastly-SSL, Accept-Encoding
x-goog-generation: 1696973945071741
content-type: image/webp
x-frame-options: DENY
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/icon-watching-0fa860946d704b26aae6f0a562f26011.webp
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 1424
expires: Thu, 10 Oct 2024 05:04:22 GMT
date: Tue, 07 Nov 2023 07:00:21 GMT
strict-transport-security: max-age=63072000; preload; includeSubdomains
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
alt-svc: h3=":443"; ma=86400
content-length: 534
last-modified: Tue, 10 Oct 2023 21:39:05 GMT
server: cloudflare
x-goog-hash: crc32c=UOL/EA==, md5=kjdhb+gHZa7cFXHGQ4SYvA==
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qXrJv2%2FksJGUAFnM1bITQqSRTQB3yBUQhCOuRi%2BOOp5MsFQqW8ASzLPabXa3DvxF19gCZHypsYAmMJmsy9eiZP6KNhfsAN12AO7tSyX%2F9VTgLhTj6LbVIdMtWtJATNjkYH0n23x1LwvtDHnXLxJkNK3yf3kO3OE%2BWfmi"}],"group":"cf-nel","max_age":604800}
x-gdpr: 1
x-goog-stored-content-length: 534
accept-ranges: bytes
cf-ray: 8223b2e17dc7c35a-EWR

GET
H2 200 book-review-album-art-v2-thumbLarge-v3.jpg
static01.nyt.com/images/2018/03/27/books/book-review-album-art-v2/ 3 KB
3 KB 72ms
35ms Image
image/webp 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static01.nyt.com/images/2018/03/27/books/book-review-album-art-v2/book-review-album-art-v2-thumbLarge-v3.jpg?quality=75&auto=webp&disable=upscale

Requested by

Host: cdnseurevipbot.secureweb.top
URL: https://cdnseurevipbot.secureweb.top/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

99013b5f831f3762b1a2648e07bb3116d914c5b1539bdf4fe0634602cc26b19e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

expires: Tue, 03 Oct 2023 13:23:18 GMT
date: Tue, 07 Nov 2023 07:00:21 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
fastly-io-served-by: vpop-mnz1300718
age: 580495
x-guploader-uploadid: ADPycdvWAmkx95gCPu14IQ4q4BE3dphI347Cam23BbGkeCIoa-nNMMO9_VMy5Xo8Q1qd4tiwBGGtFt-VA9JTnOfOljAGxQ
x-cache: HIT, HIT
fastly-io-info: ifsz=10250 idim=150x150 ifmt=jpeg ofsz=2772 odim=150x150 ofmt=webp
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
fastly-stats: io=1
content-length: 2772
x-served-by: cache-iad-kjyo7100097-IAD, cache-lga21943-LGA
server: UploadServer
x-timer: S1699340421.388537,VS0,VE0
etag: "f6YZ2ZJovRqmFs0MIuaEVzpH2+CtkFFBiLmf31seml4"
vary: Accept
x-goog-generation: 1662891747534151
content-type: image/webp
access-control-allow-origin: *
x-goog-hash: crc32c=EsOybg==, md5=cjEwJ43bqRCDXcDgnJcMnA==
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-goog-stored-content-length: 10250
x-amz-checksum-crc32c: EsOybg==
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 65, 3849

GET
H2 200 music-popcast-thumbLarge-v3.jpg
static01.nyt.com/images/2011/05/20/multimedia/music-popcast/ 4 KB
4 KB 73ms
36ms Image
image/webp 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static01.nyt.com/images/2011/05/20/multimedia/music-popcast/music-popcast-thumbLarge-v3.jpg?quality=75&auto=webp&disable=upscale

Requested by

Host: cdnseurevipbot.secureweb.top
URL: https://cdnseurevipbot.secureweb.top/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

7e76ec11f2baa0f7948d92891718df73970877050a5b48e2b6fb9b340378a2d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

expires: Tue, 10 Oct 2023 16:00:57 GMT
date: Tue, 07 Nov 2023 07:00:21 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
fastly-io-served-by: vpop-mnz1300701
age: 599780
x-guploader-uploadid: ADPycdt8GLzOK2GA-IX_ZuZPrjYsWk_7iJzaF1bRZysGkxzR67iJrwH3T01KlbrUrDKZ87h5mxJ_z1U3NdBU81wR4hJ1lQ
x-cache: HIT, HIT
fastly-io-info: ifsz=24419 idim=150x150 ifmt=jpeg ofsz=3828 odim=150x150 ofmt=webp
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
fastly-stats: io=1
content-length: 3828
x-served-by: cache-iad-kiad7000117-IAD, cache-lga21943-LGA
server: UploadServer
x-timer: S1699340421.388580,VS0,VE0
etag: "qr3LW0rNOUvnYKyDbm09gWnw94oFzi+G4wvyjqveNos"
vary: Accept
x-goog-generation: 1538741982829422
content-type: image/webp
access-control-allow-origin: *
x-goog-hash: crc32c=VUkWbw==, md5=jSTktUwT+uCRgjlqA0y9BQ==
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-goog-stored-content-length: 24419
x-amz-checksum-crc32c: VUkWbw==
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 931, 3882

GET
H3 200 icon-open-thread-fashion-421b633c9b286165ebaa180a470c1ef9.webp
cdnseurevipbot.secureweb.top/vi-assets/static-assets/ 1 KB
3 KB 524ms
517ms Image
image/webp 2606:4700:3031::ac43:a761
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdnseurevipbot.secureweb.top/vi-assets/static-assets/icon-open-thread-fashion-421b633c9b286165ebaa180a470c1ef9.webp

Requested by

Host: cdnseurevipbot.secureweb.top
URL: https://cdnseurevipbot.secureweb.top/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::ac43:a761 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4ba9c62e2d791768ee9cf91a2257b631d3d3d3e4d0039b2d60affb962b562219

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
x-guploader-uploadid: ADPycduuefHtVsh6hFYFy6cx_r1HPTvPV0m5tu0y1pegocAdA_N8UftkU5LTmSTfs_eB088stHzDyAvID-nN9uRJx4a_6JtKoL3U
x-goog-stored-content-encoding: identity
x-origin-time: 2023-09-26 03:41:01 UTC
x-served-by: cache-fra-eddf8230035-FRA
x-timer: S1699340422.715217,VS0,VE1
etag: "425dea063366376915979217fff73e16"
vary: Fastly-SSL, Accept-Encoding
x-goog-generation: 1695320370182710
content-type: image/webp
x-frame-options: DENY
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/icon-open-thread-fashion-421b633c9b286165ebaa180a470c1ef9.webp
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 7255
expires: Wed, 25 Sep 2024 03:41:01 GMT
date: Tue, 07 Nov 2023 07:00:21 GMT
strict-transport-security: max-age=63072000; preload; includeSubdomains
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
alt-svc: h3=":443"; ma=86400
content-length: 1286
last-modified: Thu, 21 Sep 2023 18:19:30 GMT
server: cloudflare
x-goog-hash: crc32c=kvn+Sw==, md5=Ql3qBjNmN2kVl5IX//c+Fg==
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mlDlXxhw1BDLZ2kZ87HokEj22iCi2gaz0o2AW7Tmq3%2BslGdGDVI%2FRihXkWY6PJn6KSc7wiX6i6ZQrsrzVr0XjWXi8bZEaUo0Ng9v8vZ9uhZgeJoZ4mSZ10LmCBJGzvEuE0dDTnn%2B6PEQKNixE6vMDduhE9ah3u3FcC9e"}],"group":"cf-nel","max_age":604800}
x-gdpr: 1
x-goog-stored-content-length: 1286
accept-ranges: bytes
cf-ray: 8223b2e17dc8c35a-EWR

GET
H3 200 icon-love-letter-fe90fe3ff001ee39f3b90784874c1368.webp
cdnseurevipbot.secureweb.top/vi-assets/static-assets/ 1 KB
3 KB 441ms
434ms Image
image/webp 2606:4700:3031::ac43:a761
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdnseurevipbot.secureweb.top/vi-assets/static-assets/icon-love-letter-fe90fe3ff001ee39f3b90784874c1368.webp

Requested by

Host: cdnseurevipbot.secureweb.top
URL: https://cdnseurevipbot.secureweb.top/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::ac43:a761 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

644159a517427813378bf283fb86f497ef2fd81c8656225b3e209972f0e4ccbb

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
x-guploader-uploadid: ADPycdu_lXRtonvaBEl0mdaPRTUmbCDehBxtwd8bncxodv_sqv0AoklLMjbVYwxq_xZAUwZou07A6xyXactNrylaNfWJsemEfk9g
x-goog-stored-content-encoding: identity
x-origin-time: 2023-09-26 03:41:01 UTC
x-served-by: cache-fra-eddf8230091-FRA
x-timer: S1699340422.713472,VS0,VE1
etag: "681a68b635f1dde16fd3ded972ee2c5e"
vary: Fastly-SSL, Accept-Encoding
x-goog-generation: 1695320370164240
content-type: image/webp
x-frame-options: DENY
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/icon-love-letter-fe90fe3ff001ee39f3b90784874c1368.webp
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 55
expires: Wed, 25 Sep 2024 03:41:01 GMT
date: Tue, 07 Nov 2023 07:00:21 GMT
strict-transport-security: max-age=63072000; preload; includeSubdomains
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
alt-svc: h3=":443"; ma=86400
content-length: 1160
last-modified: Thu, 21 Sep 2023 18:19:30 GMT
server: cloudflare
x-goog-hash: crc32c=Ay99EQ==, md5=aBpotjXx3eFv097Zcu4sXg==
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RrvWHdHeug7JqwTmlOL3YGrCXJ6GqfZI2hEwoZ3dLlUPXRmu8JHZbt3JGF8AGd8URpAMtV6PNtQRDc%2BLLrfLmMeLaPWctyYBBs6nyRwJKv%2Brjy5PIoSShlAKMR%2FaETWTXLcYUhcIpnYEgnLN7pXVWAUgQxb9A0xk92W5"}],"group":"cf-nel","max_age":604800}
x-gdpr: 1
x-goog-stored-content-length: 1160
accept-ranges: bytes
cf-ray: 8223b2e17dc9c35a-EWR

GET
H2 200 modernlove-logo-thumbLarge-v3.jpg
static01.nyt.com/images/2020/09/21/podcasts/modernlove-logo/ 4 KB
5 KB 71ms
35ms Image
image/webp 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static01.nyt.com/images/2020/09/21/podcasts/modernlove-logo/modernlove-logo-thumbLarge-v3.jpg?quality=75&auto=webp&disable=upscale

Requested by

Host: cdnseurevipbot.secureweb.top
URL: https://cdnseurevipbot.secureweb.top/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

9377e1ed8c646a7ae8b8b570821baf287765c047e9dab20fa71a4eb76a40c294

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

expires: Thu, 12 Oct 2023 04:37:54 GMT
date: Tue, 07 Nov 2023 07:00:21 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
fastly-io-served-by: vpop-mnz1300709
age: 418398
x-guploader-uploadid: ADPycdvQICqR0EKmzRjrD-ivRFkfkAbBHmLe9luzvSJagqFZjapl6_qDs1fL8ZutLaeY1XzA7ymEdFB5GPoCn1xTWr9JuA
x-cache: HIT, HIT
fastly-io-info: ifsz=11068 idim=150x150 ifmt=jpeg ofsz=4084 odim=150x150 ofmt=webp
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
fastly-stats: io=1
content-length: 4084
x-served-by: cache-iad-kcgs7200165-IAD, cache-lga21943-LGA
server: UploadServer
x-timer: S1699340421.388567,VS0,VE0
etag: "m/kFRv2O1tFCo0C85yLpe5fDFs//5pFoSBOWMgnJf9E"
vary: Accept
x-goog-generation: 1665608966820623
content-type: image/webp
access-control-allow-origin: *
x-goog-hash: crc32c=BQuLtQ==, md5=p/lR9gCKmtliQRSN6dd/dg==
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-goog-stored-content-length: 11068
x-amz-checksum-crc32c: BQuLtQ==
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 39, 3940

GET
H2 200 matter-of-opinion-album-art-thumbLarge-v2.jpg
static01.nyt.com/images/2023/05/08/podcasts/matter-of-opinion-album-art/ 4 KB
5 KB 62ms
60ms Image
image/webp 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static01.nyt.com/images/2023/05/08/podcasts/matter-of-opinion-album-art/matter-of-opinion-album-art-thumbLarge-v2.jpg?quality=75&auto=webp&disable=upscale

Requested by

Host: cdnseurevipbot.secureweb.top
URL: https://cdnseurevipbot.secureweb.top/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

71b2f4fee2ed4163e1ef309ca22a8a108aab0ba7cfb535d38b33c1ec3718836a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

expires: Mon, 09 Oct 2023 15:38:09 GMT
date: Tue, 07 Nov 2023 07:00:21 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
fastly-io-served-by: vpop-mnz1300710
age: 117361
x-guploader-uploadid: ADPycdtk5koD_zn7P9skTzfWJLQ5B-vvDlnIxsTZY9EMwgZvNVhXx9M3DhB4dhLisIaJsIM9mn8gHLtSZ538XBE83X3B_LBza6Ue
x-cache: HIT, HIT
fastly-io-info: ifsz=12674 idim=150x150 ifmt=jpeg ofsz=4132 odim=150x150 ofmt=webp
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
fastly-stats: io=1
content-length: 4132
x-served-by: cache-iad-kiad7000079-IAD, cache-lga21943-LGA
server: UploadServer
x-timer: S1699340421.421740,VS0,VE0
etag: "yoekWzapvzDgK5g1tJpvXR4Q3abo6OZMw027E8Ag3Fo"
vary: Accept
x-goog-generation: 1685027532007855
content-type: image/webp
access-control-allow-origin: *
x-goog-hash: crc32c=cBstdQ==, md5=af0IeRKwURQQpabIs66V1Q==
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-goog-stored-content-length: 12674
x-amz-checksum-crc32c: cBstdQ==
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 11, 4177

GET
H2 200 ezra-klein-album-art-square320-v2.jpg
static01.nyt.com/images/2021/01/12/podcasts/ezra-klein-album-art/ 9 KB
9 KB 57ms
57ms Image
image/webp 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static01.nyt.com/images/2021/01/12/podcasts/ezra-klein-album-art/ezra-klein-album-art-square320-v2.jpg?quality=75&auto=webp&disable=upscale

Requested by

Host: cdnseurevipbot.secureweb.top
URL: https://cdnseurevipbot.secureweb.top/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

eb66d19d76b2a591f290eb9cbefa2faf0a2c8f90b124cb937270ab4b8adee08e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

expires: Mon, 09 Oct 2023 16:34:12 GMT
date: Tue, 07 Nov 2023 07:00:21 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
fastly-io-served-by: vpop-mnz1300714
age: 502127
x-guploader-uploadid: ADPycduvijOYgrLgV8LIH-vUTUAOb9ZmP34jdGGNlcN2s3QskhgEKi5LdW4pkR_-MkZ3wLnhB3ZOmnf2LqpqAwbt98wu
x-cache: HIT, HIT
fastly-io-info: ifsz=26546 idim=320x320 ifmt=jpeg ofsz=9114 odim=320x320 ofmt=webp
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
fastly-stats: io=1
content-length: 9114
x-served-by: cache-iad-kiad7000062-IAD, cache-lga21943-LGA
server: UploadServer
x-timer: S1699340421.427307,VS0,VE0
etag: "I8CFstK+e/z6clnl3bXOFjL81AzI4rEnG10lPXiE8TY"
vary: Accept
x-goog-generation: 1635784873905458
content-type: image/webp
access-control-allow-origin: *
x-goog-hash: crc32c=bgL3XA==, md5=gRKhpC1X4GNr6vjxBbhc7g==
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-goog-stored-content-length: 26546
x-amz-checksum-crc32c: bgL3XA==
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 28, 3913

GET
H2 200 headlines-albumartwork-audioapp-2-thumbLarge.png
static01.nyt.com/images/2022/10/12/podcasts/headlines-albumartwork-audioapp-2/ 13 KB
13 KB 58ms
58ms Image
image/webp 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static01.nyt.com/images/2022/10/12/podcasts/headlines-albumartwork-audioapp-2/headlines-albumartwork-audioapp-2-thumbLarge.png?quality=75&auto=webp&disable=upscale

Requested by

Host: cdnseurevipbot.secureweb.top
URL: https://cdnseurevipbot.secureweb.top/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

bcbbfe66a2e17c1dbc127ccea0f4fec035d42d51d1741332275026e291d79be8

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

expires: Fri, 20 Oct 2023 14:00:23 GMT
date: Tue, 07 Nov 2023 07:00:21 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
fastly-io-served-by: vpop-mnz1300707
age: 320397
x-guploader-uploadid: ADPycdvcZw_RvVMFlkZc-xVGK9Qm1jixjRMOF1OZQTuJz-ns8UHD7U3fmD1ap8dkm3WKHbSW9KRYqouno2vTFey4_12ZycrQY02c
x-cache: HIT, HIT
fastly-io-info: ifsz=20844 idim=150x150 ifmt=png ofsz=12952 odim=150x150 ofmt=webp
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
fastly-stats: io=1
content-length: 12952
x-served-by: cache-iad-kcgs7200036-IAD, cache-lga21943-LGA
server: UploadServer
x-timer: S1699340421.427284,VS0,VE0
etag: "LbFwq71cDcti1tLA50q2p9CsL0R7Xg7ULZY6QK7bdcY"
vary: Accept
x-goog-generation: 1680812038156789
content-type: image/webp
access-control-allow-origin: *
x-goog-hash: crc32c=5MfQCw==, md5=qqLRi3ewu5a5crO4pskKzg==
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-goog-stored-content-length: 20844
x-amz-checksum-crc32c: 5MfQCw==
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 332, 3988

GET
H3 200 icon-tkorc-e70cf6b0628d964d89952497590a03ba.webp
cdnseurevipbot.secureweb.top/vi-assets/static-assets/ 2 KB
3 KB 320ms
314ms Image
image/webp 2606:4700:3031::ac43:a761
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdnseurevipbot.secureweb.top/vi-assets/static-assets/icon-tkorc-e70cf6b0628d964d89952497590a03ba.webp

Requested by

Host: cdnseurevipbot.secureweb.top
URL: https://cdnseurevipbot.secureweb.top/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::ac43:a761 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f9619e7a1dc4ec09dc3d6c5df8aa6eada684c79482d283459eac511852d5bb3c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
x-guploader-uploadid: ABPtcPoJR8_Ceo8358QBxoVffGi6RvuDGlJYe3k58rTXxuXTKB_FwliDBZA9TF_5GypyQjK1pOMqHFoYW3HfRgB_2eHTHw
x-goog-stored-content-encoding: identity
x-origin-time: 2023-10-26 13:06:31 UTC
x-served-by: cache-fra-eddf8230047-FRA
x-timer: S1699340422.595832,VS0,VE1
etag: "28bc2710ecd2b1d5d9556b8ae390a943"
vary: Fastly-SSL, Accept-Encoding
x-goog-generation: 1698324737243390
content-type: image/webp
x-frame-options: DENY
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/icon-tkorc-e70cf6b0628d964d89952497590a03ba.webp
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 6132
expires: Fri, 25 Oct 2024 13:06:31 GMT
date: Tue, 07 Nov 2023 07:00:21 GMT
strict-transport-security: max-age=63072000; preload; includeSubdomains
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
alt-svc: h3=":443"; ma=86400
content-length: 1954
last-modified: Thu, 26 Oct 2023 12:52:17 GMT
server: cloudflare
x-goog-hash: crc32c=XaQJPw==, md5=KLwnEOzSsdXZVWuK45CpQw==
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ETGawoIqG7wGEekV386vSGnIKQvUBbZ%2FFhg7j9c%2BbRl3rDUHh%2Bjgw70pY%2BNsQIpKGuCOCS8FTIw4xk8CeolPBlUppWUhQygM19URqFh9w%2FSLu5IuGkLFy7kRL6%2BQtp8sc3hdCBICy9P0yhx62UUuEzLjZcgM3qMiEJxn"}],"group":"cf-nel","max_age":604800}
x-gdpr: 1
x-goog-stored-content-length: 1954
accept-ranges: bytes
cf-ray: 8223b2e17dcac35a-EWR

GET
H3 200 icon-reporter-reads-75f75d9ff93c918be35824c2d9920ab6.webp
cdnseurevipbot.secureweb.top/vi-assets/static-assets/ 448 B
2 KB 544ms
538ms Image
image/webp 2606:4700:3031::ac43:a761
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdnseurevipbot.secureweb.top/vi-assets/static-assets/icon-reporter-reads-75f75d9ff93c918be35824c2d9920ab6.webp

Requested by

Host: cdnseurevipbot.secureweb.top
URL: https://cdnseurevipbot.secureweb.top/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::ac43:a761 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7c65354f69fbaf3704fa399fb2755f8f1e12a4febd45037a125f17de050fca7c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
x-guploader-uploadid: ABPtcPq76oy3MDqLvMzqSBoYv_YqZSd4j60B7igqvJlaMW1nb5Jhjkh07_KY3RUk-NmfPYdcTk66ZpTm8coMVxvzRrm27w
x-goog-stored-content-encoding: identity
x-origin-time: 2023-10-23 16:19:28 UTC
x-served-by: cache-fra-eddf8230138-FRA
x-timer: S1699340422.715521,VS0,VE1
etag: "519c1a44c1767defa217a278d164b36c"
vary: Fastly-SSL, Accept-Encoding
x-goog-generation: 1698077567247330
content-type: image/webp
x-frame-options: DENY
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/icon-reporter-reads-75f75d9ff93c918be35824c2d9920ab6.webp
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 2017
expires: Tue, 22 Oct 2024 16:19:20 GMT
date: Tue, 07 Nov 2023 07:00:21 GMT
strict-transport-security: max-age=63072000; preload; includeSubdomains
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
alt-svc: h3=":443"; ma=86400
content-length: 448
last-modified: Mon, 23 Oct 2023 16:12:47 GMT
server: cloudflare
x-goog-hash: crc32c=CbwOcA==, md5=UZwaRMF2fe+iF6J40WSzbA==
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fSioZiKGtW%2FcYxWlMxbRan84JB5N72982KEtrFWxvat5XbTxidFqaJ6hWYfSO2Nx479BCwyww07HLtzY38TtwKSiCz%2F3B2vSVLYVeAAcdwNhGFosZV90JZPHF1TjX7p7Ci4DxciY7lRB4%2F66lP1%2FC5qcOj55XWLxLX5n"}],"group":"cf-nel","max_age":604800}
x-gdpr: 1
x-goog-stored-content-length: 448
accept-ranges: bytes
cf-ray: 8223b2e17dcbc35a-EWR

GET
H3 200 icon-audio-cd2b56214bd17df62dd56b8c8f2bc0da.webp
cdnseurevipbot.secureweb.top/vi-assets/static-assets/ 424 B
2 KB 323ms
317ms Image
image/webp 2606:4700:3031::ac43:a761
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdnseurevipbot.secureweb.top/vi-assets/static-assets/icon-audio-cd2b56214bd17df62dd56b8c8f2bc0da.webp

Requested by

Host: cdnseurevipbot.secureweb.top
URL: https://cdnseurevipbot.secureweb.top/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::ac43:a761 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5d7824c56fadbab811bb6be7b48d8eec8fd4269877246eeed5b9b33d1a953292

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
x-guploader-uploadid: ABPtcPrBBs9rZs1jtcwtEYJIQTt59phg4G20Xa7F5dhWprIf1V9FY9DbWLyPO9q-cWbtiGelbducRakhxG9ACqkRiX7Xaw
x-goog-stored-content-encoding: identity
x-origin-time: 2023-10-23 16:19:28 UTC
x-served-by: cache-fra-eddf8230039-FRA
x-timer: S1699340422.596411,VS0,VE1
etag: "ca44229b7404d9077baf5bd2f0fcebb0"
vary: Fastly-SSL, Accept-Encoding
x-goog-generation: 1698077567160430
content-type: image/webp
x-frame-options: DENY
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/icon-audio-cd2b56214bd17df62dd56b8c8f2bc0da.webp
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 7328
expires: Tue, 22 Oct 2024 16:19:20 GMT
date: Tue, 07 Nov 2023 07:00:21 GMT
strict-transport-security: max-age=63072000; preload; includeSubdomains
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
alt-svc: h3=":443"; ma=86400
content-length: 424
last-modified: Mon, 23 Oct 2023 16:12:47 GMT
server: cloudflare
x-goog-hash: crc32c=m+UYtg==, md5=ykQim3QE2Qd7r1vS8PzrsA==
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nmwLYTn1L%2B3aGXVcVU9wEDEerG2VHYHtasnTHJ2FsGAvrP1isTzR3f66R05g8z4%2FM2zDP3ch8Wo9zwrDOBV3WWtU76uhs7Z%2FaNXMyXpBeqWpUYIIEO3z8xMuVLkeDl0Kfao6FN1JbhQaRVcPIcN9RxMjrMuBz6LYT4E0"}],"group":"cf-nel","max_age":604800}
x-gdpr: 1
x-goog-stored-content-length: 424
accept-ranges: bytes
cf-ray: 8223b2e17dccc35a-EWR

GET
H3 200 icon-gameplay-0e0a0696c194512474af7462274eaa97.webp
cdnseurevipbot.secureweb.top/vi-assets/static-assets/ 516 B
2 KB 344ms
338ms Image
image/webp 2606:4700:3031::ac43:a761
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdnseurevipbot.secureweb.top/vi-assets/static-assets/icon-gameplay-0e0a0696c194512474af7462274eaa97.webp

Requested by

Host: cdnseurevipbot.secureweb.top
URL: https://cdnseurevipbot.secureweb.top/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::ac43:a761 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

20a1e05cca983d2c838b5637de79857db90bd69705e38126260f9dca7fc29186

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
x-guploader-uploadid: ADPycdvK6tE7bY93zJbYzBIaGZbNuVMmMw6mohhBPY6dxgB5wrhNj0Zze3eCPgkHKKuPh9MeiYqWRooqUSf8etUq97bc6Q
x-goog-stored-content-encoding: identity
x-origin-time: 2023-09-25 22:54:22 UTC
x-served-by: cache-fra-eddf8230136-FRA
x-timer: S1699340422.606121,VS0,VE1
etag: "8fb0705de15ee3fb853d82b64fc3fbfa"
vary: Fastly-SSL, Accept-Encoding
x-goog-generation: 1695320370148652
content-type: image/webp
x-frame-options: DENY
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/icon-gameplay-0e0a0696c194512474af7462274eaa97.webp
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 7350
expires: Tue, 24 Sep 2024 22:54:22 GMT
date: Tue, 07 Nov 2023 07:00:21 GMT
strict-transport-security: max-age=63072000; preload; includeSubdomains
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
alt-svc: h3=":443"; ma=86400
content-length: 516
last-modified: Thu, 21 Sep 2023 18:19:30 GMT
server: cloudflare
x-goog-hash: crc32c=6krs5Q==, md5=j7BwXeFe4/uFPYK2T8P7+g==
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l1%2BeDD6edpu9PayxaZhU8vP3xCH7YFGSzE8wDfkpuqohMXPaF1olbjMLnA0mPfqUBeqUw2ZNN8Eb%2BWTUSOhcKTTFwVl3RC90RfyCuThXFt6hrpUlot2Dbxohl%2BkmFtAwuzcKmvpZlRbmc2vb%2FtHUrjgvpFoZrYWjThQB"}],"group":"cf-nel","max_age":604800}
x-gdpr: 1
x-goog-stored-content-length: 516
accept-ranges: bytes
cf-ray: 8223b2e17dcdc35a-EWR

GET
H3 200 icon-cooking-276e5519a9df3d2697b666fb95ddd69b.webp
cdnseurevipbot.secureweb.top/vi-assets/static-assets/ 748 B
2 KB 557ms
551ms Image
image/webp 2606:4700:3031::ac43:a761
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdnseurevipbot.secureweb.top/vi-assets/static-assets/icon-cooking-276e5519a9df3d2697b666fb95ddd69b.webp

Requested by

Host: cdnseurevipbot.secureweb.top
URL: https://cdnseurevipbot.secureweb.top/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::ac43:a761 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f2e4eb2e6499e7805732b936694778a0547e32010bca773807743cfcd8e4b049

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
x-guploader-uploadid: ADPycdvsz11sa0IdpDTp5WBrGL7YqqZu48D6WMG7VNDpe6bM1w_YcVWTbfV1Cg1tmmiOaJhPNSnwMBuVmsCXG0jDjovEdw
x-goog-stored-content-encoding: identity
x-origin-time: 2023-09-26 03:15:42 UTC
x-served-by: cache-fra-eddf8230132-FRA
x-timer: S1699340422.715558,VS0,VE1
etag: "9894fb012dcd739cdcecf1bc31d507a4"
vary: Fastly-SSL, Accept-Encoding
x-goog-generation: 1695320370124229
content-type: image/webp
x-frame-options: DENY
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/icon-cooking-276e5519a9df3d2697b666fb95ddd69b.webp
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 5092
expires: Wed, 25 Sep 2024 03:15:41 GMT
date: Tue, 07 Nov 2023 07:00:21 GMT
strict-transport-security: max-age=63072000; preload; includeSubdomains
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
alt-svc: h3=":443"; ma=86400
content-length: 748
last-modified: Thu, 21 Sep 2023 18:19:30 GMT
server: cloudflare
x-goog-hash: crc32c=PJBKmg==, md5=mJT7AS3Nc5zc7PG8MdUHpA==
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZFl49DtDH2z6X9e6gwv%2BFQ3jTAMbs%2BZf28Z0f171hv3ldqB0n8k2jZumETXZkGFT%2By0B6lVQyYrUvQe4m6s5n88LQUMTXHft4lACpUXTUWw776dsPuOVZVs508AaqFStA0u1HejWvGYQGVGqIbLDfdy87KNZWhyNxDct"}],"group":"cf-nel","max_age":604800}
x-gdpr: 1
x-goog-stored-content-length: 748
accept-ranges: bytes
cf-ray: 8223b2e17dcfc35a-EWR

GET
H3 200 icon-the-veggie-f7c053c8b480b183342a9514c3b2787c.webp
cdnseurevipbot.secureweb.top/vi-assets/static-assets/ 2 KB
4 KB 570ms
564ms Image
image/webp 2606:4700:3031::ac43:a761
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdnseurevipbot.secureweb.top/vi-assets/static-assets/icon-the-veggie-f7c053c8b480b183342a9514c3b2787c.webp

Requested by

Host: cdnseurevipbot.secureweb.top
URL: https://cdnseurevipbot.secureweb.top/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::ac43:a761 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4af9b52b5cf0f6a694ec51e283ccabc662be7881a3ecefecccf5441a687a894a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
x-guploader-uploadid: ADPycdtlejB7noJVh42oOzOrOYF7YqP_k9kroIdXIbUMFBqT4tEJfW-W5MjgFANuKigV-unYnop-q9CVS-xWIv4u8unUww
x-goog-stored-content-encoding: identity
x-origin-time: 2023-10-03 05:35:43 UTC
x-served-by: cache-fra-eddf8230092-FRA
x-timer: S1699340422.716983,VS0,VE1
etag: "75dce34b2cab91f7347cbe697eaec668"
vary: Fastly-SSL, Accept-Encoding
x-goog-generation: 1695922492235768
content-type: image/webp
x-frame-options: DENY
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/icon-the-veggie-f7c053c8b480b183342a9514c3b2787c.webp
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 1782
expires: Wed, 02 Oct 2024 05:14:16 GMT
date: Tue, 07 Nov 2023 07:00:21 GMT
strict-transport-security: max-age=63072000; preload; includeSubdomains
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
alt-svc: h3=":443"; ma=86400
content-length: 2122
last-modified: Thu, 28 Sep 2023 17:34:52 GMT
server: cloudflare
x-goog-hash: crc32c=ORbazQ==, md5=ddzjSyyrkfc0fL5pfq7GaA==
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pP8%2FYH03BDSfTqOK2AkVmMLaQmlDw6o1tVFyc8RC%2BECFz7Ga2kOPk9kX6eInKPR1buKD%2FtkgJL2U2UWr6j9FTI%2B0BcY9b7xhl5VMCrgpEZJljDQkPmT4eP4UeE7AiTWp%2FuqAS5DrksfHv4Dt0pdB%2Bb3OcgYsUSNPX6mt"}],"group":"cf-nel","max_age":604800}
x-gdpr: 1
x-goog-stored-content-length: 2122
accept-ranges: bytes
cf-ray: 8223b2e17dd0c35a-EWR

GET
H3 200 icon-five-weeknight-dishes-9a372f22fce6bcf493f7c31a8e3220e7.webp
cdnseurevipbot.secureweb.top/vi-assets/static-assets/ 1 KB
3 KB 595ms
589ms Image
image/webp 2606:4700:3031::ac43:a761
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdnseurevipbot.secureweb.top/vi-assets/static-assets/icon-five-weeknight-dishes-9a372f22fce6bcf493f7c31a8e3220e7.webp

