urlscan.io logo urlscan.io
SecurityTrails logo

click1.email.billingsgazette.com Open in urlscan Pro
74.214.203.11  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://click1.email.billingsgazette.com/ViewMessage.do?m=rtvckvwtvw&r=ybbkklcfvf&s=bpjvdfqqcqszpgdjlffzctzmtvzczdbkpbq&q=1639764000&a=view
Effective URL: http://click1.email.billingsgazette.com/ViewMessage.do;jsessionid=FBC2B59909AD8C08AD6AF4D29509A2E2
Submission: On December 17 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 10 IPs in 5 countries across 9 domains to perform 43 HTTP transactions. The main IP is 74.214.203.11, located in United States and belongs to AMAZON-AES, US. The main domain is click1.email.billingsgazette.com.
This is the only time click1.email.billingsgazette.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 74.214.203.11 14618 (AMAZON-AES)
4 2a03:2880:f04... 32934 (FACEBOOK)
1 2a00:1450:400... 15169 (GOOGLE)
1 96.46.128.252 14618 (AMAZON-AES)
21 104.18.130.43 13335 (CLOUDFLAR...)
14 14 2.16.186.163 20940 (AKAMAI-ASN1)
11 14 18.215.218.210 14618 (AMAZON-AES)
3 151.101.129.44 54113 (FASTLY)
6 2.18.232.230 16625 (AKAMAI-AS)
2 3 54.86.197.188 14618 (AMAZON-AES)
1 1 185.29.134.244 30419 (MEDIAMATH...)
1 2 2600:1f18:444... 14618 (AMAZON-AES)
43 10
2    74.214.203.11 (United States)

ASN14618 (AMAZON-AES, US)
click1.email.billingsgazette.com
4    2a03:2880:f045:10:face:b00c:0:3 (Amsterdam, Netherlands)

ASN32934 (FACEBOOK, US)
connect.facebook.net
1    2a00:1450:4001:811::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    96.46.128.252 (United States)

ASN14618 (AMAZON-AES, US)
PTR: www.efeedbacktrk.com
f494d9.efeedbacktrk.com
21    104.18.130.43 (None, )

ASN13335 (CLOUDFLARENET, US)
bloximages.chicago2.vip.townnews.com
14    2.16.186.163 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-16-186-163.deploy.static.akamaitechnologies.com
sli.billingsgazette.com
14    18.215.218.210 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-215-218-210.compute-1.amazonaws.com
p.liadm.com
3    151.101.129.44 (United States)

ASN54113 (FASTLY, US)
mb.taboola.com
6    2.18.232.230 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-232-230.deploy.static.akamaitechnologies.com
c.licasd.com
3    54.86.197.188 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-86-197-188.compute-1.amazonaws.com
i.liadm.com
1    185.29.134.244 (United Kingdom)

ASN30419 (MEDIAMATH-INC, US)
sync.mathtag.com
2    2600:1f18:444a:4602:9c05:7f25:f6a5:7205 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
i6.liadm.com
Domain Requested by
21 bloximages.chicago2.vip.townnews.com click1.email.billingsgazette.com
14 p.liadm.com 11 redirects click1.email.billingsgazette.com
14 sli.billingsgazette.com 14 redirects
6 c.licasd.com click1.email.billingsgazette.com
4 connect.facebook.net click1.email.billingsgazette.com
connect.facebook.net
3 i.liadm.com 2 redirects click1.email.billingsgazette.com
3 mb.taboola.com click1.email.billingsgazette.com
2 i6.liadm.com 1 redirects click1.email.billingsgazette.com
2 click1.email.billingsgazette.com
1 sync.mathtag.com 1 redirects
1 f494d9.efeedbacktrk.com click1.email.billingsgazette.com
1 www.google-analytics.com click1.email.billingsgazette.com
43 12

This site contains no links.

Subject Issuer Validity Valid
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2021-09-26 -
2021-12-25		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2021-11-29 -
2022-02-21		 3 months crt.sh
*.efeedbacktrk.com
Go Daddy Secure Certificate Authority - G2		 2021-07-06 -
2022-05-28		 a year crt.sh
bloximages.chicago2.vip.townnews.com
GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1		 2021-03-09 -
2022-04-09		 a year crt.sh

This page contains 1 frames:

Primary Page: http://click1.email.billingsgazette.com/ViewMessage.do;jsessionid=FBC2B59909AD8C08AD6AF4D29509A2E2
Frame ID: 10BDA63FD7AD535CC3AD75EE1257191A
Requests: 43 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Schools says fix for in-school mental health services is unworkable Politics

Page URL History Show full URLs

  1. http://click1.email.billingsgazette.com/ViewMessage.do?m=rtvckvwtvw&r=ybbkklcfvf&s=bpjvdfqqcqszpgdjlffzctzmtvzczdbkp... Page URL
  2. http://click1.email.billingsgazette.com/ViewMessage.do;jsessionid=FBC2B59909AD8C08AD6AF4D29509A2E2 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Page Statistics

