www.nytimes.com Open in urlscan Pro
151.101.1.164 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://t.co/hEnRfZ0lBg
Effective URL:
https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html
Submission: On December 13 via api (December 13th 2021, 11:59:50 am UTC) from US — Scanned from DE

Summary HTTP 153 Redirects Links 18 Behaviour Indicators

Summary

This website contacted 30 IPs in 2 countries across 18 domains to perform 153 HTTP transactions. The main IP is 151.101.1.164, located in United States and belongs to FASTLY, US. The main domain is www.nytimes.com.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on January 3rd 2020. Valid for: 2 years.

This is the only time www.nytimes.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	104.244.42.133 104.244.42.133	13414 (TWITTER) (TWITTER)
38	151.101.1.164 151.101.1.164	54113 (FASTLY) (FASTLY)
1	2a00:1450:400... 2a00:1450:4001:80f::2008	15169 (GOOGLE) (GOOGLE)
26	151.101.193.164 151.101.193.164	54113 (FASTLY) (FASTLY)
16	2a00:1450:400... 2a00:1450:4001:809::2013	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:809::200e	15169 (GOOGLE) (GOOGLE)
13	142.250.185.66 142.250.185.66	15169 (GOOGLE) (GOOGLE)
1	35.244.188.62 35.244.188.62	15169 (GOOGLE) (GOOGLE)
2	2a02:26f0:6c0... 2a02:26f0:6c00:287::11a6	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	143.204.209.60 143.204.209.60	16509 (AMAZON-02) (AMAZON-02)
1	35.241.35.241 35.241.35.241	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:803::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:80f::2001	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:80e::2003	15169 (GOOGLE) (GOOGLE)
1	2a02:26f0:6c0... 2a02:26f0:6c00:1bb::11a6	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	2a00:1450:400... 2a00:1450:4001:80f::200e	15169 (GOOGLE) (GOOGLE)
3 8	142.250.185.230 142.250.185.230	15169 (GOOGLE) (GOOGLE)
1	2600:9000:205... 2600:9000:2057:a800:18:1fcd:34f:cdc1	16509 (AMAZON-02) (AMAZON-02)
1	3.33.220.150 3.33.220.150	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:82f::2003	15169 (GOOGLE) (GOOGLE)
1	3.232.21.183 3.232.21.183	14618 (AMAZON-AES) (AMAZON-AES)
5	2a00:1450:400... 2a00:1450:4001:82f::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:813::200e	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6810:125e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
5	2606:4700:303... 2606:4700:3032::ac43:c7c7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:80e::2004	15169 (GOOGLE) (GOOGLE)
153	30

1 104.244.42.133 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

38 151.101.1.164 (United States)

ASN54113 (FASTLY, US)

www.nytimes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
g1.nyt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
static01.nyt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
samizdat-graphql.nytimes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
myaccount.nytimes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mwcm.nytimes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
a1.nyt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mwcm.nyt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

26 151.101.193.164 (United States)

ASN54113 (FASTLY, US)

samizdat-graphql.nytimes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
g1.nyt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2a00:1450:4001:809::2013 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

a.et.nytimes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
purr.nytimes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
a.nytimes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:809::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

news.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 142.250.185.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.188.62 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 62.188.244.35.bc.googleusercontent.com

als-svc.nytimes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:6c00:287::11a6 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

s.go-mpulse.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
684dd32c.akstat.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 143.204.209.60 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-209-60.fra53.r.cloudfront.net

dd.nytimes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.241.35.241 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 241.35.241.35.bc.googleusercontent.com

meter-svc.nytimes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:803::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

d7f8afbfe0cd30279dccb3cfbd3c8c42.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:80e::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00:1bb::11a6 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

c.go-mpulse.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 142.250.185.230 (United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f6.1e100.net

5290727.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2057:a800:18:1fcd:34f:cdc1 (United States)

ASN16509 (AMAZON-02, US)

static.chartbeat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.33.220.150 (United States)

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

insight.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.232.21.183 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-232-21-183.compute-1.amazonaws.com

pnytimes.chartbeat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:82f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:813::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

play.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:125e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700:3032::ac43:c7c7 (United States)

ASN13335 (CLOUDFLARENET, US)

platform.iteratehq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
iteratehq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
47	nytimes.com www.nytimes.com samizdat-graphql.nytimes.com a.et.nytimes.com als-svc.nytimes.com myaccount.nytimes.com dd.nytimes.com meter-svc.nytimes.com purr.nytimes.com a.nytimes.com mwcm.nytimes.com	1 MB
37	nyt.com g1.nyt.com static01.nyt.com a1.nyt.com mwcm.nyt.com	2 MB
19	google.com news.google.com adservice.google.com play.google.com www.google.com	70 KB
15	doubleclick.net 3 redirects securepubads.g.doubleclick.net 5290727.fls.doubleclick.net ad.doubleclick.net	164 KB
14	googlesyndication.com d7f8afbfe0cd30279dccb3cfbd3c8c42.safeframe.googlesyndication.com tpc.googlesyndication.com pagead2.googlesyndication.com	84 KB
5	iteratehq.com platform.iteratehq.com iteratehq.com	274 KB
5	gstatic.com www.gstatic.com fonts.gstatic.com	128 KB
3	google-analytics.com www.google-analytics.com	20 KB
2	go-mpulse.net s.go-mpulse.net c.go-mpulse.net	51 KB
1	akstat.io 684dd32c.akstat.io	202 B
1	cloudflare.com cdnjs.cloudflare.com	21 KB
1	googletagservices.com www.googletagservices.com	37 KB
1	chartbeat.net pnytimes.chartbeat.net	201 B
1	adsrvr.org insight.adsrvr.org	261 B
1	chartbeat.com static.chartbeat.com	14 KB
1	google.de adservice.google.de	792 B
1	googletagmanager.com www.googletagmanager.com	96 KB
1	t.co t.co	664 B
153	18

	Domain	Requested by
23	g1.nyt.com	www.nytimes.com g1.nyt.com mwcm.nyt.com
15	www.nytimes.com	t.co www.nytimes.com d7f8afbfe0cd30279dccb3cfbd3c8c42.safeframe.googlesyndication.com
13	a.et.nytimes.com	www.nytimes.com
9	mwcm.nyt.com	www.nytimes.com
8	news.google.com	www.nytimes.com news.google.com t.co www.gstatic.com
8	samizdat-graphql.nytimes.com	www.nytimes.com
7	pagead2.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
7	play.google.com	www.gstatic.com
7	securepubads.g.doubleclick.net	www.nytimes.com securepubads.g.doubleclick.net d7f8afbfe0cd30279dccb3cfbd3c8c42.safeframe.googlesyndication.com www.googletagservices.com
6	5290727.fls.doubleclick.net	2 redirects www.googletagmanager.com www.nytimes.com
5	tpc.googlesyndication.com	d7f8afbfe0cd30279dccb3cfbd3c8c42.safeframe.googlesyndication.com ad.doubleclick.net tpc.googlesyndication.com securepubads.g.doubleclick.net
4	www.gstatic.com	news.google.com www.gstatic.com
4	static01.nyt.com	www.nytimes.com
3	platform.iteratehq.com	t.co platform.iteratehq.com
3	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
3	adservice.google.com	securepubads.g.doubleclick.net 5290727.fls.doubleclick.net
3	myaccount.nytimes.com	www.nytimes.com myaccount.nytimes.com
2	iteratehq.com	platform.iteratehq.com
2	ad.doubleclick.net	1 redirects d7f8afbfe0cd30279dccb3cfbd3c8c42.safeframe.googlesyndication.com
2	d7f8afbfe0cd30279dccb3cfbd3c8c42.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	a.nytimes.com	www.nytimes.com mwcm.nyt.com
2	dd.nytimes.com	t.co dd.nytimes.com
1	www.google.com	tpc.googlesyndication.com
1	684dd32c.akstat.io	s.go-mpulse.net
1	cdnjs.cloudflare.com	www.nytimes.com
1	www.googletagservices.com	d7f8afbfe0cd30279dccb3cfbd3c8c42.safeframe.googlesyndication.com
1	pnytimes.chartbeat.net	www.nytimes.com
1	fonts.gstatic.com	news.google.com
1	insight.adsrvr.org	www.nytimes.com
1	a1.nyt.com	t.co
1	static.chartbeat.com	t.co
1	mwcm.nytimes.com	www.nytimes.com
1	c.go-mpulse.net	s.go-mpulse.net
1	adservice.google.de	securepubads.g.doubleclick.net
1	purr.nytimes.com	www.nytimes.com
1	meter-svc.nytimes.com	www.nytimes.com
1	s.go-mpulse.net	www.nytimes.com
1	als-svc.nytimes.com	www.nytimes.com
1	www.googletagmanager.com	www.nytimes.com
1	t.co
153	40

This site contains links to these domains. Also see Links.

Domain
myaccount.nytimes.com
www.facebook.com
api.whatsapp.com
twitter.com
help.nytimes.com
www.nytco.com
nytmediakit.com
www.tbrandstudio.com
nytimes.com

Subject Issuer	Validity	Valid
t.co DigiCert TLS RSA SHA256 2020 CA1	`2021-02-05` - `2022-02-04`	a year	crt.sh
nytimes.com Sectigo RSA Domain Validation Secure Server CA	`2020-01-03` - `2022-04-06`	2 years	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-11-08` - `2022-01-31`	3 months	crt.sh
a.et.nytimes.com GTS CA 1D4	`2021-11-25` - `2022-02-23`	3 months	crt.sh
*.news.google.com GTS CA 1C3	`2021-11-08` - `2022-01-31`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-11-08` - `2022-01-31`	3 months	crt.sh
akstat.io DigiCert SHA2 Secure Server CA	`2021-06-08` - `2022-06-13`	a year	crt.sh
dd.nytimes.com Sectigo RSA Domain Validation Secure Server CA	`2021-03-04` - `2022-04-03`	a year	crt.sh
purr.nytimes.com GTS CA 1D4	`2021-11-21` - `2022-02-19`	3 months	crt.sh
a.nytimes.com GTS CA 1D4	`2021-11-12` - `2022-02-10`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-11-08` - `2022-01-31`	3 months	crt.sh
*.google.de GTS CA 1C3	`2021-11-08` - `2022-01-31`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-11-08` - `2022-01-31`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-11-08` - `2022-01-31`	3 months	crt.sh
*.chartbeat.com Thawte RSA CA 2018	`2021-05-20` - `2022-06-03`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2021-03-18` - `2022-04-19`	a year	crt.sh
*.chartbeat.net Thawte RSA CA 2018	`2021-12-01` - `2022-12-30`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-11-08` - `2022-01-31`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-09-21` - `2022-09-20`	a year	crt.sh
www.google.com GTS CA 1C3	`2021-11-08` - `2022-01-31`	3 months	crt.sh

This page contains 11 frames:

Primary Page: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html
Frame ID: D1FD3754567A5719F68CF56095290C1A
Requests: 97 HTTP requests in this frame

Frame: https://myaccount.nytimes.com/auth/prefetch-assets
Frame ID: A6C16AFF610C25D3E3A761C4CA9E6136
Requests: 3 HTTP requests in this frame

Frame: https://news.google.com/swg/_/ui/v1/serviceiframe?_=455387
Frame ID: F9BC167D3FA36D13311B8E2F39E4B38F
Requests: 13 HTTP requests in this frame

Frame: https://d7f8afbfe0cd30279dccb3cfbd3c8c42.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: F5F96DA6D18A2001C04923F58BC3ED8C
Requests: 1 HTTP requests in this frame

Frame: https://5290727.fls.doubleclick.net/activityi;dc_pre=COCelPjc4PQCFciZGwodV5oO9w;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=465599704594;gtm=2wgc10;auiddc=1599891822.1639396785;u17=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-russia-bitcoin.html;ps=1;~oref=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-russia-bitcoin.html
Frame ID: 783CA73524BAA2E7ECAEB3E5758539C5
Requests: 2 HTTP requests in this frame

Frame: https://d7f8afbfe0cd30279dccb3cfbd3c8c42.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 2AB2FB24A4A4CBFB1B056B19CD993773
Requests: 9 HTTP requests in this frame

Frame: https://www.nytimes.com/subscription/ads/461200-INTL-MorningBriefing/flex
Frame ID: 527DE7199D40A80A28CF3CAEEC582AAD
Requests: 12 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 7894A254F411319AFD859B57A0B56C74
Requests: 3 HTTP requests in this frame

Frame: https://5290727.fls.doubleclick.net/activityi;dc_pre=CKbh0Pjc4PQCFY3CGwodbKQEAg;src=5290727;type=remar0;cat=gatew0;ord=1;num=6318873376168;gtm=2wgc10;auiddc=1599891822.1639396785;u17=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-russia-bitcoin.html;ps=1;~oref=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-russia-bitcoin.html
Frame ID: 8D4ED1C717E77417CDAC17A2E4FCFF80
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 751CB24A01BD1DD814DAE8B0DAABCFAF
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 30395DE8230CD8E98FEE65DC536A7400
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Companies Linked to Russian Ransomware Hide in Plain Sight - The New York TimesThe New York Times: Digital and Home Delivery Subscriptionsplus-iconcheck

Page URL History Show full URLs

https://t.co/hEnRfZ0lBg Page URL
https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html Page URL

Page Statistics

153
Requests

99 %
HTTPS

66 %
IPv6

18
Domains

40
Subdomains

30
IPs

2
Countries

4423 kB
Transfer

10789 kB
Size

33
Cookies

18 Outgoing links

These are links going to different origins than the main page.

URL: https://myaccount.nytimes.com/auth/login?response_type=cookie&client_id=vi&redirect_uri=https%3A%2F%2Fwww.nytimes.com%2Fsubscription%2Fmultiproduct%2Flp8KQUS.html%3FcampaignId%3D7JFJX%26EXIT_URI%3Dhttps%253A%252F%252Fwww.nytimes.com%252F2021%252F12%252F06%252Fworld%252Feurope%252Fransomware-russia-bitcoin.html&asset=masthead
Title: Log In

Search URL Search Domain Scan URL

URL: https://www.facebook.com/dialog/feed?app_id=9869919170&link=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-russia-bitcoin.html%3Fsmid%3Dfb-share&name=Companies%20Linked%20to%20Russian%20Ransomware%20Hide%20in%20Plain%20Sight&redirect_uri=https%3A%2F%2Fwww.facebook.com%2F

Search URL Search Domain Scan URL

URL: https://api.whatsapp.com/send?text=Companies%20Linked%20to%20Russian%20Ransomware%20Hide%20in%20Plain%20Sight%20https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-russia-bitcoin.html%3Fsmid%3Dwa-share

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?url=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-russia-bitcoin.html%3Fsmid%3Dtw-share&text=Companies%20Linked%20to%20Russian%20Ransomware%20Hide%20in%20Plain%20Sight

Search URL Search Domain Scan URL

URL: https://help.nytimes.com/hc/en-us/articles/115014792127-Copyright-notice
Title: © 2021 The New York Times Company

Search URL Search Domain Scan URL

URL: https://www.nytco.com/
Title: NYTCo

Search URL Search Domain Scan URL

URL: https://help.nytimes.com/hc/en-us/articles/115015385887-Contact-Us
Title: Contact Us

Search URL Search Domain Scan URL

URL: https://help.nytimes.com/hc/en-us/articles/115015727108-Accessibility
Title: Accessibility

Search URL Search Domain Scan URL

URL: https://www.nytco.com/careers/
Title: Work with us

Search URL Search Domain Scan URL

URL: https://nytmediakit.com/
Title: Advertise

Search URL Search Domain Scan URL

URL: http://www.tbrandstudio.com/
Title: T Brand Studio

Search URL Search Domain Scan URL

URL: https://help.nytimes.com/hc/en-us/articles/115014893428-Terms-of-service
Title: Terms of Service

Search URL Search Domain Scan URL

URL: https://help.nytimes.com/hc/en-us/articles/115014893968-Terms-of-sale
Title: Terms of Sale

Search URL Search Domain Scan URL

URL: https://help.nytimes.com/hc/en-us
Title: Help

Search URL Search Domain Scan URL

URL: https://myaccount.nytimes.com/get-started?o=1281e5fc-d028-11ea-a072-340cee6a52b6&campaignId=9WJRH
Title: SUBSCRIBE NOW

Search URL Search Domain Scan URL

URL: https://help.nytimes.com/hc/en-us/articles/115014893968-Terms-of-sale#cancel
Title: Cancellation and Refund Policy

Search URL Search Domain Scan URL

URL: https://help.nytimes.com/hc/en-us/articles/115015385887-Contact-Us?redir=myacc
Title: Feedback

Search URL Search Domain Scan URL

URL: https://nytimes.com/cookie-policy
Title: view our Cookie Policy.

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://t.co/hEnRfZ0lBg Page URL
https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 73

https://5290727.fls.doubleclick.net/activityi;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=465599704594;gtm=2wgc10;auiddc=1599891822.1639396785;u17=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-russia-bitcoin.html;ps=1;~oref=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-russia-bitcoin.html HTTP 302
https://5290727.fls.doubleclick.net/activityi;dc_pre=COCelPjc4PQCFciZGwodV5oO9w;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=465599704594;gtm=2wgc10;auiddc=1599891822.1639396785;u17=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-russia-bitcoin.html;ps=1;~oref=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-russia-bitcoin.html

Request Chain 101

https://ad.doubleclick.net/ddm/trackimpj/N296811.6440THENEWYORKTIMESCOMPA/B23785176.271590857;dc_trk_aid=466380832;dc_trk_cid=131426341;ord=1623415763;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua= HTTP 302
https://ad.doubleclick.net/ddm/trackimpj/N296811.6440THENEWYORKTIMESCOMPA/B23785176.271590857;dc_pre=CJ64o_jc4PQCFcqF_Qcd5LAI7g;dc_trk_aid=466380832;dc_trk_cid=131426341;ord=1623415763;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=

Request Chain 141

https://5290727.fls.doubleclick.net/activityi;src=5290727;type=remar0;cat=gatew0;ord=1;num=6318873376168;gtm=2wgc10;auiddc=1599891822.1639396785;u17=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-russia-bitcoin.html;ps=1;~oref=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-russia-bitcoin.html HTTP 302
https://5290727.fls.doubleclick.net/activityi;dc_pre=CKbh0Pjc4PQCFY3CGwodbKQEAg;src=5290727;type=remar0;cat=gatew0;ord=1;num=6318873376168;gtm=2wgc10;auiddc=1599891822.1639396785;u17=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-russia-bitcoin.html;ps=1;~oref=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-russia-bitcoin.html

153 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 hEnRfZ0lBg
t.co/ 394 B
664 B 140ms
123ms Document
text/html 104.244.42.133
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://t.co/hEnRfZ0lBg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.133 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Mon, 13 Dec 2021 11:59:42 GMT
vary: Origin
server: tsa_o
expires: Mon, 13 Dec 2021 12:04:43 GMT
content-type: text/html; charset=utf-8
cache-control: private,max-age=300
content-length: 229
content-encoding: gzip
x-xss-protection: 0
strict-transport-security: max-age=0
x-response-time: 116
x-connection-hash: d5bfa787aaf3e2c8c821fc9235cf140f5f6208e6f7caa9f40b7e3da4294a7296

GET
H2 200 Primary Request ransomware-russia-bitcoin.html Show response
www.nytimes.com/2021/12/06/world/europe/ 441 KB
89 KB 51ms
14ms Document
text/html 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html

Requested by

Host: t.co
URL: https://t.co/hEnRfZ0lBg

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

68f5cc8b3caddfc14bceb8de47169b489dc76ab737109ef756a2157fa076db18

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
Strict-Transport-Security	max-age=63072000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://t.co/

Response headers

server: nginx
content-type: text/html; charset=utf-8
x-nyt-data-last-modified: Mon, 13 Dec 2021 10:10:05 GMT
last-modified: Mon, 13 Dec 2021 10:10:05 GMT
x-scoop-last-modified: 2021-12-08T16:36:06.336Z
x-pagetype: vi-story
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-encoding: gzip
cache-control: s-maxage=300,no-cache
x-nyt-route: vi-story
x-datadome-timer: S1639390205.267344,VS0,VE5
x-origin-time: 2021-12-13 10:10:06 UTC
fastly-restarts: 1
accept-ranges: bytes
date: Mon, 13 Dec 2021 11:59:43 GMT
age: 6577
x-served-by: cache-lga21963-LGA, cache-hhn4036-HHN
x-cache: MISS, HIT
x-cache-hits: 0, 1
x-timer: S1639396783.208134,VS0,VE7
vary: Accept-Encoding, Fastly-SSL
x-datadome: protected
x-nyt-app-webview: 0
x-gdpr: 1
x-frame-options: DENY
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/2021/12/06/world/europe/ransomware-russia-bitcoin.html
x-api-version: F-F-VI
content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
strict-transport-security: max-age=63072000; preload
x-nyt-edge-cache: MISS-HIT
content-length: 89146

GET
H2 200 web-fonts.b1c035e4560e0216caf8f03326e0430712b61041.css
g1.nyt.com/fonts/css/ 60 KB
10 KB 23ms
7ms Stylesheet
text/css 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://g1.nyt.com/fonts/css/web-fonts.b1c035e4560e0216caf8f03326e0430712b61041.css
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.1.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 6de706923eaa7411b5bc9dfcc2de58c8950a85454fc1aa386f3537b19f861d5a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-goog-hash: crc32c=i0q+3Q==, md5=Gy5SJh6FIQsSa1B2q6k1mw==
date: Mon, 13 Dec 2021 11:59:43 GMT
content-encoding: gzip
content-type: text/css; charset=utf-8
age: 5221016
x-guploader-uploadid: ADPycdvM_HxElX7psfISEsaNQfEgnO2Zgx5cmB4AGrFveWBc7tmn1KIO6XBFRxV4kkQJuoRY7wL5yZmwCuWxcKNne2c
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
content-length: 9775
via: 1.1 varnish
x-served-by: cache-hhn4036-HHN
accept-ranges: bytes
expires: Fri, 14 Oct 2022 01:42:47 GMT
last-modified: Tue, 06 Apr 2021 21:11:51 GMT
server: UploadServer
x-timer: S1639396783.260473,VS0,VE0
etag: "1b2e52261e85210b126b5076aba9359b"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
x-goog-generation: 1617743511910294
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
x-goog-stored-content-length: 9775
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 9931

GET
H2 200 global-a390e9d7a067927dd253742a2f0124d4.css
www.nytimes.com/vi-assets/static-assets/ 6 KB
3 KB 8ms
8ms Stylesheet
text/css 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nytimes.com/vi-assets/static-assets/global-a390e9d7a067927dd253742a2f0124d4.css

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

95bc30ee747b5f6aaa020d0848cd4390c346156e7103906bf0bb273147b632af

Security Headers

Name

Value

Content-Security-Policy

upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;

Strict-Transport-Security

max-age=63072000; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-encoding: gzip
age: 1074524
x-guploader-uploadid: ADPycdvggIeRZuYJgohiuEax_tuue-meUOh-eGVehwCxJR6nV8ToqVw9HH7pwbVF1YHvkPk0BcQwFJ_FqzLhfk6j3mgzJo7QfQ
x-goog-stored-content-encoding: identity
x-origin-time: 2021-12-01 01:30:59 UTC
x-served-by: cache-hhn4036-HHN
x-timer: S1639396783.245553,VS0,VE1
etag: "3571f7d1a0dfa9e747b201e07fd9492b"
vary: Accept-Encoding, Fastly-SSL
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/global-a390e9d7a067927dd253742a2f0124d4.css
content-type: text/css; charset=utf-8
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 10384
date: Mon, 13 Dec 2021 11:59:43 GMT
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
content-length: 1978
last-modified: Wed, 01 Dec 2021 00:32:38 GMT
server: UploadServer
strict-transport-security: max-age=63072000; preload
x-goog-hash: crc32c=top12A==, md5=NXH30aDfqedHsgHgf9lJKw==
x-goog-generation: 1638312564791373
expires: Thu, 01 Dec 2022 01:30:59 GMT
x-gdpr: 1
x-goog-stored-content-length: 5676
accept-ranges: bytes

GET
H2 200 adslot-842af71a017389f7a9f8.js Show response
www.nytimes.com/vi-assets/static-assets/ 19 KB
8 KB 8ms
8ms Script
application/javascript 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nytimes.com/vi-assets/static-assets/adslot-842af71a017389f7a9f8.js

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

50355741f769814c4013442a54e5735c5e1ee9e80728a214e5a02b74f9b42b39

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=63072000; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-encoding: gzip
age: 509121
x-guploader-uploadid: ADPycdtq-U8v06eKXv7DKsOdBp5qmcsCQq9kCBae-vy42gwkIPFPoGVFVzx6TpWBJCIx6L4QwP49cNQdIe-iRfUGjw5Shokflg
x-goog-stored-content-encoding: identity
x-origin-time: 2021-12-07 14:35:52 UTC
x-served-by: cache-hhn4036-HHN
x-timer: S1639396783.260591,VS0,VE1
etag: "375b831456b5901a3bd46f7201ba7b7c"
vary: Accept-Encoding, Fastly-SSL
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/adslot-842af71a017389f7a9f8.js
content-type: application/javascript
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 14081
date: Mon, 13 Dec 2021 11:59:43 GMT
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
content-length: 6968
last-modified: Tue, 07 Dec 2021 14:29:43 GMT
server: UploadServer
strict-transport-security: max-age=63072000; preload
x-goog-hash: crc32c=jVwjkQ==, md5=N1uDFFa1kBo71G9yAbp7fA==
x-goog-generation: 1638887382912931
expires: Wed, 07 Dec 2022 14:34:21 GMT
x-gdpr: 1
x-goog-stored-content-length: 19532
accept-ranges: bytes

GET
H2 200 merlin_198333042_152e09ee-ea0e-4834-a969-9c9708a28694-superJumbo.jpg
static01.nyt.com/images/2021/12/02/world/00russia-crypto-01/ 515 KB
516 KB 25ms
11ms Image
image/webp 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static01.nyt.com/images/2021/12/02/world/00russia-crypto-01/merlin_198333042_152e09ee-ea0e-4834-a969-9c9708a28694-superJumbo.jpg?quality=75&auto=webp
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.1.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: UploadServer /
Resource Hash: caf90d615d21d458627834cc1b5ab04a110fd20512e9e6a0fd694d96dbcfd7e4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 11:59:43 GMT
via: 1.1 varnish, 1.1 varnish
age: 7045
x-guploader-uploadid: ADPycdvltXKgF-QCHrqdX7dZH5n_nSbAadJvMWFQj_FGrW-JdFM5TnPPF7s2oeNrO33etiq16kpXP5aZBsEMAEfVv10UiyuKMw
x-cache: HIT, HIT
fastly-io-info: ifsz=844547 idim=2048x1365 ifmt=jpeg ofsz=527318 odim=2048x1365 ofmt=webp
x-goog-storage-class: MULTI_REGIONAL
fastly-stats: io=1
content-length: 527318
x-served-by: cache-bwi5156-BWI, cache-hhn4036-HHN
x-nyt-gcs-bucket: cms-gke-prd-publish-images-storage
server: UploadServer
x-timer: S1639396783.284795,VS0,VE3
etag: "TM+eD90xJYRebPqmLLvxRcGCvQ9ZKsxirDBqC5dXKys"
vary: Accept
x-goog-hash: crc32c=8Mf8Tw==, md5=J2UImu8bq4hlOUGYeYc5eA==
content-type: image/webp
access-control-allow-origin: *
expires: Mon, 06 Dec 2021 10:01:21 GMT
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 1, 1

GET
H2 200 author-andrew-e-kramer-thumbLarge.png
static01.nyt.com/images/2018/10/15/multimedia/author-andrew-e-kramer/ 20 KB
20 KB 17ms
16ms Image
image/png 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static01.nyt.com/images/2018/10/15/multimedia/author-andrew-e-kramer/author-andrew-e-kramer-thumbLarge.png
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.1.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 2f47ff8da9a9b9653550fc51c1872488a976e20da51dba25dfe4c8760dcda068

