www.afr.com Open in urlscan Pro
2a04:4e42:600::645 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4
Submission: On August 18 via manual (August 18th 2021, 11:01:01 am UTC) from AU

Summary HTTP 262 Redirects Links 24 Behaviour Indicators

Summary

This website contacted 71 IPs in 10 countries across 59 domains to perform 262 HTTP transactions. The main IP is 2a04:4e42:600::645, located in United States and belongs to FASTLY, US. The main domain is www.afr.com.
TLS certificate: Issued by COMODO RSA Organization Validation Se... on April 22nd 2021. Valid for: 5 months.

This is the only time www.afr.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
42	2a04:4e42:600... 2a04:4e42:600::645	54113 (FASTLY) (FASTLY)
1	2a02:26f0:6c0... 2a02:26f0:6c00:2a8::13b8	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a00:1450:400... 2a00:1450:4001:828::2008	15169 (GOOGLE) (GOOGLE)
1	2600:9000:215... 2600:9000:2156:7600:10:2964:9d00:21	16509 (AMAZON-02) (AMAZON-02)
6	142.250.181.226 142.250.181.226	15169 (GOOGLE) (GOOGLE)
6	2a03:2880:f01... 2a03:2880:f01c:216:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	13.224.96.116 13.224.96.116	16509 (AMAZON-02) (AMAZON-02)
1	2a02:26f0:6c0... 2a02:26f0:6c00:2bd::25ea	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a02:26f0:6c0... 2a02:26f0:6c00:2ae::3adf	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	138.201.125.235 138.201.125.235	24940 (HETZNER-AS) (HETZNER-AS)
1 3	54.246.201.247 54.246.201.247	16509 (AMAZON-02) (AMAZON-02)
6	2600:9000:219... 2600:9000:2190:9800:2:42d9:3100:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:215... 2600:9000:2156:b000:7:3896:c640:93a1	16509 (AMAZON-02) (AMAZON-02)
4	3.24.38.18 3.24.38.18	16509 (AMAZON-02) (AMAZON-02)
2	2606:2800:234... 2606:2800:234:59:254c:406:2366:268c	15133 (EDGECAST) (EDGECAST)
1	2606:2800:233... 2606:2800:233:66b5:799a:7cd3:f74d:7071	15133 (EDGECAST) (EDGECAST)
1	158.101.192.251 158.101.192.251	31898 (ORACLE-BM...) (ORACLE-BMC-31898)
3	2.18.235.40 2.18.235.40	16625 (AKAMAI-AS) (AKAMAI-AS)
2 2	2620:119:50e4... 2620:119:50e4:101::6cae:b55	14413 (LINKEDIN) (LINKEDIN)
1 1	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	108.174.10.14 108.174.10.14	14413 (LINKEDIN) (LINKEDIN)
1	13.224.96.63 13.224.96.63	16509 (AMAZON-02) (AMAZON-02)
1	13.224.96.12 13.224.96.12	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:215... 2600:9000:2156:d000:1e:a43d:b640:93a1	16509 (AMAZON-02) (AMAZON-02)
2	13.238.169.139 13.238.169.139	16509 (AMAZON-02) (AMAZON-02)
4	2a00:1450:400... 2a00:1450:4001:80f::200e	15169 (GOOGLE) (GOOGLE)
4 4	172.217.23.102 172.217.23.102	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
1	142.250.185.198 142.250.185.198	15169 (GOOGLE) (GOOGLE)
1 15	18.203.33.226 18.203.33.226	16509 (AMAZON-02) (AMAZON-02)
2	23.21.180.34 23.21.180.34	14618 (AMAZON-AES) (AMAZON-AES)
1	13.224.95.38 13.224.95.38	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
14	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	35.179.78.10 35.179.78.10	16509 (AMAZON-02) (AMAZON-02)
1	54.171.168.191 54.171.168.191	16509 (AMAZON-02) (AMAZON-02)
1	15.188.95.229 15.188.95.229	16509 (AMAZON-02) (AMAZON-02)
2	63.32.159.255 63.32.159.255	16509 (AMAZON-02) (AMAZON-02)
2	54.252.144.234 54.252.144.234	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:808::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:809::2001	15169 (GOOGLE) (GOOGLE)
1	104.244.42.200 104.244.42.200	13414 (TWITTER) (TWITTER)
1	54.144.144.142 54.144.144.142	14618 (AMAZON-AES) (AMAZON-AES)
1	2a00:1450:400... 2a00:1450:400c:c08::9c	15169 (GOOGLE) (GOOGLE)
3 3	37.252.172.45 37.252.172.45	29990 (ASN-APPNEX) (ASN-APPNEX)
1	2600:9000:215... 2600:9000:2156:c200:1d:667e:2a40:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:809::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82f::2003	15169 (GOOGLE) (GOOGLE)
1 1	2001:678:cb4:... 2001:678:cb4:bbbb::13	56396 (TURN) (TURN)
1 2	69.173.144.139 69.173.144.139	26667 (RUBICONPR...) (RUBICONPROJECT)
2 2	2.18.233.180 2.18.233.180	16625 (AKAMAI-AS) (AKAMAI-AS)
3 3	142.250.185.66 142.250.185.66	15169 (GOOGLE) (GOOGLE)
4 4	151.101.14.49 151.101.14.49	54113 (FASTLY) (FASTLY)
1 1	44.192.36.55 44.192.36.55	14618 (AMAZON-AES) (AMAZON-AES)
1 1	3.230.12.180 3.230.12.180	14618 (AMAZON-AES) (AMAZON-AES)
8 12	2.18.234.21 2.18.234.21	16625 (AKAMAI-AS) (AKAMAI-AS)
2 2	3.124.210.90 3.124.210.90	16509 (AMAZON-02) (AMAZON-02)
1 1	212.82.100.182 212.82.100.182	34010 (YAHOO-IRD) (YAHOO-IRD)
5 20	142.250.185.226 142.250.185.226	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
1	2a03:2880:f11... 2a03:2880:f11c:8083:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
4	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:812::2001	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:827::2004	15169 (GOOGLE) (GOOGLE)
34	2a00:1450:400... 2a00:1450:4001:830::2006	15169 (GOOGLE) (GOOGLE)
18	2a00:1450:400... 2a00:1450:4001:801::2002	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:800::2001	15169 (GOOGLE) (GOOGLE)
4	142.250.186.34 142.250.186.34	15169 (GOOGLE) (GOOGLE)
1	2a03:2880:f01... 2a03:2880:f01c:8004:face:b00c:0:8c	32934 (FACEBOOK) (FACEBOOK)
2 2	18.194.125.59 18.194.125.59	16509 (AMAZON-02) (AMAZON-02)
1 1	172.105.232.22 172.105.232.22	63949 (LINODE-AP...) (LINODE-AP Linode)
2 2	193.232.148.148 193.232.148.148	48061 (UMA-TECH-AS) (UMA-TECH-AS)
1 1	34.204.19.158 34.204.19.158	14618 (AMAZON-AES) (AMAZON-AES)
1 1	52.48.144.237 52.48.144.237	16509 (AMAZON-02) (AMAZON-02)
4 4	217.66.147.170 217.66.147.170	29209 (SPBMTS-AS...) (SPBMTS-AS Malaya Monetnaya Street 2-A)
2 2	213.87.44.187 213.87.44.187	13174 (MTSNET Mo...) (MTSNET Moscow)
1	76.223.111.131 76.223.111.131	16509 (AMAZON-02) (AMAZON-02)
1	34.96.105.8 34.96.105.8	15169 (GOOGLE) (GOOGLE)
2 2	72.251.244.141 72.251.244.141	29791 (VOXEL-DOT...) (VOXEL-DOT-NET)
2 2	35.227.252.103 35.227.252.103	15169 (GOOGLE) (GOOGLE)
2 2	18.156.0.31 18.156.0.31	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:831::200a	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:812::2003	15169 (GOOGLE) (GOOGLE)
2	52.72.27.138 52.72.27.138	14618 (AMAZON-AES) (AMAZON-AES)
2	104.17.209.240 104.17.209.240	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:219... 2600:9000:2190:7a00:18:1fcd:34f:cdc1	16509 (AMAZON-02) (AMAZON-02)
1	34.199.126.245 34.199.126.245	14618 (AMAZON-AES) (AMAZON-AES)
1	18.184.201.8 18.184.201.8	16509 (AMAZON-02) (AMAZON-02)
2 2	13.248.245.213 13.248.245.213	16509 (AMAZON-02) (AMAZON-02)
1 1	52.206.55.189 52.206.55.189	14618 (AMAZON-AES) (AMAZON-AES)
1	52.209.186.116 52.209.186.116	16509 (AMAZON-02) (AMAZON-02)
1	2600:1f18:659... 2600:1f18:6593:f608:78e4:ddc4:e083:81a6	14618 (AMAZON-AES) (AMAZON-AES)
262	71

42 2a04:4e42:600::645 (United States)

ASN54113 (FASTLY, US)

www.afr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
static.ffx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
api.afr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00:2a8::13b8 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

cdn.optimizely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2156:7600:10:2964:9d00:21 (United States)

ASN16509 (AMAZON-02, US)

d2uhnetoehh304.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.181.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ade.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a03:2880:f01c:216:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.96.116 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-96-116.zrh50.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00:2bd::25ea (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00:2ae::3adf (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

sjs.bizographics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 138.201.125.235 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.235.125.201.138.clients.your-server.de

static-au.plista.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 54.246.201.247 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-246-201-247.eu-west-1.compute.amazonaws.com

secure-au.imrworldwide.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
secure-dcr.imrworldwide.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2600:9000:2190:9800:2:42d9:3100:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn-gl.imrworldwide.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2156:b000:7:3896:c640:93a1 (United States)

ASN16509 (AMAZON-02, US)

adc-js.nine.com.au	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 3.24.38.18 (Sydney, Australia)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-24-38-18.ap-southeast-2.compute.amazonaws.com

i.ffx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:2800:234:59:254c:406:2366:268c (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:2800:233:66b5:799a:7cd3:f74d:7071 (United States)

ASN15133 (EDGECAST, US)

platform.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 158.101.192.251 (Amsterdam, Netherlands)

ASN31898 (ORACLE-BMC-31898, US)

fairfaxmedia.gscontxt.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2.18.235.40 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-235-40.deploy.static.akamaitechnologies.com

z.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
px.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:119:50e4:101::6cae:b55 (United States) 2 redirects

ASN14413 (LINKEDIN, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:21::14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.174.10.14 (United States)

ASN14413 (LINKEDIN, US)
PTR: 108-174-10-14.fwd.linkedin.com

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.96.63 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-96-63.zrh50.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.96.12 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-96-12.zrh50.r.cloudfront.net

vars.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2156:d000:1e:a43d:b640:93a1 (United States)

ASN16509 (AMAZON-02, US)

secure-gl.imrworldwide.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.238.169.139 (Sydney, Australia)

ASN16509 (AMAZON-02, US)
PTR: ec2-13-238-169-139.ap-southeast-2.compute.amazonaws.com

l.ffx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:80f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 172.217.23.102 (United States) 4 redirects

ASN15169 (GOOGLE, US)
PTR: mil04s23-in-f102.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.198 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f6.1e100.net

6633783.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 18.203.33.226 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-203-33-226.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.21.180.34 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-23-21-180-34.compute-1.amazonaws.com

10510523.collect.igodigital.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
nova.collect.igodigital.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.95.38 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-95-38.zrh50.r.cloudfront.net

cdn.parsely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a03:2880:f11c:8183:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.179.78.10 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-179-78-10.eu-west-2.compute.amazonaws.com

mb.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.171.168.191 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-171-168-191.eu-west-1.compute.amazonaws.com

fairfaxau.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 15.188.95.229 (Paris, France)

ASN16509 (AMAZON-02, US)
PTR: ec2-15-188-95-229.eu-west-3.compute.amazonaws.com

fairfaxau.sc.omtrdc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 63.32.159.255 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-63-32-159-255.eu-west-1.compute.amazonaws.com

nd.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.252.144.234 (Sydney, Australia)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-252-144-234.ap-southeast-2.compute.amazonaws.com

adc.nine.com.au	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.ch	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:809::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.200 (United States)

ASN13414 (TWITTER, US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.144.144.142 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-144-144-142.compute-1.amazonaws.com

p1.parsely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c08::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 37.252.172.45 (Frankfurt am Main, Germany) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2156:c200:1d:667e:2a40:93a1 (United States)

ASN16509 (AMAZON-02, US)

gkwfkymfrgeikgjzv2gq2bel5ypbf1629284441.nuid.imrworldwide.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:809::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:678:cb4:bbbb::13 (United Kingdom) 1 redirects

ASN56396 (TURN, GB)

d.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 69.173.144.139 (Frankfurt am Main, Germany) 1 redirects

ASN26667 (RUBICONPROJECT, US)

token.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.18.233.180 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-233-180.deploy.static.akamaitechnologies.com

image5.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.185.66 (United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 151.101.14.49 (Frankfurt am Main, Germany) 4 redirects

ASN54113 (FASTLY, US)

rtd.tubemogul.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
rtd-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 44.192.36.55 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-192-36-55.compute-1.amazonaws.com

sync.adap.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.230.12.180 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-230-12-180.compute-1.amazonaws.com

sync.adaptv.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2.18.234.21 (Frankfurt am Main, Germany) 8 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com

ssum.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.124.210.90 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-124-210-90.eu-central-1.compute.amazonaws.com

ps.eyeota.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 212.82.100.182 (Dublin, Ireland) 1 redirects

ASN34010 (YAHOO-IRD, GB)
PTR: spcms.pbp.vip.ir2.yahoo.com

cms.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 142.250.185.226 (United States) 5 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f11c:8083:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:812::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:827::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

34 2a00:1450:4001:830::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 2a00:1450:4001:801::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:800::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.186.34 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f01c:8004:face:b00c:0:8c (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

ad.atdmt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.194.125.59 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-194-125-59.eu-central-1.compute.amazonaws.com

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.105.232.22 (Tokyo, Japan) 1 redirects

ASN63949 (LINODE-AP Linode, LLC, US)
PTR: li1886-22.members.linode.com

a.c.appier.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 193.232.148.148 (Russian Federation) 2 redirects

ASN48061 (UMA-TECH-AS, RU)
PTR: smtp9.sender.ltmse.com

px.adhigh.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.204.19.158 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-204-19-158.compute-1.amazonaws.com

sync.srv.stackadapt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.48.144.237 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-48-144-237.eu-west-1.compute.amazonaws.com

ads.yieldmo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 217.66.147.170 (St Petersburg, Russian Federation) 4 redirects

ASN29209 (SPBMTS-AS Malaya Monetnaya Street 2-A, RU)
PTR: host-170-147-66-217.spbmts.ru

sm.rtb.mts.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.87.44.187 (Moscow, Russian Federation) 2 redirects

ASN13174 (MTSNET Moscow, Russia, RU)
PTR: infrastructure-187-44.mts.ru

tech.rtb.mts.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 76.223.111.131 (United States)

ASN16509 (AMAZON-02, US)
PTR: a97adde81b00f2ca4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.96.105.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.105.96.34.bc.googleusercontent.com

tr.blismedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 72.251.244.141 (Amsterdam, Netherlands) 2 redirects

ASN29791 (VOXEL-DOT-NET, US)
PTR: tracking-failover-02.ams2.m6r.eu

tracking.m6r.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.227.252.103 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 103.252.227.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.156.0.31 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-156-0-31.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:812::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.72.27.138 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-72-27-138.compute-1.amazonaws.com

errors.client.optimizely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.17.209.240 (United States)

ASN13335 (CLOUDFLARENET, US)

zn1zw3m3dlvzezje2-nineresearch.siteintercept.qualtrics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
siteintercept.qualtrics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2190:7a00:18:1fcd:34f:cdc1 (United States)

ASN16509 (AMAZON-02, US)

static.chartbeat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.199.126.245 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-199-126-245.compute-1.amazonaws.com

ping.chartbeat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.184.201.8 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-184-201-8.eu-central-1.compute.amazonaws.com

pixel.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.248.245.213 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com

dmpsync.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.206.55.189 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-206-55-189.compute-1.amazonaws.com

usermatch.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.209.186.116 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-209-186-116.eu-west-1.compute.amazonaws.com

beacon.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f18:6593:f608:78e4:ddc4:e083:81a6 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

dmp.v.fwmrm.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
41	doubleclick.net 12 redirects securepubads.g.doubleclick.net ad.doubleclick.net 6633783.fls.doubleclick.net stats.g.doubleclick.net cm.g.doubleclick.net googleads.g.doubleclick.net googleads4.g.doubleclick.net	240 KB
37	googlesyndication.com ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com ade.googlesyndication.com	204 KB
34	2mdn.net s0.2mdn.net	1011 KB
29	afr.com www.afr.com api.afr.com	776 KB
19	ffx.io static.ffx.io i.ffx.io l.ffx.io	96 KB
18	demdex.net 1 redirects dpm.demdex.net fairfaxau.demdex.net nd.demdex.net	23 KB
15	facebook.com www.facebook.com	1 KB
12	casalemedia.com 8 redirects ssum.casalemedia.com dsum-sec.casalemedia.com	10 KB
11	imrworldwide.com 1 redirects secure-au.imrworldwide.com cdn-gl.imrworldwide.com secure-gl.imrworldwide.com secure-dcr.imrworldwide.com gkwfkymfrgeikgjzv2gq2bel5ypbf1629284441.nuid.imrworldwide.com	80 KB
7	google.com adservice.google.com www.google.com	886 B
6	mts.ru 6 redirects sm.rtb.mts.ru tech.rtb.mts.ru	5 KB
6	facebook.net connect.facebook.net	310 KB
5	linkedin.com 3 redirects platform.linkedin.com px.ads.linkedin.com www.linkedin.com px4.ads.linkedin.com	64 KB
4	google-analytics.com www.google-analytics.com	21 KB
4	moatads.com z.moatads.com mb.moatads.com px.moatads.com	83 KB
3	gstatic.com fonts.gstatic.com	46 KB
3	googletagservices.com www.googletagservices.com	102 KB
3	yahoo.com 3 redirects cms.analytics.yahoo.com ups.analytics.yahoo.com	3 KB
3	everesttech.net 3 redirects rtd-tm.everesttech.net sync-tm.everesttech.net	925 B
3	adnxs.com 3 redirects ib.adnxs.com	3 KB
3	twitter.com platform.twitter.com syndication.twitter.com	133 KB
3	nine.com.au adc-js.nine.com.au adc.nine.com.au	23 KB
3	hotjar.com static.hotjar.com script.hotjar.com vars.hotjar.com	63 KB
3	optimizely.com cdn.optimizely.com errors.client.optimizely.com	93 KB
2	krxd.net 1 redirects usermatch.krxd.net beacon.krxd.net	528 B
2	3lift.com 2 redirects dmpsync.3lift.com	756 B
2	qualtrics.com zn1zw3m3dlvzezje2-nineresearch.siteintercept.qualtrics.com siteintercept.qualtrics.com	19 KB
2	openx.net 2 redirects rtb.openx.net	587 B
2	m6r.eu 2 redirects tracking.m6r.eu	1 KB
2	adhigh.net 2 redirects px.adhigh.net	964 B
2	w55c.net 2 redirects pm.w55c.net	2 KB
2	eyeota.net 2 redirects ps.eyeota.net	1 KB
2	advertising.com 1 redirects sync.adaptv.advertising.com pixel.advertising.com	804 B
2	pubmatic.com 2 redirects image5.pubmatic.com	694 B
2	rubiconproject.com 1 redirects token.rubiconproject.com	1 KB
2	parsely.com cdn.parsely.com p1.parsely.com	26 KB
2	igodigital.com 10510523.collect.igodigital.com nova.collect.igodigital.com	3 KB
2	plista.com static-au.plista.com	18 KB
1	fwmrm.net dmp.v.fwmrm.net	411 B
1	chartbeat.net ping.chartbeat.net	201 B
1	chartbeat.com static.chartbeat.com	14 KB
1	googleapis.com fonts.googleapis.com	767 B
1	blismedia.com tr.blismedia.com	136 B
1	adsrvr.org match.adsrvr.org	265 B
1	yieldmo.com 1 redirects ads.yieldmo.com	464 B
1	stackadapt.com 1 redirects sync.srv.stackadapt.com	728 B
1	appier.net 1 redirects a.c.appier.net	559 B
1	atdmt.com ad.atdmt.com	1 KB
1	adap.tv 1 redirects sync.adap.tv	167 B
1	tubemogul.com 1 redirects rtd.tubemogul.com	267 B
1	turn.com 1 redirects d.turn.com	402 B
1	google.de www.google.de	63 B
1	google.ch adservice.google.ch	853 B
1	omtrdc.net fairfaxau.sc.omtrdc.net	313 B
1	gscontxt.net fairfaxmedia.gscontxt.net	823 B
1	bizographics.com sjs.bizographics.com	2 KB
1	licdn.com snap.licdn.com	2 KB
1	cloudfront.net d2uhnetoehh304.cloudfront.net	30 KB
1	googletagmanager.com www.googletagmanager.com	113 KB
262	59

	Domain	Requested by
34	s0.2mdn.net	www.afr.com s0.2mdn.net
23	cm.g.doubleclick.net	8 redirects googleads.g.doubleclick.net ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com
20	pagead2.googlesyndication.com	ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com s0.2mdn.net securepubads.g.doubleclick.net www.googletagservices.com
17	www.afr.com	www.afr.com
15	www.facebook.com	www.afr.com connect.facebook.net
15	dpm.demdex.net	1 redirects www.afr.com
13	static.ffx.io	www.afr.com
12	tpc.googlesyndication.com	ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com tpc.googlesyndication.com s0.2mdn.net securepubads.g.doubleclick.net
12	api.afr.com	www.afr.com
10	dsum-sec.casalemedia.com	6 redirects googleads.g.doubleclick.net
6	cdn-gl.imrworldwide.com	www.afr.com cdn-gl.imrworldwide.com secure-au.imrworldwide.com
6	connect.facebook.net	www.afr.com connect.facebook.net
4	sm.rtb.mts.ru	4 redirects
4	googleads4.g.doubleclick.net	www.afr.com
4	googleads.g.doubleclick.net	ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com www.afr.com
4	www.google.com	www.afr.com ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com tpc.googlesyndication.com
4	ad.doubleclick.net	4 redirects
4	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com www.afr.com
4	i.ffx.io	d2uhnetoehh304.cloudfront.net
4	securepubads.g.doubleclick.net	www.afr.com securepubads.g.doubleclick.net
3	fonts.gstatic.com	fonts.googleapis.com
3	www.googletagservices.com	securepubads.g.doubleclick.net ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com
3	ib.adnxs.com	3 redirects
3	ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
3	adservice.google.com	www.afr.com securepubads.g.doubleclick.net
2	ade.googlesyndication.com
2	dmpsync.3lift.com	2 redirects
2	errors.client.optimizely.com	cdn.optimizely.com
2	ups.analytics.yahoo.com	2 redirects
2	rtb.openx.net	2 redirects
2	tracking.m6r.eu	2 redirects
2	tech.rtb.mts.ru	2 redirects
2	px.adhigh.net	2 redirects
2	pm.w55c.net	2 redirects
2	ps.eyeota.net	2 redirects
2	ssum.casalemedia.com	2 redirects
2	rtd-tm.everesttech.net	2 redirects
2	image5.pubmatic.com	2 redirects
2	token.rubiconproject.com	1 redirects www.afr.com
2	secure-dcr.imrworldwide.com	www.afr.com
2	adc.nine.com.au	adc-js.nine.com.au
2	nd.demdex.net	www.afr.com
2	l.ffx.io	www.afr.com
2	px.ads.linkedin.com	2 redirects
2	z.moatads.com	www.afr.com z.moatads.com
2	platform.twitter.com	www.afr.com platform.twitter.com
2	static-au.plista.com	www.afr.com static-au.plista.com
1	dmp.v.fwmrm.net
1	beacon.krxd.net
1	usermatch.krxd.net	1 redirects
1	pixel.advertising.com
1	siteintercept.qualtrics.com	zn1zw3m3dlvzezje2-nineresearch.siteintercept.qualtrics.com
1	ping.chartbeat.net
1	static.chartbeat.com	www.afr.com
1	zn1zw3m3dlvzezje2-nineresearch.siteintercept.qualtrics.com	www.afr.com
1	fonts.googleapis.com	s0.2mdn.net
1	tr.blismedia.com	ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com
1	match.adsrvr.org	ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com
1	sync-tm.everesttech.net	1 redirects
1	ads.yieldmo.com	1 redirects
1	sync.srv.stackadapt.com	1 redirects
1	a.c.appier.net	1 redirects
1	ad.atdmt.com	s0.2mdn.net
1	cms.analytics.yahoo.com	1 redirects
1	sync.adaptv.advertising.com	1 redirects
1	sync.adap.tv	1 redirects
1	rtd.tubemogul.com	1 redirects
1	d.turn.com	1 redirects
1	www.google.de	www.afr.com
1	gkwfkymfrgeikgjzv2gq2bel5ypbf1629284441.nuid.imrworldwide.com	www.afr.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	p1.parsely.com	www.afr.com
1	nova.collect.igodigital.com	www.afr.com
1	syndication.twitter.com	platform.twitter.com
1	adservice.google.ch	securepubads.g.doubleclick.net
1	fairfaxau.sc.omtrdc.net	www.afr.com
1	fairfaxau.demdex.net	www.afr.com
1	px.moatads.com	www.afr.com
1	mb.moatads.com	z.moatads.com
1	cdn.parsely.com	www.googletagmanager.com
1	10510523.collect.igodigital.com	www.googletagmanager.com
1	6633783.fls.doubleclick.net	www.afr.com
1	secure-gl.imrworldwide.com	www.afr.com
1	vars.hotjar.com	static.hotjar.com
1	script.hotjar.com	static.hotjar.com
1	px4.ads.linkedin.com	www.afr.com
1	www.linkedin.com	1 redirects
1	fairfaxmedia.gscontxt.net	www.afr.com
1	platform.linkedin.com	www.afr.com
1	adc-js.nine.com.au	www.afr.com
1	secure-au.imrworldwide.com	1 redirects
1	sjs.bizographics.com	www.afr.com
1	snap.licdn.com	www.afr.com
1	static.hotjar.com	www.afr.com
1	d2uhnetoehh304.cloudfront.net	www.afr.com
1	www.googletagmanager.com	www.afr.com
1	cdn.optimizely.com	www.afr.com
262	97

This site contains links to these domains. Also see Links.