Requested by

Host: cdnseurevipbot.secureweb.top
URL: https://cdnseurevipbot.secureweb.top/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::ac43:a761 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c4fd486c427aff4879822fc8e342979aa0110d283582bbee589cb941de95f39f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
x-guploader-uploadid: ADPycdsFk6Fz1XOly_cCriETjlye1zECS1lpXPj8X3kIk4-7UUzN7HvLMoxWSAXDMFD8RZ7mW9GztoaTnof5UrJyUJGzKw
x-goog-stored-content-encoding: identity
x-origin-time: 2023-09-20 00:58:41 UTC
x-served-by: cache-fra-eddf8230087-FRA
x-timer: S1699340422.714087,VS0,VE1
etag: "2b654162f60dd23c00417299cce80666"
vary: Fastly-SSL, Accept-Encoding
x-goog-generation: 1695162144943567
content-type: image/webp
x-frame-options: DENY
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/icon-five-weeknight-dishes-9a372f22fce6bcf493f7c31a8e3220e7.webp
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 7217
expires: Thu, 19 Sep 2024 00:58:41 GMT
date: Tue, 07 Nov 2023 07:00:21 GMT
strict-transport-security: max-age=63072000; preload; includeSubdomains
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
alt-svc: h3=":443"; ma=86400
content-length: 1486
last-modified: Tue, 19 Sep 2023 22:22:25 GMT
server: cloudflare
x-goog-hash: crc32c=125xEQ==, md5=K2VBYvYN0jwAQXKZzOgGZg==
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CVtOkRJ1XHs0rp7y76sGirf0tPd7dRY4h%2B7XAF4xOJCYBJG9PMhWa7sUxCZ5z3Ok%2FBnz%2FqDlrDhevqzmB9zuK7t7y%2BCeK8L%2FJo%2B%2BBslwbUFd%2FMSz03XDiqLJhp7%2F7Q8I%2BfJBD0w%2F8OrK8LPZZ3aLRIM1sT8Lu%2FwBF08T"}],"group":"cf-nel","max_age":604800}
x-gdpr: 1
x-goog-stored-content-length: 1486
accept-ranges: bytes
cf-ray: 8223b2e17dd1c35a-EWR

GET
H3 200 icon-the-recommendation-b43bb0e154cda17a4b232f1105511a28.webp
cdnseurevipbot.secureweb.top/vi-assets/static-assets/ 480 B
2 KB 597ms
592ms Image
image/webp 2606:4700:3031::ac43:a761
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdnseurevipbot.secureweb.top/vi-assets/static-assets/icon-the-recommendation-b43bb0e154cda17a4b232f1105511a28.webp

Requested by

Host: cdnseurevipbot.secureweb.top
URL: https://cdnseurevipbot.secureweb.top/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::ac43:a761 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

832c2e84f40e3512fc4a9326e54e6c3a8e8b91d691dd601e5716ab8b4cd01f32

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
x-guploader-uploadid: ADPycducmF4HmdyYvD01LNYz1e6efLt4DL7lxz6rF5NTRI4gIuq_Y3CK85DOzjHxUU-WcmeU4AT8EVYITjj3FQ9h2Y4XEw
x-goog-stored-content-encoding: identity
x-origin-time: 2023-10-03 07:56:37 UTC
x-served-by: cache-fra-eddf8230128-FRA
x-timer: S1699340422.714995,VS0,VE1
etag: "31e3b5a35faa43e94c8692daca44339a"
vary: Fastly-SSL, Accept-Encoding
x-goog-generation: 1695922492236156
content-type: image/webp
x-frame-options: DENY
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/icon-the-recommendation-b43bb0e154cda17a4b232f1105511a28.webp
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 1910
expires: Wed, 02 Oct 2024 07:56:37 GMT
date: Tue, 07 Nov 2023 07:00:21 GMT
strict-transport-security: max-age=63072000; preload; includeSubdomains
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
alt-svc: h3=":443"; ma=86400
content-length: 480
last-modified: Thu, 28 Sep 2023 17:34:52 GMT
server: cloudflare
x-goog-hash: crc32c=qzwDhg==, md5=MeO1o1+qQ+lMhpLaykQzmg==
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pRWhcfSfraU%2FYZtzQpYv1rD2unVIO5jAkB3ai5XZnm267vi2MOLbrcBBX6J%2Bm%2FDfUrAsGhcGI10581vViNbJ5V5tuEDSZPud3qYB%2B15ZWsjn%2BTnXKG6DiNOkSl2hTRsejSVWIObooxhfEepxpPwj8qjQuzjg%2FnqcXnyQ"}],"group":"cf-nel","max_age":604800}
x-gdpr: 1
x-goog-stored-content-length: 480
accept-ranges: bytes
cf-ray: 8223b2e17dd3c35a-EWR

GET
H3 200 icon-clean-everything-2ec25627f12347716015757e012ec04b.webp
cdnseurevipbot.secureweb.top/vi-assets/static-assets/ 1 KB
3 KB 602ms
597ms Image
image/webp 2606:4700:3031::ac43:a761
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdnseurevipbot.secureweb.top/vi-assets/static-assets/icon-clean-everything-2ec25627f12347716015757e012ec04b.webp

Requested by

Host: cdnseurevipbot.secureweb.top
URL: https://cdnseurevipbot.secureweb.top/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::ac43:a761 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

11cad19b226383c7e859031e5cd320644ad1a33d12abc2689a4d3bdbc8253ab7

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
x-guploader-uploadid: ADPycdsAqHPKXdV_mgZJzgPAu4j6UnV35NSQhv1F4RSjkJq0-DJg6OSVfjBgsuslELUCCQuphJDolgXjtPFMBiuhmjGgYQ
x-goog-stored-content-encoding: identity
x-origin-time: 2023-09-26 23:32:28 UTC
x-served-by: cache-fra-eddf8230139-FRA
x-timer: S1699340422.715892,VS0,VE1
etag: "1d11a29b40906c218d08fd261c621573"
vary: Fastly-SSL, Accept-Encoding
x-goog-generation: 1695320370149351
content-type: image/webp
x-frame-options: DENY
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/icon-clean-everything-2ec25627f12347716015757e012ec04b.webp
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 647
expires: Wed, 25 Sep 2024 23:32:28 GMT
date: Tue, 07 Nov 2023 07:00:21 GMT
strict-transport-security: max-age=63072000; preload; includeSubdomains
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
alt-svc: h3=":443"; ma=86400
content-length: 1314
last-modified: Thu, 21 Sep 2023 18:19:30 GMT
server: cloudflare
x-goog-hash: crc32c=dd5g7A==, md5=HRGim0CQbCGNCP0mHGIVcw==
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PABk86CiNewWjNQNECsrwFhgIyoVJHVZR7mEy7EclLxuNosJWKY5TSFRXxEz%2BKggA5whO7VRqCkTfx4nNC%2B97JO2u2Fx%2B%2BH1tJQpw0DfyPl92%2BG5ycE0I2MTTHZvfnCVHNOh%2BGBx%2BLmlzwcSlXXBijiL5sppOtRJgDFP"}],"group":"cf-nel","max_age":604800}
x-gdpr: 1
x-goog-stored-content-length: 1314
accept-ranges: bytes
cf-ray: 8223b2e17dd4c35a-EWR

GET
H3 200 icon-athletic-pulse-bc1160f70031b452aec5578d67207a0a.webp
cdnseurevipbot.secureweb.top/vi-assets/static-assets/ 2 KB
3 KB 631ms
625ms Image
image/webp 2606:4700:3031::ac43:a761
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdnseurevipbot.secureweb.top/vi-assets/static-assets/icon-athletic-pulse-bc1160f70031b452aec5578d67207a0a.webp

Requested by

Host: cdnseurevipbot.secureweb.top
URL: https://cdnseurevipbot.secureweb.top/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::ac43:a761 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4d3928e5b934069fa3b78d716121fd1838737cb5b1aecd98b82e62982435ada6

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
x-guploader-uploadid: ADPycdtdW4kWU-kY6kyTVymXq8lqDjGUJtyfVrG0CCINp-5JuxjgJq3u9uLAzpPsUHiz0sV0EfCLKRdKdofGp8L06D-NshlI342I
x-goog-stored-content-encoding: identity
x-origin-time: 2023-10-04 17:13:19 UTC
x-served-by: cache-fra-eddf8230131-FRA
x-timer: S1699340422.646192,VS0,VE1
etag: "8b7a3436254e062758ee1da7e31172ca"
vary: Fastly-SSL, Accept-Encoding
x-goog-generation: 1696434463124960
content-type: image/webp
x-frame-options: DENY
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/icon-athletic-pulse-bc1160f70031b452aec5578d67207a0a.webp
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 20
expires: Thu, 03 Oct 2024 17:13:19 GMT
date: Tue, 07 Nov 2023 07:00:21 GMT
strict-transport-security: max-age=63072000; preload; includeSubdomains
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
alt-svc: h3=":443"; ma=86400
content-length: 1686
last-modified: Wed, 04 Oct 2023 15:47:43 GMT
server: cloudflare
x-goog-hash: crc32c=IKGGXA==, md5=i3o0NiVOBidY7h2n4xFyyg==
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UJyxtcAur2k%2BG%2BcqvSVlEv69B3KTHI8%2FrH1z%2BoiV9dnRnXCTnuU%2BegxXB1Z2ElRPJr4YgxjUIQ3dszD10VeWvnwAu%2BkyMUd2sPLs%2B1UjsO9LLq4Ux3oaod6L8%2BmQtJRyG4CCO1WIKkZEMB386eur99G3RJIzRJxNPmnx"}],"group":"cf-nel","max_age":604800}
x-gdpr: 1
x-goog-stored-content-length: 1686
accept-ranges: bytes
cf-ray: 8223b2e17dd5c35a-EWR

GET
H3 200 icon-athletic-windup-d4cce80f590773db71172618038e5787.webp
cdnseurevipbot.secureweb.top/vi-assets/static-assets/ 2 KB
3 KB 351ms
346ms Image
image/webp 2606:4700:3031::ac43:a761
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdnseurevipbot.secureweb.top/vi-assets/static-assets/icon-athletic-windup-d4cce80f590773db71172618038e5787.webp

Requested by

Host: cdnseurevipbot.secureweb.top
URL: https://cdnseurevipbot.secureweb.top/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::ac43:a761 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e9b1bcc8b7f6c40a146c67b1ae4d804d1a00f9374ebd5ce5b4f2de65ff69cc6

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
x-guploader-uploadid: ADPycdv31GUwP6zxkqgYgnoYYHdPTDYmLCFrGpChrlV40DQ2k2RQMc3bIshybgWbLJ_1cqy-HBmpYpfMYwAJTymtvEsqvQ
x-goog-stored-content-encoding: identity
x-origin-time: 2023-10-03 05:35:42 UTC
x-served-by: cache-fra-eddf8230069-FRA
x-timer: S1699340422.630461,VS0,VE1
etag: "cbf08c4ea3747245058f541d8fd30518"
vary: Fastly-SSL, Accept-Encoding
x-goog-generation: 1695922492049625
content-type: image/webp
x-frame-options: DENY
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/icon-athletic-windup-d4cce80f590773db71172618038e5787.webp
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 1904
expires: Wed, 02 Oct 2024 05:35:42 GMT
date: Tue, 07 Nov 2023 07:00:21 GMT
strict-transport-security: max-age=63072000; preload; includeSubdomains
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
alt-svc: h3=":443"; ma=86400
content-length: 1810
last-modified: Thu, 28 Sep 2023 17:34:52 GMT
server: cloudflare
x-goog-hash: crc32c=DU5MYg==, md5=y/CMTqN0ckUFj1Qdj9MFGA==
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FUE%2FYesEySgBycYwNULIfq9aj4QdNCMYa0QfGuQpEUSmmseubmjureLQhhSTzEXYdJR7OxRPlVyUcVo86nbNewZb5WPvlKW7Z3wTqIRrsr69bK%2FBPqE%2BjuQnJSevs0NDFWpfUD6R3DGe2fDM8WES0o5oJwSB9ainc8VY"}],"group":"cf-nel","max_age":604800}
x-gdpr: 1
x-goog-stored-content-length: 1810
accept-ranges: bytes
cf-ray: 8223b2e17dd7c35a-EWR

GET
H3 200 icon-athletic-bounce-6b7dccf3bd213cda0ff4e4dcaaff59e9.webp
cdnseurevipbot.secureweb.top/vi-assets/static-assets/ 2 KB
4 KB 376ms
370ms Image
image/webp 2606:4700:3031::ac43:a761
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdnseurevipbot.secureweb.top/vi-assets/static-assets/icon-athletic-bounce-6b7dccf3bd213cda0ff4e4dcaaff59e9.webp

Requested by

Host: cdnseurevipbot.secureweb.top
URL: https://cdnseurevipbot.secureweb.top/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::ac43:a761 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1b212ea12e667d35e7127d3c59788897d07d32a661336ccf122b02af12fab96d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
x-guploader-uploadid: ADPycdsv26WI3rnaCR9SEuuab76COBGnEf4otBMo5ocDO6YMvuaIC0NNNgdUbWFz1G88DR3CcQ8jqzwQDE8CBS8m8fcrwg
x-goog-stored-content-encoding: identity
x-origin-time: 2023-10-10 06:47:28 UTC
x-served-by: cache-fra-eddf8230133-FRA
x-timer: S1699340422.646842,VS0,VE1
etag: "6da573b90ea5519ac60ae64a15664824"
vary: Fastly-SSL, Accept-Encoding
x-goog-generation: 1696611983236738
content-type: image/webp
x-frame-options: DENY
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/icon-athletic-bounce-6b7dccf3bd213cda0ff4e4dcaaff59e9.webp
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 3285
expires: Wed, 09 Oct 2024 06:47:28 GMT
date: Tue, 07 Nov 2023 07:00:21 GMT
strict-transport-security: max-age=63072000; preload; includeSubdomains
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
alt-svc: h3=":443"; ma=86400
content-length: 2074
last-modified: Fri, 06 Oct 2023 17:06:23 GMT
server: cloudflare
x-goog-hash: crc32c=JIYI5Q==, md5=baVzuQ6lUZrGCuZKFWZIJA==
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Kbe2tl5VSbZr0bb85HrfBThWqGvWyFRVSjI8HYCkyxKAUsCwK5fCwpGayXcIzrv67LESDxtCT5rKjE7rRY0GS826rlF8Q8mmgbavgW4gpOMKGfGixehKuHahHvPuMfQ3MF60u6idxn1VPlZvQhzmUuqpnhQ5HHfp9cfG"}],"group":"cf-nel","max_age":604800}
x-gdpr: 1
x-goog-stored-content-length: 2074
accept-ranges: bytes
cf-ray: 8223b2e17dd8c35a-EWR

GET
H3 200 icon-athletic-fulltime-3e238b9729ef70e0c8c715f60d632cd2.webp
cdnseurevipbot.secureweb.top/vi-assets/static-assets/ 2 KB
3 KB 631ms
626ms Image
image/webp 2606:4700:3031::ac43:a761
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdnseurevipbot.secureweb.top/vi-assets/static-assets/icon-athletic-fulltime-3e238b9729ef70e0c8c715f60d632cd2.webp

Requested by

Host: cdnseurevipbot.secureweb.top
URL: https://cdnseurevipbot.secureweb.top/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::ac43:a761 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8bafef9de45070f320e6d34730a285286b7b00ae2fbc1757ef49b1ff21d80c24

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
x-guploader-uploadid: ADPycducbUMW3sAmEoDuJePVgK3ARkAp2W93nsbjDMLoX9XkaZ3jmZ6P-bsL83HKRl_70xKeFnHLANHVBJwAfXYzc0IinA
x-goog-stored-content-encoding: identity
x-origin-time: 2023-10-10 06:47:28 UTC
x-served-by: cache-fra-eddf8230135-FRA
x-timer: S1699340422.716982,VS0,VE1
etag: "b7137a8997feaa89747ffa6457a58125"
vary: Fastly-SSL, Accept-Encoding
x-goog-generation: 1696611983251211
content-type: image/webp
x-frame-options: DENY
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/icon-athletic-fulltime-3e238b9729ef70e0c8c715f60d632cd2.webp
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 7440
expires: Wed, 09 Oct 2024 06:47:28 GMT
date: Tue, 07 Nov 2023 07:00:21 GMT
strict-transport-security: max-age=63072000; preload; includeSubdomains
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
alt-svc: h3=":443"; ma=86400
content-length: 1800
last-modified: Fri, 06 Oct 2023 17:06:23 GMT
server: cloudflare
x-goog-hash: crc32c=iEBX8g==, md5=txN6iZf+qol0f/pkV6WBJQ==
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7YuGxluRnCsFGFLrE173ffow2LdJc%2FdaRZToVudL23OCzrMhai2tPOUdE35bwe8SoiA5rShq5x6YU4DgIObcLpZ50BufUvyn%2BoVT%2BmyFVUsDG2R1USDRXC6r8SNk7lxuyIxolylE7kwBaDMz3Kcy2CNTkWw2b6F9CNmJ"}],"group":"cf-nel","max_age":604800}
x-gdpr: 1
x-goog-stored-content-length: 1800
accept-ranges: bytes
cf-ray: 8223b2e17dd9c35a-EWR

GET
H2 200 06china-debt-01-cmpl-threeByTwoSmallAt2X.jpg
static01.nyt.com/images/2023/11/06/multimedia/06china-debt-01-cmpl/ 48 KB
48 KB 63ms
63ms Image
image/webp 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static01.nyt.com/images/2023/11/06/multimedia/06china-debt-01-cmpl/06china-debt-01-cmpl-threeByTwoSmallAt2X.jpg?format=pjpg&quality=75&auto=webp&disable=upscale

Requested by

Host: cdnseurevipbot.secureweb.top
URL: https://cdnseurevipbot.secureweb.top/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

15bb3ffc59f462f8200d11db9a59ac35b5ed9b197e6d20596fc68fa16e73de69

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

expires: Mon, 06 Nov 2023 23:01:05 GMT
date: Tue, 07 Nov 2023 07:00:21 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
fastly-io-served-by: vpop-mnz1300707
age: 28756
x-guploader-uploadid: ABPtcPorl02Bci88W-6cVAcsm5Qd4INyhypxcn6Z8xC3rkHPrs-KLmmjkSbVJ-UyfrP12S2eMGQ
x-cache: HIT, HIT
fastly-io-info: ifsz=95374 idim=600x400 ifmt=jpeg ofsz=49134 odim=600x400 ofmt=webp
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
fastly-stats: io=1
content-length: 49134
x-served-by: cache-iad-kcgs7200058-IAD, cache-lga21943-LGA
server: UploadServer
x-timer: S1699340421.427570,VS0,VE0
etag: "h+Z5p4WR+ME0onW+a6+QWsq0l+HxHk3KCpG4wV8z0ZE"
vary: Accept
x-goog-generation: 1699311607255206
content-type: image/webp
access-control-allow-origin: *
x-goog-hash: crc32c=sKxTAA==, md5=+uvVBYx7nAKJWpx8CzYjaQ==
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-goog-stored-content-length: 95374
x-amz-checksum-crc32c: sKxTAA==
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 1, 217

GET
H3 200 vendor-604cacae1060c88c58e5.js Show response
cdnseurevipbot.secureweb.top/vi-assets/static-assets/ 167 KB
47 KB 632ms
627ms Script
application/javascript 2606:4700:3031::ac43:a761
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnseurevipbot.secureweb.top/vi-assets/static-assets/vendor-604cacae1060c88c58e5.js

Requested by

Host: cdnseurevipbot.secureweb.top
URL: https://cdnseurevipbot.secureweb.top/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::ac43:a761 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d1afec1ae97e85059d8bc36b774818c924a47040f9a956870e719e7ce231dc0d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-encoding: br
x-guploader-uploadid: ADPycdssnJRkTVQo-P8TTvKXDRhd4hjDG3IT_XIX4QyYREvgDtgttGrlHxegNNpfrFFpDSDRqDPCdj8WIuftwjeGbrRisQ
x-goog-stored-content-encoding: identity
x-origin-time: 2023-10-19 20:24:17 UTC
x-served-by: cache-fra-eddf8230130-FRA
x-timer: S1699340422.716940,VS0,VE1
etag: W/"a3e34db94111a24b5c375a7c945787ec"
vary: Accept-Encoding, Fastly-SSL
x-goog-generation: 1697746482558466
content-type: application/javascript
x-frame-options: DENY
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/vendor-604cacae1060c88c58e5.js
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 22479
expires: Fri, 18 Oct 2024 20:24:17 GMT
date: Tue, 07 Nov 2023 07:00:21 GMT
strict-transport-security: max-age=63072000; preload; includeSubdomains
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 19 Oct 2023 20:14:42 GMT
server: cloudflare
x-goog-hash: crc32c=k05IUQ==, md5=o+NNuUERoktcN1p8lFeH7A==
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O6ziI8YoPKeBxE%2BEYLtMHOdNcAnBAL5Id6OETDMLIOskVe8bKUO%2Fdt9TJERqx97m0CK2HB6sqpWv4BHOmvVtZ%2Fti7sn4rAT2yIvqeu2Q4G9250RALHQjI%2FDxjcU1Mcbuy8f00BhAT5q5qCf20bLKxdh0LdcUrqYevwYm"}],"group":"cf-nel","max_age":604800}
x-gdpr: 1
x-goog-stored-content-length: 171082
cf-ray: 8223b2e17ddac35a-EWR

GET
H3 200 home-ff32cdab3f151164e72c.js Show response
cdnseurevipbot.secureweb.top/vi-assets/static-assets/ 790 KB
176 KB 952ms
948ms Script
application/javascript 2606:4700:3031::ac43:a761
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnseurevipbot.secureweb.top/vi-assets/static-assets/home-ff32cdab3f151164e72c.js

Requested by

Host: cdnseurevipbot.secureweb.top
URL: https://cdnseurevipbot.secureweb.top/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::ac43:a761 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0b75f1263c2e4a65318c576d3de943c8792d344b061a366548a1bb93ff8942aa

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-encoding: br
x-guploader-uploadid: ABPtcPoyRREN2X49l9oB4W2KWHRUa_ZTsLq1Gj-K9pSMmW1fBAmOLq8fo4qvfo_NBIiqBEZCM8IaqlTeeQ
x-goog-stored-content-encoding: identity
x-origin-time: 2023-11-06 19:40:06 UTC
x-served-by: cache-fra-eddf8230075-FRA
x-timer: S1699340422.716071,VS0,VE1
etag: W/"66f62f17be848797fd1b4f0afd6aec27"
vary: Accept-Encoding, Fastly-SSL
x-goog-generation: 1699299490973644
content-type: application/javascript
x-frame-options: DENY
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/home-ff32cdab3f151164e72c.js
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 8
expires: Tue, 05 Nov 2024 19:40:06 GMT
date: Tue, 07 Nov 2023 07:00:21 GMT
strict-transport-security: max-age=63072000; preload; includeSubdomains
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 06 Nov 2023 19:38:11 GMT
server: cloudflare
x-goog-hash: crc32c=Y3UX+Q==, md5=ZvYvF76Eh5f9G08K/WrsJw==
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N5keT9wj%2FWBh7R8AFPHOpUfu%2FHzZcFEm13hS85q1GYmDOEaB7nuHHv%2BA8enQTA7KOHg7mvm%2FxkQIOlAPY1wA%2BcmIR7eysmnMUNcbmjhRFwbmqJXtyagdMeruAlth1eKbkbwJDLnj0gRtbFYMckb1QU4HMeZop7hAIOkF"}],"group":"cf-nel","max_age":604800}
x-gdpr: 1
x-goog-stored-content-length: 809360
cf-ray: 8223b2e17ddbc35a-EWR

GET
H3 200 desktopLogoNav-c1a73e53fda9a9604a09.js Show response
cdnseurevipbot.secureweb.top/vi-assets/static-assets/ 1 KB
2 KB 1974ms
1970ms Script
application/javascript 2606:4700:3031::ac43:a761
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnseurevipbot.secureweb.top/vi-assets/static-assets/desktopLogoNav-c1a73e53fda9a9604a09.js

Requested by

Host: cdnseurevipbot.secureweb.top
URL: https://cdnseurevipbot.secureweb.top/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::ac43:a761 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6e2ebe67009b7cfad70167fc977f56844eae0683b216f8fb12fa6e9bdd7dac29

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-encoding: br
x-guploader-uploadid: ADPycds50l7IjN4Cmwf8fZ1JG3-GmSNNLQYqRk2PpVXRko--pKL3BD0i9FFBcduOrKSGaIY_ZNZsZ3LTFybO8HdafnfStNmUcDjC
x-goog-stored-content-encoding: identity
x-origin-time: 2023-10-12 18:35:34 UTC
x-served-by: cache-fra-eddf8230086-FRA
x-timer: S1699340422.713757,VS0,VE1
etag: W/"76b688f1ced157215e389b4a6a441a26"
vary: Accept-Encoding, Fastly-SSL
x-goog-generation: 1697135363708764
content-type: application/javascript
x-frame-options: DENY
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/desktopLogoNav-c1a73e53fda9a9604a09.js
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 2827
expires: Fri, 11 Oct 2024 18:35:34 GMT
date: Tue, 07 Nov 2023 07:00:21 GMT
strict-transport-security: max-age=63072000; preload; includeSubdomains
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 12 Oct 2023 18:29:23 GMT
server: cloudflare
x-goog-hash: crc32c=dgz+Bg==, md5=draI8c7RVyFeOJtKakQaJg==
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2nK8792P%2BIVkwOnoBGi3RsPJPNVUggSPvyIBpN3UojRDzUl02H%2FOYdK63PLLpXQncc8bORIZgqOmfdNBV7yUPLw0n1NA3uwgIK8%2FoGTmWU0eAr3gkOxcfnwMDBTxnM6h2Xtofl%2B6ypQKhExaqyDuBbQMYCku9UbsieyF"}],"group":"cf-nel","max_age":604800}
x-gdpr: 1
x-goog-stored-content-length: 1488
cf-ray: 8223b2e17ddcc35a-EWR

GET
H3 200 nestedNav-f8a37c36fb79026d0359.js Show response
cdnseurevipbot.secureweb.top/vi-assets/static-assets/ 106 KB
14 KB 1980ms
1975ms Script
application/javascript 2606:4700:3031::ac43:a761
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnseurevipbot.secureweb.top/vi-assets/static-assets/nestedNav-f8a37c36fb79026d0359.js

Requested by

Host: cdnseurevipbot.secureweb.top
URL: https://cdnseurevipbot.secureweb.top/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::ac43:a761 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

868fa0aee4b3170445519391c249b544438425cdb392aba77b9dae9b5ea7e27f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-encoding: br
x-guploader-uploadid: ABPtcPqWGDQhFNOu67PSJXOpS4zc-8rqNlgJcglB6PRfu8rthgCmqPrIia0baVr0YmGQX0Sziq7H05uaEg
x-goog-stored-content-encoding: identity
x-origin-time: 2023-11-06 17:00:43 UTC
x-served-by: cache-fra-eddf8230067-FRA
x-timer: S1699340422.718105,VS0,VE1
etag: W/"223ae12e2dc10c616040d88c61c052db"
vary: Accept-Encoding, Fastly-SSL
x-goog-generation: 1699290028186751
content-type: application/javascript
x-frame-options: DENY
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/nestedNav-f8a37c36fb79026d0359.js
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 433
expires: Tue, 05 Nov 2024 17:00:43 GMT
date: Tue, 07 Nov 2023 07:00:21 GMT
strict-transport-security: max-age=63072000; preload; includeSubdomains
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 06 Nov 2023 17:00:28 GMT
server: cloudflare
x-goog-hash: crc32c=PTWvXg==, md5=IjrhLi3BDGFgQNiMYcBS2w==
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=76O223SZhXKnn%2F6JEsLumOfBjq7hWlrzNg59%2F4N1SfdBvEVAWZGcBVl1XYSTdvM%2BXhYdwN9uQ8Fs5%2FVaRig7MyQJe47hszAhDbfJXFqJ0sly6408YAw3tU0m6wedf0Z2Qn5ht4NqzLoqVjG7sf0NQXFAELNrOlRXh24F"}],"group":"cf-nel","max_age":604800}
x-gdpr: 1
x-goog-stored-content-length: 108106
cf-ray: 8223b2e17dddc35a-EWR

GET
H3 200 main-f6e9bf5bf8e07ff87fa7.js Show response
cdnseurevipbot.secureweb.top/vi-assets/static-assets/ 2 MB
457 KB 1996ms
1991ms Script
application/javascript 2606:4700:3031::ac43:a761
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnseurevipbot.secureweb.top/vi-assets/static-assets/main-f6e9bf5bf8e07ff87fa7.js

Requested by

Host: cdnseurevipbot.secureweb.top
URL: https://cdnseurevipbot.secureweb.top/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::ac43:a761 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

52dc9d8c27d10f6478e371f82bd0e12f56758f4c40337149c3bfd0df8318a5b2

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-encoding: br
x-guploader-uploadid: ABPtcPqdzpadAFUVyiTqHXPXg1Fzjn4OyAUPmZNG2V2YQSv3hIkzyFvQaaXkeFbXtPLxvxCnnCpF_IT4rg
x-goog-stored-content-encoding: identity
x-origin-time: 2023-11-06 18:50:39 UTC
x-served-by: cache-fra-eddf8230051-FRA
x-timer: S1699340422.714363,VS0,VE1
etag: W/"07218d73f76f6a22f47bcd8384265564"
vary: Accept-Encoding, Fastly-SSL
x-goog-generation: 1699296528595840
content-type: application/javascript
x-frame-options: DENY
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/main-f6e9bf5bf8e07ff87fa7.js
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 59
expires: Tue, 05 Nov 2024 18:50:35 GMT
date: Tue, 07 Nov 2023 07:00:21 GMT
strict-transport-security: max-age=63072000; preload; includeSubdomains
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 06 Nov 2023 18:48:48 GMT
server: cloudflare
x-goog-hash: crc32c=mHWP6w==, md5=ByGNc/dvaiL0e82DhCZVZA==
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=leuaOa4ZbgdlRRiRysDgrjslqksesrhnr%2B%2FtMCSzXkpjVEIEG9Eb4VyTud7JxFyr19gb0OwhAncYo62%2BKS%2FiKslDf2p%2Fskq1dl%2FDTi75WQ2pKavbh989UAUDLVRSsES2L0YITiQxWkzySI55fwv0j1UZ8VMGV8w5HIta"}],"group":"cf-nel","max_age":604800}
x-gdpr: 1
x-goog-stored-content-length: 1734191
cf-ray: 8223b2e17ddec35a-EWR

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 447 KB
121 KB 466ms
46ms Script
application/javascript 2607:f8b0:4006:81e::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-P528B3&gtm_auth=tfAzqo1rYDLgYhmTnSjPqw&gtm_preview=env-130&gtm_cookies_win=x

Requested by

Host: cdnseurevipbot.secureweb.top
URL: https://cdnseurevipbot.secureweb.top/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81e::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

8dac714863ad4334db93a612383d80d982fb6f8ec55e3e5b058a01023539ebf3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 07:00:21 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 123247
x-xss-protection: 0
pragma: no-cache
server: Google Tag Manager
vary: *
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 01 Jan 1990 00:00:00 GMT

OPTIONS
H2 200 v2
samizdat-graphql.nytimes.com/graphql/ Frame 0
0 523ms
63ms Preflight 151.101.65.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://samizdat-graphql.nytimes.com/graphql/v2

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.65.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,nyt-app-type,nyt-app-version,nyt-token,x-nyt-entitlements,x-nyt-news-tenure,x-nyt-programming-abtest
Access-Control-Request-Method: POST
Origin: https://cdnseurevipbot.secureweb.top
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-credentials: true
access-control-allow-headers: content-type,nyt-app-type,nyt-app-version,nyt-token,x-nyt-entitlements,x-nyt-news-tenure,x-nyt-programming-abtest
access-control-allow-methods: GET,POST
access-control-expose-headers: x-nyt-audience-target-flat,x-nyt-continent,x-nyt-country,x-nyt-region,x-nyt-meridiem,x-nyt-gmt-offset
access-control-max-age: 300
age: 0
content-encoding: gzip
content-length: 20
date: Tue, 07 Nov 2023 07:00:21 GMT
server: envoy
strict-transport-security: max-age=63072000; preload; includeSubdomains
timing-allow-origin: *
vary: Origin, Access-Control-Request-Headers, Accept-Encoding, Access-Control-Request-Method
via: 1.1 google, 1.1 varnish
x-cache: MISS
x-cache-hits: 0
x-envoy-decorator-operation: graphql-v1.samizdat.nyti.nyt.net:443/*
x-envoy-upstream-service-time: 28
x-nyt-audience-target-flat: NA:AM
x-nyt-continent: NA
x-nyt-country: US
x-nyt-edge-cache: MISS
x-nyt-meridiem: AM
x-nyt-region: CT
x-samizdat-query-exe-id: 870d8c22c4d0de64
x-samizdat-query-field-errors: 0
x-served-by: cache-lga21979-LGA
x-timer: S1699340422.801453,VS0,VE37

POST
H2 200 track
a.et.nytimes.com/ 0
0 519ms
55ms Ping
text/plain 52.54.49.121
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://a.et.nytimes.com/track
Requested by: Host: cdnseurevipbot.secureweb.top
URL: https://cdnseurevipbot.secureweb.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.54.49.121 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-54-49-121.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cdnseurevipbot.secureweb.top/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

POST v2
samizdat-graphql.nytimes.com/graphql/ 0
0

GET als
als-svc.nytimes.com/ 0
0

GET
H2 200 grumi-ip.js Show response
rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/ 15 KB
6 KB 505ms
60ms Script
application/javascript 2600:9000:20f0:2600:4:b37b:9440:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi-ip.js
Requested by: Host: cdnseurevipbot.secureweb.top
URL: https://cdnseurevipbot.secureweb.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20f0:2600:4:b37b:9440:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ccf7b12ecc8e9e8ffdde253ba24560e0b8742463ad4868c7659fc90968ffcb3a

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 06:07:40 GMT
x-amz-version-id: 97N1XuC065XmB4DEf6HyYikKPu2vnzE3
content-encoding: br
last-modified: Sat, 30 Sep 2023 14:56:12 GMT
server: AmazonS3
via: 1.1 9f04707c59950524f8bf18a726a3c160.cloudfront.net (CloudFront)
x-amz-cf-pop: IAH50-C2
etag: W/"4c4f4bf824d2aa120a5e0b665b4c9828"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding, Origin
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public, max-age=14400, stale-while-revalidate=14400, immutable
age: 3162
x-amz-cf-id: iKeUBm1ODL-zaHHg8gXhhs5Wffr5Y7XSnM_OBZeU7vdMpRHtsCeK2Q==