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 11:59:43 GMT
via: 1.1 varnish, 1.1 varnish
age: 434533
x-guploader-uploadid: ADPycdtQZQT8OrGWHBXFtXY3V2eo1-yEducoQzwPU5R4t4XsX1d1pxCbYAbs_sg9lc-s4eXU9G0UYlFOXlRIAhi2ZX7Nl3QJJQ
x-cache: HIT, HIT
x-goog-storage-class: MULTI_REGIONAL
content-length: 20048
x-served-by: cache-bwi5175-BWI, cache-hhn4036-HHN
x-nyt-gcs-bucket: cms-gke-prd-publish-images-storage
last-modified: Mon, 15 Oct 2018 19:13:58 GMT
server: UploadServer
x-timer: S1639396783.291272,VS0,VE0
etag: "51f7124fcfbe0e26b3f437bc273e25b8"
vary: Origin
x-goog-hash: crc32c=4gAm1A==, md5=UfcST8++Diaz9De8Jz4luA==
content-type: image/png
access-control-allow-origin: *
expires: Fri, 12 Nov 2021 18:51:04 GMT
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 1, 2

GET
H2 200 vendor-8773c5d4e22e0ef62be0.js Show response
www.nytimes.com/vi-assets/static-assets/ 251 KB
77 KB 17ms
16ms Script
application/javascript 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nytimes.com/vi-assets/static-assets/vendor-8773c5d4e22e0ef62be0.js

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

bd7dc480d00cbcff9d222504dff438f974318b9d961f5c173493699cd28d37f2

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=63072000; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-encoding: gzip
age: 1016001
x-guploader-uploadid: ADPycdtRJfmxw0Jp8-ocwxuFZwzAYrKLCdey8C60UQ9waKMF1MjnxP3X0eXtCezr79M9Jp4E5LpgczY1C5I539A1qaE
x-goog-stored-content-encoding: identity
x-origin-time: 2021-12-01 17:47:14 UTC
x-served-by: cache-hhn4036-HHN
x-timer: S1639396783.291718,VS0,VE1
etag: "735667c6fbb31f728c373d0eb65cf58f"
vary: Accept-Encoding, Fastly-SSL
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/vendor-8773c5d4e22e0ef62be0.js
content-type: application/javascript
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 14206
date: Mon, 13 Dec 2021 11:59:43 GMT
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
content-length: 77252
last-modified: Wed, 01 Dec 2021 17:32:59 GMT
server: UploadServer
strict-transport-security: max-age=63072000; preload
x-goog-hash: crc32c=8g622w==, md5=c1ZnxvuzH3KMNz0Otlz1jw==
x-goog-generation: 1638379978970261
expires: Thu, 01 Dec 2022 17:46:21 GMT
x-gdpr: 1
x-goog-stored-content-length: 257076
accept-ranges: bytes

GET
H2 200 story-015ac3df9c557a3a3fe1.js Show response
www.nytimes.com/vi-assets/static-assets/ 1 MB
300 KB 19ms
17ms Script
application/javascript 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nytimes.com/vi-assets/static-assets/story-015ac3df9c557a3a3fe1.js

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

9d51ac4fb9a42858c112a239bc1c476768a84b92142c0d5707e649c2d40d8549

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=63072000; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-encoding: gzip
age: 242220
x-guploader-uploadid: ADPycdvhiXLxIPouBQ0cX8YYtlDlhQiGBNQPydWqwgxbVDsQ0s9TMwEVnv3lL6tVxRB2ArYkHAs57yHEK80Emi-_9pj3XibsOw
x-goog-stored-content-encoding: identity
x-origin-time: 2021-12-10 16:42:43 UTC
x-served-by: cache-hhn4036-HHN
x-timer: S1639396783.291856,VS0,VE1
etag: "99a088b4945c7909eccdb8095dc71745"
vary: Accept-Encoding, Fastly-SSL
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/story-015ac3df9c557a3a3fe1.js
content-type: application/javascript
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 1350
date: Mon, 13 Dec 2021 11:59:43 GMT
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
content-length: 305623
last-modified: Fri, 10 Dec 2021 15:46:23 GMT
server: UploadServer
strict-transport-security: max-age=63072000; preload
x-goog-hash: crc32c=q2NVuA==, md5=maCItJRceQnszbgJXccXRQ==
x-goog-generation: 1639151183216584
expires: Sat, 10 Dec 2022 16:42:42 GMT
x-gdpr: 1
x-goog-stored-content-length: 1152223
accept-ranges: bytes

GET
H2 200 ShareToolbarGiftTest-b4b7121553197d87a125.js Show response
www.nytimes.com/vi-assets/static-assets/ 23 KB
8 KB 18ms
16ms Script
application/javascript 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nytimes.com/vi-assets/static-assets/ShareToolbarGiftTest-b4b7121553197d87a125.js

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

058c064e8d4d0a17b6f5042e7e20d7070e49b7db5c2d99471dcb7b4c12a82335

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=63072000; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-encoding: gzip
age: 389311
x-guploader-uploadid: ADPycduV696Jw7yFE5SlUCcDI-CLA1TyAqG6TizMvXfOMA4yeUOc6syMeWFjpG5iWFkYaJTAzUkzfqrnGZMINOLEyUyDlKJxvg
x-goog-stored-content-encoding: identity
x-origin-time: 2021-12-08 23:51:12 UTC
x-served-by: cache-hhn4036-HHN
x-timer: S1639396783.291881,VS0,VE1
etag: "50da5df7038b9ed32f02a784c7623e88"
vary: Accept-Encoding, Fastly-SSL
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/ShareToolbarGiftTest-b4b7121553197d87a125.js
content-type: application/javascript
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 9513
date: Mon, 13 Dec 2021 11:59:43 GMT
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
content-length: 7507
last-modified: Wed, 08 Dec 2021 23:25:30 GMT
server: UploadServer
strict-transport-security: max-age=63072000; preload
x-goog-hash: crc32c=Hn9gGw==, md5=UNpd9wOLntMvAqeEx2I+iA==
x-goog-generation: 1639005930602270
expires: Thu, 08 Dec 2022 23:51:12 GMT
x-gdpr: 1
x-goog-stored-content-length: 23171
accept-ranges: bytes

GET
H2 200 collections-2bbcbd19361a123430a3.js Show response
www.nytimes.com/vi-assets/static-assets/ 1 MB
304 KB 18ms
16ms Script
application/javascript 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nytimes.com/vi-assets/static-assets/collections-2bbcbd19361a123430a3.js

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

366f915facc62f8768af9c1355ad813f768c62ba234ab31838f0cf66c512ce9e

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=63072000; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-encoding: gzip
age: 242223
x-guploader-uploadid: ADPycdvFGSMKdNjChBzyOCIRnDoGO_atgGa_8nv3sUJ1KhyHkPHO1ylOLtOmwfSEXIWWUTZHBqULoRhM5l4YnsgVAjYFgyyePg
x-goog-stored-content-encoding: identity
x-origin-time: 2021-12-10 16:42:40 UTC
x-served-by: cache-hhn4036-HHN
x-timer: S1639396783.292057,VS0,VE1
etag: "2ebd65f952bb64a346b9f5dc963dc08b"
vary: Accept-Encoding, Fastly-SSL
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/collections-2bbcbd19361a123430a3.js
content-type: application/javascript
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 697
date: Mon, 13 Dec 2021 11:59:43 GMT
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
content-length: 310593
last-modified: Fri, 10 Dec 2021 15:46:22 GMT
server: UploadServer
strict-transport-security: max-age=63072000; preload
x-goog-hash: crc32c=ZrkBrQ==, md5=Lr1l+VK7ZKNGufXclj3Aiw==
x-goog-generation: 1639151182074509
expires: Sat, 10 Dec 2022 16:42:40 GMT
x-gdpr: 1
x-goog-stored-content-length: 1203547
accept-ranges: bytes

GET
H2 200 main-3c7d1bf403a3e122d0a0.js Show response
www.nytimes.com/vi-assets/static-assets/ 1 MB
361 KB 18ms
17ms Script
application/javascript 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nytimes.com/vi-assets/static-assets/main-3c7d1bf403a3e122d0a0.js

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

1b4b64fc71bff598417774212237b15c6549efd8bed284470c13fa61a44b0cd1

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=63072000; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-encoding: gzip
age: 242240
x-guploader-uploadid: ADPycdv_jj_FFc4vy7aBmKs51ZRe1grcxUCwC6_V3_q8a8FDAdI_IrHLql4U36iPRKvrllfWatqK3QJqjvVKQH6PofrkFWO5Rw
x-goog-stored-content-encoding: identity
x-origin-time: 2021-12-10 16:42:23 UTC
x-served-by: cache-hhn4036-HHN
x-timer: S1639396783.292125,VS0,VE0
etag: "bfe843b4027df476bc8106331d253a72"
vary: Accept-Encoding, Fastly-SSL
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/main-3c7d1bf403a3e122d0a0.js
content-type: application/javascript
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 1728
date: Mon, 13 Dec 2021 11:59:43 GMT
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
content-length: 369143
last-modified: Fri, 10 Dec 2021 15:46:23 GMT
server: UploadServer
strict-transport-security: max-age=63072000; preload
x-goog-hash: crc32c=TRBdFw==, md5=v+hDtAJ99Ha8gQYzHSU6cg==
x-goog-generation: 1639151183069552
expires: Sat, 10 Dec 2022 16:42:23 GMT
x-gdpr: 1
x-goog-stored-content-length: 1271666
accept-ranges: bytes

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 361 KB
96 KB 179ms
54ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-P528B3&gtm_auth=tfAzqo1rYDLgYhmTnSjPqw&gtm_preview=env-130&gtm_cookies_win=x

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c6b1e37c6bf38315dc5e1e0cd1674891c65291ee994238884e64f299f0d35eff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 11:59:43 GMT
content-encoding: br
vary: *
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 97928
x-xss-protection: 0
pragma: no-cache
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 01 Jan 1990 00:00:00 GMT

OPTIONS
H2 200 v2
samizdat-graphql.nytimes.com/graphql/ Frame 0
0 70ms
23ms Preflight 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://samizdat-graphql.nytimes.com/graphql/v2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: samizdat-graphql-bb8f425 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,nyt-app-type,nyt-app-version,nyt-token
Origin: https://www.nytimes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

cache-control: max-age=30
access-control-allow-methods: GET, POST
access-control-max-age: 300
x-datadog-trace-id: 3a20edd473189181-3c0bf5d594a2a63b-1
access-control-allow-headers: content-type, nyt-app-type, nyt-app-version, nyt-token
access-control-allow-origin: https://www.nytimes.com
server: samizdat-graphql-bb8f425
x-b3-traceid: 3a20edd473189181-3c0bf5d594a2a63b-1
access-control-allow-credentials: true
via: 1.1 google, 1.1 varnish
accept-ranges: bytes
date: Mon, 13 Dec 2021 11:59:43 GMT
age: 8
x-nyt-meridiem: PM
x-nyt-continent: EU
x-nyt-country: DE
x-nyt-region: BY
x-nyt-audience-target-flat: EU:PM
x-samizdat-query-exe-id: af62c1e345652777
samizdat-x-instance: 3b2cc47d
samizdat-x-canary: false
x-served-by: cache-hhn4020-HHN
x-cache: HIT
x-cache-hits: 1
x-timer: S1639396783.329854,VS0,VE0
vary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers
timing-allow-origin: *
content-length: 0

POST
H2 200 track
a.et.nytimes.com/ 0
0 306ms
143ms Ping
application/json 2a00:1450:4001:809::2013
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://a.et.nytimes.com/track
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:809::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.nytimes.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

POST
H2 200 v2 Show response
samizdat-graphql.nytimes.com/graphql/ 148 B
789 B 65ms
64ms XHR
application/json 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://samizdat-graphql.nytimes.com/graphql/v2
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.1.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: samizdat-graphql-bb8f425 /
Resource Hash: 1a4921877a651d0873db28503f132aed42da17b71b686c676d5067d239b1e389

Request headers

Referer: https://www.nytimes.com/
nyt-app-version: 0.0.5
nyt-token: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs+/oUCTBmD/cLdmcecrnBMHiU/pxQCn2DDyaPKUOXxi4p0uUSZQzsuq1pJ1m5z1i0YGPd1U1OeGHAChWtqoxC7bFMCXcwnE1oyui9G1uobgpm1GdhtwkR7ta7akVTcsF8zxiXx7DNXIPd2nIJFH83rmkZueKrC4JVaNzjvD+Z03piLn5bHWU6+w+rA+kyJtGgZNTXKyPh6EC6o5N+rknNMG5+CdTq35p8f99WjFawSvYgP9V64kgckbTbtdJ6YhVP58TnuYgr12urtwnIqWP9KSJ1e5vmgf3tunMqWNm6+AnsqNj8mCLdCuc5cEB74CwUeQcP2HQQmbCddBy2y0mEwIDAQAB
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
nyt-app-type: project-vi
Content-Type: application/json

Response headers

x-samizdat-query-sup-code
date: Mon, 13 Dec 2021 11:59:43 GMT
content-encoding: gzip
x-nyt-meridiem: PM
x-b3-traceid: 27cb52faede535f4-4aa272c20d247473-1
age: 7
x-cache: HIT
samizdat-x-instance: 66cfd761
x-samizdat-query-field-errors: 0
x-cache-hits: 2
x-samizdat-query-exe-id: eaab9fc9ef3604f5
content-length: 123
samizdat-x-canary: false
x-nyt-continent: EU
server: samizdat-graphql-bb8f425
x-timer: S1639396783.353970,VS0,VE1
x-nyt-region: BY
x-served-by: cache-hhn4036-HHN
vary: Accept-Encoding, Samizdat-X-Personalize, x-nyt-is-anonymous, Origin
content-type: application/json
via: 1.1 google, 1.1 varnish
x-nyt-audience-target-flat: EU:PM
cache-control: max-age=30
access-control-allow-credentials: true
x-nyt-country: DE
x-datadog-trace-id: 27cb52faede535f4-4aa272c20d247473-1
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: https://www.nytimes.com
access-control-expose-headers: x-nyt-audience-target-flat, x-nyt-continent, x-nyt-country, x-nyt-region, x-nyt-meridiem, x-nyt-gmt-offset

GET
H2 200 swg.js Show response
news.google.com/swg/js/v1/ 139 KB
44 KB 177ms
53ms Script
text/javascript 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://news.google.com/swg/js/v1/swg.js

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a7baa007c35a2be99bbefd42c149d7bf7d6b38268c7873193d497a08404fe112

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 11:49:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 616
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/news-frontend
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44196
x-xss-protection: 0
last-modified: Wed, 08 Dec 2021 19:29:32 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="news-frontend"
vary: Accept-Encoding
report-to: {"group":"news-frontend","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/news-frontend"}]}
content-type: text/javascript
cache-control: public, max-age=3000
accept-ranges: bytes
expires: Mon, 13 Dec 2021 12:39:27 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 78 KB
27 KB 179ms
57ms Script
text/javascript 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

sffe /

Resource Hash

1907478e8fa62801a1db26be87cab0755288131c9c8e80320582e560825df3cc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 11:59:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1069 / 428 of 1000 / last-modified: 1639177483"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26912
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 13 Dec 2021 11:59:43 GMT

GET
H2 200 als Show response
als-svc.nytimes.com/ 2 KB
3 KB 290ms
164ms XHR
application/json 35.244.188.62
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://als-svc.nytimes.com/als?uri=nyt%3A%2F%2Farticle%2F2177413b-f7a2-5ada-95b7-93755d88e643&typ=&prop=nyt&plat=web
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.188.62 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 62.188.244.35.bc.googleusercontent.com
Software: /
Resource Hash: 47b2fb04e8cdc57ea139d2f73080b5e330949d02b93df500a8e18f5db9cb2dc0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 11:59:43 GMT
via: 1.1 google
access-control-allow-headers: DNT, X-CustomHeader, Keep-Alive, User-Agent, X-Requested-With, If-Modified-Since, Cache-Control, Content-Type, Cookie, Accept, x-requested-by, x-api-key, nyt-a
access-control-allow-methods: GET, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.nytimes.com
cache-control: private, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
alt-svc: clear

GET
H2 200 .status
a.et.nytimes.com// 0
0 288ms
140ms Fetch
application/json 2a00:1450:4001:809::2013
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://a.et.nytimes.com//.status
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:809::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept: */*
Referer: https://www.nytimes.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
content-type: text/plain;charset=UTF-8

Response headers

GET
H2 200 icon-whatsapp-17x17-000-eb3ac0d36c11bd5a497046cb82515de2.svg
www.nytimes.com/vi-assets/static-assets/ 1 KB
1 KB 69ms
69ms Image
image/svg+xml 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.nytimes.com/vi-assets/static-assets/icon-whatsapp-17x17-000-eb3ac0d36c11bd5a497046cb82515de2.svg

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

6980dd89438ca9eddd7b94b191e66619511bc01e3a03af49a8c331ccc5d56d54

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=63072000; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-encoding: gzip
age: 1168602
x-guploader-uploadid: ADPycdtlO1L3Js-D0EnjhSH8QvTkl-QdrXBWYd8Pc9QGEhd1qzvMkXhhRWfNsaM4iL44z5n52fwxjEQws9uAJysOx4OAoXXBnw
x-goog-stored-content-encoding: identity
x-origin-time: 2021-11-29 23:23:00 UTC
x-served-by: cache-hhn4036-HHN
x-timer: S1639396783.318769,VS0,VE1
etag: "f5e6ba8f0613f5244e1e8ba2c4f8dd1a"
vary: Accept-Encoding, Fastly-SSL
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/icon-whatsapp-17x17-000-eb3ac0d36c11bd5a497046cb82515de2.svg
content-type: image/svg+xml
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 6574
date: Mon, 13 Dec 2021 11:59:43 GMT
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
content-length: 645
last-modified: Mon, 29 Nov 2021 22:08:56 GMT
server: UploadServer
strict-transport-security: max-age=63072000; preload
x-goog-hash: crc32c=GTQy+Q==, md5=9ea6jwYT9SROHouixPjdGg==
x-goog-generation: 1638223736626123
expires: Tue, 29 Nov 2022 23:23:00 GMT
x-gdpr: 1
x-goog-stored-content-length: 1162
accept-ranges: bytes

GET
H2 200 franklin-normal-500.d6c06a3d84a57100edad5bf9b84ff739.woff2
g1.nyt.com/fonts/family/franklin/ 19 KB
20 KB 69ms
23ms Font
application/octet-stream 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://g1.nyt.com/fonts/family/franklin/franklin-normal-500.d6c06a3d84a57100edad5bf9b84ff739.woff2
Requested by: Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.b1c035e4560e0216caf8f03326e0430712b61041.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 1c7536005d0e28de66f559cbd59e83e9c5c4301553668cbbb8cb0dfa753e33c6

Request headers

Referer: https://g1.nyt.com/fonts/css/web-fonts.b1c035e4560e0216caf8f03326e0430712b61041.css
Origin: https://www.nytimes.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-goog-hash: crc32c=ImeYUg==, md5=1sBqPYSlcQDtrVv5uE/3OQ==
date: Mon, 13 Dec 2021 11:59:43 GMT
via: 1.1 varnish
content-type: application/octet-stream
age: 5833046
x-guploader-uploadid: ADPycdv_daBJz1GMbDv51CbbcmgvIEki9m2Vbyc2RlpNHfjikXqOwydbx02JYNMon2CphKiQnbieVibYJ2n6-cIuvVY
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 19836
x-served-by: cache-hhn4080-HHN
accept-ranges: bytes
expires: Thu, 06 Oct 2022 23:42:16 GMT
last-modified: Wed, 15 Sep 2021 19:43:04 GMT
server: UploadServer
x-timer: S1639396783.350052,VS0,VE0
etag: "d6c06a3d84a57100edad5bf9b84ff739"
access-control-allow-methods: GET, OPTIONS
x-goog-generation: 1631734984052902
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
x-goog-stored-content-length: 19836
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 6080

GET
H2 200 franklin-normal-700.b44c88f09ca7ce914b836d4ae72891b8.woff2
g1.nyt.com/fonts/family/franklin/ 20 KB
20 KB 69ms
23ms Font
application/octet-stream 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://g1.nyt.com/fonts/family/franklin/franklin-normal-700.b44c88f09ca7ce914b836d4ae72891b8.woff2
Requested by: Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.b1c035e4560e0216caf8f03326e0430712b61041.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 156f9b4a184dd0f31c929ce45c89e94a07148f97fc371cc7fde39ff04b706b57

Request headers

Referer: https://g1.nyt.com/fonts/css/web-fonts.b1c035e4560e0216caf8f03326e0430712b61041.css
Origin: https://www.nytimes.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-goog-hash: crc32c=PQVxAw==, md5=tEyI8JynzpFLg21K5yiRuA==
date: Mon, 13 Dec 2021 11:59:43 GMT
via: 1.1 varnish
content-type: application/octet-stream
age: 1078822
x-guploader-uploadid: ADPycdtX4MNbT6QPezVCT7YrY3yujYPe9pEU9CNfFp1wTobv5fHyXsHYBVGUJ_l1a3OVBc8t-akvK3w37GbgV4tKf-Y
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 20312
x-served-by: cache-hhn4080-HHN
accept-ranges: bytes
expires: Thu, 01 Dec 2022 00:19:20 GMT
last-modified: Wed, 15 Sep 2021 19:43:04 GMT
server: UploadServer
x-timer: S1639396783.350242,VS0,VE0
etag: "b44c88f09ca7ce914b836d4ae72891b8"
access-control-allow-methods: GET, OPTIONS
x-goog-generation: 1631734984061911
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
x-goog-stored-content-length: 20312
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 6028

GET
H2 200 cheltenham-normal-400.a3ed7afe3eaa0a873f3fbd379f8c491b.woff2
g1.nyt.com/fonts/family/cheltenham/ 28 KB
29 KB 68ms
23ms Font
application/octet-stream 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://g1.nyt.com/fonts/family/cheltenham/cheltenham-normal-400.a3ed7afe3eaa0a873f3fbd379f8c491b.woff2
Requested by: Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.b1c035e4560e0216caf8f03326e0430712b61041.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 48c17df8a89e5c3acb4127a265cce50218716f0dfdf7ad265267d4a013f01b2f

Request headers

Referer: https://g1.nyt.com/fonts/css/web-fonts.b1c035e4560e0216caf8f03326e0430712b61041.css
Origin: https://www.nytimes.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-goog-hash: crc32c=qrdFGQ==, md5=o+16/j6qCoc/P703n4xJGw==
date: Mon, 13 Dec 2021 11:59:43 GMT
via: 1.1 varnish
content-type: application/octet-stream
age: 2804720
x-guploader-uploadid: ADPycdsbmB0iGXrnj0YJIZxZlMCd46_nNAOz3Po7oc1jbUFbh_TztelAet_j9dEfjgeGE8bMBAavINFKWZRKFcfT-wI
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 29076
x-served-by: cache-hhn4080-HHN
accept-ranges: bytes
expires: Fri, 11 Nov 2022 00:54:21 GMT
last-modified: Wed, 15 Sep 2021 19:43:02 GMT
server: UploadServer
x-timer: S1639396783.350355,VS0,VE0
etag: "a3ed7afe3eaa0a873f3fbd379f8c491b"
access-control-allow-methods: GET, OPTIONS
x-goog-generation: 1631734982705223
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
x-goog-stored-content-length: 29076
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 3977

GET
H2 200 cheltenham-small-normal-400.108ce298d451197b23fefceb3e36959f.woff2
g1.nyt.com/fonts/family/cheltenham-small/ 20 KB
20 KB 102ms
57ms Font
application/octet-stream 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://g1.nyt.com/fonts/family/cheltenham-small/cheltenham-small-normal-400.108ce298d451197b23fefceb3e36959f.woff2
Requested by: Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.b1c035e4560e0216caf8f03326e0430712b61041.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 7e600a56d48ef1c596bf57dab35afecd2d31a8d2672b045efdde1fec1a0f0f07

Request headers

Referer: https://g1.nyt.com/fonts/css/web-fonts.b1c035e4560e0216caf8f03326e0430712b61041.css
Origin: https://www.nytimes.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-goog-hash: crc32c=jpfQKQ==, md5=EIzimNRRGXsj/vzrPjaVnw==
date: Mon, 13 Dec 2021 11:59:43 GMT
via: 1.1 varnish
content-type: application/octet-stream
age: 2202605
x-guploader-uploadid: ADPycduOrhjba74-CeRc3F9k_9vFN2QMWqkEBhI_NbkUXB0LpkmOIsecIGAI0nwwt8znlr9CmC9Sum3OzIxqJbC3VsM
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 20136
x-served-by: cache-hhn4080-HHN
accept-ranges: bytes
expires: Fri, 18 Nov 2022 00:09:37 GMT
last-modified: Wed, 15 Sep 2021 19:43:03 GMT
server: UploadServer
x-timer: S1639396783.350462,VS0,VE0
etag: "108ce298d451197b23fefceb3e36959f"
access-control-allow-methods: GET, OPTIONS
x-goog-generation: 1631734983132414
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
x-goog-stored-content-length: 20136
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 3334

GET
H2 200 franklin-normal-300.bc7be4c5d8cacb780f896c5cbe0c0d7f.woff2
g1.nyt.com/fonts/family/franklin/ 20 KB
20 KB 102ms
57ms Font
application/octet-stream 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://g1.nyt.com/fonts/family/franklin/franklin-normal-300.bc7be4c5d8cacb780f896c5cbe0c0d7f.woff2
Requested by: Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.b1c035e4560e0216caf8f03326e0430712b61041.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 254043432874ecaf0cf3d6d69907109b373057290d615453060544935d1cb8b9

Request headers

Referer: https://g1.nyt.com/fonts/css/web-fonts.b1c035e4560e0216caf8f03326e0430712b61041.css
Origin: https://www.nytimes.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-goog-hash: crc32c=XjpPGQ==, md5=vHvkxdjKy3gPiWxcvgwNfw==
date: Mon, 13 Dec 2021 11:59:43 GMT
via: 1.1 varnish
content-type: application/octet-stream
age: 252383
x-guploader-uploadid: ADPycdt3cBFAGFsQ4ccfs6u5GneNBz1n_ODTUPQlKOGNLnU2lvCMirGPa6QzyaNayWd9jLz0sz61LujRZSP0pCRBILc
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 20172
x-served-by: cache-hhn4080-HHN
accept-ranges: bytes
expires: Sat, 10 Dec 2022 13:53:20 GMT
last-modified: Wed, 15 Sep 2021 19:43:04 GMT
server: UploadServer
x-timer: S1639396783.350527,VS0,VE0
etag: "bc7be4c5d8cacb780f896c5cbe0c0d7f"
access-control-allow-methods: GET, OPTIONS
x-goog-generation: 1631734983906454
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
x-goog-stored-content-length: 20172
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 5097

GET
H2 200 cheltenham-italic-700.f99a0459024509f157a3352e5de4f873.woff2
g1.nyt.com/fonts/family/cheltenham/ 28 KB
29 KB 101ms
57ms Font
application/octet-stream 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://g1.nyt.com/fonts/family/cheltenham/cheltenham-italic-700.f99a0459024509f157a3352e5de4f873.woff2
Requested by: Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.b1c035e4560e0216caf8f03326e0430712b61041.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 2ccd0ce11738369585c6f39ed2cde7b3b3b1c25c12fc30047218aa201d6add76

Request headers

Referer: https://g1.nyt.com/fonts/css/web-fonts.b1c035e4560e0216caf8f03326e0430712b61041.css
Origin: https://www.nytimes.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-goog-hash: crc32c=4NwmFQ==, md5=+ZoEWQJFCfFXozUuXeT4cw==
date: Mon, 13 Dec 2021 11:59:43 GMT
via: 1.1 varnish
content-type: application/octet-stream
age: 2202625
x-guploader-uploadid: ADPycduIAYo83mhM8t6_oelrSd3hudE-s6pHbvE2CefgZV4ceeWFAVdUImSxXVET8ZL9YtfGVlHReDPdAjBqto4bxLM
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 28620
x-served-by: cache-hhn4080-HHN
accept-ranges: bytes
expires: Fri, 18 Nov 2022 00:09:17 GMT
last-modified: Wed, 15 Sep 2021 19:43:02 GMT
server: UploadServer
x-timer: S1639396783.350620,VS0,VE0
etag: "f99a0459024509f157a3352e5de4f873"
access-control-allow-methods: GET, OPTIONS
x-goog-generation: 1631734982696426
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
x-goog-stored-content-length: 28620
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 2289