Domain
subscribe.afr.com
twitter.com
www.instagram.com
www.linkedin.com
www.facebook.com
www.corporatesubscriptions.com.au
www.nineforbrands.com.au
www.smh.com.au
www.theage.com.au
www.domain.com.au
www.drive.com.au
www.caradvice.com.au
www.rsvp.com.au
www.essentialbaby.com.au
www.weatherzone.com.au
www.oneflare.com.au
login.nine.com.au
professional.licensing-publishing.nine.com.au

Subject Issuer	Validity	Valid
nine.com.au COMODO RSA Organization Validation Secure Server CA	`2021-04-22` - `2021-09-28`	5 months	crt.sh
cdn.optimizely.com DigiCert SHA2 Secure Server CA	`2021-02-17` - `2022-02-21`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
*.cloudfront.net Amazon	`2021-03-19` - `2022-03-17`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-07-20` - `2021-10-18`	3 months	crt.sh
*.hotjar.com Amazon	`2020-12-25` - `2022-01-23`	a year	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2021-04-30` - `2022-05-11`	a year	crt.sh
js.bizographics.com DigiCert SHA2 Secure Server CA	`2020-03-23` - `2022-03-28`	2 years	crt.sh
*.plista.com COMODO RSA Domain Validation Secure Server CA	`2020-06-02` - `2022-04-11`	2 years	crt.sh
*.imrworldwide.com DigiCert TLS RSA SHA256 2020 CA1	`2021-01-28` - `2022-02-01`	a year	crt.sh
*.api.nine.com.au Amazon	`2021-08-15` - `2022-09-13`	a year	crt.sh
*.twimg.com DigiCert TLS RSA SHA256 2020 CA1	`2020-11-05` - `2021-11-09`	a year	crt.sh
platform.linkedin.com DigiCert SHA2 Secure Server CA	`2019-10-10` - `2021-10-14`	2 years	crt.sh
*.9pub.io Amazon	`2021-07-07` - `2022-08-05`	a year	crt.sh
*.gscontxt.net DigiCert SHA2 Secure Server CA	`2020-01-22` - `2022-01-21`	2 years	crt.sh
moatads.com DigiCert SHA2 Secure Server CA	`2021-01-21` - `2022-01-25`	a year	crt.sh
px.ads.linkedin.com DigiCert SHA2 Secure Server CA	`2021-04-15` - `2021-10-15`	6 months	crt.sh
*.ninetech.dev Amazon	`2021-08-03` - `2022-09-01`	a year	crt.sh
*.google.com GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
*.demdex.net DigiCert TLS RSA SHA256 2020 CA1	`2020-12-02` - `2022-01-02`	a year	crt.sh
*.collect.igodigital.com DigiCert TLS RSA SHA256 2020 CA1	`2021-01-25` - `2022-02-25`	a year	crt.sh
*.parsely.com Amazon	`2021-07-05` - `2022-08-03`	a year	crt.sh
*.moatads.com DigiCert TLS RSA SHA256 2020 CA1	`2021-05-25` - `2022-06-25`	a year	crt.sh
*.sc.omtrdc.net DigiCert SHA2 High Assurance Server CA	`2020-10-29` - `2021-11-29`	a year	crt.sh
*.google.ch GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
syndication.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-02-05` - `2022-02-04`	a year	crt.sh
*.nuid.imrworldwide.com Amazon	`2021-06-11` - `2022-07-10`	a year	crt.sh
*.google.de GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2021-03-30` - `2022-04-04`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-07-26` - `2021-10-18`	3 months	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2021-02-05` - `2022-02-09`	a year	crt.sh
*.atlassolutions.com DigiCert SHA2 High Assurance Server CA	`2021-07-06` - `2021-10-04`	3 months	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2021-03-18` - `2022-04-19`	a year	crt.sh
tr.blismedia.com GTS CA 1D4	`2021-06-29` - `2021-09-27`	3 months	crt.sh
upload.video.google.com GTS CA 1O1	`2021-07-26` - `2021-10-18`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
errors.client.optimizely.com Amazon	`2021-08-04` - `2022-09-02`	a year	crt.sh
*.qualtrics.com DigiCert SHA2 Secure Server CA	`2020-10-26` - `2021-11-26`	a year	crt.sh
*.chartbeat.com Thawte RSA CA 2018	`2021-05-20` - `2022-06-03`	a year	crt.sh
*.chartbeat.net Thawte RSA CA 2018	`2020-12-01` - `2021-12-30`	a year	crt.sh
pixel.advertising.com DigiCert SHA2 High Assurance Server CA	`2021-07-26` - `2022-01-19`	6 months	crt.sh
beacon.krxd.net DigiCert TLS RSA SHA256 2020 CA1	`2021-01-13` - `2022-01-07`	a year	crt.sh
*.v.fwmrm.net DigiCert TLS RSA SHA256 2020 CA1	`2020-11-17` - `2021-12-18`	a year	crt.sh

This page contains 24 frames:

Primary Page: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4
Frame ID: 44E2CD37194D67C825F373B4A2653EB4
Requests: 123 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.f88235f49a156f8b4cab34c7bc1a0acc.html?origin=https%3A%2F%2Fwww.afr.com
Frame ID: 0B54A7DF9BF263229C8F284F3ECA9BC6
Requests: 2 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-25a418976ea02a6f393fbbe77cec94bb.html
Frame ID: E4FBB05C0C29919B3491CCF7B6B513DE
Requests: 1 HTTP requests in this frame

Frame: https://adservice.google.com/ddm/fls/z/src=6633783;dc_pre=CLy618K1uvICFQ62GAod-IIB1A;type=afral0;cat=au_af0;u1=https%3A%2F%2Fwww.afr.com%2Fcompanies%2Ffinancial-services%2Fcba-launches-steppay-lifts-payment-revenue-20210817-p58je4;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=4409786493919.177
Frame ID: B1B98AE19E9AE2A38F54A3DCD4CF4403
Requests: 1 HTTP requests in this frame

Frame: https://z.moatads.com/hd09824092/iframe.html
Frame ID: C4306F25F960E3F8AF564C004ADC33E4
Requests: 1 HTTP requests in this frame

Frame: https://fairfaxau.demdex.net/dest5.html?d_nsid=0
Frame ID: 5B80AD9B7C6AEC7D0FF8B7E85B1EA97F
Requests: 13 HTTP requests in this frame

Frame: https://ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 5C52EB32B7888B0C9EED98A9DBC67F0F
Requests: 1 HTTP requests in this frame

Frame: https://cdn-gl.imrworldwide.com/novms/html/ls.html
Frame ID: 3F56E9ED562EF7C5E614A1C667FE4B93
Requests: 3 HTTP requests in this frame

Frame: https://ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 2E4E1176B11750A32CF9C0A2653030EB
Requests: 16 HTTP requests in this frame

Frame: https://ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 9BCBF39F721BC459A6C02DB2D6F5A93A
Requests: 16 HTTP requests in this frame

Frame: https://adc.nine.com.au/?appNexusUid=5540616611377753189
Frame ID: 16301AE5C7D1E9F7A27CE5EE90A2DEF4
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKaD7pMCEL724ZUCGOzF5awBMAE&v=APEucNUNBjV6FZNNtq0MIix9vC5ycR9PObpyLBBRTwdgCFS9w1xIGOMicj21MftxLuqhLzarMxpKolB7oIt9YWuJ40jvHiv5pQ
Frame ID: 6312CC463515D412779692934AE7076A
Requests: 4 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJ-3LhC3tXEY1M_4kwEwAQ&v=APEucNXkc4QYMZiXnLZCBQ_hbr4SwvGSRTYmPrxMNO6lBfnS0ERC5llxbCIh6nqaf_9TpLYyTbogVlclnGZPVMPm9oJxI_V0WQ
Frame ID: 789D29D4C004AA76139644C3E1E0DA9C
Requests: 4 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: C87DB3F4CD156189CD9A56B4A1C38F03
Requests: 9 HTTP requests in this frame

Frame: https://s0.2mdn.net/ads/richmedia/studio/pv2/61742004/20210602050734216/index.html?e=69&leftOffset=0&topOffset=0&c=h0LqZsaPSA&t=1&renderingType=2
Frame ID: 87825CA4995465C2C256089016132DFF
Requests: 13 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 21A5B0C57FE201BEA4EE1B434805E1F4
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/index.html?e=69&leftOffset=0&topOffset=0&c=5EDe0OVuak&t=1&renderingType=2
Frame ID: B723E9FB69E5A46B98DBC0B18C06452F
Requests: 27 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 74DCAF2D98840941B8E71AF702BAC1D0
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 101C6D15854913387E7A3A8E90D58230
Requests: 3 HTTP requests in this frame

Frame: https://nd.demdex.net/dest5.html?d_nsid=0
Frame ID: CF3467DE654BF70DE791DE383A490F8A
Requests: 6 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/2Mamy1gctW5X5kkoV06eENoOKaZzKSb08nEhfCw43oY.js
Frame ID: 9C6AED2F53226252EB4D479D0CE70B83
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/2Mamy1gctW5X5kkoV06eENoOKaZzKSb08nEhfCw43oY.js
Frame ID: 3FD1FB529001A5333D1A8189BD43F44B
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: F74E27A3B1F716EA730B632534AC04FD
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 0933B8CA29C4B29E0A8904BE0AE2DA8D
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Varnish (Cache Tools) Expand

Overall confidence: 100%
Detected patterns

headers via /varnish(?: $Varnish\/([\d.]+)$)?/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i
script /google-analytics\.com\/plugins\/ua\/(?:ec|ecommerce)\.js/i

Google Analytics Enhanced eCommerce (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/plugins\/ua\/(?:ec|ecommerce)\.js/i

Page Statistics

262
Requests

100 %
HTTPS

43 %
IPv6

59
Domains

97
Subdomains

71
IPs

10
Countries

3603 kB
Transfer

9397 kB
Size

10
Cookies

24 Outgoing links

These are links going to different origins than the main page.

URL: https://subscribe.afr.com/?promote_channel=HI_HL_GNL&utm_source=afr.com&utm_medium=HouseInventory&utm_campaign=General&utm_content=HDR
Title: Subscribe

Search URL Search Domain Scan URL

URL: https://subscribe.afr.com/?promote_channel=HI_PW_GNL
Title: Save 50% now

Search URL Search Domain Scan URL

URL: https://twitter.com/FinancialReview

Search URL Search Domain Scan URL

URL: https://www.instagram.com/financialreview/

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/company/1628885

Search URL Search Domain Scan URL

URL: https://www.facebook.com/financialreview

Search URL Search Domain Scan URL

URL: https://subscribe.afr.com/?promote_channel=HI_FL_GNL&utm_source=afr.com&utm_medium=HouseInventory&utm_campaign=General&utm_content=FTR
Title: Subscribe

Search URL Search Domain Scan URL

URL: https://www.corporatesubscriptions.com.au/?utm_source=afr_sub_lp&utm_medium=link&utm_campaign=corporate_subscriptions
Title: Corporate subscriptions

Search URL Search Domain Scan URL

URL: https://subscribe.afr.com/student-offer?promote_channel=HI_FL_STU&utm_source=FooterLink&utm_medium=HouseInventory&utm_campaign=Student
Title: Student subscriptions

Search URL Search Domain Scan URL

URL: https://www.nineforbrands.com.au/about/careers/
Title: Careers

Search URL Search Domain Scan URL

URL: https://www.nineforbrands.com.au/brand/the-australian-financial-review/
Title: Advertise

Search URL Search Domain Scan URL

URL: https://www.smh.com.au/
Title: The Sydney Morning Herald

Search URL Search Domain Scan URL

URL: https://www.theage.com.au/
Title: The Age

Search URL Search Domain Scan URL

URL: https://www.domain.com.au/
Title: Domain

Search URL Search Domain Scan URL

URL: https://www.drive.com.au/
Title: Drive

Search URL Search Domain Scan URL

URL: https://www.caradvice.com.au/
Title: CarAdvice

Search URL Search Domain Scan URL

URL: https://www.rsvp.com.au/
Title: RSVP

Search URL Search Domain Scan URL

URL: https://www.essentialbaby.com.au/
Title: Essential Baby

Search URL Search Domain Scan URL

URL: https://www.domain.com.au/property-profile
Title: Home Price Guide

Search URL Search Domain Scan URL

URL: https://www.weatherzone.com.au/
Title: Weatherzone

Search URL Search Domain Scan URL

URL: https://www.oneflare.com.au/
Title: Oneflare

Search URL Search Domain Scan URL

URL: https://login.nine.com.au/privacy?client_id=afr
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://login.nine.com.au/terms?client_id=afr
Title: Terms of Use

Search URL Search Domain Scan URL

URL: https://professional.licensing-publishing.nine.com.au/C.aspx?VP3=CMS3&VF=Home
Title: Reprints & Permissions

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 25

https://secure-au.imrworldwide.com/v60.js HTTP 301
https://cdn-gl.imrworldwide.com/v60.js

Request Chain 47

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=9724&time=1629284440227&url=https%3A%2F%2Fwww.afr.com%2Fcompanies%2Ffinancial-services%2Fcba-launches-steppay-lifts-payment-revenue-20210817-p58je4 HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D9724%26time%3D1629284440227%26url%3Dhttps%253A%252F%252Fwww.afr.com%252Fcompanies%252Ffinancial-services%252Fcba-launches-steppay-lifts-payment-revenue-20210817-p58je4%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=9724&time=1629284440227&url=https%3A%2F%2Fwww.afr.com%2Fcompanies%2Ffinancial-services%2Fcba-launches-steppay-lifts-payment-revenue-20210817-p58je4&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=9724&time=1629284440227&url=https%3A%2F%2Fwww.afr.com%2Fcompanies%2Ffinancial-services%2Fcba-launches-steppay-lifts-payment-revenue-20210817-p58je4&liSync=true&e_ipv6=AQIg4fo9CcU5ugAAAXtY65v6g2PtOznOUaWODJudzf63fciCd9vVpe0J7c9wOej3VvS3_Ck_

Request Chain 65

https://ad.doubleclick.net/activity;src=6633783;type=afrpa0;cat=paywall;ord=7570609107018;gtm=2wg8g0;auiddc=1538310401.1629284441;ps=1 HTTP 302
https://ad.doubleclick.net/activity;dc_pre=CO2b0sK1uvICFY2DUAYdx-UHww;src=6633783;type=afrpa0;cat=paywall;ord=7570609107018;gtm=2wg8g0;auiddc=1538310401.1629284441;ps=1 HTTP 302
https://adservice.google.com/ddm/fls/z/dc_pre=CO2b0sK1uvICFY2DUAYdx-UHww;src=6633783;type=afrpa0;cat=paywall;ord=7570609107018;gtm=2wg8g0;auiddc=*;ps=1

Request Chain 70

https://ad.doubleclick.net/ddm/activity/src=6633783;type=afral0;cat=au_af0;u1=https%3A%2F%2Fwww.afr.com%2Fcompanies%2Ffinancial-services%2Fcba-launches-steppay-lifts-payment-revenue-20210817-p58je4;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=4409786493919.177 HTTP 302
https://ad.doubleclick.net/ddm/activity/src=6633783;dc_pre=CLy618K1uvICFQ62GAod-IIB1A;type=afral0;cat=au_af0;u1=https%3A%2F%2Fwww.afr.com%2Fcompanies%2Ffinancial-services%2Fcba-launches-steppay-lifts-payment-revenue-20210817-p58je4;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=4409786493919.177 HTTP 302
https://adservice.google.com/ddm/fls/z/src=6633783;dc_pre=CLy618K1uvICFQ62GAod-IIB1A;type=afral0;cat=au_af0;u1=https%3A%2F%2Fwww.afr.com%2Fcompanies%2Ffinancial-services%2Fcba-launches-steppay-lifts-payment-revenue-20210817-p58je4;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=4409786493919.177

Request Chain 114

https://ib.adnxs.com/getuid?https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D358%26dpuuid%3D%24UID HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fdpm.demdex.net%252Fibs%253Adpid%253D358%2526dpuuid%253D%2524UID HTTP 302
https://dpm.demdex.net/ibs:dpid=358&dpuuid=5540616611377753189 HTTP 302
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=358&dpuuid=5540616611377753189

Request Chain 119

https://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMjM2NTYzMjkvdC8y/url/https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D470%26dpuuid%3D%24!%7BTURN_UUID%7D HTTP 302
https://dpm.demdex.net/ibs:dpid=470&dpuuid=8668025462436669173

Request Chain 122

https://image5.pubmatic.com/AdServer/usersync/usersync.html?predirect=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid=466%26dpuuid=PM_UID&userIdMacro=PM_UID HTTP 302
https://dpm.demdex.net/ibs:dpid=466&dpuuid=%s

Request Chain 123

https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm&gdpr=0&gdpr_consent=&google_hm=NTg3MDE1MjA4MDE3MjkyODQwMTA1MTExNzI5NjEwODczNTg2OTM= HTTP 302
https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESECJ07hRreZ9pkNMzd8ZsGrk&google_cver=1?gdpr=0&gdpr_consent=

Request Chain 124

https://rtd.tubemogul.com/upi/pid/r7ifn0SL?redir=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D782%26dpuuid%3D%24%7BTM_USER_ID%7D HTTP 302
https://rtd-tm.everesttech.net/upi/pid/r7ifn0SL?redir=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D782%26dpuuid%3D%24%7BTM_USER_ID%7D HTTP 302
https://rtd-tm.everesttech.net/ct/upi/pid/r7ifn0SL?redir=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D782%26dpuuid%3D%24%7BTM_USER_ID%7D&_test=YRzoWgAASCMruABD HTTP 302
https://dpm.demdex.net/ibs:dpid=782&dpuuid=YRzoWgAASCMruABD

Request Chain 125

https://sync.adap.tv/demdex_user_sync HTTP 302
https://sync.adaptv.advertising.com/demdex_user_sync HTTP 302
https://dpm.demdex.net/ibs:dpid=832&dpuuid=EUX2889609206026708622

Request Chain 126

https://ssum.casalemedia.com/usermatchredir?s=183607&cb=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D23728%26dpuuid%3D__UID__ HTTP 302
https://ssum.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D23728%26dpuuid%3D__UID__&s=183607&C=1 HTTP 302
https://dpm.demdex.net/ibs:dpid=23728&dpuuid=YRzoWhHkyq2q1BcvlLByDwAA%261169

Request Chain 127

https://ps.eyeota.net/match?bid=6j5b2cv&uid=58701520801729284010511172961087358693&r=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D30064%26dpuuid%3D%7BUUID_6j5b2cv%7D HTTP 302
https://ps.eyeota.net/match/bounce/?bid=6j5b2cv&uid=58701520801729284010511172961087358693&r=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D30064%26dpuuid%3D%7BUUID_6j5b2cv%7D HTTP 302
https://dpm.demdex.net/ibs:dpid=30064&dpuuid=2FyUBq-H8Wx5jXmVmToQZonstRzRX2y1_q1VPoBuJs44

Request Chain 128

https://cms.analytics.yahoo.com/cms?partner_id=ADOBE&_hosted_id=58701520801729284010511172961087358693&gdpr=0&gdpr_consent= HTTP 302
https://dpm.demdex.net/ibs:dpid=30646?dpuuid=y-zeiXHVxE2pEvdYkjcnTBWZig_cwh8yehFWA-~A

Request Chain 129

https://token.rubiconproject.com/token?pid=6404&puid=58701520801729284010511172961087358693&gdpr=0&gdpr_consent= HTTP 302
https://dpm.demdex.net/ibs:dpid=481&dpuuid=KSHDW162-G-9YBB?gdpr=0

Request Chain 130

https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm&gdpr=0&gdpr_consent=&google_hm=NTg3MDE1MjA4MDE3MjkyODQwMTA1MTExNzI5NjEwODczNTg2OTM= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm=&gdpr=0&gdpr_consent=&google_hm=NTg3MDE1MjA4MDE3MjkyODQwMTA1MTExNzI5NjEwODczNTg2OTM=&google_tc= HTTP 302
https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEO84maMd6agPbkmnjXgvZ0c&google_cver=1?gdpr=0&gdpr_consent=

Request Chain 135

https://ib.adnxs.com/getuid?https://adc.nine.com.au?appNexusUid=$UID HTTP 302
https://adc.nine.com.au/?appNexusUid=5540616611377753189

Request Chain 151

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEhBlE1Hy7dYSladsNcqJlY&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEhBlE1Hy7dYSladsNcqJlY&google_cver=1&C=1

Request Chain 152

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YRzoWgWZUZz8TW09fyw2igAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEhBlE1Hy7dYSladsNcqJlY&google_cver=1

Request Chain 154

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEhBlE1Hy7dYSladsNcqJlY&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEhBlE1Hy7dYSladsNcqJlY&google_cver=1&C=1

Request Chain 155

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YRzoWgWZUZz8TW09fyw2igAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEhBlE1Hy7dYSladsNcqJlY&google_cver=1