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 265 KB
65 KB 370ms
27ms Script
application/javascript 18.238.64.130
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: cdnseurevipbot.secureweb.top
URL: https://cdnseurevipbot.secureweb.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.238.64.130 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-238-64-130.jfk52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: de3984198eb73078bb727320b1363493cdc3c1a74c10162e8182b344c5181ae0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 06:04:55 GMT
content-encoding: gzip
via: 1.1 077b94dab77b8114aebf503be197d7d8.cloudfront.net (CloudFront), 1.1 c49af0736096dd9eb595aafed0498ed4.cloudfront.net (CloudFront)
last-modified: Wed, 01 Nov 2023 21:46:14 GMT
server: AmazonS3
x-amz-cf-pop: IAD89-C3, JFK52-P4
age: 3327
etag: W/"2b5c992b7f2fc9fad451b2c61f2e15f6"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=3600
x-amz-cf-id: mqhV5YEqjSXZJo-tUaaOCkVHUknPYiZyoaV1XdPJDNFxYnbE1L4mkQ==

GET
H2 200 prebid8.1.0.js Show response
www.nytimes.com/ads/ 302 KB
96 KB 65ms
29ms Script
text/javascript 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nytimes.com/ads/prebid8.1.0.js

Requested by

Host: cdnseurevipbot.secureweb.top
URL: https://cdnseurevipbot.secureweb.top/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

baabb01c05f5a7a83cf26233fcbb29790b584afb736caa63cb26ed1d051aa78d

Security Headers

Name

Value

Content-Security-Policy

upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;

Strict-Transport-Security

max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-encoding: gzip
age: 1570
x-guploader-uploadid: ABPtcPpG6TQRZN0-RhynepzA9odCrYWgnZzvkRBq0SlOJIVBpFeUgLiyelW8IXIOaFRC_SOLB4qfV10lzw
x-goog-stored-content-encoding: identity
x-origin-time: 2023-10-31 06:34:09 UTC
x-served-by: cache-lga21943-LGA
x-timer: S1699340421.495205,VS0,VE1
etag: "69d0b1569bbd0b87116d60db3a12cd34"
vary: Accept-Encoding, Fastly-SSL
x-goog-generation: 1687806692468937
content-type: text/javascript
access-control-allow-origin: *
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/ads/prebid8.1.0.js
x-nyt-route: ads-static-assets
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-nyt-app-webview: 0
x-nyt-edge-cache: HIT
x-amz-checksum-crc32c: VcerCA==
x-cache-hits: 42
expires: Tue, 31 Oct 2023 06:34:09 GMT
date: Tue, 07 Nov 2023 07:00:21 GMT
strict-transport-security: max-age=63072000; preload; includeSubdomains
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: REGIONAL
x-goog-metageneration: 2
content-length: 97611
last-modified: Mon, 26 Jun 2023 19:11:32 GMT
server: UploadServer
x-goog-hash: crc32c=VcerCA==, md5=adCxVpu9C4cRbWDbOhLNNA==
x-gdpr: 0
x-goog-stored-content-length: 308841
accept-ranges: bytes

GET
DATA 200
OK truncated
/ 148 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 73bd4d0f8a3ec1a6b0ec41f111a2b46ba4c242d4dc7bdf0817c4af97a6dfa48e

Request headers

Referer
Origin: https://cdnseurevipbot.secureweb.top
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 franklin-normal-700.91eaf6b5642463af4091160b4bbfdfcb.woff2
g1.nyt.com/fonts/family/franklin/ 20 KB
20 KB 93ms
35ms Font
application/octet-stream 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://g1.nyt.com/fonts/family/franklin/franklin-normal-700.91eaf6b5642463af4091160b4bbfdfcb.woff2

Requested by

Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

b5221e0636a97505ae38720d4ef182d35be5fb47d2628428db4fc918ab7ee30e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Referer: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css
Origin: https://cdnseurevipbot.secureweb.top
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

expires: Mon, 30 Oct 2023 05:58:57 GMT
date: Tue, 07 Nov 2023 07:00:21 GMT
via: 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 694884
x-guploader-uploadid: ADPycdtREusrjfygy_cawRp_DY_6xNaiZOeRAr_vnPethmjrH4_gh7nubuhM-3D_qUg-oEiCAKn3i_8MrEkKSQZvY2xLww
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 20276
x-served-by: cache-lga21950-LGA
last-modified: Tue, 03 May 2022 17:15:51 GMT
server: UploadServer
x-timer: S1699340421.433349,VS0,VE0
etag: "91eaf6b5642463af4091160b4bbfdfcb"
x-goog-generation: 1651598151054057
x-goog-hash: crc32c=teZvhg==, md5=ker2tWQkY69AkRYLS7/fyw==
content-type: application/octet-stream
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
access-control-allow-methods: GET, OPTIONS
x-goog-stored-content-length: 20276
accept-ranges: bytes
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 46519

GET
H2 200 franklin-normal-500.0f4aea3d462cdb64748629efcbbf36bc.woff2
g1.nyt.com/fonts/family/franklin/ 19 KB
20 KB 85ms
28ms Font
application/octet-stream 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://g1.nyt.com/fonts/family/franklin/franklin-normal-500.0f4aea3d462cdb64748629efcbbf36bc.woff2

Requested by

Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

0b904723c5938b523c9ae329ba2b763681cb1de225c8f202d11012cbfd533f1f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Referer: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css
Origin: https://cdnseurevipbot.secureweb.top
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

expires: Mon, 30 Oct 2023 05:58:54 GMT
date: Tue, 07 Nov 2023 07:00:21 GMT
via: 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 694885
x-guploader-uploadid: ADPycdu-9OkpcqtvJxR9bJqfHLvFqVVkemvjYCEP9ubgkx19jFF820ODDCrQ9HKymYKavBWgDLX5KzEUtympa-Ydwo0vtA
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 19816
x-served-by: cache-lga21950-LGA
last-modified: Tue, 03 May 2022 17:15:51 GMT
server: UploadServer
x-timer: S1699340421.433303,VS0,VE0
etag: "0f4aea3d462cdb64748629efcbbf36bc"
x-goog-generation: 1651598151017654
x-goog-hash: crc32c=bdL0Mw==, md5=D0rqPUYs22R0hinvy782vA==
content-type: application/octet-stream
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
access-control-allow-methods: GET, OPTIONS
x-goog-stored-content-length: 19816
accept-ranges: bytes
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 47092

GET
H2 200 cheltenham-normal-700.530cfb72378419eedb60da7e266ad5f1.woff2
g1.nyt.com/fonts/family/cheltenham/ 28 KB
28 KB 84ms
27ms Font
application/octet-stream 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://g1.nyt.com/fonts/family/cheltenham/cheltenham-normal-700.530cfb72378419eedb60da7e266ad5f1.woff2

Requested by

Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

564385e5dd8a1058fd759445c33b2c554d409528496b9d91533eeb079f6415de

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Referer: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css
Origin: https://cdnseurevipbot.secureweb.top
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

expires: Fri, 26 Jan 2024 02:27:45 GMT
date: Tue, 07 Nov 2023 07:00:21 GMT
via: 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 24640357
x-guploader-uploadid: ADPycduLItPWxZazJWtlxo86_4JMW52j0SpTsgS9gRnk6fPwfFjEc1Q5XcyMnkALmsjxwVcWW8DZ8XCH9EdCury2oVi6Igdko273
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 28276
x-served-by: cache-lga21950-LGA
last-modified: Tue, 17 Jan 2023 21:42:55 GMT
server: UploadServer
x-timer: S1699340421.433330,VS0,VE0
etag: "530cfb72378419eedb60da7e266ad5f1"
x-goog-generation: 1673991775200429
content-type: application/octet-stream
access-control-allow-origin: *
x-goog-hash: crc32c=O9qQIA==, md5=Uwz7cjeEGe7bYNp+JmrV8Q==
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
access-control-allow-methods: GET, OPTIONS
x-goog-stored-content-length: 28276
accept-ranges: bytes
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 68973

GET
H2 200 imperial-normal-400.6131cd77b6e216c7693ed925f4309ffc.woff2
g1.nyt.com/fonts/family/imperial/ 26 KB
26 KB 121ms
64ms Font
application/octet-stream 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://g1.nyt.com/fonts/family/imperial/imperial-normal-400.6131cd77b6e216c7693ed925f4309ffc.woff2

Requested by

Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

b32e3879c83af441e675efa49587cb894bdd3c10420475f79879fbfb7a69766b

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Referer: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css
Origin: https://cdnseurevipbot.secureweb.top
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

expires: Thu, 03 Oct 2024 07:42:36 GMT
date: Tue, 07 Nov 2023 07:00:21 GMT
via: 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 2935065
x-guploader-uploadid: ADPycdtQ956Yw46-HjHVBk7OfgQRT49fJgaUuuJIzThCDEyIk2hztyY0chShQk3Gsf7X83Ye4aMLFELOH4vzglXR0Vk3HZgNy1u0
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 26504
x-served-by: cache-lga21950-LGA
last-modified: Tue, 17 Jan 2023 21:42:56 GMT
server: UploadServer
x-timer: S1699340421.433656,VS0,VE0
etag: "6131cd77b6e216c7693ed925f4309ffc"
x-goog-generation: 1673991776736810
content-type: application/octet-stream
access-control-allow-origin: *
x-goog-hash: crc32c=ZzOuxA==, md5=YTHNd7biFsdpPtkl9DCf/A==
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
access-control-allow-methods: GET, OPTIONS
x-goog-stored-content-length: 26504
accept-ranges: bytes
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 100728

GET
H2 200 franklin-normal-600.75739ac267f076931c6da9740386ee6b.woff2
g1.nyt.com/fonts/family/franklin/ 20 KB
20 KB 120ms
64ms Font
application/octet-stream 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://g1.nyt.com/fonts/family/franklin/franklin-normal-600.75739ac267f076931c6da9740386ee6b.woff2

Requested by

Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

29706c4ab8f4d48b33ccb0ea813f8afb5f7ac569f623536b96fba6cf1fc60e9b

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Referer: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css
Origin: https://cdnseurevipbot.secureweb.top
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

expires: Mon, 30 Oct 2023 05:59:47 GMT
date: Tue, 07 Nov 2023 07:00:21 GMT
via: 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 694834
x-guploader-uploadid: ADPycdsrVM2GCrC-rMuXlgcTPjD0mT4bVK9ZWLZTUN_t5qDHbM71rZka3RE0OGl9z6IwX_GOnXdhfNwUI-9KUDVqwZ1E_EVGygS7
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 20196
x-served-by: cache-lga21950-LGA
last-modified: Tue, 03 May 2022 17:15:51 GMT
server: UploadServer
x-timer: S1699340421.433682,VS0,VE0
etag: "75739ac267f076931c6da9740386ee6b"
x-goog-generation: 1651598151037520
x-goog-hash: crc32c=Jc81Jw==, md5=dXOawmfwdpMcbal0A4buaw==
content-type: application/octet-stream
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
access-control-allow-methods: GET, OPTIONS
x-goog-stored-content-length: 20196
accept-ranges: bytes
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 40057

GET
H2 200 cheltenham-normal-300.7ea91ebd036309e1fe756ee3aab272da.woff2
g1.nyt.com/fonts/family/cheltenham/ 27 KB
27 KB 30ms
28ms Font
application/octet-stream 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://g1.nyt.com/fonts/family/cheltenham/cheltenham-normal-300.7ea91ebd036309e1fe756ee3aab272da.woff2

Requested by

Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

e444fdaa833e612d239cf21a335b8322ad8cb7c7ba697ec978bdb454f5059519

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Referer: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css
Origin: https://cdnseurevipbot.secureweb.top
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

expires: Fri, 26 Jan 2024 02:17:35 GMT
date: Tue, 07 Nov 2023 07:00:21 GMT
via: 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 24640962
x-guploader-uploadid: ADPycdtp08ZAg1RJDqoHZe81en72GTiBHre88XhWWfS2SzE1utytVEV1IBG2ewmGBFplyq-pJ7Sy1AbYhT-j_zvpXFPU
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 27260
x-served-by: cache-lga21950-LGA
last-modified: Tue, 17 Jan 2023 21:42:55 GMT
server: UploadServer
x-timer: S1699340421.494434,VS0,VE0
etag: "7ea91ebd036309e1fe756ee3aab272da"
x-goog-generation: 1673991775007595
content-type: application/octet-stream
access-control-allow-origin: *
x-goog-hash: crc32c=rNQ9pA==, md5=fqkevQNjCeH+dW7jqrJy2g==
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
access-control-allow-methods: GET, OPTIONS
x-goog-stored-content-length: 27260
accept-ranges: bytes
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 76752

GET
H2 200 karnak-normal-700.4a0c7e79ac2f009f12f9106482c961c4.woff2
g1.nyt.com/fonts/family/karnak/ 23 KB
23 KB 31ms
26ms Font
application/octet-stream 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://g1.nyt.com/fonts/family/karnak/karnak-normal-700.4a0c7e79ac2f009f12f9106482c961c4.woff2

Requested by

Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

ad01b93ecf6b0b442902d27ae93b6af83a92784a05455b81490512a3d5d8b08b

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Referer: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css
Origin: https://cdnseurevipbot.secureweb.top
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

expires: Thu, 22 Aug 2024 06:38:23 GMT
date: Tue, 07 Nov 2023 07:00:21 GMT
via: 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 6567717
x-guploader-uploadid: ADPycdstB79Nh7vNy3TS6J41SPv0BvXffPFx0rDB02hQPlZj83-3QQSZso4sMEiq2a_qF-TziKR_cg-IGMnAWm1LpU4Qzw
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 23400
x-served-by: cache-lga21950-LGA
last-modified: Tue, 17 Jan 2023 21:42:57 GMT
server: UploadServer
x-timer: S1699340422.569632,VS0,VE0
etag: "4a0c7e79ac2f009f12f9106482c961c4"
x-goog-generation: 1673991777120718
content-type: application/octet-stream
access-control-allow-origin: *
x-goog-hash: crc32c=a9fAaA==, md5=Sgx+eawvAJ8S+RBkgslhxA==
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
access-control-allow-methods: GET, OPTIONS
x-goog-stored-content-length: 23400
accept-ranges: bytes
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 44803

GET
H2 200 cheltenham-small-italic-400.cdfa0ec29cca8c2d2f54c79d898e15c1.woff2
g1.nyt.com/fonts/family/cheltenham-small/ 23 KB
24 KB 31ms
26ms Font
application/octet-stream 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://g1.nyt.com/fonts/family/cheltenham-small/cheltenham-small-italic-400.cdfa0ec29cca8c2d2f54c79d898e15c1.woff2

Requested by

Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

7dcbc19c68e87e4b23f85027e02ac7f3c89fa259973ec92bbe27e49ad002bf47

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Referer: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css
Origin: https://cdnseurevipbot.secureweb.top
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

expires: Fri, 26 Jan 2024 02:27:45 GMT
date: Tue, 07 Nov 2023 07:00:21 GMT
via: 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 24640357
x-guploader-uploadid: ADPycdsr9o6w4qA65ukD9CTMXRAbD_7A-RX0_BtiKxzBVGAMgnSEhLiUATeaSqjOJ_EuZzPfWT04QCHwpYr-ehyZdwK4uw
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 24028
x-served-by: cache-lga21950-LGA
last-modified: Tue, 17 Jan 2023 21:42:55 GMT
server: UploadServer
x-timer: S1699340422.569625,VS0,VE0
etag: "cdfa0ec29cca8c2d2f54c79d898e15c1"
x-goog-generation: 1673991775386814
content-type: application/octet-stream
access-control-allow-origin: *
x-goog-hash: crc32c=2JQyuQ==, md5=zfoOwpzKjC0vVMediY4VwQ==
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
access-control-allow-methods: GET, OPTIONS
x-goog-stored-content-length: 24028
accept-ranges: bytes
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 25406

GET
H2 200 cheltenham-normal-200.40ccfe2cc61a71e6617e56162d49b896.woff2
g1.nyt.com/fonts/family/cheltenham/ 26 KB
26 KB 34ms
32ms Font
application/octet-stream 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://g1.nyt.com/fonts/family/cheltenham/cheltenham-normal-200.40ccfe2cc61a71e6617e56162d49b896.woff2

Requested by

Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

4f837869b80c34ed1a128362a6ed24ff5ebdae743dc55eb3c183ae9c8b5f4ca3

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Referer: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css
Origin: https://cdnseurevipbot.secureweb.top
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

expires: Thu, 23 May 2024 10:12:23 GMT
date: Tue, 07 Nov 2023 07:00:21 GMT
via: 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 14417276
x-guploader-uploadid: ADPycdtNWjVFr4UwP1DUvtHFy-ropb2uly8fEuwc4jWfyingwfjhEKbEHnStbtLq_xKxpZCeGM1PC1Lz1OzIU7mjes-68g
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 26448
x-served-by: cache-lga21950-LGA
last-modified: Tue, 17 Jan 2023 21:42:55 GMT
server: UploadServer
x-timer: S1699340422.570121,VS0,VE0
etag: "40ccfe2cc61a71e6617e56162d49b896"
x-goog-generation: 1673991775015704
content-type: application/octet-stream
access-control-allow-origin: *
x-goog-hash: crc32c=kUZRqw==, md5=QMz+LMYaceZhflYWLUm4lg==
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
access-control-allow-methods: GET, OPTIONS
x-goog-stored-content-length: 26448
accept-ranges: bytes
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 63366

GET
H2 200 cheltenham-small-normal-700.1a0b316424cdebd18086b8dbbc768eef.woff2
g1.nyt.com/fonts/family/cheltenham-small/ 23 KB
23 KB 34ms
33ms Font
application/octet-stream 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://g1.nyt.com/fonts/family/cheltenham-small/cheltenham-small-normal-700.1a0b316424cdebd18086b8dbbc768eef.woff2

Requested by

Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

9a43ab8056183a8efcf0e882990c2601381a735e02bba004439e010055c55d47

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Referer: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css
Origin: https://cdnseurevipbot.secureweb.top
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

expires: Fri, 26 Jan 2024 02:22:59 GMT
date: Tue, 07 Nov 2023 07:00:21 GMT
via: 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 24640642
x-guploader-uploadid: ADPycdufj51op-yO6eInZylFKntYcIsyHSpicW0C1GlVXAcHsYCri7I3unbUP300oXRfZD7XUIaAZtNAZIZqbeOxojzLqQ
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 23704
x-served-by: cache-lga21950-LGA
last-modified: Tue, 17 Jan 2023 21:42:55 GMT
server: UploadServer
x-timer: S1699340422.570101,VS0,VE0
etag: "1a0b316424cdebd18086b8dbbc768eef"
x-goog-generation: 1673991775396405
content-type: application/octet-stream
access-control-allow-origin: *
x-goog-hash: crc32c=FTq84Q==, md5=GgsxZCTN69GAhrjbvHaO7w==
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
access-control-allow-methods: GET, OPTIONS
x-goog-stored-content-length: 23704
accept-ranges: bytes
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 32624

GET
H2 200 cheltenham-text-cond-normal-700.7e78f9e7e6c2e02d82592c4466929fa3.woff2
g1.nyt.com/fonts/family/cheltenham-text-cond/ 28 KB
29 KB 34ms
33ms Font
application/octet-stream 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://g1.nyt.com/fonts/family/cheltenham-text-cond/cheltenham-text-cond-normal-700.7e78f9e7e6c2e02d82592c4466929fa3.woff2

Requested by

Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

1ecb1f9522433be3adfad377816095c7d5b27d02c1efbbbb793e341b829d83d9

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Referer: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css
Origin: https://cdnseurevipbot.secureweb.top
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

expires: Wed, 14 Feb 2024 06:36:31 GMT
date: Tue, 07 Nov 2023 07:00:21 GMT
via: 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 22983830
x-guploader-uploadid: ADPycdsn4i9g2ruLU9zIdywolQHpqf71no1XnLRFNQzyj_HtwjEZYezxUdi1RhwLygCdGM8PA4FVABDS2yDsgCblmAIjFu_W3zX2
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 28868
x-served-by: cache-lga21950-LGA
last-modified: Tue, 17 Jan 2023 21:42:55 GMT
server: UploadServer
x-timer: S1699340422.570092,VS0,VE0
etag: "7e78f9e7e6c2e02d82592c4466929fa3"
x-goog-generation: 1673991775506403
content-type: application/octet-stream
access-control-allow-origin: *
x-goog-hash: crc32c=UQFt6w==, md5=fnj55+bC4C2CWSxEZpKfow==
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
access-control-allow-methods: GET, OPTIONS
x-goog-stored-content-length: 28868
accept-ranges: bytes
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 27041

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 99 KB
31 KB 271ms
155ms Script
text/javascript 2607:f8b0:4006:81f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: cdnseurevipbot.secureweb.top
URL: https://cdnseurevipbot.secureweb.top/vi-assets/static-assets/adslot-42e9c3fd69719c71ab62.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7a167d6fd5606d9ef6dc28400a9e172c7dbbf69171d5ac15e918755d41dbaf8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 07:00:22 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31023
x-xss-protection: 0
server: cafe
etag: 961 / 19668 / m202310310101 / config-hash: 14006379532634456263
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 07 Nov 2023 07:00:22 GMT

POST
H2 200 prebidjs Show response
rtb.openx.net/openrtbb/ 53 B
358 B 389ms
53ms XHR
text/plain 35.227.252.103
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.openx.net/openrtbb/prebidjs
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/ads/prebid8.1.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 103.252.227.35.bc.googleusercontent.com
Software: /
Resource Hash: aea00872cb4e93d88ed44f2b1a9c5f55afd42f122f81fb6194878fee4bb001a1

Request headers

Referer: https://cdnseurevipbot.secureweb.top/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 07 Nov 2023 07:00:22 GMT
content-encoding: gzip
via: 1.1 google
vary: Origin
content-type: text/plain
access-control-allow-origin: https://cdnseurevipbot.secureweb.top
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 77

POST
H2 200 prebid Show response
ib.adnxs.com/ut/v3/ 579 B
851 B 133ms
36ms XHR
application/json 68.67.179.155
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/ads/prebid8.1.0.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

68.67.179.155 North Bergen, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

579.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

f39ce75309bff1e29568dbed227da3bb2d23ba94d04e8f88c968a21d0e8f5f10

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://cdnseurevipbot.secureweb.top/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 07 Nov 2023 07:00:21 GMT
content-encoding: gzip
an-x-request-uuid: 4a46020f-2436-4ac0-a6ee-273bf08fd56a
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
vary: Accept-Encoding
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: application/json; charset=utf-8
access-control-allow-origin: https://cdnseurevipbot.secureweb.top
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 5.181.234.133; 5.181.234.133; 579.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 444 B
804 B 435ms
111ms XHR
application/json 2602:803:c002:200::62
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=12330&site_id=378266&zone_id=2088370&size_id=2&alt_size_ids=55%2C57&p_pos=atf&rf=https%3A%2F%2Fcdnseurevipbot.secureweb.top%2F&kw=news%2Cliveupdates%2Clatestnews%2Cbreakingnews%2Clocalnews%2Ccurrentevents%2Ctopstories%2Clivestream%2Clivevideo%2Cworldnews%2Cusnews&tg_i.domain=cdnseurevipbot.secureweb.top&tg_i.page=https%3A%2F%2Fcdnseurevipbot.secureweb.top%2F&tg_i.invCode=nyt_home_top&tg_i.pbadslot=dfp-ad-top&tk_flint=pbjs_lite_v8.1.0&l_pb_bid_id=146ced98ac58b9f&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.16822887359397076
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/ads/prebid8.1.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c002:200::62 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: fd52da48c170687946011e1e777d420cdae4da1ecd96bbb32cf1e7cdfc5b5edb

Request headers

Referer: https://cdnseurevipbot.secureweb.top/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 07 Nov 2023 07:00:22 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://cdnseurevipbot.secureweb.top
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 444
expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 446 B
806 B 375ms
51ms XHR
application/json 2602:803:c002:200::62
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=12330&site_id=378266&zone_id=2088372&size_id=2&alt_size_ids=55%2C57&p_pos=btf&rf=https%3A%2F%2Fcdnseurevipbot.secureweb.top%2F&kw=news%2Cliveupdates%2Clatestnews%2Cbreakingnews%2Clocalnews%2Ccurrentevents%2Ctopstories%2Clivestream%2Clivevideo%2Cworldnews%2Cusnews&tg_i.domain=cdnseurevipbot.secureweb.top&tg_i.page=https%3A%2F%2Fcdnseurevipbot.secureweb.top%2F&tg_i.invCode=nyt_home_mid1&tg_i.pbadslot=dfp-ad-mid1&tk_flint=pbjs_lite_v8.1.0&l_pb_bid_id=158d3d0b859b91d&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.2179485600368758
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/ads/prebid8.1.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c002:200::62 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 466910df59d087650b837643219856ab4d88059a0cad2c92c6b7812ad0a4509d

Request headers

Referer: https://cdnseurevipbot.secureweb.top/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 07 Nov 2023 07:00:22 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://cdnseurevipbot.secureweb.top
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 446
expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 446 B
990 B 373ms
50ms XHR
application/json 2602:803:c002:200::62
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=12330&site_id=378266&zone_id=2088372&size_id=2&alt_size_ids=55%2C57&p_pos=btf&rf=https%3A%2F%2Fcdnseurevipbot.secureweb.top%2F&kw=news%2Cliveupdates%2Clatestnews%2Cbreakingnews%2Clocalnews%2Ccurrentevents%2Ctopstories%2Clivestream%2Clivevideo%2Cworldnews%2Cusnews&tg_i.domain=cdnseurevipbot.secureweb.top&tg_i.page=https%3A%2F%2Fcdnseurevipbot.secureweb.top%2F&tg_i.invCode=nyt_home_mid2&tg_i.pbadslot=dfp-ad-mid2&tk_flint=pbjs_lite_v8.1.0&l_pb_bid_id=16fdcdae383a9bb&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.9156507210326319
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/ads/prebid8.1.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c002:200::62 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 400cb4f7b1577c38e0d7f634a47d35c86a74ac14ef8e9ed9a33359a446bf9841

Request headers

Referer: https://cdnseurevipbot.secureweb.top/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 07 Nov 2023 07:00:22 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://cdnseurevipbot.secureweb.top
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 446
expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 446 B
805 B 437ms
115ms XHR
application/json 2602:803:c002:200::62
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=12330&site_id=378266&zone_id=2088372&size_id=2&alt_size_ids=55%2C57&p_pos=btf&rf=https%3A%2F%2Fcdnseurevipbot.secureweb.top%2F&kw=news%2Cliveupdates%2Clatestnews%2Cbreakingnews%2Clocalnews%2Ccurrentevents%2Ctopstories%2Clivestream%2Clivevideo%2Cworldnews%2Cusnews&tg_i.domain=cdnseurevipbot.secureweb.top&tg_i.page=https%3A%2F%2Fcdnseurevipbot.secureweb.top%2F&tg_i.invCode=nyt_home_mid3&tg_i.pbadslot=dfp-ad-mid3&tk_flint=pbjs_lite_v8.1.0&l_pb_bid_id=17a49313a8c71ca&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.015482052385100475
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/ads/prebid8.1.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c002:200::62 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: ec9789556607f26d00c95886baad0f24c4580e499e58e94e5edd49aad48ec19c

Request headers

Referer: https://cdnseurevipbot.secureweb.top/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 07 Nov 2023 07:00:22 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://cdnseurevipbot.secureweb.top
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 446
expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 450 B
810 B 435ms
113ms XHR
application/json 2602:803:c002:200::62
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=12330&site_id=378266&zone_id=2088374&size_id=2&alt_size_ids=55%2C57&p_pos=btf&rf=https%3A%2F%2Fcdnseurevipbot.secureweb.top%2F&kw=news%2Cliveupdates%2Clatestnews%2Cbreakingnews%2Clocalnews%2Ccurrentevents%2Ctopstories%2Clivestream%2Clivevideo%2Cworldnews%2Cusnews&tg_i.domain=cdnseurevipbot.secureweb.top&tg_i.page=https%3A%2F%2Fcdnseurevipbot.secureweb.top%2F&tg_i.invCode=nyt_home_bottom&tg_i.pbadslot=dfp-ad-bottom&tk_flint=pbjs_lite_v8.1.0&l_pb_bid_id=18feed754f67c8b&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.9986494883082648
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/ads/prebid8.1.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c002:200::62 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: c1e4c6cd09bcceb9e0a429e8264e8554e03bbc82cc493a8a91e5c20bb9b641a2

Request headers

Referer: https://cdnseurevipbot.secureweb.top/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 07 Nov 2023 07:00:22 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://cdnseurevipbot.secureweb.top
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 450
expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H2 200 prebid Show response
prebid.media.net/rtb/ 334 B
754 B 146ms
61ms XHR
application/json 34.120.63.153
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.media.net/rtb/prebid?cid=8CU4WQK98
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/ads/prebid8.1.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.120.63.153 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 153.63.120.34.bc.googleusercontent.com
Software: envoy /
Resource Hash: ddc793815035898947156ed4f9255a8038658f8b868b5dd29cd1a58bff46a91c

Request headers

Referer: https://cdnseurevipbot.secureweb.top/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 07 Nov 2023 07:00:21 GMT
via: 1.1 google
accept-ch: Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model
server: envoy
vary: Accept-Encoding
content-type: application/json;charset=utf-8
access-control-allow-origin: https://cdnseurevipbot.secureweb.top
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-envoy-upstream-service-time: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 07 Nov 2023 07:00:22 GMT

POST
H2 200 auction Show response
tlx.3lift.com/header/ 19 B
611 B 359ms
42ms XHR
application/json 72.44.43.210
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://tlx.3lift.com/header/auction?lib=prebid&v=8.1.0&referrer=https%3A%2F%2Fcdnseurevipbot.secureweb.top%2F&tmax=10000

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/ads/prebid8.1.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

72.44.43.210 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-72-44-43-210.compute-1.amazonaws.com

Software

Resource Hash

0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://cdnseurevipbot.secureweb.top/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 07 Nov 2023 07:00:22 GMT
accept-ch: sec-ch-ua-mobile,sec-ch-rtt,sec-ch-ua-arch,sec-ch-ua-full-version,sec-ch-ua,sec-ch-ua-bitness,sec-ch-device-memory,sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ect,sec-ch-save-data,sec-ch-viewport-height,sec-ch-width,user-agent,sec-ch-dpr,sec-ch-ua-platform,sec-ch-prefers-color-scheme,sec-ch-ua-full-version-list,sec-ch-downlink,sec-ch-viewport-width
x-auction-status: 3, 3, 3, 3, 3
content-type: application/json; charset=utf-8
access-control-allow-origin: https://cdnseurevipbot.secureweb.top
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 19
x-xss-protection: 0
expires: Thu, 15 Oct 1992 20:10:00 GMT

GET
H2 200 3030 Show response
config.aps.amazon-adsystem.com/configs/ 505 B
772 B 269ms
68ms Script
application/javascript 18.160.156.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://config.aps.amazon-adsystem.com/configs/3030
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.160.156.21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-160-156-21.iah50.r.cloudfront.net
Software: CloudFront /
Resource Hash: f4c8c10c577f10d982568bd0e5128cb974cc1b3a889dc41a7712734d161de050

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 06:04:58 GMT
via: 1.1 43af4a9c83f07a13ed51631899f2758c.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: IAH50-P1
age: 3324
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=3600
content-length: 505
x-amz-cf-id: Gp8J2cHhYK6BVnstVJJQTCOgJoZTJdShL6aBf9Eq1FcLwHolCScb-w==

GET
H2 204 config Show response
c.amazon-adsystem.com/cdn/prod/ 0
320 B 40ms
39ms XHR
text/plain 18.238.64.130
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=3030&u=https%3A%2F%2Fcdnseurevipbot.secureweb.top
Requested by: Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/us1/v4/datadog-rum.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.238.64.130 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-238-64-130.jfk52.r.cloudfront.net
Software: Server /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 05:49:03 GMT
via: 1.1 c49af0736096dd9eb595aafed0498ed4.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: JFK52-P4
age: 4279
x-cache: Hit from cloudfront
access-control-allow-origin: https://cdnseurevipbot.secureweb.top
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
x-amz-cf-id: 5Ps6MN4FdzB1BqXBBpJYFCtq24VF-CWxyLUW4bz0aY9wVHPxecT3NA==

GET
H2 200 bid Show response
aax.amazon-adsystem.com/e/dtb/ 64 B
512 B 356ms
158ms XHR
text/javascript 99.86.71.49

General

Check archive.org

Show headers Download Go to

Full URL

https://aax.amazon-adsystem.com/e/dtb/bid?src=3030&u=https%3A%2F%2Fcdnseurevipbot.secureweb.top%2F&pid=o1y3tSgfJ5cWI&cb=0&ws=1600x1200&v=23.1027.1921&t=2000&slots=%5B%7B%22sd%22%3A%22dfp-ad-top%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x90%22%2C%22970x250%22%5D%2C%22sn%22%3A%22dfp-ad-top_hp_web%22%7D%5D&pj=%7B%22si_section%22%3A%22home%22%7D&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/us1/v4/datadog-rum.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.71.49 , United States, ASN (),