GET
H2 200 cheltenham-normal-300.7ea91ebd036309e1fe756ee3aab272da.woff2
g1.nyt.com/fonts/family/cheltenham/ 27 KB
27 KB 139ms
94ms Font
application/octet-stream 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://g1.nyt.com/fonts/family/cheltenham/cheltenham-normal-300.7ea91ebd036309e1fe756ee3aab272da.woff2
Requested by: Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.b1c035e4560e0216caf8f03326e0430712b61041.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: UploadServer /
Resource Hash: e444fdaa833e612d239cf21a335b8322ad8cb7c7ba697ec978bdb454f5059519

Request headers

Referer: https://g1.nyt.com/fonts/css/web-fonts.b1c035e4560e0216caf8f03326e0430712b61041.css
Origin: https://www.nytimes.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-goog-hash: crc32c=rNQ9pA==, md5=fqkevQNjCeH+dW7jqrJy2g==
date: Mon, 13 Dec 2021 11:59:43 GMT
via: 1.1 varnish
content-type: application/octet-stream
age: 1685999
x-guploader-uploadid: ADPycdtKHSXecei8L0qjYtsbwQPyxWYVl1efquEk_SRtqwZpe84w0b8STr-Wc92hRndkLHzCXERGejF3fMe2re-xSLVQL7HtjA
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 27260
x-served-by: cache-hhn4080-HHN
accept-ranges: bytes
expires: Wed, 23 Nov 2022 23:39:43 GMT
last-modified: Wed, 15 Sep 2021 19:43:02 GMT
server: UploadServer
x-timer: S1639396783.351067,VS0,VE0
etag: "7ea91ebd036309e1fe756ee3aab272da"
access-control-allow-methods: GET, OPTIONS
x-goog-generation: 1631734982738365
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
x-goog-stored-content-length: 27260
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 3749

GET
H2 200 imperial-normal-400.6131cd77b6e216c7693ed925f4309ffc.woff2
g1.nyt.com/fonts/family/imperial/ 26 KB
26 KB 101ms
56ms Font
application/octet-stream 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://g1.nyt.com/fonts/family/imperial/imperial-normal-400.6131cd77b6e216c7693ed925f4309ffc.woff2
Requested by: Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.b1c035e4560e0216caf8f03326e0430712b61041.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: UploadServer /
Resource Hash: b32e3879c83af441e675efa49587cb894bdd3c10420475f79879fbfb7a69766b

Request headers

Referer: https://g1.nyt.com/fonts/css/web-fonts.b1c035e4560e0216caf8f03326e0430712b61041.css
Origin: https://www.nytimes.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-goog-hash: crc32c=ZzOuxA==, md5=YTHNd7biFsdpPtkl9DCf/A==
date: Mon, 13 Dec 2021 11:59:43 GMT
via: 1.1 varnish
content-type: application/octet-stream
age: 3399722
x-guploader-uploadid: ADPycdsPgT4lcseauEpJLQy0Zsg30Moickqr1VqZgSIgCB1QoXGXeqKooxxgUjtaoY-NEecarL-ob9XvEbblsldRDB3zOZzgsw
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 26504
x-served-by: cache-hhn4080-HHN
accept-ranges: bytes
expires: Fri, 04 Nov 2022 03:37:39 GMT
last-modified: Wed, 15 Sep 2021 19:43:04 GMT
server: UploadServer
x-timer: S1639396783.350965,VS0,VE0
etag: "6131cd77b6e216c7693ed925f4309ffc"
access-control-allow-methods: GET, OPTIONS
x-goog-generation: 1631734984460387
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
x-goog-stored-content-length: 26504
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 5750

GET
H2 200 ATH8A-MAMN8-XPXCH-N5KAX-8D239 Show response
s.go-mpulse.net/boomerang/ 205 KB
49 KB 105ms
12ms Script
application/javascript 2a02:26f0:6c00:287::11a6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://s.go-mpulse.net/boomerang/ATH8A-MAMN8-XPXCH-N5KAX-8D239
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:6c00:287::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 09ebd7f407439990aac227e70da23e1a819e8e30282928e324370805f480bec4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 11:59:43 GMT
content-encoding: br
last-modified: Thu, 07 Oct 2021 14:21:31 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=604800
timing-allow-origin: *
content-length: 50393

GET
H2 200 prefetch-assets Show response
myaccount.nytimes.com/auth/ Frame A6C1 393 B
711 B 85ms
54ms Document
text/html 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://myaccount.nytimes.com/auth/prefetch-assets

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Google Frontend / Express

Resource Hash

188ddfbd61938b815f68a545789428142a6b63b35caa7f3f754213cd599d7de1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/

Response headers

content-type: text/html; charset=utf-8
x-powered-by: Express
x-datadog-trace-id: 3380471259569303728
x-datadog-parent-id: 3380471259569303728
x-datadog-sampled: 0
x-datadog-sampling-priority: -1
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-nyt-backend: lire-ui
etag: W/"189-5NYSN6B/DQVUu/9CyoJKhPjcQlE"
content-encoding: gzip
x-cloud-trace-context: 169f8fe36335f5cd70eeec5dea2a27e0
server: Google Frontend
cache-control: public, max-age=600
x-datadome-timer: (null),VE117
accept-ranges: bytes
date: Mon, 13 Dec 2021 11:59:43 GMT
via: 1.1 varnish
age: 280
x-served-by: cache-hhn4036-HHN
x-cache: HIT
x-cache-hits: 5
vary: Accept-Encoding
x-api-version: F-X
content-length: 277

GET
H2 200 vendors~answerpage~audio~bestsellers~byline~capsule~collections~explainer~home~hubpage~liveblog~mark~58f33aa8-9ae59f4271c74bf6f99d.js Show response
www.nytimes.com/vi-assets/static-assets/ 42 KB
15 KB 10ms
10ms Script
application/javascript 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nytimes.com/vi-assets/static-assets/vendors~answerpage~audio~bestsellers~byline~capsule~collections~explainer~home~hubpage~liveblog~mark~58f33aa8-9ae59f4271c74bf6f99d.js

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

a8a2179c51efda9e02ef253bcefea84a74a813c62ca60165d91bd707474a7eb7

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=63072000; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-encoding: gzip
age: 508970
x-guploader-uploadid: ADPycdtOb70eOXy08OXITAgH6KwL88hwsF-VkCXAks-8W-YHqyf8LGqGC1_N5MHieXrzP05VZMpTP5bqIJfYQbukInUaK0Jy2g
x-goog-stored-content-encoding: identity
x-origin-time: 2021-12-07 14:36:54 UTC
x-served-by: cache-hhn4036-HHN
x-timer: S1639396784.663849,VS0,VE1
etag: "78a99925b9e9cc9403df297dfb5b706f"
vary: Accept-Encoding, Fastly-SSL
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/vendors~answerpage~audio~bestsellers~byline~capsule~collections~explainer~home~hubpage~liveblog~mark~58f33aa8-9ae59f4271c74bf6f99d.js
content-type: application/javascript
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 13464
date: Mon, 13 Dec 2021 11:59:43 GMT
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
content-length: 13719
last-modified: Tue, 07 Dec 2021 14:29:44 GMT
server: UploadServer
strict-transport-security: max-age=63072000; preload
x-goog-hash: crc32c=DlSlzA==, md5=eKmZJbnpzJQD3yl9+1twbw==
x-goog-generation: 1638887384214800
expires: Wed, 07 Dec 2022 14:36:53 GMT
x-gdpr: 1
x-goog-stored-content-length: 43465
accept-ranges: bytes

GET
H2 200 vendors~audio~byline~capsule~clientSideCapsule~collections~explainer~liveblog~paidpost~programmables~9b4c8899-9ef218bd61e5e13a2ad6.js Show response
www.nytimes.com/vi-assets/static-assets/ 67 KB
13 KB 10ms
9ms Script
application/javascript 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nytimes.com/vi-assets/static-assets/vendors~audio~byline~capsule~clientSideCapsule~collections~explainer~liveblog~paidpost~programmables~9b4c8899-9ef218bd61e5e13a2ad6.js

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

ce9e7c3b2f350d3cbf09d888f5d9c2d9f9265511f9cb22741fc2c305c1f23d28

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=63072000; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-encoding: gzip
age: 1168704
x-guploader-uploadid: ADPycdvGUOLoNRAP7mNI0N4C4_3cvb0OAxpF07viGvCsdSVYg6nmHjL3qiq145N4YbMn1F1oQzBUGDdS9UBBm0toaw9FCF7rHQ
x-goog-stored-content-encoding: identity
x-origin-time: 2021-11-29 23:21:19 UTC
x-served-by: cache-hhn4036-HHN
x-timer: S1639396784.664099,VS0,VE1
etag: "1f07e564ed71fd10d1ee5152fbbf331f"
vary: Accept-Encoding, Fastly-SSL
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/vendors~audio~byline~capsule~clientSideCapsule~collections~explainer~liveblog~paidpost~programmables~9b4c8899-9ef218bd61e5e13a2ad6.js
content-type: application/javascript
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 11374
date: Mon, 13 Dec 2021 11:59:43 GMT
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
content-length: 13209
last-modified: Mon, 29 Nov 2021 22:08:57 GMT
server: UploadServer
strict-transport-security: max-age=63072000; preload
x-goog-hash: crc32c=YDeaTg==, md5=HwflZO1x/RDR7lFS+78zHw==
x-goog-generation: 1638223737447772
expires: Tue, 29 Nov 2022 23:21:19 GMT
x-gdpr: 1
x-goog-stored-content-length: 68207
accept-ranges: bytes

GET
H2 200 vendors~audio~capsule~clientSideCapsule~collections~explainer~home~liveblog~paidpost~story~trending~video-30fd3b05a7be1f8caaf9.js Show response
www.nytimes.com/vi-assets/static-assets/ 21 KB
6 KB 8ms
8ms Script
application/javascript 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nytimes.com/vi-assets/static-assets/vendors~audio~capsule~clientSideCapsule~collections~explainer~home~liveblog~paidpost~story~trending~video-30fd3b05a7be1f8caaf9.js

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

2cf2c5d7d5cdbee916b1b7fb89d3b1c8cdeb6e4a7ef38b5e8587a212680a0b54

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=63072000; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-encoding: gzip
age: 2202784
x-guploader-uploadid: ADPycdtLsVg8q2F3l3m6X_344P2ssuZP-QBgTZwNolyEsxIibrug2VIclSPjz3VjmZLk9NxguekHM7YuUV9dMdaTelpA4e1hNw
x-goog-stored-content-encoding: identity
x-origin-time: 2021-11-18 00:06:39 UTC
x-served-by: cache-hhn4036-HHN
x-timer: S1639396784.664208,VS0,VE0
etag: "7de0b37ad545cc1901fce2f3d9cf792f"
vary: Accept-Encoding, Fastly-SSL
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/vendors~audio~capsule~clientSideCapsule~collections~explainer~home~liveblog~paidpost~story~trending~video-30fd3b05a7be1f8caaf9.js
content-type: application/javascript
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 11886
date: Mon, 13 Dec 2021 11:59:43 GMT
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
content-length: 5010
last-modified: Wed, 17 Nov 2021 23:38:19 GMT
server: UploadServer
strict-transport-security: max-age=63072000; preload
x-goog-hash: crc32c=rnW+5g==, md5=feCzetVFzBkB/OLz2c95Lw==
x-goog-generation: 1637192299676365
expires: Fri, 18 Nov 2022 00:06:39 GMT
x-gdpr: 1
x-goog-stored-content-length: 21996
accept-ranges: bytes

GET
H2 200 index.js Show response
myaccount.nytimes.com/lire_ui/js/common/abra/ Frame A6C1 2 KB
1 KB 26ms
26ms Script
application/javascript 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://myaccount.nytimes.com/lire_ui/js/common/abra/index.js
Requested by: Host: myaccount.nytimes.com
URL: https://myaccount.nytimes.com/auth/prefetch-assets
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.1.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: 182331bf2d6618498776e7ea1d47fea5bc968c4ebcc0de38e1b2129f610b28e6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://myaccount.nytimes.com/auth/prefetch-assets
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 11:59:43 GMT
content-encoding: gzip
x-api-version: F-X
age: 128
x-cache: HIT
x-cache-hits: 2
content-length: 1252
x-served-by: cache-hhn4036-HHN
server: Google Frontend
etag: "5C5aiA"
content-type: application/javascript
via: 1.1 varnish
x-cloud-trace-context: 025873280fe7118c58fb8e3d6be6cb45
cache-control: public, max-age=600
x-datadome-timer: (null),VE113
accept-ranges: bytes
x-nyt-backend: lire-ui
expires: Sun, 12 Dec 2021 17:12:36 GMT

GET
H2 200 unified-lire.bundle.js Show response
myaccount.nytimes.com/lire_ui/js/ Frame A6C1 393 KB
134 KB 25ms
25ms Script
application/javascript 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://myaccount.nytimes.com/lire_ui/js/unified-lire.bundle.js?v=556dcb9
Requested by: Host: myaccount.nytimes.com
URL: https://myaccount.nytimes.com/auth/prefetch-assets
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.1.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: f22a0b77826e19285bf8c13746bc95b4004cea07758517f93670038aaf297e68

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://myaccount.nytimes.com/auth/prefetch-assets
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 11:59:43 GMT
content-encoding: gzip
x-api-version: F-X
age: 34
x-cache: HIT
x-cache-hits: 2
content-length: 136420
x-served-by: cache-hhn4036-HHN
server: Google Frontend
etag: "5C5aiA"
content-type: application/javascript
via: 1.1 varnish
x-cloud-trace-context: 5cf8bd30a49916bbcc5352d4e1b3ff27;o=1
cache-control: public, max-age=600
x-datadome-timer: (null),VE216
accept-ranges: bytes
x-nyt-backend: lire-ui
expires: Thu, 18 Nov 2021 00:28:01 GMT

GET
H2 200 pubads_impl_2021120601.js Show response
securepubads.g.doubleclick.net/gpt/ 348 KB
117 KB 52ms
52ms Script
text/javascript 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

sffe /

Resource Hash

2d5ae5a515a688823dc98d032242c2ed6f490a74c4281bdd599567898f9fa675

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 11:59:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 119476
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 09:34:20 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 13 Dec 2021 11:59:43 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 1 KB
378 B 97ms
49ms XHR
application/json 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.nytimes.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

3f4b118408ab37557b01bca242d1e378358267b85a5c7c9e77b77cde7549a23a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 13 Dec 2021 11:59:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 353
x-xss-protection: 0
expires: Mon, 13 Dec 2021 11:59:43 GMT

GET
H2 200 swg-button.css
news.google.com/swg/js/v1/ 21 KB
6 KB 40ms
39ms Stylesheet
text/css 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://news.google.com/swg/js/v1/swg-button.css

Requested by

Host: news.google.com
URL: https://news.google.com/swg/js/v1/swg.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

128921b242c2b1953c2a1691cfd681f716ecbe620ec1a2424a644b9487c23760

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 11:42:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1017
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/news-frontend
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6439
x-xss-protection: 0
last-modified: Wed, 03 Nov 2021 17:26:21 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="news-frontend"
vary: Accept-Encoding
report-to: {"group":"news-frontend","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/news-frontend"}]}
content-type: text/css
cache-control: public, max-age=3000
accept-ranges: bytes
expires: Mon, 13 Dec 2021 12:32:46 GMT

GET
H2 200 serviceiframe Show response
news.google.com/swg/_/ui/v1/ Frame F9BC 23 KB
8 KB 79ms
78ms Document
text/html 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://news.google.com/swg/_/ui/v1/serviceiframe?_=455387

Requested by

Host: news.google.com
URL: https://news.google.com/swg/js/v1/swg.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

22914401a72d2d5ca9aacdeca9684fa2e3fe398525412d0af423b8cdaeaf0534

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-hoPlhv5+f3q6XQFSCEMMOw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/SubscribewithgoogleClientUi/cspreport;worker-src 'self' script-src 'nonce-hoPlhv5+f3q6XQFSCEMMOw' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com;report-uri /_/SubscribewithgoogleClientUi/cspreport require-trusted-types-for 'script';report-uri /_/SubscribewithgoogleClientUi/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/

Response headers

content-type: text/html; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-ua-compatible: IE=edge
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 13 Dec 2021 11:59:43 GMT
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
strict-transport-security: max-age=31536000
content-security-policy: script-src 'report-sample' 'nonce-hoPlhv5+f3q6XQFSCEMMOw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/SubscribewithgoogleClientUi/cspreport;worker-src 'self' script-src 'nonce-hoPlhv5+f3q6XQFSCEMMOw' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com;report-uri /_/SubscribewithgoogleClientUi/cspreport require-trusted-types-for 'script';report-uri /_/SubscribewithgoogleClientUi/cspreport
cross-origin-resource-policy: same-site
report-to: {"group":"SubscribewithgoogleClientUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/SubscribewithgoogleClientUi/external"}]}
cross-origin-opener-policy-report-only: unsafe-none; report-to="SubscribewithgoogleClientUi"
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 loader.svg
news.google.com/swg/js/v1/ 0
1 KB 41ms
40ms Other
image/svg+xml 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://news.google.com/swg/js/v1/loader.svg

Requested by

Host: news.google.com
URL: https://news.google.com/swg/js/v1/swg.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 11:43:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 997
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/news-frontend
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1049
x-xss-protection: 0
last-modified: Mon, 16 Mar 2020 18:14:05 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="news-frontend"
vary: Accept-Encoding
report-to: {"group":"news-frontend","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/news-frontend"}]}
content-type: image/svg+xml
cache-control: public, max-age=3000
accept-ranges: bytes
expires: Mon, 13 Dec 2021 12:33:06 GMT

POST
H2 200 track
a.et.nytimes.com/ 0
0 167ms
167ms Ping
application/json 2a00:1450:4001:809::2013
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://a.et.nytimes.com/track
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:809::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.nytimes.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

GET
H2 200 tags.js Show response
dd.nytimes.com/ 223 KB
41 KB 86ms
10ms Script
text/javascript 143.204.209.60
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dd.nytimes.com/tags.js

Requested by

Host: t.co
URL: https://t.co/hEnRfZ0lBg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.209.60 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-209-60.fra53.r.cloudfront.net

Software

Apache /

Resource Hash

f2b4a00964fa4dd1a82d88defe013cd4001df72f037764ac619af0945e2e322e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=15768000
content-encoding: gzip
etag: "37b7b-5d2a557c6fb17-gzip"
age: 1508
x-cache: Hit from cloudfront
content-length: 41269
access-control-allow-origin: *
last-modified: Wed, 08 Dec 2021 16:54:27 GMT
server: Apache
date: Mon, 13 Dec 2021 11:34:43 GMT
vary: Accept-Encoding
content-type: text/javascript
via: 1.1 b073c20359d711b751afd124dda34076.cloudfront.net (CloudFront)
cache-control: max-age=3600, public
x-amz-cf-pop: FRA53-C1
accept-ranges: bytes
x-amz-cf-id: yFp9zjmuuzFNPh_up60VbL5Rs-whY5xGRAN_NVpRumXlvVoke45RQg==
expires: Mon, 13 Dec 2021 12:34:35 GMT

POST
H2 200 track
a.et.nytimes.com/ 0
0 138ms
138ms Ping
application/json 2a00:1450:4001:809::2013
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://a.et.nytimes.com/track
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:809::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.nytimes.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

GET
H2 200 entitlements Show response
news.google.com/swg/_/api/v1/publication/nytimes.com/ 2 B
575 B 106ms
105ms Fetch
application/json 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://news.google.com/swg/_/api/v1/publication/nytimes.com/entitlements

Requested by

Host: news.google.com
URL: https://news.google.com/swg/js/v1/swg.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/SubscribewithgoogleClientHttp/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: text/plain, application/json
Referer: https://www.nytimes.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 11:59:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="json.txt"; filename*=UTF-8''json.txt
strict-transport-security: max-age=31536000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin
x-frame-options: SAMEORIGIN
access-control-allow-methods: GET, POST
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.nytimes.com
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-security-policy: require-trusted-types-for 'script';report-uri /_/SubscribewithgoogleClientHttp/cspreport
expires: Mon, 01 Jan 1990 00:00:00 GMT

OPTIONS
H2 200 v2
samizdat-graphql.nytimes.com/graphql/ Frame 0
0 7ms
7ms Preflight 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://samizdat-graphql.nytimes.com/graphql/v2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: samizdat-graphql-bb8f425 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,nyt-app-type,nyt-app-version,nyt-token
Origin: https://www.nytimes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

cache-control: max-age=30
access-control-allow-methods: GET, POST
access-control-max-age: 300
x-datadog-trace-id: 3a20edd473189181-3c0bf5d594a2a63b-1
access-control-allow-headers: content-type, nyt-app-type, nyt-app-version, nyt-token
access-control-allow-origin: https://www.nytimes.com
server: samizdat-graphql-bb8f425
x-b3-traceid: 3a20edd473189181-3c0bf5d594a2a63b-1
access-control-allow-credentials: true
via: 1.1 google, 1.1 varnish
accept-ranges: bytes
date: Mon, 13 Dec 2021 11:59:44 GMT
age: 9
x-nyt-meridiem: PM
x-nyt-continent: EU
x-nyt-country: DE
x-nyt-region: BY
x-nyt-audience-target-flat: EU:PM
x-samizdat-query-exe-id: 8ba843b3215d2bd7
samizdat-x-instance: 3b2cc47d
samizdat-x-canary: false
x-served-by: cache-hhn4020-HHN
x-cache: HIT
x-cache-hits: 2
x-timer: S1639396784.151045,VS0,VE1
vary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers
timing-allow-origin: *
content-length: 0

OPTIONS
H2 200 v2
samizdat-graphql.nytimes.com/graphql/ Frame 0
0 8ms
8ms Preflight 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://samizdat-graphql.nytimes.com/graphql/v2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: samizdat-graphql-bb8f425 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,nyt-app-type,nyt-app-version,nyt-token
Origin: https://www.nytimes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

cache-control: max-age=30
access-control-allow-methods: GET, POST
access-control-max-age: 300
x-datadog-trace-id: 3a20edd473189181-3c0bf5d594a2a63b-1
access-control-allow-headers: content-type, nyt-app-type, nyt-app-version, nyt-token
access-control-allow-origin: https://www.nytimes.com
server: samizdat-graphql-bb8f425
x-b3-traceid: 3a20edd473189181-3c0bf5d594a2a63b-1
access-control-allow-credentials: true
via: 1.1 google, 1.1 varnish
accept-ranges: bytes
date: Mon, 13 Dec 2021 11:59:44 GMT
age: 9
x-nyt-meridiem: PM
x-nyt-continent: EU
x-nyt-country: DE
x-nyt-region: BY
x-nyt-audience-target-flat: EU:PM
x-samizdat-query-exe-id: b376d139e76edb0e
samizdat-x-instance: 3b2cc47d
samizdat-x-canary: false
x-served-by: cache-hhn4020-HHN
x-cache: HIT
x-cache-hits: 3
x-timer: S1639396784.167545,VS0,VE1
vary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers
timing-allow-origin: *
content-length: 0

OPTIONS
H2 200 v2
samizdat-graphql.nytimes.com/graphql/ Frame 0
0 7ms
7ms Preflight 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://samizdat-graphql.nytimes.com/graphql/v2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: samizdat-graphql-bb8f425 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,nyt-app-type,nyt-app-version,nyt-token
Origin: https://www.nytimes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

cache-control: max-age=30
access-control-allow-methods: GET, POST
access-control-max-age: 300
x-datadog-trace-id: 3a20edd473189181-3c0bf5d594a2a63b-1
access-control-allow-headers: content-type, nyt-app-type, nyt-app-version, nyt-token
access-control-allow-origin: https://www.nytimes.com
server: samizdat-graphql-bb8f425
x-b3-traceid: 3a20edd473189181-3c0bf5d594a2a63b-1
access-control-allow-credentials: true
via: 1.1 google, 1.1 varnish
accept-ranges: bytes
date: Mon, 13 Dec 2021 11:59:44 GMT
age: 9
x-nyt-meridiem: PM
x-nyt-continent: EU
x-nyt-country: DE
x-nyt-region: BY
x-nyt-audience-target-flat: EU:PM
x-samizdat-query-exe-id: b2a6927c34b8ae30
samizdat-x-instance: 3b2cc47d
samizdat-x-canary: false
x-served-by: cache-hhn4020-HHN
x-cache: HIT
x-cache-hits: 4
x-timer: S1639396784.200379,VS0,VE1
vary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers
timing-allow-origin: *
content-length: 0

POST
H2 200 v2 Show response
samizdat-graphql.nytimes.com/graphql/ 104 B
216 B 149ms
148ms XHR
application/json 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://samizdat-graphql.nytimes.com/graphql/v2
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/vi-assets/static-assets/main-3c7d1bf403a3e122d0a0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.1.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: samizdat-graphql-bb8f425 /
Resource Hash: b6c3cebe16410a231e7cce2f2377fc4f504b51e29b0c6e326b6779c41b1e94a0

Request headers

nyt-token: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs+/oUCTBmD/cLdmcecrnBMHiU/pxQCn2DDyaPKUOXxi4p0uUSZQzsuq1pJ1m5z1i0YGPd1U1OeGHAChWtqoxC7bFMCXcwnE1oyui9G1uobgpm1GdhtwkR7ta7akVTcsF8zxiXx7DNXIPd2nIJFH83rmkZueKrC4JVaNzjvD+Z03piLn5bHWU6+w+rA+kyJtGgZNTXKyPh6EC6o5N+rknNMG5+CdTq35p8f99WjFawSvYgP9V64kgckbTbtdJ6YhVP58TnuYgr12urtwnIqWP9KSJ1e5vmgf3tunMqWNm6+AnsqNj8mCLdCuc5cEB74CwUeQcP2HQQmbCddBy2y0mEwIDAQAB
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
nyt-app-type: project-vi
content-type: application/json
accept: */*
Referer: https://www.nytimes.com/
nyt-app-version: 0.0.5

Response headers

x-samizdat-query-sup-code
date: Mon, 13 Dec 2021 11:59:44 GMT
content-encoding: gzip
x-nyt-meridiem: PM
x-b3-traceid: 532e694a189305f4-3bfdcbe92425d346-1
x-cache: MISS
samizdat-x-instance: df17f327
x-samizdat-query-field-errors: 0
x-cache-hits: 0
x-samizdat-query-exe-id: c6de676467c048a9
via: 1.1 google, 1.1 varnish
samizdat-x-canary: false
x-nyt-region: BY
server: samizdat-graphql-bb8f425
x-timer: S1639396784.158714,VS0,VE142
x-nyt-continent: EU
x-served-by: cache-hhn4036-HHN
vary: Accept-Encoding, Samizdat-X-Personalize, x-nyt-is-anonymous, Origin
content-type: application/json
access-control-allow-origin: https://www.nytimes.com
x-nyt-audience-target-flat: EU:PM
cache-control: private, no-store
access-control-allow-credentials: true
x-nyt-country: DE
x-datadog-trace-id: 532e694a189305f4-3bfdcbe92425d346-1
accept-ranges: bytes
timing-allow-origin: *
access-control-expose-headers: x-nyt-audience-target-flat, x-nyt-continent, x-nyt-country, x-nyt-region, x-nyt-meridiem, x-nyt-gmt-offset