Request Chain 176

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESECFG5JZoTQJpnkAi9PrWQQc&google_cver=1&google_push=AYg5qPLhjA1iJKdokxJQCZklYFe_Kn9dDaBlfRrPBPjteCS-pSRw7besR-fzhUfjt9EstjzsuIF4eFDFHoKsgT-WML17Xq3aaM-W HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESECFG5JZoTQJpnkAi9PrWQQc&google_cver=1&google_push=AYg5qPLhjA1iJKdokxJQCZklYFe_Kn9dDaBlfRrPBPjteCS-pSRw7besR-fzhUfjt9EstjzsuIF4eFDFHoKsgT-WML17Xq3aaM-W HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=VHJvMExKWXExTWdqams1&google_gid=CAESECFG5JZoTQJpnkAi9PrWQQc&google_cver=1&google_push=AYg5qPLhjA1iJKdokxJQCZklYFe_Kn9dDaBlfRrPBPjteCS-pSRw7besR-fzhUfjt9EstjzsuIF4eFDFHoKsgT-WML17Xq3aaM-W

Request Chain 177

https://a.c.appier.net/gcm?google_gid=CAESEIpt2oU5xJ_9YVGxBBIF7W4&google_cver=1&google_push=AYg5qPJJtw48mcFj_oBSyNHJ4W1XRs7tEZH9QX-VQ6RPWvOSLRDe24wFjCvrSGLL2kkbQuXXeEbyq8v_HPLZnYK2ofpWQNVTliNk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=c2Y3WTRDUHNDQU9SZloxMVhPZ2NZUQ%3D%3D&google_push=AYg5qPJJtw48mcFj_oBSyNHJ4W1XRs7tEZH9QX-VQ6RPWvOSLRDe24wFjCvrSGLL2kkbQuXXeEbyq8v_HPLZnYK2ofpWQNVTliNk

Request Chain 178

https://px.adhigh.net/p/gm/rub?google_gid=CAESEF5sBCU8WbTcBhJO2SVMdzw&google_cver=1&google_push=AYg5qPK-0Vjk4hkByVFiBp_XloOZ2Y1YWnk7Y2rReh4MnUpZOwueBJ-FOf9Kz8RquVeuFVtAPNeVtP66rzKX4FR2JJPjPnGghdwY HTTP 302
https://px.adhigh.net/p/gm/rub?google_gid=CAESEF5sBCU8WbTcBhJO2SVMdzw&google_cver=1&google_push=AYg5qPK-0Vjk4hkByVFiBp_XloOZ2Y1YWnk7Y2rReh4MnUpZOwueBJ-FOf9Kz8RquVeuFVtAPNeVtP66rzKX4FR2JJPjPnGghdwY&bounced=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=gint&google_push=AYg5qPK-0Vjk4hkByVFiBp_XloOZ2Y1YWnk7Y2rReh4MnUpZOwueBJ-FOf9Kz8RquVeuFVtAPNeVtP66rzKX4FR2JJPjPnGghdwY&google_hm=yhSNrGYJzQ8AAikABlF7WOuiKA%3D%3D

Request Chain 179

https://sync.srv.stackadapt.com/sync?nid=154&google_gid=CAESELbylrDJsBihtrVH-dCazcM&google_cver=1&google_push=AYg5qPL5SnbI8jFecl0gORWH8TDzR43QSBiZOhh1EOTnpE8spE0uMlJhlYsd0eyOlgVSOQzyNkx8_6lwcA8rLutdvH5jNbYSxGC9 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=CoTP3vlSSQxmZgKhk87u7bmcr20&google_push=AYg5qPL5SnbI8jFecl0gORWH8TDzR43QSBiZOhh1EOTnpE8spE0uMlJhlYsd0eyOlgVSOQzyNkx8_6lwcA8rLutdvH5jNbYSxGC9

Request Chain 180

https://ads.yieldmo.com/exptsync?google_gid=CAESECwSziFdmk9yAb--m5aiF2A&google_cver=1&google_push=AYg5qPIaCBIdIUBAgVwIDeJBXEhpU1DMhpvMF18l8fvNISCZ5DaoiJkIJYYpsNT7-xGGXDobqQlobKPPbESZoD-igWMIEeFqFeS3 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yieldmo&google_push=AYg5qPIaCBIdIUBAgVwIDeJBXEhpU1DMhpvMF18l8fvNISCZ5DaoiJkIJYYpsNT7-xGGXDobqQlobKPPbESZoD-igWMIEeFqFeS3&google_hm=ZzM5NGVkMDE3OTJiOWY2M2VjYmI=

Request Chain 181

https://cs.chocolateplatform.com/pub?pid=ebda&google_gid=CAESEKFqvriYN9jUkYH8GrxrRJU&google_cver=1&google_push=AYg5qPIuGJajLOhSC0v8Xu28J6_uGtuQdPHx5uIOuzSvMY8EyXMIkeH85O-kpf7NqJyswZst1wUyvjcgdG4WQtkPAK5wnYhOmKZY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZDNhNzY1NTRjM2M2NDkwMTRhZTQwMzlmYTZjYTA4ZTU=&google_push=AYg5qPIuGJajLOhSC0v8Xu28J6_uGtuQdPHx5uIOuzSvMY8EyXMIkeH85O-kpf7NqJyswZst1wUyvjcgdG4WQtkPAK5wnYhOmKZY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZDNhNzY1NTRjM2M2NDkwMTRhZTQwMzlmYTZjYTA4ZTU=&google_push=AYg5qPIuGJajLOhSC0v8Xu28J6_uGtuQdPHx5uIOuzSvMY8EyXMIkeH85O-kpf7NqJyswZst1wUyvjcgdG4WQtkPAK5wnYhOmKZY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZDNhNzY1NTRjM2M2NDkwMTRhZTQwMzlmYTZjYTA4ZTU=&google_push=AYg5qPIuGJajLOhSC0v8Xu28J6_uGtuQdPHx5uIOuzSvMY8EyXMIkeH85O-kpf7NqJyswZst1wUyvjcgdG4WQtkPAK5wnYhOmKZY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZDNhNzY1NTRjM2M2NDkwMTRhZTQwMzlmYTZjYTA4ZTU=&google_push=AYg5qPIuGJajLOhSC0v8Xu28J6_uGtuQdPHx5uIOuzSvMY8EyXMIkeH85O-kpf7NqJyswZst1wUyvjcgdG4WQtkPAK5wnYhOmKZY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZDNhNzY1NTRjM2M2NDkwMTRhZTQwMzlmYTZjYTA4ZTU=&google_push=AYg5qPIuGJajLOhSC0v8Xu28J6_uGtuQdPHx5uIOuzSvMY8EyXMIkeH85O-kpf7NqJyswZst1wUyvjcgdG4WQtkPAK5wnYhOmKZY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZDNhNzY1NTRjM2M2NDkwMTRhZTQwMzlmYTZjYTA4ZTU=&google_push=AYg5qPIuGJajLOhSC0v8Xu28J6_uGtuQdPHx5uIOuzSvMY8EyXMIkeH85O-kpf7NqJyswZst1wUyvjcgdG4WQtkPAK5wnYhOmKZY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZDNhNzY1NTRjM2M2NDkwMTRhZTQwMzlmYTZjYTA4ZTU=&google_push=AYg5qPIuGJajLOhSC0v8Xu28J6_uGtuQdPHx5uIOuzSvMY8EyXMIkeH85O-kpf7NqJyswZst1wUyvjcgdG4WQtkPAK5wnYhOmKZY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZDNhNzY1NTRjM2M2NDkwMTRhZTQwMzlmYTZjYTA4ZTU=&google_push=AYg5qPIuGJajLOhSC0v8Xu28J6_uGtuQdPHx5uIOuzSvMY8EyXMIkeH85O-kpf7NqJyswZst1wUyvjcgdG4WQtkPAK5wnYhOmKZY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZDNhNzY1NTRjM2M2NDkwMTRhZTQwMzlmYTZjYTA4ZTU=&google_push=AYg5qPIuGJajLOhSC0v8Xu28J6_uGtuQdPHx5uIOuzSvMY8EyXMIkeH85O-kpf7NqJyswZst1wUyvjcgdG4WQtkPAK5wnYhOmKZY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZDNhNzY1NTRjM2M2NDkwMTRhZTQwMzlmYTZjYTA4ZTU=&google_push=AYg5qPIuGJajLOhSC0v8Xu28J6_uGtuQdPHx5uIOuzSvMY8EyXMIkeH85O-kpf7NqJyswZst1wUyvjcgdG4WQtkPAK5wnYhOmKZY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZDNhNzY1NTRjM2M2NDkwMTRhZTQwMzlmYTZjYTA4ZTU=&google_push=AYg5qPIuGJajLOhSC0v8Xu28J6_uGtuQdPHx5uIOuzSvMY8EyXMIkeH85O-kpf7NqJyswZst1wUyvjcgdG4WQtkPAK5wnYhOmKZY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZDNhNzY1NTRjM2M2NDkwMTRhZTQwMzlmYTZjYTA4ZTU=&google_push=AYg5qPIuGJajLOhSC0v8Xu28J6_uGtuQdPHx5uIOuzSvMY8EyXMIkeH85O-kpf7NqJyswZst1wUyvjcgdG4WQtkPAK5wnYhOmKZY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZDNhNzY1NTRjM2M2NDkwMTRhZTQwMzlmYTZjYTA4ZTU=&google_push=AYg5qPIuGJajLOhSC0v8Xu28J6_uGtuQdPHx5uIOuzSvMY8EyXMIkeH85O-kpf7NqJyswZst1wUyvjcgdG4WQtkPAK5wnYhOmKZY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZDNhNzY1NTRjM2M2NDkwMTRhZTQwMzlmYTZjYTA4ZTU=&google_push=AYg5qPIuGJajLOhSC0v8Xu28J6_uGtuQdPHx5uIOuzSvMY8EyXMIkeH85O-kpf7NqJyswZst1wUyvjcgdG4WQtkPAK5wnYhOmKZY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZDNhNzY1NTRjM2M2NDkwMTRhZTQwMzlmYTZjYTA4ZTU=&google_push=AYg5qPIuGJajLOhSC0v8Xu28J6_uGtuQdPHx5uIOuzSvMY8EyXMIkeH85O-kpf7NqJyswZst1wUyvjcgdG4WQtkPAK5wnYhOmKZY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZDNhNzY1NTRjM2M2NDkwMTRhZTQwMzlmYTZjYTA4ZTU=&google_push=AYg5qPIuGJajLOhSC0v8Xu28J6_uGtuQdPHx5uIOuzSvMY8EyXMIkeH85O-kpf7NqJyswZst1wUyvjcgdG4WQtkPAK5wnYhOmKZY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZDNhNzY1NTRjM2M2NDkwMTRhZTQwMzlmYTZjYTA4ZTU=&google_push=AYg5qPIuGJajLOhSC0v8Xu28J6_uGtuQdPHx5uIOuzSvMY8EyXMIkeH85O-kpf7NqJyswZst1wUyvjcgdG4WQtkPAK5wnYhOmKZY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZDNhNzY1NTRjM2M2NDkwMTRhZTQwMzlmYTZjYTA4ZTU=&google_push=AYg5qPIuGJajLOhSC0v8Xu28J6_uGtuQdPHx5uIOuzSvMY8EyXMIkeH85O-kpf7NqJyswZst1wUyvjcgdG4WQtkPAK5wnYhOmKZY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZDNhNzY1NTRjM2M2NDkwMTRhZTQwMzlmYTZjYTA4ZTU=&google_push=AYg5qPIuGJajLOhSC0v8Xu28J6_uGtuQdPHx5uIOuzSvMY8EyXMIkeH85O-kpf7NqJyswZst1wUyvjcgdG4WQtkPAK5wnYhOmKZY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZDNhNzY1NTRjM2M2NDkwMTRhZTQwMzlmYTZjYTA4ZTU=&google_push=AYg5qPIuGJajLOhSC0v8Xu28J6_uGtuQdPHx5uIOuzSvMY8EyXMIkeH85O-kpf7NqJyswZst1wUyvjcgdG4WQtkPAK5wnYhOmKZY

Request Chain 182

https://sm.rtb.mts.ru/p?ssp=googlevid&pm=1&google_gid=CAESEL53Ct5Q9SrcJ6X-RBbJOXw&google_cver=1&google_push=AYg5qPIC_8wqIPWdE5ye7wvVblJ3A2lLFxaEzZ02wAwuPnbcnAVPmKDVXc3d3r3V2XSHIYN3whVumAIhw5PyLzrWNAOa8Dd5Ioq0Sw HTTP 301
https://sm.rtb.mts.ru/match/second?r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dstream_llc_2%26id%3D3ace7719-662f-4e3f-89bd-5c950a0534d4%26google_push%3DAYg5qPIC_8wqIPWdE5ye7wvVblJ3A2lLFxaEzZ02wAwuPnbcnAVPmKDVXc3d3r3V2XSHIYN3whVumAIhw5PyLzrWNAOa8Dd5Ioq0Sw&ssp=googlevid&exu=CAESEL53Ct5Q9SrcJ6X-RBbJOXw HTTP 301
https://tech.rtb.mts.ru/?dsp_uid=3ace7719-662f-4e3f-89bd-5c950a0534d4&return_url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dstream_llc_2%26id%3D3ace7719-662f-4e3f-89bd-5c950a0534d4%26google_push%3DAYg5qPIC_8wqIPWdE5ye7wvVblJ3A2lLFxaEzZ02wAwuPnbcnAVPmKDVXc3d3r3V2XSHIYN3whVumAIhw5PyLzrWNAOa8Dd5Ioq0Sw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=stream_llc_2&id=3ace7719-662f-4e3f-89bd-5c950a0534d4&google_push=AYg5qPIC_8wqIPWdE5ye7wvVblJ3A2lLFxaEzZ02wAwuPnbcnAVPmKDVXc3d3r3V2XSHIYN3whVumAIhw5PyLzrWNAOa8Dd5Ioq0Sw

Request Chain 187

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESEFchlr13iZp_INu8IxSIN7Y&google_cver=1&google_push=AYg5qPJK7P4JuMcGjxY7OxziqjVUlKq6Y3MRJAsLSAq3Kp4qKuHWt1NerWaQR_hSfUzmHJp7iDzi29y4q5LVw4rVpgUeMfV8_17DTQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=WVJ6b1dnQUFTQ01ydUFCRA==&google_gid=CAESEFchlr13iZp_INu8IxSIN7Y&google_cver=1&google_push=AYg5qPJK7P4JuMcGjxY7OxziqjVUlKq6Y3MRJAsLSAq3Kp4qKuHWt1NerWaQR_hSfUzmHJp7iDzi29y4q5LVw4rVpgUeMfV8_17DTQ

Request Chain 190

https://tracking.m6r.eu/sync/adxRedirect?gdprFallback=true&google_gid=&google_gid=CAESEE3HWMCzl4GkSfv6ecwCnrU&google_cver=1&google_push=AYg5qPJIUSNNfyKMlL5LimQiKsc920qqRvqwqlU23r3OFbwJgmjN_l8zfWA1k08t-T6q1AhMa50h92Z-Ji9_3xnr-eNvc8fF5QyR0g HTTP 302
https://tracking.m6r.eu/sync/adxRedirect?gdprFallback=true&google_gid=&google_gid=CAESEE3HWMCzl4GkSfv6ecwCnrU&google_cver=1&google_push=AYg5qPJIUSNNfyKMlL5LimQiKsc920qqRvqwqlU23r3OFbwJgmjN_l8zfWA1k08t-T6q1AhMa50h92Z-Ji9_3xnr-eNvc8fF5QyR0g&checkcookies=true HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=m6r&google_ula=158217889&google_hm=g33RoGOXH_pXF8IEKSrbcg&google_push=AYg5qPJIUSNNfyKMlL5LimQiKsc920qqRvqwqlU23r3OFbwJgmjN_l8zfWA1k08t-T6q1AhMa50h92Z-Ji9_3xnr-eNvc8fF5QyR0g HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=m6r&google_ula=158217889&google_hm=g33RoGOXH_pXF8IEKSrbcg&google_push=AYg5qPJIUSNNfyKMlL5LimQiKsc920qqRvqwqlU23r3OFbwJgmjN_l8zfWA1k08t-T6q1AhMa50h92Z-Ji9_3xnr-eNvc8fF5QyR0g&google_tc=

Request Chain 191

https://rtb.openx.net/sync/dds?google_gid=CAESENaYSp0wIe9pbO2-TCmvJnc&google_cver=1&google_push=AYg5qPLIeGMpKBWr02bTiLPNBRFNk4BerIMtd8nalPVqvbzH0D7j4nbUsxWEVJh13M_XTOcx2yfn6sA9CBfZd85S51rzTrnjd2YXOw HTTP 302
https://rtb.openx.net/sync/dds?google_gid=CAESENaYSp0wIe9pbO2-TCmvJnc&google_cver=1&google_push=AYg5qPLIeGMpKBWr02bTiLPNBRFNk4BerIMtd8nalPVqvbzH0D7j4nbUsxWEVJh13M_XTOcx2yfn6sA9CBfZd85S51rzTrnjd2YXOw&ox_sc=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPLIeGMpKBWr02bTiLPNBRFNk4BerIMtd8nalPVqvbzH0D7j4nbUsxWEVJh13M_XTOcx2yfn6sA9CBfZd85S51rzTrnjd2YXOw&google_hm=NK2X4wbDyrYSjd-N9ntMDA==

Request Chain 192

https://sm.rtb.mts.ru/p?ssp=googleban&pm=1&google_gid=CAESEKxpy0KJAZVvnlrBs4vTSnM&google_cver=1&google_push=AYg5qPLxNh0_nI9wAhhtcrcdPMcfsi2t8nbbTErCXtoT7G4gXbc_o_-2OXYNx9pc8pb3DcTRorJm9gSqSFL8COtcpEcpyIMotIE_Dog HTTP 301
https://sm.rtb.mts.ru/match/second?r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dstream_llc%26id%3D4309b72d-278d-42d3-8bc5-bce4980bcef0%26google_push%3DAYg5qPLxNh0_nI9wAhhtcrcdPMcfsi2t8nbbTErCXtoT7G4gXbc_o_-2OXYNx9pc8pb3DcTRorJm9gSqSFL8COtcpEcpyIMotIE_Dog&ssp=googleban&exu=CAESEKxpy0KJAZVvnlrBs4vTSnM HTTP 301
https://tech.rtb.mts.ru/?dsp_uid=4309b72d-278d-42d3-8bc5-bce4980bcef0&return_url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dstream_llc%26id%3D4309b72d-278d-42d3-8bc5-bce4980bcef0%26google_push%3DAYg5qPLxNh0_nI9wAhhtcrcdPMcfsi2t8nbbTErCXtoT7G4gXbc_o_-2OXYNx9pc8pb3DcTRorJm9gSqSFL8COtcpEcpyIMotIE_Dog HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=stream_llc&id=4309b72d-278d-42d3-8bc5-bce4980bcef0&google_push=AYg5qPLxNh0_nI9wAhhtcrcdPMcfsi2t8nbbTErCXtoT7G4gXbc_o_-2OXYNx9pc8pb3DcTRorJm9gSqSFL8COtcpEcpyIMotIE_Dog

Request Chain 193

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEEHsNV6LOK-w76-JJamY5vo&google_cver=1&google_push=AYg5qPJxVedoRRvm4DCH6FGIidR8GGlw6-exwxnbDdklf_VOjtwmbJLuIxP17CSdFK-LiVTjIRco914GC2cJOmT5qVyPF3b3GD9z28w HTTP 302
https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEEHsNV6LOK-w76-JJamY5vo&google_cver=1&google_push=AYg5qPJxVedoRRvm4DCH6FGIidR8GGlw6-exwxnbDdklf_VOjtwmbJLuIxP17CSdFK-LiVTjIRco914GC2cJOmT5qVyPF3b3GD9z28w&verify=true HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS14ekZ6bnp0RTJ1R0Q0MHFZYVQ4UDlBbmJ5QlVfNEZxbn5B&google_push=AYg5qPJxVedoRRvm4DCH6FGIidR8GGlw6-exwxnbDdklf_VOjtwmbJLuIxP17CSdFK-LiVTjIRco914GC2cJOmT5qVyPF3b3GD9z28w

Request Chain 258

https://image5.pubmatic.com/AdServer/usersync/usersync.html?predirect=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid=19566%26dpuuid=PM_UID&userIdMacro=PM_UID HTTP 302
https://dpm.demdex.net/ibs:dpid=19566&dpuuid=%s

Request Chain 259

https://dmpsync.3lift.com/getuid?redir=%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D72352%26dpuuid%3D$UID%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_consent= HTTP 302
https://dmpsync.3lift.com/getuid?ld=1&gdpr=0&cmp_cs=&us_privacy=&redir=%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D72352%26dpuuid%3D%24UID%26gdpr%3D0%26gdpr_consent%3D HTTP 302
https://dpm.demdex.net/ibs:dpid=72352&dpuuid=3768466149905305353&gdpr=0&gdpr_consent=

Request Chain 260

https://usermatch.krxd.net/um/v2?partner=adobe&id=58500039301097033390522864760791515103 HTTP 302
https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=adobe&id=58500039301097033390522864760791515103

262 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request cba-launches-steppay-lifts-payment-revenue-20210817-p58je4 Show response
www.afr.com/companies/financial-services/ 323 KB
61 KB 344ms
319ms Document
text/html 2a04:4e42:600::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

315eb6a950884d71d78c09365ebebf793e2b6516f6757e1090559d9ae6d10e17

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.afr.com
:scheme: https
:path: /companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

cache-control: public, max-age=30
content-encoding: gzip
content-type: text/html; charset=utf-8
etag: W/"50c47-WaOTQCoplR8V0d7jbfBYIdjgsWI"
strict-transport-security: max-age=31536000
uber-trace-id: f331cda29afc4d8:f331cda29afc4d8:0:0
x-frame-options: sameorigin
x-varnish-grace: none(fetch fresh)
x-xss-protection: 1; mode=block
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 18 Aug 2021 11:00:38 GMT
age: 10
x-served-by: cache-syd10176-SYD, cache-fra19158-FRA
x-cache: HIT, HIT
x-cache-hits: 1, 1
vary: Accept-Encoding
content-length: 62023

GET
H2 200 polyfillsGlobal.5dd314855d3f0641c0d2.js Show response
www.afr.com/assets/ 1 KB
667 B 11ms
11ms Script
application/javascript 2a04:4e42:600::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.afr.com/assets/polyfillsGlobal.5dd314855d3f0641c0d2.js

Requested by

Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

2a25a03a22630c866f03370076ed639ca69afeeef4db0859abfa16f746f4973b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

:path: /assets/polyfillsGlobal.5dd314855d3f0641c0d2.js
pragma: no-cache
origin: https://www.afr.com
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.afr.com
referer: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://www.afr.com
Referer: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
age: 40913
uber-trace-id: f237649e4e1a48ff:f237649e4e1a48ff:0:0
x-cache: HIT, HIT
content-length: 537
etag: W/"4be-17b56619950"
x-served-by: cache-syd10153-SYD, cache-fra19158-FRA
last-modified: Tue, 17 Aug 2021 23:10:42 GMT
x-frame-options: sameorigin
date: Wed, 18 Aug 2021 11:00:38 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31557600
x-varnish-grace: none(fetch fresh)
accept-ranges: bytes
x-cache-hits: 1, 111

GET
H2 200 europa.de4f963dabc10c43fcac.js Show response
www.afr.com/assets/ 38 KB
11 KB 11ms
10ms Script
application/javascript 2a04:4e42:600::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.afr.com/assets/europa.de4f963dabc10c43fcac.js

Requested by

Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

655e8a9680dfd049a0253377c3ce2af79171c24e71df42acb96f00c5178ef872

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

:path: /assets/europa.de4f963dabc10c43fcac.js
pragma: no-cache
origin: https://www.afr.com
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.afr.com
referer: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://www.afr.com
Referer: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
age: 40882
uber-trace-id: b0cd057c411f16d4:b0cd057c411f16d4:0:0
x-cache: HIT, HIT
content-length: 10959
etag: W/"978d-17b56619950"
x-served-by: cache-syd10142-SYD, cache-fra19158-FRA
last-modified: Tue, 17 Aug 2021 23:10:42 GMT
x-frame-options: sameorigin
date: Wed, 18 Aug 2021 11:00:38 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31557600
x-varnish-grace: none
accept-ranges: bytes
x-cache-hits: 2, 110