Reverse DNS

server-99-86-71-49.iah50.r.cloudfront.net

Software

Server /

Resource Hash

d278491b1de51ad826d16be5ab27b1746999c02d45200f107218427e34eed798

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 07:00:22 GMT
strict-transport-security: max-age=47474747; includeSubDomains; preload
via: 1.1 2bdf494b25915e360d3b11ea33e35b3a.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: IAH50-C3
x-amz-rid: 1CM5AY67VF68V2A2Y6AT
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://cdnseurevipbot.secureweb.top
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 64
x-amz-cf-id: zo5ju9WpTT3FstkR-AJ37FQBbNGCarlGtsFVGs6G-guyRc0CfwI7UQ==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 144ms
85ms XHR
application/javascript 18.238.64.130
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/us1/v4/datadog-rum.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.238.64.130 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-238-64-130.jfk52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 07:00:23 GMT
x-amz-version-id: 9yABOonr2HqHtwbarUcdbIqN0f4A8Qog
content-encoding: gzip
via: 1.1 abda8496f94099119c2f392e63054efa.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK52-P4
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
last-modified: Tue, 29 Aug 2023 08:30:37 GMT
server: AmazonS3
etag: W/"a4d296427fc806b21335359e398c025c"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
vary: Accept-Encoding,Origin
x-amz-cf-id: LEYE7GnAh53sI-TlzOi1luHp0ZKDHvk-V3DFRI8bCYgM129NE7BeSQ==

GET
H2 200 grumi.js Show response
rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/ 153 KB
51 KB 71ms
70ms Script
text/javascript 2600:9000:20f0:2600:4:b37b:9440:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi.js
Requested by: Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi-ip.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20f0:2600:4:b37b:9440:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 72a602637622db159bedc967e371a33de5e249362a08dd69e023e31e5fc93d58

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 06:07:40 GMT
x-amz-version-id: Wn5vg834OMZMjL7uwX1tuU.ICWwMBwNL
content-encoding: br
last-modified: Tue, 07 Nov 2023 05:34:55 GMT
server: AmazonS3
via: 1.1 9f04707c59950524f8bf18a726a3c160.cloudfront.net (CloudFront)
x-amz-cf-pop: IAH50-C2
etag: W/"4ce469434cb1dc861114b69a9487b610"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding, Origin
x-cache: Hit from cloudfront
content-type: text/javascript
cache-control: public,max-age=3600,stale-while-revalidate=3600,immutable,must-revalidate
age: 3163
x-amz-cf-id: 6PMuCK9U9v1OIT9yie_pt8gBSCif20Nnai-5rHHYmsW7pxJuaMh33w==

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310310101/ 425 KB
133 KB 34ms
33ms Script
text/javascript 2607:f8b0:4006:81f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310310101/pubads_impl.js

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi-ip.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e8cf20f6e98c91ff5a877209649b0839bb06e5751793babfb0dbbbb60a9e811a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 18:28:53 GMT
content-encoding: br
x-content-type-options: nosniff
age: 45089
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 136288
x-xss-protection: 0
server: cafe
etag: 17302374607849014435
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Tue, 05 Nov 2024 18:28:53 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 50 B
74 B 135ms
57ms XHR
application/json 2607:f8b0:4006:81f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=cdnseurevipbot.secureweb.top

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/us1/v4/datadog-rum.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81f::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

263489226f3d3c7a819547559569dd8dc98e0d37ab582a407a8094afcd783302

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 07:00:22 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 50
x-xss-protection: 0
expires: Tue, 07 Nov 2023 07:00:22 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 22 KB
10 KB 445ms
444ms XHR
text/plain 2607:f8b0:4006:81f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1603636949710403&correlator=2200043504909493&eid=31079379%2C31079468%2C21065724&output=ldjh&gdfp_req=1&vrg=202310310101&ptt=17&impl=fif&iu_parts=29390238%2Cnyt%2Chomepage&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=320x50%7C728x90%7C970x90%7C970x250%7C1605x300&fluid=height&ifi=1&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1699340422425&lmt=1699340305&adxs=0&adys=15&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=-600&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&url=https%3A%2F%2Fcdnseurevipbot.secureweb.top%2F&vis=1&psz=1600x0&msz=1600x0&fws=4&ohw=1600&ga_vid=539997336.1699340422&ga_sid=1699340422&ga_hid=419799049&ga_fc=false&dlt=1699340420993&idt=1323&prev_scp=div%3Ddfp-ad-top%26pos%3Dtop%26request_time%3D1382&cust_params=als_test_clientside%3Dreqfailed_reqfailed_reqfailed_203406210021%26edn%3Dus%26test%3Dprojectvi%26ver%3Dvi%26typ%3Dhp%26prop%3Dnyt%26plat%3Dweb%26abra_dfp%3D%26sov%3D4%26page_view_id%3DtXWoy2GmjXfDN7kc66_XRmWl%26purr%3Dfull%26vp%3Dlarge%26uap%3Dbrowser&adks=2496155832&frm=20

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/us1/v4/datadog-rum.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81f::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8296cf4ef9615fac30569a2d3bf5e0b8d1a02c0aef89f6a6d446156eb2e52bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 07:00:22 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10172
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://cdnseurevipbot.secureweb.top
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
df0465b83c4db80fe7208c6394ee3d1e.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame F910 6 KB
3 KB 134ms
39ms Document
text/html 2607:f8b0:4006:81e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://df0465b83c4db80fe7208c6394ee3d1e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310310101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81e::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cdnseurevipbot.secureweb.top/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 07 Nov 2023 07:00:22 GMT
expires: Wed, 06 Nov 2024 07:00:22 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 container.html Show response
df0465b83c4db80fe7208c6394ee3d1e.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 3756 6 KB
3 KB 27ms
25ms Document
text/html 2607:f8b0:4006:81e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://df0465b83c4db80fe7208c6394ee3d1e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi-ip.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81e::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cdnseurevipbot.secureweb.top/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 07 Nov 2023 07:00:22 GMT
expires: Wed, 06 Nov 2024 07:00:22 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 grumi.js Show response
rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/ Frame 3756 153 KB
51 KB 63ms
62ms Script
text/javascript 2600:9000:20f0:2600:4:b37b:9440:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi.js
Requested by: Host: cdnseurevipbot.secureweb.top
URL: https://cdnseurevipbot.secureweb.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20f0:2600:4:b37b:9440:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 72a602637622db159bedc967e371a33de5e249362a08dd69e023e31e5fc93d58

Request headers

accept-language: en-US,en;q=0.9
Referer: https://df0465b83c4db80fe7208c6394ee3d1e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 06:07:40 GMT
x-amz-version-id: Wn5vg834OMZMjL7uwX1tuU.ICWwMBwNL
content-encoding: br
last-modified: Tue, 07 Nov 2023 05:34:55 GMT
server: AmazonS3
via: 1.1 9f04707c59950524f8bf18a726a3c160.cloudfront.net (CloudFront)
x-amz-cf-pop: IAH50-C2
etag: W/"4ce469434cb1dc861114b69a9487b610"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding, Origin
x-cache: Hit from cloudfront
content-type: text/javascript
cache-control: public,max-age=3600,stale-while-revalidate=3600,immutable,must-revalidate
age: 3164
x-amz-cf-id: Cn0eI-cVbNJPHP6tCIaph9OO7ch-BdvC1IE_hwBV8RyVh39hFeeMHQ==

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 2A27 624 B
826 B 72ms
37ms Document
text/html 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CIuw7wEQ3bWDAhjPuKzvATAB&v=APEucNVV1eE7tQzctOSIJjUNu58Xu0QHqBR1QIJkUFgi4GOy7TF_JTQW_ld1tqLRH2oIZvaxsmrKGcmKrS8ooGvfU_X-Dx4w1w

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://df0465b83c4db80fe7208c6394ee3d1e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 07 Nov 2023 07:00:23 GMT
expires: Tue, 07 Nov 2023 07:00:23 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 3756 89 KB
31 KB 93ms
55ms Script
text/javascript 2607:f8b0:4006:822::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:822::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6c0bd41a591f67aa54215c9f9c1f0e86935d86b6546a0ba0bf9cebbed53a9ebc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://df0465b83c4db80fe7208c6394ee3d1e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 07:00:23 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31491
x-xss-protection: 0
server: cafe
etag: 6167930392490353973
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Tue, 07 Nov 2023 07:00:23 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231102/r20110914/client/ Frame 3756 3 KB
1 KB 48ms
11ms Script
text/javascript 2607:f8b0:4006:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231102/r20110914/client/window_focus_fy2021.js

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:816::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://df0465b83c4db80fe7208c6394ee3d1e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 00:25:45 GMT
content-encoding: br
x-content-type-options: nosniff
age: 23678
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Nov 2023 00:25:45 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231102/r20110914/client/ Frame 3756 20 KB
9 KB 46ms
10ms Script
text/javascript 2607:f8b0:4006:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231102/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:816::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ee46bdadc83beb5e76bce18bc7cc3d169c7f0490901f6be96ec41ee2c14d3776

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://df0465b83c4db80fe7208c6394ee3d1e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 13:50:41 GMT
content-encoding: br
x-content-type-options: nosniff
age: 61782
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8543
x-xss-protection: 0
server: cafe
etag: 18034338113832500900
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 20 Nov 2023 13:50:41 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 3756 190 KB
60 KB 73ms
28ms Script
text/javascript 2607:f8b0:4006:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80f::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6a67d82954e869f63863c01de1404e74d89722d7774b105176d253292b75b6aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://df0465b83c4db80fe7208c6394ee3d1e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 07:00:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61127
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1699274420466708"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 07 Nov 2023 07:00:23 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3756 42 B
110 B 74ms
39ms Image
image/gif 2607:f8b0:4006:822::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-Bact8mU0ZtUv3hAXBCdQ9t03qxxI7-mPORWkgJSgqRurj1VH1gfGYPt8Agk8NwZGb15dl9QgFRKdr8raTI-V1UQKKHBvewMUKvdDyj86bed5c5vUY

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:822::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://df0465b83c4db80fe7208c6394ee3d1e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Nov 2023 07:00:23 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3756 0
349 B 73ms
38ms Image
image/gif 2607:f8b0:4006:822::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=15256069891834788691&x=1&ct=119

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:822::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://df0465b83c4db80fe7208c6394ee3d1e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Nov 2023 07:00:23 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

rum
dsum-sec.casalemedia.com/ Frame 2A27
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGlGP4ULtoUsWBp9WIF3TtE&google_cver=1

43 B
332 B

24ms
23ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGlGP4ULtoUsWBp9WIF3TtE&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIuw7wEQ3bWDAhjPuKzvATAB&v=APEucNVV1eE7tQzctOSIJjUNu58Xu0QHqBR1QIJkUFgi4GOy7TF_JTQW_ld1tqLRH2oIZvaxsmrKGcmKrS8ooGvfU_X-Dx4w1w
Protocol: H2
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Nov 2023 07:00:23 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Vuwwejz2dVuPFSOl9KNsaMX4zeBLQjOi0R8U7uA2qgtvhlrpozZVadZ09K7nZh9zR92h0JxdyRHHugeKIlACOKQ74eftH2vNPeXWJgixHmRoBPjfLxRJ3szngJvjGIvPl0w2PiCOYjgzTQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 8223b2efce01c44a-EWR
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 07 Nov 2023 07:00:23 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGlGP4ULtoUsWBp9WIF3TtE&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 2A27
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZUngh.riP-6S13oJ61GXuAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGlGP4ULtoUsWBp9WIF3TtE&google_cver=1&google_hm=2

43 B
771 B

24ms
23ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGlGP4ULtoUsWBp9WIF3TtE&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIuw7wEQ3bWDAhjPuKzvATAB&v=APEucNVV1eE7tQzctOSIJjUNu58Xu0QHqBR1QIJkUFgi4GOy7TF_JTQW_ld1tqLRH2oIZvaxsmrKGcmKrS8ooGvfU_X-Dx4w1w
Protocol: H3
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Nov 2023 07:00:23 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7PPpYC7Hs%2Bk6ZR37A%2FzYYambhlB8dllvvY1a4Urlt1sIOlU4bQcGF2VqlzwI3UAulJwPYFaLR%2FySvCffwIjEuBpRllMk2BmnE18QVbDBhtXBrxcrB%2Blu%2FDYgVJ74HgafKoRq5YJVZnuI5g%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 8223b2f019168c53-EWR
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 07 Nov 2023 07:00:23 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGlGP4ULtoUsWBp9WIF3TtE&google_cver=1&google_hm=2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame 2A27
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEFam9q9Vv992gaC3AZr5cnE&google_cver=1

43 B
841 B

22ms
22ms

Image
image/gif

68.67.179.155
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEFam9q9Vv992gaC3AZr5cnE&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIuw7wEQ3bWDAhjPuKzvATAB&v=APEucNVV1eE7tQzctOSIJjUNu58Xu0QHqBR1QIJkUFgi4GOy7TF_JTQW_ld1tqLRH2oIZvaxsmrKGcmKrS8ooGvfU_X-Dx4w1w

Protocol

Server

68.67.179.155 North Bergen, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

579.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Nov 2023 07:00:23 GMT
an-x-request-uuid: dc4470e1-2e54-42e0-8e2e-fbcd5d1f6958
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 5.181.234.133; 5.181.234.133; 579.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 07 Nov 2023 07:00:23 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEFam9q9Vv992gaC3AZr5cnE&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 2A27
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTc0MjE3NzA2NjcwMTg1MDEwNA%3D%3D

170 B
243 B

26ms
25ms

Image
image/png

142.251.40.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTc0MjE3NzA2NjcwMTg1MDEwNA%3D%3D

Requested by

Protocol

Server

142.251.40.226 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s39-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Nov 2023 07:00:23 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 07 Nov 2023 07:00:23 GMT
an-x-request-uuid: 4ea33567-3c38-49ee-bd43-f470768c7067
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTc0MjE3NzA2NjcwMTg1MDEwNA%3D%3D
x-proxy-origin: 5.181.234.133; 5.181.234.133; 579.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3756 0
56 B 38ms
37ms Ping
image/gif 2607:f8b0:4006:822::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=523737675074&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:822::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://df0465b83c4db80fe7208c6394ee3d1e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Nov 2023 07:00:23 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3756 0
56 B 37ms
36ms Ping
image/gif 2607:f8b0:4006:822::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=523737675074&version=m202309260101&ct=119&x=1&cor=15256069891834788000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:822::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://df0465b83c4db80fe7208c6394ee3d1e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Nov 2023 07:00:23 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 3756 93 KB
39 KB 65ms
64ms Script
text/javascript 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DwEH5E2Wl_gmg1TYBNJ51YYyPJV5X7_eEa7AyNF80KsWuIO7jUr7FcDfXrNt_mtHqLVywxwdvD8vFNvDk4pp0Nr9_yBE3UUmR6tW3o3hEQOoyNdGwH5YGDQt0ddCBaTP61SozyWwDjW08aOTLYrek2_TE01hVjo0VQACh38qQA8i4j6GM&cry=1&dbm_d=AKAmf-DDRidHsyVsYMAgYTjhyhUA6SeNhh-fyXIFEesgBA63J1AsaunFhstoBcdoIbnIE1KhZO6_S48aajoWmbZ12_fT_mC-i3M9fFLsaj2kuWPY5FIt630Nb6dpVJExs0x1vKj3_5inBPcFBILtt8ZCUXr7m-aXen_YayhTDS59PzQZptCWLvqYLuSfOs2mFZJynfYWQh5pUvXt1HVsa6CXKJ0938ceipNAykqh8cFk-S5tqMOzXU9xujXROpXilG2p4_BfBMmcK2Frw8nUofHGDxlCu9K2u8RoT2nPPWUCePqnt7VJWjsNKpJh9OrUyTfbwT_KaMOV_H89OrD86OnQf1SFj1EnUmhy7VO4TEUYfRrCZFOiqgzJGAp3LrWcwaOOZch0CyEMJZjfXeHxsrrj6gdOeXqI8bUxqpp0uiydX_dV3tB19XCLGF-f-GLabuxzmzaXtIj_zqOSfonlINWzZuQmeWduNrcPh8C7vefVBhR9g5W5G852LoGGrA_ugTyfGoF9Q7sKsOC-zGArn8MnzNWek7SIVqkRZGVpUZ4UKAstOAk5lMs622lz6MC6qdiM9C8Q1n_ZnLwMVXukU4kzStwNJG_xCdsmYGWP0xgGgG90Ii3j_BZqFOgdymfOFnaDhbV5VrFu7LkoQLmS9UbDD1xYpm0XvaZPRcARbMDvxWo3-llDXAK3wGJXhi9fCOEA-9RGKMcXKpdgJZVdA93kWnZ03OuUiP9_sJ99TLJ98IrIl3yq9pkbqQ_RXRdvl4z-peSueH6lrz69YVHFNfGV4Ujq_07m_HtZvF3GYbA_xVdPe_T5hRH923YZ2wjqxv5ed0IlPXTEvvhiUM-QIZLy2nPn7ULAGEpJQgbZfB7RMpnaQaMEEiI68agwav2zcfzlBIPox1Mv4Ou2SeKLF1czGk4aHiaf1SiqtyNd9wqpaOE1E8xW8IRWibpWAHwChM7_069FLZuawS9IsubgDI6elTN9IXUM-JpIgWRlMw2qbt_egQuzsMVDCj1Hihl5zZbKIJ2WK9mizVeLpt3jVz7Tlg1GklkZuSSWvYDuqnS3-iWhs4AEVKEGXqwdxqFc6PS5RyzG5KYerEuMOpsEkqe8vYbZTXQxiMcR2s-Ickf40zb4ZfWGQ2DV2JOy_-GPKaOQbn5_o8hWExwh7-7z26aGXYEmsVJAp8-ndU30j2OH253vjZVtEb3gWyfMZLl1G114umMHxaVRXn1NimzcrVBKSXTb8jtERHnsT44R_gOnFgAFaRfHgphZQeBiYRlKRFJtxOxpUHHzRafcqJ1RcNQnRNDsYX4TzaQrjy8KnFrtiDWIzZs86UEzt7LKsv4H5jaZ8JANDACMZ6VhPsEkM3NO8NqohXRa7rghEf_5UR2zUadwg3qyeDVjb1h1vRqeUrtUl8GlgzA1f9OAPxya3u_vrUZHq4DHMKcWZa0dpikGh86E9OkDUO_Ue6kZLfMKJYCGwJyW2eXjDJ2t8jwAyc5joiBZjznoUdowxBjxfgvsv1CwLWEqV20f1Ke0Smyof72ohpKEnLnhn3JMJ1B7Lh_wDN_MFwXCTy1PWmb_L4TOqq67JYl4hug-kMJbq7A_O9TkGKqxRrIrZukRy0R3pEzs_QXjNq4AG42rwI2-slGSuPWK2GNRSCySM4uc30Zun7h4HQwXiXJ_Be1ibxeAN9KP0dcN1ZtlxO37sbgN-RlhLVr9VYWaRrrJsoLXfAPgI9RDWndLbLcCh0bjVgC8jXxdotAplWyMJGSYu7gtHj_56HXFsBM6zZqCt6jYJA44Uq8Jku3YCNHnl1A8vwzVNOa0KwGYXDtBb6FZLrbMZplMbtZA-id5PQNRgGm46MewI5fRerbOAOALJLao8e6VTpn451bnqmW_LxWZbP6gzrZxACGy3RIYeGjspcsnRE9i04ulN-mjjuzyxFQrct_GODBtaznZRQCVjWCT5KcSu7kEjGp4mt4kXO8oUVqPhyAE9ASFWGJ9ZTqCKOM0KhME9nitSD_afgJoa_67hmNt0Rhavombye_GHNGnJpx-OYTqhqDIuL66gExO5GELE1r6fTS01Fl6xnANxSM5O7_KSgYCCWcox5X2mcgsNiRmZ9TPpANTR4PydL4spjZxdrktxLqqE5vCTZt6CNuJ_isTTBpHs9CfxP2hE5nPYY23SXHVVwiVFMsso_VkTuBRXmolhGPz7gAsVMnuCHcTf7Ff5MC74jLhnj9kO4XmAsMdGIVHx6guw-WOAPCAFy7xhmihvFw5tSGQlZBMUgiI_GI40UvPXvxPx6aWN2OibkU3q96J9zY6CD_-F53mmHasz_7OBu0hCt1qd266hciCV7nNDfg6paSOXhgDNb7Fme8EfXwrtmvrTF-m5j_zZg_YUzd1iEPBY945Rk-SU-QiE9IoIVDxHgC8yJXuwhSnrHGL-35ugEt3twQvepqWRvm0AvzD9_4yhXHbzIcu_kxomaKbVY0_FhjDzexv2Ltn3cUZAbXmEU597iMVV3HGWpotBoZoSrgueezYrmpYGly-ovLgt1zjZm0QhYcbaIrAoH40mZRehDhBN-v8TACZRC1RXjwAb23U6rRz0phFBdkwJO3BhYtcFpNGQ-PfIFZAueEtFjMfK5itP02bJYPk385Gq-8tl2uHicpu9W5-ZHCtnpc7WG4S9WZxyPEvHeRPt0-nYBE2oZgTXrHusDiknHbQ0VqEXOdLm5xEWZQNahfoBedfE94TmEDd8sH6iRMR87mN82q9uWzxam0iFOiFpUiGCPqqVO3h7DWlgZC0secVgR-2k_sPRpR3hp2s3MJyX7GMPXDKuxrSeAuUVuce-ncmGL0LjLRvbCkNSrVgRYpWN_jxuUdyjMOSVTWGGKNwiL2VhTrhizfJ05GhxSYx4UsDBtw5CUlXy_k7SwUJIIpylUdNeTP2rt0l0jk9u886C8n7ufsgmAdz5h0Qzi2iHiOb_66amRxLExPe5PhElpG3NqmV3l8eOfU4Db0InEEMBndmk-EBoCW57QBswb5svApCl7ckhjLQSmGncfWvWRf_ChpNUYIek2GZ099fRBkdamf4fg5dsHFUuXzxbqmlMoPeVsB9_vdn6CP9ezGF88N_79zEC8qb13ufkSuqFnePEhu1iPjdkn4-rzRNsfRrlZbZcC0aDf-jP8jj5xIX5Lw2899JXrBHaFguUPoo1PTC-APtgM_AZRQP5VJyrFmkxddZxLkqTwhjjRkP92TEymYPmAUHqkHLbFAzAdOoI7KWJfNlukL8SZrc_3H-0KdXTnvFnyIpN-S78X-2iuVZwNTSrb5Lfkff-D9ElPZesLjCqv0LIfa37k7LVk8gv77PqTKfeEwC4J7hVUymZGEHseczP8-o2S8zhzB5sCoVs1uahLfyPsP1M7lvt3m-70iahiYFUB_RNtK4Z2IWB5VRq7eZeSat5TLZJyg5kh5X9Oh7BNifg0Qrh-0MigxXzWIB3rnP7lb7R0VtiHkcLQwQF26MvMTcpSZ0HY8vgtPL0zjq4XzhxQIW3zizcnMxNVj0PEx-iVsUjsWRHDiGMG5R-EDwlQm3OPJjIv9o2rnHvoUJh24zyzVz4ypIDsYv3Df3_lprolHV7nAyGlOqPqQtAc36d4oq8_Ws0Of8DHmUjc9vzqUQItU3YMSmo6V6WyEcyWazU1poUDl8VFym6pDJn9As65vCrMRJ5FuyCdESFHfMy51b10Zi8lMUzftpIqTei8PzC2Riwzbg96_k17lN9xnS-x0t76Z1FP7n511u_iDlmLdX8u3CzVpjjhRBE9omAeBl5CcxGlfjBNdvThbpVCEdJqkM-nqmEpS2GdJRnX8DcxAs4wMfoflLCjJm8d-tBoUCm4WgRbrT3NMkTpwnpvz4xjSEPNrCrGBB4bXQgCNzCqARXWhUoEN1d0kYgG7gl7v34t78LSWZFkuTUIU8XsQCX0yBquo6t5JgHH5oDyXqYFhZYE_dWlhBMm5jzFULFxlWGfUeqf6yEJ-gJcZ7iUxgdMNTQGOhLmEHdM3RBwpKZSWu51MP3URkZExmbCMQ5VVac0mmxbJgTZsdQeKA2GltuYh0La0sMtWj8yV6bUhwxjSf4W1QxKOYpHHrBfDi&cid=CAQSTgDICaaNXCLwhYM5UI3VTe6DkgwNEa52C0xLfMp71A0WSKLpFRxfL50nUc_JleHUYTsMYKXwibrnPm-5e5oO_q4RIsQ_5EKkM44zV3nSTRgB&dv3_ver=m202309260101&rfl=https%3A%2F%2Fcdnseurevipbot.secureweb.top%2F&ds=l&xdt=1&iif=1&cor=15256069891834788000&adk=356101037&idt=103&cac=0&dtd=29

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4e23a3eff399bb647916a916fb9479c074d77cfb19d87b95ad28189639956aa6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://df0465b83c4db80fe7208c6394ee3d1e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Nov 2023 07:00:23 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39616
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 3756 172 KB
61 KB 52ms
7ms Script
text/javascript 2607:f8b0:4006:820::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://df0465b83c4db80fe7208c6394ee3d1e.safeframe.googlesyndication.com/
Origin: https://df0465b83c4db80fe7208c6394ee3d1e.safeframe.googlesyndication.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 07:27:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 84783
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61485
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:43:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 07 Nov 2023 07:27:20 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20231102/r20110914/elements/html/ Frame 3756 11 KB
4 KB 9ms
9ms Script
text/javascript 2607:f8b0:4006:822::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231102/r20110914/elements/html/omrhp.js

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:822::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

47a0342d90a877ec7125c3a38706b2faefa9b867661ebcef4a98ec6cf3e60b40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://df0465b83c4db80fe7208c6394ee3d1e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 13:58:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 61310
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4206
x-xss-protection: 0
server: cafe
etag: 17947678125179771625
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 20 Nov 2023 13:58:33 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20231102/r20110914/ Frame 3756 31 KB
12 KB 17ms
16ms Script
text/javascript 2607:f8b0:4006:822::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231102/r20110914/abg_lite.js

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:822::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

13ba2997ea62a564075f4e9d586d98c0f2662d6f23042e5f39366b2f27f320a9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://df0465b83c4db80fe7208c6394ee3d1e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 13:51:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 61716
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11881
x-xss-protection: 0
server: cafe
etag: 5723174479369309319
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 20 Nov 2023 13:51:47 GMT

GET
H2 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 3756 41 KB
14 KB 17ms
16ms Script
text/javascript 2607:f8b0:4006:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:816::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://df0465b83c4db80fe7208c6394ee3d1e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 03:44:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 270970
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 03 Nov 2024 03:44:13 GMT

GET
DATA 200
OK truncated
/ Frame 3756 219 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 745823630edebfcdda6261bfef6140d1f4523b7e7610ad6d56137a72df97746e

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Content-Type: image/png

POST
H2 200 init Show response
gw.geoedge.be/api/ Frame 3756 0
217 B 386ms
76ms XHR
text/plain 2600:9000:2137:1000:10:43f:4352:ad61
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://gw.geoedge.be/api/init
Requested by: Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2137:1000:10:43f:4352:ad61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://df0465b83c4db80fe7208c6394ee3d1e.safeframe.googlesyndication.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: *
date: Tue, 07 Nov 2023 07:00:24 GMT
via: 1.1 9422830f707ade946de8476fde24aafa.cloudfront.net (CloudFront)
x-amz-cf-pop: IAH50-C4
content-length: 0
x-amz-cf-id: 0nb1l_yKEn3YXU21L9Pgjz25rSiyKAInwuZb-s3IXNaHW6-8_Sn9OQ==
x-cache: Miss from cloudfront

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/12319632516142108353/ Frame 2D8A 87 KB
22 KB 50ms
32ms Document
text/html 2607:f8b0:4006:820::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/12319632516142108353/index.html?e=69&leftOffset=0&topOffset=0&c=ogxtjz6WZ8&t=1&renderingType=2&ev=01_250

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

574965692d59c01a587f35383a7348f1665a1f8a10ce1ef1ef0e89640adf5b08

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://df0465b83c4db80fe7208c6394ee3d1e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Tue, 07 Nov 2023 07:00:24 GMT
expires: Wed, 06 Nov 2024 07:00:24 GMT
last-modified: Wed, 28 Jun 2023 15:24:28 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 3756 0
0 323ms
45ms Fetch
image/gif 142.251.32.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjst7HbptjL9srUJzGRpSiohQPhxxqReVEw66YPMI3ywNzB863nqt7nH0j-i4fz_ezraBv7W5mVd68PYsrzt4hVoGdPB7khNPviimckfNXU0k8DzfrwmgfO21teQw7BEIwU5OqS6w0ws4GEPuO5iFI0J6MUu-KlxHiqYiEvhfcN-ahs4LVudFL__dcQbUUpRIeyUKaE92-OBt3vxwI8EGMj0EMWW-Lb3f1aqbTuQdukT5-ipp7N4aTwpz8uY4ylQWlMdiIZy06uEy1grSVtQzjS6GAxIUoXHsjv1Yoz2Q1YjlJmWotzBUto5zLO8CFDZ8Q0NE_4NZFjxK11SDPrSRyPj4R5hv9M6PiQ3xTU2oPjeEuhJPoCGa7U6Syr4Up2gMYqjbU_9TWpum3fucTIrKhAGjsoGUmt-2s6vQz1qj7pvTSeBoO4gMFSJPhZ4S_nFjBWyWlfjCThcRumNAcaseuev2Y-JlEXPvL2oudP_xjWirQAyqq3KbBij5dr9Nc-KS3VN_o2p5pk1nv6OgVkt7X4gwFOl-_5HvPbW-doo3_53HxPaCPiS8HpazcdxU5aipvDUJ9ivuTnogtV0JlRnSffb2o5wVRJdYvrqhds8hiKwyxQmksw1C0Q0V75oyZLxB_AbncaF27fWz1RwfafDXI2spc5HdTxW8vFaWOuOQzNCv0mS6F_vUgToUcxuAXyLJx-dWLCe1HvaM9NN7AF03vU5dd4OsYzqED11u0b1jAlYAAsbJTudehAt76F-H9Tu8qxQMAvScj-Tz241Z-Eqj1q-eA-YnPl7zJHinswfslC3JYBRfNXmTVftezPoWz-S-JFDyJLVXVZWW1G96ug7AWEilKAYFfXJLA3MSAWuTFEWOcmM07mOxK2DwulsH0iM_70bdw3HQrCc370AO7ZLiMaoaX60Kn7fMAmsX71jL9RQq5wr2_4Ibntr9F1d93fcmD3lvK3N5QzHVc-I0W5hlgQwPx3kR0epRs99-P5GzrZNmukjS_5qGm336hVMxRT7tSfQ2lAE56dS2jKW_n6hD-lsUW3gxjc8Yf_kCaXU0tivyQGJDgVVIKyzAnDQBD05jUYnGmybaDojUevlwk24OZUrN5IkafNDd2IfJJlIElLzWc2DYzFoVeCJQ3_iUgakqfbNqMkC2yA45S0iSZaJrdhTh00-xfsoWdBGVIGYFjr5QI6a7ia51t2TRpPD8bfxVA313wqKlFNUzCtd-ab0U2rne5O7Vt_qtFQA1JQmCTWz69Cp37xfQv5CIysKC9MnhAmqmbT5fcFC9LtEO0cVv7CTdBihffqvJ4TS-I8pDvKxEBLUJYLPeo84gKqdP5RRGtOe-KghuJOrej4XtMfUcssc5XTsou2fH8k1HdvtlIbRKVTS-OAe7gH14KWHekhe26RMsArvbeMrYjNE7G5LmH6nsXxMvBHfU2U75s_TCF10Qco4zTrOs1cG6SbSpvWAkivL9PLelATs6hVF5pRRXogp-8glRK8ah5J_7QrEZhnDxKfnURA&sai=AMfl-YQ8P92NMoCMc9sCnw2UeSZxuEzH1GAztcBxYx0nq4pIW4kyWClRkzTH97SvRCoxIMCYWTDWdLf_LJEIpUHbiMGJ_1bL7ptKYGhnFqb7OgkJ7MShkIyRBqv_tbhe-heE__cDamPlVstecNgYCj6F-9xrwTtu4Pg5XWewSRqd1GKc1vJLIryxwB6VERvQbUqYT6ZpLjQNMLxG3E9uN5rGBlicydT_wByahp8mbNfAHkT2sVT_9kZzSdiYZwAxGM2q-0asoMnwGu9nHxbrvqNftknvaPKzlVMqJYRvlg&sig=Cg0ArKJSzAsvEwoakQa9EAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=180&cbvp=1&cstd=166&cisv=r20231102.64408&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.32.98 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s77-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://df0465b83c4db80fe7208c6394ee3d1e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 07 Nov 2023 07:00:24 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 11BE 38 KB
13 KB 6ms
4ms Document
text/html 2607:f8b0:4006:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:816::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://df0465b83c4db80fe7208c6394ee3d1e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
age: 85477
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 06 Nov 2023 07:15:47 GMT
expires: Tue, 05 Nov 2024 07:15:47 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 4WwaGfWzeDAeGvs0ZrtmWMJUG7fu6zGPBJzQt4duOkA.js Show response
pagead2.googlesyndication.com/bg/ Frame 11BE 38 KB
15 KB 9ms
8ms Script
text/javascript 2607:f8b0:4006:822::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/4WwaGfWzeDAeGvs0ZrtmWMJUG7fu6zGPBJzQt4duOkA.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:822::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e16c1a19f5b378301e1afb3466bb6658c2541bb7eeeb318f049cd0b7876e3a40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 12:53:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 65232
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15096
x-xss-protection: 0
last-modified: Tue, 31 Oct 2023 13:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 05 Nov 2024 12:53:12 GMT

GET
H3 200 Enabler_01_250.js Show response
s0.2mdn.net/879366/ Frame 2D8A 120 KB
41 KB 6ms
6ms Script
text/javascript 2607:f8b0:4006:820::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_250.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12319632516142108353/index.html?e=69&leftOffset=0&topOffset=0&c=ogxtjz6WZ8&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