GET
H2 200 meter.js Show response
meter-svc.nytimes.com/ 649 B
1 KB 241ms
184ms XHR
application/json 35.241.35.241
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://meter-svc.nytimes.com/meter.js?sourceApp=vi&url=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-russia-bitcoin.html&referer=https%3A%2F%2Ft.co%2F&pageviewID=x-E64bIrQ0Uat7SadDwO1OXa
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/vi-assets/static-assets/main-3c7d1bf403a3e122d0a0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.35.241 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 241.35.241.35.bc.googleusercontent.com
Software: /
Resource Hash: 4142d2af7092b4bb722b1ecb413d58dad69806b08e6d4af909260acb2d9f33f6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 11:59:44 GMT
via: 1.1 google
access-control-allow-headers: DNT, X-CustomHeader, Keep-Alive, User-Agent, X-Requested-With, If-Modified-Since, Cache-Control, Content-Type, Cookie, Accept, x-requested-by, x-api-key, *
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, OPTIONS
content-type: application/json
access-control-allow-origin: https://www.nytimes.com
access-control-expose-headers: Set-Cookie
cache-control: private, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
alt-svc: clear
content-length: 649

POST
H2 200 v2 Show response
samizdat-graphql.nytimes.com/graphql/ 62 B
762 B 110ms
110ms XHR
application/json 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://samizdat-graphql.nytimes.com/graphql/v2
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/vi-assets/static-assets/main-3c7d1bf403a3e122d0a0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.1.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: samizdat-graphql-bb8f425 /
Resource Hash: 078a5d6e227e8d58076090356e2b36a3999c610e88ca735fe3eceeeb72a4477c

Request headers

nyt-token: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs+/oUCTBmD/cLdmcecrnBMHiU/pxQCn2DDyaPKUOXxi4p0uUSZQzsuq1pJ1m5z1i0YGPd1U1OeGHAChWtqoxC7bFMCXcwnE1oyui9G1uobgpm1GdhtwkR7ta7akVTcsF8zxiXx7DNXIPd2nIJFH83rmkZueKrC4JVaNzjvD+Z03piLn5bHWU6+w+rA+kyJtGgZNTXKyPh6EC6o5N+rknNMG5+CdTq35p8f99WjFawSvYgP9V64kgckbTbtdJ6YhVP58TnuYgr12urtwnIqWP9KSJ1e5vmgf3tunMqWNm6+AnsqNj8mCLdCuc5cEB74CwUeQcP2HQQmbCddBy2y0mEwIDAQAB
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
nyt-app-type: project-vi
content-type: application/json
accept: */*
Referer: https://www.nytimes.com/
nyt-app-version: 0.0.5

Response headers

x-samizdat-query-sup-code
date: Mon, 13 Dec 2021 11:59:44 GMT
content-encoding: gzip
x-nyt-meridiem: PM
x-b3-traceid: 532e694a189305f4-3bfdcbe92425d346-1
age: 0
x-cache: MISS
samizdat-x-instance: df17f327
x-samizdat-query-field-errors: 0
x-cache-hits: 0
x-samizdat-query-exe-id: b75ed10f8ad6aac1
content-length: 77
samizdat-x-canary: false
x-nyt-continent: EU
server: samizdat-graphql-bb8f425
x-timer: S1639396784.175379,VS0,VE104
x-nyt-region: BY
x-served-by: cache-hhn4036-HHN
vary: Accept-Encoding, Samizdat-X-Personalize, x-nyt-is-anonymous, Origin
content-type: application/json
via: 1.1 google, 1.1 varnish
x-nyt-audience-target-flat: EU:PM
cache-control: max-age=30
access-control-allow-credentials: true
x-nyt-country: DE
x-datadog-trace-id: 532e694a189305f4-3bfdcbe92425d346-1
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: https://www.nytimes.com
access-control-expose-headers: x-nyt-audience-target-flat, x-nyt-continent, x-nyt-country, x-nyt-region, x-nyt-meridiem, x-nyt-gmt-offset

POST
H2 200 v2 Show response
samizdat-graphql.nytimes.com/graphql/ 42 KB
7 KB 169ms
169ms XHR
application/json 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://samizdat-graphql.nytimes.com/graphql/v2
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/vi-assets/static-assets/main-3c7d1bf403a3e122d0a0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.1.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: samizdat-graphql-bb8f425 /
Resource Hash: 79cf7cca0db1ba5d1bc43af23c5d7271bc7bcec1e00b542020ea2dc7858ca826

Request headers

nyt-token: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs+/oUCTBmD/cLdmcecrnBMHiU/pxQCn2DDyaPKUOXxi4p0uUSZQzsuq1pJ1m5z1i0YGPd1U1OeGHAChWtqoxC7bFMCXcwnE1oyui9G1uobgpm1GdhtwkR7ta7akVTcsF8zxiXx7DNXIPd2nIJFH83rmkZueKrC4JVaNzjvD+Z03piLn5bHWU6+w+rA+kyJtGgZNTXKyPh6EC6o5N+rknNMG5+CdTq35p8f99WjFawSvYgP9V64kgckbTbtdJ6YhVP58TnuYgr12urtwnIqWP9KSJ1e5vmgf3tunMqWNm6+AnsqNj8mCLdCuc5cEB74CwUeQcP2HQQmbCddBy2y0mEwIDAQAB
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
nyt-app-type: project-vi
content-type: application/json
accept: */*
Referer: https://www.nytimes.com/
nyt-app-version: 0.0.5

Response headers

x-samizdat-query-sup-code
date: Mon, 13 Dec 2021 11:59:44 GMT
content-encoding: gzip
x-nyt-meridiem: PM
x-b3-traceid: 6de12e00b815f1e-2fbfd974c077fc4b-1
access-control-allow-origin: https://www.nytimes.com
x-cache: MISS
samizdat-x-instance: 98d0e726
x-samizdat-query-field-errors: 0
x-cache-hits: 0
x-samizdat-query-exe-id: 19f617e02c2813d7
samizdat-x-canary: false
x-nyt-continent: EU
last-modified: Mon, 13 Dec 2021 11:59:44 GMT
server: samizdat-graphql-bb8f425
x-timer: S1639396784.218006,VS0,VE152
x-nyt-region: BY
x-served-by: cache-hhn4036-HHN
vary: Accept-Encoding, Samizdat-X-Fastly-Unique-Id, Samizdat-X-Personalize, x-nyt-is-anonymous, Origin
content-type: application/json
via: 1.1 google, 1.1 varnish
x-nyt-audience-target-flat: EU:PM
cache-control: private, no-store
access-control-allow-credentials: true
x-nyt-country: DE
x-datadog-trace-id: 6de12e00b815f1e-2fbfd974c077fc4b-1
accept-ranges: bytes
timing-allow-origin: *
access-control-expose-headers: x-nyt-audience-target-flat, x-nyt-continent, x-nyt-country, x-nyt-region, x-nyt-meridiem, x-nyt-gmt-offset

GET
H2 200 comments-0a1dfd52672a062c8cc4.js Show response
www.nytimes.com/vi-assets/static-assets/ 50 KB
16 KB 10ms
10ms Script
application/javascript 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nytimes.com/vi-assets/static-assets/comments-0a1dfd52672a062c8cc4.js

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

fa62493565e278323699c3ad190faf7c068564196891e60af4ca1d4beb689e87

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=63072000; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-encoding: gzip
age: 1755320
x-guploader-uploadid: ADPycdt_PjY0frfBSRK_ZEeiKVluPUVxVr2y0nTBqXTj71k0cn9EjXbkNmDz_3pvBCrJdYs_BMGK2EGj4vpfXhRA75tmTYYv_Q
x-goog-stored-content-encoding: identity
x-origin-time: 2021-11-23 04:24:23 UTC
x-served-by: cache-hhn4036-HHN
x-timer: S1639396784.218422,VS0,VE1
etag: "904191d83172706539f75e99eca7012f"
vary: Accept-Encoding, Fastly-SSL
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/comments-0a1dfd52672a062c8cc4.js
content-type: application/javascript
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 10799
date: Mon, 13 Dec 2021 11:59:44 GMT
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
content-length: 14991
last-modified: Wed, 17 Nov 2021 18:05:44 GMT
server: UploadServer
strict-transport-security: max-age=63072000; preload
x-goog-hash: crc32c=Pu4Lkw==, md5=kEGR2DFycGU5916Z7KcBLw==
x-goog-generation: 1637172344771815
expires: Wed, 23 Nov 2022 04:24:23 GMT
x-gdpr: 1
x-goog-stored-content-length: 51109
accept-ranges: bytes

GET
H2 200 requestHandler Show response
www.nytimes.com/svc/community/V3/ 3 KB
3 KB 128ms
128ms Script
application/json 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nytimes.com/svc/community/V3/requestHandler?url=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-russia-bitcoin.html&cmd=GetCommentSummary&method=get&callback=jsonp_1639396784232_93155

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/vi-assets/static-assets/vendor-8773c5d4e22e0ef62be0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

40f69deed3d79f37aafa198fa69fc8fdd6a5e780d334b984d18768099ac8d235

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=63072000; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 11:59:44 GMT
vary: Accept-Encoding, Fastly-SSL
x-api-version: F-X
age: 0
x-cache: MISS
x-origin-time: 2021-12-13 11:59:44 UTC
x-served-by: cache-hhn4036-HHN
server: nginx
x-timer: S1639396784.236091,VS0,VE120
strict-transport-security: max-age=63072000; preload
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/svc/community/V3/requestHandler?callback=<esi:include%20src="/esi/jsonp-callback"/>&cmd=GetCommentSummary&method=get&url=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-russia-bitcoin.html
content-type: application/json
x-gdpr: 1
access-control-allow-credentials: true
x-nyt-route: community-svc-cacheable
content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
x-nyt-edge-cache: MISS
x-nyt-app-webview: 0
x-cache-hits: 0

GET
H2 200 purr-cache
purr.nytimes.com/v1/ 0
0 699ms
594ms Fetch
text/html 2a00:1450:4001:809::2013
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://purr.nytimes.com/v1/purr-cache
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/vi-assets/static-assets/main-3c7d1bf403a3e122d0a0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:809::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 11:59:44 GMT
server: Google Frontend
vary: Origin
content-type: text/html
access-control-allow-origin: https://www.nytimes.com
x-cloud-trace-context: 53bbc20bd4cac79ef80d81edb7b4902b
cache-control: private
access-control-allow-credentials: true
content-length: 0
expires: Mon, 13 Dec 2021 11:59:44 GMT

GET
H2 200 data-layer Show response
a.nytimes.com/svc/nyt/ 2 KB
2 KB 288ms
187ms XHR
application/json 2a00:1450:4001:809::2013
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://a.nytimes.com/svc/nyt/data-layer?sourceApp=nyt-vi&caller_id=nyt-vi&referrer=https%3A%2F%2Ft.co%2F&assetUrl=http%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-russia-bitcoin.html&jkcb=1639396784235
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/vi-assets/static-assets/main-3c7d1bf403a3e122d0a0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:809::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: b45fdb69078249f3ead41d9bd124dd3bb1f49f67ad36e50c9c045365249dd4ee

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 11:59:44 GMT
content-encoding: gzip
x-appengine-log-flush-count: 1
server: Google Frontend
vary: Accept-Encoding
access-control-allow-methods: GET, PUT, POST, DELETE, OPTIONS
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.nytimes.com
x-cloud-trace-context: beb06accf2f5bdb1c30119a0b0cff11f
cache-control: private
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, x-requested-by, *
content-length: 1076
expires: Mon, 13 Dec 2021 11:59:44 GMT

POST
H2 200 track
a.et.nytimes.com/ 0
0 133ms
133ms Ping
application/json 2a00:1450:4001:809::2013
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://a.et.nytimes.com/track
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:809::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.nytimes.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

GET
H2 200 franklin-normal-600.abe1b34d5a429f8e034860c86c483446.woff2
g1.nyt.com/fonts/family/franklin/ 20 KB
20 KB 12ms
12ms Font
application/octet-stream 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://g1.nyt.com/fonts/family/franklin/franklin-normal-600.abe1b34d5a429f8e034860c86c483446.woff2
Requested by: Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.b1c035e4560e0216caf8f03326e0430712b61041.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 382754535c8544a1771a47b0f27d04402334c75c0b83cb0b18d88b20e271e3ab

Request headers

Referer: https://g1.nyt.com/fonts/css/web-fonts.b1c035e4560e0216caf8f03326e0430712b61041.css
Origin: https://www.nytimes.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-goog-hash: crc32c=JJVCDg==, md5=q+GzTVpCn44DSGDIbEg0Rg==
date: Mon, 13 Dec 2021 11:59:44 GMT
via: 1.1 varnish
content-type: application/octet-stream
age: 1071224
x-guploader-uploadid: ADPycdvzcCfEtq6rQhQ7OVo_LbiYueAWtyvuoFYYxbGS147rQEL_tM0YbGPlwl3lsdxJCn0D8gc3sdeMM1OKD6NzCi8
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 20212
x-served-by: cache-hhn4080-HHN
accept-ranges: bytes
expires: Thu, 01 Dec 2022 02:26:00 GMT
last-modified: Wed, 15 Sep 2021 19:43:04 GMT
server: UploadServer
x-timer: S1639396785.630285,VS0,VE0
etag: "abe1b34d5a429f8e034860c86c483446"
access-control-allow-methods: GET, OPTIONS
x-goog-generation: 1631734984010934
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
x-goog-stored-content-length: 20212
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 4955

GET
H2 200 merlin_198332982_0442fcf8-e449-45ac-b338-7b1b80d1993c-superJumbo.jpg
static01.nyt.com/images/2021/12/02/world/00russia-crypto-02/ 346 KB
346 KB 10ms
10ms Image
image/webp 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static01.nyt.com/images/2021/12/02/world/00russia-crypto-02/merlin_198332982_0442fcf8-e449-45ac-b338-7b1b80d1993c-superJumbo.jpg?quality=75&auto=webp
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.1.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 52626d4fd13a1b43d6ac2bf38df0aa331038b36fd5fcf283234645aef88ce7d5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 11:59:44 GMT
via: 1.1 varnish, 1.1 varnish
age: 6576
x-guploader-uploadid: ADPycdsrFbhKHRPbZkIllfOfagtj2jW7HWifC_2_oeqy8oITV2DU1qYiAgzNRukz_YkCXS1UwmN3Kund6x7TxOJNbQ
x-cache: MISS, HIT
fastly-io-info: ifsz=758311 idim=2048x1365 ifmt=jpeg ofsz=353986 odim=2048x1365 ofmt=webp
x-goog-storage-class: MULTI_REGIONAL
fastly-stats: io=1
content-length: 353986
x-served-by: cache-bwi5121-BWI, cache-hhn4036-HHN
x-nyt-gcs-bucket: cms-gke-prd-publish-images-storage
server: UploadServer
x-timer: S1639396785.635173,VS0,VE2
etag: "XHlbDHs7m/2KRGh8cq5M8QWvFKYgKPifLwudJw9hZ7c"
vary: Accept
x-goog-hash: crc32c=WLpwQw==, md5=Rd2FU+FZLjIKCrFfKw5ApA==
content-type: image/webp
access-control-allow-origin: *
expires: Mon, 06 Dec 2021 10:03:21 GMT
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 0, 1

POST
H3 204 cspreport
news.google.com/_/SubscribewithgoogleClientUi/ Frame F9BC 0
22 B 93ms
93ms Other
text/html 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://news.google.com/_/SubscribewithgoogleClientUi/cspreport

Requested by

Host: t.co
URL: https://t.co/hEnRfZ0lBg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-WmfRicaeTNOZOVoAoOUOFQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/SubscribewithgoogleClientUi/cspreport;worker-src 'self', script-src 'nonce-WmfRicaeTNOZOVoAoOUOFQ' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com;report-uri /_/SubscribewithgoogleClientUi/cspreport, require-trusted-types-for 'script';report-uri /_/SubscribewithgoogleClientUi/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://news.google.com/swg/_/ui/v1/serviceiframe?_=455387
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: application/csp-report

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 11:59:44 GMT
x-content-type-options: nosniff
server: ESF
x-frame-options: SAMEORIGIN
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'report-sample' 'nonce-WmfRicaeTNOZOVoAoOUOFQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/SubscribewithgoogleClientUi/cspreport;worker-src 'self', script-src 'nonce-WmfRicaeTNOZOVoAoOUOFQ' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com;report-uri /_/SubscribewithgoogleClientUi/cspreport, require-trusted-types-for 'script';report-uri /_/SubscribewithgoogleClientUi/cspreport
strict-transport-security: max-age=31536000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H2 200 track
a.et.nytimes.com/ 0
0 138ms
137ms Ping
application/json 2a00:1450:4001:809::2013
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://a.et.nytimes.com/track
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:809::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.nytimes.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

POST
H2 200 track
a.et.nytimes.com/ 0
0 128ms
128ms Ping
application/json 2a00:1450:4001:809::2013
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://a.et.nytimes.com/track
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:809::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.nytimes.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

POST
H2 200 track
a.et.nytimes.com/ 0
0 129ms
129ms Ping
application/json 2a00:1450:4001:809::2013
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://a.et.nytimes.com/track
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:809::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.nytimes.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

POST
H2 200 track
a.et.nytimes.com/ 0
0 132ms
132ms Ping
application/json 2a00:1450:4001:809::2013
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://a.et.nytimes.com/track
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:809::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.nytimes.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 133ms
46ms Script
application/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.nytimes.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 13 Dec 2021 11:59:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 133ms
46ms Script
application/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.nytimes.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 13 Dec 2021 11:59:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 21 KB
10 KB 250ms
250ms XHR
text/plain 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4017473846007474&correlator=2654434420631262&output=ldjh&impl=fif&eid=44755510&vrg=2021120601&ptt=17&npa=1&sc=1&sfv=1-0-38&ecs=20211213&iu_parts=29390238%2Cnyt%2Cworld%2Ceurope&enc_prev_ius=%2F0%2F1%2F2%2F3&prev_iu_szs=320x50%7C728x90%7C970x90%7C970x250%7C1605x300&fluid=height&prev_scp=div%3Dtop%26pos%3Dtop%26request_time%3D1517&cust_params=cookie%3Dprivate%26als_test_clientside%3Dweb_none_none_none_v3-1-18.437987937808554773_20211213115943%26mktg%3Dadv_1%252Cengagement_0%252Ctype_anon%252Cckgf%252Cdiggf%252Cfrmckf%252Cfrmcoref%252Cfrmeduf%252Cfrmhdf%252Cfrmxwf%252Cgatef%252Cgifteef%252Cgifterf%252Coptf%252Cxwgf%252Clogf%252Cabf%26sub%3Danon%26edn%3Dus%26test%3Dprojectvi%26ver%3Dvi%26template%3Darticle%26hasVideo%3Dfalse%26vp%3Dlarge%26als_test%3D1639390205441%26prop%3Dnyt%26plat%3Dweb%26brandsensitive%3Dfalse%26org%3Dfederationtowersmoscowrussia%26geo%3Dmoscowrussia%252Crussia%26des%3Dcomputersecurity%252Cvirtualcurrency%252Cextortionandblackmail%252Cpoliticsandgovernment%252Ccyberwarfareanddefense%252Ccyberattacksandhackers%252Cunitedstatesinternationalrelat%26auth%3Dandrewekramer%26coll%3Dworldnews%252Ceurope%26artlen%3Dmedium%26ledemedsz%3Dnone%26typ%3Dart%26section%3Dworld%26si_section%3Dworld%26id%3D100000008088026%26pt%3Dnt10%252Cnt12%252Cnt13%252Cnt14%252Cnt15%252Cnt16%252Cnt17%252Cnt18%252Cnt2%252Cnt21%252Cnt3%252Cnt6%252Cnt8%252Cnt9%252Cpt11%26gscat%3Dneg_ibmtest%252Cneg_citi_aa%252Cneg_mastercard%252Cneg_capitalone%252Cneg_ibm%252Cneg_ms_safe%252Cneg_google%252Cneg_chanel%252Cneg_hearts%252Cneg_mtb%252Cneg_orep%252Cneg_bofa%252Cneg_bp%252Cneg_cathay%252Cgs_tech_computing%252Cgs_tech%252Cneg_mktg_safe_q4_2019%252Cgv_crime%252Cggl_wrk_collab%252Cgs_business%252Cneg_msft%252Cgs_economy%252Cgs_economy_misc%252Cgs_politics_misc%252Cgs_business_misc%252Cgs_business_energy%252Cgs_t%26tt%3D5%26mt%3DMT3%252CMT7%26abra_dfp%3Ddfp_disp_incr_1_test%252Cdfp_als_home_1_als%252Cdfp_adslot4v2_1_external%252Cmkt_dfp_hd_paywall_zip_0_control%252Cdfp_als_1_als%252Cdfp_messaging_flexframe_ctr_0_control%26sov%3D3%26page_view_id%3Dx-E64bIrQ0Uat7SadDwO1OXa%26uap%3Dbrowser%26aid%3D6kCoXhmVSCId28dnSy57eB%26purr%3Dnpa%26bt%3D%26typ_materials%3D%2523news%2523&cookie_enabled=1&bc=31&abxe=1&lmt=1639390205&dt=1639396784772&dlt=1639396783223&idt=1505&frm=20&biw=1600&bih=1200&oid=2&adxs=0&adys=76&adks=1524529580&ucis=1&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-russia-bitcoin.html&ref=https%3A%2F%2Ft.co%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1600x90&msz=1600x0&ga_vid=967870906.1639396785&ga_sid=1639396785&ga_hid=565540462&ga_fc=false&fws=4&ohw=1600&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

aea4c0a69a5031a72beb36f9a490e636e4ec963c9641bafc7115d332ec92467d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 11:59:44 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9720
x-xss-protection: 0
google-lineitem-id: 5574462643
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138335725231
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.nytimes.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 435 B
260 B 241ms
241ms XHR
text/plain 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4017473846007474&correlator=2654434420631262&output=ldjh&impl=fif&eid=44755510&vrg=2021120601&ptt=17&npa=1&sc=1&sfv=1-0-38&ecs=20211213&iu_parts=29390238%2Cnyt%2Cworld%2Ceurope&enc_prev_ius=%2F0%2F1%2F2%2F3&prev_iu_szs=150x50&prev_scp=div%3Dsponsor%26pos%3Dsponsor%26request_time%3D1519&cust_params=cookie%3Dprivate%26als_test_clientside%3Dweb_none_none_none_v3-1-18.437987937808554773_20211213115943%26mktg%3Dadv_1%252Cengagement_0%252Ctype_anon%252Cckgf%252Cdiggf%252Cfrmckf%252Cfrmcoref%252Cfrmeduf%252Cfrmhdf%252Cfrmxwf%252Cgatef%252Cgifteef%252Cgifterf%252Coptf%252Cxwgf%252Clogf%252Cabf%26sub%3Danon%26edn%3Dus%26test%3Dprojectvi%26ver%3Dvi%26template%3Darticle%26hasVideo%3Dfalse%26vp%3Dlarge%26als_test%3D1639390205441%26prop%3Dnyt%26plat%3Dweb%26brandsensitive%3Dfalse%26org%3Dfederationtowersmoscowrussia%26geo%3Dmoscowrussia%252Crussia%26des%3Dcomputersecurity%252Cvirtualcurrency%252Cextortionandblackmail%252Cpoliticsandgovernment%252Ccyberwarfareanddefense%252Ccyberattacksandhackers%252Cunitedstatesinternationalrelat%26auth%3Dandrewekramer%26coll%3Dworldnews%252Ceurope%26artlen%3Dmedium%26ledemedsz%3Dnone%26typ%3Dart%26section%3Dworld%26si_section%3Dworld%26id%3D100000008088026%26pt%3Dnt10%252Cnt12%252Cnt13%252Cnt14%252Cnt15%252Cnt16%252Cnt17%252Cnt18%252Cnt2%252Cnt21%252Cnt3%252Cnt6%252Cnt8%252Cnt9%252Cpt11%26gscat%3Dneg_ibmtest%252Cneg_citi_aa%252Cneg_mastercard%252Cneg_capitalone%252Cneg_ibm%252Cneg_ms_safe%252Cneg_google%252Cneg_chanel%252Cneg_hearts%252Cneg_mtb%252Cneg_orep%252Cneg_bofa%252Cneg_bp%252Cneg_cathay%252Cgs_tech_computing%252Cgs_tech%252Cneg_mktg_safe_q4_2019%252Cgv_crime%252Cggl_wrk_collab%252Cgs_business%252Cneg_msft%252Cgs_economy%252Cgs_economy_misc%252Cgs_politics_misc%252Cgs_business_misc%252Cgs_business_energy%252Cgs_t%26tt%3D5%26mt%3DMT3%252CMT7%26abra_dfp%3Ddfp_disp_incr_1_test%252Cdfp_als_home_1_als%252Cdfp_adslot4v2_1_external%252Cmkt_dfp_hd_paywall_zip_0_control%252Cdfp_als_1_als%252Cdfp_messaging_flexframe_ctr_0_control%26sov%3D3%26page_view_id%3Dx-E64bIrQ0Uat7SadDwO1OXa%26uap%3Dbrowser%26aid%3D6kCoXhmVSCId28dnSy57eB%26purr%3Dnpa%26bt%3D%26typ_materials%3D%2523news%2523&cookie_enabled=1&bc=31&abxe=1&lmt=1639390205&dt=1639396784777&dlt=1639396783223&idt=1505&frm=20&biw=1600&bih=1200&oid=2&adxs=-12245933&adys=-12245933&adks=3020965484&ucis=2&ifi=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-russia-bitcoin.html&ref=https%3A%2F%2Ft.co%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=150x16&msz=0x0&ga_vid=967870906.1639396785&ga_sid=1639396785&ga_hid=565540462&ga_fc=false&fws=132&ohw=1600&btvi=-1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

10f51ec4f0a98cd1d62c5683cfd1a301a50ad9160e65567c41116a3735066590

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 11:59:44 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 230
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.nytimes.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
d7f8afbfe0cd30279dccb3cfbd3c8c42.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame F5F9 6 KB
4 KB 144ms
46ms Document
text/html 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://d7f8afbfe0cd30279dccb3cfbd3c8c42.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Mon, 13 Dec 2021 11:59:44 GMT
expires: Tue, 13 Dec 2022 11:59:44 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 swg-button.css
news.google.com/swg/js/v1/ Frame F9BC 21 KB
6 KB 40ms
40ms Stylesheet
text/css 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://news.google.com/swg/js/v1/swg-button.css

Requested by

Host: news.google.com
URL: https://news.google.com/swg/_/ui/v1/serviceiframe?_=455387

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

128921b242c2b1953c2a1691cfd681f716ecbe620ec1a2424a644b9487c23760

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://news.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 11:42:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1018
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/news-frontend
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6439
x-xss-protection: 0
last-modified: Wed, 03 Nov 2021 17:26:21 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="news-frontend"
vary: Accept-Encoding
report-to: {"group":"news-frontend","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/news-frontend"}]}
content-type: text/css
cache-control: public, max-age=3000
accept-ranges: bytes
expires: Mon, 13 Dec 2021 12:32:46 GMT

GET
H2 200 m=_b,_tp Show response
www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.4eSN_71pnvk.es5.O/am=AgAI/d=1/excm=_b,_tp,serviceiframeview/ed=1/dg=0/wt=2/esmo=1/rs=ABXT... Frame F9BC 160 KB
57 KB 127ms
40ms Script
text/javascript 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.4eSN_71pnvk.es5.O/am=AgAI/d=1/excm=_b,_tp,serviceiframeview/ed=1/dg=0/wt=2/esmo=1/rs=ABXTjI5L3LLXZ0Fgis6GByEmucK6c1cajA/m=_b,_tp

Requested by

Host: news.google.com
URL: https://news.google.com/swg/_/ui/v1/serviceiframe?_=455387

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

16eac1eb2aae66e8bab630958963fabc35cff3ca7935d724c0de9c5ab32299c4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://news.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 16:46:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 328404
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/subscribewithgoogle-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 57574
x-xss-protection: 0
last-modified: Thu, 09 Dec 2021 02:53:28 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/subscribewithgoogle-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/subscribewithgoogle-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="boq-infra/subscribewithgoogle-boq-js-css-signers"
expires: Fri, 09 Dec 2022 16:46:20 GMT

GET
H/1.1 200
OK config.json Show response
c.go-mpulse.net/api/ 6 KB
2 KB 247ms
211ms XHR
application/json 2a02:26f0:6c00:1bb::11a6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.go-mpulse.net/api/config.json?key=ATH8A-MAMN8-XPXCH-N5KAX-8D239&d=www.nytimes.com&t=5464656&v=1.720.0&sl=0&si=3b5ed62b-0d9e-4ae2-abdc-b623da11881f-r41ynj&plugins=ConfigOverride,Continuity,PageParams,IFrameDelay,AutoXHR,SPA,History,Angular,Backbone,Ember,RT,CrossDomain,BW,PaintTiming,NavigationTiming,ResourceTiming,Memory,CACHE_RELOAD,Errors,TPAnalytics,UserTiming,Akamai,Early,EventTiming,LOGN&acao=
Requested by: Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/ATH8A-MAMN8-XPXCH-N5KAX-8D239
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:6c00:1bb::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 8120836e74f96cd2d68bd50fb40a7d6757706a50bfc5239fba90e18eab6666de

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Mon, 13 Dec 2021 11:59:45 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: private, max-age=300, stale-while-revalidate=60, stale-if-error=120
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 1504

GET
H2 200 / Show response
mwcm.nytimes.com/capi/metered_assets/ 74 KB
15 KB 889ms
881ms Fetch
application/json 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://mwcm.nytimes.com/capi/metered_assets/?plat=web&mc=0&mr=1&ma=1&counted=false&granted=false&gwtype=PAYWALL&us=anon&context-type=&assettype=timebound&areas=barOne&areas=dock&areas=inlineUnit&areas=truncator&areas=gateway
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/vi-assets/static-assets/main-3c7d1bf403a3e122d0a0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.1.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: 2baf56bae11b995d7324ebc2c565fc5c926fa1ec45cc935fbefc2ce3c8b1c99c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 11:59:45 GMT
content-encoding: gzip
access-control-allow-origin: https://www.nytimes.com
x-cache: MISS
x-served-by: cache-hhn4036-HHN
expires: Mon, 13 Dec 2021 11:59:45 GMT
server: Google Frontend
x-cmots-campaign-names: {"barOne":"MAG_web_nonsub_all_monthly-sale","dock":"MAG_web_all_Monthly-Sale-dock","gateway":"MAG_web_nonsub_all_monthly-sale","inlineUnit":"MAG_web_nonsub_all_monthly-sale","truncator":"MAG-web_all_non-mobile-all_welcome-killset"}
x-timer: S1639396785.898404,VS0,VE841
vary: x-nyt-user-status, x-nyt-country, x-nyt-continent, x-nyt-device, X-NYT-Currency, x-nyt-ipsegments-edu-b2b, x-nyt-last-known-type, Accept-Encoding, Fastly-SSL, Origin
access-control-allow-methods: GET, PUT, POST, DELETE, OPTIONS
content-type: application/json; charset=utf-8
via: 1.1 varnish
x-cloud-trace-context: e63829055d912c00166532af9cb747e5
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-nyt-route: mwcm-muassets
accept-ranges: bytes
access-control-allow-headers: Content-Type, x-requested-by, *
x-cache-hits: 0

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 125ms
39ms Script
text/javascript 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P528B3&gtm_auth=tfAzqo1rYDLgYhmTnSjPqw&gtm_preview=env-130&gtm_cookies_win=x

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 1491
date: Mon, 13 Dec 2021 11:34:54 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Mon, 13 Dec 2021 13:34:54 GMT

GET
H3

200

activityi;dc_pre=COCelPjc4PQCFciZGwodV5oO9w;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=465599704594;gtm=2wgc10;auiddc=1599891822.1639396785;u17=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fwo... Show response
5290727.fls.doubleclick.net/ Frame 783C
Redirect Chain

https://5290727.fls.doubleclick.net/activityi;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=465599704594;gtm=2wgc10;auiddc=1599891822.1639396785;u17=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2F...
https://5290727.fls.doubleclick.net/activityi;dc_pre=COCelPjc4PQCFciZGwodV5oO9w;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=465599704594;gtm=2wgc10;auiddc=1599891822.1639396785;u17=https%3A%2F%2Fw...