43
Requests

58 %
HTTPS

25 %
IPv6

9
Domains

12
Subdomains

10
IPs

5
Countries

1060 kB
Transfer

1468 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://click1.email.billingsgazette.com/ViewMessage.do?m=rtvckvwtvw&r=ybbkklcfvf&s=bpjvdfqqcqszpgdjlffzctzmtvzczdbkpbq&q=1639764000&a=view Page URL
  2. http://click1.email.billingsgazette.com/ViewMessage.do;jsessionid=FBC2B59909AD8C08AD6AF4D29509A2E2 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1
  • http://connect.facebook.net/en_US/all.js HTTP 307
  • https://connect.facebook.net/en_US/all.js
Request Chain 3
  • http://connect.facebook.net/en_US/all.js HTTP 307
  • https://connect.facebook.net/en_US/all.js
Request Chain 8
  • https://sli.billingsgazette.com/imp?s=104205&li=&e=eric.clanton@mt.gov&p=1468768 HTTP 301
  • https://p.liadm.com/imp?s=104205&li=&p=1468768&m=e9f6cf9e221e60011e2dbe75df98d855&mo=e9f6cf9e221e60011e2dbe75df98d855&mol=e9f6cf9e221e60011e2dbe75df98d855&mou=bb35eb6152f05c54d1735e068c7336b0&msu=bb35eb6152f05c54d1735e068c7336b0&mold=288203c23c12916abf69e0f4b3116469&sh=2c6fa681f4c739f7eefb531960c5987c67c33117&sh2=5f3006e6c83c28aa661771aecae90328c50b74ccaaa25ea56418cf9a88c41348&sh2o=5f3006e6c83c28aa661771aecae90328c50b74ccaaa25ea56418cf9a88c41348&sh2ol=5f3006e6c83c28aa661771aecae90328c50b74ccaaa25ea56418cf9a88c41348&sh2ou=a01ac08b810e06e180d7947ac95e0d1d14f9d79c3533182c95796ed201e6b9fe&sh2su=a01ac08b810e06e180d7947ac95e0d1d14f9d79c3533182c95796ed201e6b9fe&sh2old=4d1974ca509f77a84dfa9b619c8d1c8024902d7e7b4fd0d175b24a442bccc0d7&dom=mt.gov&_lc2_fpi=e33b083e4625--01fq4sfxzzvyqkcvrwe17p5051 HTTP 302
  • https://mb.taboola.com/server/1.1/jpg/liveintent-ron-row/recommendations.get?recipient.proprietary.namespace=liveintent&recipient.proprietary.id=6HyADCL_l_EhvhWc_W_SHiW6B8GCc-0-TQqYUQ&recipient.user.id=7de33542-6cc7-4824-8184-787bdb8cc120-tuct88acd59&instance.id=c0ca108b-a84f-38e6-b9f4-dc3738917e01&widget.placement=104205&widget.slot=1&widget.mode=mobile-marquee&source.url=http%3A%2F%2Fliveintent.com%2F&newsletter.id=5849&recipient.user.agent=&recipient.ipv4=78.47.208.24&widget.alternative=Phone
Request Chain 9
  • https://sli.billingsgazette.com/imp?s=445827&li=&e=eric.clanton@mt.gov&p=1468768 HTTP 301
  • https://p.liadm.com/imp?s=445827&li=&p=1468768&m=e9f6cf9e221e60011e2dbe75df98d855&mo=e9f6cf9e221e60011e2dbe75df98d855&mol=e9f6cf9e221e60011e2dbe75df98d855&mou=bb35eb6152f05c54d1735e068c7336b0&msu=bb35eb6152f05c54d1735e068c7336b0&mold=288203c23c12916abf69e0f4b3116469&sh=2c6fa681f4c739f7eefb531960c5987c67c33117&sh2=5f3006e6c83c28aa661771aecae90328c50b74ccaaa25ea56418cf9a88c41348&sh2o=5f3006e6c83c28aa661771aecae90328c50b74ccaaa25ea56418cf9a88c41348&sh2ol=5f3006e6c83c28aa661771aecae90328c50b74ccaaa25ea56418cf9a88c41348&sh2ou=a01ac08b810e06e180d7947ac95e0d1d14f9d79c3533182c95796ed201e6b9fe&sh2su=a01ac08b810e06e180d7947ac95e0d1d14f9d79c3533182c95796ed201e6b9fe&sh2old=4d1974ca509f77a84dfa9b619c8d1c8024902d7e7b4fd0d175b24a442bccc0d7&dom=mt.gov&_lc2_fpi=e33b083e4625--01fq4sfxz8j594st22kbyczw6f HTTP 302
  • https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/94c8cd36dc1428947beeb6283056d111.png
Request Chain 10
  • https://sli.billingsgazette.com/imp?s=576897&li=&e=eric.clanton@mt.gov&p=1468768 HTTP 301
  • https://p.liadm.com/imp?s=576897&li=&p=1468768&m=e9f6cf9e221e60011e2dbe75df98d855&mo=e9f6cf9e221e60011e2dbe75df98d855&mol=e9f6cf9e221e60011e2dbe75df98d855&mou=bb35eb6152f05c54d1735e068c7336b0&msu=bb35eb6152f05c54d1735e068c7336b0&mold=288203c23c12916abf69e0f4b3116469&sh=2c6fa681f4c739f7eefb531960c5987c67c33117&sh2=5f3006e6c83c28aa661771aecae90328c50b74ccaaa25ea56418cf9a88c41348&sh2o=5f3006e6c83c28aa661771aecae90328c50b74ccaaa25ea56418cf9a88c41348&sh2ol=5f3006e6c83c28aa661771aecae90328c50b74ccaaa25ea56418cf9a88c41348&sh2ou=a01ac08b810e06e180d7947ac95e0d1d14f9d79c3533182c95796ed201e6b9fe&sh2su=a01ac08b810e06e180d7947ac95e0d1d14f9d79c3533182c95796ed201e6b9fe&sh2old=4d1974ca509f77a84dfa9b619c8d1c8024902d7e7b4fd0d175b24a442bccc0d7&dom=mt.gov&_lc2_fpi=e33b083e4625--01fq4sfxzp0h90gj1scexj97gt HTTP 302
  • https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/27e30bebaaece921293946f3c75ca02b.png
Request Chain 17
  • https://sli.billingsgazette.com/imp?s=104199&li=&e=eric.clanton@mt.gov&p=1468768 HTTP 301
  • https://p.liadm.com/imp?s=104199&li=&p=1468768&m=e9f6cf9e221e60011e2dbe75df98d855&mo=e9f6cf9e221e60011e2dbe75df98d855&mol=e9f6cf9e221e60011e2dbe75df98d855&mou=bb35eb6152f05c54d1735e068c7336b0&msu=bb35eb6152f05c54d1735e068c7336b0&mold=288203c23c12916abf69e0f4b3116469&sh=2c6fa681f4c739f7eefb531960c5987c67c33117&sh2=5f3006e6c83c28aa661771aecae90328c50b74ccaaa25ea56418cf9a88c41348&sh2o=5f3006e6c83c28aa661771aecae90328c50b74ccaaa25ea56418cf9a88c41348&sh2ol=5f3006e6c83c28aa661771aecae90328c50b74ccaaa25ea56418cf9a88c41348&sh2ou=a01ac08b810e06e180d7947ac95e0d1d14f9d79c3533182c95796ed201e6b9fe&sh2su=a01ac08b810e06e180d7947ac95e0d1d14f9d79c3533182c95796ed201e6b9fe&sh2old=4d1974ca509f77a84dfa9b619c8d1c8024902d7e7b4fd0d175b24a442bccc0d7&dom=mt.gov&_lc2_fpi=e33b083e4625--01fq4sfxzebzn5kqj6h61fjjn7 HTTP 302
  • https://mb.taboola.com/server/1.1/jpg/liveintent-ron-row/recommendations.get?recipient.proprietary.namespace=liveintent&recipient.proprietary.id=6HyADCL_l_EhvhWc_W_SHiW6B8GCc-0-TQqYUQ&recipient.user.id=bc4f0688-2646-4c3f-8713-5fafe60606c0-tuct6f4d432&instance.id=c493cd73-542c-38ce-9f14-bf0cbd22fc46&widget.placement=104199&widget.slot=1&widget.mode=thumbnails-medrec&source.url=http%3A%2F%2Fliveintent.com%2F&newsletter.id=5849&recipient.user.agent=&recipient.ipv4=78.47.208.24&widget.alternative=
Request Chain 18
  • https://sli.billingsgazette.com/imp?s=445829&li=&e=eric.clanton@mt.gov&p=1468768 HTTP 301
  • https://p.liadm.com/imp?s=445829&li=&p=1468768&m=e9f6cf9e221e60011e2dbe75df98d855&mo=e9f6cf9e221e60011e2dbe75df98d855&mol=e9f6cf9e221e60011e2dbe75df98d855&mou=bb35eb6152f05c54d1735e068c7336b0&msu=bb35eb6152f05c54d1735e068c7336b0&mold=288203c23c12916abf69e0f4b3116469&sh=2c6fa681f4c739f7eefb531960c5987c67c33117&sh2=5f3006e6c83c28aa661771aecae90328c50b74ccaaa25ea56418cf9a88c41348&sh2o=5f3006e6c83c28aa661771aecae90328c50b74ccaaa25ea56418cf9a88c41348&sh2ol=5f3006e6c83c28aa661771aecae90328c50b74ccaaa25ea56418cf9a88c41348&sh2ou=a01ac08b810e06e180d7947ac95e0d1d14f9d79c3533182c95796ed201e6b9fe&sh2su=a01ac08b810e06e180d7947ac95e0d1d14f9d79c3533182c95796ed201e6b9fe&sh2old=4d1974ca509f77a84dfa9b619c8d1c8024902d7e7b4fd0d175b24a442bccc0d7&dom=mt.gov&_lc2_fpi=e33b083e4625--01fq4sfxzx1kngfyzbtvm80qef HTTP 302
  • https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/94c8cd36dc1428947beeb6283056d111.png
Request Chain 19
  • https://sli.billingsgazette.com/imp?s=576899&li=&e=eric.clanton@mt.gov&p=1468768 HTTP 301
  • https://p.liadm.com/imp?s=576899&li=&p=1468768&m=e9f6cf9e221e60011e2dbe75df98d855&mo=e9f6cf9e221e60011e2dbe75df98d855&mol=e9f6cf9e221e60011e2dbe75df98d855&mou=bb35eb6152f05c54d1735e068c7336b0&msu=bb35eb6152f05c54d1735e068c7336b0&mold=288203c23c12916abf69e0f4b3116469&sh=2c6fa681f4c739f7eefb531960c5987c67c33117&sh2=5f3006e6c83c28aa661771aecae90328c50b74ccaaa25ea56418cf9a88c41348&sh2o=5f3006e6c83c28aa661771aecae90328c50b74ccaaa25ea56418cf9a88c41348&sh2ol=5f3006e6c83c28aa661771aecae90328c50b74ccaaa25ea56418cf9a88c41348&sh2ou=a01ac08b810e06e180d7947ac95e0d1d14f9d79c3533182c95796ed201e6b9fe&sh2su=a01ac08b810e06e180d7947ac95e0d1d14f9d79c3533182c95796ed201e6b9fe&sh2old=4d1974ca509f77a84dfa9b619c8d1c8024902d7e7b4fd0d175b24a442bccc0d7&dom=mt.gov&_lc2_fpi=e33b083e4625--01fq4sfxznybyq90n9v6bev6fn HTTP 302
  • https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/27e30bebaaece921293946f3c75ca02b.png
Request Chain 29
  • https://sli.billingsgazette.com/imp?s=104202&li=&e=eric.clanton@mt.gov&p=1468768 HTTP 301
  • https://p.liadm.com/imp?s=104202&li=&p=1468768&m=e9f6cf9e221e60011e2dbe75df98d855&mo=e9f6cf9e221e60011e2dbe75df98d855&mol=e9f6cf9e221e60011e2dbe75df98d855&mou=bb35eb6152f05c54d1735e068c7336b0&msu=bb35eb6152f05c54d1735e068c7336b0&mold=288203c23c12916abf69e0f4b3116469&sh=2c6fa681f4c739f7eefb531960c5987c67c33117&sh2=5f3006e6c83c28aa661771aecae90328c50b74ccaaa25ea56418cf9a88c41348&sh2o=5f3006e6c83c28aa661771aecae90328c50b74ccaaa25ea56418cf9a88c41348&sh2ol=5f3006e6c83c28aa661771aecae90328c50b74ccaaa25ea56418cf9a88c41348&sh2ou=a01ac08b810e06e180d7947ac95e0d1d14f9d79c3533182c95796ed201e6b9fe&sh2su=a01ac08b810e06e180d7947ac95e0d1d14f9d79c3533182c95796ed201e6b9fe&sh2old=4d1974ca509f77a84dfa9b619c8d1c8024902d7e7b4fd0d175b24a442bccc0d7&dom=mt.gov&_lc2_fpi=e33b083e4625--01fq4sfyp5te4e4k1yn3vkpa40 HTTP 302
  • https://mb.taboola.com/server/1.1/jpg/liveintent-ron-row/recommendations.get?recipient.proprietary.namespace=liveintent&recipient.proprietary.id=6HyADCL_l_EhvhWc_W_SHiW6B8GCc-0-TQqYUQ&recipient.user.id=7de33542-6cc7-4824-8184-787bdb8cc120-tuct88acd59&instance.id=6bf8e529-e94e-3112-aea6-99777a80bbc7&widget.placement=104202&widget.slot=1&widget.mode=mobile-marquee&source.url=http%3A%2F%2Fliveintent.com%2F&newsletter.id=5849&recipient.user.agent=&recipient.ipv4=78.47.208.24&widget.alternative=Phone
Request Chain 30
  • https://sli.billingsgazette.com/imp?s=445828&li=&e=eric.clanton@mt.gov&p=1468768 HTTP 301
  • https://p.liadm.com/imp?s=445828&li=&p=1468768&m=e9f6cf9e221e60011e2dbe75df98d855&mo=e9f6cf9e221e60011e2dbe75df98d855&mol=e9f6cf9e221e60011e2dbe75df98d855&mou=bb35eb6152f05c54d1735e068c7336b0&msu=bb35eb6152f05c54d1735e068c7336b0&mold=288203c23c12916abf69e0f4b3116469&sh=2c6fa681f4c739f7eefb531960c5987c67c33117&sh2=5f3006e6c83c28aa661771aecae90328c50b74ccaaa25ea56418cf9a88c41348&sh2o=5f3006e6c83c28aa661771aecae90328c50b74ccaaa25ea56418cf9a88c41348&sh2ol=5f3006e6c83c28aa661771aecae90328c50b74ccaaa25ea56418cf9a88c41348&sh2ou=a01ac08b810e06e180d7947ac95e0d1d14f9d79c3533182c95796ed201e6b9fe&sh2su=a01ac08b810e06e180d7947ac95e0d1d14f9d79c3533182c95796ed201e6b9fe&sh2old=4d1974ca509f77a84dfa9b619c8d1c8024902d7e7b4fd0d175b24a442bccc0d7&dom=mt.gov&_lc2_fpi=e33b083e4625--01fq4sfypcb4k7qtc4xaz8xpes HTTP 302
  • https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/94c8cd36dc1428947beeb6283056d111.png
Request Chain 31
  • https://sli.billingsgazette.com/imp?s=576898&li=&e=eric.clanton@mt.gov&p=1468768 HTTP 301
  • https://p.liadm.com/imp?s=576898&li=&p=1468768&m=e9f6cf9e221e60011e2dbe75df98d855&mo=e9f6cf9e221e60011e2dbe75df98d855&mol=e9f6cf9e221e60011e2dbe75df98d855&mou=bb35eb6152f05c54d1735e068c7336b0&msu=bb35eb6152f05c54d1735e068c7336b0&mold=288203c23c12916abf69e0f4b3116469&sh=2c6fa681f4c739f7eefb531960c5987c67c33117&sh2=5f3006e6c83c28aa661771aecae90328c50b74ccaaa25ea56418cf9a88c41348&sh2o=5f3006e6c83c28aa661771aecae90328c50b74ccaaa25ea56418cf9a88c41348&sh2ol=5f3006e6c83c28aa661771aecae90328c50b74ccaaa25ea56418cf9a88c41348&sh2ou=a01ac08b810e06e180d7947ac95e0d1d14f9d79c3533182c95796ed201e6b9fe&sh2su=a01ac08b810e06e180d7947ac95e0d1d14f9d79c3533182c95796ed201e6b9fe&sh2old=4d1974ca509f77a84dfa9b619c8d1c8024902d7e7b4fd0d175b24a442bccc0d7&dom=mt.gov&_lc2_fpi=e33b083e4625--01fq4sfyp91fr3gwn4dq529npx HTTP 302
  • https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/27e30bebaaece921293946f3c75ca02b.png
Request Chain 32
  • https://sli.billingsgazette.com/imp?s=123584900&li=&e=eric.clanton@mt.gov&p=1468768 HTTP 301
  • https://p.liadm.com/imp?s=123584900&li=&p=1468768&m=e9f6cf9e221e60011e2dbe75df98d855&mo=e9f6cf9e221e60011e2dbe75df98d855&mol=e9f6cf9e221e60011e2dbe75df98d855&mou=bb35eb6152f05c54d1735e068c7336b0&msu=bb35eb6152f05c54d1735e068c7336b0&mold=288203c23c12916abf69e0f4b3116469&sh=2c6fa681f4c739f7eefb531960c5987c67c33117&sh2=5f3006e6c83c28aa661771aecae90328c50b74ccaaa25ea56418cf9a88c41348&sh2o=5f3006e6c83c28aa661771aecae90328c50b74ccaaa25ea56418cf9a88c41348&sh2ol=5f3006e6c83c28aa661771aecae90328c50b74ccaaa25ea56418cf9a88c41348&sh2ou=a01ac08b810e06e180d7947ac95e0d1d14f9d79c3533182c95796ed201e6b9fe&sh2su=a01ac08b810e06e180d7947ac95e0d1d14f9d79c3533182c95796ed201e6b9fe&sh2old=4d1974ca509f77a84dfa9b619c8d1c8024902d7e7b4fd0d175b24a442bccc0d7&dom=mt.gov&_lc2_fpi=e33b083e4625--01fq4sfypa9g0vxmzypsq1vcb1 HTTP 302
  • https://i.liadm.com/s/section/123584900?m=e9f6cf9e221e60011e2dbe75df98d855&sh1=2c6fa681f4c739f7eefb531960c5987c67c33117&sh2=5f3006e6c83c28aa661771aecae90328c50b74ccaaa25ea56418cf9a88c41348&source=safe_rtb HTTP 303
  • https://i.liadm.com/s/section/123584900?sh2=5f3006e6c83c28aa661771aecae90328c50b74ccaaa25ea56418cf9a88c41348&source=safe_rtb&m=e9f6cf9e221e60011e2dbe75df98d855&_li_chk=true&sh1=2c6fa681f4c739f7eefb531960c5987c67c33117&previous_uuid=6b416a591a494b0e8b879ee58491f6ab HTTP 303
  • https://sync.mathtag.com/sync/img?mt_exid=36&redir=https%3A%2F%2Fi.liadm.com%2Fs%2Fe%2F5149%2F0%2Fece0ff03c6cf4beab4e1a63ac6fced16%3Fmpid%3D7156%26muid%3D%5BMM_UUID%5D&6b416a59-1a49-4b0e-8b87-9ee58491f6ab&previous_uuid=ece0ff03c6cf4beab4e1a63ac6fced16 HTTP 302
  • https://i.liadm.com/s/e/5149/0/ece0ff03c6cf4beab4e1a63ac6fced16?mpid=7156&muid=b6e261bc-d2f1-4300-9721-80e9eb2229e6
Request Chain 33
  • https://sli.billingsgazette.com/imp?s=123584901&li=&e=eric.clanton@mt.gov&p=1468768 HTTP 301
  • https://p.liadm.com/imp?s=123584901&li=&p=1468768&m=e9f6cf9e221e60011e2dbe75df98d855&mo=e9f6cf9e221e60011e2dbe75df98d855&mol=e9f6cf9e221e60011e2dbe75df98d855&mou=bb35eb6152f05c54d1735e068c7336b0&msu=bb35eb6152f05c54d1735e068c7336b0&mold=288203c23c12916abf69e0f4b3116469&sh=2c6fa681f4c739f7eefb531960c5987c67c33117&sh2=5f3006e6c83c28aa661771aecae90328c50b74ccaaa25ea56418cf9a88c41348&sh2o=5f3006e6c83c28aa661771aecae90328c50b74ccaaa25ea56418cf9a88c41348&sh2ol=5f3006e6c83c28aa661771aecae90328c50b74ccaaa25ea56418cf9a88c41348&sh2ou=a01ac08b810e06e180d7947ac95e0d1d14f9d79c3533182c95796ed201e6b9fe&sh2su=a01ac08b810e06e180d7947ac95e0d1d14f9d79c3533182c95796ed201e6b9fe&sh2old=4d1974ca509f77a84dfa9b619c8d1c8024902d7e7b4fd0d175b24a442bccc0d7&dom=mt.gov&_lc2_fpi=e33b083e4625--01fq4sfyvjr3zx2835g010g2h0 HTTP 302
  • https://i6.liadm.com/s/section/123584901?m=e9f6cf9e221e60011e2dbe75df98d855&sh1=2c6fa681f4c739f7eefb531960c5987c67c33117&sh2=5f3006e6c83c28aa661771aecae90328c50b74ccaaa25ea56418cf9a88c41348&source=safe_rtb HTTP 303
  • https://i6.liadm.com/s/section/123584901?sh2=5f3006e6c83c28aa661771aecae90328c50b74ccaaa25ea56418cf9a88c41348&source=safe_rtb&m=e9f6cf9e221e60011e2dbe75df98d855&_li_chk=true&sh1=2c6fa681f4c739f7eefb531960c5987c67c33117&previous_uuid=d8ccd62463ce44a99454ae67d21ce794
Request Chain 34
  • https://sli.billingsgazette.com/imp?s=123584902&li=&e=eric.clanton@mt.gov&p=1468768 HTTP 301
  • https://p.liadm.com/imp?s=123584902&li=&p=1468768&m=e9f6cf9e221e60011e2dbe75df98d855&mo=e9f6cf9e221e60011e2dbe75df98d855&mol=e9f6cf9e221e60011e2dbe75df98d855&mou=bb35eb6152f05c54d1735e068c7336b0&msu=bb35eb6152f05c54d1735e068c7336b0&mold=288203c23c12916abf69e0f4b3116469&sh=2c6fa681f4c739f7eefb531960c5987c67c33117&sh2=5f3006e6c83c28aa661771aecae90328c50b74ccaaa25ea56418cf9a88c41348&sh2o=5f3006e6c83c28aa661771aecae90328c50b74ccaaa25ea56418cf9a88c41348&sh2ol=5f3006e6c83c28aa661771aecae90328c50b74ccaaa25ea56418cf9a88c41348&sh2ou=a01ac08b810e06e180d7947ac95e0d1d14f9d79c3533182c95796ed201e6b9fe&sh2su=a01ac08b810e06e180d7947ac95e0d1d14f9d79c3533182c95796ed201e6b9fe&sh2old=4d1974ca509f77a84dfa9b619c8d1c8024902d7e7b4fd0d175b24a442bccc0d7&dom=mt.gov&_lc2_fpi=e33b083e4625--01fq4sfyw4y92g1bwzyw54v9r0
Request Chain 35
  • https://sli.billingsgazette.com/imp?s=123584903&li=&e=eric.clanton@mt.gov&p=1468768 HTTP 301
  • https://p.liadm.com/imp?s=123584903&li=&p=1468768&m=e9f6cf9e221e60011e2dbe75df98d855&mo=e9f6cf9e221e60011e2dbe75df98d855&mol=e9f6cf9e221e60011e2dbe75df98d855&mou=bb35eb6152f05c54d1735e068c7336b0&msu=bb35eb6152f05c54d1735e068c7336b0&mold=288203c23c12916abf69e0f4b3116469&sh=2c6fa681f4c739f7eefb531960c5987c67c33117&sh2=5f3006e6c83c28aa661771aecae90328c50b74ccaaa25ea56418cf9a88c41348&sh2o=5f3006e6c83c28aa661771aecae90328c50b74ccaaa25ea56418cf9a88c41348&sh2ol=5f3006e6c83c28aa661771aecae90328c50b74ccaaa25ea56418cf9a88c41348&sh2ou=a01ac08b810e06e180d7947ac95e0d1d14f9d79c3533182c95796ed201e6b9fe&sh2su=a01ac08b810e06e180d7947ac95e0d1d14f9d79c3533182c95796ed201e6b9fe&sh2old=4d1974ca509f77a84dfa9b619c8d1c8024902d7e7b4fd0d175b24a442bccc0d7&dom=mt.gov&_lc2_fpi=e33b083e4625--01fq4sfyzsjwsrgp7j02yjz312
Request Chain 36
  • https://sli.billingsgazette.com/imp?s=123584904&li=&e=eric.clanton@mt.gov&p=1468768 HTTP 301
  • https://p.liadm.com/imp?s=123584904&li=&p=1468768&m=e9f6cf9e221e60011e2dbe75df98d855&mo=e9f6cf9e221e60011e2dbe75df98d855&mol=e9f6cf9e221e60011e2dbe75df98d855&mou=bb35eb6152f05c54d1735e068c7336b0&msu=bb35eb6152f05c54d1735e068c7336b0&mold=288203c23c12916abf69e0f4b3116469&sh=2c6fa681f4c739f7eefb531960c5987c67c33117&sh2=5f3006e6c83c28aa661771aecae90328c50b74ccaaa25ea56418cf9a88c41348&sh2o=5f3006e6c83c28aa661771aecae90328c50b74ccaaa25ea56418cf9a88c41348&sh2ol=5f3006e6c83c28aa661771aecae90328c50b74ccaaa25ea56418cf9a88c41348&sh2ou=a01ac08b810e06e180d7947ac95e0d1d14f9d79c3533182c95796ed201e6b9fe&sh2su=a01ac08b810e06e180d7947ac95e0d1d14f9d79c3533182c95796ed201e6b9fe&sh2old=4d1974ca509f77a84dfa9b619c8d1c8024902d7e7b4fd0d175b24a442bccc0d7&dom=mt.gov&_lc2_fpi=e33b083e4625--01fq4sfz05rqkz0cwtg7a7ym6m