GET
H2 200 13780390039.js Show response
cdn.optimizely.com/js/ 304 KB
93 KB 24ms
12ms Script
text/javascript 2a02:26f0:6c00:2a8::13b8
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.optimizely.com/js/13780390039.js

Requested by

Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00:2a8::13b8 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

AmazonS3 /

Resource Hash

fc296748fb6694e56c220be64a01cbcdf39127c4036a137a1db3205dfbb81a5b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-meta-pci_enabled: False
x-amz-version-id: 5gdLNADflmUXUhcF1QKawXAQsgSHs0F_
content-encoding: gzip
etag: "a19249e7557ca8669fd83d8beb39ddbe"
x-amz-request-id: PH6SMN8QBDRN73ZQ
x-amz-server-side-encryption: AES256
x-amz-meta-revision: 2842
x-amz-replication-status: PENDING
access-control-allow-methods: GET, HEAD
server-timing: cdn;desc="AkamaiION";dur=0,rtt;desc="4";dur=0,cdnip;desc="2a02:26f0:6c00:2a8::13b8";dur=0,cdnmap;desc="a5048.dsca.akamaiedge.net";dur=0,proto;desc="h2";dur=0
vary: Accept-Encoding
content-length: 93822
x-amz-id-2: T7B6SBvAV0EzyfThtmKxQPpCdpgcT81p868g+ODuj0sg0PX9jEBPJX7nwyrN1l2OSsTij8S+ZYY=
last-modified: Wed, 18 Aug 2021 10:01:20 GMT
server: AmazonS3
date: Wed, 18 Aug 2021 11:00:39 GMT
access-control-max-age: 86400
strict-transport-security: max-age=15768000
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: x-amz-meta-revision
cache-control: max-age=120
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: *

GET
H2 200 de92fad56d84f58a7786f5e5dc791572368e06b4
static.ffx.io/images/$width_140%2C$height_140/t_crop_fill%2Cq_auto:best%2Cfl_any_format/ 7 KB
8 KB 30ms
18ms Image
image/png 2a04:4e42:600::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffx.io/images/$width_140%2C$height_140/t_crop_fill%2Cq_auto:best%2Cfl_any_format/de92fad56d84f58a7786f5e5dc791572368e06b4
Requested by: Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:600::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: cloudinary /
Resource Hash: feb35a42307d1d625165e6eb904a59e09f72fed5510fd452dfd58905a8507ebf

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 11:00:39 GMT
via: 1.1 varnish, 1.1 varnish
age: 537895
edge-cache-tag: 323201847466709505494089637799511810365,232319851822536097488195099314647301223,5f5f4219172da4ec8104790896b11172
x-cache: MISS, HIT
content-length: 7469
x-served-by: cache-fra19137-FRA, cache-fra19158-FRA
x-cld-skey: 323201847466709505494089637799511810365 232319851822536097488195099314647301223 5f5f4219172da4ec8104790896b11172
last-modified: Fri, 26 Mar 2021 03:02:54 GMT
server: cloudinary
x-timer: S1629284439.018271,VS0,VE3
etag: "9784575261a4fc05b163914c9787c550"
vary: User-Agent
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 367 KB
113 KB 30ms
29ms Script
application/javascript 2a00:1450:4001:828::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-NN4PPKH

Requested by

Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

9ee6a9d567ee4c7877784bd518a91ab8958306defe40c11daa3908e72a711f79

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 11:00:39 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 115821
x-xss-protection: 0
last-modified: Wed, 18 Aug 2021 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 18 Aug 2021 11:00:39 GMT

GET
H2 200 sp.js Show response
d2uhnetoehh304.cloudfront.net/2.11.0-patched/ 97 KB
30 KB 60ms
13ms Script
application/javascript 2600:9000:2156:7600:10:2964:9d00:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d2uhnetoehh304.cloudfront.net/2.11.0-patched/sp.js
Requested by: Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:7600:10:2964:9d00:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a3c78596628f7e53c40bbfd0e9eed225181c4c2933a6e051e8fa46c30b221d1f

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Jul 2021 01:17:15 GMT
content-encoding: gzip
last-modified: Mon, 05 Jul 2021 01:09:01 GMT
server: AmazonS3
age: 3836605
etag: W/"80b7ca5bd7a7e17f33545663b8f8423f"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 5f6905ea282e042ad3334bfed8a840ce.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: 1VGFwliLI9gcX0vpNZnjy1CAzusCvHbOY-S0qWDgVj4dzK0hSbbBMg==

GET
H2 200 9a774230.svg
www.afr.com/assets/ 3 KB
677 B 23ms
23ms Image
image/svg+xml 2a04:4e42:600::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.afr.com/assets/9a774230.svg

Requested by

Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

bcf86c48df6f76b921cce4d3b354c52312027494dbac002cf58ff39ca8593ff5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	sameorigin

Request headers

:path: /assets/9a774230.svg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.afr.com
referer: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
etag: W/"bf5-17aa231ab50"
age: 3001843
uber-trace-id: 51c49e0e9eae5148:51c49e0e9eae5148:0:0
x-cache: HIT, HIT
content-length: 460
x-served-by: cache-syd10168-SYD, cache-fra19158-FRA
last-modified: Tue, 13 Jul 2021 23:26:42 GMT
x-frame-options: sameorigin
date: Wed, 18 Aug 2021 11:00:39 GMT
vary: Accept-Encoding
content-type: image/svg+xml
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31557600
x-varnish-grace: none
accept-ranges: bytes
x-cache-hits: 29662, 5

GET
H2 200 0d96eeec.svg
www.afr.com/assets/ 6 KB
3 KB 23ms
22ms Image
image/svg+xml 2a04:4e42:600::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.afr.com/assets/0d96eeec.svg

Requested by

Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

8b56cf3ff69da24ee4d01b00d8bbad12a602a1f083e47c6646b02b639fd633fd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	sameorigin

Request headers

:path: /assets/0d96eeec.svg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.afr.com
referer: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
etag: W/"18fe-17aa231ab50"
age: 2992112
uber-trace-id: 326c71f8ddfce0ca:326c71f8ddfce0ca:0:0
x-cache: HIT, HIT
content-length: 2779
x-served-by: cache-syd10154-SYD, cache-fra19158-FRA
last-modified: Tue, 13 Jul 2021 23:26:42 GMT
x-frame-options: sameorigin
date: Wed, 18 Aug 2021 11:00:39 GMT
vary: Accept-Encoding
content-type: image/svg+xml
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31557600
x-varnish-grace: none
accept-ranges: bytes
x-cache-hits: 8281, 3

GET
H2 200 suecanano-regular-webfont.woff2
www.afr.com/fonts/ 18 KB
18 KB 12ms
12ms Font
font/woff2 2a04:4e42:600::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.afr.com/fonts/suecanano-regular-webfont.woff2

Requested by

Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

a44fb6a26732b7892f2802aee69fb0413ecd26b508b5c79720a48c485f4889ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	sameorigin

Request headers

:path: /fonts/suecanano-regular-webfont.woff2
pragma: no-cache
origin: https://www.afr.com
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: font
:authority: www.afr.com
referer: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://www.afr.com
Referer: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
via: 1.1 varnish, 1.1 varnish
etag: W/"4664-17b52df92c8"
age: 68213
uber-trace-id: 3a940eb83d1e3332:3a940eb83d1e3332:0:0
x-cache: MISS, HIT
content-length: 18020
x-served-by: cache-syd10143-SYD, cache-fra19158-FRA
last-modified: Tue, 17 Aug 2021 06:49:49 GMT
date: Wed, 18 Aug 2021 11:00:39 GMT
x-frame-options: sameorigin
content-type: font/woff2
cache-control: public, max-age=86400
x-varnish-grace: none
accept-ranges: bytes
x-cache-hits: 0, 189

GET
H2 200 suecahd-regular-webfont.woff2
www.afr.com/fonts/ 22 KB
23 KB 23ms
11ms Font
font/woff2 2a04:4e42:600::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.afr.com/fonts/suecahd-regular-webfont.woff2

Requested by

Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

338140f080782dd9fc999b9c240cde15f599e7ffd10b3fd3d9085717d38ad8d3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	sameorigin

Request headers

:path: /fonts/suecahd-regular-webfont.woff2
pragma: no-cache
origin: https://www.afr.com
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: font
:authority: www.afr.com
referer: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://www.afr.com
Referer: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
via: 1.1 varnish, 1.1 varnish
etag: W/"59b8-17b52df92c8"
age: 58713
uber-trace-id: 3fad79a383b35084:3fad79a383b35084:0:0
x-cache: HIT, HIT
content-length: 22968
x-served-by: cache-syd10127-SYD, cache-fra19158-FRA
last-modified: Tue, 17 Aug 2021 06:49:49 GMT
date: Wed, 18 Aug 2021 11:00:39 GMT
x-frame-options: sameorigin
content-type: font/woff2
cache-control: public, max-age=86400
x-varnish-grace: none
accept-ranges: bytes
x-cache-hits: 1, 163

GET
H2 200 suecahd-regularitalic-webfont.woff2
www.afr.com/fonts/ 24 KB
24 KB 21ms
11ms Font
font/woff2 2a04:4e42:600::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.afr.com/fonts/suecahd-regularitalic-webfont.woff2

Requested by

Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

fa84adaa52138db2f2ca946b1e3ce31105a39a9a1f1b5fb25ad456241c2d0e73

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	sameorigin

Request headers

:path: /fonts/suecahd-regularitalic-webfont.woff2
pragma: no-cache
origin: https://www.afr.com
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: font
:authority: www.afr.com
referer: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://www.afr.com
Referer: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
via: 1.1 varnish, 1.1 varnish
etag: W/"5f4c-17b52df92c8"
age: 69662
uber-trace-id: 7c1f8ada5dc3af76:7c1f8ada5dc3af76:0:0
x-cache: HIT, HIT
content-length: 24396
x-served-by: cache-syd10128-SYD, cache-fra19158-FRA
last-modified: Tue, 17 Aug 2021 06:49:49 GMT
date: Wed, 18 Aug 2021 11:00:39 GMT
x-frame-options: sameorigin
content-type: font/woff2
cache-control: public, max-age=86400
x-varnish-grace: none
accept-ranges: bytes
x-cache-hits: 1, 193

GET
H2 200 suecanano-semibold-webfont.woff2
www.afr.com/fonts/ 17 KB
18 KB 21ms
12ms Font
font/woff2 2a04:4e42:600::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.afr.com/fonts/suecanano-semibold-webfont.woff2

Requested by

Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

85b23ef2b5d148948a0e393c8af051177f818b7fb18cda003998916666caabee

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	sameorigin

Request headers

:path: /fonts/suecanano-semibold-webfont.woff2
pragma: no-cache
origin: https://www.afr.com
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: font
:authority: www.afr.com
referer: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://www.afr.com
Referer: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
via: 1.1 varnish, 1.1 varnish
etag: W/"45f0-17b5706d618"
age: 1089
uber-trace-id: 5d3d6b38b929beda:5d3d6b38b929beda:0:0
x-cache: HIT, HIT
content-length: 17904
x-served-by: cache-syd10136-SYD, cache-fra19158-FRA
last-modified: Wed, 18 Aug 2021 02:11:11 GMT
date: Wed, 18 Aug 2021 11:00:39 GMT
x-frame-options: sameorigin
content-type: font/woff2
cache-control: public, max-age=86400
x-varnish-grace: none
accept-ranges: bytes
x-cache-hits: 1, 5

GET
H2 200 suecahd-bold-webfont.woff2
www.afr.com/fonts/ 22 KB
22 KB 21ms
11ms Font
font/woff2 2a04:4e42:600::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.afr.com/fonts/suecahd-bold-webfont.woff2

Requested by

Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

2f1b3c20947609880fa669248919d46ad2b26b995cd8f7e2f3d764dff3e47bdb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	sameorigin

Request headers

:path: /fonts/suecahd-bold-webfont.woff2
pragma: no-cache
origin: https://www.afr.com
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: font
:authority: www.afr.com
referer: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://www.afr.com
Referer: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
via: 1.1 varnish, 1.1 varnish
etag: W/"5844-17b52df92c8"
age: 59170
uber-trace-id: d6ab75c9cec21794:d6ab75c9cec21794:0:0
x-cache: HIT, HIT
content-length: 22596
x-served-by: cache-syd10168-SYD, cache-fra19158-FRA
last-modified: Tue, 17 Aug 2021 06:49:49 GMT
date: Wed, 18 Aug 2021 11:00:39 GMT
x-frame-options: sameorigin
content-type: font/woff2
cache-control: public, max-age=86400
x-varnish-grace: none
accept-ranges: bytes
x-cache-hits: 1, 161

GET
H2 200 vendorsReactRedux_client.46c606f53e589a748555.chunk.js Show response
www.afr.com/assets/ 153 KB
50 KB 10ms
8ms Script
application/javascript 2a04:4e42:600::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.afr.com/assets/vendorsReactRedux_client.46c606f53e589a748555.chunk.js

Requested by

Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

043143aa508a10f92c1b04b3c91c12eaab463978086af45c2e1556f3557fb344

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

:path: /assets/vendorsReactRedux_client.46c606f53e589a748555.chunk.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.afr.com
referer: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
age: 40914
uber-trace-id: a3f2e88ce1133ff7:a3f2e88ce1133ff7:0:0
x-cache: HIT, HIT
content-length: 51348
etag: W/"26594-17b56619950"
x-served-by: cache-syd10166-SYD, cache-fra19158-FRA
last-modified: Tue, 17 Aug 2021 23:10:42 GMT
x-frame-options: sameorigin
date: Wed, 18 Aug 2021 11:00:39 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31557600
x-varnish-grace: none
accept-ranges: bytes
x-cache-hits: 1, 114

GET
H2 200 vendorsHtmlparser2_client.1f24f94861782650dc0f.chunk.js Show response
www.afr.com/assets/ 126 KB
40 KB 10ms
8ms Script
application/javascript 2a04:4e42:600::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.afr.com/assets/vendorsHtmlparser2_client.1f24f94861782650dc0f.chunk.js

Requested by

Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

c892a3769be374194b10b31015342ea0365d1dad81afc105bfcb6737dbf0442f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

:path: /assets/vendorsHtmlparser2_client.1f24f94861782650dc0f.chunk.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.afr.com
referer: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
age: 40914
uber-trace-id: c11b375874452d8d:c11b375874452d8d:0:0
x-cache: HIT, HIT
content-length: 40390
etag: W/"1f85c-17b56619950"
x-served-by: cache-syd10143-SYD, cache-fra19158-FRA
last-modified: Tue, 17 Aug 2021 23:10:42 GMT
x-frame-options: sameorigin
date: Wed, 18 Aug 2021 11:00:39 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31557600
x-varnish-grace: none
accept-ranges: bytes
x-cache-hits: 1, 115

GET
H2 200 vendors_client.60139292dac49ee7dc33.chunk.js Show response
www.afr.com/assets/ 557 KB
162 KB 13ms
12ms Script
application/javascript 2a04:4e42:600::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.afr.com/assets/vendors_client.60139292dac49ee7dc33.chunk.js

Requested by

Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

c44f5df6ce6f369e021d2e101d633da3ca9ae9515414c90ba0d75491c11fa8d9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

:path: /assets/vendors_client.60139292dac49ee7dc33.chunk.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.afr.com
referer: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
age: 40914
uber-trace-id: 958331b7bffc42a4:958331b7bffc42a4:0:0
x-cache: HIT, HIT
content-length: 165197
etag: W/"8b463-17b56619950"
x-served-by: cache-syd10148-SYD, cache-fra19158-FRA
last-modified: Tue, 17 Aug 2021 23:10:42 GMT
x-frame-options: sameorigin
date: Wed, 18 Aug 2021 11:00:39 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31557600
x-varnish-grace: none
accept-ranges: bytes
x-cache-hits: 1, 2

GET
H2 200 client.d6186a803dde193a4910.js Show response
www.afr.com/assets/ 557 KB
139 KB 13ms
12ms Script
application/javascript 2a04:4e42:600::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.afr.com/assets/client.d6186a803dde193a4910.js

Requested by

Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

be0cf5b4cef2606018b449d50f97ea00d23b1a0ed3e9039069849f5159ef05ed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

:path: /assets/client.d6186a803dde193a4910.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.afr.com
referer: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
age: 29881
uber-trace-id: 31ccfa2d35f124e1:31ccfa2d35f124e1:0:0
x-cache: HIT, HIT
content-length: 142363
etag: W/"8b360-17b57071880"
x-served-by: cache-syd10155-SYD, cache-fra19158-FRA
last-modified: Wed, 18 Aug 2021 02:11:28 GMT
x-frame-options: sameorigin
date: Wed, 18 Aug 2021 11:00:39 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31557600
x-varnish-grace: normal hit
accept-ranges: bytes
x-cache-hits: 1, 2

GET
H2 200 vendors_ArticleTemplate_AustralianIndicesDetail_CompanyDataTemplate_LiveArticleTemplate_MarketsDataA_d50473f0.ec058f9e30549b4430fe.chunk.js Show response
www.afr.com/assets/ 388 KB
106 KB 13ms
12ms Script
application/javascript 2a04:4e42:600::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.afr.com/assets/vendors_ArticleTemplate_AustralianIndicesDetail_CompanyDataTemplate_LiveArticleTemplate_MarketsDataA_d50473f0.ec058f9e30549b4430fe.chunk.js

Requested by

Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

95cffc09aa9c1ff67c0b8086c298df12f858abfbd353df9eec047d8efeed8005

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

:path: /assets/vendors_ArticleTemplate_AustralianIndicesDetail_CompanyDataTemplate_LiveArticleTemplate_MarketsDataA_d50473f0.ec058f9e30549b4430fe.chunk.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.afr.com
referer: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
age: 40935
uber-trace-id: 43a06ffa8bd61238:43a06ffa8bd61238:0:0
x-cache: HIT, HIT
content-length: 108150
etag: W/"60fe5-17b56619950"
x-served-by: cache-syd10167-SYD, cache-fra19158-FRA
last-modified: Tue, 17 Aug 2021 23:10:42 GMT
x-frame-options: sameorigin
date: Wed, 18 Aug 2021 11:00:39 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31557600
x-varnish-grace: none
accept-ranges: bytes
x-cache-hits: 1, 100

GET
H2 200 StandardArticleTemplate.0a02fe1c99cffb783d97.chunk.js Show response
www.afr.com/assets/ 97 KB
28 KB 12ms
11ms Script
application/javascript 2a04:4e42:600::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.afr.com/assets/StandardArticleTemplate.0a02fe1c99cffb783d97.chunk.js

Requested by

Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

802983f3a84c45d534bde37fdc8dafa95525a580590ad557e5dcbe533cc461ab

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

:path: /assets/StandardArticleTemplate.0a02fe1c99cffb783d97.chunk.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.afr.com
referer: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
age: 40893
uber-trace-id: cbc128a01f0bd842:cbc128a01f0bd842:0:0
x-cache: HIT, HIT
content-length: 29009
etag: W/"18300-17b56619950"
x-served-by: cache-syd10137-SYD, cache-fra19158-FRA
last-modified: Tue, 17 Aug 2021 23:10:42 GMT
x-frame-options: sameorigin
date: Wed, 18 Aug 2021 11:00:39 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31557600
x-varnish-grace: none(fetch fresh)
accept-ranges: bytes
x-cache-hits: 2, 33

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 71 KB
25 KB 152ms
73ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: www.afr.com
URL: https://www.afr.com/assets/europa.de4f963dabc10c43fcac.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

sffe /

Resource Hash

96ba14df9d852d35a6a18aeaf5d3ae02f7b945df3ab4b2aae6cdca4591b6e030

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 11:00:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "962 / 106 of 1000 / last-modified: 1629276741"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25175
x-xss-protection: 0
expires: Wed, 18 Aug 2021 11:00:39 GMT

GET
H3-29 200 fbevents.js Show response
connect.facebook.net/en_US/ 98 KB
25 KB 6ms
6ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

c4243f7f5aa95631ca62fab376c3804859e808b66d373d07270872d23b8b081b

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 25944
x-xss-protection: 0
pragma: public
x-fb-debug: KVG/R1R8Kt9z2XFmp03S3DG1buTnecd+PddqKVGYPc7znbdtesFg3lxGaEB6jYo7SqQKiVZ9zLlUAYrWMbfLFg==
x-frame-options: DENY
date: Wed, 18 Aug 2021 11:00:39 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 hotjar-182799.js Show response
static.hotjar.com/c/ 6 KB
3 KB 86ms
50ms Script
application/javascript 13.224.96.116
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-182799.js?sv=6

Requested by

Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.96.116 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-96-116.zrh50.r.cloudfront.net

Software

Resource Hash

d682c04ba7f09adcfad9a5b1b7bfc2e1130427d2a80edf538fec60536a156754

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 11:00:35 GMT
content-encoding: br
x-content-type-options: nosniff
cache-control: max-age=60
age: 33
etag: W/cbf307f85b9164c6d996ecd0383ec8d5
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: IDS7y45zacNvfO5jONtaKFROFgfar9FcCuobB_Xfe7hlCrWRO7gdng==
via: 1.1 697e9166a29142e018dae0e083c25f18.cloudfront.net (CloudFront)

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 5 KB
2 KB 7ms
6ms Script
application/x-javascript 2a02:26f0:6c00:2bd::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:2bd::25ea Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: fed785a6a8ca96fb67230fec5d85f9c508db49f4075aa0ef284af56cd89813e3

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 18 Aug 2021 11:00:39 GMT
Content-Encoding: gzip
Last-Modified: Fri, 13 Aug 2021 21:34:05 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=10570
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2036

GET
H/1.1 200
OK insight.min.js Show response
sjs.bizographics.com/ 5 KB
2 KB 37ms
9ms Script
application/x-javascript 2a02:26f0:6c00:2ae::3adf
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://sjs.bizographics.com/insight.min.js
Requested by: Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:2ae::3adf Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: fed785a6a8ca96fb67230fec5d85f9c508db49f4075aa0ef284af56cd89813e3

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 18 Aug 2021 11:00:39 GMT
Content-Encoding: gzip
Last-Modified: Fri, 13 Aug 2021 21:34:05 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=9850
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2036

GET
H2 200 async.js Show response
static-au.plista.com/ 64 KB
17 KB 374ms
264ms Script
application/javascript 138.201.125.235
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://static-au.plista.com/async.js

Requested by

Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

138.201.125.235 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.235.125.201.138.clients.your-server.de

Software

nginx /

Resource Hash

a3d0f7c45107f6f097378459c64f8c02461a44afe9d787009eb75c709d6ff3df

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-plista-versions: plista-plugin- libplista-php-0.0.0
date: Wed, 18 Aug 2021 11:00:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 766
x-plista-node: plista852
content-length: 17165
last-modified: Wed, 18 Aug 2021 10:47:52 GMT
server: nginx
vary: Accept-Encoding
x-varnish: 673813007 672374247
via: 1.1 varnish-v4
cache-control: public, must-revalidate, proxy-revalidate
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
expires: Thu, 19 Aug 2021 10:47:53 GMT

GET
H2

200

v60.js Show response
cdn-gl.imrworldwide.com/
Redirect Chain

https://secure-au.imrworldwide.com/v60.js
https://cdn-gl.imrworldwide.com/v60.js

21 KB
7 KB

25ms
22ms

Script
application/javascript

2600:9000:2190:9800:2:42d9:3100:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-gl.imrworldwide.com/v60.js
Requested by: Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2190:9800:2:42d9:3100:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 75481bc06d1b02e50fd1cc921a7838e3af6caa9b8c0745b50182ebf29f195e20