566 B
408 B

106ms
59ms

Document
text/html

142.250.185.230
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://5290727.fls.doubleclick.net/activityi;dc_pre=COCelPjc4PQCFciZGwodV5oO9w;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=465599704594;gtm=2wgc10;auiddc=1599891822.1639396785;u17=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-russia-bitcoin.html;ps=1;~oref=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-russia-bitcoin.html?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P528B3&gtm_auth=tfAzqo1rYDLgYhmTnSjPqw&gtm_preview=env-130&gtm_cookies_win=x

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.230 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f6.1e100.net

Software

cafe /

Resource Hash

2f5d546bccb6374ad954bfdb8570732acfa4ff863ac746d3211a98cd07163b53

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: about:blank

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 13 Dec 2021 11:59:45 GMT
expires: Mon, 13 Dec 2021 11:59:45 GMT
cache-control: private, max-age=0
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 383
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 13 Dec 2021 11:59:45 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
strict-transport-security: max-age=21600
location: https://5290727.fls.doubleclick.net/activityi;dc_pre=COCelPjc4PQCFciZGwodV5oO9w;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=465599704594;gtm=2wgc10;auiddc=1599891822.1639396785;u17=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-russia-bitcoin.html;ps=1;~oref=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-russia-bitcoin.html?
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 chartbeat.js Show response
static.chartbeat.com/js/ 36 KB
14 KB 73ms
8ms Script
application/x-javascript 2600:9000:2057:a800:18:1fcd:34f:cdc1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.chartbeat.com/js/chartbeat.js
Requested by: Host: t.co
URL: https://t.co/hEnRfZ0lBg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:a800:18:1fcd:34f:cdc1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: e2c28f3e8b6a2e5170859e67cff3e8240e6b888d02005306ef3d2129f5cbd74c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 11:07:11 GMT
content-encoding: gzip
last-modified: Thu, 28 Oct 2021 00:27:20 GMT
server: nginx
age: 3154
etag: W/"6179ee68-8e96"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/x-javascript
via: 1.1 87b272b7d9b97f38da15c91c833c3292.cloudfront.net (CloudFront)
cache-control: max-age=7200
cross-origin-resource-policy: cross-origin
x-amz-cf-pop: FRA6-C1
x-amz-cf-id: PHc_SJfg6iBhPBQv7ILoAyhmG-MM0gW9yB0Ylygo6UHDXdVNRBBVSQ==
expires: Mon, 13 Dec 2021 13:07:11 GMT

GET
H2 200 show-ads.js Show response
a1.nyt.com/analytics/ 45 B
629 B 16ms
8ms Script
application/javascript 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://a1.nyt.com/analytics/show-ads.js
Requested by: Host: t.co
URL: https://t.co/hEnRfZ0lBg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.1.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 8aa1e610b22079cb84a89491850b86860036e3f2c9750a367d839b9a6a63d306

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-goog-hash: crc32c=nM1/Pw==, md5=HSkdp5JFa9AVtmTuERml4A==
date: Mon, 13 Dec 2021 11:59:44 GMT
content-encoding: gzip
content-type: application/javascript
age: 25787
x-guploader-uploadid: ADPycdsibVoXQmfd_2bN94DYNLqt1DJtInYzNKiC2H0RY7L8wwJ89rTfbLZTZZzJ0YQC7bfkadEVWDLh0sGiDYJJaQ
x-cache: HIT
x-goog-storage-class: REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
content-length: 65
via: 1.1 varnish
x-served-by: cache-hhn4036-HHN
accept-ranges: bytes
expires: Mon, 23 Aug 2021 07:13:52 GMT
last-modified: Thu, 17 Dec 2020 21:19:35 GMT
server: UploadServer
x-timer: S1639396785.958886,VS0,VE0
etag: "1d291da792456bd015b664ee1119a5e0"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
x-goog-generation: 1608239975905841
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public,max-age=86400
x-goog-stored-content-length: 45
x-nyt-pagetype: nyt-dti-analytic
timing-allow-origin: *
x-cache-hits: 884

POST
H2 200 track
a.et.nytimes.com/ 0
0 144ms
143ms Ping
application/json 2a00:1450:4001:809::2013
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://a.et.nytimes.com/track
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:809::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.nytimes.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

GET
H2 200 activityi;register_conversion=1;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=465599704594;gtm=2wgc10;auiddc=1599891822.1639396785;u17=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope...
5290727.fls.doubleclick.net/ 0
0 150ms
48ms Image
text/html 142.250.185.230
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://5290727.fls.doubleclick.net/activityi;register_conversion=1;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=465599704594;gtm=2wgc10;auiddc=1599891822.1639396785;u17=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-russia-bitcoin.html;ps=1;~oref=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-russia-bitcoin.html?
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.250.185.230 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s53-in-f6.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

GET
H2 200 /
insight.adsrvr.org/track/pxl/ 70 B
261 B 115ms
35ms Image
image/gif 3.33.220.150
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://insight.adsrvr.org/track/pxl/?adv=bomn82o&ct=0:s2f54xh&fmt=3&ttl=43200&gtmcb=1595042057
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.33.220.150 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 11:59:45 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

POST
H2 200 / Show response
dd.nytimes.com/js/ 232 B
565 B 39ms
22ms XHR
application/json 143.204.209.60
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dd.nytimes.com/js/
Requested by: Host: dd.nytimes.com
URL: https://dd.nytimes.com/tags.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.209.60 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-209-60.fra53.r.cloudfront.net
Software: DataDome /
Resource Hash: b02c669cd6cf720664d426f5290182289d027972a6324725019a83b20b97ca69

Request headers

Referer: https://www.nytimes.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 11:59:44 GMT
via: 1.1 8d31bbd9d6638cdacab37047b8045da4.cloudfront.net (CloudFront)
server: DataDome
x-amz-cf-pop: FRA53-C1
x-cache: Miss from cloudfront
content-type: application/json;charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
content-length: 232
x-amz-cf-id: 6DHYItBNx1w8VGkpYKYlDucRyMYiiAPZsJQTSITsi8E0Ctb5cE70MA==
expires: 0

POST
H2 200 track
a.et.nytimes.com/ 0
0 135ms
135ms Ping
application/json 2a00:1450:4001:809::2013
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://a.et.nytimes.com/track
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:809::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.nytimes.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame F9BC 15 KB
16 KB 123ms
39ms Font
font/woff2 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: news.google.com
URL: https://news.google.com/swg/_/ui/v1/serviceiframe?_=455387

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://news.google.com/
Origin: https://news.google.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 07 Dec 2021 11:18:05 GMT
x-content-type-options: nosniff
age: 520900
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 07 Dec 2022 11:18:05 GMT

GET
H3 200 m=byfTOb,lsjVmc,LEikZe Show response
www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.4eSN_71pnvk.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.uewZWcn_Cs4.L.B1... Frame F9BC 37 KB
13 KB 87ms
40ms Script
text/javascript 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.4eSN_71pnvk.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.uewZWcn_Cs4.L.B1.O/am=AgAI/d=1/exm=_b,_tp/excm=_b,_tp,serviceiframeview/esmo=1/ed=1/wt=2/rs=ABXTjI5kfIQ74-8tGq-F-HAdYZnSquv4Qw/ee=cEt90b:ws9Tlc;uY49fb:COQbmf;Oj465e:KG2eXe;yxTchf:KUM7Z;qddgKe:xQtZb;wR5FRb:O1Gjze;iFQyKf:vfuNJf;dIoSBb:SpsfSb;NPKaK:SdcwHb;LBgRLc:SdcwHb;zxnPse:GkRiKb;NSEoX:lazG7b;nAFL3:NTMZac;oGtAuc:sOXFj;eBAeSb:zbML3c;io8t5d:yDVVkb;j7137d:KG2eXe;ul9GGd:JrBFQb;sP4Vbe:VwDzFe;kMFpHd:blwjVc;pXdRYb:MdUzUe;SNUn3:ZwDk9d/m=byfTOb,lsjVmc,LEikZe

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.4eSN_71pnvk.es5.O/am=AgAI/d=1/excm=_b,_tp,serviceiframeview/ed=1/dg=0/wt=2/esmo=1/rs=ABXTjI5L3LLXZ0Fgis6GByEmucK6c1cajA/m=_b,_tp

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

68414970e5ebeed5b7e4c413985c9e66ff415c493afc4bf8e64ed24467a14344

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://news.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 16:48:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 328264
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/subscribewithgoogle-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13600
x-xss-protection: 0
last-modified: Thu, 09 Dec 2021 00:01:46 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/subscribewithgoogle-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/subscribewithgoogle-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="boq-infra/subscribewithgoogle-boq-js-css-signers"
expires: Fri, 09 Dec 2022 16:48:41 GMT

GET
H3 200 m=xUdipf,blwjVc,fKUV3e,aurFic,ws9Tlc,COQbmf,U0aPgd,zG9H6c,NwH0H,OmgaI,gychg,lfpdyf,ZfAoz,PQaYAf,lPKSwe,yDVVkb,KG2eXe,DfBslb Show response
www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.4eSN_71pnvk.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.uewZWcn_Cs4.L.B1... Frame F9BC 102 KB
35 KB 86ms
44ms Script
text/javascript 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.4eSN_71pnvk.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.uewZWcn_Cs4.L.B1.O/am=AgAI/d=1/exm=LEikZe,_b,_tp,byfTOb,lsjVmc/excm=_b,_tp,serviceiframeview/esmo=1/ed=1/wt=2/rs=ABXTjI5kfIQ74-8tGq-F-HAdYZnSquv4Qw/ee=cEt90b:ws9Tlc;uY49fb:COQbmf;Oj465e:KG2eXe;yxTchf:KUM7Z;qddgKe:xQtZb;wR5FRb:O1Gjze;iFQyKf:vfuNJf;dIoSBb:SpsfSb;NPKaK:SdcwHb;LBgRLc:SdcwHb;zxnPse:GkRiKb;NSEoX:lazG7b;nAFL3:NTMZac;oGtAuc:sOXFj;eBAeSb:zbML3c;io8t5d:yDVVkb;j7137d:KG2eXe;ul9GGd:JrBFQb;sP4Vbe:VwDzFe;kMFpHd:blwjVc;pXdRYb:MdUzUe;SNUn3:ZwDk9d/m=xUdipf,blwjVc,fKUV3e,aurFic,ws9Tlc,COQbmf,U0aPgd,zG9H6c,NwH0H,OmgaI,gychg,lfpdyf,ZfAoz,PQaYAf,lPKSwe,yDVVkb,KG2eXe,DfBslb

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

13cad5d2aa60f7e2ed1c5439addc8a741567b8289801208e1c55024b22e0d5b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://news.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 16:48:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 328264
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/subscribewithgoogle-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35580
x-xss-protection: 0
last-modified: Thu, 09 Dec 2021 00:01:46 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/subscribewithgoogle-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/subscribewithgoogle-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="boq-infra/subscribewithgoogle-boq-js-css-signers"
expires: Fri, 09 Dec 2022 16:48:41 GMT

GET
H3 200 container.html Show response
d7f8afbfe0cd30279dccb3cfbd3c8c42.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 2AB2 6 KB
3 KB 88ms
40ms Document
text/html 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://d7f8afbfe0cd30279dccb3cfbd3c8c42.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Mon, 13 Dec 2021 11:59:44 GMT
expires: Tue, 13 Dec 2022 11:59:44 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 ping
pnytimes.chartbeat.net/ 43 B
201 B 308ms
100ms Image
image/gif 3.232.21.183
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pnytimes.chartbeat.net/ping?h=nytimes.com&p=nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-russia-bitcoin.html&u=CsJM0G2wzJUDRKiiU&d=nytimes.com&g=16698&g0=world%2CEurope%2Cinternational_desk&g1=Andrew%20E.%20Kramer&n=1&f=00001&c=0&x=0&m=0&y=1200&o=1600&w=1200&j=45&R=1&W=0&I=0&E=0&e=0&r=https%3A%2F%2Ft.co%2F&b=1906&t=CrJb2qDZM_eJJ0iHHB0-TaNDtMiuH&V=129&i=Companies%20Linked%20to%20Russian%20Ransomware%20Hide%20in%20Plain%20Sight&tz=0&_acct=anon&sn=1&sv=D5X7wBY70UEXub94C8Q_W8CrY5kA&sr=https%3A%2F%2Ft.co%2F&sd=1&im=06679ff3&_
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.232.21.183 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-232-21-183.compute-1.amazonaws.com
Software: /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 11:59:45 GMT
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
content-length: 43
expires: 0

POST
H3 200 collect Show response
www.google-analytics.com/j/ 1 B
21 B 92ms
46ms XHR
text/plain 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=565540462&t=pageview&_s=1&dl=http%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-russia-bitcoin.html&dr=https%3A%2F%2Ft.co%2F&ul=en-us&de=UTF-8&dt=Companies%20Linked%20to%20Russian%20Ransomware%20Hide%20in%20Plain%20Sight%20-%20The%20New%20York%20Times&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YAhAAEABAAAAAC~&jid=947046064&gjid=2038506076&cid=967870906.1639396785&tid=UA-58630905-2&_gid=1640423484.1639396785&_r=1&gtm=2wgc10P528B3&cg1=world&cg2=europe&cg3=article&cg4=news&cd1=http%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-russia-bitcoin.html&cd2=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-russia-bitcoin.html&cd3=&cd4=World&cd9=9&cd10=t.co&cd12=Europe&cd13=twitter&cd14=international_desk&cd15=earned&cd16=social&cd17=100000008088026&cd18=Andrew%20E.%20Kramer&cd19=Companies%20Linked%20to%20Russian%20Ransomware%20Hide%20in%20Plain%20Sight&cd20=&cd21=Article&cd23=World&cd25=Europe&cd26=2021&cd27=2021-12-06-05&cd28=Monday&cd29=05&cd30=1638981366336&cd32=World%20News%2CEurope&cd33=SECTION%2CSECTION&cd34=NEWS&cd36=06russia-crypto&cd37=1354&cd38=Foreign&cd42=nyt-vi&cd43=Computer%20Security%2CVirtual%20Currency%2CExtortion%20and%20Blackmail%2CPolitics%20and%20Government%2CCyberwarfare%20and%20Defense%2CCyberattacks%20and%20Hackers%2CUnited%20States%20International%20Relations&cd44=Federation%20Towers%20(Moscow%2C%20Russia)&cd46=Moscow%20(Russia)%2CRussia&cd48=December&cd49=long_1200_1600&cd51=nyt-vi&cd52=&cd53=Foreign&cd54=international_desk&cd55=0&cd56=anon&cd57=0&cd58=0&cd59=&cd60=&cd61=0&cd63=6kCoXhmVSCId28dnSy57eB&cd65=anon&cd67=0&cd95=&cd122=&cd123=&cd124=&cd125=&cd126=&cd127=&cd129=NaN&cd135=&cd139=&cd141=&cd142=&cd162=&cd163=&cd164=6kCoXhmVSCId28dnSy57eB&z=827167937

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.nytimes.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 11:59:45 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.nytimes.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame 2AB2 22 KB
7 KB 129ms
40ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: d7f8afbfe0cd30279dccb3cfbd3c8c42.safeframe.googlesyndication.com
URL: https://d7f8afbfe0cd30279dccb3cfbd3c8c42.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d7f8afbfe0cd30279dccb3cfbd3c8c42.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 11:17:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2550
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 13 Dec 2022 11:17:15 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 2AB2 119 KB
37 KB 144ms
55ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: d7f8afbfe0cd30279dccb3cfbd3c8c42.safeframe.googlesyndication.com
URL: https://d7f8afbfe0cd30279dccb3cfbd3c8c42.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d7f8afbfe0cd30279dccb3cfbd3c8c42.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 11:59:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37305
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1638461285297402"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 13 Dec 2021 11:59:45 GMT

POST
H3 200 batchexecute Show response
news.google.com/_/SubscribewithgoogleClientUi/data/ Frame F9BC 449 B
327 B 63ms
63ms XHR
application/json 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://news.google.com/_/SubscribewithgoogleClientUi/data/batchexecute?rpcids=SlvRf&f.sid=-6306614021844303453&bl=boq_subscribewithgoogleclientserver_20211208.11_p0&hl=de&soc-app=673&soc-platform=1&soc-device=1&_reqid=43186&rt=c

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

937668ac3baaf6f3790bb27fa004f7b1b2e066a3af73fafce4c4b13cd791dc10

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/SubscribewithgoogleClientUi/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

X-Same-Domain: 1
Referer: https://news.google.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Mon, 13 Dec 2021 11:59:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: same-site
content-disposition: attachment; filename="response.bin"; filename*=UTF-8''response.bin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
pragma: no-cache
server: ESF
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: application/json; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-security-policy: require-trusted-types-for 'script';report-uri /_/SubscribewithgoogleClientUi/cspreport
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 m=Wt6vjf,hhhU8,FCpbqb,WhJNk Show response
www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.4eSN_71pnvk.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.uewZWcn_Cs4.L.B1... Frame F9BC 17 KB
7 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.4eSN_71pnvk.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.uewZWcn_Cs4.L.B1.O/am=AgAI/d=1/exm=COQbmf,DfBslb,KG2eXe,LEikZe,NwH0H,OmgaI,PQaYAf,U0aPgd,ZfAoz,_b,_tp,aurFic,blwjVc,byfTOb,fKUV3e,gychg,lPKSwe,lfpdyf,lsjVmc,ws9Tlc,xUdipf,yDVVkb,zG9H6c/excm=_b,_tp,serviceiframeview/esmo=1/ed=1/wt=2/rs=ABXTjI5kfIQ74-8tGq-F-HAdYZnSquv4Qw/ee=cEt90b:ws9Tlc;uY49fb:COQbmf;Oj465e:KG2eXe;yxTchf:KUM7Z;qddgKe:xQtZb;wR5FRb:O1Gjze;iFQyKf:vfuNJf;dIoSBb:SpsfSb;NPKaK:SdcwHb;LBgRLc:SdcwHb;zxnPse:GkRiKb;NSEoX:lazG7b;nAFL3:NTMZac;oGtAuc:sOXFj;eBAeSb:zbML3c;io8t5d:yDVVkb;j7137d:KG2eXe;ul9GGd:JrBFQb;sP4Vbe:VwDzFe;kMFpHd:blwjVc;pXdRYb:MdUzUe;SNUn3:ZwDk9d/m=Wt6vjf,hhhU8,FCpbqb,WhJNk

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4167c604ee5a719f314eebb2329408b3ea76d3e72d09e113f155435e62444d1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://news.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 16:48:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 328264
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/subscribewithgoogle-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7293
x-xss-protection: 0
last-modified: Thu, 09 Dec 2021 00:01:46 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/subscribewithgoogle-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/subscribewithgoogle-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="boq-infra/subscribewithgoogle-boq-js-css-signers"
expires: Fri, 09 Dec 2022 16:48:41 GMT

POST
H2 200 log Show response
play.google.com/ Frame F9BC 131 B
672 B 133ms
48ms XHR
text/plain 2a00:1450:4001:813::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://news.google.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Mon, 13 Dec 2021 11:59:45 GMT
content-encoding: gzip
server: Playlog
access-control-allow-headers: X-Playlog-Web
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
access-control-allow-origin: https://news.google.com
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
content-type: text/plain; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0
expires: Mon, 13 Dec 2021 11:59:45 GMT

GET
H3 200 dc_pre=COCelPjc4PQCFciZGwodV5oO9w;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=465599704594;gtm=2wgc10;auiddc=*;u17=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-russ...
adservice.google.com/ddm/fls/z/ Frame 783C 42 B
63 B 146ms
99ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=COCelPjc4PQCFciZGwodV5oO9w;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=465599704594;gtm=2wgc10;auiddc=*;u17=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-russia-bitcoin.html;ps=1;~oref=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-russia-bitcoin.html

Requested by

Host: 5290727.fls.doubleclick.net
URL: https://5290727.fls.doubleclick.net/activityi;dc_pre=COCelPjc4PQCFciZGwodV5oO9w;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=465599704594;gtm=2wgc10;auiddc=1599891822.1639396785;u17=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-russia-bitcoin.html;ps=1;~oref=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-russia-bitcoin.html?

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://5290727.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 11:59:45 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 log Show response
play.google.com/ Frame F9BC 131 B
155 B 102ms
55ms XHR
text/plain 2a00:1450:4001:813::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://news.google.com/
X-Goog-AuthUser: 0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Mon, 13 Dec 2021 11:59:45 GMT
content-encoding: gzip
server: Playlog
access-control-allow-headers: X-Playlog-Web
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
access-control-allow-origin: https://news.google.com
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
content-type: text/plain; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0
expires: Mon, 13 Dec 2021 11:59:45 GMT

OPTIONS
H2 200 log
play.google.com/ Frame 0
0 129ms
46ms Preflight
text/plain 2a00:1450:4001:813::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-goog-authuser
Origin: https://news.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-origin: https://news.google.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
content-type: text/plain; charset=UTF-8
date: Mon, 13 Dec 2021 11:59:45 GMT
server: Playlog
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 13 Dec 2021 11:59:45 GMT
cache-control: private

POST
H3 200 log Show response
play.google.com/ Frame F9BC 131 B
155 B 94ms
48ms XHR
text/plain 2a00:1450:4001:813::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://news.google.com/
X-Goog-AuthUser: 0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Mon, 13 Dec 2021 11:59:45 GMT
content-encoding: gzip
server: Playlog
access-control-allow-headers: X-Playlog-Web
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
access-control-allow-origin: https://news.google.com
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
content-type: text/plain; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0
expires: Mon, 13 Dec 2021 11:59:45 GMT

OPTIONS
H2 200 log
play.google.com/ Frame 0
0 129ms
47ms Preflight
text/plain 2a00:1450:4001:813::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-goog-authuser
Origin: https://news.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-origin: https://news.google.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
content-type: text/plain; charset=UTF-8
date: Mon, 13 Dec 2021 11:59:45 GMT
server: Playlog
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 13 Dec 2021 11:59:45 GMT
cache-control: private

POST
H3 200 log Show response
play.google.com/ Frame F9BC 131 B
155 B 94ms
49ms XHR
text/plain 2a00:1450:4001:813::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://news.google.com/
X-Goog-AuthUser: 0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Mon, 13 Dec 2021 11:59:45 GMT
content-encoding: gzip
server: Playlog
access-control-allow-headers: X-Playlog-Web
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
access-control-allow-origin: https://news.google.com
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
content-type: text/plain; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0
expires: Mon, 13 Dec 2021 11:59:45 GMT

OPTIONS
H2 200 log
play.google.com/ Frame 0
0 128ms
48ms Preflight
text/plain 2a00:1450:4001:813::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-goog-authuser
Origin: https://news.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-origin: https://news.google.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
content-type: text/plain; charset=UTF-8
date: Mon, 13 Dec 2021 11:59:45 GMT
server: Playlog
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 13 Dec 2021 11:59:45 GMT
cache-control: private

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 2AB2 0
0 76ms
76ms Fetch
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsv19HqK6i2n2Sq08jjb44QuyykHNycUU2WeuwZ5Jb3HBK-pcKbwjWin6ijX-V3IlWlN5bDkdUE6nnjMu_RLA8PSOUWZD-gFI-rsSr6L1lH98rPBFCQoc7bSSWENNbrQsgoxyAXJWq6Ee1FnPhOiyzO0pBomrj6kDL1e_1EhvvRDO5KoU4tCm9PVnpr9ECuuKJyaeQixfeLnjEc-QIsCha8V4Vy4E1Z-eLvN2SFHGAzK70Gh1waSd0HZa5TRSFs3Z0sTwiGTG5zGZVO-HM3q8XpNxsUj4jAVBrKVsI0swWHlxR_CVTI_cSS5sqNzY-5IAA6grrkxBBV414vgsOqxlBdyz0LvCuJ2VWInWsvkBQ0&sai=AMfl-YSGrDPcT0DiPZX0IM5-eLi_4z3C0MfIoSLzO0r0g-Z0K8psksF1qmU-LobgfDbLkFapwxY4Va0yplV0kMt_I2yk5XBJ5_XLZA4rAVVxmjw7XQENWwg7cy_Tjdbz6ZI&sig=Cg0ArKJSzDdbWnZWZGX-EAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: d7f8afbfe0cd30279dccb3cfbd3c8c42.safeframe.googlesyndication.com
URL: https://d7f8afbfe0cd30279dccb3cfbd3c8c42.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d7f8afbfe0cd30279dccb3cfbd3c8c42.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 13 Dec 2021 11:59:45 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 flex Show response
www.nytimes.com/subscription/ads/461200-INTL-MorningBriefing/ Frame 527D 4 KB
2 KB 7ms
7ms Document
text/html 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nytimes.com/subscription/ads/461200-INTL-MorningBriefing/flex

Requested by

Host: d7f8afbfe0cd30279dccb3cfbd3c8c42.safeframe.googlesyndication.com
URL: https://d7f8afbfe0cd30279dccb3cfbd3c8c42.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

9d9130b60b62cb531727fd072a625dea5826ab103aa34b8732041b6f8294c4fc

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=63072000; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://d7f8afbfe0cd30279dccb3cfbd3c8c42.safeframe.googlesyndication.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: text/html;charset=UTF-8
expires: 0
pragma: no-cache
server: nginx
x-origin-time: 2021-12-13 11:54:23 UTC
accept-ranges: bytes
date: Mon, 13 Dec 2021 11:59:45 GMT
age: 322
x-served-by: cache-hhn4036-HHN
x-cache: HIT
x-cache-hits: 2
x-timer: S1639396785.303170,VS0,VE1
vary: Accept-Encoding, X-NYT-Currency, X-NYT-Country, Fastly-SSL
x-nyt-app-webview: 0
access-control-allow-origin: *
access-control-allow-credentials: true
x-gdpr: 1
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/subscription/ads/461200-INTL-MorningBriefing/flex
x-api-version: F-X
x-nyt-route: mwcm-banner-ads
content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
strict-transport-security: max-age=63072000; preload
x-nyt-edge-cache: HIT
content-length: 1079

GET
H3

200

B23785176.271590857;dc_pre=CJ64o_jc4PQCFcqF_Qcd5LAI7g;dc_trk_aid=466380832;dc_trk_cid=131426341;ord=1623415763;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua= Show response
ad.doubleclick.net/ddm/trackimpj/N296811.6440THENEWYORKTIMESCOMPA/ Frame 2AB2
Redirect Chain

https://ad.doubleclick.net/ddm/trackimpj/N296811.6440THENEWYORKTIMESCOMPA/B23785176.271590857;dc_trk_aid=466380832;dc_trk_cid=131426341;ord=1623415763;dc_lat=;dc_rdid=;tag_for_child_directed_treatm...
https://ad.doubleclick.net/ddm/trackimpj/N296811.6440THENEWYORKTIMESCOMPA/B23785176.271590857;dc_pre=CJ64o_jc4PQCFcqF_Qcd5LAI7g;dc_trk_aid=466380832;dc_trk_cid=131426341;ord=1623415763;dc_lat=;dc_r...