43 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
ViewMessage.do
click1.email.billingsgazette.com/ 		3 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://click1.email.billingsgazette.com/ViewMessage.do?m=rtvckvwtvw&r=ybbkklcfvf&s=bpjvdfqqcqszpgdjlffzctzmtvzczdbkpbq&q=1639764000&a=view
Protocol
HTTP/1.1
Server
74.214.203.11 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
Apache-Coyote/1.1 /
Resource Hash
4823a9a24776da61e2196b2a369b78b26daf88ceffc193f5b6c91952234e47eb

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

Server
Apache-Coyote/1.1
Connection
Keep-Alive
Keep-Alive
timeout=60
Content-Type
text/html;charset=utf-8
Transfer-Encoding
chunked
Date
Fri, 17 Dec 2021 18:11:58 GMT
all.js
connect.facebook.net/en_US/
Redirect Chain
  • http://connect.facebook.net/en_US/all.js
  • https://connect.facebook.net/en_US/all.js
3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/all.js
Requested by
Host: click1.email.billingsgazette.com
URL: http://click1.email.billingsgazette.com/ViewMessage.do?m=rtvckvwtvw&r=ybbkklcfvf&s=bpjvdfqqcqszpgdjlffzctzmtvzczdbkpbq&q=1639764000&a=view
Protocol
H2
Server
2a03:2880:f045:10:face:b00c:0:3 Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
485c1121b840932438c22c2a8dd61b63ccc9f1cf16d33daa18aed205aa7649ef
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://click1.email.billingsgazette.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
znD/dslD5iy3vcmysX1uXw==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length
1686
x-fb-rlafr
0
x-fb-debug
GPtAGQSXhpQ+HINbZeYSAQ1PKiaGGQKEa60qMx2SHfQ1mIpxlOaqBmd4JNLf2uh9y+rGB7+AsQjHbFJ1FmVGaw==
x-fb-trip-id
1709462857
x-fb-content-md5
d191678ee4e203d381c6000653d1c49f
x-frame-options
DENY
date
Fri, 17 Dec 2021 18:11:58 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=1200,stale-while-revalidate=3600
etag
"018c944b4f9628138ef99645f24d11a8"
timing-allow-origin
*
expires
Fri, 17 Dec 2021 18:15:36 GMT

Redirect headers

Location
https://connect.facebook.net/en_US/all.js
Non-Authoritative-Reason
HSTS
all.js
connect.facebook.net/en_US/ 		290 KB
82 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/all.js?hash=87dd8c0844e98da50be86e15d1c915c5
Requested by
Host: connect.facebook.net
URL: http://connect.facebook.net/en_US/all.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f045:10:face:b00c:0:3 Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
http://click1.email.billingsgazette.com/
Origin
http://click1.email.billingsgazette.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
on6sZZz/5N0qF2oTaLnK5A==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length
83424
x-fb-rlafr
0
x-fb-debug
GxsqG26LcQ3gLLLNliJ4QQQkomVL5apNk0zQskH2Gi1Vld/jq47z6+cQCjkO9x9VN3MBO7QeN5021kUikO+PwA==
x-fb-content-md5
549c01186d89f7d4b903b980ef846486
x-frame-options
DENY
date
Fri, 17 Dec 2021 18:11:58 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=31536000,stale-while-revalidate=3600,immutable
etag
"cb4c5e173f22aea0c9ba9fa5bc6080dd"
timing-allow-origin
*
priority
u=3,i
expires
Sat, 17 Dec 2022 17:38:14 GMT
Primary Request ViewMessage.do;jsessionid=FBC2B59909AD8C08AD6AF4D29509A2E2
click1.email.billingsgazette.com/ 		60 KB
60 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://click1.email.billingsgazette.com/ViewMessage.do;jsessionid=FBC2B59909AD8C08AD6AF4D29509A2E2
Protocol
HTTP/1.1
Server
74.214.203.11 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
Apache-Coyote/1.1 /
Resource Hash
197350b8d8762feb7c984cd765b9f8d380f5015f11f58f86a0eb678a351c34c4

Request headers

Upgrade-Insecure-Requests
1
Origin
http://click1.email.billingsgazette.com
Content-Type
application/x-www-form-urlencoded
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
http://click1.email.billingsgazette.com/ViewMessage.do?m=rtvckvwtvw&r=ybbkklcfvf&s=bpjvdfqqcqszpgdjlffzctzmtvzczdbkpbq&q=1639764000&a=view

Response headers

Server
Apache-Coyote/1.1
Connection
Keep-Alive
Keep-Alive
timeout=60
Content-Type
text/html;charset=utf-8
Transfer-Encoding
chunked
Date
Fri, 17 Dec 2021 18:11:59 GMT
all.js
connect.facebook.net/en_US/
Redirect Chain
  • http://connect.facebook.net/en_US/all.js
  • https://connect.facebook.net/en_US/all.js
3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/all.js
Requested by
Host: click1.email.billingsgazette.com
URL: http://click1.email.billingsgazette.com/ViewMessage.do;jsessionid=FBC2B59909AD8C08AD6AF4D29509A2E2
Protocol
H3
Server
2a03:2880:f045:10:face:b00c:0:3 Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
485c1121b840932438c22c2a8dd61b63ccc9f1cf16d33daa18aed205aa7649ef
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://click1.email.billingsgazette.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
znD/dslD5iy3vcmysX1uXw==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length
1686
x-fb-rlafr
0
x-fb-debug
GPtAGQSXhpQ+HINbZeYSAQ1PKiaGGQKEa60qMx2SHfQ1mIpxlOaqBmd4JNLf2uh9y+rGB7+AsQjHbFJ1FmVGaw==
x-fb-content-md5
d191678ee4e203d381c6000653d1c49f
x-frame-options
DENY
date
Fri, 17 Dec 2021 18:11:59 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=1200,stale-while-revalidate=3600
etag
"018c944b4f9628138ef99645f24d11a8"
timing-allow-origin
*
priority
u=3,i
expires
Fri, 17 Dec 2021 18:15:36 GMT

Redirect headers

Location
https://connect.facebook.net/en_US/all.js
Non-Authoritative-Reason
HSTS
all.js
connect.facebook.net/en_US/ 		290 KB
82 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/all.js?hash=87dd8c0844e98da50be86e15d1c915c5
Requested by
Host: connect.facebook.net
URL: http://connect.facebook.net/en_US/all.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f045:10:face:b00c:0:3 Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
aabb6b91e3f5f3a069b279e7abd838b6a32233f693cfa6aa742ad9b745d901a8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
http://click1.email.billingsgazette.com/
Origin
http://click1.email.billingsgazette.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
on6sZZz/5N0qF2oTaLnK5A==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length
83424
x-fb-rlafr
0
x-fb-debug
GxsqG26LcQ3gLLLNliJ4QQQkomVL5apNk0zQskH2Gi1Vld/jq47z6+cQCjkO9x9VN3MBO7QeN5021kUikO+PwA==
x-fb-content-md5
549c01186d89f7d4b903b980ef846486
x-frame-options
DENY
date
Fri, 17 Dec 2021 18:11:59 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=31536000,stale-while-revalidate=3600,immutable
etag
"cb4c5e173f22aea0c9ba9fa5bc6080dd"
timing-allow-origin
*
priority
u=3,i
expires
Sat, 17 Dec 2022 17:38:14 GMT
collect
www.google-analytics.com/ 		35 B
393 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&tid=UA-54716522-12&t=event&ec=email&ea=open&cid=5528494&el=whatcounts&cs=billingsgazette.com&cm=email&cn=%2Fnewsletter-templates%2Fpolitics%2F%3Fforce_medium%3DPostUp%26_dc%3D-15375807713012216
Requested by
Host: click1.email.billingsgazette.com
URL: http://click1.email.billingsgazette.com/ViewMessage.do;jsessionid=FBC2B59909AD8C08AD6AF4D29509A2E2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://click1.email.billingsgazette.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Dec 2021 23:13:43 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
68296
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
ktvwtmssdsbjplvtjrhmmjpdgpjqgwpdptfklfsvlsfmsfs_wjwgglzwjwbdsvjnswfff.gif
f494d9.efeedbacktrk.com/ 		68 B
466 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://f494d9.efeedbacktrk.com/ktvwtmssdsbjplvtjrhmmjpdgpjqgwpdptfklfsvlsfmsfs_wjwgglzwjwbdsvjnswfff.gif
Requested by
Host: click1.email.billingsgazette.com
URL: http://click1.email.billingsgazette.com/ViewMessage.do;jsessionid=FBC2B59909AD8C08AD6AF4D29509A2E2
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
96.46.128.252 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
www.efeedbacktrk.com
Software
sp /
Resource Hash
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://click1.email.billingsgazette.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 17 Dec 2021 18:11:59 GMT
Server
sp
Content-Type
image/png;charset=utf-8
Cache-Control
private, max-age=0, no-cache, no-store, must-revalidate
Connection
Keep-Alive
imagetoolbar
no
Keep-Alive
timeout=60
Content-Length
68
Expires
Thu, 01 Jan 1970 00:00:00 GMT
29bd0bbc-d8e2-11e9-a9ac-2fb55f7037b7.png
bloximages.chicago2.vip.townnews.com/billingsgazette.com/content/tncms/custom/image/ 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bloximages.chicago2.vip.townnews.com/billingsgazette.com/content/tncms/custom/image/29bd0bbc-d8e2-11e9-a9ac-2fb55f7037b7.png
Requested by
Host: click1.email.billingsgazette.com
URL: http://click1.email.billingsgazette.com/ViewMessage.do;jsessionid=FBC2B59909AD8C08AD6AF4D29509A2E2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.130.43 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
46decdc823d369c4d9d5c7e008926752de711294d1b1fa05454a6f817654818e
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://click1.email.billingsgazette.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Fri, 17 Dec 2021 18:11:59 GMT
vary
Accept
cf-cache-status
HIT
age
90950
cf-polished
origFmt=png, origSize=8952
last-modified
Tue, 17 Sep 2019 00:29:08 GMT
content-disposition
inline; filename="29bd0bbc-d8e2-11e9-a9ac-2fb55f7037b7.webp"
content-length
5568
x-robots-tag
noarchive
x-vcache
MISS
server
cloudflare
etag
"5d8028d4-22f8"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=604800
content-type
image/webp
access-control-allow-origin
*
expires
Thu, 15 Dec 2022 22:38:23 GMT
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
6bf21df91b1d4de2-FRA
cf-bgj
imgq:85,h2pri
recommendations.get
mb.taboola.com/server/1.1/jpg/liveintent-ron-row/
Redirect Chain
  • https://sli.billingsgazette.com/imp?s=104205&li=&e=eric.clanton@mt.gov&p=1468768
  • https://p.liadm.com/imp?s=104205&li=&p=1468768&m=e9f6cf9e221e60011e2dbe75df98d855&mo=e9f6cf9e221e60011e2dbe75df98d855&mol=e9f6cf9e221e60011e2dbe75df98d855&mou=bb35eb6152f05c54d1735e068c7336b0&msu=b...
  • https://mb.taboola.com/server/1.1/jpg/liveintent-ron-row/recommendations.get?recipient.proprietary.namespace=liveintent&recipient.proprietary.id=6HyADCL_l_EhvhWc_W_SHiW6B8GCc-0-TQqYUQ&recipient.use...
230 KB
230 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mb.taboola.com/server/1.1/jpg/liveintent-ron-row/recommendations.get?recipient.proprietary.namespace=liveintent&recipient.proprietary.id=6HyADCL_l_EhvhWc_W_SHiW6B8GCc-0-TQqYUQ&recipient.user.id=7de33542-6cc7-4824-8184-787bdb8cc120-tuct88acd59&instance.id=c0ca108b-a84f-38e6-b9f4-dc3738917e01&widget.placement=104205&widget.slot=1&widget.mode=mobile-marquee&source.url=http%3A%2F%2Fliveintent.com%2F&newsletter.id=5849&recipient.user.agent=&recipient.ipv4=78.47.208.24&widget.alternative=Phone
Requested by
Host: click1.email.billingsgazette.com
URL: http://click1.email.billingsgazette.com/ViewMessage.do;jsessionid=FBC2B59909AD8C08AD6AF4D29509A2E2
Protocol
H2
Server
151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e20de508a7bbff9ccd21f050272461a1853852b84f556320d22c69afc3a323c4