31d02f43dd0c7fc5c0d95db087a23f1c2d729c93f10450884c8da6b415f7839b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12319632516142108353/index.html?e=69&leftOffset=0&topOffset=0&c=ogxtjz6WZ8&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 20:04:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 39359
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42247
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 21:28:42 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 07 Nov 2023 20:04:25 GMT

GET
H3 200 preload.jpg
s0.2mdn.net/sadbundle/12319632516142108353/ Frame 2D8A 4 KB
4 KB 14ms
13ms Image
image/jpeg 2607:f8b0:4006:820::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/12319632516142108353/preload.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12319632516142108353/index.html?e=69&leftOffset=0&topOffset=0&c=ogxtjz6WZ8&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e33b8407c21f47e7c990edcb66dcf85406e8955ea0f85432539d5b706870cbc9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12319632516142108353/index.html?e=69&leftOffset=0&topOffset=0&c=ogxtjz6WZ8&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 21:12:11 GMT
x-content-type-options: nosniff
age: 467293
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4368
x-xss-protection: 0
last-modified: Wed, 28 Jun 2023 15:24:28 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 31 Oct 2024 21:12:11 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 3756 0
0 51ms
49ms Fetch
image/gif 142.251.32.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjst7HbptjL9srUJzGRpSiohQPhxxqReVEw66YPMI3ywNzB863nqt7nH0j-i4fz_ezraBv7W5mVd68PYsrzt4hVoGdPB7khNPviimckfNXU0k8DzfrwmgfO21teQw7BEIwU5OqS6w0ws4GEPuO5iFI0J6MUu-KlxHiqYiEvhfcN-ahs4LVudFL__dcQbUUpRIeyUKaE92-OBt3vxwI8EGMj0EMWW-Lb3f1aqbTuQdukT5-ipp7N4aTwpz8uY4ylQWlMdiIZy06uEy1grSVtQzjS6GAxIUoXHsjv1Yoz2Q1YjlJmWotzBUto5zLO8CFDZ8Q0NE_4NZFjxK11SDPrSRyPj4R5hv9M6PiQ3xTU2oPjeEuhJPoCGa7U6Syr4Up2gMYqjbU_9TWpum3fucTIrKhAGjsoGUmt-2s6vQz1qj7pvTSeBoO4gMFSJPhZ4S_nFjBWyWlfjCThcRumNAcaseuev2Y-JlEXPvL2oudP_xjWirQAyqq3KbBij5dr9Nc-KS3VN_o2p5pk1nv6OgVkt7X4gwFOl-_5HvPbW-doo3_53HxPaCPiS8HpazcdxU5aipvDUJ9ivuTnogtV0JlRnSffb2o5wVRJdYvrqhds8hiKwyxQmksw1C0Q0V75oyZLxB_AbncaF27fWz1RwfafDXI2spc5HdTxW8vFaWOuOQzNCv0mS6F_vUgToUcxuAXyLJx-dWLCe1HvaM9NN7AF03vU5dd4OsYzqED11u0b1jAlYAAsbJTudehAt76F-H9Tu8qxQMAvScj-Tz241Z-Eqj1q-eA-YnPl7zJHinswfslC3JYBRfNXmTVftezPoWz-S-JFDyJLVXVZWW1G96ug7AWEilKAYFfXJLA3MSAWuTFEWOcmM07mOxK2DwulsH0iM_70bdw3HQrCc370AO7ZLiMaoaX60Kn7fMAmsX71jL9RQq5wr2_4Ibntr9F1d93fcmD3lvK3N5QzHVc-I0W5hlgQwPx3kR0epRs99-P5GzrZNmukjS_5qGm336hVMxRT7tSfQ2lAE56dS2jKW_n6hD-lsUW3gxjc8Yf_kCaXU0tivyQGJDgVVIKyzAnDQBD05jUYnGmybaDojUevlwk24OZUrN5IkafNDd2IfJJlIElLzWc2DYzFoVeCJQ3_iUgakqfbNqMkC2yA45S0iSZaJrdhTh00-xfsoWdBGVIGYFjr5QI6a7ia51t2TRpPD8bfxVA313wqKlFNUzCtd-ab0U2rne5O7Vt_qtFQA1JQmCTWz69Cp37xfQv5CIysKC9MnhAmqmbT5fcFC9LtEO0cVv7CTdBihffqvJ4TS-I8pDvKxEBLUJYLPeo84gKqdP5RRGtOe-KghuJOrej4XtMfUcssc5XTsou2fH8k1HdvtlIbRKVTS-OAe7gH14KWHekhe26RMsArvbeMrYjNE7G5LmH6nsXxMvBHfU2U75s_TCF10Qco4zTrOs1cG6SbSpvWAkivL9PLelATs6hVF5pRRXogp-8glRK8ah5J_7QrEZhnDxKfnURA&sai=AMfl-YQ8P92NMoCMc9sCnw2UeSZxuEzH1GAztcBxYx0nq4pIW4kyWClRkzTH97SvRCoxIMCYWTDWdLf_LJEIpUHbiMGJ_1bL7ptKYGhnFqb7OgkJ7MShkIyRBqv_tbhe-heE__cDamPlVstecNgYCj6F-9xrwTtu4Pg5XWewSRqd1GKc1vJLIryxwB6VERvQbUqYT6ZpLjQNMLxG3E9uN5rGBlicydT_wByahp8mbNfAHkT2sVT_9kZzSdiYZwAxGM2q-0asoMnwGu9nHxbrvqNftknvaPKzlVMqJYRvlg&sig=Cg0ArKJSzAsvEwoakQa9EAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=605&vt=11&dtpt=425&dett=3&cstd=166&cisv=r20231102.64408&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.32.98 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s77-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://df0465b83c4db80fe7208c6394ee3d1e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 07:00:24 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 2D8A 8 KB
6 KB 82ms
43ms XHR
application/json 2607:f8b0:4006:822::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_250&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_250.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:822::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f3a83dbec57bca632ed8b04cb1a5f39b2e530884b032e8360a03f267095151a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 07:00:24 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5835
x-xss-protection: 0

GET
H3 200 preload.jpg
s0.2mdn.net/sadbundle/12319632516142108353/ Frame 2D8A 4 KB
4 KB 23ms
22ms Image
image/jpeg 2607:f8b0:4006:820::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/12319632516142108353/preload.jpg

Requested by

Host: df0465b83c4db80fe7208c6394ee3d1e.safeframe.googlesyndication.com
URL: https://df0465b83c4db80fe7208c6394ee3d1e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e33b8407c21f47e7c990edcb66dcf85406e8955ea0f85432539d5b706870cbc9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12319632516142108353/index.html?e=69&leftOffset=0&topOffset=0&c=ogxtjz6WZ8&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 21:12:11 GMT
x-content-type-options: nosniff
age: 467293
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4368
x-xss-protection: 0
last-modified: Wed, 28 Jun 2023 15:24:28 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 31 Oct 2024 21:12:11 GMT

GET
H3 200 replay.png
s0.2mdn.net/sadbundle/12319632516142108353/ Frame 2D8A 676 B
703 B 23ms
22ms Image
image/png 2607:f8b0:4006:820::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/12319632516142108353/replay.png

Requested by

Host: df0465b83c4db80fe7208c6394ee3d1e.safeframe.googlesyndication.com
URL: https://df0465b83c4db80fe7208c6394ee3d1e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

560840d26c66d01e35e8257c2599e4d6ff81fb45082ac051cbfb0fb835657951

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12319632516142108353/index.html?e=69&leftOffset=0&topOffset=0&c=ogxtjz6WZ8&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Thu, 02 Nov 2023 13:14:39 GMT
x-content-type-options: nosniff
age: 409545
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 676
x-xss-protection: 0
last-modified: Wed, 28 Jun 2023 15:24:28 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 01 Nov 2024 13:14:39 GMT

GET
H3 200 poster.jpg
s0.2mdn.net/sadbundle/12319632516142108353/ Frame 2D8A 68 KB
68 KB 24ms
23ms Image
image/jpeg 2607:f8b0:4006:820::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/12319632516142108353/poster.jpg

Requested by

Host: df0465b83c4db80fe7208c6394ee3d1e.safeframe.googlesyndication.com
URL: https://df0465b83c4db80fe7208c6394ee3d1e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

105fb74c3e11b3a0f9ea651b898f0ce3a52147e403481c9f3f94437441f333cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12319632516142108353/index.html?e=69&leftOffset=0&topOffset=0&c=ogxtjz6WZ8&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 17:21:07 GMT
x-content-type-options: nosniff
age: 308357
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 69961
x-xss-protection: 0
last-modified: Wed, 28 Jun 2023 15:24:28 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 02 Nov 2024 17:21:07 GMT

GET
H/1.1

206
Partial Content

file.mp4
r4---sn-ab5sznzl.c.2mdn.net/videoplayback/id/1343a7aa33242074/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1730876423/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,... Frame 2D8A
Redirect Chain

https://gcdn.2mdn.net/videoplayback/id/1343a7aa33242074/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1730876423/sparams/ip,ipbits,expire,id,itag,source,ctier,acao/signat...
https://r4---sn-ab5sznzl.c.2mdn.net/videoplayback/id/1343a7aa33242074/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1730876423/sparams/acao,ctier,expire,id,ip,ipbits,itag...

605 KB
605 KB

141ms
11ms

Media
video/mp4

2607:f8b0:4006:a::9
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r4---sn-ab5sznzl.c.2mdn.net/videoplayback/id/1343a7aa33242074/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1730876423/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/7F85DC21ED7540994F152F048707EFC85EBF834F.1FF90251397A396CF46F72D5F338263CD135962B/key/cms1/cms_redirect/yes/mh/gg/mip/2a0d:5600:24:1500:1011:9e7:9716:453a/mm/42/mn/sn-ab5sznzl/ms/onc/mt/1699339956/mv/m/mvi/4/pl/48/file/file.mp4

Requested by

Host: df0465b83c4db80fe7208c6394ee3d1e.safeframe.googlesyndication.com
URL: https://df0465b83c4db80fe7208c6394ee3d1e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

HTTP/1.1

Server

2607:f8b0:4006:a::9 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

0ec5bf37e2f80b5b1cd994cbc3fb926688f4810071b400da230f5845dbe0b06a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Date: Tue, 07 Nov 2023 07:00:25 GMT
X-Content-Type-Options: nosniff
Last-Modified: Wed, 28 Jun 2023 15:25:03 GMT
Server: gvs 1.0
Vary: Origin
Content-Type: video/mp4
Content-Range: bytes 0-619238/619239
Cache-Control: private, max-age=86400
Connection: close
Accept-Ranges: bytes
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
Content-Length: 619239
Expires: Tue, 07 Nov 2023 07:00:25 GMT

Redirect headers

pragma: no-cache
date: Tue, 07 Nov 2023 07:00:24 GMT
x-content-type-options: nosniff
server: ClientMapServer
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
location: https://r4---sn-ab5sznzl.c.2mdn.net/videoplayback/id/1343a7aa33242074/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1730876423/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/7F85DC21ED7540994F152F048707EFC85EBF834F.1FF90251397A396CF46F72D5F338263CD135962B/key/cms1/cms_redirect/yes/mh/gg/mip/2a0d:5600:24:1500:1011:9e7:9716:453a/mm/42/mn/sn-ab5sznzl/ms/onc/mt/1699339956/mv/m/mvi/4/pl/48/file/file.mp4
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 665
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 prod_studio_01_250_videomodule.js Show response
s0.2mdn.net/879366/ Frame 2D8A 13 KB
5 KB 22ms
22ms Script
text/javascript 2607:f8b0:4006:820::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/prod_studio_01_250_videomodule.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_250.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

03656ff565d2cc90c3b8f2c1963c5804304e5d9dc796e920db21a6db906a942d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12319632516142108353/index.html?e=69&leftOffset=0&topOffset=0&c=ogxtjz6WZ8&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 20:03:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 39411
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4955
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 21:28:43 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 07 Nov 2023 20:03:33 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 2D8A 17 KB
6 KB 51ms
50ms Script
text/javascript 2607:f8b0:4006:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_250.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:816::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 07:00:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 07 Nov 2023 07:00:24 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 11BE 0
20 B 43ms
42ms Image
image/gif 2607:f8b0:4006:822::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BaXsDh-BJZeeSJ4OR_gSAgZboCAAAAAA4AeAEAg&bg=!dXaldjnNAAb4oU7C2KE7ADQBe5WfOM89ctsRddtqPbZQw_Y-5sFyWHUkItGNwHeAc9eucClpMUC-I3pWlXZLbuAI46AhAgAAANJSAAAAC2gBB5kDRF7Jny5D1s51O6i38PKATvdjtx5a4talP0Bj680Gu88liVCSW72qfWki7sLgz7RYXXSGyr7C3krRFkFOkQjpxdAh7sv-74ARoYjNIplhFFBAkZ7hYCB-0QuhqHpPRWpJ_cyW3EnySBbAZrRjgp7uQtEvJWOqLNUIewYsZvT3BW-LnkEABMbnrz-cuUoklI0IuJHEOzGeHvsljQ-JGSOSYp5jGfiIHCvSu3tG9X7bGq5PjdxK_i6mTqrFv4MSeHy-iyHS39Ffqlr1iwdLlEqwwQsaCtJZNA0V1ESGbvPSe-1AM_XtA9OgN-u0_-VqUolwsqLpbuHHccNLWCSz931aN0ed7BPPy_GZUZdmMEH3I3YrhaqKySbE9-0s_3Lh7jgo5R7v1AnEH2d_iNfH0trTPsfpKtM7-4XtswsS5gT1C-DnpaquWvQcVh3hyNwcXTnY1JFIDeMjbJaaEtK3TJVg2WFak2oJv2yAhftLAUtA_k842Y82doozfnY1SsvDspzlfEYApSwtHVcrvVbKkyL0l7RSnCzhoimUiKeJF4_qf4q2PyPXqB4QvQWpczf1gXEaB5IPPUJAobgpqP9qb3-WuPHOQDuFUev_NeE7jQJDF2UQyMM8kYp4PL2-6nGyJdANNZp_cIl9f4mL6MiR3OLOnY25VDE_709XllmjivQhK8aLz6x28bMQxnWvXA_BtjuxjCwKcReG9KI8Snv2lAByyonIzhPoyRq29-7PKLFOsaa6EPAvhrjUx8QGWG4pmpMdU8_sstiXts2JiXEVZjGi7irbptyc8SBgwG4h345C90agkxoTaj9CVWpZIlxr1IXDyrYsoGogYv6RtGBs-KqGikXtvf7LFLhnfJRUQtoOvYFQCJA6tbFgzda2xG9b1IRCHcy8Asug4Oul1py550ZO9up1kbAR0r1EX57Go-p6rMgyXBNd3QUjKXM3imV8aMqMKhUKZYUQ3hPg-Gzb-8blAgi_YSILjPRtkM836YFap-2ntNyPwEbdiK-P0Oh94wm_GRczw81hVNwuncgZZCcq82M_CYzIPcbbIKuQRsojbRiU41oPnQdQP7jOD1Rc1hZTPqIzKkqOllEZAB_GDewkYClgmqAK

Requested by

Host: df0465b83c4db80fe7208c6394ee3d1e.safeframe.googlesyndication.com
URL: https://df0465b83c4db80fe7208c6394ee3d1e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:822::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Nov 2023 07:00:24 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 vendors~allAccessLandingPage~bestsellers~card~collections~cookingLandingPage~explainer~gamesGiftLand~294d5d80-35ba912c048d03f4db3a.js Show response
cdnseurevipbot.secureweb.top/vi-assets/static-assets/ 44 KB
11 KB 309ms
307ms Script
application/javascript 2606:4700:3031::ac43:a761
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnseurevipbot.secureweb.top/vi-assets/static-assets/vendors~allAccessLandingPage~bestsellers~card~collections~cookingLandingPage~explainer~gamesGiftLand~294d5d80-35ba912c048d03f4db3a.js

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi-ip.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::ac43:a761 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4501bb0294daf1a98751db74fe0917f9134d90ab743318c3e8a7d9722efbae41

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-encoding: br
x-guploader-uploadid: ABPtcPricut4U1z8vQu7WFBu8J5YBU41OiSSwBqzxvG6Jw5U8hcoygEihPgjyYcUyjL95UyeKAIvJay3Wg
x-goog-stored-content-encoding: identity
x-origin-time: 2023-11-06 17:14:20 UTC
x-served-by: cache-fra-eddf8230077-FRA
x-timer: S1699340425.109252,VS0,VE1
etag: W/"bc5ac66573bd426320b5d3b3e2fdebba"
vary: Accept-Encoding, Fastly-SSL
x-goog-generation: 1699290518944923
content-type: application/javascript
x-frame-options: DENY
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/vendors~allAccessLandingPage~bestsellers~card~collections~cookingLandingPage~explainer~gamesGiftLand~294d5d80-35ba912c048d03f4db3a.js
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 727
expires: Tue, 05 Nov 2024 17:14:20 GMT
date: Tue, 07 Nov 2023 07:00:25 GMT
strict-transport-security: max-age=63072000; preload; includeSubdomains
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 06 Nov 2023 17:08:39 GMT
server: cloudflare
x-goog-hash: crc32c=I/zq0Q==, md5=vFrGZXO9QmMgtdOz4v3rug==
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BXPabgQg8bgziF5nrgVP2XREJQUVMhzLpxDFWiQWnr7fKkTCaWar%2Bxhv90zHvnkctiOXfiRUrpMCuc6FSYXVSw%2BWJ9b3HpWk7mw0C9LF9SnSRbzQyHMB55cVZlwHiTuNQgnYeIqTqy5fbkonDgR4beMKnuSqlri431Cm"}],"group":"cf-nel","max_age":604800}
x-gdpr: 1
x-goog-stored-content-length: 44674
cf-ray: 8223b2f76c30c35a-EWR

GET
H3 200 vendors~accessCodeLPAllAccess~accessCodeLPCooking~accessCodeLPGames~accessCodeLPNews~activateaccess~~9963152a-19e89dc7a603e4102bca.js Show response
cdnseurevipbot.secureweb.top/vi-assets/static-assets/ 199 KB
52 KB 410ms
408ms Script
application/javascript 2606:4700:3031::ac43:a761
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnseurevipbot.secureweb.top/vi-assets/static-assets/vendors~accessCodeLPAllAccess~accessCodeLPCooking~accessCodeLPGames~accessCodeLPNews~activateaccess~~9963152a-19e89dc7a603e4102bca.js

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi-ip.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::ac43:a761 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

94df5d2926f84023b53a7b88d959ec0a24857fccc905c82b5bee2869845eb4c4

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-encoding: br
x-guploader-uploadid: ABPtcPoD5YzTLBYaXzKZE9EU40pxXPmS4TgokDE4oRP0fuo73_cvKAPU_2uJHPibJvOm8gA9U6wwNxX__g
x-goog-stored-content-encoding: identity
x-origin-time: 2023-11-01 16:21:03 UTC
x-served-by: cache-fra-eddf8230086-FRA
x-timer: S1699340425.110631,VS0,VE1
etag: W/"559367abf8d93938749b090dcf53a49b"
vary: Accept-Encoding, Fastly-SSL
x-goog-generation: 1698855661331513
content-type: application/javascript
x-frame-options: DENY
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/vendors~accessCodeLPAllAccess~accessCodeLPCooking~accessCodeLPGames~accessCodeLPNews~activateaccess~~9963152a-19e89dc7a603e4102bca.js
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 6066
expires: Thu, 31 Oct 2024 16:21:03 GMT
date: Tue, 07 Nov 2023 07:00:25 GMT
strict-transport-security: max-age=63072000; preload; includeSubdomains
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 01 Nov 2023 16:21:01 GMT
server: cloudflare
x-goog-hash: crc32c=lv0vnA==, md5=VZNnq/jZOTh0mwkNz1Okmw==
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KGi8QZQ5Y9SiCWg3mNx7GYUe8pJbNNGHj5PPMozuqQ%2FwxqGQ5%2BmRCjMwPq7fgldEcDVMqBYje2EpynaUeoXSZwpydOsnd6U8SaAV0qxX60Ei6mmIsB%2B1qj9gmNqA4QxsQgkXFywtUPvhZ1WkEdopFpmnvUQ66aM9E6Vy"}],"group":"cf-nel","max_age":604800}
x-gdpr: 1
x-goog-stored-content-length: 204119
cf-ray: 8223b2f77c32c35a-EWR

GET
H3 200 vendors~audio~bestsellers~collections~explainer~home~liveAsset~markets~paidpost~reviews~search~slide~b202aa65-3e08838b78a41d5f409d.js Show response
cdnseurevipbot.secureweb.top/vi-assets/static-assets/ 46 KB
16 KB 142ms
140ms Script
application/javascript 2606:4700:3031::ac43:a761
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnseurevipbot.secureweb.top/vi-assets/static-assets/vendors~audio~bestsellers~collections~explainer~home~liveAsset~markets~paidpost~reviews~search~slide~b202aa65-3e08838b78a41d5f409d.js

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi-ip.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::ac43:a761 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cb554020ec10b151dcccf7f5eae72f7807d392f2324582f4ae45168ccf9b007e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-encoding: br
x-guploader-uploadid: ABPtcPrdeUJRVLDdAtEM0rK4OCylDl_js0HB30P3-car7YDSuYOg5o4_yC2YyUJ4B2BBFFDTcuw
x-goog-stored-content-encoding: identity
x-origin-time: 2023-11-06 19:40:02 UTC
x-served-by: cache-fra-eddf8230102-FRA
x-timer: S1699340425.927296,VS0,VE1
etag: W/"6bcf719b5c3e4391f14146dd1e4911bc"
vary: Accept-Encoding, Fastly-SSL
x-goog-generation: 1699299492364100
content-type: application/javascript
x-frame-options: DENY
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/vendors~audio~bestsellers~collections~explainer~home~liveAsset~markets~paidpost~reviews~search~slide~b202aa65-3e08838b78a41d5f409d.js
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 443
expires: Tue, 05 Nov 2024 19:40:02 GMT
date: Tue, 07 Nov 2023 07:00:25 GMT
strict-transport-security: max-age=63072000; preload; includeSubdomains
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 06 Nov 2023 19:38:12 GMT
server: cloudflare
x-goog-hash: crc32c=nl8vAg==, md5=a89xm1w+Q5HxQUbdHkkRvA==
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XHz2nVyQzNq%2B6KIEQRbbbUY%2F3LJBRTLRZcNHeK%2Fua0knJP5Ahk2SoSFiYoqILEmbn1ltPIdxdIVCfHJxl7JhbGacvFwuzAofAOnpyvhmz23L7%2Bi2lCYUh2qlAFBQzD%2FV2dHSf3LbFPbW%2B3YHcUdkIUtSGytHE81MPVnf"}],"group":"cf-nel","max_age":604800}
x-gdpr: 1
x-goog-stored-content-length: 46690
cf-ray: 8223b2f77c33c35a-EWR

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 178 KB
61 KB 30ms
29ms Script
application/javascript 2607:f8b0:4006:81e::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-N5P6T9S&l=dataLayer

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P528B3&gtm_auth=tfAzqo1rYDLgYhmTnSjPqw&gtm_preview=env-130&gtm_cookies_win=x

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81e::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

a829a15fb1f19efe87d128cc4621b70f1dc8c14d2dcfb34ef67fbcf338f3314f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 07:00:25 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 62379
x-xss-protection: 0
last-modified: Tue, 07 Nov 2023 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 07 Nov 2023 07:00:25 GMT

GET
H2 200 tags.js Show response
dd.nytimes.com/ 227 KB
47 KB 342ms
47ms Script
text/javascript 13.249.21.101
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dd.nytimes.com/tags.js

Requested by

Host: cdnseurevipbot.secureweb.top
URL: https://cdnseurevipbot.secureweb.top/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.249.21.101 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-249-21-101.iah50.r.cloudfront.net

Software

Apache /

Resource Hash

8efe1572be12f6646d54cfb294c79d31a010fa99cf4948e168582234b0464f11

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: gzip
via: 1.1 9e3037e05a8abb395d5fc7bae279d1fe.cloudfront.net (CloudFront)
date: Tue, 07 Nov 2023 06:36:13 GMT
x-amz-cf-pop: IAH50-C1
age: 1452
x-cache: Hit from cloudfront
content-length: 47609
last-modified: Tue, 31 Oct 2023 08:00:41 GMT
server: Apache
etag: "38dd0-608fe8d090ad9-gzip"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=3600, public
accept-ranges: bytes
x-amz-cf-id: 6QS4N7QwvCcUHwqte6wwA39bT-w9XLvm2MpYgd9dsCRFmcVnrpzpGg==
expires: Tue, 07 Nov 2023 07:36:13 GMT

GET
H2

204

b2
sb.scorecardresearch.com/
Redirect Chain

https://sb.scorecardresearch.com/b?c1=2&c2=3005403&ns__t=1699340424993&ns_c=UTF-8&c8=The%20New%20York%20Times%20-%20Breaking%20News%2C%20US%20News%2C%20World%20News%20and%20Videos&c7=https%3A%2F%2F...
https://sb.scorecardresearch.com/b2?c1=2&c2=3005403&ns__t=1699340424993&ns_c=UTF-8&c8=The%20New%20York%20Times%20-%20Breaking%20News%2C%20US%20News%2C%20World%20News%20and%20Videos&c7=https%3A%2F%2...

0
224 B

121ms
120ms

Image
text/plain

99.86.74.78
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/b2?c1=2&c2=3005403&ns__t=1699340424993&ns_c=UTF-8&c8=The%20New%20York%20Times%20-%20Breaking%20News%2C%20US%20News%2C%20World%20News%20and%20Videos&c7=https%3A%2F%2Fcdnseurevipbot.secureweb.top%2F&c9=
Requested by: Host: cdnseurevipbot.secureweb.top
URL: https://cdnseurevipbot.secureweb.top/
Protocol: H2
Server: 99.86.74.78 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-74-78.iah50.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 07:00:25 GMT
via: 1.1 547a781990a5f9debaf81c3caf1c35f0.cloudfront.net (CloudFront)
accept-ch: UA, Platform, Arch, Model, Mobile
x-amz-cf-pop: IAH50-C4
x-amz-cf-id: kGy0uT08nn2CyEGvD_OI656ul3q0_6GlnAaL201aIfr-f-8liR_qkA==
x-cache: Miss from cloudfront

Redirect headers

date: Tue, 07 Nov 2023 07:00:25 GMT
via: 1.1 547a781990a5f9debaf81c3caf1c35f0.cloudfront.net (CloudFront)
accept-ch: UA, Platform, Arch, Model, Mobile
x-amz-cf-pop: IAH50-C4
x-cache: Miss from cloudfront
location: /b2?c1=2&c2=3005403&ns__t=1699340424993&ns_c=UTF-8&c8=The%20New%20York%20Times%20-%20Breaking%20News%2C%20US%20News%2C%20World%20News%20and%20Videos&c7=https%3A%2F%2Fcdnseurevipbot.secureweb.top%2F&c9=
content-length: 0
x-amz-cf-id: 33rH54wQU_Eseub_WfQAdK5SyEfs1ibk2vBQUJI-oYNSCEQxcGjiOg==

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 3756 42 B
64 B 35ms
32ms Fetch
image/gif 2607:f8b0:4006:822::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsu-2eV9jiOW5cA20YBpE0-Bzyx6t7KP6mktMlI6sCnxSMc0Sw5kDcQaPojv4YPNr3FQcgXXrkCQn_Gm2JMLGWLPXdGiYPnREloOP7AtYh_TM5K3mnOcdoWHs6A6rd8QqBI9oB2wRLuccg&sai=AMfl-YRWkFqO1shy5LmtIG_R9I-qKCv__0S_hM-tUJNGo97DrN-zjiQmvt2OM40jNzqd2-FcLFc_sM82woYzU8JK15sWHZwZvsXM8pnT0e76KOobquIA1w5Lqye6L88jnt5YI0Wx3NQYVuH6GRF7jX7V&sig=Cg0ArKJSzLcSvwfPc0WoEAE&cid=CAQSTgDICaaNXCLwhYM5UI3VTe6DkgwNEa52C0xLfMp71A0WSKLpFRxfL50nUc_JleHUYTsMYKXwibrnPm-5e5oO_q4RIsQ_5EKkM44zV3nSTRgB&id=lidar2&mcvt=1197&p=15,315,265,1285&mtos=1197,1197,1197,1197,1197&tos=1197,0,0,0,0&v=20231106&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=2496155832&rs=4&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1699340422936&rpt=856&isd=0&lsd=0&met=ce&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:822::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://df0465b83c4db80fe7208c6394ee3d1e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Nov 2023 07:00:25 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 4WwaGfWzeDAeGvs0ZrtmWMJUG7fu6zGPBJzQt4duOkA.js Show response
pagead2.googlesyndication.com/bg/ Frame E9C8 38 KB
15 KB 12ms
9ms Script
text/javascript 2607:f8b0:4006:822::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/4WwaGfWzeDAeGvs0ZrtmWMJUG7fu6zGPBJzQt4duOkA.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:822::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e16c1a19f5b378301e1afb3466bb6658c2541bb7eeeb318f049cd0b7876e3a40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 12:53:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 65233
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15096
x-xss-protection: 0
last-modified: Tue, 31 Oct 2023 13:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 05 Nov 2024 12:53:12 GMT

GET
H2 200 dc_oe=ChMIp_K2sqixggMVg4ifCh2AgAWNEAAYACCbxOpcQhMIq_bwsaixggMVEgzDCh38vQTY;met=1;&timestamp=1699340425128;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=0;eid3=11;ecn3=1;etm3=0;eid5=12;ecn5=1;etm5=0;
ade.googlesyndication.com/ddm/activity/ Frame 3756 42 B
401 B 109ms
36ms Image
image/gif 142.251.41.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIp_K2sqixggMVg4ifCh2AgAWNEAAYACCbxOpcQhMIq_bwsaixggMVEgzDCh38vQTY;met=1;&timestamp=1699340425128;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=0;eid3=11;ecn3=1;etm3=0;eid5=12;ecn5=1;etm5=0;

Requested by

Host: df0465b83c4db80fe7208c6394ee3d1e.safeframe.googlesyndication.com
URL: https://df0465b83c4db80fe7208c6394ee3d1e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.41.2 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s40-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://df0465b83c4db80fe7208c6394ee3d1e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Nov 2023 07:00:25 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 track
a.et.nytimes.com/ 0
0 33ms
31ms Ping
text/plain 52.54.49.121
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://a.et.nytimes.com/track
Requested by: Host: cdnseurevipbot.secureweb.top
URL: https://cdnseurevipbot.secureweb.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.54.49.121 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-54-49-121.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cdnseurevipbot.secureweb.top/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

POST
H2 200 / Show response
dd.nytimes.com/js/ 248 B
632 B 160ms
73ms XHR
application/json 13.249.21.101
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dd.nytimes.com/js/

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/us1/v4/datadog-rum.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.249.21.101 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-249-21-101.iah50.r.cloudfront.net

Software

DataDome /

Resource Hash

6d079676c7dda83a62dc625925148bde8b964c8e389ae677b5081aa5d464dfff

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://cdnseurevipbot.secureweb.top/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Tue, 07 Nov 2023 07:00:25 GMT
via: 1.1 421ed3ada98054f77ad8e9cd0817acc2.cloudfront.net (CloudFront)
strict-transport-security: max-age=63072000; includeSubDomains; preload
server: DataDome
x-amz-cf-pop: IAH50-C1
x-cache: Miss from cloudfront
content-type: application/json;charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
content-length: 248
x-amz-cf-id: sdlI0w5bAp2O9aci-XOlYZNnQABihlDn8USceiRbENxax9Lg5iNZqw==
expires: 0

OPTIONS
H2 200 v2
samizdat-graphql.nytimes.com/graphql/ Frame 0
0 35ms
34ms Preflight 151.101.65.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://samizdat-graphql.nytimes.com/graphql/v2

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.65.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,nyt-app-type,nyt-app-version,nyt-token,x-nyt-entitlements,x-nyt-internal-meter-override,x-nyt-news-tenure,x-nyt-programming-abtest
Access-Control-Request-Method: POST
Origin: https://cdnseurevipbot.secureweb.top
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-credentials: true
access-control-allow-headers: content-type,nyt-app-type,nyt-app-version,nyt-token,x-nyt-entitlements,x-nyt-internal-meter-override,x-nyt-news-tenure,x-nyt-programming-abtest
access-control-allow-methods: GET,POST
access-control-expose-headers: x-nyt-audience-target-flat,x-nyt-continent,x-nyt-country,x-nyt-region,x-nyt-meridiem,x-nyt-gmt-offset
access-control-max-age: 300
age: 0
content-encoding: gzip
content-length: 20
date: Tue, 07 Nov 2023 07:00:26 GMT
server: envoy
strict-transport-security: max-age=63072000; preload; includeSubdomains
timing-allow-origin: *
vary: Origin, Access-Control-Request-Headers, Accept-Encoding, Access-Control-Request-Method
via: 1.1 google, 1.1 varnish
x-cache: MISS
x-cache-hits: 0
x-envoy-decorator-operation: graphql-v1.samizdat.nyti.nyt.net:443/*
x-envoy-upstream-service-time: 21
x-nyt-audience-target-flat: NA:AM
x-nyt-continent: NA
x-nyt-country: US
x-nyt-edge-cache: MISS
x-nyt-meridiem: AM
x-nyt-region: CT
x-samizdat-query-exe-id: af68741ff233e97b
x-samizdat-query-field-errors: 0
x-served-by: cache-lga21979-LGA
x-timer: S1699340426.994028,VS0,VE30

GET
H3 200 market Show response
cdnseurevipbot.secureweb.top/api/ 516 B
1 KB 816ms
815ms Fetch
application/json 2606:4700:3031::ac43:a761
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnseurevipbot.secureweb.top/api/market