11 KB
9 KB

67ms
66ms

Script
text/javascript

142.250.185.230
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/trackimpj/N296811.6440THENEWYORKTIMESCOMPA/B23785176.271590857;dc_pre=CJ64o_jc4PQCFcqF_Qcd5LAI7g;dc_trk_aid=466380832;dc_trk_cid=131426341;ord=1623415763;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?

Requested by

Host: d7f8afbfe0cd30279dccb3cfbd3c8c42.safeframe.googlesyndication.com
URL: https://d7f8afbfe0cd30279dccb3cfbd3c8c42.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.185.230 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f6.1e100.net

Software

cafe /

Resource Hash

c3363f82312c2514717ed922f2bc6ee67b2292f98f7acd5ef5b1c677b56b497e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d7f8afbfe0cd30279dccb3cfbd3c8c42.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 11:59:45 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8714
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 13 Dec 2021 11:59:45 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
location: https://ad.doubleclick.net/ddm/trackimpj/N296811.6440THENEWYORKTIMESCOMPA/B23785176.271590857;dc_pre=CJ64o_jc4PQCFcqF_Qcd5LAI7g;dc_trk_aid=466380832;dc_trk_cid=131426341;ord=1623415763;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
follow-only-when-prerender-shown: 1
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 main-flex.css
mwcm.nyt.com/dam/mkt_assets/crs/banners/461200-INTL-MorningBriefing/lib/ Frame 527D 188 KB
20 KB 14ms
6ms Stylesheet
text/css 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://mwcm.nyt.com/dam/mkt_assets/crs/banners/461200-INTL-MorningBriefing/lib/main-flex.css
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/subscription/ads/461200-INTL-MorningBriefing/flex
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.1.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 2a4a53d519f1aa9785a22ebaa1028231d4c98b09e43913b3961bfafbc179e5e5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 11:59:45 GMT
content-encoding: gzip
age: 447641
x-cache: HIT
content-length: 20422
x-served-by: cache-hhn4036-HHN
access-control-allow-origin: *
last-modified: Tue, 28 Jan 2020 17:41:44 GMT
server: nginx
x-timer: S1639396785.327844,VS0,VE0
x-origin-server: mwcm-pub-est09.prd.iad1.nyt.net
vary: Accept-Encoding
content-type: text/css;charset=UTF-8
via: 1.1 varnish
cache-control: no-cache, must-revalidate
accept-ranges: bytes
x-cache-hits: 1899

GET
H2 200 gsap.min.js Show response
cdnjs.cloudflare.com/ajax/libs/gsap/3.0.5/ Frame 527D 55 KB
21 KB 45ms
21ms Script
application/javascript 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/gsap/3.0.5/gsap.min.js

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/subscription/ads/461200-INTL-MorningBriefing/flex

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0a441c4f1b90c992eacea5aa9ed1f7143c5e0ca315d26edcc3468ce5ea61e03a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 11:59:45 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 2224236
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 20311
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:10:25 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e71-ddb1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IrpjaWpixRsKNsdLmKvhFBLUYBjsmnFsZ7BXzr6BzcNnn41Gp6I%2FX%2BiDXcpLyb79%2B4YEPYXJkcKvxHsksareKOUK%2BvbvHVJ4ILMAJ6ZCjOc7VgK63no3sGEiV2wK0s0SPCMGNFHQOf2FaM8eRSvKP%2FUd"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6bcf07346d2c4a8c-FRA
expires: Sat, 03 Dec 2022 11:59:45 GMT

GET
H2 200 1x1.png
mwcm.nyt.com/dam/mkt_assets/crs/banners/461200-INTL-MorningBriefing/lib/images/ Frame 527D 111 B
249 B 7ms
7ms Image
image/png 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwcm.nyt.com/dam/mkt_assets/crs/banners/461200-INTL-MorningBriefing/lib/images/1x1.png
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/subscription/ads/461200-INTL-MorningBriefing/flex
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.1.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 7080e939b330842f1fc31607f4674bb91cd9f2f464e4419498879f8b96d6927b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 11:59:45 GMT
via: 1.1 varnish
last-modified: Tue, 28 Jan 2020 17:43:07 GMT
server: nginx
age: 458113
x-served-by: cache-hhn4036-HHN
x-cache: HIT
content-type: image/png;charset=UTF-8
x-origin-server: mwcm-pub-est05.prd.iad1.nyt.net
cache-control: no-cache, must-revalidate
accept-ranges: bytes
x-timer: S1639396785.347107,VS0,VE0
access-control-allow-origin: *
content-length: 111
x-cache-hits: 1951

GET
H2 200 wordmark-Master-large-optimised-BLK.svg
mwcm.nyt.com/dam/mkt_assets/crs/banners/461200-INTL-MorningBriefing/lib/images/ Frame 527D 6 KB
2 KB 7ms
7ms Image
image/svg+xml 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwcm.nyt.com/dam/mkt_assets/crs/banners/461200-INTL-MorningBriefing/lib/images/wordmark-Master-large-optimised-BLK.svg
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/subscription/ads/461200-INTL-MorningBriefing/flex
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.1.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 2e2ad92498142b965c76de6bb7df97f643c1700f52ea07d6c0849e8e1fb89d81

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 11:59:45 GMT
content-encoding: gzip
age: 476743
x-cache: HIT
content-length: 2272
x-served-by: cache-hhn4036-HHN
access-control-allow-origin: *
last-modified: Tue, 28 Jan 2020 17:42:26 GMT
server: nginx
x-timer: S1639396785.354613,VS0,VE0
x-origin-server: mwcm-pub-est05.prd.iad1.nyt.net
vary: Accept-Encoding
content-type: image/svg+xml;charset=UTF-8
via: 1.1 varnish
cache-control: no-cache, must-revalidate
accept-ranges: bytes
x-cache-hits: 2298

GET
H2 200 MorningBriefing-Icon-Vector.svg
mwcm.nyt.com/dam/mkt_assets/crs/banners/461200-INTL-MorningBriefing/lib/images/ Frame 527D 2 KB
1 KB 7ms
7ms Image
image/svg+xml 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwcm.nyt.com/dam/mkt_assets/crs/banners/461200-INTL-MorningBriefing/lib/images/MorningBriefing-Icon-Vector.svg
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/subscription/ads/461200-INTL-MorningBriefing/flex
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.1.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 772cff71c9dab63854ecbe8dcd3c1b729b8069d77a6a9034418c5bc59d5e7d69

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 11:59:45 GMT
content-encoding: gzip
age: 385778
x-cache: HIT
content-length: 926
x-served-by: cache-hhn4036-HHN
access-control-allow-origin: *
last-modified: Tue, 28 Jan 2020 17:42:53 GMT
server: nginx
x-timer: S1639396785.362597,VS0,VE0
x-origin-server: mwcm-pub-est09.prd.iad1.nyt.net
vary: Accept-Encoding
content-type: image/svg+xml;charset=UTF-8
via: 1.1 varnish
cache-control: no-cache, must-revalidate
accept-ranges: bytes
x-cache-hits: 1969

GET
H2 200 logo-yellow-Box.svg
mwcm.nyt.com/dam/mkt_assets/crs/banners/461200-INTL-MorningBriefing/lib/images/ Frame 527D 455 B
539 B 7ms
6ms Image
image/svg+xml 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwcm.nyt.com/dam/mkt_assets/crs/banners/461200-INTL-MorningBriefing/lib/images/logo-yellow-Box.svg
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/subscription/ads/461200-INTL-MorningBriefing/flex
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.1.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 0f5e453ef60b9f204a6fba9d03ffb668d15da5f30298848f98cd51e828166008

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 11:59:45 GMT
content-encoding: gzip
age: 560580
x-cache: HIT
content-length: 333
x-served-by: cache-hhn4036-HHN
access-control-allow-origin: *
last-modified: Tue, 28 Jan 2020 17:42:41 GMT
server: nginx
x-timer: S1639396785.370653,VS0,VE0
x-origin-server: mwcm-pub-est08.prd.iad1.nyt.net
vary: Accept-Encoding
content-type: image/svg+xml;charset=UTF-8
via: 1.1 varnish
cache-control: no-cache, must-revalidate
accept-ranges: bytes
x-cache-hits: 2303

GET
H2 200 flex-anim.js Show response
mwcm.nyt.com/dam/mkt_assets/crs/banners/461200-INTL-MorningBriefing/lib/ Frame 527D 893 B
492 B 7ms
7ms Script
application/javascript 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://mwcm.nyt.com/dam/mkt_assets/crs/banners/461200-INTL-MorningBriefing/lib/flex-anim.js
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/subscription/ads/461200-INTL-MorningBriefing/flex
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.1.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 3aa02381c78552ebedd8c76d29316a4d76c6c483af0683f00f8ed8bf37db47c7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 11:59:45 GMT
content-encoding: gzip
age: 559878
x-cache: HIT
content-length: 339
x-served-by: cache-hhn4036-HHN
access-control-allow-origin: *
last-modified: Tue, 28 Jan 2020 17:41:48 GMT
server: nginx
x-timer: S1639396785.337377,VS0,VE0
x-origin-server: mwcm-pub-est09.prd.iad1.nyt.net
vary: Accept-Encoding
content-type: application/javascript;charset=UTF-8
via: 1.1 varnish
cache-control: no-cache, must-revalidate
accept-ranges: bytes
x-cache-hits: 1616

GET
H2 200 karnak-normal-900.woff2
g1.nyt.com/fonts/family/karnak/ Frame 527D 21 KB
21 KB 8ms
8ms Font
application/octet-stream 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://g1.nyt.com/fonts/family/karnak/karnak-normal-900.woff2
Requested by: Host: mwcm.nyt.com
URL: https://mwcm.nyt.com/dam/mkt_assets/crs/banners/461200-INTL-MorningBriefing/lib/main-flex.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 1fe37d55e6324e8660e627fdf1cd545c9a84f80963bc07f3a564434043650a09

Request headers

Referer: https://mwcm.nyt.com/
Origin: https://www.nytimes.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-goog-hash: crc32c=5QA+9Q==, md5=dVL+P92ZUq7akebFoq3Fnw==
date: Mon, 13 Dec 2021 11:59:45 GMT
via: 1.1 varnish
content-type: application/octet-stream
age: 2808760
x-guploader-uploadid: ADPycduf3ce3e4H0N_E1VfuqtOF3b5MqdVIFs1Ro5oS8p0NsKLQHuqlTGDqa24xjhwwajxhMGkBbRre6ZL3f0KmWshE
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 21288
x-served-by: cache-hhn4080-HHN
accept-ranges: bytes
expires: Thu, 10 Nov 2022 23:47:04 GMT
last-modified: Wed, 15 Sep 2021 19:43:05 GMT
server: UploadServer
x-timer: S1639396785.379403,VS0,VE0
etag: "7552fe3fdd9952aeda91e6c5a2adc59f"
access-control-allow-methods: GET, OPTIONS
x-goog-generation: 1631734985053271
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
x-goog-stored-content-length: 21288
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 1167

GET
H2 200 franklin-normal-700.woff
g1.nyt.com/fonts/family/franklin/ Frame 527D 27 KB
28 KB 10ms
10ms Font
application/octet-stream 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://g1.nyt.com/fonts/family/franklin/franklin-normal-700.woff
Requested by: Host: mwcm.nyt.com
URL: https://mwcm.nyt.com/dam/mkt_assets/crs/banners/461200-INTL-MorningBriefing/lib/main-flex.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: UploadServer /
Resource Hash: e0176d88d71adf58cc9e76c0bbc1fb1ad091a7d7e058ff82e5d9fb50618e8ba1

Request headers

Referer: https://mwcm.nyt.com/
Origin: https://www.nytimes.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-goog-hash: crc32c=44i2vg==, md5=oZLbMQk12KiCgy4syD8hGQ==
date: Mon, 13 Dec 2021 11:59:45 GMT
via: 1.1 varnish
content-type: application/octet-stream
age: 4619063
x-guploader-uploadid: ADPycdt0WWcxI2j4oQT_GtAY-PThQkkg4rdejGbCjgKhuKRsl5CDqtMth5zzlx9QjRx6Ot-JFS4ptRopLw8-UyE4sHlcD7UDdA
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 27688
x-served-by: cache-hhn4080-HHN
accept-ranges: bytes
expires: Fri, 21 Oct 2022 00:55:22 GMT
last-modified: Wed, 15 Sep 2021 19:43:04 GMT
server: UploadServer
x-timer: S1639396785.379527,VS0,VE0
etag: "a192db310935d8a882832e2cc83f2119"
access-control-allow-methods: GET, OPTIONS
x-goog-generation: 1631734984103192
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
x-goog-stored-content-length: 27688
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 2072

GET
H2 200 franklin-normal-900.woff2
g1.nyt.com/fonts/family/franklin/ Frame 527D 23 KB
24 KB 13ms
13ms Font
application/octet-stream 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://g1.nyt.com/fonts/family/franklin/franklin-normal-900.woff2
Requested by: Host: mwcm.nyt.com
URL: https://mwcm.nyt.com/dam/mkt_assets/crs/banners/461200-INTL-MorningBriefing/lib/main-flex.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 4480a115e7a5fb372866a640bde21c6f108061985cfd7c2a55ef80d7087ab2bc

Request headers

Referer: https://mwcm.nyt.com/
Origin: https://www.nytimes.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-goog-hash: crc32c=HKyQLA==, md5=x2Y6v1UQYXkA0xoIKpwujQ==
date: Mon, 13 Dec 2021 11:59:45 GMT
via: 1.1 varnish
content-type: application/octet-stream
age: 6428534
x-guploader-uploadid: ADPycduaeP7vntliX2zXRowwTMvYPavMIFXVCABDZ67y1HR2bE3g5INhSfv6crq0Bkt9PZ7DK7VlMH0ZQ4WOC2fcwNL0u28XlA
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 23864
x-served-by: cache-hhn4080-HHN
accept-ranges: bytes
expires: Fri, 30 Sep 2022 02:17:30 GMT
last-modified: Wed, 15 Sep 2021 19:43:04 GMT
server: UploadServer
x-timer: S1639396785.379827,VS0,VE0
etag: "c7663abf5510617900d31a082a9c2e8d"
access-control-allow-methods: GET, OPTIONS
x-goog-generation: 1631734984077645
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
x-goog-stored-content-length: 23864
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 1064

GET
H2 200 franklin-normal-500.woff
g1.nyt.com/fonts/family/franklin/ Frame 527D 27 KB
27 KB 16ms
15ms Font
font/woff 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://g1.nyt.com/fonts/family/franklin/franklin-normal-500.woff
Requested by: Host: mwcm.nyt.com
URL: https://mwcm.nyt.com/dam/mkt_assets/crs/banners/461200-INTL-MorningBriefing/lib/main-flex.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 44ce733e1c9cedefd832ff0b571555695fb7f8dbff7a066d3de45c446e44bb45

Request headers

Referer: https://mwcm.nyt.com/
Origin: https://www.nytimes.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-goog-hash: crc32c=tEQkCg==, md5=QUdY3gmNxkS2iK+gMdNfmw==
date: Mon, 13 Dec 2021 11:59:45 GMT
via: 1.1 varnish
content-type: font/woff
age: 13262040
x-guploader-uploadid: ADPycdtcX6zdWVtIlrLWXoy3MBMjHzz_Rg_LD0TuoP7aobuyL76Fi93GWjfvkxT2kk8j28PaCgOg-QROUKjiqwObkID-AyCfRg
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 27196
x-served-by: cache-hhn4080-HHN
accept-ranges: bytes
expires: Wed, 13 Jul 2022 00:05:44 GMT
last-modified: Tue, 06 Apr 2021 21:11:53 GMT
server: UploadServer
x-timer: S1639396785.379972,VS0,VE0
etag: "414758de098dc644b688afa031d35f9b"
access-control-allow-methods: GET, OPTIONS
x-goog-generation: 1617743513131086
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
x-goog-stored-content-length: 27196
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 2020

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 2AB2 41 KB
15 KB 88ms
40ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/trackimpj/N296811.6440THENEWYORKTIMESCOMPA/B23785176.271590857;dc_trk_aid=466380832;dc_trk_cid=131426341;ord=1623415763;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d7f8afbfe0cd30279dccb3cfbd3c8c42.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sun, 12 Dec 2021 23:38:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 44487
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 12 Dec 2022 23:38:18 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 2AB2 0
0 74ms
74ms Fetch
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssg9ETAqqN2quORfDVHRocqgxo2vh33mtUnx6E_xJb-7DtFBW43ZMKNsykaqUt3web0BYG36gbwJ3SpC-GoDKL7beA-Siy8LaLpT5ZP941-rgPaemgeVyLVdRewoFJwpyJnCzM7MVa4KqzuKvAb_aMm2uNTW_qsunlhiKNu3U1Lha1H-90-_DoWHKEGz_IEyU5e43SFbjDVO4v_4iZq6oi3Frbd8eUmQRIynwz1xoQWFjEp_3a1MqvcAoZuzHfwH2QwKMbXgyPxe0U9o0coJNJFNm7DgjWvu-mJd1ECggG7rPQ0t8erF0BbqTHDXx3lSinUuCic&sai=AMfl-YSBQCd9m1XAOP9s_ADiiTFKJfG45JjKJkFK8FduIRyiW8QydUd_1TGlRQZahpA_at4QOfR1ZqiEhcgsFzdC0JQX8jFW-HIIhpdFL0njHHOciiobViIQvmVdc0-P2v0&sig=Cg0ArKJSzOl-J8Z0OCLIEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d7f8afbfe0cd30279dccb3cfbd3c8c42.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 13 Dec 2021 11:59:45 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Mon, 13 Dec 2021 11:59:45 GMT

GET
DATA 200
OK truncated
/ Frame 2AB2 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fc0f249f5d8445b6c03862ff760934321256d62c0d6fd9bb615fe2c73c6fed0d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 7894 22 KB
8 KB 56ms
55ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://d7f8afbfe0cd30279dccb3cfbd3c8c42.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
date: Sun, 12 Dec 2021 23:38:39 GMT
expires: Mon, 12 Dec 2022 23:38:39 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 44466
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 11 KB
9 KB 146ms
54ms XHR
application/json 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021120601&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d83bd9a2542476babd25f8273b27cf868604c0b9c2051a473f272b528a39f9dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 13 Dec 2021 11:59:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8412
x-xss-protection: 0

GET
H2 200 b_8rsBg2pSAE7OSEuXeXkmKAJRzK7XLbOE8Wp2RNR2Q.js Show response
pagead2.googlesyndication.com/bg/ Frame 7894 35 KB
14 KB 45ms
44ms Script
text/javascript 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/b_8rsBg2pSAE7OSEuXeXkmKAJRzK7XLbOE8Wp2RNR2Q.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

sffe /

Resource Hash

6fff2bb01836a52004ece484b97797926280251ccaed72db384f16a7644d4764

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sun, 12 Dec 2021 14:59:41 GMT
content-encoding: br
x-content-type-options: nosniff
age: 75604
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13622
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 19:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 12 Dec 2022 14:59:41 GMT

GET
H2 200 loader.js Show response
platform.iteratehq.com/ 2 KB
1 KB 82ms
28ms Script
application/javascript 2606:4700:3032::ac43:c7c7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://platform.iteratehq.com/loader.js

Requested by

Host: t.co
URL: https://t.co/hEnRfZ0lBg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::ac43:c7c7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ca2c526397c805f1ebe50aef75409bc359bd1dc6d403882ef0c5bc6c42aa3742

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 11:59:45 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 457
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id: 08ZKGBN96CESE87X
x-amz-id-2: MLsCGtU3oNDYYha8t6jxEkBYN83J0LcZ8s2YcBAamXuc9hB6Rz358+Aj3xkXW8GsSPk5zNM8Vk4=
last-modified: Tue, 30 Nov 2021 17:45:47 GMT
server: cloudflare
etag: W/"0fd20432cf9f2bf6cab535d117f99af7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0; includeSubDomains
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ejOelubWGMkijfkK3zeUqxkYNIZgr0j0i9HkrrEPmP4QLpwoeVr7Ma5NmmYRohweJXYYkaeX%2FJ%2F1ifUPyYA7Ukm5rSaJ0fl5D4553zo28%2F2y9JdOCnC%2BCBpNnZK1tXnT4rM5TUGAhAiXAvbZuIIJ2cFK60vp"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=1800
cf-ray: 6bcf07367c37c272-FRA

POST
H2 204 /
684dd32c.akstat.io/ 0
202 B 212ms
199ms Ping
image/gif 2a02:26f0:6c00:287::11a6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://684dd32c.akstat.io/

Requested by

Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/ATH8A-MAMN8-XPXCH-N5KAX-8D239

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

2a02:26f0:6c00:287::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.nytimes.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 11:59:45 GMT
content-type: image/gif
access-control-allow-origin: https://www.nytimes.com
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
timing-allow-origin: *
x-xss-protection: 0
expires: Mon, 13 Dec 2021 11:59:45 GMT

GET
H3 200 sdk-prod-ea25a135bde1cf14d4a7.js Show response
platform.iteratehq.com/ 895 KB
259 KB 46ms
31ms Script
application/javascript 2606:4700:3032::ac43:c7c7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://platform.iteratehq.com/sdk-prod-ea25a135bde1cf14d4a7.js

Requested by

Host: platform.iteratehq.com
URL: https://platform.iteratehq.com/loader.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3032::ac43:c7c7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8fbac64874e4c3d8ab829798f73a3f4ad05a5ac15d22be98b881d422b3b4f5fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 11:59:45 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1102329
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id: QDF47Q58GW1VSWYT
x-amz-id-2: FU0UdDCZlGuT2sBg8QXHs4rBmm8XlskcHa45nbJD2YbaehyUgxUlzyv0J4hJDiUVkGXFF7vWgFI=
last-modified: Tue, 30 Nov 2021 17:45:43 GMT
server: cloudflare
etag: W/"01d2b1c2c22259161a931f5d15e1a312"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0; includeSubDomains
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R1Lz1bgXDWBHAR8upmRekxNJTi6MR1QvkC%2Baq40ZMf8UtIkBNjqYW1RkK4DxR%2F%2FCjohnhEtt0HWDztvVtfvJiAsBPTOsn5pV%2FEBWqh90%2By0rn230kmu5nQu0B7gr6eMs0xDDqUR91m25zwpi1Mg%2B2pRHPnCf"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=31536000
cf-ray: 6bcf0736cead693f-FRA

GET
H3 200 style-2bdbffb0210cc2e386f1.css
platform.iteratehq.com/ 130 KB
12 KB 36ms
22ms Stylesheet
text/css 2606:4700:3032::ac43:c7c7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://platform.iteratehq.com/style-2bdbffb0210cc2e386f1.css

Requested by

Host: platform.iteratehq.com
URL: https://platform.iteratehq.com/loader.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3032::ac43:c7c7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f348468a5b39755c98091989fdafd4be48ccdbfaf75273cd4fd87333e43a7fda

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 11:59:45 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 11282834
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id: 4JM9W0H7FD3WYSZR
x-amz-id-2: u7Y/PxiHErEF2XKGiWUyxpReZsCZLteonkiG4Z2YsZerCpr0TD+kApngw3ehKnC4IMmvTt7BHAw=
last-modified: Wed, 04 Aug 2021 21:51:28 GMT
server: cloudflare
etag: W/"4737fd744e2551cae9a2bc8884efd7ba"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0; includeSubDomains
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qK8JacibZmssf0G3C1%2BQ7MZpjHgSyE9mmSAN3PpS5A1SCq151yU0UfXCE1nuDHatRePpOoIxVgt1aT4HHMrIxXHdc7DwZQB87N3AIT7GfzeAeSrjzUGyzbD0MiCbioF2sNfYv3KqraWfZgyFBO6%2BQNbEVZ8s"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31536000
cf-ray: 6bcf0736ceb1693f-FRA

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 1070ms
1070ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 11:59:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
expires: Mon, 13 Dec 2021 11:59:46 GMT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static01.nyt.com/images/2021/12/02/world/00russia-crypto-01/merlin_198333042_152e09ee-ea0e-4834-a969-9c9708a28694-superJumbo.jpg?quality=75&auto=webp
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/vi-assets/static-assets/main-3c7d1bf403a3e122d0a0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.1.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: UploadServer /
Resource Hash: caf90d615d21d458627834cc1b5ab04a110fd20512e9e6a0fd694d96dbcfd7e4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 11:59:45 GMT
via: 1.1 varnish, 1.1 varnish
age: 7047
x-guploader-uploadid: ADPycdvltXKgF-QCHrqdX7dZH5n_nSbAadJvMWFQj_FGrW-JdFM5TnPPF7s2oeNrO33etiq16kpXP5aZBsEMAEfVv10UiyuKMw
x-cache: HIT, HIT
fastly-io-info: ifsz=844547 idim=2048x1365 ifmt=jpeg ofsz=527318 odim=2048x1365 ofmt=webp
x-goog-storage-class: MULTI_REGIONAL
fastly-stats: io=1
content-length: 527318
x-served-by: cache-bwi5156-BWI, cache-hhn4036-HHN
x-nyt-gcs-bucket: cms-gke-prd-publish-images-storage
server: UploadServer
x-timer: S1639396786.782795,VS0,VE0
etag: "TM+eD90xJYRebPqmLLvxRcGCvQ9ZKsxirDBqC5dXKys"
vary: Accept
x-goog-hash: crc32c=8Mf8Tw==, md5=J2UImu8bq4hlOUGYeYc5eA==
content-type: image/webp
access-control-allow-origin: *
expires: Mon, 06 Dec 2021 10:01:21 GMT
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 1, 2