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: .KrDWJ6YcsmnfI6j8sx8eWw9CjCealBE
content-encoding: gzip
etag: W/"cc7339d315e5ab16597dd66d153a0e7e"
last-modified: Mon, 12 Oct 2020 13:35:53 GMT
server: AmazonS3
age: 14487
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 a70d280cd058ea89c08954ea0ad67199.cloudfront.net (CloudFront)
cache-control: max-age=86400
date: Wed, 18 Aug 2021 06:59:14 GMT
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: Mv24Jb3R4aBLK4rFE4xq5IBnseMOc3SonzJ5KviLFWx46xq0StM52g==

Redirect headers

location: https://cdn-gl.imrworldwide.com:443/v60.js
date: Wed, 18 Aug 2021 11:00:40 GMT
server: awselb/2.0
content-length: 134
content-type: text/html

GET
H2 200 ggcmb510.js Show response
cdn-gl.imrworldwide.com/novms/js/2/ 12 KB
5 KB 82ms
50ms Script
application/javascript 2600:9000:2190:9800:2:42d9:3100:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-gl.imrworldwide.com/novms/js/2/ggcmb510.js
Requested by: Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2190:9800:2:42d9:3100:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f68ec7cf550e86cb14e4d992724157c4f625ea3f0cd7d06e9e533c17c735401d

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: CCMI3VWmKWubVxFEKMv9LWwmbbOYiB9F
content-encoding: gzip
etag: W/"afa0d379b1e6e0a61fad577d0043ff26"
last-modified: Tue, 06 Jul 2021 14:06:24 GMT
server: AmazonS3
age: 2531
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 a70d280cd058ea89c08954ea0ad67199.cloudfront.net (CloudFront)
cache-control: max-age=86400
date: Wed, 18 Aug 2021 10:18:29 GMT
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: xfW1b7V7Z4Vu6nalDn48_7rQOvXitlRK7zh3bh_J6RTz6U9X_1ZZZg==

GET
H/1.1 200
OK adc.js Show response
adc-js.nine.com.au/ 76 KB
22 KB 97ms
15ms Script
application/javascript 2600:9000:2156:b000:7:3896:c640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://adc-js.nine.com.au/adc.js
Requested by: Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:b000:7:3896:c640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 934d4d6010b2bfc6795c8212555ff307c8e883a8fa5f974f601773d4f17e156f

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 18 Aug 2021 10:56:35 GMT
Content-Encoding: gzip
Connection: keep-alive
Last-Modified: Tue, 02 Mar 2021 06:12:51 GMT
Server: AmazonS3
Age: 248
ETag: W/"23c4e4ce44af9dfacd823a16445bddda"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Content-Type: application/javascript; charset=utf-8
Via: 1.1 5f6905ea282e042ad3334bfed8a840ce.cloudfront.net (CloudFront)
Cache-Control: public, max-age=300
Transfer-Encoding: chunked
X-Amz-Cf-Pop: FRA50-C1
X-Amz-Cf-Id: 58tEJC8ViIj912YjZP-ilWsYLm0rbt1aV7s96Hj-r5YjVCWZ1WsY-w==

OPTIONS
H/1.1 200
OK tp2
i.ffx.io/com.snowplowanalytics.snowplow/ Frame 0
0 1182ms
284ms Preflight 3.24.38.18
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://i.ffx.io/com.snowplowanalytics.snowplow/tp2
Protocol: HTTP/1.1
Server: 3.24.38.18 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-24-38-18.ap-southeast-2.compute.amazonaws.com
Software: akka-http/10.0.9 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.afr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Origin: https://www.afr.com
Date: Wed, 18 Aug 2021 11:00:41 GMT
Server: akka-http/10.0.9
Content-Length: 0
Connection: keep-alive

GET
H2 200 06aef98c0ec0267c431e72964f517efc.sprite.svg Show response
www.afr.com/assets/svg/ 117 KB
41 KB 247ms
247ms XHR
image/svg+xml 2a04:4e42:600::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.afr.com/assets/svg/06aef98c0ec0267c431e72964f517efc.sprite.svg

Requested by

Host: www.afr.com
URL: https://www.afr.com/assets/vendors_client.60139292dac49ee7dc33.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

6fc0610223b1566c3193b3f2ab6c6840b51f271afb0398f2d7df0e3a754b2a5c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	sameorigin

Request headers

:path: /assets/svg/06aef98c0ec0267c431e72964f517efc.sprite.svg
pragma: no-cache
cookie: _sp_ses.0af9=*; _sp_id.0af9=15a892a7-6d67-4a18-b47d-e1f170a1cc1d.1629284440.1.1629284440.1629284440.02122cd8-cd01-43a1-9008-d158e7d5dca9
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: www.afr.com
referer: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
etag: W/"1d361-17b517ef540"
age: 122791
uber-trace-id: 33e677d6dbb705fc:33e677d6dbb705fc:0:0
x-cache: HIT, HIT
content-length: 41597
x-served-by: cache-syd10175-SYD, cache-fra19158-FRA
last-modified: Tue, 17 Aug 2021 00:24:40 GMT
x-frame-options: sameorigin
date: Wed, 18 Aug 2021 11:00:39 GMT
vary: Accept-Encoding
content-type: image/svg+xml
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31557600
x-varnish-grace: none
accept-ranges: bytes
x-cache-hits: 2, 217

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 96 KB
29 KB 14ms
7ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: www.afr.com
URL: https://www.afr.com/assets/vendors_client.60139292dac49ee7dc33.chunk.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67BD) /
Resource Hash: 8db61f95a8f3554830efc6c3942b7322efef09b9d7f0cbfe32135e0fac106d18

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 18 Aug 2021 11:00:40 GMT
Content-Encoding: gzip
Last-Modified: Mon, 02 Aug 2021 20:34:57 GMT
Server: ECS (frb/67BD)
Age: 839
Etag: "d405b816322f9770c70cbd10cfa87be4+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=1800
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 28872

GET
H3-29 200 sdk.js Show response
connect.facebook.net/en_GB/ 3 KB
2 KB 10ms
6ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_GB/sdk.js

Requested by

Host: www.afr.com
URL: https://www.afr.com/assets/client.d6186a803dde193a4910.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

b89dfe784db220c9e23135a20bb10c132c9499afdd755c807dcee7769baf1dac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 11:00:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-md5: BaPmGS7ivMTzK+94rVeKqg==
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 1685
x-fb-rlafr: 0
x-fb-debug: YkRBiUjht6N1FxEqdA1x0CB7Z3HSgrWRI0NtkdqWEM288DGS9RN/tuTFFP5rSI8yX1GPA7NmHPPxtq0R8rJtQg==
x-fb-content-md5: a56b130aefe7e5eee0295b649acd4462
x-frame-options: DENY
etag: "33296ffafbdd232e3a9cfc3d2b6fab77"
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
timing-allow-origin: *
priority: u=3,i
expires: Wed, 18 Aug 2021 11:01:25 GMT

GET
H2 200 in.js Show response
platform.linkedin.com/ 201 KB
61 KB 38ms
14ms Script
text/javascript 2606:2800:233:66b5:799a:7cd3:f74d:7071
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.linkedin.com/in.js
Requested by: Host: www.afr.com
URL: https://www.afr.com/assets/client.d6186a803dde193a4910.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:233:66b5:799a:7cd3:f74d:7071 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (frc/8F0A) /
Resource Hash: 149df2a43242f35804b8e953f3edfc266ca3631444559cdf5950473259b1c67f

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 11:00:40 GMT
content-encoding: gzip
x-cdn-client-ip-version: IPV6
x-cdn: ECST
age: 1271
x-cache: HIT
x-cdn-proto: HTTP2
content-length: 62393
x-li-uuid: sD6LHWlgnBagzgfcKCsAAA==
server: ECAcc (frc/8F0A)
last-modified: Wed, 18 Aug 2021 10:39:29 GMT
x-li-pop: prod-edc2
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
accept-ranges: bytes
x-li-proto: http/1.1
x-li-fabric: prod-lva1
expires: Wed, 18 Aug 2021 11:39:29 GMT

POST
H/1.1 200
OK tp2 Show response
i.ffx.io/com.snowplowanalytics.snowplow/ 2 B
435 B 1138ms
284ms XHR
text/plain 3.24.38.18
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://i.ffx.io/com.snowplowanalytics.snowplow/tp2
Requested by: Host: d2uhnetoehh304.cloudfront.net
URL: https://d2uhnetoehh304.cloudfront.net/2.11.0-patched/sp.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.24.38.18 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-24-38-18.ap-southeast-2.compute.amazonaws.com
Software: akka-http/10.0.9 /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json; charset=UTF-8

Response headers

Date: Wed, 18 Aug 2021 11:00:42 GMT
Server: akka-http/10.0.9
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
Access-Control-Allow-Origin: https://www.afr.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/plain; charset=UTF-8
Content-Length: 2

GET
H2 200 p58hyi Show response
api.afr.com/api/content/v0/assets/ 11 KB
4 KB 328ms
300ms XHR
application/json 2a04:4e42:600::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://api.afr.com/api/content/v0/assets/p58hyi
Requested by: Host: www.afr.com
URL: https://www.afr.com/assets/vendors_client.60139292dac49ee7dc33.chunk.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:600::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: dcb2ad91672f10d1a64259ff09e8b24870aa0c6e6be9430f44c03be94c9853f5

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 11:00:40 GMT
via: 1.1 varnish, 1.1 varnish
age: 0
x-served-by: cache-syd10149-SYD, cache-fra19164-FRA
vary: Accept-Encoding
x-cache: MISS, MISS
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=30
x-varnish-grace: none(fetch fresh)
accept-ranges: bytes
content-encoding: gzip
content-length: 3970
x-cache-hits: 0, 0

GET
H2 200 p588ve Show response
api.afr.com/api/content/v0/assets/ 13 KB
4 KB 342ms
314ms XHR
application/json 2a04:4e42:600::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://api.afr.com/api/content/v0/assets/p588ve
Requested by: Host: www.afr.com
URL: https://www.afr.com/assets/vendors_client.60139292dac49ee7dc33.chunk.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:600::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: e418ed54f83716677c0633e56a356ce56cccf12c3e3f695f8dda8a8407dafb3c

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 11:00:40 GMT
via: 1.1 varnish, 1.1 varnish
age: 0
x-served-by: cache-syd10123-SYD, cache-fra19164-FRA
vary: Accept-Encoding
x-cache: MISS, MISS
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=30
x-varnish-grace: none(fetch fresh)
accept-ranges: bytes
content-encoding: gzip
content-length: 4445
x-cache-hits: 0, 0

GET
H2 200 p58j1d Show response
api.afr.com/api/content/v0/assets/ 13 KB
4 KB 352ms
324ms XHR
application/json 2a04:4e42:600::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://api.afr.com/api/content/v0/assets/p58j1d
Requested by: Host: www.afr.com
URL: https://www.afr.com/assets/vendors_client.60139292dac49ee7dc33.chunk.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:600::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 50df3c2e249e4ebf85fa0f2fabdaabab33dcf645936abd4dbae1a3c9e18ae287

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 11:00:40 GMT
via: 1.1 varnish, 1.1 varnish
age: 0
x-served-by: cache-syd10138-SYD, cache-fra19164-FRA
vary: Accept-Encoding
x-cache: MISS, MISS
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=30
x-varnish-grace: none(fetch fresh)
accept-ranges: bytes
content-encoding: gzip
content-length: 4391
x-cache-hits: 0, 0

GET
H2 200 graphql Show response
api.afr.com/ 196 B
261 B 334ms
321ms XHR
application/json 2a04:4e42:600::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://api.afr.com/graphql?query=query%20memberDetailsAndSubscriptions%20%7B%20memberDetails%20%7B%20error%20%7B%20message%20type%20%7B%20class%20%7D%20%7D%20member%20%7B%20profile%20%7B%20displayName%20email%20roles%20%7B%20accountId%20role%20%7D%20shortID%20type%20%7D%20%7D%20%7D%20memberSubscriptionDetails%20%7B%20error%20%7B%20message%20type%20%7B%20class%20%7D%20%7D%20subscription%20%7B%20entitlements%20plans%20%7D%20%7D%20%7D%20&operationName=memberDetailsAndSubscriptions&variables=%7B%7D
Requested by: Host: www.afr.com
URL: https://www.afr.com/assets/vendors_client.60139292dac49ee7dc33.chunk.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:600::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 714892f1fc598fef48b0331e7af69cdac69bfb2cec684d199b8650da4a278c75

Request headers

Accept: application/json
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 11:00:40 GMT
via: 1.1 varnish, 1.1 varnish
x-served-by: cache-syd10146-SYD, cache-fra19158-FRA
vary: Origin, Accept-Encoding
x-cache: MISS, MISS
content-type: application/json
access-control-allow-origin: https://www.afr.com
cache-control: private, max-age=0
access-control-allow-credentials: true
accept-ranges: bytes
content-length: 196
x-cache-hits: 0, 0

GET
H2 200 graphql Show response
api.afr.com/ 165 B
231 B 322ms
310ms XHR
application/json 2a04:4e42:600::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://api.afr.com/graphql?query=query%20Account%20%7B%20account%20%7B%20autoplay%20error%20%7B%20message%20type%20%7D%20location%20%7B%20postCode%20state%20suburb%20%7D%20onboarding%20%7B%20newsfeed%20tags%20%7D%20%7D%20%7D%20&operationName=Account&variables=%7B%7D
Requested by: Host: www.afr.com
URL: https://www.afr.com/assets/vendors_client.60139292dac49ee7dc33.chunk.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:600::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 07a7e43a30c29cd24df54879f4fc788b60a76962f3b3c5623717c19762240225

Request headers

Accept: application/json
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 11:00:40 GMT
via: 1.1 varnish, 1.1 varnish
x-served-by: cache-syd10148-SYD, cache-fra19158-FRA
vary: Origin, Accept-Encoding
x-cache: MISS, MISS
content-type: application/json
access-control-allow-origin: https://www.afr.com
cache-control: private, max-age=0
access-control-allow-credentials: true
accept-ranges: bytes
content-length: 165
x-cache-hits: 0, 0

GET
H2 200 graphql Show response
api.afr.com/ 104 B
218 B 318ms
306ms XHR
application/json 2a04:4e42:600::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://api.afr.com/graphql?query=query%20isAssetInSavedList(%24assetID%3A%20String!%2C%20%24brand%3A%20Brand!)%20%7B%20isAssetInSavedList(input%3A%20%7BassetID%3A%20%24assetID%2C%20brand%3A%20%24brand%7D)%20%7B%20isSaved%20error%20%7B%20message%20%7D%20%7D%20%7D%20&operationName=isAssetInSavedList&variables=%7B%22assetID%22%3A%22p58je4%22%2C%22brand%22%3A%22afr%22%7D
Requested by: Host: www.afr.com
URL: https://www.afr.com/assets/vendors_client.60139292dac49ee7dc33.chunk.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:600::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 54b3121637851046e882df8591a9f2c4472adc2f0c39290cd583e9fccf1aace0

Request headers

Accept: application/json
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 11:00:40 GMT
via: 1.1 varnish, 1.1 varnish
x-served-by: cache-syd10122-SYD, cache-fra19158-FRA
vary: Origin, Accept-Encoding
x-cache: MISS, MISS
content-type: application/json
access-control-allow-origin: https://www.afr.com
cache-control: private, max-age=0
access-control-allow-credentials: true
accept-ranges: bytes
content-length: 104
x-cache-hits: 0, 0

GET
H2 200 graphql Show response
api.afr.com/ 16 KB
2 KB 311ms
301ms XHR
application/json 2a04:4e42:600::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://api.afr.com/graphql?query=query%20FinancialStockRelatedQuotes(%24symbol%3A%20String!)%20%7B%20quoteFull%3A%20financialStockSummaryQuote(symbol%3A%20%24symbol)%20%7B%20...FinancialStockRelatedSummaryQuoteFragment%20%7D%20quoteHistory%3A%20financialStockHistoricalQuotes(%20interval%3A%20DAILY_1_YEAR%20symbol%3A%20%24symbol%20)%20%7B%20...FinancialStockRelatedHistoricalQuotesChartFragment%20%7D%20quoteIntradayTrades%3A%20financialStockHistoricalQuotes(%20interval%3A%20FIVE_MINUTES_1_DAY%20symbol%3A%20%24symbol%20)%20%7B%20...FinancialStockIntradayRelatedQuotesChartFragment%20%7D%20%7D%20fragment%20FinancialStockRelatedHistoricalQuotesChartFragment%20on%20FinancialStockHistoricalQuotesResponse%20%7B%20error%20%7B%20message%20type%20%7B%20class%20%7D%20%7D%20quotes%20%7B%20date%3A%20time%20close%20%7D%20%7D%20fragment%20FinancialStockIntradayRelatedQuotesChartFragment%20on%20FinancialStockHistoricalQuotesResponse%20%7B%20error%20%7B%20message%20type%20%7B%20class%20%7D%20%7D%20quotes%20%7B%20date%3A%20time%20salePrice%3A%20close%20%7D%20%7D%20fragment%20FinancialStockRelatedSummaryQuoteFragment%20on%20FinancialStockSummaryQuoteResponse%20%7B%20error%20%7B%20message%20type%20%7B%20class%20%7D%20%7D%20quote%20%7B%20last%3A%20lastPrice%20lastUpdated%3A%20providerUpdateTime%20open%3A%20openPrice%20previousClose%20%7D%20%7D%20&operationName=FinancialStockRelatedQuotes&variables=%7B%22symbol%22%3A%22ASX_CBA%22%7D
Requested by: Host: www.afr.com
URL: https://www.afr.com/assets/vendors_client.60139292dac49ee7dc33.chunk.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:600::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 12bee420856477c7e5736f26aa9d04afabe0ea281eb9b55f895be9da4d880134

Request headers

Accept: application/json
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 11:00:40 GMT
content-encoding: gzip
age: 43
x-served-by: cache-syd10123-SYD, cache-fra19158-FRA
vary: Accept-Encoding, Origin
x-cache: HIT, MISS
content-type: application/json
access-control-allow-origin: https://www.afr.com
cache-control: public, max-age=60
access-control-allow-credentials: true
accept-ranges: bytes
content-length: 2177
via: 1.1 varnish, 1.1 varnish
x-cache-hits: 1, 0

GET
H2 200 graphql Show response
api.afr.com/ 473 B
416 B 325ms
315ms XHR
application/json 2a04:4e42:600::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://api.afr.com/graphql?query=query%20PaywallRuleQuery(%24context%3A%20PaywallRuleRequestContext!%2C%20%24story%3A%20PaywallRuleRequestStory!)%20%7B%20paywallRule(context%3A%20%24context%2C%20story%3A%20%24story)%20%7B%20error%20%7B%20message%20type%20%7B%20class%20%7D%20%7D%20rule%20%7B%20...RuleFragment%20%7D%20%7D%20%7D%20fragment%20RuleFragment%20on%20PaywallRuleData%20%7B%20meter%20%7B%20global%20%7D%20prompt%20%7B%20...PromptFragment%20%7D%20promptType%20%7D%20fragment%20PromptFragment%20on%20Prompt%20%7B%20callToAction%20countRemaining%20message%20style%20subscriptionURL%20title%20%7D%20&operationName=PaywallRuleQuery&variables=%7B%22context%22%3A%7B%22alreadyMetered%22%3Afalse%2C%22currentMeterCount%22%3A0%2C%22referrer%22%3A%22%22%2C%22bypassURL%22%3A%22https%3A%2F%2Fwww.afr.com%2Fcompanies%2Ffinancial-services%2Fcba-launches-steppay-lifts-payment-revenue-20210817-p58je4%22%7D%2C%22story%22%3A%7B%22brand%22%3A%22AFR%22%2C%22categories%22%3A%5B%22Companies%22%2C%22Financial%20services%22%5D%2C%22sponsored%22%3Afalse%2C%22tags%22%3A%5B%22Buy%20Now%20Pay%20Later%22%2C%22Commonwealth%20Bank%20of%20Australia%22%2C%22Debit%20cards%22%2C%22Credit%20cards%22%5D%2C%22type%22%3A%22ARTICLE%22%7D%7D
Requested by: Host: www.afr.com
URL: https://www.afr.com/assets/vendors_client.60139292dac49ee7dc33.chunk.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:600::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: fdb3c6cf003fd30bfc3edd21a3664edc2b4407daef1879323378c491742c93ec

Request headers

Accept: application/json
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 11:00:40 GMT
content-encoding: gzip
x-served-by: cache-syd10126-SYD, cache-fra19158-FRA
vary: Accept-Encoding, Origin
x-cache: MISS, MISS
content-type: application/json
access-control-allow-origin: https://www.afr.com
cache-control: private, max-age=0
access-control-allow-credentials: true
accept-ranges: bytes
content-length: 350
via: 1.1 varnish, 1.1 varnish
x-cache-hits: 0, 0

GET
H2 200 graphql Show response
api.afr.com/ 145 B
214 B 324ms
315ms XHR
application/json 2a04:4e42:600::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://api.afr.com/graphql?query=query%20AudienceSegmentsQuery(%24userId%3A%20String!)%20%7B%20audienceSegments(userId%3A%20%24userId)%20%7B%20segments%20%7B%20engagementSegment%20%7B%20batchTime%20userSegment%20%7D%20%7D%20error%20%7B%20message%20type%20%7B%20class%20%7D%20%7D%20%7D%20%7D%20&operationName=AudienceSegmentsQuery&variables=%7B%22userId%22%3A%2215a892a7-6d67-4a18-b47d-e1f170a1cc1d%22%7D
Requested by: Host: www.afr.com
URL: https://www.afr.com/assets/vendors_client.60139292dac49ee7dc33.chunk.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:600::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 14e4b088db7fbce1fc7c9e34f33ce0766a0359a92f87b73df2b4b72d24a6a769

Request headers

Accept: application/json
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 11:00:40 GMT
content-encoding: gzip
age: 0
x-served-by: cache-syd10149-SYD, cache-fra19158-FRA
vary: Origin, Accept-Encoding
x-cache: MISS, MISS
content-type: application/json
access-control-allow-origin: https://www.afr.com
cache-control: public, max-age=600
access-control-allow-credentials: true
accept-ranges: bytes
content-length: 129
via: 1.1 varnish, 1.1 varnish
x-cache-hits: 0, 0

GET
H/1.1 200
OK channels.cgi Show response
fairfaxmedia.gscontxt.net/main/ 745 B
823 B 158ms
29ms Script
application/javascript 158.101.192.251
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to

Full URL: https://fairfaxmedia.gscontxt.net/main/channels.cgi?url=https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4
Requested by: Host: www.afr.com
URL: https://www.afr.com/assets/europa.de4f963dabc10c43fcac.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 158.101.192.251 Amsterdam, Netherlands, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software: /
Resource Hash: 88dd0207d35f1b18db74d4181cb5cf5d93071ffc7fb7df42e98336dedb40eb92

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length: 745
Content-Type: application/javascript

GET
H2 200 moatheader.js Show response
z.moatads.com/fairfaxheader492510264302/ 235 KB
81 KB 126ms
38ms Script
application/x-javascript 2.18.235.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/fairfaxheader492510264302/moatheader.js
Requested by: Host: www.afr.com
URL: https://www.afr.com/assets/europa.de4f963dabc10c43fcac.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-235-40.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 4138fa24ba38146567fc1f9638842416895edd55637b0d9dfec8ad12d2b6695d

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 11:00:40 GMT
content-encoding: gzip
last-modified: Tue, 10 Aug 2021 15:08:08 GMT
server: AmazonS3
x-amz-request-id: ZTWDVG5ZMKET3BN2
etag: "b85c9af710993d41180176303cc6e2f1"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=41842
accept-ranges: bytes
content-length: 82484
x-amz-id-2: NIAXkBDArL+TLBCddQ8t9smdDTQxyo0Ye2U/8rr9qqJlQKokRFyvNNG5/fuxUGImXngYY+KXJy4=