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://click1.email.billingsgazette.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Fri, 17 Dec 2021 18:12:00 GMT
via
1.1 varnish
server
nginx
x-timer
S1639764720.229103,VS0,VE269
x-served-by
cache-fra19151-FRA
x-cache
MISS
content-type
image/jpeg
accept-ranges
bytes
content-length
235546
x-application-context
application:fe,capture-cache-remote-hz,capture-remote-hz:8080
x-cache-hits
0

Redirect headers

Location
https://mb.taboola.com/server/1.1/jpg/liveintent-ron-row/recommendations.get?recipient.proprietary.namespace=liveintent&recipient.proprietary.id=6HyADCL_l_EhvhWc_W_SHiW6B8GCc-0-TQqYUQ&recipient.user.id=7de33542-6cc7-4824-8184-787bdb8cc120-tuct88acd59&instance.id=c0ca108b-a84f-38e6-b9f4-dc3738917e01&widget.placement=104205&widget.slot=1&widget.mode=mobile-marquee&source.url=http%3A%2F%2Fliveintent.com%2F&newsletter.id=5849&recipient.user.agent=&recipient.ipv4=78.47.208.24&widget.alternative=Phone
Date
Fri, 17 Dec 2021 18:12:00 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
0
94c8cd36dc1428947beeb6283056d111.png
c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/
Redirect Chain
  • https://sli.billingsgazette.com/imp?s=445827&li=&e=eric.clanton@mt.gov&p=1468768
  • https://p.liadm.com/imp?s=445827&li=&p=1468768&m=e9f6cf9e221e60011e2dbe75df98d855&mo=e9f6cf9e221e60011e2dbe75df98d855&mol=e9f6cf9e221e60011e2dbe75df98d855&mou=bb35eb6152f05c54d1735e068c7336b0&msu=b...
  • https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/94c8cd36dc1428947beeb6283056d111.png
1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/94c8cd36dc1428947beeb6283056d111.png
Requested by
Host: click1.email.billingsgazette.com
URL: http://click1.email.billingsgazette.com/ViewMessage.do;jsessionid=FBC2B59909AD8C08AD6AF4D29509A2E2
Protocol
HTTP/1.1
Server
2.18.232.230 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-232-230.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
7df42999b17c3dd8039a37c41774eaa804db05245669e742e2e686b8da507bff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://click1.email.billingsgazette.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Fri, 17 Dec 2021 18:12:00 GMT
Last-Modified
Tue, 06 Aug 2019 20:24:36 GMT
Server
AmazonS3
x-amz-request-id
D97D81VAR2573A3S
ETag
"6956da20f9d008ec379926ee358e5594"
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1255
x-amz-id-2
e6ZyE1BrrLeXKTYAnhXDvlr8DMRn/MHuBN+o1LSbXo7824ovhU2gm6bTqN91tguaSSKz+5k3l+c=

Redirect headers

Location
https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/94c8cd36dc1428947beeb6283056d111.png
Date
Fri, 17 Dec 2021 18:12:00 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
0
27e30bebaaece921293946f3c75ca02b.png
c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/
Redirect Chain
  • https://sli.billingsgazette.com/imp?s=576897&li=&e=eric.clanton@mt.gov&p=1468768
  • https://p.liadm.com/imp?s=576897&li=&p=1468768&m=e9f6cf9e221e60011e2dbe75df98d855&mo=e9f6cf9e221e60011e2dbe75df98d855&mol=e9f6cf9e221e60011e2dbe75df98d855&mou=bb35eb6152f05c54d1735e068c7336b0&msu=b...
  • https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/27e30bebaaece921293946f3c75ca02b.png
15 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/27e30bebaaece921293946f3c75ca02b.png
Requested by
Host: click1.email.billingsgazette.com
URL: http://click1.email.billingsgazette.com/ViewMessage.do;jsessionid=FBC2B59909AD8C08AD6AF4D29509A2E2
Protocol
HTTP/1.1
Server
2.18.232.230 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-232-230.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
5417ebe6c4d945b5780b26bff7af7b190dd85ebd80a273f91bfb18c948eb20ac

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://click1.email.billingsgazette.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Fri, 17 Dec 2021 18:12:00 GMT
Last-Modified
Wed, 17 Feb 2016 22:44:07 GMT
Server
AmazonS3
x-amz-request-id
JR0WZXEFJV0HCWEG
ETag
"c56fae17aa690ac40e2a23fbf5796b60"
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
15721
x-amz-id-2
o9QLULRJnC6gb8ZT9j75hoEY4ZgyuyNdhI3tezJfxocn9GksAQfC0WU436hsC2kL/ISuqs3hFXQ=

Redirect headers

Location
https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/27e30bebaaece921293946f3c75ca02b.png
Date
Fri, 17 Dec 2021 18:12:00 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
0
61bbe4b593c9f.preview.jpg
bloximages.chicago2.vip.townnews.com/billingsgazette.com/content/tncms/assets/v3/editorial/9/16/9168dde2-326f-5556-8593-446b1204d0be/ 		54 KB
55 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bloximages.chicago2.vip.townnews.com/billingsgazette.com/content/tncms/assets/v3/editorial/9/16/9168dde2-326f-5556-8593-446b1204d0be/61bbe4b593c9f.preview.jpg?resize=728%2C484
Requested by
Host: click1.email.billingsgazette.com
URL: http://click1.email.billingsgazette.com/ViewMessage.do;jsessionid=FBC2B59909AD8C08AD6AF4D29509A2E2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.130.43 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fcf71a20e97a57a99191cae1635b6d69ba5d9c1883fc20b1772ecd6c4939dbe1
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://click1.email.billingsgazette.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Fri, 17 Dec 2021 18:11:59 GMT
vary
Accept-Encoding
cf-cache-status
HIT
age
46
cf-polished
origSize=56058, status=webp_bigger
last-modified
Fri, 17 Dec 2021 01:15:34 GMT
x-robots-tag
noarchive
x-vcache
MISS
server
cloudflare
etag
"e4c3408a2614e5b72ab017e49664fcea"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=604800
content-type
image/jpeg
access-control-allow-origin
*
expires
Sat, 17 Dec 2022 18:02:13 GMT
cache-control
public, max-age=31536000
cf-ray
6bf21df91b1f4de2-FRA
cf-bgj
imgq:85,h2pri
61b7523eed326.image.png
bloximages.chicago2.vip.townnews.com/billingsgazette.com/content/tncms/assets/v3/editorial/f/57/f57baa0d-a158-5b00-984e-85f87ed5d0a7/ 		65 KB
65 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bloximages.chicago2.vip.townnews.com/billingsgazette.com/content/tncms/assets/v3/editorial/f/57/f57baa0d-a158-5b00-984e-85f87ed5d0a7/61b7523eed326.image.png?resize=650%2C150
Requested by
Host: click1.email.billingsgazette.com
URL: http://click1.email.billingsgazette.com/ViewMessage.do;jsessionid=FBC2B59909AD8C08AD6AF4D29509A2E2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.130.43 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fb8dcf654838fe4f030ed4609c6ac3115da631fe7985202fc9042b481e29fe28
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://click1.email.billingsgazette.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Fri, 17 Dec 2021 18:11:59 GMT
vary
Accept
cf-cache-status
HIT
age
90843
cf-polished
origFmt=png, origSize=101133
last-modified
Mon, 13 Dec 2021 14:01:35 GMT
content-disposition
inline; filename="61b7523eed326.webp"
x-robots-tag
noarchive
x-vcache
MISS
server
cloudflare
etag
"32e06537cf2b4b0aaaebe98bccc77f99"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=604800
content-type
image/webp
access-control-allow-origin
*
expires
Thu, 15 Dec 2022 22:58:33 GMT
cache-control
public, max-age=31536000
cf-ray
6bf21df91b214de2-FRA
cf-bgj
imgq:85,h2pri
61bbc1a837d12.preview.jpg
bloximages.chicago2.vip.townnews.com/billingsgazette.com/content/tncms/assets/v3/editorial/a/5c/a5cf0e46-2eed-5083-a725-edd6db543584/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bloximages.chicago2.vip.townnews.com/billingsgazette.com/content/tncms/assets/v3/editorial/a/5c/a5cf0e46-2eed-5083-a725-edd6db543584/61bbc1a837d12.preview.jpg?resize=182%2C121
Requested by
Host: click1.email.billingsgazette.com
URL: http://click1.email.billingsgazette.com/ViewMessage.do;jsessionid=FBC2B59909AD8C08AD6AF4D29509A2E2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.130.43 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4ac134dad14af635cfe908de35b1c094c7d04a7682b4e803058891ffd4870b47
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://click1.email.billingsgazette.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Fri, 17 Dec 2021 18:11:59 GMT
vary
Accept-Encoding
cf-cache-status
HIT
cf-polished
origSize=4885, status=webp_bigger
last-modified
Thu, 16 Dec 2021 22:46:00 GMT
x-robots-tag
noarchive
x-vcache
MISS
server
cloudflare
etag
"7873a6a529027e9805c7f1ffa8f17aed"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=604800
content-type
image/jpeg
access-control-allow-origin
*
expires
Sat, 17 Dec 2022 00:01:05 GMT
cache-control
public, max-age=31536000
cf-ray
6bf21df91b244de2-FRA
cf-bgj
imgq:85,h2pri
61bb8227e985e.preview.jpg
bloximages.chicago2.vip.townnews.com/billingsgazette.com/content/tncms/assets/v3/editorial/7/86/7865ff2e-d27a-5108-b7e5-feded408dcb3/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bloximages.chicago2.vip.townnews.com/billingsgazette.com/content/tncms/assets/v3/editorial/7/86/7865ff2e-d27a-5108-b7e5-feded408dcb3/61bb8227e985e.preview.jpg?resize=182%2C121
Requested by
Host: click1.email.billingsgazette.com
URL: http://click1.email.billingsgazette.com/ViewMessage.do;jsessionid=FBC2B59909AD8C08AD6AF4D29509A2E2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.130.43 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d7949ba139fd88d16a65e6d3fb70543bab35be58967ceebaf14f90e561bbfbcd
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://click1.email.billingsgazette.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Fri, 17 Dec 2021 18:11:59 GMT
vary
Accept-Encoding
cf-cache-status
HIT
age
127
cf-polished
origSize=5816, status=webp_bigger
last-modified
Thu, 16 Dec 2021 18:15:04 GMT
x-robots-tag
noarchive
x-vcache
MISS
server
cloudflare
etag
"afe095c4429665f75ee69d7f4be6dfab"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=604800
content-type
image/jpeg
access-control-allow-origin
*
expires
Fri, 16 Dec 2022 20:35:38 GMT
cache-control
public, max-age=31536000
cf-ray
6bf21df91b224de2-FRA
cf-bgj
imgq:85,h2pri
5f5ffc95f34b6.image.jpg
bloximages.chicago2.vip.townnews.com/billingsgazette.com/content/tncms/assets/v3/editorial/4/32/4323dfb3-84ef-5536-b41b-abe2dd73bfec/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bloximages.chicago2.vip.townnews.com/billingsgazette.com/content/tncms/assets/v3/editorial/4/32/4323dfb3-84ef-5536-b41b-abe2dd73bfec/5f5ffc95f34b6.image.jpg?resize=182%2C121
Requested by
Host: click1.email.billingsgazette.com
URL: http://click1.email.billingsgazette.com/ViewMessage.do;jsessionid=FBC2B59909AD8C08AD6AF4D29509A2E2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.130.43 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fa325943fa76965b2d822cf4222580e10ac0dabb1b39d48e4471a0ed935acebe
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://click1.email.billingsgazette.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Fri, 17 Dec 2021 18:11:59 GMT
vary
Accept
cf-cache-status
HIT
cf-polished
qual=85, origFmt=jpeg, origSize=4733
last-modified
Mon, 14 Sep 2020 23:28:22 GMT
content-disposition
inline; filename="5f5ffc95f34b6.webp"
x-robots-tag
noarchive
x-vcache
MISS
server
cloudflare
etag
"adb5a7eaf0437aa3c61b92d84d9e39e0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=604800
content-type
image/webp
access-control-allow-origin
*
expires
Fri, 16 Dec 2022 13:15:39 GMT
cache-control
public, max-age=31536000
cf-ray
6bf21df91b324de2-FRA
cf-bgj
imgq:85,h2pri
61ba931ea2dc1.preview.jpg
bloximages.chicago2.vip.townnews.com/billingsgazette.com/content/tncms/assets/v3/editorial/4/e2/4e2ad076-e784-51cb-90f8-96cb502bd461/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bloximages.chicago2.vip.townnews.com/billingsgazette.com/content/tncms/assets/v3/editorial/4/e2/4e2ad076-e784-51cb-90f8-96cb502bd461/61ba931ea2dc1.preview.jpg?resize=182%2C121
Requested by
Host: click1.email.billingsgazette.com
URL: http://click1.email.billingsgazette.com/ViewMessage.do;jsessionid=FBC2B59909AD8C08AD6AF4D29509A2E2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.130.43 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9ab2debd86229c9a18952ae03d9d3de5058dda53a880ba8f1324f5066a8f9610
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://click1.email.billingsgazette.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Fri, 17 Dec 2021 18:11:59 GMT
vary
Accept
cf-cache-status
HIT
cf-polished
qual=85, origFmt=jpeg, origSize=4269
last-modified
Thu, 16 Dec 2021 01:15:11 GMT
content-disposition
inline; filename="61ba931ea2dc1.webp"
content-length
3858
x-robots-tag
noarchive
x-vcache
MISS
server
cloudflare
etag
"c232de073f6087d93a1d5cc61b105b8b"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=604800
content-type
image/webp
access-control-allow-origin
*
expires
Sat, 17 Dec 2022 18:02:13 GMT
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
6bf21df91b344de2-FRA
cf-bgj
imgq:85,h2pri
recommendations.get
mb.taboola.com/server/1.1/jpg/liveintent-ron-row/
Redirect Chain
  • https://sli.billingsgazette.com/imp?s=104199&li=&e=eric.clanton@mt.gov&p=1468768
  • https://p.liadm.com/imp?s=104199&li=&p=1468768&m=e9f6cf9e221e60011e2dbe75df98d855&mo=e9f6cf9e221e60011e2dbe75df98d855&mol=e9f6cf9e221e60011e2dbe75df98d855&mou=bb35eb6152f05c54d1735e068c7336b0&msu=b...
  • https://mb.taboola.com/server/1.1/jpg/liveintent-ron-row/recommendations.get?recipient.proprietary.namespace=liveintent&recipient.proprietary.id=6HyADCL_l_EhvhWc_W_SHiW6B8GCc-0-TQqYUQ&recipient.use...
60 KB
60 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mb.taboola.com/server/1.1/jpg/liveintent-ron-row/recommendations.get?recipient.proprietary.namespace=liveintent&recipient.proprietary.id=6HyADCL_l_EhvhWc_W_SHiW6B8GCc-0-TQqYUQ&recipient.user.id=bc4f0688-2646-4c3f-8713-5fafe60606c0-tuct6f4d432&instance.id=c493cd73-542c-38ce-9f14-bf0cbd22fc46&widget.placement=104199&widget.slot=1&widget.mode=thumbnails-medrec&source.url=http%3A%2F%2Fliveintent.com%2F&newsletter.id=5849&recipient.user.agent=&recipient.ipv4=78.47.208.24&widget.alternative=
Requested by
Host: click1.email.billingsgazette.com
URL: http://click1.email.billingsgazette.com/ViewMessage.do;jsessionid=FBC2B59909AD8C08AD6AF4D29509A2E2
Protocol
H2
Server
151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
99ee5fd78fd729694654b38bcc1a7732c26d96ff103a94ae65c17a6c09b05d63