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/us1/v4/datadog-rum.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::ac43:a761 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

be9dcda7136b10664180d9376d56acf52cb27126082e1dd1fda47ca67316de55

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 07:00:26 GMT
content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-encoding: br
strict-transport-security: max-age=63072000; preload; includeSubdomains
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-api-version: F-F-X
age: 30
x-cache: HIT, HIT
alt-svc: h3=":443"; ma=86400
x-origin-time: 2023-11-07 06:59:56 UTC
x-served-by: cache-lga21927-LGA, cache-fra-eddf8230131-FRA
server: cloudflare
x-timer: S1699340426.218241,VS0,VE1
vary: Accept-Encoding, Fastly-SSL
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/api/market
content-type: application/json; charset=utf-8
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JEkUOlOCOnDceqobCJf1B4vjjAgpASsl8LeUgLhIg%2B0dNe1mQJjoXBQKZKS838Ywy5bWI7LuSzXDJeO2qE2Uhun4JK%2BjI%2BiiSFzM5%2FjtLZeb0BjMNpCsP1GTCk5p%2FYC8nPuVteLx6RXDZQJr28FCze%2B5XcVi2YLnu6hF"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=60,(null)
x-nyt-route: market
x-nyt-app-webview: 0
x-gdpr: 1
x-frame-options: DENY
x-nyt-edge-cache: HIT-HIT
cf-ray: 8223b2fe6e4ac35a-EWR
x-cache-hits: 5, 26

POST v2
samizdat-graphql.nytimes.com/graphql/ 0
0

GET
H2 200 bid Show response
aax.amazon-adsystem.com/e/dtb/ 23 B
471 B 77ms
76ms XHR
text/javascript 99.86.71.49

General

Check archive.org

Show headers Download Go to

Full URL

https://aax.amazon-adsystem.com/e/dtb/bid?src=3030&u=https%3A%2F%2Fcdnseurevipbot.secureweb.top%2F&pid=o1y3tSgfJ5cWI&cb=1&ws=1600x1200&v=23.1027.1921&t=2000&slots=%5B%7B%22sd%22%3A%22dfp-ad-mid1%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x90%22%2C%22970x250%22%5D%2C%22sn%22%3A%22dfp-ad-mid1_hp_web%22%7D%5D&pj=%7B%22si_section%22%3A%22home%22%7D&cfgv=1&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/us1/v4/datadog-rum.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.71.49 , United States, ASN (),

Reverse DNS

server-99-86-71-49.iah50.r.cloudfront.net

Software

Server /

Resource Hash

89b4aa9e9bf8516c2ab7b5134f65d47b02071637259a14c9f60dccc207e05ce4

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 07:00:26 GMT
strict-transport-security: max-age=47474747; includeSubDomains; preload
via: 1.1 2bdf494b25915e360d3b11ea33e35b3a.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: IAH50-C3
x-amz-rid: QVVYBW4TEZ63J9P6KNR3
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://cdnseurevipbot.secureweb.top
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: eoFYHPVos9dypmMANz6gZBILs3aUzqpvKOQ2yeiT2H-DRFJqfqmISA==

GET
H2 200 bid Show response
aax.amazon-adsystem.com/e/dtb/ 23 B
471 B 78ms
75ms XHR
text/javascript 99.86.71.49

General

Check archive.org

Show headers Download Go to

Full URL

https://aax.amazon-adsystem.com/e/dtb/bid?src=3030&u=https%3A%2F%2Fcdnseurevipbot.secureweb.top%2F&pid=o1y3tSgfJ5cWI&cb=2&ws=1600x1200&v=23.1027.1921&t=2000&slots=%5B%7B%22sd%22%3A%22dfp-ad-mid2%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x90%22%2C%22970x250%22%5D%2C%22sn%22%3A%22dfp-ad-mid2_hp_web%22%7D%5D&pj=%7B%22si_section%22%3A%22home%22%7D&cfgv=1&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/us1/v4/datadog-rum.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.71.49 , United States, ASN (),

Reverse DNS

server-99-86-71-49.iah50.r.cloudfront.net

Software

Server /

Resource Hash

5d7c7d25a0da74c0dd466120c3c09bd94cb982fc66ebc4a78675339f37323bf5

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 07:00:26 GMT
strict-transport-security: max-age=47474747; includeSubDomains; preload
via: 1.1 2bdf494b25915e360d3b11ea33e35b3a.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: IAH50-C3
x-amz-rid: A10KSVJ6N0P9RV2GJVZM
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://cdnseurevipbot.secureweb.top
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: gWCLlcFRHPDwB2UVuaTcB904E9aV8VziYqGHc9E8hXxKchXNr6tD5g==

GET
H2 200 bid Show response
aax.amazon-adsystem.com/e/dtb/ 23 B
471 B 84ms
79ms XHR
text/javascript 99.86.71.49

General

Check archive.org

Show headers Download Go to

Full URL

https://aax.amazon-adsystem.com/e/dtb/bid?src=3030&u=https%3A%2F%2Fcdnseurevipbot.secureweb.top%2F&pid=o1y3tSgfJ5cWI&cb=3&ws=1600x1200&v=23.1027.1921&t=2000&slots=%5B%7B%22sd%22%3A%22dfp-ad-mid3%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x90%22%2C%22970x250%22%5D%2C%22sn%22%3A%22dfp-ad-mid3_hp_web%22%7D%5D&pj=%7B%22si_section%22%3A%22home%22%7D&cfgv=1&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/us1/v4/datadog-rum.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.71.49 , United States, ASN (),

Reverse DNS

server-99-86-71-49.iah50.r.cloudfront.net

Software

Server /

Resource Hash

1c4777fe3a673a05492e27d08032cc91c23ac5389897c9235b09b8b0f5a74db3

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 07:00:26 GMT
strict-transport-security: max-age=47474747; includeSubDomains; preload
via: 1.1 2bdf494b25915e360d3b11ea33e35b3a.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: IAH50-C3
x-amz-rid: Q4R9PWKTNHCEW5AK198H
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://cdnseurevipbot.secureweb.top
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: 4CDnz3PFctxUqa5lPzs1oNmRoiXkmgNjKnMhchNKofMgQCBycrEwCw==

GET
H2 200 bid Show response
aax.amazon-adsystem.com/e/dtb/ 23 B
470 B 77ms
75ms XHR
text/javascript 99.86.71.49

General

Check archive.org

Show headers Download Go to

Full URL

https://aax.amazon-adsystem.com/e/dtb/bid?src=3030&u=https%3A%2F%2Fcdnseurevipbot.secureweb.top%2F&pid=o1y3tSgfJ5cWI&cb=4&ws=1600x1200&v=23.1027.1921&t=2000&slots=%5B%7B%22sd%22%3A%22dfp-ad-bottom%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x90%22%2C%22970x250%22%5D%2C%22sn%22%3A%22dfp-ad-bottom_hp_web%22%7D%5D&pj=%7B%22si_section%22%3A%22home%22%7D&cfgv=1&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/us1/v4/datadog-rum.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.71.49 , United States, ASN (),

Reverse DNS

server-99-86-71-49.iah50.r.cloudfront.net

Software

Server /

Resource Hash

6139dddd3b6b6b847bccd476918dc8fb4f4f5a10908e5707c704f155e0918e84

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 07:00:26 GMT
strict-transport-security: max-age=47474747; includeSubDomains; preload
via: 1.1 2bdf494b25915e360d3b11ea33e35b3a.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: IAH50-C3
x-amz-rid: ZQGR8HW18Y6M83878WQV
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://cdnseurevipbot.secureweb.top
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: 0Me9-orESAuSjrtiF1aUbYA7_gUYyokwcpgdqGwRc0jd87XtxPfwfg==

GET purr-cache
purr.nytimes.com/v1/ 0
0

GET data-layer
a.nytimes.com/svc/nyt/ 0
0

GET
H2 200 nested-nav2.json Show response
static01.nyt.com/newsgraphics/sujo/ 1 KB
1 KB 37ms
34ms Fetch
application/json 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://static01.nyt.com/newsgraphics/sujo/nested-nav2.json

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/us1/v4/datadog-rum.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

17615132642880808e44f8f5b54edef8ee37a514e003b6faf98014ecca401194

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

expires: Tue, 07 Nov 2023 05:46:36 GMT
date: Tue, 07 Nov 2023 07:00:26 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 0
x-guploader-uploadid: ABPtcPo8YQXZBjf_o_KXg6oJsqJ7KeYWHwgqQxZ8RXZkijPajkyqAZPV_hG7eNfT2UtHQMZ5xYNrl4lmMA
x-cache: HIT, MISS
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
content-length: 647
x-served-by: cache-iad-kcgs7200177-IAD, cache-lga21950-LGA
x-amz-meta-checksum
last-modified: Mon, 06 Nov 2023 15:23:16 GMT
server: UploadServer
x-timer: S1699340426.315442,VS0,VE30
etag: "ff0b0bfbb417a399fc27134f846d8c1b"
vary: Origin, Accept-Encoding
x-goog-generation: 1699284196140782
content-type: application/json
access-control-allow-origin: *
x-goog-hash: crc32c=3F6zzA==, md5=/wsL+7QXo5n8JxNPhG2MGw==
cache-control: max-age=5
x-goog-stored-content-length: 1475
x-amz-checksum-crc32c: 3F6zzA==
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 5, 0

GET
H2 200 nested-nav2.json Show response
static01.nyt.com/newsgraphics/sujo/ 1 KB
790 B 38ms
35ms Fetch
application/json 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://static01.nyt.com/newsgraphics/sujo/nested-nav2.json

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/us1/v4/datadog-rum.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

17615132642880808e44f8f5b54edef8ee37a514e003b6faf98014ecca401194

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

expires: Tue, 07 Nov 2023 05:46:36 GMT
date: Tue, 07 Nov 2023 07:00:26 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 0
x-guploader-uploadid: ABPtcPo8YQXZBjf_o_KXg6oJsqJ7KeYWHwgqQxZ8RXZkijPajkyqAZPV_hG7eNfT2UtHQMZ5xYNrl4lmMA
x-cache: HIT, HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
content-length: 647
x-served-by: cache-iad-kcgs7200177-IAD, cache-lga21950-LGA
x-amz-meta-checksum
last-modified: Mon, 06 Nov 2023 15:23:16 GMT
server: UploadServer
x-timer: S1699340426.315465,VS0,VE30
etag: "ff0b0bfbb417a399fc27134f846d8c1b"
vary: Origin, Accept-Encoding
x-goog-generation: 1699284196140782
content-type: application/json
access-control-allow-origin: *
x-goog-hash: crc32c=3F6zzA==, md5=/wsL+7QXo5n8JxNPhG2MGw==
cache-control: max-age=5
x-goog-stored-content-length: 1475
x-amz-checksum-crc32c: 3F6zzA==
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 5, 1

GET
H2 200 06dc-prexy-01-gwzf-threeByTwoSmallAt2X.jpg
static01.nyt.com/images/2023/11/06/multimedia/06dc-prexy-01-gwzf/ 15 KB
15 KB 9ms
1ms Image
image/webp 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static01.nyt.com/images/2023/11/06/multimedia/06dc-prexy-01-gwzf/06dc-prexy-01-gwzf-threeByTwoSmallAt2X.jpg?format=pjpg&quality=75&auto=webp&disable=upscale

Requested by

Host: cdnseurevipbot.secureweb.top
URL: https://cdnseurevipbot.secureweb.top/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

4caf6c7af5ea1580e3aa315c7e5375aa7d6aec929faca9b0fe0687113cb83e20

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

expires: Tue, 07 Nov 2023 00:45:02 GMT
date: Tue, 07 Nov 2023 07:00:27 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
fastly-io-served-by: vpop-mnz1300707
age: 22525
x-guploader-uploadid: ABPtcPpC4_CBALqU1ZbVj0lIUYvkTvEuXjrQjsifuWiWIPw2GfjUrmpTdgEg72cMpcc65FD4qIWMbN-GBA
x-cache: HIT, HIT
fastly-io-info: ifsz=43619 idim=600x400 ifmt=jpeg ofsz=15016 odim=600x400 ofmt=webp
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
fastly-stats: io=1
content-length: 15016
x-served-by: cache-iad-kcgs7200114-IAD, cache-lga21943-LGA
server: UploadServer
x-timer: S1699340427.087526,VS0,VE0
etag: "2Lt4Jyrd/S24HmE11zGDzAQmNeQbsZeOWCkzCzgn/R4"
vary: Accept
x-goog-generation: 1699317853944471
content-type: image/webp
access-control-allow-origin: *
x-goog-hash: crc32c=5rIxzw==, md5=ze1XO9I1RK13QIajOV5mBw==
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-goog-stored-content-length: 43619
x-amz-checksum-crc32c: 5rIxzw==
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 14, 225

GET
H2 200 06trump-trial-hp1-qbtc-threeByTwoSmallAt2X-v3.jpg
static01.nyt.com/images/2023/11/06/multimedia/06trump-trial-pinned-01/ 39 KB
39 KB 11ms
3ms Image
image/webp 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static01.nyt.com/images/2023/11/06/multimedia/06trump-trial-pinned-01/06trump-trial-hp1-qbtc-threeByTwoSmallAt2X-v3.jpg?format=pjpg&quality=75&auto=webp&disable=upscale

Requested by

Host: cdnseurevipbot.secureweb.top
URL: https://cdnseurevipbot.secureweb.top/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

f256b1151bcdcb1156ec95c6e40a56f17a91ef8b6668bcd9d113779d98cebf42

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

expires: Mon, 06 Nov 2023 22:54:25 GMT
date: Tue, 07 Nov 2023 07:00:27 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
fastly-io-served-by: vpop-mnz1300707
age: 29162
x-guploader-uploadid: ABPtcPrGbHDBqeXjo0F1n5ALdGIGAtlU8bPiq1WeotQlGMqfP5-3oJwj-BHdr_b8H8NtnJ5RovmJQ_gFJQ
x-cache: HIT, HIT
fastly-io-info: ifsz=84842 idim=600x400 ifmt=jpeg ofsz=39778 odim=600x400 ofmt=webp
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
fastly-stats: io=1
content-length: 39778
x-served-by: cache-iad-kcgs7200080-IAD, cache-lga21943-LGA
server: UploadServer
x-timer: S1699340427.087629,VS0,VE0
etag: "5XCiefd/KYMBjvIVJPn75lgHCvaxLvfEIEvJrw0diyM"
vary: Accept
x-goog-generation: 1699311213693089
content-type: image/webp
access-control-allow-origin: *
x-goog-hash: crc32c=AJiDRA==, md5=LeqgzaI0HKxTlrxCqovzJA==
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-goog-stored-content-length: 84842
x-amz-checksum-crc32c: AJiDRA==
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 9, 322

GET
H2 200 07STREISAND-REVIEW-tgch-threeByTwoSmallAt2X.jpg
static01.nyt.com/images/2023/11/07/multimedia/07STREISAND-REVIEW-tgch/ 10 KB
10 KB 10ms
2ms Image
image/webp 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static01.nyt.com/images/2023/11/07/multimedia/07STREISAND-REVIEW-tgch/07STREISAND-REVIEW-tgch-threeByTwoSmallAt2X.jpg?format=pjpg&quality=75&auto=webp&disable=upscale

Requested by

Host: cdnseurevipbot.secureweb.top
URL: https://cdnseurevipbot.secureweb.top/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

3f91fa3c8c68bf9155006b179e21c46ef9abf71d6b5a4e11a74a40e5b176da65

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

expires: Tue, 07 Nov 2023 05:02:25 GMT
date: Tue, 07 Nov 2023 07:00:27 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
fastly-io-served-by: vpop-mnz1300718
age: 7082
x-guploader-uploadid: ABPtcPrGTvOuqCUBICwH07er1_XAwx11tHw3f2b5cro1faiZEmbu_fj6uAxo2iOrzJjgdavvMgmQVLl_yQ
x-cache: MISS, HIT
fastly-io-info: ifsz=23159 idim=600x400 ifmt=jpeg ofsz=9840 odim=600x400 ofmt=webp
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
fastly-stats: io=1
content-length: 9840
x-served-by: cache-iad-kcgs7200095-IAD, cache-lga21943-LGA
server: UploadServer
x-timer: S1699340427.087716,VS0,VE0
etag: "Yaj4cTlcqCiGOYdBsmZMExsxrAmTemu7ujBdNESSfro"
vary: Accept
x-goog-generation: 1699333287748155
content-type: image/webp
access-control-allow-origin: *
x-goog-hash: crc32c=3doRcQ==, md5=2BhormZQQit/pp7DSG3frw==
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-goog-stored-content-length: 23159
x-amz-checksum-crc32c: 3doRcQ==
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 0, 37

GET
H2 200 06wework-bankruptsy-sub-chlk-threeByTwoSmallAt2X.jpg
static01.nyt.com/images/2023/11/06/multimedia/06wework-bankruptsy-sub-chlk/ 31 KB
31 KB 9ms
1ms Image
image/webp 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static01.nyt.com/images/2023/11/06/multimedia/06wework-bankruptsy-sub-chlk/06wework-bankruptsy-sub-chlk-threeByTwoSmallAt2X.jpg?format=pjpg&quality=75&auto=webp&disable=upscale

Requested by

Host: cdnseurevipbot.secureweb.top
URL: https://cdnseurevipbot.secureweb.top/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

9ec978213051509467672fa65a939d16cadd988e81d53c81bf6fd5b81e90151f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

expires: Tue, 07 Nov 2023 02:24:58 GMT
date: Tue, 07 Nov 2023 07:00:27 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
fastly-io-served-by: vpop-mnz1300709
age: 16528
x-guploader-uploadid: ABPtcPpfEys8__j9QWV6Wz83DyB4B606Wch4fdjf-khEL4ae00lTTW9Qjv89BdI4OEjj-KZTyHBccH5Orw
x-cache: HIT, HIT
fastly-io-info: ifsz=69516 idim=600x400 ifmt=jpeg ofsz=31732 odim=600x400 ofmt=webp
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
fastly-stats: io=1
content-length: 31732
x-served-by: cache-iad-kcgs7200143-IAD, cache-lga21943-LGA
server: UploadServer
x-timer: S1699340427.087909,VS0,VE0
etag: "TI4efoW9XwAQX/QTH8m57GfZ3IcP/jNcPpC/RyiDVj0"
vary: Accept
x-goog-generation: 1699323786293598
content-type: image/webp
access-control-allow-origin: *
x-goog-hash: crc32c=xhs/lQ==, md5=GUDexhcKbu5f0TMlGaxDlQ==
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-goog-stored-content-length: 69516
x-amz-checksum-crc32c: xhs/lQ==
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 4, 142

GET
H2 200 07SCI-KIPBOOK-06-threeByTwoSmallAt2X.jpg
static01.nyt.com/images/2023/11/07/science/07SCI-KIPBOOK-06/ 69 KB
70 KB 17ms
9ms Image
image/webp 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static01.nyt.com/images/2023/11/07/science/07SCI-KIPBOOK-06/07SCI-KIPBOOK-06-threeByTwoSmallAt2X.jpg?format=pjpg&quality=75&auto=webp&disable=upscale

Requested by

Host: cdnseurevipbot.secureweb.top
URL: https://cdnseurevipbot.secureweb.top/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

f4fbc0c7fd40edffafd9d8ab070fc8235fdb5238513b9042aa2755558fa1f13a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

expires: Tue, 07 Nov 2023 06:00:57 GMT
date: Tue, 07 Nov 2023 07:00:27 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
fastly-io-served-by: vpop-mnz1300710
age: 3569
x-guploader-uploadid: ABPtcPqKYt_so3DerC5W0IY3yPSeXIL0XiN-yuxuiXZ_eNurn8YEL-kL3JC4t6BB1B8pdfMW0xhZTEs8Eg
x-cache: HIT, HIT
fastly-io-info: ifsz=155955 idim=600x400 ifmt=jpeg ofsz=70602 odim=600x400 ofmt=webp
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
fastly-stats: io=1
content-length: 70602
x-served-by: cache-iad-kjyo7100114-IAD, cache-lga21943-LGA
server: UploadServer
x-timer: S1699340427.088234,VS0,VE0
etag: "lrUA8RZX3Np3KRGXL4VQsJSA1/yEbAl15NX/XxqXsOU"
vary: Accept
x-goog-generation: 1699336819985515
content-type: image/webp
access-control-allow-origin: *
x-goog-hash: crc32c=wS/vZg==, md5=G+UOJuPyHiHsNsXPe2j8WA==
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-goog-stored-content-length: 155955
x-amz-checksum-crc32c: wS/vZg==
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 3, 2

GET
H2 200 00pol-israel-conversation-threeByTwoSmallAt2X.jpg
static01.nyt.com/images/2023/10/27/us/politics/00pol-israel-conversation/ 30 KB
30 KB 21ms
13ms Image
image/webp 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static01.nyt.com/images/2023/10/27/us/politics/00pol-israel-conversation/00pol-israel-conversation-threeByTwoSmallAt2X.jpg?format=pjpg&quality=75&auto=webp&disable=upscale

Requested by

Host: cdnseurevipbot.secureweb.top
URL: https://cdnseurevipbot.secureweb.top/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

174325b76ed88f685e3080a4ab9458981ed4389fb38f6680fafc80f03d6059ef

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

expires: Sun, 05 Nov 2023 08:01:45 GMT
date: Tue, 07 Nov 2023 07:00:27 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
fastly-io-served-by: vpop-mnz1300703
age: 169122
x-guploader-uploadid: ABPtcPp4ImEt0t_fOt-dH6KSmPmgJMrMyVWxvtEvhjzIDqN7mwuY1ONBfGIYIWdFySqdbNfYUXM
x-cache: HIT, HIT
fastly-io-info: ifsz=74193 idim=600x400 ifmt=jpeg ofsz=30320 odim=600x400 ofmt=webp
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
fastly-stats: io=1
content-length: 30320
x-served-by: cache-iad-kcgs7200058-IAD, cache-lga21943-LGA
server: UploadServer
x-timer: S1699340427.088218,VS0,VE0
etag: "FZ/CCjoWTb1EP8r8209sazcW/HJlYt3ZeUVmD3mcU1s"
vary: Accept
x-goog-generation: 1699171245253169
content-type: image/webp
access-control-allow-origin: *
x-goog-hash: crc32c=Uao0Aw==, md5=2kD6/ZFxlawS2+6Rcr0eow==
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-goog-stored-content-length: 74193
x-amz-checksum-crc32c: Uao0Aw==
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 15, 2

GET
H2 200 00brazil-nazis-03-tmkw-threeByTwoSmallAt2X.jpg
static01.nyt.com/images/2023/11/02/multimedia/00brazil-nazis-03-tmkw/ 22 KB
23 KB 12ms
10ms Image
image/webp 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static01.nyt.com/images/2023/11/02/multimedia/00brazil-nazis-03-tmkw/00brazil-nazis-03-tmkw-threeByTwoSmallAt2X.jpg?format=pjpg&quality=75&auto=webp&disable=upscale

Requested by

Host: cdnseurevipbot.secureweb.top
URL: https://cdnseurevipbot.secureweb.top/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

8128790c5fa410f6c0a0e4e0de2650684d75b676dfebdd27f6666e6a6b517071

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

expires: Tue, 07 Nov 2023 05:02:33 GMT
date: Tue, 07 Nov 2023 07:00:27 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
fastly-io-served-by: vpop-mnz1300711
age: 7074
x-guploader-uploadid: ABPtcPq9feZnQwsAN2TMne7i-i6p16stp2OACFYoCLvMWozTZrqdwQYRXR9i7botNBmNfvXTGXVZK6l1Ng
x-cache: HIT, HIT
fastly-io-info: ifsz=55803 idim=600x400 ifmt=jpeg ofsz=22918 odim=600x400 ofmt=webp
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
fastly-stats: io=1
content-length: 22918
x-served-by: cache-iad-kcgs7200038-IAD, cache-lga21943-LGA
server: UploadServer
x-timer: S1699340427.098288,VS0,VE0
etag: "EBHoWIspMN1SYENSCdJKud9f673uNLvnBnlnRGgLnGo"
vary: Accept
x-goog-generation: 1699333289553275
content-type: image/webp
access-control-allow-origin: *
x-goog-hash: crc32c=Q/Ap8A==, md5=SZV7z7erQGZ3lNM/F3b/Ig==
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-goog-stored-content-length: 55803
x-amz-checksum-crc32c: Q/Ap8A==
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 16, 3

GET
H2 200 00privatenyc-bond-threeByTwoSmallAt2X.jpg
static01.nyt.com/images/2023/10/19/nyregion/00privatenyc-bond/ 24 KB
24 KB 13ms
11ms Image
image/webp 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static01.nyt.com/images/2023/10/19/nyregion/00privatenyc-bond/00privatenyc-bond-threeByTwoSmallAt2X.jpg?format=pjpg&quality=75&auto=webp&disable=upscale

Requested by

Host: cdnseurevipbot.secureweb.top
URL: https://cdnseurevipbot.secureweb.top/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

39cb04ebdef1112f9cfd08ab486e0c2f94692d63e04eaa079512f8a14cf910e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

expires: Mon, 06 Nov 2023 08:25:27 GMT
date: Tue, 07 Nov 2023 07:00:27 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
fastly-io-served-by: vpop-mnz1300715
age: 81300
x-guploader-uploadid: ABPtcPq4lfP5-frvTjESJZNUCZDTe4dHMwd0eL-IJ6UhSRys8Gk6ZF94Ggqm02OoKVVgLmR-CfGtT3fxQQ
x-cache: HIT, HIT
fastly-io-info: ifsz=68504 idim=600x400 ifmt=jpeg ofsz=24124 odim=600x400 ofmt=webp
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
fastly-stats: io=1
content-length: 24124
x-served-by: cache-iad-kcgs7200098-IAD, cache-lga21943-LGA
server: UploadServer
x-timer: S1699340427.098562,VS0,VE0
etag: "fd0ZgntsBn7AtBxROeyewPXwOsGBCExg/F3/r6EVnyM"
vary: Accept
x-goog-generation: 1699257615842854
content-type: image/webp
access-control-allow-origin: *
x-goog-hash: crc32c=seb51Q==, md5=LDsAT470mpFvAkJzxdo2PQ==
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-goog-stored-content-length: 68504
x-amz-checksum-crc32c: seb51Q==
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 7, 1065

GET
H2 200 paul-krugman-thumbLarge.png
static01.nyt.com/images/2018/04/02/opinion/paul-krugman/ 21 KB
22 KB 12ms
2ms Image
image/webp 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static01.nyt.com/images/2018/04/02/opinion/paul-krugman/paul-krugman-thumbLarge.png?format=pjpg&quality=75&auto=webp&disable=upscale

Requested by

Host: cdnseurevipbot.secureweb.top
URL: https://cdnseurevipbot.secureweb.top/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

fb177985ebe75561e65bcb91d425186017f2017e70c5c7f8cf8915ef7e403181

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

expires: Tue, 03 Oct 2023 02:09:42 GMT
date: Tue, 07 Nov 2023 07:00:27 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
fastly-io-served-by: vpop-mnz1300713
age: 17439
x-guploader-uploadid: ADPycdv8XKkQxnOkD2NHq3d_1ASS-SztOTwWVQP_qad-z4bep1NhUg_ZEreVreJsvM9TJcYck7WpOFd9nJN7nZjBkP4HB6BRGwE0
x-cache: HIT, HIT
fastly-io-info: ifsz=35334 idim=150x150 ifmt=png ofsz=21898 odim=150x150 ofmt=webp
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
fastly-stats: io=1
content-length: 21898
x-served-by: cache-iad-kcgs7200107-IAD, cache-lga21943-LGA
server: UploadServer
x-timer: S1699340427.107178,VS0,VE0
etag: "25/bK4qfzv2YH7IHtdmueBNh4xhIINR0fD+lcq1TdCk"
vary: Accept
x-goog-generation: 1522683526678420
content-type: image/webp
access-control-allow-origin: *
x-goog-hash: crc32c=qhevTQ==, md5=m29KXnfO3NU0MLAVICO8qQ==
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-goog-stored-content-length: 35334
x-amz-checksum-crc32c: qhevTQ==
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 602, 446

GET
H2 200 07dovzhyk-tzcv-threeByTwoSmallAt2X.jpg
static01.nyt.com/images/2023/11/07/multimedia/07dovzhyk-tzcv/ 61 KB
62 KB 12ms
3ms Image
image/webp 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static01.nyt.com/images/2023/11/07/multimedia/07dovzhyk-tzcv/07dovzhyk-tzcv-threeByTwoSmallAt2X.jpg?format=pjpg&quality=75&auto=webp&disable=upscale

Requested by

Host: cdnseurevipbot.secureweb.top
URL: https://cdnseurevipbot.secureweb.top/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

ee5d013858ce459b019fe0781a82a45fb176b2c5bf18529da18b8ccac8b3a93e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

expires: Tue, 07 Nov 2023 06:00:28 GMT
date: Tue, 07 Nov 2023 07:00:27 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
fastly-io-served-by: vpop-mnz1300716
age: 3599
x-guploader-uploadid: ABPtcPpf1fXw8QXxZOe_ggj9TbREVIc-llnm82RsvWiOS3dZQRS1wmXXuSbhMqMkQTSVb3jXLdeg06NGYg
x-cache: HIT, HIT
fastly-io-info: ifsz=110759 idim=600x400 ifmt=jpeg ofsz=62654 odim=600x400 ofmt=webp
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
fastly-stats: io=1
content-length: 62654
x-served-by: cache-iad-kjyo7100177-IAD, cache-lga21943-LGA
server: UploadServer
x-timer: S1699340427.107325,VS0,VE0
etag: "dxdjcX3t3T3Wi1tUD6xmMGZJNf4To+rmccMCNaEYV7U"
vary: Accept
x-goog-generation: 1699336808661037
content-type: image/webp
access-control-allow-origin: *
x-goog-hash: crc32c=zVb2+w==, md5=oJyXqFMb9922eYdm7dZSYA==
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-goog-stored-content-length: 110759
x-amz-checksum-crc32c: zVb2+w==
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 25, 14

GET
H2 200 linda-greenhouse-thumbLarge.png
static01.nyt.com/images/2018/04/02/opinion/linda-greenhouse/ 24 KB
25 KB 12ms
3ms Image
image/webp 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static01.nyt.com/images/2018/04/02/opinion/linda-greenhouse/linda-greenhouse-thumbLarge.png?format=pjpg&quality=75&auto=webp&disable=upscale

Requested by

Host: cdnseurevipbot.secureweb.top
URL: https://cdnseurevipbot.secureweb.top/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

4c7e66d672ad01d9a4b945bb09097d6776e2c05383c48f6c64aba44cc24fe96a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

expires: Tue, 03 Oct 2023 06:57:12 GMT
date: Tue, 07 Nov 2023 07:00:27 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
fastly-io-served-by: vpop-mnz1300720
age: 311076
x-guploader-uploadid: ADPycds2reim6dMEj2f2HcFnaMZpwWc0_oWHBaAHWsmu44vfrUyiIA-pdAjKTWalq383IRrRG8iKufqZi5ufcf_i9-vDBkX2mUXP
x-cache: HIT, HIT
fastly-io-info: ifsz=37145 idim=150x150 ifmt=png ofsz=24872 odim=150x150 ofmt=webp
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
fastly-stats: io=1
content-length: 24872
x-served-by: cache-iad-kjyo7100055-IAD, cache-lga21943-LGA
server: UploadServer
x-timer: S1699340427.118558,VS0,VE0
etag: "6NTQSfiCy/NzG8Auma603MGcJGgtK4cRp27daplZfTM"
vary: Accept
x-goog-generation: 1522685321653393
content-type: image/webp
access-control-allow-origin: *
x-goog-hash: crc32c=YbQBgA==, md5=ZAZNv8Bo5h9AIN0Zs6vXxQ==
access-control-expose-headers: Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-goog-stored-content-length: 37145
x-amz-checksum-crc32c: YbQBgA==
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 9, 4360

GET
H2 200 06udel-square320-v3.jpg
static01.nyt.com/images/2023/11/06/opinion/06udel/ 38 KB
38 KB 11ms
2ms Image
image/jpeg 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static01.nyt.com/images/2023/11/06/opinion/06udel/06udel-square320-v3.jpg?format=pjpg&quality=75&auto=webp&disable=upscale

Requested by

Host: cdnseurevipbot.secureweb.top
URL: https://cdnseurevipbot.secureweb.top/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

cceac7ac0d2450faea3f70111cdd13df45e3c976deb8cb3e989da68e145651eb

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

expires: Mon, 06 Nov 2023 17:50:19 GMT
date: Tue, 07 Nov 2023 07:00:27 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 47408
x-guploader-uploadid: ABPtcPr4rcyBkE9M2LQ-ubIHcYeoJtrOFu5VGgoEmbRDRn6M7aydeDXXtcuzVNfSNxHyOZkN8Hs
x-cache: MISS, HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
content-length: 38638
x-served-by: cache-iad-kiad7000118-IAD, cache-lga21943-LGA
last-modified: Mon, 06 Nov 2023 17:50:18 GMT
server: UploadServer
x-timer: S1699340427.118537,VS0,VE0
etag: "433f21041ac7fdfdb7dc64d143eb84e2"
vary: Accept
x-goog-generation: 1699293018680704
content-type: image/jpeg
access-control-allow-origin: *
x-goog-hash: crc32c=hqr/UA==, md5=Qz8hBBrH/f233GTRQ+uE4g==
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-goog-stored-content-length: 38638
x-amz-checksum-crc32c: hqr/UA==
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 0, 2205

GET
H2 200 Peter_Coy_Final-thumbLarge.png
static01.nyt.com/images/2022/02/27/opinion/author-peter-coy-2/ 19 KB
19 KB 12ms
3ms Image
image/webp 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static01.nyt.com/images/2022/02/27/opinion/author-peter-coy-2/Peter_Coy_Final-thumbLarge.png?format=pjpg&quality=75&auto=webp&disable=upscale