GET
H2 200 e9fbb463e39c162ec3c6b810ea1a6e0673080873
static.ffx.io/images/$zoom_0.424%2C$multiply_2%2C$ratio_0.666667%2C$width_378%2C$x_0%2C$y_0/t_crop_custom/c_scale%2Cw_220%2Cq_88%2Cf_auto/ 16 KB
16 KB 15ms
15ms Image
image/webp 2a04:4e42:600::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffx.io/images/$zoom_0.424%2C$multiply_2%2C$ratio_0.666667%2C$width_378%2C$x_0%2C$y_0/t_crop_custom/c_scale%2Cw_220%2Cq_88%2Cf_auto/e9fbb463e39c162ec3c6b810ea1a6e0673080873
Requested by: Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:600::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: cloudinary /
Resource Hash: be7d308af96cd2fa078cfdde209021a48d6a4c541421229a23e8a181018cd52a

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 11:00:40 GMT
via: 1.1 varnish, 1.1 varnish
age: 55453
edge-cache-tag: 404527957635247217564919241850102610580,364485808891402362627182097612380868791,5f5f4219172da4ec8104790896b11172
content-disposition: inline; filename="e9fbb463e39c162ec3c6b810ea1a6e0673080873.webp"
content-length: 16178
x-served-by: cache-fra19142-FRA, cache-fra19158-FRA
x-cache: MISS, HIT
x-cld-skey: 404527957635247217564919241850102610580 364485808891402362627182097612380868791 5f5f4219172da4ec8104790896b11172
last-modified: Tue, 17 Aug 2021 07:06:42 GMT
server: cloudinary
x-timer: S1629284440.195825,VS0,VE1
etag: "3a3493632f2b10ddb2928162e2f97161"
vary: User-Agent
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1

GET
H2 200 graphql Show response
api.afr.com/ 37 KB
8 KB 960ms
958ms XHR
application/json 2a04:4e42:600::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://api.afr.com/graphql?query=query%20PageContentByPageType(%24brand%3A%20Brand!%2C%20%24pageType%3A%20PageType!%2C%20%24render%3A%20Render!)%20%7B%20pageContentByPageType(brand%3A%20%24brand%2C%20pageType%3A%20%24pageType%2C%20render%3A%20%24render)%20%7B%20contentUnits%20%7B%20assets%20%7B%20...AssetFragment%20sponsor%20%7B%20name%20%7D%20%7D%20config%20%7B%20heading%20headingLink%20%7D%20name%20%7D%20%7D%20%7D%20fragment%20AssetFragment%20on%20Asset%20%7B%20asset%20%7B%20about%20byline%20duration%20headlines%20%7B%20headline%20%7D%20live%20%7D%20assetType%20dates%20%7B%20firstPublished%20modified%20published%20%7D%20id%20featuredImages%20%7B%20landscape16x9%20%7B%20...ImageFragment%20%7D%20landscape3x2%20%7B%20...ImageFragment%20%7D%20portrait2x3%20%7B%20...ImageFragment%20%7D%20square1x1%20%7B%20...ImageFragment%20%7D%20%7D%20label%20tags%20%7B%20primary%3A%20primaryTag%20%7B%20...AssetTag%20%7D%20secondary%20%7B%20...AssetTag%20%7D%20%7D%20urls%20%7B%20...AssetURLs%20%7D%20%7D%20fragment%20AssetTag%20on%20AssetTagDetails%20%7B%20company%20%7B%20exchangeCode%20stockCode%20%7D%20context%20displayName%20id%20name%20shortID%20slug%20urls%20%7B%20canonical%20%7B%20brand%20path%20%7D%20published%20%7B%20afr%20%7B%20path%20%7D%20%7D%20%7D%20%7D%20fragment%20AssetURLs%20on%20AssetURLs%20%7B%20canonical%20%7B%20brand%20path%20%7D%20published%20%7B%20afr%20%7B%20path%20%7D%20%7D%20%7D%20fragment%20ImageFragment%20on%20Image%20%7B%20data%20%7B%20aspect%20autocrop%20cropWidth%20id%20offsetX%20offsetY%20zoom%20%7D%20%7D%20&operationName=PageContentByPageType&variables=%7B%22brand%22%3A%22AFR%22%2C%22pageType%22%3A%22article%22%2C%22render%22%3A%22WEB%22%7D
Requested by: Host: www.afr.com
URL: https://www.afr.com/assets/vendors_client.60139292dac49ee7dc33.chunk.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:600::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: b0717638626cf80479f94828b15eb3488c56c9a5521321c67c27bde07d463354

Request headers

Accept: application/json
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 11:00:41 GMT
content-encoding: gzip
age: 18
x-served-by: cache-syd10130-SYD, cache-fra19158-FRA
vary: Accept-Encoding, Origin
x-cache: HIT, MISS
content-type: application/json
access-control-allow-origin: https://www.afr.com
cache-control: public, max-age=30
access-control-allow-credentials: true
accept-ranges: bytes
content-length: 7686
via: 1.1 varnish, 1.1 varnish
x-cache-hits: 2, 0

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=9724&time=1629284440227&url=https%3A%2F%2Fwww.afr.com%2Fcompanies%2Ffinancial-services%2Fcba-launches-steppay-lifts-payment-revenue-20210817-p58je4
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D9724%26time%3D1629284440227%26url%3Dhttps%253A%252F%252Fwww.afr.com%252Fcompanies...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=9724&time=1629284440227&url=https%3A%2F%2Fwww.afr.com%2Fcompanies%2Ffinancial-services%2Fcba-launches-steppay-lifts-payment-revenue-20210817-p58je...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=9724&time=1629284440227&url=https%3A%2F%2Fwww.afr.com%2Fcompanies%2Ffinancial-services%2Fcba-launches-steppay-lifts-payment-revenue-20210817-p58j...

0
63 B

136ms
136ms

Image
application/javascript

108.174.10.14
LINKEDIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=9724&time=1629284440227&url=https%3A%2F%2Fwww.afr.com%2Fcompanies%2Ffinancial-services%2Fcba-launches-steppay-lifts-payment-revenue-20210817-p58je4&liSync=true&e_ipv6=AQIg4fo9CcU5ugAAAXtY65v6g2PtOznOUaWODJudzf63fciCd9vVpe0J7c9wOej3VvS3_Ck_
Requested by: Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 108.174.10.14 , United States, ASN14413 (LINKEDIN, US),
Reverse DNS: 108-174-10-14.fwd.linkedin.com
Software: Play /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 11:00:41 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-lva1
x-li-proto: http/2
x-li-pop: prod-edc2
content-type: application/javascript
content-length: 0
x-li-uuid: aUieJZFhnBaw/zHZWCsAAA==

Redirect headers

date: Wed, 18 Aug 2021 11:00:41 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-lva1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=9724&time=1629284440227&url=https%3A%2F%2Fwww.afr.com%2Fcompanies%2Ffinancial-services%2Fcba-launches-steppay-lifts-payment-revenue-20210817-p58je4&liSync=true&e_ipv6=AQIg4fo9CcU5ugAAAXtY65v6g2PtOznOUaWODJudzf63fciCd9vVpe0J7c9wOej3VvS3_Ck_
x-li-proto: http/2
x-li-pop: prod-edc2
content-length: 0
x-li-uuid: ZPNhGpFhnBag+EPugSsAAA==

GET
H3-29 200 419599435931961 Show response
connect.facebook.net/signals/config/ 253 KB
72 KB 15ms
13ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/419599435931961?v=2.9.44&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

9e79fb1ca812a310f0ed1fb24bcc3a1d6528be4701b2b649d715c4f24a2786f5

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 73323
x-xss-protection: 0
pragma: public
x-fb-debug: t2KynbXLgLLr7elQRKp6RldNMcfuRDzwEBlvQcOpDmRpTkHlhnVwX80avQAl7Ajai3yTlkgpJbatk0lIii03aA==
x-frame-options: DENY
date: Wed, 18 Aug 2021 11:00:40 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 modules.e763089bec9f2503d752.js Show response
script.hotjar.com/ 221 KB
59 KB 87ms
19ms Script
application/javascript 13.224.96.63
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.e763089bec9f2503d752.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-182799.js?sv=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.96.63 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-96-63.zrh50.r.cloudfront.net

Software

Resource Hash

b8e39dad2211fe2aafd3c487471c94934a5230aeb00608f59b80c880ce777440

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 10:32:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1715
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 59555
access-control-allow-origin: *
last-modified: Wed, 18 Aug 2021 10:31:58 GMT
etag: "59b0bd2bf71a6ea4a84151c51b91fba8"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 c76347c8ef1f3a2b6fb69cd7d1c6f749.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: AxiMMl7qxmbI37EuIFtpGNIvHpN-q9zRbHYmJZ0tU_TdDJ5DF6APvQ==

GET
H2 200 glcfg510.js Show response
cdn-gl.imrworldwide.com/novms/js/2/configs/ 2 KB
1 KB 13ms
11ms Script
application/javascript 2600:9000:2190:9800:2:42d9:3100:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-gl.imrworldwide.com/novms/js/2/configs/glcfg510.js
Requested by: Host: cdn-gl.imrworldwide.com
URL: https://cdn-gl.imrworldwide.com/novms/js/2/ggcmb510.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2190:9800:2:42d9:3100:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: acf3b5b3ade1391096f23120b725a032dce430448ba8aff2a6f0c3f9c598b2a3

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: WjsnzgaprW5100I1pXifDit.u8HzQpkS
content-encoding: gzip
etag: W/"931051f801612c3a0e2782961ac3d56c"
last-modified: Tue, 17 Aug 2021 13:40:58 GMT
server: AmazonS3
age: 1741
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 a70d280cd058ea89c08954ea0ad67199.cloudfront.net (CloudFront)
cache-control: max-age=86400
date: Wed, 18 Aug 2021 10:31:40 GMT
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: 91oOahOBGS9BqYc9ezYD0vTwxU6LkDNszQ_cV3aHNGfV_hxxn_jgaw==

GET
H3-29 200 sdk.js Show response
connect.facebook.net/en_GB/ 235 KB
68 KB 11ms
10ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_GB/sdk.js?hash=57673ae56af9c1bdbf022921ea144a6e

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_GB/sdk.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

55ce473447398b8cf1945e50781237dc8d0a1ba109a661dff2a702f412a9b67f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Origin: https://www.afr.com
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: VRl7KRnzPUm5htdy0q4tPw==
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 69729
x-fb-rlafr: 0
x-fb-debug: v/vnLq53s+gU+8epwH00a6044YNVRGyfkClMvnRqpCWWnLPGrTAR5xAFxMwldeBobxd56Iny4XFacTakPSxv/A==
x-fb-content-md5: f1625aa685fd382445e947590c6d87fd
x-frame-options: DENY
date: Wed, 18 Aug 2021 11:00:40 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
etag: "a33efb2ad3a197ae5a69fc08ae7d61a7"
timing-allow-origin: *
priority: u=3,i
expires: Thu, 18 Aug 2022 09:55:08 GMT

GET
DATA 200
OK truncated
/ 66 B
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b71c20271d9c80d1a71aa0ab9935281c4fa8ac404533f1a0747d7fb03fc68e79

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/webp

GET
H3-29 200 pubads_impl_2021081201.js Show response
securepubads.g.doubleclick.net/gpt/ 329 KB
115 KB 90ms
51ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021081201.js?31062301

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

sffe /

Resource Hash

01e51940762b45561e5a0c1ea5e5ad122f4c732178d0cb428f8f4409030efb13

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 11:00:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 12 Aug 2021 08:42:15 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 117424
x-xss-protection: 0
expires: Wed, 18 Aug 2021 11:00:40 GMT

GET
H3-29 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 124 B
121 B 65ms
31ms XHR
application/json 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.afr.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

b462ede43ecdda05f2c835d4c3178d5d2fa2567dd194963027095fb4f8102f4d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 18 Aug 2021 11:00:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 96
x-xss-protection: 0
expires: Wed, 18 Aug 2021 11:00:40 GMT

GET
H/1.1 200
OK widget_iframe.f88235f49a156f8b4cab34c7bc1a0acc.html Show response
platform.twitter.com/widgets/ Frame 0B54 319 KB
103 KB 12ms
6ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.f88235f49a156f8b4cab34c7bc1a0acc.html?origin=https%3A%2F%2Fwww.afr.com
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67D5) /
Resource Hash: c6d03b7a5561687268e57b13d9d4a6a4c71ee570ea74718040ce9227676e3e5e

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.afr.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.afr.com/

Response headers

Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 763343
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Wed, 18 Aug 2021 11:00:40 GMT
Etag: "8321d7cf58d70200c1423dfa0bca40f6+gzip"
Last-Modified: Mon, 02 Aug 2021 20:33:53 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (frb/67D5)
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 105433

GET
H2 200 fc2c63baa23f7c11ea923073.js Show response
static-au.plista.com/async/pub/ 31 B
362 B 32ms
27ms Script
application/javascript 138.201.125.235
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://static-au.plista.com/async/pub/fc2c63baa23f7c11ea923073.js

Requested by

Host: static-au.plista.com
URL: https://static-au.plista.com/async.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

138.201.125.235 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.235.125.201.138.clients.your-server.de

Software

nginx /

Resource Hash

e8a2bc039ea82266ecd31dcb748fe90f212f6358fcf2502eb0061d9652b3638f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 11:00:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 18 Aug 2021 10:52:02 GMT
server: nginx
age: 517
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
via: 1.1 varnish-v4
cache-control: public, must-revalidate, proxy-revalidate
x-varnish: 673528228 672583831
accept-ranges: bytes
content-length: 51
expires: Thu, 19 Aug 2021 10:52:03 GMT

GET
H2 200 box-25a418976ea02a6f393fbbe77cec94bb.html Show response
vars.hotjar.com/ Frame E4FB 2 KB
1 KB 77ms
16ms Document
text/html 13.224.96.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vars.hotjar.com/box-25a418976ea02a6f393fbbe77cec94bb.html
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-182799.js?sv=6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.96.12 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-96-12.zrh50.r.cloudfront.net
Software: /
Resource Hash: 7a44e0685d8929b5d4d50476273c9957c8c76f03afc424c665a4066e5bc1beb9

Request headers

:method: GET
:authority: vars.hotjar.com
:scheme: https
:path: /box-25a418976ea02a6f393fbbe77cec94bb.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.afr.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.afr.com/

Response headers

content-type: text/html
content-length: 1044
date: Sun, 18 Jul 2021 00:16:30 GMT
accept-ranges: bytes
cache-control: max-age=31536000
content-encoding: br
etag: "76922233be8bdb14c053af468d29404a"
last-modified: Thu, 15 Jul 2021 14:16:09 GMT
x-amz-server-side-encryption: AES256
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 c76347c8ef1f3a2b6fb69cd7d1c6f749.cloudfront.net (CloudFront)
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: iKs_uYqPC8BJKA9Ib6f7YO0fUE30mvwDXWaeQyARm1TImC4JEwFNJg==
age: 2717050

GET
H2 200 m
secure-gl.imrworldwide.com/cgi-bin/ 44 B
524 B 179ms
125ms Image
image/gif 2600:9000:2156:d000:1e:a43d:b640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-gl.imrworldwide.com/cgi-bin/m?rnd=1629284440520&ci=f2&js=1&cg=0&ts=in.js&vn=6.0.104&cc=1&cd=24&ck=y&je=n&lg=en-US&si=https%3A%2F%2Fwww.afr.com%2Fcompanies%2Ffinancial-services%2Fcba-launches-steppay-lifts-payment-revenue-20210817-p58je4&sr=1600x1200&tz=2
Requested by: Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:d000:1e:a43d:b640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 5ecb58845a9ac30e4eb4b18eb0e7431ba1fb195ce035309735efaee67421c7a3

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 11:00:40 GMT
via: 1.1 6b4954a8411e7b2a232537f8000c5c9d.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: FRA50-C1
access-control-allow-methods: POST, OPTIONS
p3p: P3P policyref="http://secure-gl.imrworldwide.com/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
access-control-allow-origin: *
cache-control: no-cache
cross-origin-resource-policy: cross-origin
x-cache: Miss from cloudfront
content-type: image/gif
content-length: 44
x-amz-cf-id: p18GBHMVVg3ag7TbRB_Dscw4-t0O2goTXxqg4nSQOOGSNl_j6YRtkA==
expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H2 200 b8d7df19bb1a49596236ae2fca41e5241cd0d443
static.ffx.io/images/$zoom_0.7927%2C$multiply_2%2C$ratio_1.777778%2C$width_1059%2C$x_0%2C$y_32/t_crop_custom/c_scale%2Cw_140%2Cq_88%2Cf_auto/ 2 KB
3 KB 12ms
12ms Image
image/webp 2a04:4e42:600::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffx.io/images/$zoom_0.7927%2C$multiply_2%2C$ratio_1.777778%2C$width_1059%2C$x_0%2C$y_32/t_crop_custom/c_scale%2Cw_140%2Cq_88%2Cf_auto/b8d7df19bb1a49596236ae2fca41e5241cd0d443
Requested by: Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:600::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: cloudinary /
Resource Hash: c337bd801dab3c93eba6a4a981df687ec1721dce1f366461bcb8aa6d6f1441b8

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 11:00:40 GMT
via: 1.1 varnish, 1.1 varnish
age: 587928
edge-cache-tag: 307951061452363338616981880755107838525,310598684420112264790564506010905304013,5f5f4219172da4ec8104790896b11172
content-disposition: inline; filename="b8d7df19bb1a49596236ae2fca41e5241cd0d443.webp"
content-length: 2244
x-served-by: cache-fra19174-FRA, cache-fra19158-FRA
x-cache: MISS, HIT
x-cld-skey: 307951061452363338616981880755107838525 310598684420112264790564506010905304013 5f5f4219172da4ec8104790896b11172
last-modified: Wed, 11 Aug 2021 14:01:21 GMT
server: cloudinary
x-timer: S1629284441.550056,VS0,VE1
etag: "5b904f0006d9d33a2960641a4f4e9e00"
vary: User-Agent
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1

GET
H2 200 5d3996e815a810c24feca78374f7239f68e8c386
static.ffx.io/images/$zoom_3.3111%2C$multiply_1%2C$ratio_1.777778%2C$width_1059%2C$x_0%2C$y_106/t_crop_custom/c_scale%2Cw_140%2Cq_88%2Cf_auto/ 4 KB
5 KB 8ms
6ms Image
image/webp 2a04:4e42:600::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffx.io/images/$zoom_3.3111%2C$multiply_1%2C$ratio_1.777778%2C$width_1059%2C$x_0%2C$y_106/t_crop_custom/c_scale%2Cw_140%2Cq_88%2Cf_auto/5d3996e815a810c24feca78374f7239f68e8c386
Requested by: Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:600::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: cloudinary /
Resource Hash: a66a5a8ed64e755c093f60bc0c20d8226190f583347ef5105736e45e4847c98a

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 11:00:40 GMT
via: 1.1 varnish, 1.1 varnish
age: 55453
edge-cache-tag: 372075028845908442844129934290237624149,389197706359956219891570174272512653251,5f5f4219172da4ec8104790896b11172
content-disposition: inline; filename="5d3996e815a810c24feca78374f7239f68e8c386.webp"
content-length: 4236
x-served-by: cache-fra19135-FRA, cache-fra19158-FRA
x-cache: MISS, HIT
x-cld-skey: 372075028845908442844129934290237624149 389197706359956219891570174272512653251 5f5f4219172da4ec8104790896b11172
last-modified: Mon, 09 Aug 2021 02:26:22 GMT
server: cloudinary
x-timer: S1629284441.562952,VS0,VE1
etag: "2e1baf8e51e7e9e8458dcb2ab08a1263"
vary: User-Agent
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1

GET
H2 200 332eb128b5cd2bb5f76df249cf4ce184d189e370
static.ffx.io/images/$zoom_0.436%2C$multiply_2%2C$ratio_1.777778%2C$width_1059%2C$x_0%2C$y_220/t_crop_custom/c_scale%2Cw_140%2Cq_88%2Cf_auto/ 4 KB
5 KB 8ms
7ms Image
image/webp 2a04:4e42:600::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffx.io/images/$zoom_0.436%2C$multiply_2%2C$ratio_1.777778%2C$width_1059%2C$x_0%2C$y_220/t_crop_custom/c_scale%2Cw_140%2Cq_88%2Cf_auto/332eb128b5cd2bb5f76df249cf4ce184d189e370
Requested by: Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:600::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: cloudinary /
Resource Hash: 3f058f0f9721d340906f97d8a350ec6248f174846f4a8acfda7e471207047630

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 11:00:40 GMT
via: 1.1 varnish, 1.1 varnish
age: 155752
edge-cache-tag: 427045924249678620463422483507322346526,441895030986513073599112842710448353856,5f5f4219172da4ec8104790896b11172
content-disposition: inline; filename="332eb128b5cd2bb5f76df249cf4ce184d189e370.webp"
content-length: 4444
x-served-by: cache-fra19167-FRA, cache-fra19158-FRA
x-cache: MISS, HIT
x-cld-skey: 427045924249678620463422483507322346526 441895030986513073599112842710448353856 5f5f4219172da4ec8104790896b11172
last-modified: Mon, 16 Aug 2021 10:01:03 GMT
server: cloudinary
x-timer: S1629284441.572694,VS0,VE1
etag: "da740c94f49de4a83d64253d88ed6ae6"
vary: User-Agent
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1

OPTIONS
H/1.1 204
No Content /
l.ffx.io/ Frame 0
0 1170ms
281ms Preflight 13.238.169.139
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://l.ffx.io/
Protocol: HTTP/1.1
Server: 13.238.169.139 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-238-169-139.ap-southeast-2.compute.amazonaws.com
Software: nginx/1.15.9 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.afr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 1728000
Content-Length: 0
Date: Wed, 18 Aug 2021 11:00:41 GMT
Server: nginx/1.15.9
Connection: keep-alive

POST
H/1.1 200
OK / Show response
l.ffx.io/ 2 B
417 B 283ms
282ms XHR
text/plain 13.238.169.139
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://l.ffx.io/
Requested by: Host: www.afr.com
URL: https://www.afr.com/assets/vendors_client.60139292dac49ee7dc33.chunk.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.238.169.139 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-238-169-139.ap-southeast-2.compute.amazonaws.com
Software: /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json;charset=UTF-8

Response headers

Date: Wed, 18 Aug 2021 11:00:42 GMT
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
Content-Type: text/plain
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
Content-Length: 2

GET
H3-29 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NN4PPKH

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 13 Jul 2021 18:24:06 GMT
server: Golfe2
age: 5046
date: Wed, 18 Aug 2021 09:36:34 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19672
expires: Wed, 18 Aug 2021 11:36:34 GMT

GET
H3-29

200

dc_pre=CO2b0sK1uvICFY2DUAYdx-UHww;src=6633783;type=afrpa0;cat=paywall;ord=7570609107018;gtm=2wg8g0;auiddc=*;ps=1
adservice.google.com/ddm/fls/z/
Redirect Chain

https://ad.doubleclick.net/activity;src=6633783;type=afrpa0;cat=paywall;ord=7570609107018;gtm=2wg8g0;auiddc=1538310401.1629284441;ps=1?
https://ad.doubleclick.net/activity;dc_pre=CO2b0sK1uvICFY2DUAYdx-UHww;src=6633783;type=afrpa0;cat=paywall;ord=7570609107018;gtm=2wg8g0;auiddc=1538310401.1629284441;ps=1?
https://adservice.google.com/ddm/fls/z/dc_pre=CO2b0sK1uvICFY2DUAYdx-UHww;src=6633783;type=afrpa0;cat=paywall;ord=7570609107018;gtm=2wg8g0;auiddc=*;ps=1

42 B
63 B

51ms
49ms

Image
image/gif

2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CO2b0sK1uvICFY2DUAYdx-UHww;src=6633783;type=afrpa0;cat=paywall;ord=7570609107018;gtm=2wg8g0;auiddc=*;ps=1