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://click1.email.billingsgazette.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Fri, 17 Dec 2021 18:12:00 GMT
via
1.1 varnish
server
nginx
x-timer
S1639764720.143799,VS0,VE342
x-served-by
cache-fra19151-FRA
x-cache
MISS
content-type
image/jpeg
accept-ranges
bytes
content-length
60991
x-application-context
application:fe,capture-cache-remote-hz,capture-remote-hz:8080
x-cache-hits
0

Redirect headers

Location
https://mb.taboola.com/server/1.1/jpg/liveintent-ron-row/recommendations.get?recipient.proprietary.namespace=liveintent&recipient.proprietary.id=6HyADCL_l_EhvhWc_W_SHiW6B8GCc-0-TQqYUQ&recipient.user.id=bc4f0688-2646-4c3f-8713-5fafe60606c0-tuct6f4d432&instance.id=c493cd73-542c-38ce-9f14-bf0cbd22fc46&widget.placement=104199&widget.slot=1&widget.mode=thumbnails-medrec&source.url=http%3A%2F%2Fliveintent.com%2F&newsletter.id=5849&recipient.user.agent=&recipient.ipv4=78.47.208.24&widget.alternative=
Date
Fri, 17 Dec 2021 18:12:00 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
0
94c8cd36dc1428947beeb6283056d111.png
c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/
Redirect Chain
  • https://sli.billingsgazette.com/imp?s=445829&li=&e=eric.clanton@mt.gov&p=1468768
  • https://p.liadm.com/imp?s=445829&li=&p=1468768&m=e9f6cf9e221e60011e2dbe75df98d855&mo=e9f6cf9e221e60011e2dbe75df98d855&mol=e9f6cf9e221e60011e2dbe75df98d855&mou=bb35eb6152f05c54d1735e068c7336b0&msu=b...
  • https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/94c8cd36dc1428947beeb6283056d111.png
1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/94c8cd36dc1428947beeb6283056d111.png
Requested by
Host: click1.email.billingsgazette.com
URL: http://click1.email.billingsgazette.com/ViewMessage.do;jsessionid=FBC2B59909AD8C08AD6AF4D29509A2E2
Protocol
HTTP/1.1
Server
2.18.232.230 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-232-230.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
7df42999b17c3dd8039a37c41774eaa804db05245669e742e2e686b8da507bff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://click1.email.billingsgazette.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Fri, 17 Dec 2021 18:12:00 GMT
Last-Modified
Tue, 06 Aug 2019 20:24:36 GMT
Server
AmazonS3
x-amz-request-id
D97D81VAR2573A3S
ETag
"6956da20f9d008ec379926ee358e5594"
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1255
x-amz-id-2
e6ZyE1BrrLeXKTYAnhXDvlr8DMRn/MHuBN+o1LSbXo7824ovhU2gm6bTqN91tguaSSKz+5k3l+c=

Redirect headers

Location
https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/94c8cd36dc1428947beeb6283056d111.png
Date
Fri, 17 Dec 2021 18:12:00 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
0
27e30bebaaece921293946f3c75ca02b.png
c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/
Redirect Chain
  • https://sli.billingsgazette.com/imp?s=576899&li=&e=eric.clanton@mt.gov&p=1468768
  • https://p.liadm.com/imp?s=576899&li=&p=1468768&m=e9f6cf9e221e60011e2dbe75df98d855&mo=e9f6cf9e221e60011e2dbe75df98d855&mol=e9f6cf9e221e60011e2dbe75df98d855&mou=bb35eb6152f05c54d1735e068c7336b0&msu=b...
  • https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/27e30bebaaece921293946f3c75ca02b.png
15 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/27e30bebaaece921293946f3c75ca02b.png
Requested by
Host: click1.email.billingsgazette.com
URL: http://click1.email.billingsgazette.com/ViewMessage.do;jsessionid=FBC2B59909AD8C08AD6AF4D29509A2E2
Protocol
HTTP/1.1
Server
2.18.232.230 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-232-230.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
5417ebe6c4d945b5780b26bff7af7b190dd85ebd80a273f91bfb18c948eb20ac

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://click1.email.billingsgazette.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Fri, 17 Dec 2021 18:12:00 GMT
Last-Modified
Wed, 17 Feb 2016 22:44:07 GMT
Server
AmazonS3
x-amz-request-id
JR0WZXEFJV0HCWEG
ETag
"c56fae17aa690ac40e2a23fbf5796b60"
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
15721
x-amz-id-2
o9QLULRJnC6gb8ZT9j75hoEY4ZgyuyNdhI3tezJfxocn9GksAQfC0WU436hsC2kL/ISuqs3hFXQ=