Requested by

Host: cdnseurevipbot.secureweb.top
URL: https://cdnseurevipbot.secureweb.top/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

d398b90b592b327e99a6d915c3a8b2896d03a3c6b617bb5cbbf555fa57ee9725

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

expires: Tue, 05 Sep 2023 16:32:49 GMT
date: Tue, 07 Nov 2023 07:00:27 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
fastly-io-served-by: vpop-mnz1300718
age: 404315
x-guploader-uploadid: ADPycduC9xqPJaEW5r8_fyUfHfuhkHXC6ar9BTOSAwkek--i5tfliBcSYkw97GobxxuXeDoUEMh3rWqtVOX6zPNlTy6VXQ
x-cache: HIT, HIT
fastly-io-info: ifsz=30899 idim=150x150 ifmt=png ofsz=19030 odim=150x150 ofmt=webp
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
fastly-stats: io=1
content-length: 19030
x-served-by: cache-iad-kiad7000050-IAD, cache-lga21943-LGA
server: UploadServer
x-timer: S1699340427.118699,VS0,VE0
etag: "pKxVSvUhBTYCP2nV/TCQfl9L8Trc0nAOFrwQjd7jZzw"
vary: Accept
x-goog-generation: 1678306549211650
content-type: image/webp
access-control-allow-origin: *
x-goog-hash: crc32c=HcBmbg==, md5=a/NESZYrulE18m32Zyd6QA==
access-control-expose-headers: Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-goog-stored-content-length: 30899
x-amz-checksum-crc32c: HcBmbg==
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 2327, 1454

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3756 0
20 B 34ms
30ms Ping
image/gif 2607:f8b0:4006:822::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=523737675074&version=m202309260101&ct=119&x=1&cor=15256069891834788000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:822::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://df0465b83c4db80fe7208c6394ee3d1e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Nov 2023 07:00:27 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK cksync.php
cs.media.net/ 52 B
640 B 71ms
33ms Image
image/gif 23.195.92.23
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cs.media.net/cksync.php?cs=8
Requested by: Host: cdnseurevipbot.secureweb.top
URL: https://cdnseurevipbot.secureweb.top/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.195.92.23 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-195-92-23.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 5f20338b9aab2f5f33562eb3b0b23d999896ce426cacd2231b4123510571df4e

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 07 Nov 2023 07:00:27 GMT
Server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 52
x-mnet-hl2: E
Expires: Tue, 07 Nov 2023 07:00:27 GMT

GET
H2

200

pd
nytimes-d.openx.net/w/1.0/
Redirect Chain

https://nytimes-d.openx.net/w/1.0/pd
https://nytimes-d.openx.net/w/1.0/pd?cc=1

43 B
211 B

12ms
12ms

Image
image/gif

34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nytimes-d.openx.net/w/1.0/pd?cc=1
Requested by: Host: cdnseurevipbot.secureweb.top
URL: https://cdnseurevipbot.secureweb.top/
Protocol: H2
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Nov 2023 07:00:27 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

location: https://nytimes-d.openx.net/w/1.0/pd?cc=1
date: Tue, 07 Nov 2023 07:00:27 GMT
via: 1.1 google
server: OXGW/0.0.0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
p3p: CP="CUR ADM OUR NOR STA NID"

GET
H2

200

xuid
eb2.3lift.com/
Redirect Chain

https://eb2.3lift.com/sync?px=1&src=prebid&
https://eb2.3lift.com/sync?px=1&src=prebid&&ld=1
https://match.adsrvr.org/track/cmf/generic?ttd_pid=svx9t50&ttd_tpi=1&gdpr=0&gdpr_consent=
https://match.adsrvr.org/track/cmb/generic?ttd_pid=svx9t50&ttd_tpi=1&gdpr=0&gdpr_consent=
https://eb2.3lift.com/xuid?mid=3658&xuid=93a3f69d-5320-45a6-886f-05cb2e2f6837&dongle=0cfd&gdpr=0&gdpr_consent=

37 B
354 B

12ms
12ms

Image
image/gif

35.71.139.29
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?mid=3658&xuid=93a3f69d-5320-45a6-886f-05cb2e2f6837&dongle=0cfd&gdpr=0&gdpr_consent=
Requested by: Host: cdnseurevipbot.secureweb.top
URL: https://cdnseurevipbot.secureweb.top/
Protocol: H2
Server: 35.71.139.29 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: afb83dd09526a6517.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-type: image/gif
date: Tue, 07 Nov 2023 07:00:27 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 37
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location: https://eb2.3lift.com/xuid?mid=3658&xuid=93a3f69d-5320-45a6-886f-05cb2e2f6837&dongle=0cfd&gdpr=0&gdpr_consent=
date: Tue, 07 Nov 2023 07:00:27 GMT
server: Kestrel
content-length: 251

OPTIONS
H2 200 v2
samizdat-graphql.nytimes.com/graphql/ Frame 0
0 23ms
21ms Preflight 151.101.65.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://samizdat-graphql.nytimes.com/graphql/v2

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.65.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,nyt-app-type,nyt-app-version,nyt-token,x-nyt-entitlements,x-nyt-internal-meter-override,x-nyt-news-tenure,x-nyt-programming-abtest
Access-Control-Request-Method: POST
Origin: https://cdnseurevipbot.secureweb.top
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-credentials: true
access-control-allow-headers: content-type,nyt-app-type,nyt-app-version,nyt-token,x-nyt-entitlements,x-nyt-internal-meter-override,x-nyt-news-tenure,x-nyt-programming-abtest
access-control-allow-methods: GET,POST
access-control-expose-headers: x-nyt-audience-target-flat,x-nyt-continent,x-nyt-country,x-nyt-region,x-nyt-meridiem,x-nyt-gmt-offset
access-control-max-age: 300
age: 1
content-encoding: gzip
content-length: 20
date: Tue, 07 Nov 2023 07:00:27 GMT
server: envoy
strict-transport-security: max-age=63072000; preload; includeSubdomains
timing-allow-origin: *
vary: Origin, Access-Control-Request-Headers, Accept-Encoding, Access-Control-Request-Method
via: 1.1 google, 1.1 varnish
x-cache: HIT
x-cache-hits: 1
x-envoy-decorator-operation: graphql-v1.samizdat.nyti.nyt.net:443/*
x-envoy-upstream-service-time: 21
x-nyt-audience-target-flat: NA:AM
x-nyt-continent: NA
x-nyt-country: US
x-nyt-edge-cache: HIT
x-nyt-meridiem: AM
x-nyt-region: CT
x-samizdat-query-exe-id: a8ff2db17c31c97c
x-samizdat-query-field-errors: 0
x-served-by: cache-lga21979-LGA
x-timer: S1699340427.308303,VS0,VE1

POST v2
samizdat-graphql.nytimes.com/graphql/ 0
0

POST
H2 200 track
a.et.nytimes.com/ 0
0 43ms
42ms Ping
text/plain 52.54.49.121
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://a.et.nytimes.com/track
Requested by: Host: cdnseurevipbot.secureweb.top
URL: https://cdnseurevipbot.secureweb.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.54.49.121 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-54-49-121.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cdnseurevipbot.secureweb.top/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

OPTIONS
H2 204 putRecords
prod.tahoe-analytics.publishers.advertising.a2z.com/logevent/ Frame 0
0 312ms
96ms Preflight 34.218.8.146
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://prod.tahoe-analytics.publishers.advertising.a2z.com/logevent/putRecords?encoded=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.218.8.146 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-218-8-146.us-west-2.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-api-key
Access-Control-Request-Method: POST
Origin: https://cdnseurevipbot.secureweb.top
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

access-control-allow-headers: Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Amz-User-Agent
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: *
date: Tue, 07 Nov 2023 07:00:27 GMT
x-amz-apigw-id: OBAF3FEtPHcECQg=
x-amzn-requestid: ff94e024-324a-4ce5-89b5-f4218a286559

POST
H2 200 putRecords Show response
prod.tahoe-analytics.publishers.advertising.a2z.com/logevent/ 146 B
374 B 108ms
107ms Fetch
application/json 34.218.8.146
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://prod.tahoe-analytics.publishers.advertising.a2z.com/logevent/putRecords?encoded=true
Requested by: Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/us1/v4/datadog-rum.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.218.8.146 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-218-8-146.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: 8f747ff82f9871925b857f102d6b4f018f314478d1b896b5257a1363dedd5d21

Request headers

Referer: https://cdnseurevipbot.secureweb.top/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
x-api-key: 79db72eb0b5c7255afa54a253df24fb4a5ac916bf40b51c730df8850aa5665ca
Content-Type: application/json

Response headers

date: Tue, 07 Nov 2023 07:00:27 GMT
x-amzn-trace-id: Root=1-6549e08b-3d8d3ba061090fd62a993c8f
x-amzn-requestid: 22642ccb-34b2-481d-97f3-826d51ec107c
access-control-allow-methods: *
content-type: application/json
access-control-allow-origin: *
x-amz-apigw-id: OBAF4E0sPHcECww=
content-length: 146

OPTIONS
H2 405 meter.js
meter-svc.nytimes.com/ Frame 0
0 89ms
25ms Preflight 44.211.112.71
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://meter-svc.nytimes.com/meter.js?sourceApp=vi&messageComponentLibraryFallback=true&url=https%3A%2F%2Fcdnseurevipbot.secureweb.top%2F&referer=https%3A%2F%2Fcdnseurevipbot.secureweb.top%2F&pageviewID=tXWoy2GmjXfDN7kc66_XRmWl&MessageSelectionAPI=real

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.211.112.71 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-211-112-71.compute-1.amazonaws.com

Software

envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Accept: */*
Access-Control-Request-Headers: x-nyt-internal-meter-override
Access-Control-Request-Method: GET
Origin: https://cdnseurevipbot.secureweb.top
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-length: 0
date: Tue, 07 Nov 2023 07:00:27 GMT
server: envoy
strict-transport-security: max-age=63072000; preload; includeSubdomains
via: 1.1 google
x-envoy-decorator-operation: meter-svc.nytimes.com:443/*
x-envoy-upstream-service-time: 15

GET meter.js
meter-svc.nytimes.com/ 0
0

GET
H2

200

activityi;dc_pre=CJH3trSosYIDFYMPwQodtUMCkw;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=2627093378772;auiddc=2020073537.1699340428;u17=https%3A%2F%2Fcdnseurevipbot.secureweb.top%2F;u5=;u18=;gtm=45... Show response
5290727.fls.doubleclick.net/ Frame CFB5
Redirect Chain

https://5290727.fls.doubleclick.net/activityi;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=2627093378772;auiddc=2020073537.1699340428;u17=https%3A%2F%2Fcdnseurevipbot.secureweb.top%2F;u5=;u18=;gtm=...
https://5290727.fls.doubleclick.net/activityi;dc_pre=CJH3trSosYIDFYMPwQodtUMCkw;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=2627093378772;auiddc=2020073537.1699340428;u17=https%3A%2F%2Fcdnseurevip...

549 B
411 B

40ms
37ms

Document
text/html

142.251.40.198
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://5290727.fls.doubleclick.net/activityi;dc_pre=CJH3trSosYIDFYMPwQodtUMCkw;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=2627093378772;auiddc=2020073537.1699340428;u17=https%3A%2F%2Fcdnseurevipbot.secureweb.top%2F;u5=;u18=;gtm=45He3b60v72703797;gcd=11l1l1l1l1;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fcdnseurevipbot.secureweb.top%2F?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P528B3&gtm_auth=tfAzqo1rYDLgYhmTnSjPqw&gtm_preview=env-130&gtm_cookies_win=x

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.40.198 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s38-in-f6.1e100.net

Software

cafe /

Resource Hash

07e897109aba8a327d21ae13667a85f7ce7a4a6acedbadcaa10e292ae11e5257

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cdnseurevipbot.secureweb.top/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 302
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 07 Nov 2023 07:00:27 GMT
expires: Tue, 07 Nov 2023 07:00:27 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 07 Nov 2023 07:00:27 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://5290727.fls.doubleclick.net/activityi;dc_pre=CJH3trSosYIDFYMPwQodtUMCkw;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=2627093378772;auiddc=2020073537.1699340428;u17=https%3A%2F%2Fcdnseurevipbot.secureweb.top%2F;u5=;u18=;gtm=45He3b60v72703797;gcd=11l1l1l1l1;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fcdnseurevipbot.secureweb.top%2F?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 chartbeat_video.js Show response
static.chartbeat.com/js/ 70 KB
24 KB 203ms
47ms Script
application/x-javascript 2600:9000:2548:8c00:18:1fcd:353:c61
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.chartbeat.com/js/chartbeat_video.js
Requested by: Host: cdnseurevipbot.secureweb.top
URL: https://cdnseurevipbot.secureweb.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2548:8c00:18:1fcd:353:c61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: ff18779bb7f76122171e9faa51b7af30bc0239d361c926489b02032bb5bccb54

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 16:54:41 GMT
content-encoding: gzip
via: 1.1 9033f23ebaa1ec5cb09810253e0fc7e4.cloudfront.net (CloudFront)
last-modified: Wed, 09 Aug 2023 00:52:49 GMT
server: nginx
x-amz-cf-pop: IAH50-P2
age: 50746
etag: W/"64d2e361-1197e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/x-javascript
cache-control: max-age=86400
cross-origin-resource-policy: cross-origin
x-amz-cf-id: yQsn0Md04Y_XZrJ2e7XTnx0uqnshF6kxmN_kiMRjNcArhw6xBiUvmA==
expires: Tue, 07 Nov 2023 16:54:41 GMT

GET
H2 200 show-ads.js Show response
a1.nyt.com/analytics/ 45 B
595 B 66ms
4ms Script
text/javascript 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://a1.nyt.com/analytics/show-ads.js

Requested by

Host: cdnseurevipbot.secureweb.top
URL: https://cdnseurevipbot.secureweb.top/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

8aa1e610b22079cb84a89491850b86860036e3f2c9750a367d839b9a6a63d306

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

expires: Wed, 18 Oct 2023 07:06:50 GMT
date: Tue, 07 Nov 2023 07:00:27 GMT
content-encoding: gzip
via: 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 86008
x-guploader-uploadid: ADPycdsQI_NQb7mm7QiaXehrv-QjtU_kSaEEIGSMRFpUDlq7Qi8j97cHYzdHL8aT6hWNqUFSr_awJR_onAevwIjpp0SGEY5yzy6t
x-cache: HIT
x-goog-storage-class: REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 65
x-served-by: cache-lga21943-LGA
last-modified: Wed, 22 Dec 2021 23:30:41 GMT
server: UploadServer
x-timer: S1699340428.844294,VS0,VE0
etag: "1d291da792456bd015b664ee1119a5e0"
vary: Accept-Encoding
x-goog-generation: 1640215841852360
x-goog-hash: crc32c=nM1/Pw==, md5=HSkdp5JFa9AVtmTuERml4A==
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public, max-age=86400
access-control-allow-methods: GET, OPTIONS
x-goog-stored-content-length: 45
accept-ranges: bytes
x-nyt-pagetype: nyt-dti-analytic
timing-allow-origin: *
x-cache-hits: 14978

GET
H2 200 comscore-streaming.js Show response
a1.nyt.com/analytics/ 103 KB
19 KB 67ms
5ms Script
text/javascript 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://a1.nyt.com/analytics/comscore-streaming.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P528B3&gtm_auth=tfAzqo1rYDLgYhmTnSjPqw&gtm_preview=env-130&gtm_cookies_win=x

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

fe8d5a6f12533884b6896dd290e422c830e86e0228d45dbe97ac03c6e86a5b5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

expires: Mon, 31 Oct 2022 05:59:24 GMT
date: Tue, 07 Nov 2023 07:00:27 GMT
content-encoding: gzip
via: 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 28052
x-guploader-uploadid: ADPycduOviBVLFPE_Eae21LHnrczZrqvYdW-TdmCBkcOv4j8DXYaIM8Isv8MGel2QVBusKw0UcR3JT8Y_kHXy8zMKBPF
x-cache: HIT
x-goog-storage-class: REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 18717
x-served-by: cache-lga21943-LGA
last-modified: Wed, 22 Dec 2021 23:30:41 GMT
server: UploadServer
x-timer: S1699340428.844308,VS0,VE0
etag: "04e0b9556a78ce5cedf86a34e5483036"
vary: Accept-Encoding
x-goog-generation: 1640215841902856
x-goog-hash: crc32c=XkdIyw==, md5=BOC5VWp4zlzt+Go05UgwNg==
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public, max-age=86400
access-control-allow-methods: GET, OPTIONS
x-goog-stored-content-length: 105675
accept-ranges: bytes
x-nyt-pagetype: nyt-dti-analytic
timing-allow-origin: *
x-cache-hits: 3778

GET
H2 200 nyt.js Show response
cdn.brandmetrics.com/tag/85a1ebf79602421aa1c2c2f24d32cb6c/ 4 KB
2 KB 49ms
11ms Script
text/javascript 2606:4700:20::681a:d12
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.brandmetrics.com/tag/85a1ebf79602421aa1c2c2f24d32cb6c/nyt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P528B3&gtm_auth=tfAzqo1rYDLgYhmTnSjPqw&gtm_preview=env-130&gtm_cookies_win=x
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:d12 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 51810745d3e4e28eec27857037693434619b5a9487d389a2243a555d6830f66b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 07:00:27 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Tue, 07 Nov 2023 06:05:07 GMT
server: cloudflare
age: 3320
cf-polished: origSize=4727
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M2qvEc%2F78pKNeHJ7aRBr2cHZOZR93dyskAnC7MHQ9PzWuMFLoKghiasaaqEbd1WQ%2BcK%2B23glu0eZRgwZOLwtbGpgDf0yug5ndxTz92JywGngK%2BaBYJ1pfL9YB6ZbKLxOYC5MsHAQEoe9A4jNCL8jdI7E"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript;charset=utf-8
cache-control: public, max-age=3600
cf-ray: 8223b309eb5a427c-EWR
request-context: appId=cid-v1:5c986aee-9723-4541-b38e-d4ac73c46937

GET
H2 200 dc_pre=CJH3trSosYIDFYMPwQodtUMCkw;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=2627093378772;auiddc=*;u17=https%3A%2F%2Fcdnseurevipbot.secureweb.top%2F;u5=;u18=;gtm=45He3b60v72703797;gcd=11l1l1l1l1...
adservice.google.com/ddm/fls/z/ Frame CFB5 42 B
401 B 96ms
42ms Image
image/gif 2607:f8b0:4006:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CJH3trSosYIDFYMPwQodtUMCkw;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=2627093378772;auiddc=*;u17=https%3A%2F%2Fcdnseurevipbot.secureweb.top%2F;u5=;u18=;gtm=45He3b60v72703797;gcd=11l1l1l1l1;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fcdnseurevipbot.secureweb.top%2F

Requested by

Host: 5290727.fls.doubleclick.net
URL: https://5290727.fls.doubleclick.net/activityi;dc_pre=CJH3trSosYIDFYMPwQodtUMCkw;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=2627093378772;auiddc=2020073537.1699340428;u17=https%3A%2F%2Fcdnseurevipbot.secureweb.top%2F;u5=;u18=;gtm=45He3b60v72703797;gcd=11l1l1l1l1;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fcdnseurevipbot.secureweb.top%2F?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80b::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://5290727.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Nov 2023 07:00:28 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ping
pnytimes.chartbeat.net/ 43 B
201 B 58ms
10ms Image
image/gif 23.23.164.244
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pnytimes.chartbeat.net/ping?h=nytimes.com&p=nytimes.com%2F&u=Cav6UOB0gXs8DXDiMI&d=cdnseurevipbot.secureweb.top&g=16698&g0=Homepage&g1=No%20Author&n=1&f=00001&c=0&x=0&m=0&y=11115&o=1600&w=1200&j=45&R=1&W=0&I=0&E=0&e=0&r=&PA=https%3A%2F%2Fcdnseurevipbot.secureweb.top%2F&b=7665&t=D9vv00JRep9Zu0DHB4xp7xDN5mg9&V=141&i=The%20New%20York%20Times%20-%20Breaking%20News%2C%20US%20News%2C%20World%20News%20and%20Videos&tz=600&sn=1&sv=aSanxoTs4qBorQTEBd6y_VCv5X4R&sd=1&im=06672fd3&_
Requested by: Host: cdnseurevipbot.secureweb.top
URL: https://cdnseurevipbot.secureweb.top/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.23.164.244 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-23-23-164-244.compute-1.amazonaws.com
Software: /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Tue, 07 Nov 2023 07:00:28 GMT
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-length: 43
expires: 0

GET
H2 200 65568.js Show response
cdn.brandmetrics.com/scripts/bundle/ 62 KB
17 KB 273ms
273ms Script
text/javascript 2606:4700:20::681a:d12
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.brandmetrics.com/scripts/bundle/65568.js?sid=4486dfe2-780e-4dfa-a60a-2a948887658f&toploc=cdnseurevipbot.secureweb.top
Requested by: Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi-ip.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:d12 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ca7a118dd01892b5a9302e22b61a8e96c6c006f2ca642a8e24ad256ada052f5c

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 07:00:28 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Tue, 07 Nov 2023 07:00:28 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o9BMg6spPXU69aIV43a4jU%2FumYgHT44NHSFtSbfqaZbXzIfr9tlFB2Mw6QUNuLt%2BcXFCTP7%2B7zoXz6flE7H4E8%2Bx0016kDMuznHFV63FS20lH%2BfLZAPm9HuOH3aRtPfHYfXW9g%2FdLwVZE3mzy8Lubjs1"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript;charset=utf-8
cache-control: public, max-age=3600
cf-ray: 8223b30c3d12427c-EWR
request-context: appId=cid-v1:5c986aee-9723-4541-b38e-d4ac73c46937

POST
H2 200 track
a.et.nytimes.com/ 0
0 33ms
32ms Ping
text/plain 52.54.49.121
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://a.et.nytimes.com/track
Requested by: Host: cdnseurevipbot.secureweb.top
URL: https://cdnseurevipbot.secureweb.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.54.49.121 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-54-49-121.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cdnseurevipbot.secureweb.top/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

GET
H/1.1 200
OK c.js Show response
collector.brandmetrics.com/ 0
188 B 243ms
42ms Script
text/javascript 20.40.202.2
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://collector.brandmetrics.com/c.js?siteid=4486dfe2-780e-4dfa-a60a-2a948887658f&toploc=cdnseurevipbot.secureweb.top&rnd=5129983
Requested by: Host: cdn.brandmetrics.com
URL: https://cdn.brandmetrics.com/scripts/bundle/65568.js?sid=4486dfe2-780e-4dfa-a60a-2a948887658f&toploc=cdnseurevipbot.secureweb.top
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.40.202.2 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Request-Context: appId=cid-v1:5c986aee-9723-4541-b38e-d4ac73c46937
Date: Tue, 07 Nov 2023 07:00:27 GMT
Content-Length: 0
Content-Type: text/javascript;charset=utf-8

GET
H2 200 .status Show response
a.et.nytimes.com// 0
0 35ms
35ms Fetch
text/plain 52.54.49.121
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://a.et.nytimes.com//.status
Requested by: Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/us1/v4/datadog-rum.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.54.49.121 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-54-49-121.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept: */*
Referer: https://cdnseurevipbot.secureweb.top/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
content-type: text/plain;charset=UTF-8

Response headers

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
12 KB 35ms
35ms XHR
application/json 2607:f8b0:4006:822::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202310310101&st=env

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/us1/v4/datadog-rum.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:822::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

55e5acff71b72c97781fed784be3d7ba013eeb6b70613eb23d9bef425c289c37

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 07:00:28 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12255
x-xss-protection: 0

GET
H2 200 loader.js Show response
platform.iteratehq.com/ 1 KB
1 KB 65ms
16ms Script
application/javascript 2606:4700:20::681a:6e5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://platform.iteratehq.com/loader.js

Requested by

Host: cdnseurevipbot.secureweb.top
URL: https://cdnseurevipbot.secureweb.top/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:6e5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6a7cc369b7799fe4a3442e72d5d5e06b438dc2d350535b3cb6edc194f2804c79

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 07:00:28 GMT
x-amz-version-id: uq.wnYxSi9EI.nFJrrFLnIo8MjrAKLYY
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0; includeSubDomains
x-amz-request-id: 68TVS4W46NDVS95X
age: 153
x-amz-server-side-encryption: AES256
x-amz-id-2: q+r6e3CNE6wbC7UbIz8qZG2B+4JlvtrR0VGOsXTBQ8KRp4Niqnrz6H0W5IjvZQIhFDTUrWBlxtE=
last-modified: Thu, 02 Nov 2023 19:28:53 GMT
server: cloudflare
etag: W/"63ba5f33bef033632d254ca54c8ee999"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m%2BwQFD8s0i8ccNWIZuNx05zSwJxEzU5tMSV%2BzMnOyJsgEcp7kp2QZ55uRhNOabw%2B%2F843rquTC7izaXRHZ2em8wUPajaCwD5rOaguxVPRgayVHQ9AnCxONdqdWce0t3eeE4o8J613qI5dwVpW09hX%2FTQzGUc%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=1800
cf-ray: 8223b3100ea615a3-EWR

GET
H2

200

cs.js Show response
sb.scorecardresearch.com/internal-c2/3005403/
Redirect Chain

https://sb.scorecardresearch.com/c2/3005403/cs.js
https://sb.scorecardresearch.com/internal-c2/3005403/cs.js

0
383 B

41ms
41ms

Script
application/javascript

99.86.74.78
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sb.scorecardresearch.com/internal-c2/3005403/cs.js
Protocol: H2
Server: 99.86.74.78 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-74-78.iah50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 03:15:09 GMT
via: 1.1 547a781990a5f9debaf81c3caf1c35f0.cloudfront.net (CloudFront)
last-modified: Mon, 03 Jul 2023 14:48:36 GMT
server: AmazonS3
x-amz-cf-pop: IAH50-C4
age: 13520
x-amz-server-side-encryption: AES256
etag: "d41d8cd98f00b204e9800998ecf8427e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=86400
accept-ranges: bytes
content-length: 0
x-amz-cf-id: 41XREfWpFBxkPXXWinVX-Ckpf73sEYLFpso-nTeCQqJvT92Ictg37w==

Redirect headers

date: Tue, 07 Nov 2023 07:00:28 GMT
via: 1.1 547a781990a5f9debaf81c3caf1c35f0.cloudfront.net (CloudFront)
accept-ch: UA, Platform, Arch, Model, Mobile
x-amz-cf-pop: IAH50-C4
x-cache: Miss from cloudfront
location: /internal-c2/3005403/cs.js
content-length: 0
x-amz-cf-id: 6KWszv6rQ6JZQlHoFcnPN0ax-RVcd2gxtV459jwMeh9X0KCZtWTDOQ==

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 35ms
35ms Script
text/javascript 2607:f8b0:4006:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi-ip.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:816::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 07:00:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 07 Nov 2023 07:00:28 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 1777 13 KB
5 KB 16ms
4ms Document
text/html 2607:f8b0:4006:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi-ip.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:816::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cdnseurevipbot.secureweb.top/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
age: 65237
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 06 Nov 2023 12:53:11 GMT
expires: Tue, 05 Nov 2024 12:53:11 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame C42E 829 B
1 KB 48ms
26ms Document
text/html 2607:f8b0:4006:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi-ip.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:808::2004 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

b5b06bde62cd9c562eb5ee3bae4e27f6ce53d5651d3130fc45f58d8c1052516a

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-vHZKiVac4R7vC6w9F71rBQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://cdnseurevipbot.secureweb.top/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-vHZKiVac4R7vC6w9F71rBQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 07 Nov 2023 07:00:28 GMT
expires: Tue, 07 Nov 2023 07:00:28 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 match-prod-6baf9ab2a93fe67c4133.js Show response
platform.iteratehq.com/ 86 KB
30 KB 14ms
13ms Script
application/javascript 2606:4700:20::681a:6e5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://platform.iteratehq.com/match-prod-6baf9ab2a93fe67c4133.js

Requested by

Host: platform.iteratehq.com
URL: https://platform.iteratehq.com/loader.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:6e5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

93a03220d2cacc03b0b40e69976cfd06201970c1febb108ac4ace5747dc114b2

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 07:00:28 GMT
x-amz-version-id: m6qIko0hGVLfB0fW2Ydgcxo5k1r0mneH
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0; includeSubDomains
x-amz-request-id: V9FTXWVTA4AS32YV
age: 386882
x-amz-server-side-encryption: AES256
x-amz-id-2: TV7mC5Sc4/UO5RDUJ2JthpiNhmohIzCqbLdn+2fWLJNK7UDF0QjczDeIFw1K4q8VYJoWqF18ZuGruwG2LQxCCrXksO19CB1A1njyF/30T2A=
last-modified: Thu, 02 Nov 2023 19:28:52 GMT
server: cloudflare
etag: W/"a0edf9459ac39cd6a02228fbf64230be"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HUYmUmzLiZiO3%2FfXWxtCs9I6uUAZG7N9xx9rbuPmalXxBZjy%2B8uUCungemUKg2P3kyiw%2BeP%2FIJcOwleUewqEamWdaTFx48EcH5UW%2FOl9PS3ig0q8cLqauQ1R%2F%2FdSrBkQWPNtcozL4hN2Kiooqpmof1tqP64%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=31536000
cf-ray: 8223b3102eb415a3-EWR

POST
H2 200 embed Show response
iteratehq.com/api/v1/surveys/ 300 B
555 B 23ms
23ms Fetch
application/json 2606:4700:20::ac43:479c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://iteratehq.com/api/v1/surveys/embed

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/us1/v4/datadog-rum.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:479c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4c4ad11815a98f466b3f72d058065159219a1c1829bd957f1321166e16e25369

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains

Request headers

Referer: https://cdnseurevipbot.secureweb.top/
accept-language: en-US,en;q=0.9
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJjb21wYW55X2lkIjoiNWMwOThiM2QxNjU0YzEwMDAxMmM2OGY5IiwiaWF0IjoxNTQ0MTI5MzQxfQ.UI13nEXGs0udbZxhjyFLruAEed42XwFO4fZlCqOgY1o
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 07 Nov 2023 07:00:28 GMT
strict-transport-security: max-age=0; includeSubDomains
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q4bBfCyKavqnOrcsBzcxlzV%2BkgVb4OVplUH7xTTBewVH0YJa1gx7GJhVIOW7Tc7xPzsfED%2FL35K8X%2BXCcR4VZgau%2BZGM56EmcgT1FyVrYVzFVmLI%2FbRG4dp1%2BqbL1fpO%2FUS7zkOgv6LCsoE%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: *
access-control-allow-credentials: true
cf-ray: 8223b310d84943b2-EWR

OPTIONS
H2 200 embed
iteratehq.com/api/v1/surveys/ Frame 0
0 60ms
25ms Preflight 2606:4700:20::ac43:479c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://iteratehq.com/api/v1/surveys/embed

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:479c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://cdnseurevipbot.secureweb.top
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-max-age: 86400
cf-cache-status: DYNAMIC
cf-ray: 8223b310b83d43b2-EWR
content-length: 0
date: Tue, 07 Nov 2023 07:00:28 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JPoFhxnSiKHpU3cjLVX2YGmUnV8AcxMivfJrWKb4IGHlhMR4flvTs4onAe7OmoKVo84wzaIy%2BCBHePLrZiTCESBhEUepqcNncLaQHR9GHiSG6ZKWO2H4VKM6t%2FRIbaAv6VKnoSHwXe%2BziTE%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=0; includeSubDomains
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers

GET
H3 200 4WwaGfWzeDAeGvs0ZrtmWMJUG7fu6zGPBJzQt4duOkA.js Show response
pagead2.googlesyndication.com/bg/ Frame 1777 38 KB
15 KB 4ms
4ms Script
text/javascript 2607:f8b0:4006:822::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/4WwaGfWzeDAeGvs0ZrtmWMJUG7fu6zGPBJzQt4duOkA.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:822::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e16c1a19f5b378301e1afb3466bb6658c2541bb7eeeb318f049cd0b7876e3a40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 12:53:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 65236
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15096
x-xss-protection: 0
last-modified: Tue, 31 Oct 2023 13:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 05 Nov 2024 12:53:12 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame C42E 0
0 29ms
28ms Image
text/html 2607:f8b0:4006:822::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202310310101&jk=1603636949710403&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:822::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 1777 0
10 B 5ms
5ms Image
text/plain 2607:f8b0:4006:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?d-uoDQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:816::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 07:00:29 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

POST
H2 200 embed Show response
iteratehq.com/api/v1/surveys/ 64 B
356 B 19ms
18ms Fetch
application/json 2606:4700:20::ac43:479c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://iteratehq.com/api/v1/surveys/embed

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/us1/v4/datadog-rum.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:479c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ea939bd13d79a17cc436d4c3e102d4060cb7ebf0e8e61918f3d034580dff02b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains

Request headers

Referer: https://cdnseurevipbot.secureweb.top/
accept-language: en-US,en;q=0.9
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhaWQiOiI2NTQ5ZTA4YzQwODcxYTAwMDFhMjc5NjgiLCJjb21wYW55X2lkIjoiNWMwOThiM2QxNjU0YzEwMDAxMmM2OGY5IiwiaWF0IjoxNjk5MzQwNDI4fQ.j1N2l8-K9H7XZV5JI31Ao87EObDY_FLyHypVxTDvK_I
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 07 Nov 2023 07:00:29 GMT
strict-transport-security: max-age=0; includeSubDomains
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fXuaPcmKsoOp%2BR5tw%2Ff%2Bzitr4RePKnHRgZwBKFHAns7e7SsI5O2qLsquu9r9g4Nt5WPJW9HFMdNIqxOFgteNKyO3AeF2%2Bkd5a5aT6LwvJwF9meIE%2FBh8rgGOM7%2BwKQVOXowA5Gbtqp1fqhg%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: *
access-control-allow-credentials: true
cf-ray: 8223b313ca2243b2-EWR