Requested by

Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 11:00:41 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 18 Aug 2021 11:00:41 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
location: https://adservice.google.com/ddm/fls/z/dc_pre=CO2b0sK1uvICFY2DUAYdx-UHww;src=6633783;type=afrpa0;cat=paywall;ord=7570609107018;gtm=2wg8g0;auiddc=*;ps=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 activityi;register_conversion=1;src=6633783;type=afrpa0;cat=paywall;ord=7570609107018;gtm=2wg8g0;auiddc=1538310401.1629284441;ps=1
6633783.fls.doubleclick.net/ 0
0 112ms
29ms Image
text/html 142.250.185.198
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://6633783.fls.doubleclick.net/activityi;register_conversion=1;src=6633783;type=afrpa0;cat=paywall;ord=7570609107018;gtm=2wg8g0;auiddc=1538310401.1629284441;ps=1?
Requested by: Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.250.185.198 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s52-in-f6.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H/1.1 200
OK id Show response
dpm.demdex.net/ 2 KB
2 KB 274ms
53ms XHR
application/json 18.203.33.226
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id?d_visid_ver=1.8.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=BEB5C8A15492DB600A4C98BC%40AdobeOrg&d_nsid=0&ts=1629284440786

Requested by

Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.203.33.226 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-203-33-226.eu-west-1.compute.amazonaws.com

Software

Resource Hash

5395c982040c785e1dcabb8b702f0a4798df6c4de8332bfe127513cdcdbaeac3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

DCS: dcs-prod-irl1-1-v012-0ce83c453.edge-irl1.demdex.com 6.3.1.20210623115127
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-TID: N2OyWshVQCw=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://www.afr.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 878
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 collect.js Show response
10510523.collect.igodigital.com/ 9 KB
2 KB 383ms
128ms Script
application/javascript 23.21.180.34
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://10510523.collect.igodigital.com/collect.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NN4PPKH
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.21.180.34 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-23-21-180-34.compute-1.amazonaws.com
Software: /
Resource Hash: 4611c34378b1bbbee8890a472c6390137ce8841041a646f0bdc58cf9180eb18a

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 11:00:41 GMT
content-encoding: gzip
last-modified: Mon, 16 Aug 2021 11:44:21 GMT
vary: Accept-Encoding
content-type: application/javascript

GET
H2 200 p.js Show response
cdn.parsely.com/keys/afr.com/ 71 KB
25 KB 72ms
16ms Script
application/javascript 13.224.95.38
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.parsely.com/keys/afr.com/p.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NN4PPKH
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.95.38 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-95-38.zrh50.r.cloudfront.net
Software: nginx /
Resource Hash: 65048f3a5caf412e3f86a0a830266c0ecc0e604aeadee4399dd7457374152153

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: public
date: Wed, 18 Aug 2021 05:15:34 GMT
content-encoding: gzip
last-modified: Wed, 16 Jun 2021 18:08:50 GMT
server: nginx
age: 20706
etag: W/"60ca3e32-11d98"
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 5e318b3ea3fa81a8c20898c2f8c40e7c.cloudfront.net (CloudFront)
cache-control: max-age=86400, public
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: pcimiIwvcfErlCfUOQMTxuxLjLC5ly1xnqGFweIT7rLfo7mi9Rd9bw==
expires: Thu, 19 Aug 2021 05:15:34 GMT

GET
H2

200

src=6633783;dc_pre=CLy618K1uvICFQ62GAod-IIB1A;type=afral0;cat=au_af0;u1=https%3A%2F%2Fwww.afr.com%2Fcompanies%2Ffinancial-services%2Fcba-launches-steppay-lifts-payment-revenue-20210817-p58je4;dc_la... Show response
adservice.google.com/ddm/fls/z/ Frame B1B9
Redirect Chain

https://ad.doubleclick.net/ddm/activity/src=6633783;type=afral0;cat=au_af0;u1=https%3A%2F%2Fwww.afr.com%2Fcompanies%2Ffinancial-services%2Fcba-launches-steppay-lifts-payment-revenue-20210817-p58je4...
https://ad.doubleclick.net/ddm/activity/src=6633783;dc_pre=CLy618K1uvICFQ62GAod-IIB1A;type=afral0;cat=au_af0;u1=https%3A%2F%2Fwww.afr.com%2Fcompanies%2Ffinancial-services%2Fcba-launches-steppay-lif...
https://adservice.google.com/ddm/fls/z/src=6633783;dc_pre=CLy618K1uvICFQ62GAod-IIB1A;type=afral0;cat=au_af0;u1=https%3A%2F%2Fwww.afr.com%2Fcompanies%2Ffinancial-services%2Fcba-launches-steppay-lift...

42 B
107 B

33ms
32ms

Document
image/gif

2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/ddm/fls/z/src=6633783;dc_pre=CLy618K1uvICFQ62GAod-IIB1A;type=afral0;cat=au_af0;u1=https%3A%2F%2Fwww.afr.com%2Fcompanies%2Ffinancial-services%2Fcba-launches-steppay-lifts-payment-revenue-20210817-p58je4;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=4409786493919.177

Requested by

Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: adservice.google.com
:scheme: https
:path: /ddm/fls/z/src=6633783;dc_pre=CLy618K1uvICFQ62GAod-IIB1A;type=afral0;cat=au_af0;u1=https%3A%2F%2Fwww.afr.com%2Fcompanies%2Ffinancial-services%2Fcba-launches-steppay-lifts-payment-revenue-20210817-p58je4;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=4409786493919.177
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.afr.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.afr.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 18 Aug 2021 11:00:41 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 18 Aug 2021 11:00:40 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
location: https://adservice.google.com/ddm/fls/z/src=6633783;dc_pre=CLy618K1uvICFQ62GAod-IIB1A;type=afral0;cat=au_af0;u1=https%3A%2F%2Fwww.afr.com%2Fcompanies%2Ffinancial-services%2Fcba-launches-steppay-lifts-payment-revenue-20210817-p58je4;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=4409786493919.177
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: IDE=AHWqTUndui048rSocOcwT12FUSmB48ifJt32b3B8MBH2ggz_CMdsOicCwfZZ71mvHNs; expires=Fri, 18-Aug-2023 11:00:40 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 graphql Show response
api.afr.com/ 16 KB
3 KB 311ms
300ms XHR
application/json 2a04:4e42:600::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://api.afr.com/graphql?query=query%20assetsConnectionByCriteria(%24after%3A%20ID%2C%20%24brand%3A%20Brand!%2C%20%24categories%3A%20%5BInt!%5D%2C%20%24first%3A%20Int!%2C%20%24render%3A%20Render!%2C%20%24types%3A%20%5BAssetType!%5D!)%20%7B%20assetsConnectionByCriteria(%20after%3A%20%24after%20brand%3A%20%24brand%20categories%3A%20%24categories%20first%3A%20%24first%20render%3A%20%24render%20types%3A%20%24types%20)%20%7B%20edges%20%7B%20cursor%20node%20%7B%20...AssetFragment%20sponsor%20%7B%20name%20%7D%20%7D%20%7D%20error%20%7B%20message%20type%20%7B%20class%20%7D%20%7D%20pageInfo%20%7B%20endCursor%20hasNextPage%20%7D%20%7D%20%7D%20fragment%20AssetFragment%20on%20Asset%20%7B%20asset%20%7B%20about%20byline%20duration%20headlines%20%7B%20headline%20%7D%20live%20%7D%20assetType%20dates%20%7B%20firstPublished%20modified%20published%20%7D%20id%20featuredImages%20%7B%20landscape16x9%20%7B%20...ImageFragment%20%7D%20landscape3x2%20%7B%20...ImageFragment%20%7D%20portrait2x3%20%7B%20...ImageFragment%20%7D%20square1x1%20%7B%20...ImageFragment%20%7D%20%7D%20label%20tags%20%7B%20primary%3A%20primaryTag%20%7B%20...AssetTag%20%7D%20secondary%20%7B%20...AssetTag%20%7D%20%7D%20urls%20%7B%20...AssetURLs%20%7D%20%7D%20fragment%20AssetTag%20on%20AssetTagDetails%20%7B%20company%20%7B%20exchangeCode%20stockCode%20%7D%20context%20displayName%20id%20name%20shortID%20slug%20urls%20%7B%20canonical%20%7B%20brand%20path%20%7D%20published%20%7B%20afr%20%7B%20path%20%7D%20%7D%20%7D%20%7D%20fragment%20AssetURLs%20on%20AssetURLs%20%7B%20canonical%20%7B%20brand%20path%20%7D%20published%20%7B%20afr%20%7B%20path%20%7D%20%7D%20%7D%20fragment%20ImageFragment%20on%20Image%20%7B%20data%20%7B%20aspect%20autocrop%20cropWidth%20id%20offsetX%20offsetY%20zoom%20%7D%20%7D%20&operationName=assetsConnectionByCriteria&variables=%7B%22brand%22%3A%22afr%22%2C%22categories%22%3A%5B88%5D%2C%22first%22%3A6%2C%22render%22%3A%22WEB%22%2C%22types%22%3A%5B%22article%22%2C%22liveArticle%22%2C%22featureArticle%22%5D%7D
Requested by: Host: www.afr.com
URL: https://www.afr.com/assets/vendors_client.60139292dac49ee7dc33.chunk.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:600::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 1c5176a3014022ea98fa225fa96a98e69c839a27da31913d45aa2ed6f650e12d

Request headers

Accept: application/json
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 11:00:41 GMT
content-encoding: gzip
age: 2
x-served-by: cache-syd10140-SYD, cache-fra19158-FRA
vary: Accept-Encoding, Origin
x-cache: HIT, MISS
content-type: application/json
access-control-allow-origin: https://www.afr.com
cache-control: public, max-age=30
access-control-allow-credentials: true
accept-ranges: bytes
content-length: 3381
via: 1.1 varnish, 1.1 varnish
x-cache-hits: 1, 0

GET
H3-29 200 1831268437115893 Show response
connect.facebook.net/signals/config/ 254 KB
72 KB 9ms
9ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1831268437115893?v=2.9.44&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

2d3cddb62d792303881caf36ff9ddfd7bac187bbb5e703cd99dccba7318b9fce

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 73674
x-xss-protection: 0
pragma: public
x-fb-debug: 41u52JoRU4IoryUFwKHsPW/A3rQj7MrzNSv9IiLRSw/G+J07hBRXbnv89pTE1Rcq+Dzmk6TWQ4jiC9/UvD49ow==
x-frame-options: DENY
date: Wed, 18 Aug 2021 11:00:40 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3-29 200 /
www.facebook.com/tr/ 44 B
88 B 10ms
9ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=419599435931961&ev=PageView&dl=https%3A%2F%2Fwww.afr.com%2Fcompanies%2Ffinancial-services%2Fcba-launches-steppay-lifts-payment-revenue-20210817-p58je4&rl=&if=false&ts=1629284440834&cd[brand]=afr&sw=1600&sh=1200&v=2.9.44&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1629284440833.365429931&it=1629284440239&coo=false&rqm=GET

Requested by

Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 11:00:40 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority: u=3,i
expires: Wed, 18 Aug 2021 11:00:40 GMT

GET
H2 200 P70F2B436-31E2-4369-A3CB-294DC350A880.js Show response
cdn-gl.imrworldwide.com/conf/ 33 KB
7 KB 70ms
70ms Script
application/javascript 2600:9000:2190:9800:2:42d9:3100:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-gl.imrworldwide.com/conf/P70F2B436-31E2-4369-A3CB-294DC350A880.js
Requested by: Host: secure-au.imrworldwide.com
URL: https://secure-au.imrworldwide.com/v60.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2190:9800:2:42d9:3100:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b38a7ae76f3a7dea3d5cddbef446af3aa9eb115fab7615b9dbf6e80ee1e465d2

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: uJ.9.nls2ZzFqGNmnXAjISFTth.osZ9U
content-encoding: gzip
etag: W/"c08da764684854bf5a26bfb3b1afe22f"
last-modified: Wed, 18 Aug 2021 07:16:48 GMT
server: AmazonS3
age: 448
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 a70d280cd058ea89c08954ea0ad67199.cloudfront.net (CloudFront)
cache-control: max-age=86400,s-maxage=86400
date: Wed, 18 Aug 2021 10:59:05 GMT
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: 37nCgc_imA9Mxq_O4uRO0-mV6-7kM5eWvamcFlQhVS6jwuiAaw1Chw==

GET
H2 200 v2 Show response
mb.moatads.com/yi/ 387 B
563 B 144ms
44ms Script
text/html 35.179.78.10
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mb.moatads.com/yi/v2?ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!Z.%5BMhS%3A15.sn_003etW6~P6Jn)s)wC%24GL3jX%7BQqDOJ%3Eoy)G3p%2FhFjrR8D4Sq_GVK61%5Dml%22ZzTm!ja8V%22%3BU%5DDTg%7Df%2FH%40%26%2Bc%5B5IUOG(%2CWV%7BGrV~1HmDkP8D4rUDtmxT%3Bwv%40V374BKm55%3D%261fp%5BoU5tWhX%3C%3Ce%24%26~1%3Axkr%2BUe31k5X%5BG%5E%5B)%2C2iVSX%3C_Y%7B!7IQ3HbmUZzCFm%5Du!x2l.uBlTVU%2F.%3Dh%3Ft%40yUtKC&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=0%2C0%2C0%2C0%2C0%2C1%2C0%2C0%2Cprobably%2Cprobably&rb=1-IXrjhtsl6CSxDEyOTn%2FLlBtu1%2BejGwP9odpDBPxWgWU9PaAJOiO4WsSm&sc=1&os=1-xA%3D%3D&qp=00000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7OxBb8MxOtJYHCBdm5kBhBBC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBSqj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNBBBBBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-120&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=&qr=0&url=https%3A%2F%2Fwww.afr.com%2Fcompanies%2Ffinancial-services%2Fcba-launches-steppay-lifts-payment-revenue-20210817-p58je4&pcode=fairfaxheader492510264302&callback=MoatNadoAllJsonpRequest_23582265
Requested by: Host: z.moatads.com
URL: https://z.moatads.com/fairfaxheader492510264302/moatheader.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.179.78.10 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-179-78-10.eu-west-2.compute.amazonaws.com
Software: TornadoServer/4.5.3 /
Resource Hash: c4a7a91c88d43cc432032fa44187df051128ecc88d08a5f848ff074802093c9c

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 11:00:41 GMT
cache-control: max-age=900
server: TornadoServer/4.5.3
timing-allow-origin: *
etag: "f3451d9e77194c93c638bf094e992c5dc590574d"
content-length: 387
content-type: text/html; charset=UTF-8

GET
H2 200 iframe.html Show response
z.moatads.com/hd09824092/ Frame C430 1 KB
2 KB 35ms
34ms Document
text/html 2.18.235.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/hd09824092/iframe.html
Requested by: Host: z.moatads.com
URL: https://z.moatads.com/fairfaxheader492510264302/moatheader.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-235-40.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 49d65831c7e98a7d885d223699a41198204329efff9d1904c8af71323f613d68

Request headers

:method: GET
:authority: z.moatads.com
:scheme: https
:path: /hd09824092/iframe.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.afr.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.afr.com/

Response headers

x-amz-id-2: tXhAc64MXavoo2Ys7gL4K0CHvWdnnjW6yMDYhattkSwkbmjydK4ZTHB9EYLhbnHzR5lAnVYPFb8=
x-amz-request-id: 7Y2H1YDSCY2G4ZCG
last-modified: Tue, 26 Jan 2021 22:41:39 GMT
etag: "4a9cbc2e5bc164313dace42a58bef141"
accept-ranges: bytes
content-type: text/html
content-length: 1374
server: AmazonS3
cache-control: max-age=908
date: Wed, 18 Aug 2021 11:00:40 GMT

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
260 B 38ms
36ms Image
image/gif 2.18.235.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=17&t=1629284440858&de=317556960565&d=FAIRFAX_HEADER1%3ADesktop%3A-%3A-&i=YIELD_INTELLIGENCE_INTERNAL1&sgs=5&ar=4790001-clean&iw=57ea4c2&zMoatRendered=0&zMoatSlotTargetingLoaded=0&zMoatSlotTargetingSet=0&zMoatPageDataTargetingSet=0&zMoatSafetyTargetingSet=0&zMoatEmptySlot=0&zMoatNadoDataLoadTime=Not%20Loaded&zMoatAllDataLoadTime=Not%20Loaded&bo=afr.com&bd=afr.com%2Fcompanies%2Ffinancial-services%2Fcba-launches-steppay-lifts-payment-revenue-20210817-p58je4&ac=1&bq=11&f=0&na=932037016&cs=0
Requested by: Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-235-40.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 11:00:40 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 18 Aug 2021 11:00:40 GMT

GET
H2 200 graphql Show response
api.afr.com/ 8 KB
2 KB 316ms
315ms XHR
application/json 2a04:4e42:600::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://api.afr.com/graphql?query=query%20MostPopularQuery(%24assetType%3A%20String%2C%20%24brand%3A%20String!%2C%20%24count%3A%20Int%2C%20%24primaryCategory%3A%20String%2C%20%24subCategory%3A%20String%2C%20%24tags%3A%20%5BString!%5D)%20%7B%20mostPopularStories(%20assetType%3A%20%24assetType%20brand%3A%20%24brand%20category%3A%20%24primaryCategory%20count%3A%20%24count%20subCategory%3A%20%24subCategory%20tags%3A%20%24tags%20)%20%7B%20...AssetFragment%20%7D%20%7D%20fragment%20AssetFragment%20on%20Asset%20%7B%20asset%20%7B%20about%20byline%20duration%20headlines%20%7B%20headline%20%7D%20live%20%7D%20assetType%20dates%20%7B%20firstPublished%20modified%20published%20%7D%20id%20featuredImages%20%7B%20landscape16x9%20%7B%20...ImageFragment%20%7D%20landscape3x2%20%7B%20...ImageFragment%20%7D%20portrait2x3%20%7B%20...ImageFragment%20%7D%20square1x1%20%7B%20...ImageFragment%20%7D%20%7D%20label%20tags%20%7B%20primary%3A%20primaryTag%20%7B%20...AssetTag%20%7D%20secondary%20%7B%20...AssetTag%20%7D%20%7D%20urls%20%7B%20...AssetURLs%20%7D%20%7D%20fragment%20AssetTag%20on%20AssetTagDetails%20%7B%20company%20%7B%20exchangeCode%20stockCode%20%7D%20context%20displayName%20id%20name%20shortID%20slug%20urls%20%7B%20canonical%20%7B%20brand%20path%20%7D%20published%20%7B%20afr%20%7B%20path%20%7D%20%7D%20%7D%20%7D%20fragment%20AssetURLs%20on%20AssetURLs%20%7B%20canonical%20%7B%20brand%20path%20%7D%20published%20%7B%20afr%20%7B%20path%20%7D%20%7D%20%7D%20fragment%20ImageFragment%20on%20Image%20%7B%20data%20%7B%20aspect%20autocrop%20cropWidth%20id%20offsetX%20offsetY%20zoom%20%7D%20%7D%20&operationName=MostPopularQuery&variables=%7B%22brand%22%3A%22afr%22%2C%22primaryCategory%22%3A%22companies%22%2C%22count%22%3A5%7D
Requested by: Host: www.afr.com
URL: https://www.afr.com/assets/vendors_client.60139292dac49ee7dc33.chunk.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:600::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 80bdc1d53821bce111dec90ad5dba4546d880d45fa7a2a95689d04d9f87240d4

Request headers

Accept: application/json
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 11:00:41 GMT
content-encoding: gzip
age: 47
x-served-by: cache-syd10137-SYD, cache-fra19158-FRA
vary: Accept-Encoding, Origin
x-cache: HIT, MISS
content-type: application/json
access-control-allow-origin: https://www.afr.com
cache-control: public, max-age=60
access-control-allow-credentials: true
accept-ranges: bytes
content-length: 2102
via: 1.1 varnish, 1.1 varnish
x-cache-hits: 2, 0

GET
H/1.1 200
OK dest5.html Show response
fairfaxau.demdex.net/ Frame 5B80 7 KB
3 KB 196ms
47ms Document
text/html 54.171.168.191
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://fairfaxau.demdex.net/dest5.html?d_nsid=0

Requested by

Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.171.168.191 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-171-168-191.eu-west-1.compute.amazonaws.com

Software

Resource Hash

7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Host: fairfaxau.demdex.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.afr.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: demdex=58701520801729284010511172961087358693
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.afr.com/

Response headers

Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: text/html;charset=UTF-8
date: Wed, 18 Aug 2021 11:00:41 GMT
DCS: dcs-prod-irl1-2-v012-070ade798.edge-irl1.demdex.com 6.3.1.20210623115127
Expires: Thu, 01 Jan 1970 00:00:00 UTC
last-modified: Fri, 2 Jul 2021 08:59:53 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
vary: accept-encoding
X-TID: xMIIjkH+SDA=
Content-Length: 2791
Connection: keep-alive

GET
H2 200 id Show response
fairfaxau.sc.omtrdc.net/ 2 B
313 B 113ms
28ms XHR
application/x-javascript 15.188.95.229
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://fairfaxau.sc.omtrdc.net/id?d_visid_ver=1.8.0&d_fieldgroup=A&mcorgid=BEB5C8A15492DB600A4C98BC%40AdobeOrg&mid=58471877370573948560525680266296708060&ts=1629284441165

Requested by

Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.188.95.229 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-188-95-229.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Wed, 18 Aug 2021 11:00:41 GMT
x-content-type-options: nosniff
server: jag
xserver: anedge-5446df8c45-58sgx
vary: Origin
x-c: main-1500.I51075a.M0-511
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://www.afr.com
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
content-type: application/x-javascript;charset=utf-8
content-length: 2
x-xss-protection: 1; mode=block

POST
H/1.1 200
OK event Show response
nd.demdex.net/ 2 KB
1 KB 203ms
55ms XHR
application/json 63.32.159.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://nd.demdex.net/event?_ts=1629284440789

Requested by

Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

63.32.159.255 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-63-32-159-255.eu-west-1.compute.amazonaws.com

Software

Resource Hash

3e15ba9c8aad5b64d6eaaaed7bca87cf952b1c37660c54373fc20a094c1fa11b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

DCS: dcs-prod-irl1-1-v012-0d5da488f.edge-irl1.demdex.com 6.3.1.20210623115127
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-TID: 1bZht4nQQgw=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://www.afr.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 669
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H3-29 200 ec.js Show response
www.google-analytics.com/plugins/ua/ 3 KB
1 KB 12ms
6ms Script
text/javascript 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/plugins/ua/ec.js

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

058ed961bfe422af7bfc65865f4c08531ec8ace995f8a1ec560a46581cb7712c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 10:44:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
age: 966
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1306
x-xss-protection: 0
expires: Wed, 18 Aug 2021 11:44:35 GMT

GET
H2 200 nlsSDK600.bundle.min.js Show response
cdn-gl.imrworldwide.com/novms/js/2/ 192 KB
54 KB 23ms
23ms Script
application/javascript 2600:9000:2190:9800:2:42d9:3100:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-gl.imrworldwide.com/novms/js/2/nlsSDK600.bundle.min.js
Requested by: Host: cdn-gl.imrworldwide.com
URL: https://cdn-gl.imrworldwide.com/conf/P70F2B436-31E2-4369-A3CB-294DC350A880.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2190:9800:2:42d9:3100:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 397e6540378a195608cbd601f809c0c96b3ae9253fffeaf070769a8272838ad7

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: WYmiUb1.Cg6z3yQT9O20r1WlJJUllnwa
content-encoding: gzip
etag: W/"bd1ffd9a8dc416cfddcde665f3111e22"
last-modified: Tue, 17 Aug 2021 13:40:58 GMT
server: AmazonS3
age: 3521
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 a70d280cd058ea89c08954ea0ad67199.cloudfront.net (CloudFront)
cache-control: max-age=86400
date: Wed, 18 Aug 2021 10:02:00 GMT
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: -hZgLqabytC0Z3G5NulUw4BLSEIBxlAypTmKicHd5XvbLKk_hvYvlQ==

GET
H2 200 / Show response
adc.nine.com.au/ 89 B
549 B 895ms
310ms Fetch
application/json 54.252.144.234
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://adc.nine.com.au/?