Redirect headers

Location
https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/27e30bebaaece921293946f3c75ca02b.png
Date
Fri, 17 Dec 2021 18:12:00 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
0
61ba7ac78df65.preview.jpg
bloximages.chicago2.vip.townnews.com/billingsgazette.com/content/tncms/assets/v3/editorial/0/2e/02eafab7-c37e-5018-aa8c-35e8b113af25/ 		6 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bloximages.chicago2.vip.townnews.com/billingsgazette.com/content/tncms/assets/v3/editorial/0/2e/02eafab7-c37e-5018-aa8c-35e8b113af25/61ba7ac78df65.preview.jpg?resize=182%2C121
Requested by
Host: click1.email.billingsgazette.com
URL: http://click1.email.billingsgazette.com/ViewMessage.do;jsessionid=FBC2B59909AD8C08AD6AF4D29509A2E2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.130.43 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
52639955d46b758129a0749246be9eb66074ad365427c5e92ced4abcbea1c4f7
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://click1.email.billingsgazette.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Fri, 17 Dec 2021 18:11:59 GMT
cf-cache-status
HIT
age
174
cf-polished
origSize=6598, status=webp_bigger
last-modified
Wed, 15 Dec 2021 23:31:19 GMT
strict-transport-security
max-age=604800
content-length
6472
x-robots-tag
noarchive
x-vcache
MISS
server
cloudflare
etag
"b5fe0aa11480b8b524482930d41c2785"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
expires
Fri, 16 Dec 2022 00:01:50 GMT
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
6bf21df92b524de2-FRA
cf-bgj
imgq:85,h2pri
serif-ds.woff2
bloximages.chicago2.vip.townnews.com/billingsgazette.com/content/tncms/live/libraries/flex/components/lee_ds_v2/resources/images/ 		26 KB
26 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://bloximages.chicago2.vip.townnews.com/billingsgazette.com/content/tncms/live/libraries/flex/components/lee_ds_v2/resources/images/serif-ds.woff2?_dc=1639728016
Requested by
Host: click1.email.billingsgazette.com
URL: http://click1.email.billingsgazette.com/ViewMessage.do;jsessionid=FBC2B59909AD8C08AD6AF4D29509A2E2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.130.43 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f98e8196d88bff2a006872a05d79c2d695f6dda36e0aecdd0ace020207809f40
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
http://click1.email.billingsgazette.com/
Origin
http://click1.email.billingsgazette.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Fri, 17 Dec 2021 18:11:59 GMT
vary
Accept-Encoding
cf-cache-status
HIT
last-modified
Fri, 17 Dec 2021 08:00:16 GMT
content-length
26164
x-robots-tag
noarchive
x-vcache
HIT
server
cloudflare
etag
"61bc4390-6634"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=604800
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
6bf21df95fcd7039-FRA
expires
Sat, 17 Dec 2022 13:08:26 GMT
61ba73d8291a5.preview.jpg
bloximages.chicago2.vip.townnews.com/billingsgazette.com/content/tncms/assets/v3/editorial/6/15/6153f3dc-1e5e-5ecc-bbfd-09fe186056c4/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bloximages.chicago2.vip.townnews.com/billingsgazette.com/content/tncms/assets/v3/editorial/6/15/6153f3dc-1e5e-5ecc-bbfd-09fe186056c4/61ba73d8291a5.preview.jpg?resize=182%2C121
Requested by
Host: click1.email.billingsgazette.com
URL: http://click1.email.billingsgazette.com/ViewMessage.do;jsessionid=FBC2B59909AD8C08AD6AF4D29509A2E2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.130.43 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6b1efad47dc6f21bceadf68fc50509354aca89fe37417dee25424b0ab8933af7
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://click1.email.billingsgazette.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Fri, 17 Dec 2021 18:11:59 GMT
vary
Accept-Encoding
cf-cache-status
HIT
cf-polished
origSize=4313, status=webp_bigger
last-modified
Wed, 15 Dec 2021 23:01:44 GMT
x-robots-tag
noarchive
x-vcache
MISS
server
cloudflare
etag
"7ede47ce2ae1f1737440e6c8d6e709d5"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=604800
content-type
image/jpeg
access-control-allow-origin
*
expires
Fri, 16 Dec 2022 00:01:50 GMT
cache-control
public, max-age=31536000
cf-ray
6bf21df99c1f4de2-FRA
cf-bgj
imgq:85,h2pri
61ba693442239.preview.jpg
bloximages.chicago2.vip.townnews.com/billingsgazette.com/content/tncms/assets/v3/editorial/b/62/b6231767-5197-5568-8849-6c5bf0f5efb2/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bloximages.chicago2.vip.townnews.com/billingsgazette.com/content/tncms/assets/v3/editorial/b/62/b6231767-5197-5568-8849-6c5bf0f5efb2/61ba693442239.preview.jpg?resize=182%2C121
Requested by
Host: click1.email.billingsgazette.com
URL: http://click1.email.billingsgazette.com/ViewMessage.do;jsessionid=FBC2B59909AD8C08AD6AF4D29509A2E2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.130.43 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f6fa4a32bc008bc192ec3c3cb6d62bba5cfa1c63b5658f81a48d8cf31ff9f3ba
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://click1.email.billingsgazette.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Fri, 17 Dec 2021 18:11:59 GMT
vary
Accept-Encoding
cf-cache-status
HIT
cf-polished
origSize=5499, status=webp_bigger
last-modified
Wed, 15 Dec 2021 22:16:20 GMT
x-robots-tag
noarchive
x-vcache
MISS
server
cloudflare
etag
"3a8440a2756ea6d01b185e465d750d74"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=604800
content-type
image/jpeg
access-control-allow-origin
*
expires
Fri, 16 Dec 2022 00:01:50 GMT
cache-control
public, max-age=31536000
cf-ray
6bf21df99c204de2-FRA
cf-bgj
imgq:85,h2pri
61b956f383035.preview.jpg
bloximages.chicago2.vip.townnews.com/billingsgazette.com/content/tncms/assets/v3/editorial/7/7a/77ac5886-d3a7-5630-baab-509102e1df03/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bloximages.chicago2.vip.townnews.com/billingsgazette.com/content/tncms/assets/v3/editorial/7/7a/77ac5886-d3a7-5630-baab-509102e1df03/61b956f383035.preview.jpg?resize=182%2C121
Requested by
Host: click1.email.billingsgazette.com
URL: http://click1.email.billingsgazette.com/ViewMessage.do;jsessionid=FBC2B59909AD8C08AD6AF4D29509A2E2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.130.43 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bd406eef52cee0344db7f48b8cfbafbe72430f6ae41a95433abe134b284dc797
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://click1.email.billingsgazette.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Fri, 17 Dec 2021 18:11:59 GMT
cf-cache-status
HIT
age
262
cf-polished
origSize=7267, status=webp_bigger
last-modified
Wed, 15 Dec 2021 02:46:12 GMT
strict-transport-security
max-age=604800
content-length
7150
x-robots-tag
noarchive
x-vcache
MISS
server
cloudflare
etag
"10f10312ad7ca9ad7c9528c5b5f9aeb2"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
expires
Thu, 15 Dec 2022 14:03:33 GMT
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
6bf21df99c224de2-FRA
cf-bgj
imgq:85,h2pri
61bcccfe404e2.image.jpg
bloximages.chicago2.vip.townnews.com/billingsgazette.com/content/tncms/assets/v3/editorial/b/c1/bc1ddcbd-cf68-5d68-89d0-70a084ada82a/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bloximages.chicago2.vip.townnews.com/billingsgazette.com/content/tncms/assets/v3/editorial/b/c1/bc1ddcbd-cf68-5d68-89d0-70a084ada82a/61bcccfe404e2.image.jpg?resize=182%2C122
Requested by
Host: click1.email.billingsgazette.com
URL: http://click1.email.billingsgazette.com/ViewMessage.do;jsessionid=FBC2B59909AD8C08AD6AF4D29509A2E2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.130.43 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f6e11d11d34858a589ed229e980aa54eec0375f769a4e384c7e5f29384b555d2
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://click1.email.billingsgazette.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Fri, 17 Dec 2021 18:11:59 GMT
vary
Accept
cf-cache-status
HIT
cf-polished
qual=85, origFmt=jpeg, origSize=4013
last-modified
Fri, 17 Dec 2021 17:46:38 GMT
content-disposition
inline; filename="61bcccfe404e2.webp"
x-robots-tag
noarchive
x-vcache
MISS
server
cloudflare
etag
"65df948acabac3882364486df0a2c4a3"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=604800
content-type
image/webp
access-control-allow-origin
*
expires
Sat, 17 Dec 2022 18:02:12 GMT
cache-control
public, max-age=31536000
cf-ray
6bf21df99c234de2-FRA
cf-bgj
imgq:85,h2pri
61bc9f302e640.image.jpg
bloximages.chicago2.vip.townnews.com/billingsgazette.com/content/tncms/assets/v3/editorial/b/98/b98a94ff-6e07-551b-a42a-7eaeddedfc19/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bloximages.chicago2.vip.townnews.com/billingsgazette.com/content/tncms/assets/v3/editorial/b/98/b98a94ff-6e07-551b-a42a-7eaeddedfc19/61bc9f302e640.image.jpg?resize=182%2C121
Requested by
Host: click1.email.billingsgazette.com
URL: http://click1.email.billingsgazette.com/ViewMessage.do;jsessionid=FBC2B59909AD8C08AD6AF4D29509A2E2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.130.43 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e0440c26e72f17c6f5b5b851a787766db88d45399f1a5daf5d7556d287ce3a1d
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://click1.email.billingsgazette.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Fri, 17 Dec 2021 18:11:59 GMT
vary
Accept-Encoding
cf-cache-status
HIT
cf-polished
origSize=5944, status=webp_bigger
last-modified
Fri, 17 Dec 2021 14:31:12 GMT
x-robots-tag
noarchive
x-vcache
MISS
server
cloudflare
etag
"0d71d0222a4efa0b1a80cced32c36c6f"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=604800
content-type
image/jpeg
access-control-allow-origin
*
expires
Sat, 17 Dec 2022 18:02:13 GMT
cache-control
public, max-age=31536000
cf-ray
6bf21df99c254de2-FRA
cf-bgj
imgq:85,h2pri
61bcc5e07783a.image.jpg
bloximages.chicago2.vip.townnews.com/billingsgazette.com/content/tncms/assets/v3/editorial/2/51/2516c4da-75f0-53ba-90c9-531ebed17bcb/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bloximages.chicago2.vip.townnews.com/billingsgazette.com/content/tncms/assets/v3/editorial/2/51/2516c4da-75f0-53ba-90c9-531ebed17bcb/61bcc5e07783a.image.jpg?resize=182%2C136
Requested by
Host: click1.email.billingsgazette.com
URL: http://click1.email.billingsgazette.com/ViewMessage.do;jsessionid=FBC2B59909AD8C08AD6AF4D29509A2E2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.130.43 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7af29875571544105d288be6107a2df5e935b8ceb618c335f0e2ccdb73185c03
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://click1.email.billingsgazette.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Fri, 17 Dec 2021 18:11:59 GMT
cf-cache-status
HIT
age
159
cf-polished
origSize=6127, status=webp_bigger
last-modified
Fri, 17 Dec 2021 17:16:16 GMT
strict-transport-security
max-age=604800
content-length
5967
x-robots-tag
noarchive
x-vcache
MISS
server
cloudflare
etag
"5225e2b20b3de7619dfa63e8cf795dbc"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
expires
Sat, 17 Dec 2022 18:02:14 GMT
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
6bf21df99c274de2-FRA
cf-bgj
imgq:85,h2pri
61a8f4e448c1a.image.jpg
bloximages.chicago2.vip.townnews.com/billingsgazette.com/content/tncms/assets/v3/editorial/b/41/b41dad35-bcb7-53c0-9e7b-6fd3a1cacd0b/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bloximages.chicago2.vip.townnews.com/billingsgazette.com/content/tncms/assets/v3/editorial/b/41/b41dad35-bcb7-53c0-9e7b-6fd3a1cacd0b/61a8f4e448c1a.image.jpg?resize=182%2C130
Requested by
Host: click1.email.billingsgazette.com
URL: http://click1.email.billingsgazette.com/ViewMessage.do;jsessionid=FBC2B59909AD8C08AD6AF4D29509A2E2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.130.43 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1114f5304944fea2b98743a231e1e1ea7105fa83e25cc789070da181c06da5bb
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://click1.email.billingsgazette.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Fri, 17 Dec 2021 18:11:59 GMT
vary
Accept
cf-cache-status
HIT
cf-polished
qual=85, origFmt=jpeg, origSize=6057
last-modified
Thu, 02 Dec 2021 16:31:32 GMT
content-disposition
inline; filename="61a8f4e448c1a.webp"
x-robots-tag
noarchive
x-vcache
MISS
server
cloudflare
etag
"3a32e7be20540a6076f790acbc9473c0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=604800
content-type
image/webp
access-control-allow-origin
*
expires
Sat, 17 Dec 2022 18:02:12 GMT
cache-control
public, max-age=31536000
cf-ray
6bf21df99c2c4de2-FRA
cf-bgj
imgq:85,h2pri
recommendations.get
mb.taboola.com/server/1.1/jpg/liveintent-ron-row/
Redirect Chain
  • https://sli.billingsgazette.com/imp?s=104202&li=&e=eric.clanton@mt.gov&p=1468768
  • https://p.liadm.com/imp?s=104202&li=&p=1468768&m=e9f6cf9e221e60011e2dbe75df98d855&mo=e9f6cf9e221e60011e2dbe75df98d855&mol=e9f6cf9e221e60011e2dbe75df98d855&mou=bb35eb6152f05c54d1735e068c7336b0&msu=b...
  • https://mb.taboola.com/server/1.1/jpg/liveintent-ron-row/recommendations.get?recipient.proprietary.namespace=liveintent&recipient.proprietary.id=6HyADCL_l_EhvhWc_W_SHiW6B8GCc-0-TQqYUQ&recipient.use...
268 KB
268 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mb.taboola.com/server/1.1/jpg/liveintent-ron-row/recommendations.get?recipient.proprietary.namespace=liveintent&recipient.proprietary.id=6HyADCL_l_EhvhWc_W_SHiW6B8GCc-0-TQqYUQ&recipient.user.id=7de33542-6cc7-4824-8184-787bdb8cc120-tuct88acd59&instance.id=6bf8e529-e94e-3112-aea6-99777a80bbc7&widget.placement=104202&widget.slot=1&widget.mode=mobile-marquee&source.url=http%3A%2F%2Fliveintent.com%2F&newsletter.id=5849&recipient.user.agent=&recipient.ipv4=78.47.208.24&widget.alternative=Phone
Requested by
Host: click1.email.billingsgazette.com
URL: http://click1.email.billingsgazette.com/ViewMessage.do;jsessionid=FBC2B59909AD8C08AD6AF4D29509A2E2
Protocol
H2
Server
151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
31aecbf5b6c2a6bb7d142bf051757ae131ba293f6a210631207ce5309f225996

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://click1.email.billingsgazette.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Fri, 17 Dec 2021 18:12:00 GMT
via
1.1 varnish
server
nginx
x-timer
S1639764721.638690,VS0,VE342
x-served-by
cache-fra19151-FRA
x-cache
MISS
content-type
image/jpeg
accept-ranges
bytes
content-length
274447
x-application-context
application:fe,capture-cache-remote-hz,capture-remote-hz:8080
x-cache-hits
0

Redirect headers

Location
https://mb.taboola.com/server/1.1/jpg/liveintent-ron-row/recommendations.get?recipient.proprietary.namespace=liveintent&recipient.proprietary.id=6HyADCL_l_EhvhWc_W_SHiW6B8GCc-0-TQqYUQ&recipient.user.id=7de33542-6cc7-4824-8184-787bdb8cc120-tuct88acd59&instance.id=6bf8e529-e94e-3112-aea6-99777a80bbc7&widget.placement=104202&widget.slot=1&widget.mode=mobile-marquee&source.url=http%3A%2F%2Fliveintent.com%2F&newsletter.id=5849&recipient.user.agent=&recipient.ipv4=78.47.208.24&widget.alternative=Phone
Date
Fri, 17 Dec 2021 18:12:00 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
0
94c8cd36dc1428947beeb6283056d111.png
c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/
Redirect Chain
  • https://sli.billingsgazette.com/imp?s=445828&li=&e=eric.clanton@mt.gov&p=1468768
  • https://p.liadm.com/imp?s=445828&li=&p=1468768&m=e9f6cf9e221e60011e2dbe75df98d855&mo=e9f6cf9e221e60011e2dbe75df98d855&mol=e9f6cf9e221e60011e2dbe75df98d855&mou=bb35eb6152f05c54d1735e068c7336b0&msu=b...
  • https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/94c8cd36dc1428947beeb6283056d111.png
1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/94c8cd36dc1428947beeb6283056d111.png
Requested by
Host: click1.email.billingsgazette.com
URL: http://click1.email.billingsgazette.com/ViewMessage.do;jsessionid=FBC2B59909AD8C08AD6AF4D29509A2E2
Protocol
HTTP/1.1
Server
2.18.232.230 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-232-230.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
7df42999b17c3dd8039a37c41774eaa804db05245669e742e2e686b8da507bff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://click1.email.billingsgazette.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Fri, 17 Dec 2021 18:12:00 GMT
Last-Modified
Tue, 06 Aug 2019 20:24:36 GMT
Server
AmazonS3
x-amz-request-id
D97D81VAR2573A3S
ETag
"6956da20f9d008ec379926ee358e5594"
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1255
x-amz-id-2
e6ZyE1BrrLeXKTYAnhXDvlr8DMRn/MHuBN+o1LSbXo7824ovhU2gm6bTqN91tguaSSKz+5k3l+c=

Redirect headers

Location
https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/94c8cd36dc1428947beeb6283056d111.png
Date
Fri, 17 Dec 2021 18:12:00 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
0
27e30bebaaece921293946f3c75ca02b.png
c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/
Redirect Chain
  • https://sli.billingsgazette.com/imp?s=576898&li=&e=eric.clanton@mt.gov&p=1468768
  • https://p.liadm.com/imp?s=576898&li=&p=1468768&m=e9f6cf9e221e60011e2dbe75df98d855&mo=e9f6cf9e221e60011e2dbe75df98d855&mol=e9f6cf9e221e60011e2dbe75df98d855&mou=bb35eb6152f05c54d1735e068c7336b0&msu=b...
  • https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/27e30bebaaece921293946f3c75ca02b.png
15 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/27e30bebaaece921293946f3c75ca02b.png
Requested by
Host: click1.email.billingsgazette.com
URL: http://click1.email.billingsgazette.com/ViewMessage.do;jsessionid=FBC2B59909AD8C08AD6AF4D29509A2E2
Protocol
HTTP/1.1
Server
2.18.232.230 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-232-230.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
5417ebe6c4d945b5780b26bff7af7b190dd85ebd80a273f91bfb18c948eb20ac

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://click1.email.billingsgazette.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Fri, 17 Dec 2021 18:12:00 GMT
Last-Modified
Wed, 17 Feb 2016 22:44:07 GMT
Server
AmazonS3
x-amz-request-id
JR0WZXEFJV0HCWEG
ETag
"c56fae17aa690ac40e2a23fbf5796b60"
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
15721
x-amz-id-2
o9QLULRJnC6gb8ZT9j75hoEY4ZgyuyNdhI3tezJfxocn9GksAQfC0WU436hsC2kL/ISuqs3hFXQ=