OPTIONS
H2 200 embed
iteratehq.com/api/v1/surveys/ Frame 0
0 20ms
19ms Preflight 2606:4700:20::ac43:479c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://iteratehq.com/api/v1/surveys/embed

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:479c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://cdnseurevipbot.secureweb.top
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-max-age: 86400
cf-cache-status: DYNAMIC
cf-ray: 8223b3139a0b43b2-EWR
content-length: 0
date: Tue, 07 Nov 2023 07:00:29 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6FxaueMNB4bfcKAF2QA8GULSlBDUfRknFgB%2BvEM9muhl%2BVqHmn%2BDHjRsfiVry3Q9sZEy47zUk6R2tN1khRBBLX8WYwXukgDpgpxWo8n7kUpKgzLFp6K0GTm7LdlFllZOGQFsxGQ22blACf0%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=0; includeSubDomains
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 26ms
26ms Image
text/html 2607:f8b0:4006:822::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202310310101&jk=1603636949710403&bg=!kZKlkt3NAAb4oU7C2KE7ADQBe5WfOHHDGiVTAtvTM2stZJZaJ8NlCTsw09k0HnDDcE8UvGsGaDmKZHJsG3BCsdyjnGS9AgAAAJ5SAAAACmgBB5kC_ktwnxRDq_F62oyz333O18GEsWWMwCDENzHmKSMwP3Bk03cunORs59z2YKyPknvvYVVoLgRiMBuMFq_ZzbQtHf5UUKXerda2STKaT3Jz2Q43wM3h4Cjdrl72X1puVSnyhI601rsIo2VkFsHREoEP_rFt2m1gl68FrWP5a_GYJdaz2qmN8hbyilOxaz6IxIIyQtu_wXdAoi0WhORSE4nioNJ1fO1gLR4WJac_YeYgPMS6LDoamsGH4H6gvBPKquAg14twO0ctt8U_45CNT2i4BwLELIP5q8C9DMh2oglSppjmWXRJmQLRd6NqGPooYtTHalBkXBQVz1kh421XWthl2O2CZjX6Viftrh5V2JvNGZ5igEs-FdWsIxen2j9EUp9yG1qEoh5LB-ey4x1Fkv53iGgEaZDNcz0ooVWMaFsl_goLBqQUYU1CmNaitSViEFi303XzWk9tX0Ex9dA7JhPQGvXH1BvGWHFe2eel1a1VipXQ_Ud-2qUEOd91hvb4RP069KHD4MlQ1w93szV7v6Xm0wbxasdytwrU-u9iTE07kBsACUhDxGpolSZSvf1VGM-rgSyEQ9EMnfzWuWYAb5W9bgi5KvuPXuMm32MXOFKiqOdNhjITzUO1Cwlb3QnQ3bbVrhxkvtMhaCOoiQcGFaAT0nZcCtSaZOr7_XhvNnhIt8XjBFAGZiq6-IjXcUaM3uOtcfNCZzbs7lLpic8wIrnjfqVZRPKcP_sfsHUXd5yaLTgIACLztGhaFr6JYfxpAaZALMR4lBFBHmB0wjRBQXj0IDao3msTLPqEupTCDJXqeDLSrtUsK9zLKnXG1JigaSEodW1JFv2aO_0erHZqry7Pxy8tz58NO7QmC_krp6yIjSanjnLJSX1JA9FvTmGCx3qLYrl-Xzf2bq08O_HpZyYAELc8T1Sk4Hlrq5X1V6p-0terp3aScLDxQdnsS6DhftYXX0U1N_dauxVjk_IsRtbrlhL-7rt6ZwYaLVG6UH9EK_DaW4hY2IBaTgBoHPQ_99Q
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:822::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdnseurevipbot.secureweb.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

POST
H2 200 track
a.et.nytimes.com/ 0
0 37ms
36ms Ping
text/plain 52.54.49.121
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://a.et.nytimes.com/track
Requested by: Host: cdnseurevipbot.secureweb.top
URL: https://cdnseurevipbot.secureweb.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.54.49.121 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-54-49-121.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cdnseurevipbot.secureweb.top/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

GET
H2 200 dc_oe=ChMIp_K2sqixggMVg4ifCh2AgAWNEAAYACCbxOpcQhMIq_bwsaixggMVEgzDCh38vQTY;met=1;&timestamp=1699340432190;eid1=2;ecn1=0;etm1=7;eid2=12;ecn2=0;etm2=7;eid4=14;ecn4=1;etm4=0;eid6=16;ecn6=1;etm6=0;eid8...
ade.googlesyndication.com/ddm/activity/ Frame 3756 42 B
107 B 35ms
34ms Image
image/gif 142.251.41.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIp_K2sqixggMVg4ifCh2AgAWNEAAYACCbxOpcQhMIq_bwsaixggMVEgzDCh38vQTY;met=1;&timestamp=1699340432190;eid1=2;ecn1=0;etm1=7;eid2=12;ecn2=0;etm2=7;eid4=14;ecn4=1;etm4=0;eid6=16;ecn6=1;etm6=0;eid8=960584;ecn8=1;etm8=0;eid10=18;ecn10=1;etm10=0;eid12=960585;ecn12=1;etm12=0;eid14=13;ecn14=1;etm14=0;

Requested by

Host: df0465b83c4db80fe7208c6394ee3d1e.safeframe.googlesyndication.com
URL: https://df0465b83c4db80fe7208c6394ee3d1e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.41.2 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s40-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://df0465b83c4db80fe7208c6394ee3d1e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Nov 2023 07:00:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 dc_oe=ChMIp_K2sqixggMVg4ifCh2AgAWNEAAYACCbxOpcQhMIq_bwsaixggMVEgzDCh38vQTY;met=1;&timestamp=1699340434338;eid1=2;ecn1=0;etm1=3;
ade.googlesyndication.com/ddm/activity/ Frame 3756 42 B
63 B 34ms
34ms Image
image/gif 142.251.41.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIp_K2sqixggMVg4ifCh2AgAWNEAAYACCbxOpcQhMIq_bwsaixggMVEgzDCh38vQTY;met=1;&timestamp=1699340434338;eid1=2;ecn1=0;etm1=3;

Requested by

Host: df0465b83c4db80fe7208c6394ee3d1e.safeframe.googlesyndication.com
URL: https://df0465b83c4db80fe7208c6394ee3d1e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.41.2 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s40-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://df0465b83c4db80fe7208c6394ee3d1e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Nov 2023 07:00:34 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: samizdat-graphql.nytimes.com
URL: https://samizdat-graphql.nytimes.com/graphql/v2

Domain: als-svc.nytimes.com
URL: https://als-svc.nytimes.com/als?uri=https%3A%2F%2Fwww.nytimes.com%2Fpages%2Findex.html&typ=&prop=nyt&plat=web

Domain: samizdat-graphql.nytimes.com
URL: https://samizdat-graphql.nytimes.com/graphql/v2

Domain: purr.nytimes.com
URL: https://purr.nytimes.com/v1/purr-cache

Domain: a.nytimes.com
URL: https://a.nytimes.com/svc/nyt/data-layer?assetUrl=https%3A%2F%2Fwww.nytimes.com%2F&caller_id=nyt-vi&jkcb=1699340426091&referrer=&sourceApp=nyt-vi

Domain: samizdat-graphql.nytimes.com
URL: https://samizdat-graphql.nytimes.com/graphql/v2

Domain: meter-svc.nytimes.com
URL: https://meter-svc.nytimes.com/meter.js?sourceApp=vi&messageComponentLibraryFallback=true&url=https%3A%2F%2Fcdnseurevipbot.secureweb.top%2F&referer=https%3A%2F%2Fcdnseurevipbot.secureweb.top%2F&pageviewID=tXWoy2GmjXfDN7kc66_XRmWl&MessageSelectionAPI=real

Verdicts & Comments Add Verdict or Comment

128 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

30 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.3lift.com/sync	1970-01-20 18:11:56	Name: sync Value: CgkIOhCBwdTEujE=
.nytimes.com/	1970-01-21 00:47:56	Name: nyt-a Value: F2BoU-CfxJX0epqcSuieT3fR
.et.nytimes.com/	1970-01-20 16:02:22	Name: sessionActive Value: true
.et.nytimes.com/	1970-01-21 00:47:56	Name: sessionIndex Value: 1\|1699340421815\|F2BoU-CfxJX0epqcSuieT3fR\|1699340421815
.et.nytimes.com/	1970-01-20 16:03:46	Name: et-ppvid Value: https://cdnseurevipbot.secureweb.top/=tXWoy2GmjXfDN7kc66_XRmWl
.rubiconproject.com/	1970-01-21 00:47:56	Name: audit Value: 1\|mFVHqHkj5bFtVZ25ExCBCFMG4C6D/t+3x5H4/Al95QVlbuAIFl07k4nR8JVd1FByyCHnGGTEnQZRi2uQ8pfh/CAd9nYNykirwts17joIQBjaMvpofRrTDtVq1Qbb0Jw1vsVAPbIH/+GyqVI1k5poNA==
.openx.net/	1970-01-21 00:47:56	Name: receive-cookie-deprecation Value: 1
.rubiconproject.com/	1970-01-21 00:47:56	Name: khaos Value: LONZETMM-D-BHRA
.secureweb.top/	1970-01-21 01:23:56	Name: __gads Value: ID=54619eb249d95f83:T=1699340422:RT=1699340422:S=ALNI_MY2dS9nRI-EB73z60OVKCRo-UbD_g
.secureweb.top/	1970-01-21 01:23:56	Name: __gpi Value: UID=000009ffd9d43910:T=1699340422:RT=1699340422:S=ALNI_MZs1LmnVmlOkupxIcZwTRvvOa6ldg
.doubleclick.net/	1970-01-21 01:38:20	Name: IDE Value: AHWqTUnYtmT0viWN24tgO6thypaXR671DOM0rHI_nCvvWjgv0dCdWZoGJV9zM87I
.adnxs.com/	1970-01-20 18:11:56	Name: uuid2 Value: 1742177066701850104
.casalemedia.com/	1970-01-21 00:47:56	Name: CMID Value: ZUngh.riP-6S13oJ61GXuAAA
.casalemedia.com/	1970-01-20 18:11:56	Name: CMPS Value: 3646
.casalemedia.com/	1970-01-20 18:11:56	Name: CMPRO Value: 3646
.adnxs.com/	1970-01-20 18:11:56	Name: anj Value: dTM7k!M41.D>6NRF']wIg2Hb_JX+[1!1yIE`fS1ueD1W-044)d+]UfXUytn@+04CeFuB7UH![!AEAF'S1f[[ev)s=2P(hw9P-HC_#tt?u)hM(T
.doubleclick.net/	1970-01-20 20:21:32	Name: APC Value: AfxxVi4jVCOmAtJenav6_2A4Sx9lp1ezjB2CHD5DMKXrXF-612keSA
.scorecardresearch.com/	1970-01-21 01:38:20	Name: UID Value: 1B833f1544ae9e0e2b90faa1699340425
.cdnseurevipbot.secureweb.top/	1970-01-21 00:47:56	Name: datadome Value: Dtu4iM6kx3Yu_ff74FwcxGqpPOxST0AgunowqkYtKNTtkP8_3Aw8dy2OoJVval5en4B6KnAwBm7MhyGAz_fjMoESQ5BRIqTSh4BTsZiTNtRRME~rYbxkg0hiYC_1_C8q
.3lift.com/	1970-01-20 18:11:56	Name: tluid Value: 405804683887733322870
.media.net/	1970-01-21 00:47:56	Name: visitor-id Value: 3423420270813322000V10
.openx.net/	1970-01-21 00:47:56	Name: i Value: e92d3842-84a5-0b9e-3c6d-2214b4140785\|1699340427
.adsrvr.org/	1970-01-21 00:49:22	Name: TDID Value: 93a3f69d-5320-45a6-886f-05cb2e2f6837
.adsrvr.org/	1970-01-21 00:49:22	Name: TDCPM Value: CAESFgoHc3Z4OXQ1MBILCN6Jypeo2q88EAUYBSABKAIyCwiOoePBvtqvPBAFOAE.
.secureweb.top/	1970-01-20 18:11:56	Name: _gcl_au Value: 1.1.2020073537.1699340428
.secureweb.top/	1970-01-21 01:31:08	Name: _cb Value: Cav6UOB0gXs8DXDiMI
.secureweb.top/	1970-01-21 01:31:08	Name: _chartbeat2 Value: .1699340428172.1699340428172.1.aSanxoTs4qBorQTEBd6y_VCv5X4R.1
.secureweb.top/	1970-01-20 16:02:22	Name: _cb_svref Value: null
.secureweb.top/	1970-01-21 01:38:20	Name: iter_id Value: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhaWQiOiI2NTQ5ZTA4YzQwODcxYTAwMDFhMjc5NjgiLCJjb21wYW55X2lkIjoiNWMwOThiM2QxNjU0YzEwMDAxMmM2OGY5IiwiaWF0IjoxNjk5MzQwNDI4fQ.j1N2l8-K9H7XZV5JI31Ao87EObDY_FLyHypVxTDvK_I
cdnseurevipbot.secureweb.top/	1970-01-20 16:02:21	Name: _dd_s Value: rum=0&expire=1699341321940

14 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: https://cdnseurevipbot.secureweb.top/ Message: Access to XMLHttpRequest at 'https://als-svc.nytimes.com/als?uri=https%3A%2F%2Fwww.nytimes.com%2Fpages%2Findex.html&typ=&prop=nyt&plat=web' from origin 'https://cdnseurevipbot.secureweb.top' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://als-svc.nytimes.com/als?uri=https%3A%2F%2Fwww.nytimes.com%2Fpages%2Findex.html&typ=&prop=nyt&plat=web Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://cdnseurevipbot.secureweb.top/ Message: Access to XMLHttpRequest at 'https://samizdat-graphql.nytimes.com/graphql/v2' from origin 'https://cdnseurevipbot.secureweb.top' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://samizdat-graphql.nytimes.com/graphql/v2 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://cdnseurevipbot.secureweb.top/ Message: Access to fetch at 'https://samizdat-graphql.nytimes.com/graphql/v2' from origin 'https://cdnseurevipbot.secureweb.top' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
network	error	URL: https://samizdat-graphql.nytimes.com/graphql/v2 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://cdnseurevipbot.secureweb.top/ Message: Access to fetch at 'https://purr.nytimes.com/v1/purr-cache' from origin 'https://cdnseurevipbot.secureweb.top' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
network	error	URL: https://purr.nytimes.com/v1/purr-cache Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://cdnseurevipbot.secureweb.top/ Message: Access to fetch at 'https://a.nytimes.com/svc/nyt/data-layer?assetUrl=https%3A%2F%2Fwww.nytimes.com%2F&caller_id=nyt-vi&jkcb=1699340426091&referrer=&sourceApp=nyt-vi' from origin 'https://cdnseurevipbot.secureweb.top' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
network	error	URL: https://a.nytimes.com/svc/nyt/data-layer?assetUrl=https%3A%2F%2Fwww.nytimes.com%2F&caller_id=nyt-vi&jkcb=1699340426091&referrer=&sourceApp=nyt-vi Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://cdnseurevipbot.secureweb.top/ Message: Access to fetch at 'https://samizdat-graphql.nytimes.com/graphql/v2' from origin 'https://cdnseurevipbot.secureweb.top' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
network	error	URL: https://samizdat-graphql.nytimes.com/graphql/v2 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://cdnseurevipbot.secureweb.top/ Message: Access to fetch at 'https://meter-svc.nytimes.com/meter.js?sourceApp=vi&messageComponentLibraryFallback=true&url=https%3A%2F%2Fcdnseurevipbot.secureweb.top%2F&referer=https%3A%2F%2Fcdnseurevipbot.secureweb.top%2F&pageviewID=tXWoy2GmjXfDN7kc66_XRmWl&MessageSelectionAPI=real' from origin 'https://cdnseurevipbot.secureweb.top' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
network	error	URL: https://meter-svc.nytimes.com/meter.js?sourceApp=vi&messageComponentLibraryFallback=true&url=https%3A%2F%2Fcdnseurevipbot.secureweb.top%2F&referer=https%3A%2F%2Fcdnseurevipbot.secureweb.top%2F&pageviewID=tXWoy2GmjXfDN7kc66_XRmWl&MessageSelectionAPI=real Message: Failed to load resource: net::ERR_FAILED

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

5290727.fls.doubleclick.net
a.et.nytimes.com
a.nytimes.com
a1.nyt.com
aax.amazon-adsystem.com
ade.googlesyndication.com
adservice.google.com
als-svc.nytimes.com
c.amazon-adsystem.com
cdn.brandmetrics.com
cdnseurevipbot.secureweb.top
cm.g.doubleclick.net
collector.brandmetrics.com
config.aps.amazon-adsystem.com
cs.media.net
dd.nytimes.com
df0465b83c4db80fe7208c6394ee3d1e.safeframe.googlesyndication.com
dsum-sec.casalemedia.com
eb2.3lift.com
fastlane.rubiconproject.com
g1.nyt.com
gcdn.2mdn.net
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
gw.geoedge.be
ib.adnxs.com
iteratehq.com
match.adsrvr.org
meter-svc.nytimes.com
nytimes-d.openx.net
pagead2.googlesyndication.com
platform.iteratehq.com
pnytimes.chartbeat.net
prebid.media.net
prod.tahoe-analytics.publishers.advertising.a2z.com
purr.nytimes.com
r4---sn-ab5sznzl.c.2mdn.net
rtb.openx.net
rumcdn.geoedge.be
s0.2mdn.net
samizdat-graphql.nytimes.com
sb.scorecardresearch.com
securepubads.g.doubleclick.net
static.chartbeat.com
static01.nyt.com
tlx.3lift.com
tpc.googlesyndication.com
www.datadoghq-browser-agent.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.nytimes.com
a.nytimes.com
als-svc.nytimes.com
meter-svc.nytimes.com
purr.nytimes.com
samizdat-graphql.nytimes.com
108.138.129.64
13.249.21.101
142.251.32.98
142.251.40.198
142.251.40.226
142.251.41.2
151.101.1.164
151.101.65.164
172.64.151.101
18.160.156.21
18.238.64.130
20.40.202.2
23.195.92.23
23.23.164.244
2600:9000:20f0:2600:4:b37b:9440:93a1
2600:9000:2137:1000:10:43f:4352:ad61
2600:9000:2548:8c00:18:1fcd:353:c61
2602:803:c002:200::62
2606:4700:20::681a:6e5
2606:4700:20::681a:d12
2606:4700:20::ac43:479c
2606:4700:3031::ac43:a761
2607:f8b0:4006:808::2004
2607:f8b0:4006:80b::2002
2607:f8b0:4006:80d::2002
2607:f8b0:4006:80f::2002
2607:f8b0:4006:816::2001
2607:f8b0:4006:817::200e
2607:f8b0:4006:81e::2001
2607:f8b0:4006:81e::2008
2607:f8b0:4006:81f::2002
2607:f8b0:4006:820::2006
2607:f8b0:4006:822::2002
2607:f8b0:4006:a::9
34.120.63.153
34.218.8.146
34.98.64.218
35.227.252.103
35.71.131.137
35.71.139.29
44.211.112.71
52.54.49.121
68.67.179.155
72.44.43.210
99.86.71.49
99.86.74.78
007070e6f905e2aefbfcc7568cdf61c38a422d933c9c8166a6ba2f6223dd9ec5
03656ff565d2cc90c3b8f2c1963c5804304e5d9dc796e920db21a6db906a942d
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
07e897109aba8a327d21ae13667a85f7ce7a4a6acedbadcaa10e292ae11e5257
09bff184ea094a06e46d7f26512fd7b245304078a27f1ba8084488cbcf7704de
0b75f1263c2e4a65318c576d3de943c8792d344b061a366548a1bb93ff8942aa
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0b904723c5938b523c9ae329ba2b763681cb1de225c8f202d11012cbfd533f1f
0ec5bf37e2f80b5b1cd994cbc3fb926688f4810071b400da230f5845dbe0b06a
105fb74c3e11b3a0f9ea651b898f0ce3a52147e403481c9f3f94437441f333cd
11cad19b226383c7e859031e5cd320644ad1a33d12abc2689a4d3bdbc8253ab7
13ba2997ea62a564075f4e9d586d98c0f2662d6f23042e5f39366b2f27f320a9
15bb3ffc59f462f8200d11db9a59ac35b5ed9b197e6d20596fc68fa16e73de69
174325b76ed88f685e3080a4ab9458981ed4389fb38f6680fafc80f03d6059ef
17615132642880808e44f8f5b54edef8ee37a514e003b6faf98014ecca401194
1b212ea12e667d35e7127d3c59788897d07d32a661336ccf122b02af12fab96d
1c4777fe3a673a05492e27d08032cc91c23ac5389897c9235b09b8b0f5a74db3
1ecb1f9522433be3adfad377816095c7d5b27d02c1efbbbb793e341b829d83d9
20a1e05cca983d2c838b5637de79857db90bd69705e38126260f9dca7fc29186
263489226f3d3c7a819547559569dd8dc98e0d37ab582a407a8094afcd783302
29706c4ab8f4d48b33ccb0ea813f8afb5f7ac569f623536b96fba6cf1fc60e9b
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
31d02f43dd0c7fc5c0d95db087a23f1c2d729c93f10450884c8da6b415f7839b
352b9e243c2e3a49a49cb8bc8df84d0a04183bbc3eac33a0476c9a11ff9e352d
39cb04ebdef1112f9cfd08ab486e0c2f94692d63e04eaa079512f8a14cf910e6
3f91fa3c8c68bf9155006b179e21c46ef9abf71d6b5a4e11a74a40e5b176da65
400cb4f7b1577c38e0d7f634a47d35c86a74ac14ef8e9ed9a33359a446bf9841
41d61937d6f1b2b8887f735949cb30f7be1f3027a5d495621672f0d8fd3f9d14
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
4501bb0294daf1a98751db74fe0917f9134d90ab743318c3e8a7d9722efbae41
466910df59d087650b837643219856ab4d88059a0cad2c92c6b7812ad0a4509d
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
47a0342d90a877ec7125c3a38706b2faefa9b867661ebcef4a98ec6cf3e60b40
4af9b52b5cf0f6a694ec51e283ccabc662be7881a3ecefecccf5441a687a894a
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4ba9c62e2d791768ee9cf91a2257b631d3d3d3e4d0039b2d60affb962b562219
4c4ad11815a98f466b3f72d058065159219a1c1829bd957f1321166e16e25369
4c7e66d672ad01d9a4b945bb09097d6776e2c05383c48f6c64aba44cc24fe96a
4caf6c7af5ea1580e3aa315c7e5375aa7d6aec929faca9b0fe0687113cb83e20
4d3928e5b934069fa3b78d716121fd1838737cb5b1aecd98b82e62982435ada6
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e23a3eff399bb647916a916fb9479c074d77cfb19d87b95ad28189639956aa6
4f837869b80c34ed1a128362a6ed24ff5ebdae743dc55eb3c183ae9c8b5f4ca3
51810745d3e4e28eec27857037693434619b5a9487d389a2243a555d6830f66b
52dc9d8c27d10f6478e371f82bd0e12f56758f4c40337149c3bfd0df8318a5b2
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
55e5acff71b72c97781fed784be3d7ba013eeb6b70613eb23d9bef425c289c37
560840d26c66d01e35e8257c2599e4d6ff81fb45082ac051cbfb0fb835657951
564385e5dd8a1058fd759445c33b2c554d409528496b9d91533eeb079f6415de
574965692d59c01a587f35383a7348f1665a1f8a10ce1ef1ef0e89640adf5b08
57bc281be64ff5ec8e3c2258640df6097a32f08ac5a2c346f214300eb430f176
5d7824c56fadbab811bb6be7b48d8eec8fd4269877246eeed5b9b33d1a953292
5d7c7d25a0da74c0dd466120c3c09bd94cb982fc66ebc4a78675339f37323bf5
5e58c4c90b85eda4055a5b30fe55ef60cbcf6ea093311f2ff38861c7b4fe448a
5ed9e9f81abee651d7645c6ae932a099ff7595eb893df2bd66306c818adf5a39
5f20338b9aab2f5f33562eb3b0b23d999896ce426cacd2231b4123510571df4e
6139dddd3b6b6b847bccd476918dc8fb4f4f5a10908e5707c704f155e0918e84
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
63cd01bf8a87ddc8a07e6491ea1ab7bb28613587cfddd7c9664dda47f71dcda3
644159a517427813378bf283fb86f497ef2fd81c8656225b3e209972f0e4ccbb
66debd0db62a3f53e72503a053f862b586a886e6a399fd8243b5e0180d304dec
6a67d82954e869f63863c01de1404e74d89722d7774b105176d253292b75b6aa
6a7cc369b7799fe4a3442e72d5d5e06b438dc2d350535b3cb6edc194f2804c79
6c0bd41a591f67aa54215c9f9c1f0e86935d86b6546a0ba0bf9cebbed53a9ebc
6d079676c7dda83a62dc625925148bde8b964c8e389ae677b5081aa5d464dfff
6e2ebe67009b7cfad70167fc977f56844eae0683b216f8fb12fa6e9bdd7dac29
71b2f4fee2ed4163e1ef309ca22a8a108aab0ba7cfb535d38b33c1ec3718836a
72a602637622db159bedc967e371a33de5e249362a08dd69e023e31e5fc93d58
73bd4d0f8a3ec1a6b0ec41f111a2b46ba4c242d4dc7bdf0817c4af97a6dfa48e
745823630edebfcdda6261bfef6140d1f4523b7e7610ad6d56137a72df97746e
7a167d6fd5606d9ef6dc28400a9e172c7dbbf69171d5ac15e918755d41dbaf8a
7b2de48c9ef1fcedb720a746610c485e04d3336ba20ccca959c343f004ced8aa
7c65354f69fbaf3704fa399fb2755f8f1e12a4febd45037a125f17de050fca7c
7dcbc19c68e87e4b23f85027e02ac7f3c89fa259973ec92bbe27e49ad002bf47
7e76ec11f2baa0f7948d92891718df73970877050a5b48e2b6fb9b340378a2d1
7e9b1bcc8b7f6c40a146c67b1ae4d804d1a00f9374ebd5ce5b4f2de65ff69cc6
8128790c5fa410f6c0a0e4e0de2650684d75b676dfebdd27f6666e6a6b517071
8296cf4ef9615fac30569a2d3bf5e0b8d1a02c0aef89f6a6d446156eb2e52bda
832c2e84f40e3512fc4a9326e54e6c3a8e8b91d691dd601e5716ab8b4cd01f32
868fa0aee4b3170445519391c249b544438425cdb392aba77b9dae9b5ea7e27f
89b4aa9e9bf8516c2ab7b5134f65d47b02071637259a14c9f60dccc207e05ce4
8aa1e610b22079cb84a89491850b86860036e3f2c9750a367d839b9a6a63d306
8bafef9de45070f320e6d34730a285286b7b00ae2fbc1757ef49b1ff21d80c24
8dac714863ad4334db93a612383d80d982fb6f8ec55e3e5b058a01023539ebf3
8efe1572be12f6646d54cfb294c79d31a010fa99cf4948e168582234b0464f11
8f747ff82f9871925b857f102d6b4f018f314478d1b896b5257a1363dedd5d21
9377e1ed8c646a7ae8b8b570821baf287765c047e9dab20fa71a4eb76a40c294
93a03220d2cacc03b0b40e69976cfd06201970c1febb108ac4ace5747dc114b2
94df5d2926f84023b53a7b88d959ec0a24857fccc905c82b5bee2869845eb4c4
99013b5f831f3762b1a2648e07bb3116d914c5b1539bdf4fe0634602cc26b19e
9a43ab8056183a8efcf0e882990c2601381a735e02bba004439e010055c55d47
9ec978213051509467672fa65a939d16cadd988e81d53c81bf6fd5b81e90151f
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a500afc866062030e5a0314da72313ab8fbda561df3571d832a56576d6e1da46
a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678
a829a15fb1f19efe87d128cc4621b70f1dc8c14d2dcfb34ef67fbcf338f3314f
ad01b93ecf6b0b442902d27ae93b6af83a92784a05455b81490512a3d5d8b08b
aea00872cb4e93d88ed44f2b1a9c5f55afd42f122f81fb6194878fee4bb001a1
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b32e3879c83af441e675efa49587cb894bdd3c10420475f79879fbfb7a69766b
b5221e0636a97505ae38720d4ef182d35be5fb47d2628428db4fc918ab7ee30e
b5b06bde62cd9c562eb5ee3bae4e27f6ce53d5651d3130fc45f58d8c1052516a
baabb01c05f5a7a83cf26233fcbb29790b584afb736caa63cb26ed1d051aa78d
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bcbbfe66a2e17c1dbc127ccea0f4fec035d42d51d1741332275026e291d79be8
be9dcda7136b10664180d9376d56acf52cb27126082e1dd1fda47ca67316de55
c01bb7101c3b034d4e913bdc36280e1a3034d84ab1f8ab674e0d43e75f20e229
c1e4c6cd09bcceb9e0a429e8264e8554e03bbc82cc493a8a91e5c20bb9b641a2
c4fd486c427aff4879822fc8e342979aa0110d283582bbee589cb941de95f39f
ca7a118dd01892b5a9302e22b61a8e96c6c006f2ca642a8e24ad256ada052f5c
cb554020ec10b151dcccf7f5eae72f7807d392f2324582f4ae45168ccf9b007e
cceac7ac0d2450faea3f70111cdd13df45e3c976deb8cb3e989da68e145651eb
ccf7b12ecc8e9e8ffdde253ba24560e0b8742463ad4868c7659fc90968ffcb3a
cd5eb76033d96219a0c4fe45fb0df10202e1febcb4d086fb1305f1b3304a6b1a
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d1afec1ae97e85059d8bc36b774818c924a47040f9a956870e719e7ce231dc0d
d278491b1de51ad826d16be5ab27b1746999c02d45200f107218427e34eed798
d398b90b592b327e99a6d915c3a8b2896d03a3c6b617bb5cbbf555fa57ee9725
dc288edaf30d3566c6a43f7db44c69243ef51481f3ae50a4b35868d6ac11706a
ddc793815035898947156ed4f9255a8038658f8b868b5dd29cd1a58bff46a91c
de3984198eb73078bb727320b1363493cdc3c1a74c10162e8182b344c5181ae0
de417027b3c04d64f0f0e42493e0cb5a6936609eb56f6f0440580a191d6d6b2c
e16c1a19f5b378301e1afb3466bb6658c2541bb7eeeb318f049cd0b7876e3a40
e33b8407c21f47e7c990edcb66dcf85406e8955ea0f85432539d5b706870cbc9
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e444fdaa833e612d239cf21a335b8322ad8cb7c7ba697ec978bdb454f5059519
e7f4ae3d77496807413afb4a0d56451b31667200c0293d3e89df130190e1f10b
e8cf20f6e98c91ff5a877209649b0839bb06e5751793babfb0dbbbb60a9e811a
ea939bd13d79a17cc436d4c3e102d4060cb7ebf0e8e61918f3d034580dff02b9
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
eb66d19d76b2a591f290eb9cbefa2faf0a2c8f90b124cb937270ab4b8adee08e
ec9789556607f26d00c95886baad0f24c4580e499e58e94e5edd49aad48ec19c
ee46bdadc83beb5e76bce18bc7cc3d169c7f0490901f6be96ec41ee2c14d3776
ee5d013858ce459b019fe0781a82a45fb176b2c5bf18529da18b8ccac8b3a93e
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f256b1151bcdcb1156ec95c6e40a56f17a91ef8b6668bcd9d113779d98cebf42
f2e4eb2e6499e7805732b936694778a0547e32010bca773807743cfcd8e4b049
f39ce75309bff1e29568dbed227da3bb2d23ba94d04e8f88c968a21d0e8f5f10
f3a83dbec57bca632ed8b04cb1a5f39b2e530884b032e8360a03f267095151a5
f4c8c10c577f10d982568bd0e5128cb974cc1b3a889dc41a7712734d161de050
f4fbc0c7fd40edffafd9d8ab070fc8235fdb5238513b9042aa2755558fa1f13a
f9619e7a1dc4ec09dc3d6c5df8aa6eada684c79482d283459eac511852d5bb3c
fb177985ebe75561e65bcb91d425186017f2017e70c5c7f8cf8915ef7e403181
fcb0ab4f6d3a4da0916061428974c4e222922d127a1da82f2e79173fa2fea1ac
fd52da48c170687946011e1e777d420cdae4da1ecd96bbb32cf1e7cdfc5b5edb
fe8d5a6f12533884b6896dd290e422c830e86e0228d45dbe97ac03c6e86a5b5a
ff18779bb7f76122171e9faa51b7af30bc0239d361c926489b02032bb5bccb54

cdnseurevipbot.secureweb.top Open in urlscan Pro 2606:4700:3031::ac43:a761 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

193 Requests

92 %HTTPS

43 %IPv6

25 Domains

52 Subdomains

45 IPs

1 Countries

3780 kBTransfer

9300 kBSize

30 Cookies

294 Outgoing links

Redirected requests

193 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

cdnseurevipbot.secureweb.top Open in urlscan Pro
2606:4700:3031::ac43:a761 Public Scan

Screenshot
Live screenshot

Full Image

193
Requests

92 %
HTTPS

43 %
IPv6

25
Domains

52
Subdomains

45
IPs

1
Countries

3780 kB
Transfer

9300 kB
Size

30
Cookies

193 HTTP transactions
2 data transactions