GET
H2 200 main.css
mwcm.nyt.com/.resources/mkt-wcm/dist/templates/pages/lp/gbb3/css/ 103 KB
15 KB 28ms
27ms Stylesheet
text/css 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://mwcm.nyt.com/.resources/mkt-wcm/dist/templates/pages/lp/gbb3/css/main.css
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/vi-assets/static-assets/main-3c7d1bf403a3e122d0a0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.1.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: c0ec4afe344c086bc95ae4593c092460b527a5a5c0704e1c05cef34b2b648000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 11:59:45 GMT
content-encoding: gzip
age: 328801
x-cache: HIT
content-length: 14690
x-served-by: cache-hhn4036-HHN
access-control-allow-origin: *
last-modified: Mon, 06 Dec 2021 22:44:54 GMT
server: nginx
x-timer: S1639396786.782875,VS0,VE0
x-origin-server: mwcm-pub-est10.prd.iad1.nyt.net
vary: Accept-Encoding
content-type: text/css;charset=UTF-8
via: 1.1 varnish
cache-control: no-cache, must-revalidate
accept-ranges: bytes
x-cache-hits: 2041

GET
H2 200 common.js Show response
mwcm.nyt.com/.resources/mkt-wcm/dist/ 220 KB
69 KB 69ms
69ms Script
application/javascript 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://mwcm.nyt.com/.resources/mkt-wcm/dist/common.js
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/vi-assets/static-assets/main-3c7d1bf403a3e122d0a0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.1.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: c9ecff36f11833ac5b741e8348a8a80eb5cad243c45bd857ba92202a8e5451e4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 11:59:45 GMT
content-encoding: gzip
age: 328801
x-cache: HIT
content-length: 70433
x-served-by: cache-hhn4036-HHN
access-control-allow-origin: *
last-modified: Mon, 06 Dec 2021 22:44:54 GMT
server: nginx
x-timer: S1639396786.784064,VS0,VE0
x-origin-server: mwcm-pub-est10.prd.iad1.nyt.net
vary: Accept-Encoding
content-type: application/javascript;charset=UTF-8
via: 1.1 varnish
cache-control: no-cache, must-revalidate
accept-ranges: bytes
x-cache-hits: 2427

GET
H2 200 main.js Show response
mwcm.nyt.com/.resources/mkt-wcm/dist/templates/pages/lp/gbb3/js/src/ 23 KB
6 KB 83ms
83ms Script
application/javascript 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://mwcm.nyt.com/.resources/mkt-wcm/dist/templates/pages/lp/gbb3/js/src/main.js
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/vi-assets/static-assets/main-3c7d1bf403a3e122d0a0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.1.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: d09b7b0c955ad436b296c77df5c697479e1ca306619ba3e065fcc9a1342bcc7f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 11:59:45 GMT
content-encoding: gzip
age: 328801
x-cache: HIT
content-length: 6090
x-served-by: cache-hhn4036-HHN
access-control-allow-origin: *
last-modified: Mon, 06 Dec 2021 22:44:54 GMT
server: nginx
x-timer: S1639396786.784184,VS0,VE0
x-origin-server: mwcm-pub-est09.prd.iad1.nyt.net
vary: Accept-Encoding
content-type: application/javascript;charset=UTF-8
via: 1.1 varnish
cache-control: no-cache, must-revalidate
accept-ranges: bytes
x-cache-hits: 2007

GET
H2 200 franklin-normal-300.bc7be4c5d8cacb780f896c5cbe0c0d7f.woff2
g1.nyt.com/fonts/family/franklin/ 20 KB
20 KB 31ms
30ms Font
application/octet-stream 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://g1.nyt.com/fonts/family/franklin/franklin-normal-300.bc7be4c5d8cacb780f896c5cbe0c0d7f.woff2
Requested by: Host: mwcm.nyt.com
URL: https://mwcm.nyt.com/.resources/mkt-wcm/dist/templates/pages/lp/gbb3/css/main.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 254043432874ecaf0cf3d6d69907109b373057290d615453060544935d1cb8b9

Request headers

Referer: https://mwcm.nyt.com/
Origin: https://www.nytimes.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-goog-hash: crc32c=XjpPGQ==, md5=vHvkxdjKy3gPiWxcvgwNfw==
date: Mon, 13 Dec 2021 11:59:45 GMT
via: 1.1 varnish
content-type: application/octet-stream
age: 252385
x-guploader-uploadid: ADPycdt3cBFAGFsQ4ccfs6u5GneNBz1n_ODTUPQlKOGNLnU2lvCMirGPa6QzyaNayWd9jLz0sz61LujRZSP0pCRBILc
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 20172
x-served-by: cache-hhn4080-HHN
accept-ranges: bytes
expires: Sat, 10 Dec 2022 13:53:20 GMT
last-modified: Wed, 15 Sep 2021 19:43:04 GMT
server: UploadServer
x-timer: S1639396786.821691,VS0,VE0
etag: "bc7be4c5d8cacb780f896c5cbe0c0d7f"
access-control-allow-methods: GET, OPTIONS
x-goog-generation: 1631734983906454
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
x-goog-stored-content-length: 20172
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 5098

GET
H2 200 franklin-normal-700.b44c88f09ca7ce914b836d4ae72891b8.woff2
g1.nyt.com/fonts/family/franklin/ 20 KB
20 KB 32ms
32ms Font
application/octet-stream 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://g1.nyt.com/fonts/family/franklin/franklin-normal-700.b44c88f09ca7ce914b836d4ae72891b8.woff2
Requested by: Host: mwcm.nyt.com
URL: https://mwcm.nyt.com/.resources/mkt-wcm/dist/templates/pages/lp/gbb3/css/main.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 156f9b4a184dd0f31c929ce45c89e94a07148f97fc371cc7fde39ff04b706b57

Request headers

Referer: https://mwcm.nyt.com/
Origin: https://www.nytimes.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-goog-hash: crc32c=PQVxAw==, md5=tEyI8JynzpFLg21K5yiRuA==
date: Mon, 13 Dec 2021 11:59:45 GMT
via: 1.1 varnish
content-type: application/octet-stream
age: 1078825
x-guploader-uploadid: ADPycdtX4MNbT6QPezVCT7YrY3yujYPe9pEU9CNfFp1wTobv5fHyXsHYBVGUJ_l1a3OVBc8t-akvK3w37GbgV4tKf-Y
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 20312
x-served-by: cache-hhn4080-HHN
accept-ranges: bytes
expires: Thu, 01 Dec 2022 00:19:20 GMT
last-modified: Wed, 15 Sep 2021 19:43:04 GMT
server: UploadServer
x-timer: S1639396786.822767,VS0,VE0
etag: "b44c88f09ca7ce914b836d4ae72891b8"
access-control-allow-methods: GET, OPTIONS
x-goog-generation: 1631734984061911
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
x-goog-stored-content-length: 20312
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 6029

GET
H2 200 cheltenham-normal-400.a3ed7afe3eaa0a873f3fbd379f8c491b.woff2
g1.nyt.com/fonts/family/cheltenham/ 28 KB
29 KB 33ms
32ms Font
application/octet-stream 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://g1.nyt.com/fonts/family/cheltenham/cheltenham-normal-400.a3ed7afe3eaa0a873f3fbd379f8c491b.woff2
Requested by: Host: mwcm.nyt.com
URL: https://mwcm.nyt.com/.resources/mkt-wcm/dist/templates/pages/lp/gbb3/css/main.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 48c17df8a89e5c3acb4127a265cce50218716f0dfdf7ad265267d4a013f01b2f

Request headers

Referer: https://mwcm.nyt.com/
Origin: https://www.nytimes.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-goog-hash: crc32c=qrdFGQ==, md5=o+16/j6qCoc/P703n4xJGw==
date: Mon, 13 Dec 2021 11:59:45 GMT
via: 1.1 varnish
content-type: application/octet-stream
age: 2804723
x-guploader-uploadid: ADPycdsbmB0iGXrnj0YJIZxZlMCd46_nNAOz3Po7oc1jbUFbh_TztelAet_j9dEfjgeGE8bMBAavINFKWZRKFcfT-wI
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 29076
x-served-by: cache-hhn4080-HHN
accept-ranges: bytes
expires: Fri, 11 Nov 2022 00:54:21 GMT
last-modified: Wed, 15 Sep 2021 19:43:02 GMT
server: UploadServer
x-timer: S1639396786.825547,VS0,VE0
etag: "a3ed7afe3eaa0a873f3fbd379f8c491b"
access-control-allow-methods: GET, OPTIONS
x-goog-generation: 1631734982705223
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
x-goog-stored-content-length: 29076
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 3978

GET
H2 200 franklin-normal-500.d6c06a3d84a57100edad5bf9b84ff739.woff2
g1.nyt.com/fonts/family/franklin/ 19 KB
20 KB 37ms
36ms Font
application/octet-stream 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://g1.nyt.com/fonts/family/franklin/franklin-normal-500.d6c06a3d84a57100edad5bf9b84ff739.woff2
Requested by: Host: mwcm.nyt.com
URL: https://mwcm.nyt.com/.resources/mkt-wcm/dist/templates/pages/lp/gbb3/css/main.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 1c7536005d0e28de66f559cbd59e83e9c5c4301553668cbbb8cb0dfa753e33c6

Request headers

Referer: https://mwcm.nyt.com/
Origin: https://www.nytimes.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-goog-hash: crc32c=ImeYUg==, md5=1sBqPYSlcQDtrVv5uE/3OQ==
date: Mon, 13 Dec 2021 11:59:45 GMT
via: 1.1 varnish
content-type: application/octet-stream
age: 5833049
x-guploader-uploadid: ADPycdv_daBJz1GMbDv51CbbcmgvIEki9m2Vbyc2RlpNHfjikXqOwydbx02JYNMon2CphKiQnbieVibYJ2n6-cIuvVY
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 19836
x-served-by: cache-hhn4080-HHN
accept-ranges: bytes
expires: Thu, 06 Oct 2022 23:42:16 GMT
last-modified: Wed, 15 Sep 2021 19:43:04 GMT
server: UploadServer
x-timer: S1639396786.825941,VS0,VE0
etag: "d6c06a3d84a57100edad5bf9b84ff739"
access-control-allow-methods: GET, OPTIONS
x-goog-generation: 1631734984052902
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
x-goog-stored-content-length: 19836
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 6081

GET
H2 200 franklin-normal-800.fdc7cad17deeec2db1fe2f9f8c0520ed.woff2
g1.nyt.com/fonts/family/franklin/ 24 KB
24 KB 43ms
42ms Font
application/octet-stream 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://g1.nyt.com/fonts/family/franklin/franklin-normal-800.fdc7cad17deeec2db1fe2f9f8c0520ed.woff2
Requested by: Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.b1c035e4560e0216caf8f03326e0430712b61041.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 1a48c22120ff01abb38156633970addec986b69af1e59bfaf9b8abb6673f78c7

Request headers

Referer: https://g1.nyt.com/fonts/css/web-fonts.b1c035e4560e0216caf8f03326e0430712b61041.css
Origin: https://www.nytimes.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-goog-hash: crc32c=b25SxA==, md5=/cfK0X3u7C2x/i+fjAUg7Q==
date: Mon, 13 Dec 2021 11:59:45 GMT
via: 1.1 varnish
content-type: application/octet-stream
age: 554223
x-guploader-uploadid: ADPycdsM45IrPMPivF_8h6yPPqhAyFMvBOlx58tkw04XZ1dsS0TrHJ4Aha5EF4VBAbdb2gnC4QSuS4CMfTd2fz7ImuFOJX9Eqg
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 24184
x-served-by: cache-hhn4080-HHN
accept-ranges: bytes
expires: Wed, 07 Dec 2022 02:02:42 GMT
last-modified: Wed, 15 Sep 2021 19:43:04 GMT
server: UploadServer
x-timer: S1639396786.826076,VS0,VE0
etag: "fdc7cad17deeec2db1fe2f9f8c0520ed"
access-control-allow-methods: GET, OPTIONS
x-goog-generation: 1631734984069574
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
x-goog-stored-content-length: 24184
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 2211

GET
H2 200 franklin-normal-600.abe1b34d5a429f8e034860c86c483446.woff2
g1.nyt.com/fonts/family/franklin/ 20 KB
20 KB 44ms
44ms Font
application/octet-stream 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://g1.nyt.com/fonts/family/franklin/franklin-normal-600.abe1b34d5a429f8e034860c86c483446.woff2
Requested by: Host: mwcm.nyt.com
URL: https://mwcm.nyt.com/.resources/mkt-wcm/dist/templates/pages/lp/gbb3/css/main.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 382754535c8544a1771a47b0f27d04402334c75c0b83cb0b18d88b20e271e3ab

Request headers

Referer: https://mwcm.nyt.com/
Origin: https://www.nytimes.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-goog-hash: crc32c=JJVCDg==, md5=q+GzTVpCn44DSGDIbEg0Rg==
date: Mon, 13 Dec 2021 11:59:45 GMT
via: 1.1 varnish
content-type: application/octet-stream
age: 1071225
x-guploader-uploadid: ADPycdvzcCfEtq6rQhQ7OVo_LbiYueAWtyvuoFYYxbGS147rQEL_tM0YbGPlwl3lsdxJCn0D8gc3sdeMM1OKD6NzCi8
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 20212
x-served-by: cache-hhn4080-HHN
accept-ranges: bytes
expires: Thu, 01 Dec 2022 02:26:00 GMT
last-modified: Wed, 15 Sep 2021 19:43:04 GMT
server: UploadServer
x-timer: S1639396786.826933,VS0,VE0
etag: "abe1b34d5a429f8e034860c86c483446"
access-control-allow-methods: GET, OPTIONS
x-goog-generation: 1631734984010934
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
x-goog-stored-content-length: 20212
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 4956

GET
H2 200 cheltenham-italic-700.f99a0459024509f157a3352e5de4f873.woff2
g1.nyt.com/fonts/family/cheltenham/ 28 KB
28 KB 43ms
42ms Font
application/octet-stream 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://g1.nyt.com/fonts/family/cheltenham/cheltenham-italic-700.f99a0459024509f157a3352e5de4f873.woff2
Requested by: Host: mwcm.nyt.com
URL: https://mwcm.nyt.com/.resources/mkt-wcm/dist/templates/pages/lp/gbb3/css/main.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 2ccd0ce11738369585c6f39ed2cde7b3b3b1c25c12fc30047218aa201d6add76

Request headers

Referer: https://mwcm.nyt.com/
Origin: https://www.nytimes.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-goog-hash: crc32c=4NwmFQ==, md5=+ZoEWQJFCfFXozUuXeT4cw==
date: Mon, 13 Dec 2021 11:59:45 GMT
via: 1.1 varnish
content-type: application/octet-stream
age: 2202627
x-guploader-uploadid: ADPycduIAYo83mhM8t6_oelrSd3hudE-s6pHbvE2CefgZV4ceeWFAVdUImSxXVET8ZL9YtfGVlHReDPdAjBqto4bxLM
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 28620
x-served-by: cache-hhn4080-HHN
accept-ranges: bytes
expires: Fri, 18 Nov 2022 00:09:17 GMT
last-modified: Wed, 15 Sep 2021 19:43:02 GMT
server: UploadServer
x-timer: S1639396786.830046,VS0,VE0
etag: "f99a0459024509f157a3352e5de4f873"
access-control-allow-methods: GET, OPTIONS
x-goog-generation: 1631734982696426
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
x-goog-stored-content-length: 28620
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 2290

GET
H2 200 cheltenham-normal-300.7ea91ebd036309e1fe756ee3aab272da.woff2
g1.nyt.com/fonts/family/cheltenham/ 27 KB
27 KB 45ms
45ms Font
application/octet-stream 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://g1.nyt.com/fonts/family/cheltenham/cheltenham-normal-300.7ea91ebd036309e1fe756ee3aab272da.woff2
Requested by: Host: mwcm.nyt.com
URL: https://mwcm.nyt.com/.resources/mkt-wcm/dist/templates/pages/lp/gbb3/css/main.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: UploadServer /
Resource Hash: e444fdaa833e612d239cf21a335b8322ad8cb7c7ba697ec978bdb454f5059519

Request headers

Referer: https://mwcm.nyt.com/
Origin: https://www.nytimes.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-goog-hash: crc32c=rNQ9pA==, md5=fqkevQNjCeH+dW7jqrJy2g==
date: Mon, 13 Dec 2021 11:59:45 GMT
via: 1.1 varnish
content-type: application/octet-stream
age: 1686002
x-guploader-uploadid: ADPycdtKHSXecei8L0qjYtsbwQPyxWYVl1efquEk_SRtqwZpe84w0b8STr-Wc92hRndkLHzCXERGejF3fMe2re-xSLVQL7HtjA
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 27260
x-served-by: cache-hhn4080-HHN
accept-ranges: bytes
expires: Wed, 23 Nov 2022 23:39:43 GMT
last-modified: Wed, 15 Sep 2021 19:43:02 GMT
server: UploadServer
x-timer: S1639396786.830158,VS0,VE0
etag: "7ea91ebd036309e1fe756ee3aab272da"
access-control-allow-methods: GET, OPTIONS
x-goog-generation: 1631734982738365
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
x-goog-stored-content-length: 27260
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 3750

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7894 0
20 B 75ms
75ms Image
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BAu_rsTW3YaTKFsn2gAfBl5SgAQAAAAA4AeAEAg&bg=!bW6lbirNAAZKWFskSlg7ACkAdvg8WtUJEo8KN41El7HsuuPnLVRMLMYHo_4kSEpq16JiprGWUOdt6QIAAABZUgAAAAxoAQeZAudt4raa91BzUY-ghquO6n5l4poYEK8Ddsn3A5YzQfsqDEaMf2mQfnQ1S6Rk638vd_jWy47GSXUEmRg129LF7v-v0mwkLoFVj-8Jxc6mmcs6hSY1M8IVT6Bu01rsnemBirGODelqGkGcZIU-F4OrrXvcDmMbKlCkFX6zCOys74VXN4NHSSDoF1H4jR9UDoniaui7g8RqjzW3cRJSR4xu7hFccQZOEyoiiECCnWELbU83pQsMoZeRxST2hs5INbqoYN0gM7XtcsRpfRjVGqUwCc-T51aHE-7CriZqclYFzPfRntoOhficp7i8nANeoryK_yWl1KykuSixGbtR2tVMVFTtS_pqcK3v9u4t7OTP4uoxzJREIthaVRWgLPwEsQGNXyI9VqhdJA4Do1oz-4GmaKjLfFeQRyKBYqFJlJYFXjvqiJevFR_m5T2wqFX_KJB6O1-WFsjuYHplmWq2eqS2Ee3vq7WfbXhCjlKKOU_RSW1IPd_4H6-3h4qlIvfI0xlOcmj0w1_wkL5Vm2w9P_AEdnbdk72dIRZqpH0dK1zoMofUhlfbiKBqRzVybISO3H8hFfdFVdnmtcMpS_WTnFUM3xdQEq-6j2E2BKU4Fo9ifwkfsaGGHlwyq2ULKwwYbFDLIB4sGlzehuuNEZDFEqIK9zsGs47PBhB2Iw2Nthc_BpYJNTo78WP1PllaqVHmN2WZ07iaE4-6WDlWoXc6WnDC50vUfxIR8DxcbwtBVgZYMxhVUdA4-mWnxNZ3eCnReZ-WwzZBLAOJYGzCbvVBpyI7LAPULVWwqQuiFGH0f0kp_ZZrHGmxQfctwNfl6ONGkPuU1FlQk0pdx3YVzrwf8OymePHB_huxi52Yc9WYkZ-FV_SG-bTV2XO3xHrBZ5pAyvy_5BK3fdvyuI6SVnID8VB6JrwMzyFv7DNc0dCDQXNwEPQL4Z1DJjsNVTVAdMGTLUbEolHHgp53gdrHVA5q3YViYmNzh8h81MvsbQ

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 11:59:45 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

OPTIONS
H2 200 embed
iteratehq.com/api/v1/surveys/ Frame 0
0 134ms
103ms Preflight 2606:4700:3032::ac43:c7c7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://iteratehq.com/api/v1/surveys/embed

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::ac43:c7c7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: authorization,content-type
Origin: https://www.nytimes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Mon, 13 Dec 2021 11:59:46 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: POST
access-control-allow-origin: *
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tbTcgjxjF%2FqianOWMmOhFgHS1k0lJ%2F0A1L1398tcAVn66IY%2FgTxkzK5u515hyfviTuL2mOr0TOwFtXT8CKcFJ0jpDkknrbjqamvPHPb6YaOWs8QqlwgDFn2y%2BhEpWLvRH5U0KA1d%2BvvKoWyu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0; includeSubDomains
server: cloudflare
cf-ray: 6bcf0738291f7031-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

POST
H3 200 embed Show response
iteratehq.com/api/v1/surveys/ 298 B
1 KB 127ms
111ms Fetch
application/json 2606:4700:3032::ac43:c7c7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://iteratehq.com/api/v1/surveys/embed

Requested by

Host: platform.iteratehq.com
URL: https://platform.iteratehq.com/sdk-prod-ea25a135bde1cf14d4a7.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3032::ac43:c7c7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d235eb0212f0976902abc5692d266dec4b494c4b7406030c564c2728f6af5648

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Referer: https://www.nytimes.com/
Accept-Language: de-DE,de;q=0.9
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJjb21wYW55X2lkIjoiNWMwOThiM2QxNjU0YzEwMDAxMmM2OGY5IiwiaWF0IjoxNTQ0MTI5MzQxfQ.UI13nEXGs0udbZxhjyFLruAEed42XwFO4fZlCqOgY1o
Content-Type: application/json

Response headers

date: Mon, 13 Dec 2021 11:59:46 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Gw%2BW3EVJMyEZAdmXekG%2Btro3lcKFQFcLr15VDzX%2BH%2BW7poyyKYH1Q2dlps4EHFGLj6c27GieJbyfVMcvTllrj0KbsKoPQeznPRmmEiKHgpC86MA%2BUk8hN%2B6U%2F%2Fuq5woR3%2FkdhxJ33ptfMfaW"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: *
access-control-allow-credentials: true
strict-transport-security: max-age=0; includeSubDomains
cf-ray: 6bcf0738eecc5bdd-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 cheltenham-normal-200.40ccfe2cc61a71e6617e56162d49b896.woff2
g1.nyt.com/fonts/family/cheltenham/ 26 KB
26 KB 9ms
9ms Font
application/octet-stream 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://g1.nyt.com/fonts/family/cheltenham/cheltenham-normal-200.40ccfe2cc61a71e6617e56162d49b896.woff2
Requested by: Host: mwcm.nyt.com
URL: https://mwcm.nyt.com/.resources/mkt-wcm/dist/templates/pages/lp/gbb3/css/main.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 4f837869b80c34ed1a128362a6ed24ff5ebdae743dc55eb3c183ae9c8b5f4ca3

Request headers

Referer: https://mwcm.nyt.com/
Origin: https://www.nytimes.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-goog-hash: crc32c=kUZRqw==, md5=QMz+LMYaceZhflYWLUm4lg==
date: Mon, 13 Dec 2021 11:59:45 GMT
via: 1.1 varnish
content-type: application/octet-stream
age: 2202907
x-guploader-uploadid: ADPycdvKEZjcsHoQ6AIjXGw_dxXaWmeXxll8NtRiTSsbJNQ_qTkc8Zw1Li-2ZDoJcqwbxSRZeDF446RVn82wSNDKAw
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 26448
x-served-by: cache-hhn4080-HHN
accept-ranges: bytes
expires: Fri, 18 Nov 2022 00:04:39 GMT
last-modified: Wed, 15 Sep 2021 19:43:02 GMT
server: UploadServer
x-timer: S1639396786.957633,VS0,VE0
etag: "40ccfe2cc61a71e6617e56162d49b896"
access-control-allow-methods: GET, OPTIONS
x-goog-generation: 1631734982612741
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
x-goog-stored-content-length: 26448
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 3320

GET
H2 200 data-layer Show response
a.nytimes.com/svc/nyt/ 950 B
972 B 162ms
162ms XHR
application/json 2a00:1450:4001:809::2013
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://a.nytimes.com/svc/nyt/data-layer
Requested by: Host: mwcm.nyt.com
URL: https://mwcm.nyt.com/.resources/mkt-wcm/dist/common.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:809::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: 0a7a887d533ad0924d44fa17cf8184f3c9a09c83ed76cf7759f0f2a21ca78745

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 11:59:46 GMT
content-encoding: gzip
x-appengine-log-flush-count: 1
server: Google Frontend
vary: Accept-Encoding
access-control-allow-methods: GET, PUT, POST, DELETE, OPTIONS
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.nytimes.com
x-cloud-trace-context: 91b75d6febef1cc44f6353bfd5f5fd74
cache-control: private
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, x-requested-by, *
content-length: 487
expires: Mon, 13 Dec 2021 11:59:46 GMT

GET
H3

200

activityi;dc_pre=CKbh0Pjc4PQCFY3CGwodbKQEAg;src=5290727;type=remar0;cat=gatew0;ord=1;num=6318873376168;gtm=2wgc10;auiddc=1599891822.1639396785;u17=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fw... Show response
5290727.fls.doubleclick.net/ Frame 8D4E
Redirect Chain

https://5290727.fls.doubleclick.net/activityi;src=5290727;type=remar0;cat=gatew0;ord=1;num=6318873376168;gtm=2wgc10;auiddc=1599891822.1639396785;u17=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2...
https://5290727.fls.doubleclick.net/activityi;dc_pre=CKbh0Pjc4PQCFY3CGwodbKQEAg;src=5290727;type=remar0;cat=gatew0;ord=1;num=6318873376168;gtm=2wgc10;auiddc=1599891822.1639396785;u17=https%3A%2F%2F...