Redirect headers

Location
https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/27e30bebaaece921293946f3c75ca02b.png
Date
Fri, 17 Dec 2021 18:12:00 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
0
ece0ff03c6cf4beab4e1a63ac6fced16
i.liadm.com/s/e/5149/0/
Redirect Chain
  • https://sli.billingsgazette.com/imp?s=123584900&li=&e=eric.clanton@mt.gov&p=1468768
  • https://p.liadm.com/imp?s=123584900&li=&p=1468768&m=e9f6cf9e221e60011e2dbe75df98d855&mo=e9f6cf9e221e60011e2dbe75df98d855&mol=e9f6cf9e221e60011e2dbe75df98d855&mou=bb35eb6152f05c54d1735e068c7336b0&ms...
  • https://i.liadm.com/s/section/123584900?m=e9f6cf9e221e60011e2dbe75df98d855&sh1=2c6fa681f4c739f7eefb531960c5987c67c33117&sh2=5f3006e6c83c28aa661771aecae90328c50b74ccaaa25ea56418cf9a88c41348&source=s...
  • https://i.liadm.com/s/section/123584900?sh2=5f3006e6c83c28aa661771aecae90328c50b74ccaaa25ea56418cf9a88c41348&source=safe_rtb&m=e9f6cf9e221e60011e2dbe75df98d855&_li_chk=true&sh1=2c6fa681f4c739f7eefb...
  • https://sync.mathtag.com/sync/img?mt_exid=36&redir=https%3A%2F%2Fi.liadm.com%2Fs%2Fe%2F5149%2F0%2Fece0ff03c6cf4beab4e1a63ac6fced16%3Fmpid%3D7156%26muid%3D%5BMM_UUID%5D&6b416a59-1a49-4b0e-8b87-9ee58...
  • https://i.liadm.com/s/e/5149/0/ece0ff03c6cf4beab4e1a63ac6fced16?mpid=7156&muid=b6e261bc-d2f1-4300-9721-80e9eb2229e6
43 B
285 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.liadm.com/s/e/5149/0/ece0ff03c6cf4beab4e1a63ac6fced16?mpid=7156&muid=b6e261bc-d2f1-4300-9721-80e9eb2229e6
Requested by
Host: click1.email.billingsgazette.com
URL: http://click1.email.billingsgazette.com/ViewMessage.do;jsessionid=FBC2B59909AD8C08AD6AF4D29509A2E2
Protocol
HTTP/1.1
Server
54.86.197.188 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-86-197-188.compute-1.amazonaws.com
Software
/
Resource Hash
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://click1.email.billingsgazette.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Fri, 17 Dec 2021 18:12:00 GMT
Cache-Control
no-store
Connection
keep-alive
trace-id
9de6ff6e8d3be42a
Content-Length
43
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
image/gif

Redirect headers

Date
Fri, 17 Dec 2021 18:12:01 GMT
Server
MT3 4133 baa842e master cdg-pixel-x7 config:1.0.0
Access-Control-Allow-Origin
*
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://i.liadm.com/s/e/5149/0/ece0ff03c6cf4beab4e1a63ac6fced16?mpid=7156&muid=b6e261bc-d2f1-4300-9721-80e9eb2229e6
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Fri, 17 Dec 2021 18:12:00 GMT
123584901
i6.liadm.com/s/section/
Redirect Chain
  • https://sli.billingsgazette.com/imp?s=123584901&li=&e=eric.clanton@mt.gov&p=1468768
  • https://p.liadm.com/imp?s=123584901&li=&p=1468768&m=e9f6cf9e221e60011e2dbe75df98d855&mo=e9f6cf9e221e60011e2dbe75df98d855&mol=e9f6cf9e221e60011e2dbe75df98d855&mou=bb35eb6152f05c54d1735e068c7336b0&ms...
  • https://i6.liadm.com/s/section/123584901?m=e9f6cf9e221e60011e2dbe75df98d855&sh1=2c6fa681f4c739f7eefb531960c5987c67c33117&sh2=5f3006e6c83c28aa661771aecae90328c50b74ccaaa25ea56418cf9a88c41348&source=...
  • https://i6.liadm.com/s/section/123584901?sh2=5f3006e6c83c28aa661771aecae90328c50b74ccaaa25ea56418cf9a88c41348&source=safe_rtb&m=e9f6cf9e221e60011e2dbe75df98d855&_li_chk=true&sh1=2c6fa681f4c739f7eef...
43 B
447 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i6.liadm.com/s/section/123584901?sh2=5f3006e6c83c28aa661771aecae90328c50b74ccaaa25ea56418cf9a88c41348&source=safe_rtb&m=e9f6cf9e221e60011e2dbe75df98d855&_li_chk=true&sh1=2c6fa681f4c739f7eefb531960c5987c67c33117&previous_uuid=d8ccd62463ce44a99454ae67d21ce794
Requested by
Host: click1.email.billingsgazette.com
URL: http://click1.email.billingsgazette.com/ViewMessage.do;jsessionid=FBC2B59909AD8C08AD6AF4D29509A2E2
Protocol
HTTP/1.1
Server
2600:1f18:444a:4602:9c05:7f25:f6a5:7205 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://click1.email.billingsgazette.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Fri, 17 Dec 2021 18:12:00 GMT
Cache-Control
no-store
Connection
keep-alive
trace-id
b0e4b916b7133cf3
Content-Length
43
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
image/gif

Redirect headers

Location
/s/section/123584901?sh2=5f3006e6c83c28aa661771aecae90328c50b74ccaaa25ea56418cf9a88c41348&source=safe_rtb&m=e9f6cf9e221e60011e2dbe75df98d855&_li_chk=true&sh1=2c6fa681f4c739f7eefb531960c5987c67c33117&previous_uuid=d8ccd62463ce44a99454ae67d21ce794
Date
Fri, 17 Dec 2021 18:12:00 GMT
Connection
keep-alive
trace-id
b9244a7f4326ea53
Content-Length
0
Strict-Transport-Security
max-age=31536000; includeSubDomains
imp
p.liadm.com/
Redirect Chain
  • https://sli.billingsgazette.com/imp?s=123584902&li=&e=eric.clanton@mt.gov&p=1468768
  • https://p.liadm.com/imp?s=123584902&li=&p=1468768&m=e9f6cf9e221e60011e2dbe75df98d855&mo=e9f6cf9e221e60011e2dbe75df98d855&mol=e9f6cf9e221e60011e2dbe75df98d855&mou=bb35eb6152f05c54d1735e068c7336b0&ms...
43 B
235 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://p.liadm.com/imp?s=123584902&li=&p=1468768&m=e9f6cf9e221e60011e2dbe75df98d855&mo=e9f6cf9e221e60011e2dbe75df98d855&mol=e9f6cf9e221e60011e2dbe75df98d855&mou=bb35eb6152f05c54d1735e068c7336b0&msu=bb35eb6152f05c54d1735e068c7336b0&mold=288203c23c12916abf69e0f4b3116469&sh=2c6fa681f4c739f7eefb531960c5987c67c33117&sh2=5f3006e6c83c28aa661771aecae90328c50b74ccaaa25ea56418cf9a88c41348&sh2o=5f3006e6c83c28aa661771aecae90328c50b74ccaaa25ea56418cf9a88c41348&sh2ol=5f3006e6c83c28aa661771aecae90328c50b74ccaaa25ea56418cf9a88c41348&sh2ou=a01ac08b810e06e180d7947ac95e0d1d14f9d79c3533182c95796ed201e6b9fe&sh2su=a01ac08b810e06e180d7947ac95e0d1d14f9d79c3533182c95796ed201e6b9fe&sh2old=4d1974ca509f77a84dfa9b619c8d1c8024902d7e7b4fd0d175b24a442bccc0d7&dom=mt.gov&_lc2_fpi=e33b083e4625--01fq4sfyw4y92g1bwzyw54v9r0
Requested by
Host: click1.email.billingsgazette.com
URL: http://click1.email.billingsgazette.com/ViewMessage.do;jsessionid=FBC2B59909AD8C08AD6AF4D29509A2E2
Protocol
HTTP/1.1
Server
18.215.218.210 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-215-218-210.compute-1.amazonaws.com
Software
nginx /
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://click1.email.billingsgazette.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Fri, 17 Dec 2021 18:12:00 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
43
Content-Type
image/gif

Redirect headers

Pragma
no-cache
Date
Fri, 17 Dec 2021 18:12:00 GMT
Content-Type
text/html
Location
https://p.liadm.com/imp?s=123584902&li=&p=1468768&m=e9f6cf9e221e60011e2dbe75df98d855&mo=e9f6cf9e221e60011e2dbe75df98d855&mol=e9f6cf9e221e60011e2dbe75df98d855&mou=bb35eb6152f05c54d1735e068c7336b0&msu=bb35eb6152f05c54d1735e068c7336b0&mold=288203c23c12916abf69e0f4b3116469&sh=2c6fa681f4c739f7eefb531960c5987c67c33117&sh2=5f3006e6c83c28aa661771aecae90328c50b74ccaaa25ea56418cf9a88c41348&sh2o=5f3006e6c83c28aa661771aecae90328c50b74ccaaa25ea56418cf9a88c41348&sh2ol=5f3006e6c83c28aa661771aecae90328c50b74ccaaa25ea56418cf9a88c41348&sh2ou=a01ac08b810e06e180d7947ac95e0d1d14f9d79c3533182c95796ed201e6b9fe&sh2su=a01ac08b810e06e180d7947ac95e0d1d14f9d79c3533182c95796ed201e6b9fe&sh2old=4d1974ca509f77a84dfa9b619c8d1c8024902d7e7b4fd0d175b24a442bccc0d7&dom=mt.gov&_lc2_fpi=e33b083e4625--01fq4sfyw4y92g1bwzyw54v9r0
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Length
0
Expires
Fri, 17 Dec 2021 18:12:00 GMT
imp
p.liadm.com/
Redirect Chain
  • https://sli.billingsgazette.com/imp?s=123584903&li=&e=eric.clanton@mt.gov&p=1468768
  • https://p.liadm.com/imp?s=123584903&li=&p=1468768&m=e9f6cf9e221e60011e2dbe75df98d855&mo=e9f6cf9e221e60011e2dbe75df98d855&mol=e9f6cf9e221e60011e2dbe75df98d855&mou=bb35eb6152f05c54d1735e068c7336b0&ms...
43 B
235 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://p.liadm.com/imp?s=123584903&li=&p=1468768&m=e9f6cf9e221e60011e2dbe75df98d855&mo=e9f6cf9e221e60011e2dbe75df98d855&mol=e9f6cf9e221e60011e2dbe75df98d855&mou=bb35eb6152f05c54d1735e068c7336b0&msu=bb35eb6152f05c54d1735e068c7336b0&mold=288203c23c12916abf69e0f4b3116469&sh=2c6fa681f4c739f7eefb531960c5987c67c33117&sh2=5f3006e6c83c28aa661771aecae90328c50b74ccaaa25ea56418cf9a88c41348&sh2o=5f3006e6c83c28aa661771aecae90328c50b74ccaaa25ea56418cf9a88c41348&sh2ol=5f3006e6c83c28aa661771aecae90328c50b74ccaaa25ea56418cf9a88c41348&sh2ou=a01ac08b810e06e180d7947ac95e0d1d14f9d79c3533182c95796ed201e6b9fe&sh2su=a01ac08b810e06e180d7947ac95e0d1d14f9d79c3533182c95796ed201e6b9fe&sh2old=4d1974ca509f77a84dfa9b619c8d1c8024902d7e7b4fd0d175b24a442bccc0d7&dom=mt.gov&_lc2_fpi=e33b083e4625--01fq4sfyzsjwsrgp7j02yjz312
Requested by
Host: click1.email.billingsgazette.com
URL: http://click1.email.billingsgazette.com/ViewMessage.do;jsessionid=FBC2B59909AD8C08AD6AF4D29509A2E2
Protocol
HTTP/1.1
Server
18.215.218.210 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-215-218-210.compute-1.amazonaws.com
Software
nginx /
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://click1.email.billingsgazette.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Fri, 17 Dec 2021 18:12:00 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
43
Content-Type
image/gif

Redirect headers

Pragma
no-cache
Date
Fri, 17 Dec 2021 18:12:00 GMT
Content-Type
text/html
Location
https://p.liadm.com/imp?s=123584903&li=&p=1468768&m=e9f6cf9e221e60011e2dbe75df98d855&mo=e9f6cf9e221e60011e2dbe75df98d855&mol=e9f6cf9e221e60011e2dbe75df98d855&mou=bb35eb6152f05c54d1735e068c7336b0&msu=bb35eb6152f05c54d1735e068c7336b0&mold=288203c23c12916abf69e0f4b3116469&sh=2c6fa681f4c739f7eefb531960c5987c67c33117&sh2=5f3006e6c83c28aa661771aecae90328c50b74ccaaa25ea56418cf9a88c41348&sh2o=5f3006e6c83c28aa661771aecae90328c50b74ccaaa25ea56418cf9a88c41348&sh2ol=5f3006e6c83c28aa661771aecae90328c50b74ccaaa25ea56418cf9a88c41348&sh2ou=a01ac08b810e06e180d7947ac95e0d1d14f9d79c3533182c95796ed201e6b9fe&sh2su=a01ac08b810e06e180d7947ac95e0d1d14f9d79c3533182c95796ed201e6b9fe&sh2old=4d1974ca509f77a84dfa9b619c8d1c8024902d7e7b4fd0d175b24a442bccc0d7&dom=mt.gov&_lc2_fpi=e33b083e4625--01fq4sfyzsjwsrgp7j02yjz312
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Length
0
Expires
Fri, 17 Dec 2021 18:12:00 GMT
imp
p.liadm.com/
Redirect Chain
  • https://sli.billingsgazette.com/imp?s=123584904&li=&e=eric.clanton@mt.gov&p=1468768
  • https://p.liadm.com/imp?s=123584904&li=&p=1468768&m=e9f6cf9e221e60011e2dbe75df98d855&mo=e9f6cf9e221e60011e2dbe75df98d855&mol=e9f6cf9e221e60011e2dbe75df98d855&mou=bb35eb6152f05c54d1735e068c7336b0&ms...
43 B
235 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://p.liadm.com/imp?s=123584904&li=&p=1468768&m=e9f6cf9e221e60011e2dbe75df98d855&mo=e9f6cf9e221e60011e2dbe75df98d855&mol=e9f6cf9e221e60011e2dbe75df98d855&mou=bb35eb6152f05c54d1735e068c7336b0&msu=bb35eb6152f05c54d1735e068c7336b0&mold=288203c23c12916abf69e0f4b3116469&sh=2c6fa681f4c739f7eefb531960c5987c67c33117&sh2=5f3006e6c83c28aa661771aecae90328c50b74ccaaa25ea56418cf9a88c41348&sh2o=5f3006e6c83c28aa661771aecae90328c50b74ccaaa25ea56418cf9a88c41348&sh2ol=5f3006e6c83c28aa661771aecae90328c50b74ccaaa25ea56418cf9a88c41348&sh2ou=a01ac08b810e06e180d7947ac95e0d1d14f9d79c3533182c95796ed201e6b9fe&sh2su=a01ac08b810e06e180d7947ac95e0d1d14f9d79c3533182c95796ed201e6b9fe&sh2old=4d1974ca509f77a84dfa9b619c8d1c8024902d7e7b4fd0d175b24a442bccc0d7&dom=mt.gov&_lc2_fpi=e33b083e4625--01fq4sfz05rqkz0cwtg7a7ym6m
Requested by
Host: click1.email.billingsgazette.com
URL: http://click1.email.billingsgazette.com/ViewMessage.do;jsessionid=FBC2B59909AD8C08AD6AF4D29509A2E2
Protocol
HTTP/1.1
Server
18.215.218.210 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-215-218-210.compute-1.amazonaws.com
Software
nginx /
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://click1.email.billingsgazette.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Fri, 17 Dec 2021 18:12:00 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
43
Content-Type
image/gif

Redirect headers

Pragma
no-cache
Date
Fri, 17 Dec 2021 18:12:00 GMT
Content-Type
text/html
Location
https://p.liadm.com/imp?s=123584904&li=&p=1468768&m=e9f6cf9e221e60011e2dbe75df98d855&mo=e9f6cf9e221e60011e2dbe75df98d855&mol=e9f6cf9e221e60011e2dbe75df98d855&mou=bb35eb6152f05c54d1735e068c7336b0&msu=bb35eb6152f05c54d1735e068c7336b0&mold=288203c23c12916abf69e0f4b3116469&sh=2c6fa681f4c739f7eefb531960c5987c67c33117&sh2=5f3006e6c83c28aa661771aecae90328c50b74ccaaa25ea56418cf9a88c41348&sh2o=5f3006e6c83c28aa661771aecae90328c50b74ccaaa25ea56418cf9a88c41348&sh2ol=5f3006e6c83c28aa661771aecae90328c50b74ccaaa25ea56418cf9a88c41348&sh2ou=a01ac08b810e06e180d7947ac95e0d1d14f9d79c3533182c95796ed201e6b9fe&sh2su=a01ac08b810e06e180d7947ac95e0d1d14f9d79c3533182c95796ed201e6b9fe&sh2old=4d1974ca509f77a84dfa9b619c8d1c8024902d7e7b4fd0d175b24a442bccc0d7&dom=mt.gov&_lc2_fpi=e33b083e4625--01fq4sfz05rqkz0cwtg7a7ym6m
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Length
0
Expires
Fri, 17 Dec 2021 18:12:00 GMT
facebook.png
bloximages.chicago2.vip.townnews.com/billingsgazette.com/content/tncms/live/libraries/flex/components/lee_flex/resources/images/email/ 		186 B
365 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bloximages.chicago2.vip.townnews.com/billingsgazette.com/content/tncms/live/libraries/flex/components/lee_flex/resources/images/email/facebook.png?_dc=1639728016
Requested by
Host: click1.email.billingsgazette.com
URL: http://click1.email.billingsgazette.com/ViewMessage.do;jsessionid=FBC2B59909AD8C08AD6AF4D29509A2E2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.130.43 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0dfaa8921697283f3ffe7105f3deb0f512e3d7d3b0095d913d3c0dc174168dfd
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://click1.email.billingsgazette.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Fri, 17 Dec 2021 18:11:59 GMT
vary
Accept
cf-cache-status
HIT
age
17365
cf-polished
origFmt=png, origSize=413
last-modified
Fri, 17 Dec 2021 08:00:16 GMT
content-disposition
inline; filename="facebook.webp"
content-length
186
x-robots-tag
noarchive
x-vcache
MISS
server
cloudflare
etag
"61bc4390-19d"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=604800
content-type
image/webp
access-control-allow-origin
*
expires
Sat, 17 Dec 2022 12:01:51 GMT
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
6bf21df99c2f4de2-FRA
cf-bgj
imgq:85,h2pri
twitter.png
bloximages.chicago2.vip.townnews.com/billingsgazette.com/content/tncms/live/libraries/flex/components/lee_flex/resources/images/email/ 		426 B
555 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bloximages.chicago2.vip.townnews.com/billingsgazette.com/content/tncms/live/libraries/flex/components/lee_flex/resources/images/email/twitter.png?_dc=1639728016
Requested by
Host: click1.email.billingsgazette.com
URL: http://click1.email.billingsgazette.com/ViewMessage.do;jsessionid=FBC2B59909AD8C08AD6AF4D29509A2E2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.130.43 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a006544f5de740cadaae20f5783dcc5c2e8f40b1453b72fff8e08571c1cb6a0a
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://click1.email.billingsgazette.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Fri, 17 Dec 2021 18:11:59 GMT
vary
Accept
cf-cache-status
HIT
age
17365
cf-polished
origFmt=png, origSize=920
last-modified
Fri, 17 Dec 2021 08:00:16 GMT
content-disposition
inline; filename="twitter.webp"
content-length
426
x-robots-tag
noarchive
x-vcache
MISS
server
cloudflare
etag
"61bc4390-398"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=604800
content-type
image/webp
access-control-allow-origin
*
expires
Sat, 17 Dec 2022 12:01:51 GMT
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
6bf21df99c314de2-FRA
cf-bgj
imgq:85,h2pri
instagram.png
bloximages.chicago2.vip.townnews.com/billingsgazette.com/content/tncms/live/libraries/flex/components/lee_flex/resources/images/email/ 		768 B
911 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bloximages.chicago2.vip.townnews.com/billingsgazette.com/content/tncms/live/libraries/flex/components/lee_flex/resources/images/email/instagram.png?_dc=1639728016
Requested by
Host: click1.email.billingsgazette.com
URL: http://click1.email.billingsgazette.com/ViewMessage.do;jsessionid=FBC2B59909AD8C08AD6AF4D29509A2E2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.130.43 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bad22d478a7f3404148137661c6463f92a355a7243fa0904dc863e29413d05e2
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://click1.email.billingsgazette.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Fri, 17 Dec 2021 18:11:59 GMT
vary
Accept
cf-cache-status
HIT
age
17365
cf-polished
origFmt=png, origSize=1311
last-modified
Fri, 17 Dec 2021 08:00:16 GMT
content-disposition
inline; filename="instagram.webp"
content-length
768
x-robots-tag
noarchive
x-vcache
MISS
server
cloudflare
etag
"61bc4390-51f"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=604800
content-type
image/webp
access-control-allow-origin
*
expires
Sat, 17 Dec 2022 12:01:51 GMT
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
6bf21df99c324de2-FRA
cf-bgj
imgq:85,h2pri
youtube.png
bloximages.chicago2.vip.townnews.com/billingsgazette.com/content/tncms/live/libraries/flex/components/lee_flex/resources/images/email/ 		340 B
473 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bloximages.chicago2.vip.townnews.com/billingsgazette.com/content/tncms/live/libraries/flex/components/lee_flex/resources/images/email/youtube.png?_dc=1639728016
Requested by
Host: click1.email.billingsgazette.com
URL: http://click1.email.billingsgazette.com/ViewMessage.do;jsessionid=FBC2B59909AD8C08AD6AF4D29509A2E2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.130.43 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
13b6eae3fc8a5bd966497949ca2465f36e95dc2e86d02e6856636dc3ba5c8c97
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://click1.email.billingsgazette.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Fri, 17 Dec 2021 18:11:59 GMT
vary
Accept
cf-cache-status
HIT
age
17365
cf-polished
origFmt=png, origSize=817
last-modified
Fri, 17 Dec 2021 08:00:16 GMT
content-disposition
inline; filename="youtube.webp"
content-length
340
x-robots-tag
noarchive
x-vcache
MISS
server
cloudflare
etag
"61bc4390-331"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=604800
content-type
image/webp
access-control-allow-origin
*
expires
Sat, 17 Dec 2022 12:01:51 GMT
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
6bf21df99c344de2-FRA
cf-bgj
imgq:85,h2pri
phone.png
bloximages.chicago2.vip.townnews.com/billingsgazette.com/content/tncms/live/libraries/flex/components/lee_flex/resources/images/email/ 		210 B
532 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bloximages.chicago2.vip.townnews.com/billingsgazette.com/content/tncms/live/libraries/flex/components/lee_flex/resources/images/email/phone.png?_dc=1639728016
Requested by
Host: click1.email.billingsgazette.com
URL: http://click1.email.billingsgazette.com/ViewMessage.do;jsessionid=FBC2B59909AD8C08AD6AF4D29509A2E2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.130.43 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
548b02ac5d90bc9b1faee2bba8110f936375c41e9b1d88ef37b51c89ac3f5807
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://click1.email.billingsgazette.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Fri, 17 Dec 2021 18:11:59 GMT
vary
Accept
cf-cache-status
HIT
age
17365
cf-polished
origFmt=png, origSize=493
last-modified
Fri, 17 Dec 2021 08:00:16 GMT
content-disposition
inline; filename="phone.webp"
content-length
210
x-robots-tag
noarchive
x-vcache
MISS
server
cloudflare
etag
"61bc4390-1ed"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=604800
content-type
image/webp
access-control-allow-origin
*
expires
Sat, 17 Dec 2022 12:01:51 GMT
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
6bf21df99c364de2-FRA
cf-bgj
imgq:85,h2pri

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| FB

4 Cookies

Domain/Path Name / Value
i.liadm.com/s Name: _li_ss
Value: MgUIBhCQEQ
click1.email.billingsgazette.com/ Name: JSESSIONID
Value: 2C9B346674F0E655D3183BBC78A97F17
.liadm.com/ Name: lidid
Value: 6b416a59-1a49-4b0e-8b87-9ee58491f6ab
.mathtag.com/ Name: uuid
Value: b6e261bc-d2f1-4300-9721-80e9eb2229e6

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bloximages.chicago2.vip.townnews.com
c.licasd.com
click1.email.billingsgazette.com
connect.facebook.net
f494d9.efeedbacktrk.com
i.liadm.com
i6.liadm.com
mb.taboola.com
p.liadm.com
sli.billingsgazette.com
sync.mathtag.com
www.google-analytics.com
104.18.130.43
151.101.129.44
18.215.218.210
185.29.134.244
2.16.186.163
2.18.232.230
2600:1f18:444a:4602:9c05:7f25:f6a5:7205
2a00:1450:4001:811::200e
2a03:2880:f045:10:face:b00c:0:3
54.86.197.188
74.214.203.11
96.46.128.252
0dfaa8921697283f3ffe7105f3deb0f512e3d7d3b0095d913d3c0dc174168dfd
1114f5304944fea2b98743a231e1e1ea7105fa83e25cc789070da181c06da5bb
13b6eae3fc8a5bd966497949ca2465f36e95dc2e86d02e6856636dc3ba5c8c97
197350b8d8762feb7c984cd765b9f8d380f5015f11f58f86a0eb678a351c34c4
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11
31aecbf5b6c2a6bb7d142bf051757ae131ba293f6a210631207ce5309f225996
46decdc823d369c4d9d5c7e008926752de711294d1b1fa05454a6f817654818e
4823a9a24776da61e2196b2a369b78b26daf88ceffc193f5b6c91952234e47eb
485c1121b840932438c22c2a8dd61b63ccc9f1cf16d33daa18aed205aa7649ef
4ac134dad14af635cfe908de35b1c094c7d04a7682b4e803058891ffd4870b47
52639955d46b758129a0749246be9eb66074ad365427c5e92ced4abcbea1c4f7
5417ebe6c4d945b5780b26bff7af7b190dd85ebd80a273f91bfb18c948eb20ac
548b02ac5d90bc9b1faee2bba8110f936375c41e9b1d88ef37b51c89ac3f5807
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
6b1efad47dc6f21bceadf68fc50509354aca89fe37417dee25424b0ab8933af7
7af29875571544105d288be6107a2df5e935b8ceb618c335f0e2ccdb73185c03
7df42999b17c3dd8039a37c41774eaa804db05245669e742e2e686b8da507bff
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
99ee5fd78fd729694654b38bcc1a7732c26d96ff103a94ae65c17a6c09b05d63
9ab2debd86229c9a18952ae03d9d3de5058dda53a880ba8f1324f5066a8f9610
a006544f5de740cadaae20f5783dcc5c2e8f40b1453b72fff8e08571c1cb6a0a
aabb6b91e3f5f3a069b279e7abd838b6a32233f693cfa6aa742ad9b745d901a8
bad22d478a7f3404148137661c6463f92a355a7243fa0904dc863e29413d05e2
bd406eef52cee0344db7f48b8cfbafbe72430f6ae41a95433abe134b284dc797
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
d7949ba139fd88d16a65e6d3fb70543bab35be58967ceebaf14f90e561bbfbcd
e0440c26e72f17c6f5b5b851a787766db88d45399f1a5daf5d7556d287ce3a1d
e20de508a7bbff9ccd21f050272461a1853852b84f556320d22c69afc3a323c4
f6e11d11d34858a589ed229e980aa54eec0375f769a4e384c7e5f29384b555d2
f6fa4a32bc008bc192ec3c3cb6d62bba5cfa1c63b5658f81a48d8cf31ff9f3ba
f98e8196d88bff2a006872a05d79c2d695f6dda36e0aecdd0ace020207809f40
fa325943fa76965b2d822cf4222580e10ac0dabb1b39d48e4471a0ed935acebe
fb8dcf654838fe4f030ed4609c6ac3115da631fe7985202fc9042b481e29fe28
fcf71a20e97a57a99191cae1635b6d69ba5d9c1883fc20b1772ecd6c4939dbe1