567 B
409 B

91ms
91ms

Document
text/html

142.250.185.230
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://5290727.fls.doubleclick.net/activityi;dc_pre=CKbh0Pjc4PQCFY3CGwodbKQEAg;src=5290727;type=remar0;cat=gatew0;ord=1;num=6318873376168;gtm=2wgc10;auiddc=1599891822.1639396785;u17=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-russia-bitcoin.html;ps=1;~oref=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-russia-bitcoin.html?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P528B3&gtm_auth=tfAzqo1rYDLgYhmTnSjPqw&gtm_preview=env-130&gtm_cookies_win=x

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.230 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f6.1e100.net

Software

cafe /

Resource Hash

08dac0b3be1c3a38d242a18b60ab6e7f2c26ff2efe4f007a02f4a84fce140f7a

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: about:blank

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 13 Dec 2021 11:59:46 GMT
expires: Mon, 13 Dec 2021 11:59:46 GMT
cache-control: private, max-age=0
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 386
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 13 Dec 2021 11:59:46 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
strict-transport-security: max-age=21600
location: https://5290727.fls.doubleclick.net/activityi;dc_pre=CKbh0Pjc4PQCFY3CGwodbKQEAg;src=5290727;type=remar0;cat=gatew0;ord=1;num=6318873376168;gtm=2wgc10;auiddc=1599891822.1639396785;u17=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-russia-bitcoin.html;ps=1;~oref=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-russia-bitcoin.html?
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 track
a.et.nytimes.com/ 0
0 145ms
144ms Ping
application/json 2a00:1450:4001:809::2013
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://a.et.nytimes.com/track
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:809::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.nytimes.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

GET
H3 200 activityi;register_conversion=1;src=5290727;type=remar0;cat=gatew0;ord=1;num=6318873376168;gtm=2wgc10;auiddc=1599891822.1639396785;u17=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurop...
5290727.fls.doubleclick.net/ 0
0 48ms
47ms Image
text/html 142.250.185.230
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://5290727.fls.doubleclick.net/activityi;register_conversion=1;src=5290727;type=remar0;cat=gatew0;ord=1;num=6318873376168;gtm=2wgc10;auiddc=1599891822.1639396785;u17=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-russia-bitcoin.html;ps=1;~oref=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-russia-bitcoin.html?
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.185.230 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s53-in-f6.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 37ms
36ms Image
image/gif 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=565540462&t=event&ni=1&_s=1&dl=http%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-russia-bitcoin.html&dr=https%3A%2F%2Ft.co%2F&ul=en-us&de=UTF-8&dt=Companies%20Linked%20to%20Russian%20Ransomware%20Hide%20in%20Plain%20Sight%20-%20The%20New%20York%20Times&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=gateway&ea=impression&el=MAG_web_nonsub_all_monthly-sale&ev=0&_u=aAjAAEABAAAAAC~&jid=&gjid=&cid=967870906.1639396785&tid=UA-58630905-2&_gid=1640423484.1639396785&gtm=2wgc10P528B3&cg1=world&cg2=europe&cg3=article&cg4=news&cd1=http%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-russia-bitcoin.html&cd2=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-russia-bitcoin.html&cd3=&cd4=World&cd9=9&cd10=t.co&cd12=Europe&cd13=twitter&cd14=international_desk&cd15=earned&cd16=social&cd17=100000008088026&cd18=Andrew%20E.%20Kramer&cd19=Companies%20Linked%20to%20Russian%20Ransomware%20Hide%20in%20Plain%20Sight&cd20=&cd21=Article&cd23=World&cd25=Europe&cd26=2021&cd27=2021-12-06-05&cd28=Monday&cd29=05&cd30=2021-12-08T16%3A36%3A06.336Z&cd32=World%20News%2CEurope&cd33=SECTION%2CSECTION&cd34=NEWS&cd36=06russia-crypto&cd37=1354&cd38=Foreign&cd42=nyt-vi&cd43=Computer%20Security%2CVirtual%20Currency%2CExtortion%20and%20Blackmail%2CPolitics%20and%20Government%2CCyberwarfare%20and%20Defense%2CCyberattacks%20and%20Hackers%2CUnited%20States%20International%20Relations&cd44=Federation%20Towers%20(Moscow%2C%20Russia)&cd46=Moscow%20(Russia)%2CRussia&cd48=December&cd49=long_1200_1600&cd51=nyt-vi&cd52=&cd53=Foreign&cd54=international_desk&cd55=0&cd56=anon&cd57=0&cd58=0&cd59=&cd60=&cd61=0&cd63=6kCoXhmVSCId28dnSy57eB&cd65=anon&cd67=0&cd95=&cd122=&cd123=&cd124=&cd125=&cd126=&cd127=&cd129=NaN&cd135=&cd139=&cd141=&cd142=&cd162=&cd163=&cd164=6kCoXhmVSCId28dnSy57eB&z=1217959120

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 02:52:24 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 32842
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 dc_pre=CKbh0Pjc4PQCFY3CGwodbKQEAg;src=5290727;type=remar0;cat=gatew0;ord=1;num=6318873376168;gtm=2wgc10;auiddc=*;u17=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-rus...
adservice.google.com/ddm/fls/z/ Frame 8D4E 42 B
63 B 82ms
81ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CKbh0Pjc4PQCFY3CGwodbKQEAg;src=5290727;type=remar0;cat=gatew0;ord=1;num=6318873376168;gtm=2wgc10;auiddc=*;u17=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-russia-bitcoin.html;ps=1;~oref=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-russia-bitcoin.html

Requested by

Host: 5290727.fls.doubleclick.net
URL: https://5290727.fls.doubleclick.net/activityi;dc_pre=CKbh0Pjc4PQCFY3CGwodbKQEAg;src=5290727;type=remar0;cat=gatew0;ord=1;num=6318873376168;gtm=2wgc10;auiddc=1599891822.1639396785;u17=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-russia-bitcoin.html;ps=1;~oref=https%3A%2F%2Fwww.nytimes.com%2F2021%2F12%2F06%2Fworld%2Feurope%2Fransomware-russia-bitcoin.html?

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://5290727.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 11:59:46 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 2AB2 42 B
64 B 72ms
72ms Fetch
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjst9XGMqbro1wd7I9GS6OrDOAviD9RVVCDvWQRCZawdsqgdd4oIwVBPHcWvsIVK6owcfjptpgk-x3JuxGEGMyyi5sTWY1uzG0eCaHpI_Xo_zVQqzhjBl&sig=Cg0ArKJSzNrU4R4dcKTlEAE&id=lidar2&mcvt=1003&p=93,0,367,1600&mtos=1003,1003,1003,1003,1003&tos=1003,0,0,0,0&v=20211202&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=7&adk=1524529580&rs=4&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1639396785043&rpt=405&isd=0&lsd=0&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d7f8afbfe0cd30279dccb3cfbd3c8c42.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 11:59:46 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 751C 13 KB
5 KB 39ms
39ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
date: Mon, 13 Dec 2021 11:32:20 GMT
expires: Tue, 13 Dec 2022 11:32:20 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 1646
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 3039 783 B
1 KB 155ms
71ms Document
text/html 2a00:1450:4001:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

1b1e656f99a2dd798015e10c247a7bf309ea26464915ca627772dd93635075ff

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-0+sqNbLLSkLAecxdqd+uoQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Mon, 13 Dec 2021 11:59:46 GMT
date: Mon, 13 Dec 2021 11:59:46 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-0+sqNbLLSkLAecxdqd+uoQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 510
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 EnZy1JEvhtfL3qsMHM2VNqoz8zWnsWCdOjk5wdd4Ig4.js Show response
pagead2.googlesyndication.com/bg/ Frame 751C 35 KB
13 KB 40ms
39ms Script
text/javascript 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/EnZy1JEvhtfL3qsMHM2VNqoz8zWnsWCdOjk5wdd4Ig4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

sffe /

Resource Hash

127672d4912f86d7cbdeab0c1ccd9536aa33f335a7b1609d3a3939c1d778220e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 06:25:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 20029
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13555
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 19:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 13 Dec 2022 06:25:57 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 3039 0
0 80ms
79ms Image
text/html 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2021120601&jk=4017473846007474&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s48-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 74ms
74ms Image
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2021120601&jk=4017473846007474&bg=!3d6l3prNAAZKWFskSlg7ACkAdvg8Wshp5czo3inUYVOcz59O7Cyw2yFAwJKK7OkudDLWEHGssq0v0AIAAABbUgAAAAdoAQcKAFC2nFjMGPCCh4Q8ySfYe9MMiyT31epAni57hZ6qjPyKuD_AE8ueN4Bvk7OTKXjuaOEKfz-v_cFoD1_O6zULUFhdcS9L7fN6viAjiwtr8dWTDJkCvEnWaMeA_QmoCUDTt-5gCO3b4mJX_e4FGaUFL_XbgCxfZrkGR3iyerNJk49CjdYSZzzXtw_oGoVJ4zYQFgjSiLTappEIHA-uqE12hreQmjG4K7dQ2MvOubcjkrTC3tlPWtiWz6eDj3yfY4bPWIcA1g2LyHH7XRSxhB9ruXyv6VO-5NF9Wd1__4b5xu8dzgZB1AHat9aXzQjWX8o51lwgbwIlaNTFdt3zkB6eipeQkm-frAltL0YmBzTQI6UIR0gMPrSDpACXurZAbwwKv9V79FHd47VMjzsYppi3ftb7k4BCFB43FjJzoeVgNqHJTZHMwxRUCKjcHNBeHu4drVHG4lb1fZ_t9g9ahF6RkUVn7WomZDExzpRn8RmhUgelDRCBWr0uIcKxAL9HN28N46IdfFR3UXv7aoDDWhCFHygzu-Tzf6AKvHSBcnHqhHDO8Xqwo8DX4kUMSy6AaGN8SX-jFP0V5sVVXcQbG0cRFdCCtucMoJzTGAe_OnmjcFl9DOumnWURljKymkQyOs_fmF1HRWmCrcTQ0OJ06y8eVnGOwhU1gqNx1EfvADr6ixIkq0KcyiObdG_BU2aIWJLPxq5uh0jlZFW9ZtfI3OJ7Y8-4XBNlE9y6T7ChIkzMYGZAEwV_UTbowIi-jK0OQb9JOoTlVAkAGIz31X2ENvAlOcDojZoPdEianMFbQQz5Kx4eqmaRg6bPrmiGe_zEhTtYS0P5GxqdkmGl6akDVfqRwsAHnCCe8GwLuoB5BfALd2ZnNSdHy9SNyH1aEvo-OhTiFKMdt1_M4WF9LEvIvaPRNvfRVpoDQg08UbBQEy38RR5KY8Sh-4YROcNpRwAzacCmIYZ6Cm5W5U14ftwHm91lI5hBuiSkCvzILJkMe1L-YKQtHHH63iA36qw4KfnPrxf6RJXAeU_liKcK_OW6PxbLInI

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 11:59:47 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 track
a.et.nytimes.com/ 0
0 141ms
141ms Ping
application/json 2a00:1450:4001:809::2013
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://a.et.nytimes.com/track
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:809::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.nytimes.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Verdicts & Comments Add Verdict or Comment

147 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

33 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.t.co/	1970-01-20 16:54:28	Name: muc Value: f85f1947-28d9-4060-a8e7-8a6bb9b1500c
.t.co/	1970-01-20 16:54:28	Name: muc_ads Value: f85f1947-28d9-4060-a8e7-8a6bb9b1500c
.nytimes.com/	1970-01-20 08:08:52	Name: nyt-a Value: 6kCoXhmVSCId28dnSy57eB
.nytimes.com/	1970-01-19 23:23:38	Name: nyt-gdpr Value: 1
.nytimes.com/	1970-01-20 08:08:52	Name: nyt-purr Value: cfhspnahhudn
.nytimes.com/	1970-01-19 23:23:38	Name: nyt-us Value: 0
.nytimes.com/	1970-01-19 23:23:38	Name: nyt-geo Value: DE
.nytimes.com/	1969-12-31 23:59:59	Name: nyt-b3-traceid Value: f45fde83d78c4e87903a939efc68171a
.et.nytimes.com/	1970-01-19 23:23:18	Name: sessionActive Value: true
.et.nytimes.com/	1970-01-20 08:08:52	Name: sessionIndex Value: 1\|1639396783496\|6kCoXhmVSCId28dnSy57eB\|1639396783496
.et.nytimes.com/	1970-01-19 23:24:43	Name: et-ppvid Value: https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html=x-E64bIrQ0Uat7SadDwO1OXa
.google.com/	1970-01-20 03:46:47	Name: NID Value: 511=mjm4gf1-WpTHGhSDxfQAbECe-rNTZ6vMWS7TcyrN1Y0QUxs4B53VWtX_tDXKJIn0KRyhV96609mDHqjS6XwSH_mYCNmT8U1_sQttGk5DVpgDyRMUSCRLKXCJEHV57ZyEI9lVyjKKN4yelrvu6gyVEwHkxw113dyI3fIS3K2sFJ8
.nytimes.com/	1970-01-21 19:12:43	Name: nyt-m Value: 1E4E7C917894B9DEE6A95727466204D0&s=s.core&fv=i.0&imu=i.1&ifv=i.0&t=i.1&er=i.1639396784&ird=i.0&iir=i.0&pr=l.4.0.0.0.0&iru=i.1&ira=i.0&uuid=s.60eea1b3-07d4-404d-8cb5-e00d35d05904&ft=i.0&prt=i.0&ier=i.0&iga=i.0&igf=i.0&e=i.1641027600&v=i.0&rc=i.0&vp=i.0&n=i.2&cav=i.1&igd=i.1&g=i.1&iue=i.0&ica=i.0&iub=i.0&imv=i.0&vr=l.4.0.0.0.0&igu=i.1
.nytimes.com/	1970-01-19 23:23:59	Name: edu_cig_opt Value: %7B%22isEduUser%22%3Afalse%7D
.a.nytimes.com/	1970-01-20 08:08:52	Name: jkidd-p Value: prevPage=&currPage=
.nytimes.com/	1970-01-19 23:23:59	Name: b2b_cig_opt Value: %7B%22isCorpUser%22%3Afalse%7D
.nytimes.com/	1970-01-20 08:52:46	Name: purr-cache Value: <K0<r<C_<G_<S0
.nytimes.com/	1970-01-20 01:32:52	Name: _gcl_au Value: 1.1.1599891822.1639396785
.nytimes.com/	1970-01-20 08:08:52	Name: datadome Value: .AzZ0abEhy~H7zpOYw5XA2m7HMt.TuRiQDTChUeHDD8Joe-u8C1Rf6nlLJHSPTDG0Mc9RHC50rLVWNnJFSU62FYDW2eD_q68lL9HcIR6tlCQfz5wOO6AVGYY4mHU25Ey
.nytimes.com/	1970-01-20 08:44:52	Name: __gads Value: ID=1ca8db4d68c9f86f-22657b7c05cd00a4:T=1639396784:S=ALNI_Mb40PUFfqamxS6Ldjgty42O8LxVvg
www.nytimes.com/	1970-01-20 08:52:04	Name: _cb_ls Value: 1
www.nytimes.com/	1970-01-20 08:52:04	Name: _cb Value: CsJM0G2wzJUDRKiiU
www.nytimes.com/	1970-01-20 08:52:04	Name: _chartbeat2 Value: .1639396785064.1639396785064.1.D5X7wBY70UEXub94C8Q_W8CrY5kA.1
www.nytimes.com/	1970-01-19 23:23:18	Name: _cb_svref Value: https%3A%2F%2Ft.co%2F
.nytimes.com/	1970-01-20 16:54:28	Name: walley Value: GA1.2.967870906.1639396785
.nytimes.com/	1970-01-19 23:24:43	Name: walley_gid Value: GA1.2.1640423484.1639396785
.nytimes.com/	1970-01-19 23:23:16	Name: _gat_UA-58630905-2 Value: 1
.doubleclick.net/	1970-01-20 08:44:52	Name: IDE Value: AHWqTUm9y1cbynDBaVamaaJyvlsjGspCrx1Kk1jIW2AddZGDLBKsn6mjKHBGkktbwv0
.nytimes.com/	1970-01-19 23:33:21	Name: RT Value: "z=1&dm=nytimes.com&si=16795021-e0cf-4a2b-8945-5c3561a146bb&ss=kx4milof&sl=1&tt=1vo&bcn=%2F%2F684dd32c.akstat.io%2F&ld=1vq"
.nytimes.com/	1970-01-19 23:32:19	Name: nyt-cmots Value: eyJmcmVxdWVuY3kiOnsiMjg2NTI1OTkzIjp7ImlubGluZVVuaXQiOnsiZiI6MSwicyI6MSwiZmMiOjE2MzkzOTY3ODUsInNjIjoxNjM5Mzk2Nzg1LCJjYSI6MTYzOTM5Njc4NX19fX0=
.a.nytimes.com/	1969-12-31 23:59:59	Name: jkidd-s Value: referrer=https%3A%2F%2Ft.co%2F&landing=&start=1639396784399&isNew=0&pageIndex=2
.nytimes.com/	1970-01-20 08:08:52	Name: nyt-jkidd Value: uid=0&lastRequest=1639396786072&activeDays=%5B0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C1%5D&adv=1&a7dv=1&a14dv=1&a21dv=1&lastKnownType=anon
.nytimes.com/	1970-01-23 14:59:16	Name: iter_id Value: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhaWQiOiI2MWI3MzViMjkxOWU1MjAwMDFmZmE4ZGYiLCJjb21wYW55X2lkIjoiNWMwOThiM2QxNjU0YzEwMDAxMmM2OGY5IiwiaWF0IjoxNjM5Mzk2Nzg2fQ.MPDhyBB5N0GyK-shAOfuQzY_eCAKDMmqGtKQdjCEfJ8

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	(Line 6) Message: This document requires 'TrustedScript' assignment.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=0
X-Xss-Protection	0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

5290727.fls.doubleclick.net
684dd32c.akstat.io
a.et.nytimes.com
a.nytimes.com
a1.nyt.com
ad.doubleclick.net
adservice.google.com
adservice.google.de
als-svc.nytimes.com
c.go-mpulse.net
cdnjs.cloudflare.com
d7f8afbfe0cd30279dccb3cfbd3c8c42.safeframe.googlesyndication.com
dd.nytimes.com
fonts.gstatic.com
g1.nyt.com
insight.adsrvr.org
iteratehq.com
meter-svc.nytimes.com
mwcm.nyt.com
mwcm.nytimes.com
myaccount.nytimes.com
news.google.com
pagead2.googlesyndication.com
platform.iteratehq.com
play.google.com
pnytimes.chartbeat.net
purr.nytimes.com
s.go-mpulse.net
samizdat-graphql.nytimes.com
securepubads.g.doubleclick.net
static.chartbeat.com
static01.nyt.com
t.co
tpc.googlesyndication.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.nytimes.com
104.244.42.133
142.250.185.230
142.250.185.66
143.204.209.60
151.101.1.164
151.101.193.164
2600:9000:2057:a800:18:1fcd:34f:cdc1
2606:4700:3032::ac43:c7c7
2606:4700::6810:125e
2a00:1450:4001:803::2002
2a00:1450:4001:809::200e
2a00:1450:4001:809::2013
2a00:1450:4001:80e::2003
2a00:1450:4001:80e::2004
2a00:1450:4001:80f::2001
2a00:1450:4001:80f::2008
2a00:1450:4001:80f::200e
2a00:1450:4001:813::200e
2a00:1450:4001:827::2002
2a00:1450:4001:828::2002
2a00:1450:4001:82a::2002
2a00:1450:4001:82f::2001
2a00:1450:4001:82f::2003
2a02:26f0:6c00:1bb::11a6
2a02:26f0:6c00:287::11a6
3.232.21.183
3.33.220.150
35.241.35.241
35.244.188.62
058c064e8d4d0a17b6f5042e7e20d7070e49b7db5c2d99471dcb7b4c12a82335
078a5d6e227e8d58076090356e2b36a3999c610e88ca735fe3eceeeb72a4477c
08dac0b3be1c3a38d242a18b60ab6e7f2c26ff2efe4f007a02f4a84fce140f7a
09ebd7f407439990aac227e70da23e1a819e8e30282928e324370805f480bec4
0a441c4f1b90c992eacea5aa9ed1f7143c5e0ca315d26edcc3468ce5ea61e03a
0a7a887d533ad0924d44fa17cf8184f3c9a09c83ed76cf7759f0f2a21ca78745
0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5
0f5e453ef60b9f204a6fba9d03ffb668d15da5f30298848f98cd51e828166008
10f51ec4f0a98cd1d62c5683cfd1a301a50ad9160e65567c41116a3735066590
127672d4912f86d7cbdeab0c1ccd9536aa33f335a7b1609d3a3939c1d778220e
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
128921b242c2b1953c2a1691cfd681f716ecbe620ec1a2424a644b9487c23760
13cad5d2aa60f7e2ed1c5439addc8a741567b8289801208e1c55024b22e0d5b9
156f9b4a184dd0f31c929ce45c89e94a07148f97fc371cc7fde39ff04b706b57
16eac1eb2aae66e8bab630958963fabc35cff3ca7935d724c0de9c5ab32299c4
182331bf2d6618498776e7ea1d47fea5bc968c4ebcc0de38e1b2129f610b28e6
188ddfbd61938b815f68a545789428142a6b63b35caa7f3f754213cd599d7de1
1907478e8fa62801a1db26be87cab0755288131c9c8e80320582e560825df3cc
1a48c22120ff01abb38156633970addec986b69af1e59bfaf9b8abb6673f78c7
1a4921877a651d0873db28503f132aed42da17b71b686c676d5067d239b1e389
1b1e656f99a2dd798015e10c247a7bf309ea26464915ca627772dd93635075ff
1b4b64fc71bff598417774212237b15c6549efd8bed284470c13fa61a44b0cd1
1c7536005d0e28de66f559cbd59e83e9c5c4301553668cbbb8cb0dfa753e33c6
1fe37d55e6324e8660e627fdf1cd545c9a84f80963bc07f3a564434043650a09
22914401a72d2d5ca9aacdeca9684fa2e3fe398525412d0af423b8cdaeaf0534
254043432874ecaf0cf3d6d69907109b373057290d615453060544935d1cb8b9
2a4a53d519f1aa9785a22ebaa1028231d4c98b09e43913b3961bfafbc179e5e5
2baf56bae11b995d7324ebc2c565fc5c926fa1ec45cc935fbefc2ce3c8b1c99c
2ccd0ce11738369585c6f39ed2cde7b3b3b1c25c12fc30047218aa201d6add76
2cf2c5d7d5cdbee916b1b7fb89d3b1c8cdeb6e4a7ef38b5e8587a212680a0b54
2d5ae5a515a688823dc98d032242c2ed6f490a74c4281bdd599567898f9fa675
2e2ad92498142b965c76de6bb7df97f643c1700f52ea07d6c0849e8e1fb89d81
2f47ff8da9a9b9653550fc51c1872488a976e20da51dba25dfe4c8760dcda068
2f5d546bccb6374ad954bfdb8570732acfa4ff863ac746d3211a98cd07163b53
366f915facc62f8768af9c1355ad813f768c62ba234ab31838f0cf66c512ce9e
382754535c8544a1771a47b0f27d04402334c75c0b83cb0b18d88b20e271e3ab
3aa02381c78552ebedd8c76d29316a4d76c6c483af0683f00f8ed8bf37db47c7
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
3f4b118408ab37557b01bca242d1e378358267b85a5c7c9e77b77cde7549a23a
40f69deed3d79f37aafa198fa69fc8fdd6a5e780d334b984d18768099ac8d235
4142d2af7092b4bb722b1ecb413d58dad69806b08e6d4af909260acb2d9f33f6
4167c604ee5a719f314eebb2329408b3ea76d3e72d09e113f155435e62444d1b
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4480a115e7a5fb372866a640bde21c6f108061985cfd7c2a55ef80d7087ab2bc
44ce733e1c9cedefd832ff0b571555695fb7f8dbff7a066d3de45c446e44bb45
47b2fb04e8cdc57ea139d2f73080b5e330949d02b93df500a8e18f5db9cb2dc0
48c17df8a89e5c3acb4127a265cce50218716f0dfdf7ad265267d4a013f01b2f
4f837869b80c34ed1a128362a6ed24ff5ebdae743dc55eb3c183ae9c8b5f4ca3
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358
50355741f769814c4013442a54e5735c5e1ee9e80728a214e5a02b74f9b42b39
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
52626d4fd13a1b43d6ac2bf38df0aa331038b36fd5fcf283234645aef88ce7d5
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
68414970e5ebeed5b7e4c413985c9e66ff415c493afc4bf8e64ed24467a14344
68f5cc8b3caddfc14bceb8de47169b489dc76ab737109ef756a2157fa076db18
6980dd89438ca9eddd7b94b191e66619511bc01e3a03af49a8c331ccc5d56d54
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6de706923eaa7411b5bc9dfcc2de58c8950a85454fc1aa386f3537b19f861d5a
6fff2bb01836a52004ece484b97797926280251ccaed72db384f16a7644d4764
7080e939b330842f1fc31607f4674bb91cd9f2f464e4419498879f8b96d6927b
772cff71c9dab63854ecbe8dcd3c1b729b8069d77a6a9034418c5bc59d5e7d69
79cf7cca0db1ba5d1bc43af23c5d7271bc7bcec1e00b542020ea2dc7858ca826
7e600a56d48ef1c596bf57dab35afecd2d31a8d2672b045efdde1fec1a0f0f07
8120836e74f96cd2d68bd50fb40a7d6757706a50bfc5239fba90e18eab6666de
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48
8aa1e610b22079cb84a89491850b86860036e3f2c9750a367d839b9a6a63d306
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8fbac64874e4c3d8ab829798f73a3f4ad05a5ac15d22be98b881d422b3b4f5fe
937668ac3baaf6f3790bb27fa004f7b1b2e066a3af73fafce4c4b13cd791dc10
95bc30ee747b5f6aaa020d0848cd4390c346156e7103906bf0bb273147b632af
9d51ac4fb9a42858c112a239bc1c476768a84b92142c0d5707e649c2d40d8549
9d9130b60b62cb531727fd072a625dea5826ab103aa34b8732041b6f8294c4fc
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a7baa007c35a2be99bbefd42c149d7bf7d6b38268c7873193d497a08404fe112
a8a2179c51efda9e02ef253bcefea84a74a813c62ca60165d91bd707474a7eb7
aea4c0a69a5031a72beb36f9a490e636e4ec963c9641bafc7115d332ec92467d
b02c669cd6cf720664d426f5290182289d027972a6324725019a83b20b97ca69
b32e3879c83af441e675efa49587cb894bdd3c10420475f79879fbfb7a69766b
b45fdb69078249f3ead41d9bd124dd3bb1f49f67ad36e50c9c045365249dd4ee
b6c3cebe16410a231e7cce2f2377fc4f504b51e29b0c6e326b6779c41b1e94a0
bd7dc480d00cbcff9d222504dff438f974318b9d961f5c173493699cd28d37f2
c0ec4afe344c086bc95ae4593c092460b527a5a5c0704e1c05cef34b2b648000
c3363f82312c2514717ed922f2bc6ee67b2292f98f7acd5ef5b1c677b56b497e
c6b1e37c6bf38315dc5e1e0cd1674891c65291ee994238884e64f299f0d35eff
c9ecff36f11833ac5b741e8348a8a80eb5cad243c45bd857ba92202a8e5451e4
ca2c526397c805f1ebe50aef75409bc359bd1dc6d403882ef0c5bc6c42aa3742
caf90d615d21d458627834cc1b5ab04a110fd20512e9e6a0fd694d96dbcfd7e4
ce9e7c3b2f350d3cbf09d888f5d9c2d9f9265511f9cb22741fc2c305c1f23d28
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d09b7b0c955ad436b296c77df5c697479e1ca306619ba3e065fcc9a1342bcc7f
d235eb0212f0976902abc5692d266dec4b494c4b7406030c564c2728f6af5648
d83bd9a2542476babd25f8273b27cf868604c0b9c2051a473f272b528a39f9dd
e0176d88d71adf58cc9e76c0bbc1fb1ad091a7d7e058ff82e5d9fb50618e8ba1
e2c28f3e8b6a2e5170859e67cff3e8240e6b888d02005306ef3d2129f5cbd74c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e444fdaa833e612d239cf21a335b8322ad8cb7c7ba697ec978bdb454f5059519
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f22a0b77826e19285bf8c13746bc95b4004cea07758517f93670038aaf297e68
f2b4a00964fa4dd1a82d88defe013cd4001df72f037764ac619af0945e2e322e
f348468a5b39755c98091989fdafd4be48ccdbfaf75273cd4fd87333e43a7fda
fa62493565e278323699c3ad190faf7c068564196891e60af4ca1d4beb689e87
fc0f249f5d8445b6c03862ff760934321256d62c0d6fd9bb615fe2c73c6fed0d

www.nytimes.com Open in urlscan Pro 151.101.1.164 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

153 Requests

99 %HTTPS

66 %IPv6

18 Domains

40 Subdomains

30 IPs

2 Countries

4423 kBTransfer

10789 kBSize

33 Cookies

18 Outgoing links

Page URL History

Redirected requests

153 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.nytimes.com Open in urlscan Pro
151.101.1.164 Public Scan

Screenshot
Live screenshot

Full Image

153
Requests

99 %
HTTPS

66 %
IPv6

18
Domains

40
Subdomains

30
IPs

2
Countries

4423 kB
Transfer

10789 kB
Size

33
Cookies

153 HTTP transactions
1 data transactions