Requested by

Host: adc-js.nine.com.au
URL: https://adc-js.nine.com.au/adc.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.252.144.234 Sydney, Australia, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-252-144-234.ap-southeast-2.compute.amazonaws.com

Software

awselb/2.0 /

Resource Hash

25b85144f16a2def646929df9d3d32fca2f8f6e17df1f78a195b99691f33e517

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000

Request headers

Accept: application/json
Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 11:00:42 GMT
server: awselb/2.0
vary: Origin
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
access-control-allow-origin: https://www.afr.com
api-supported-versions: 1.0
cache-control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
access-control-allow-credentials: true
strict-transport-security: max-age=2592000
content-type: application/json; charset=utf-8
content-length: 89

GET
H3-29 200 953970877989909 Show response
connect.facebook.net/signals/config/ 253 KB
72 KB 8ms
7ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/953970877989909?v=2.9.44&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

8a35f62823163162659645803ea69c2a846ac3bbdc906cbbdb8e66851490416f

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 73386
x-xss-protection: 0
pragma: public
x-fb-debug: DGihX6EvWBFmO6d5NNcuEb8A2vCqP0bdA+RDLEJujBOGDqstkL4H2f6D/Iz7mW+TwU9xDNqhB2NBfOkxD4q4Cg==
x-frame-options: DENY
date: Wed, 18 Aug 2021 11:00:41 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3-29 200 /
www.facebook.com/tr/ 44 B
88 B 6ms
6ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1831268437115893&ev=PageView&dl=https%3A%2F%2Fwww.afr.com%2Fcompanies%2Ffinancial-services%2Fcba-launches-steppay-lifts-payment-revenue-20210817-p58je4&rl=&if=false&ts=1629284441256&sw=1600&sh=1200&v=2.9.44&r=stable&ec=0&o=30&par[0]=%7B%22extractorID%22%3A%221111245219334310%22%2C%22jsonLD%22%3A%7B%22%40context%22%3A%22http%3A%2F%2Fschema.org%22%2C%22%40type%22%3A%22Product%22%2C%22offers%22%3A%7B%22priceCurrency%22%3A%22AUD%22%7D%7D%7D&par[1]=%7B%22extractorID%22%3A%22248737323376397%22%2C%22jsonLD%22%3A%7B%22%40context%22%3A%22http%3A%2F%2Fschema.org%22%2C%22%40type%22%3A%22Product%22%2C%22offers%22%3A%7B%22priceCurrency%22%3A%22AUD%22%7D%7D%7D&par[2]=%7B%22extractorID%22%3A%22238870547858716%22%2C%22jsonLD%22%3A%7B%22%40context%22%3A%22http%3A%2F%2Fschema.org%22%2C%22%40type%22%3A%22Product%22%2C%22offers%22%3A%7B%7D%7D%7D&par[3]=%7B%22extractorID%22%3A%221061618751009995%22%2C%22jsonLD%22%3A%7B%22%40context%22%3A%22http%3A%2F%2Fschema.org%22%2C%22%40type%22%3A%22Product%22%2C%22offers%22%3A%7B%7D%7D%7D&fbp=fb.1.1629284440833.365429931&it=1629284440239&coo=false&rqm=GET

Requested by

Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 11:00:41 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority: u=3,i
expires: Wed, 18 Aug 2021 11:00:41 GMT

GET
H2 200 96bcef0b455de0d4cb89d52ba42ee97f7424c911
static.ffx.io/images/$zoom_0.4525%2C$multiply_2%2C$ratio_1.777778%2C$width_1059%2C$x_0%2C$y_150/t_crop_custom/c_scale%2Cw_300%2Cq_88%2Cf_auto/ 14 KB
14 KB 8ms
7ms Image
image/webp 2a04:4e42:600::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffx.io/images/$zoom_0.4525%2C$multiply_2%2C$ratio_1.777778%2C$width_1059%2C$x_0%2C$y_150/t_crop_custom/c_scale%2Cw_300%2Cq_88%2Cf_auto/96bcef0b455de0d4cb89d52ba42ee97f7424c911
Requested by: Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:600::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: cloudinary /
Resource Hash: 6af5597ed69e0945a845005b4691d76e4f8bb271fbe4b1317a17f0cb44b6fcf7

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 11:00:41 GMT
via: 1.1 varnish, 1.1 varnish
age: 807992
edge-cache-tag: 262868049021652688455710014385757760080,441614789933792373585247514722802138337,5f5f4219172da4ec8104790896b11172
content-disposition: inline; filename="96bcef0b455de0d4cb89d52ba42ee97f7424c911.webp"
content-length: 14418
x-served-by: cache-fra19148-FRA, cache-fra19158-FRA
x-cache: MISS, HIT
x-cld-skey: 262868049021652688455710014385757760080 441614789933792373585247514722802138337 5f5f4219172da4ec8104790896b11172
last-modified: Mon, 09 Aug 2021 02:04:26 GMT
server: cloudinary
x-timer: S1629284441.391910,VS0,VE1
etag: "e59ec6b15e3e78f8869d8654a3ee342a"
vary: User-Agent
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1

GET
H2 200 9ea9bf23df2e9119c033786f490b857653e68135
static.ffx.io/images/$zoom_0.8399%2C$multiply_2%2C$ratio_1.777778%2C$width_1059%2C$x_2450%2C$y_1270/t_crop_custom/c_scale%2Cw_300%2Cq_88%2Cf_auto/ 6 KB
7 KB 9ms
8ms Image
image/webp 2a04:4e42:600::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffx.io/images/$zoom_0.8399%2C$multiply_2%2C$ratio_1.777778%2C$width_1059%2C$x_2450%2C$y_1270/t_crop_custom/c_scale%2Cw_300%2Cq_88%2Cf_auto/9ea9bf23df2e9119c033786f490b857653e68135
Requested by: Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:600::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: cloudinary /
Resource Hash: a1058da6e4115e63a1c3321f9ca16f21873c4971a39b880301633059eba36017

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 11:00:41 GMT
via: 1.1 varnish, 1.1 varnish
age: 215305
edge-cache-tag: 265828219822191154776846676079463204280,197580123195653093796692048507248157786,5f5f4219172da4ec8104790896b11172
content-disposition: inline; filename="9ea9bf23df2e9119c033786f490b857653e68135.webp"
content-length: 6258
x-served-by: cache-fra19170-FRA, cache-fra19158-FRA
x-cache: MISS, HIT
x-cld-skey: 265828219822191154776846676079463204280 197580123195653093796692048507248157786 5f5f4219172da4ec8104790896b11172
last-modified: Sun, 15 Aug 2021 23:08:46 GMT
server: cloudinary
x-timer: S1629284441.392096,VS0,VE1
etag: "bbb8dd9f8fdc0c331db53815fca05112"
vary: User-Agent
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1

GET
H2 200 74bb6aa67fadb7a5779c4a5c33ce0740f813ba95
static.ffx.io/images/$zoom_0.2243%2C$multiply_3%2C$ratio_1.777778%2C$width_1059%2C$x_82%2C$y_191/t_crop_custom/c_scale%2Cw_300%2Cq_88%2Cf_auto/ 10 KB
10 KB 8ms
8ms Image
image/webp 2a04:4e42:600::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffx.io/images/$zoom_0.2243%2C$multiply_3%2C$ratio_1.777778%2C$width_1059%2C$x_82%2C$y_191/t_crop_custom/c_scale%2Cw_300%2Cq_88%2Cf_auto/74bb6aa67fadb7a5779c4a5c33ce0740f813ba95
Requested by: Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:600::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: cloudinary /
Resource Hash: d030bb6e0146d59880c78c3e67f9dea1be0d0ebfc777796146c3a2985d7ff295

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 11:00:41 GMT
via: 1.1 varnish, 1.1 varnish
age: 32133
edge-cache-tag: 463884654651503056860662792080116631265,453904538975939151416328404602457316516,5f5f4219172da4ec8104790896b11172
content-disposition: inline; filename="74bb6aa67fadb7a5779c4a5c33ce0740f813ba95.webp"
content-length: 10162
x-served-by: cache-fra19121-FRA, cache-fra19158-FRA
x-cache: MISS, HIT
x-cld-skey: 463884654651503056860662792080116631265 453904538975939151416328404602457316516 5f5f4219172da4ec8104790896b11172
last-modified: Wed, 18 Aug 2021 01:14:20 GMT
server: cloudinary
x-timer: S1629284441.392080,VS0,VE1
etag: "872bb2fd264967d86f963775f228c773"
vary: User-Agent
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1

GET
H2 200 09b2d98b484baf019f3c38cb55d9ab737cc88361
static.ffx.io/images/$zoom_1%2C$multiply_1%2C$ratio_1.777778%2C$width_1059%2C$x_440%2C$y_165/t_crop_custom/c_scale%2Cw_300%2Cq_88%2Cf_auto/ 10 KB
10 KB 7ms
6ms Image
image/webp 2a04:4e42:600::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffx.io/images/$zoom_1%2C$multiply_1%2C$ratio_1.777778%2C$width_1059%2C$x_440%2C$y_165/t_crop_custom/c_scale%2Cw_300%2Cq_88%2Cf_auto/09b2d98b484baf019f3c38cb55d9ab737cc88361
Requested by: Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:600::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: cloudinary /
Resource Hash: f24f0e99822c9b60763135559d3b656761e9fbb68116aa4d942cfe8fedc7d5e3

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 11:00:41 GMT
via: 1.1 varnish, 1.1 varnish
age: 108115
edge-cache-tag: 498232490896940457059703310716340838390,363527848850769516213952516282545740904,5f5f4219172da4ec8104790896b11172
content-disposition: inline; filename="09b2d98b484baf019f3c38cb55d9ab737cc88361.webp"
content-length: 10080
x-served-by: cache-fra19141-FRA, cache-fra19158-FRA
x-cache: MISS, HIT
x-cld-skey: 498232490896940457059703310716340838390 363527848850769516213952516282545740904 5f5f4219172da4ec8104790896b11172
last-modified: Tue, 17 Aug 2021 04:27:19 GMT
server: cloudinary
x-timer: S1629284441.392051,VS0,VE1
etag: "4b8f4e04c06a83a72dfd50dc8c405a15"
vary: User-Agent
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1

GET
H2 200 integrator.js Show response
adservice.google.ch/adsid/ 107 B
853 B 55ms
18ms Script
application/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.ch/adsid/integrator.js?domain=www.afr.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021081201.js?31062301

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 18 Aug 2021 11:00:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 16ms
15ms Script
application/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.afr.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021081201.js?31062301

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 18 Aug 2021 11:00:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 90 KB
39 KB 607ms
606ms XHR
text/plain 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2441078680056827&correlator=386905319503594&output=ldjh&impl=fifs&eid=31061422%2C31062031%2C31062142%2C31062301%2C31061424%2C20211866%2C31062180%2C31062297%2C31062094&vrg=2021081201&ptt=17&sc=1&sfv=1-0-38&ecs=20210818&iu_parts=21671780509%2Cafr%2Ccompanies%2Cfinancialservices%2Cbuynowpaylater&enc_prev_ius=%2F0%2F1%2F2%2F3%2F4%2C%2F0%2F1%2F2%2F3%2F4%2C%2F0%2F1%2F2%2F3%2F4%2C%2F0%2F1%2F2%2F3%2F4%2C%2F0%2F1%2F2%2F3%2F4&prev_iu_szs=970x250%7C728x90%2C970x250%7C728x90%2C320x50%7C6x2%2C300x600%7C300x250%7C160x600%2C320x50%7C6x2&fluid=0%2C0%2Cheight%2C0%2Cheight&prev_scp=pos%3D1%26src_ad_id%3Dadspot-970x250_728x90-pos1-desktop%7Cpos%3D2%26src_ad_id%3Dadspot-970x250_728x90-pos2-desktop%7Cpos%3D1%26src_ad_id%3Dadspot-N-6x2-pos1-desktop%26nativesz%3D6x2%7Cpos%3D3%26src_ad_id%3Dadspot-300x600_300x250_160x600-pos3-desktop%7Cpos%3D2%26src_ad_id%3Dadspot-N-6x2-pos2-desktop%26nativesz%3D6x2&cust_params=adKitVersion%3D2.1.7%26autoRefresh%3Dfalse%26brms%3Dtrue%26brvs%3Dtrue%26deployEnv%3Dproduction%26layout%3Dblue%26pageid%3Dp58je4%26pageviewid%3DA211D3CF-5AF3-4B6E-929F-3E8110507F65%26swgt%3Dna%26sysEnv%3Ddesktop%26cat%3Dcompanies%26cat1%3Dfinancialservices%26cat2%3Dbuynowpaylater%26ctype%3Darticle%26csub%3Dvisitor%26m_data%3D1%26m_safety%3Dsafe%26m_categories%3Dmoat_safe%26m_mv%3DnoHistData%26m_gv%3DnoHistData%26gs_cat%3Djourno_finexpert%252Cfirsthomebuyers%252Cpaypal_sme_predts%252Cfinancial-planning%252Csustainable-investing%252Chousingmarket%252Cxero_competitors_predts%252Cgs_finance%252Chome_loans_predts%252Csecondary_income_predts%252Csemi_retired_workforce_predts%252Cretail-shopping%252Cneg_westpac_brandsaftey2020%252Cwestpac_brandsaftey%252Cnab_neg_kw%252Cneg_ffx_anzbank_kwbl%252Ccustom_nab_2020%252Caccounting_students_predts%252Cwestpac_kwbl%252Cgs_finance_credit%252Cfinancev2_kwbl%252Cgs_finance_loans%252Cfinancial-events%252Cgs_shopping_misc%252Cgs_shopping%252Cinfrastructure%252Clogmein_meetings_predts%252Cpaypal_sme%252Cneg_apple_keywords%252Cgs_business_misc%252Cgs_business%252Cnesting_seg_example%252Cnab_kwbl%252Camex_kwbl%252Cnewhome-builds%252Ccar-maintenance%252Camex_master_kwbl%252Cgv_safe&cookie_enabled=1&bc=31&abxe=1&lmt=1629284441&dt=1629284441442&dlt=1629284438972&idt=2077&frm=20&biw=1600&bih=1200&oid=3&adxs=315%2C315%2C-9%2C-9%2C-9&adys=231%2C1263%2C-9%2C-9%2C-9&adks=2737986184%2C1390389449%2C1225816841%2C703619012%2C3561133780&ucis=1%7C2%7C3%7C4%7C5&ifi=1&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.afr.com%2Fcompanies%2Ffinancial-services%2Fcba-launches-steppay-lifts-payment-revenue-20210817-p58je4&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1520x138%7C1260x122%7C0x-1%7C0x-1%7C0x-1&msz=1600x90%7C1340x90%7C0x-1%7C0x-1%7C0x-1&ga_vid=919107620.1629284441&ga_sid=1629284441&ga_hid=156130148&ga_fc=false&fws=4%2C4%2C2%2C2%2C2&ohw=1600%2C1600%2C0%2C0%2C0&btvi=0%7C1%7C-1%7C-1%7C-1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021081201.js?31062301

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

8158847ebd6182d2c0eff38779444759b18113028972dabd727ec75be0ee30a8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 11:00:42 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2,-2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39494
x-xss-protection: 0
google-lineitem-id: -1,-1,-2,-1,-2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -1,-1,-2,-1,-2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.afr.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 5C52 6 KB
3 KB 49ms
14ms Document
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021081201.js?31062301

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.afr.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.afr.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Wed, 18 Aug 2021 11:00:41 GMT
expires: Thu, 18 Aug 2022 11:00:41 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 27ad1e8ac91f5e0078aa5a3d80ce84a72738c728
static.ffx.io/images/$zoom_0.2163%2C$multiply_3%2C$ratio_1.777778%2C$width_1059%2C$x_0%2C$y_0/t_crop_custom/c_scale%2Cw_140%2Cq_88%2Cf_auto/ 5 KB
6 KB 7ms
6ms Image
image/webp 2a04:4e42:600::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffx.io/images/$zoom_0.2163%2C$multiply_3%2C$ratio_1.777778%2C$width_1059%2C$x_0%2C$y_0/t_crop_custom/c_scale%2Cw_140%2Cq_88%2Cf_auto/27ad1e8ac91f5e0078aa5a3d80ce84a72738c728
Requested by: Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:600::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: cloudinary /
Resource Hash: afd98f171e8588e25994f62a5cab4b12805519f33edb1683c4e92631d2e09c46

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 11:00:41 GMT
via: 1.1 varnish, 1.1 varnish
age: 17408
edge-cache-tag: 462864027434401934246487121569106895988,473269782672756471589056889947890763345,5f5f4219172da4ec8104790896b11172
content-disposition: inline; filename="27ad1e8ac91f5e0078aa5a3d80ce84a72738c728.webp"
content-length: 5374
x-served-by: cache-fra19168-FRA, cache-fra19158-FRA
x-cache: MISS, HIT
x-cld-skey: 462864027434401934246487121569106895988 473269782672756471589056889947890763345 5f5f4219172da4ec8104790896b11172
last-modified: Mon, 09 Aug 2021 23:40:40 GMT
server: cloudinary
x-timer: S1629284441.460435,VS0,VE1
etag: "e994cc1dc7e1855863052c07b8d9425b"
vary: User-Agent
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1

GET
H2 200 c322d2c78dcaacf24679d3d19b6daa97a6602882
static.ffx.io/images/$zoom_0.3088%2C$multiply_3%2C$ratio_1.777778%2C$width_1059%2C$x_370%2C$y_0/t_crop_custom/c_scale%2Cw_140%2Cq_88%2Cf_auto/ 5 KB
5 KB 7ms
7ms Image
image/webp 2a04:4e42:600::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffx.io/images/$zoom_0.3088%2C$multiply_3%2C$ratio_1.777778%2C$width_1059%2C$x_370%2C$y_0/t_crop_custom/c_scale%2Cw_140%2Cq_88%2Cf_auto/c322d2c78dcaacf24679d3d19b6daa97a6602882
Requested by: Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:600::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: cloudinary /
Resource Hash: 6adf20a062f5d292458d0d26f08b775399b840636a10c3790156719c9111459f

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 11:00:41 GMT
via: 1.1 varnish, 1.1 varnish
age: 11023
edge-cache-tag: 477765558399304484860527524225810829260,368413118220267627825906694446515990103,5f5f4219172da4ec8104790896b11172
content-disposition: inline; filename="c322d2c78dcaacf24679d3d19b6daa97a6602882.webp"
content-length: 5030
x-served-by: cache-fra19173-FRA, cache-fra19158-FRA
x-cache: MISS, HIT
x-cld-skey: 477765558399304484860527524225810829260 368413118220267627825906694446515990103 5f5f4219172da4ec8104790896b11172
last-modified: Mon, 09 Aug 2021 02:58:45 GMT
server: cloudinary
x-timer: S1629284441.460488,VS0,VE1
etag: "844082b6ee89a1008d277e42266375c9"
vary: User-Agent
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1

GET
H2 200 73bfb1b72e53090922f4bf3a6b425216a8c8cbb0
static.ffx.io/images/$zoom_0.2723%2C$multiply_3%2C$ratio_1.777778%2C$width_1059%2C$x_0%2C$y_25/t_crop_custom/c_scale%2Cw_140%2Cq_88%2Cf_auto/ 3 KB
3 KB 7ms
6ms Image
image/webp 2a04:4e42:600::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffx.io/images/$zoom_0.2723%2C$multiply_3%2C$ratio_1.777778%2C$width_1059%2C$x_0%2C$y_25/t_crop_custom/c_scale%2Cw_140%2Cq_88%2Cf_auto/73bfb1b72e53090922f4bf3a6b425216a8c8cbb0
Requested by: Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:600::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: cloudinary /
Resource Hash: 53aee9d960fec4d8f84684f8441b3afe5782d79f9d089679848ef788e73daf46

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 11:00:41 GMT
via: 1.1 varnish, 1.1 varnish
age: 13611
edge-cache-tag: 471898135388839695390337177985586444393,373807648655493458249713594070151685387,5f5f4219172da4ec8104790896b11172
content-disposition: inline; filename="73bfb1b72e53090922f4bf3a6b425216a8c8cbb0.webp"
content-length: 2650
x-served-by: cache-fra19156-FRA, cache-fra19158-FRA
x-cache: MISS, HIT
x-cld-skey: 471898135388839695390337177985586444393 373807648655493458249713594070151685387 5f5f4219172da4ec8104790896b11172
last-modified: Wed, 18 Aug 2021 06:31:13 GMT
server: cloudinary
x-timer: S1629284441.461502,VS0,VE1
etag: "5d72962ae76edecfc31dfe35c7fa4b6b"
vary: User-Agent
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1

GET
H2 200 03e66862fb0c16c0fc8154de459622c7661a5351
static.ffx.io/images/$zoom_0.2648%2C$multiply_3%2C$ratio_1.777778%2C$width_1059%2C$x_0%2C$y_109/t_crop_custom/c_scale%2Cw_140%2Cq_88%2Cf_auto/ 3 KB
3 KB 8ms
7ms Image
image/webp 2a04:4e42:600::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffx.io/images/$zoom_0.2648%2C$multiply_3%2C$ratio_1.777778%2C$width_1059%2C$x_0%2C$y_109/t_crop_custom/c_scale%2Cw_140%2Cq_88%2Cf_auto/03e66862fb0c16c0fc8154de459622c7661a5351
Requested by: Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:600::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: cloudinary /
Resource Hash: ef4d802215f6862241c109567f94e37b4a33f3d3e192a0a726645e8a2aa87122

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 11:00:41 GMT
via: 1.1 varnish, 1.1 varnish
age: 181124
edge-cache-tag: 322126795029552739851326280226284486621,358597210292373028498487424310055312190,5f5f4219172da4ec8104790896b11172
content-disposition: inline; filename="03e66862fb0c16c0fc8154de459622c7661a5351.webp"
content-length: 2570
x-served-by: cache-fra19155-FRA, cache-fra19158-FRA
x-cache: MISS, HIT
x-cld-skey: 322126795029552739851326280226284486621 358597210292373028498487424310055312190 5f5f4219172da4ec8104790896b11172
last-modified: Mon, 09 Aug 2021 02:32:07 GMT
server: cloudinary
x-timer: S1629284441.466717,VS0,VE1
etag: "d53125e73fd80d9895b79c93d3464e5e"
vary: User-Agent
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1

GET
H2 200 settings Show response
syndication.twitter.com/ Frame 0B54 232 B
431 B 206ms
133ms Fetch
application/json 104.244.42.200
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://syndication.twitter.com/settings?session_id=6bc7b004b95c0558842d90bab670037a8a9e039a

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.f88235f49a156f8b4cab34c7bc1a0acc.html?origin=https%3A%2F%2Fwww.afr.com

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.200 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

726906ee6ce6dfe1b6e35ddad151196c50277e31520de30e916e9cd9affc0ef3

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 11:00:41 GMT
content-encoding: gzip
last-modified: Wed, 18 Aug 2021 11:00:41 GMT
server: tsa_o
vary: Origin
strict-transport-security: max-age=631138519
content-type: application/json; charset=utf-8
access-control-allow-origin: https://platform.twitter.com
cache-control: must-revalidate, max-age=600
access-control-allow-credentials: true
x-connection-hash: 96b0bfc921b5fe2e3b8fd328986391ea3cd7e82c63cca53008d5bd175980fa6c
content-length: 166

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 14ms
14ms XHR
text/plain 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j92&a=156130148&t=event&ni=0&_s=1&dl=https%3A%2F%2Fwww.afr.com%2Fcompanies%2Ffinancial-services%2Fcba-launches-steppay-lifts-payment-revenue-20210817-p58je4&dp=%2Fcompanies%2Ffinancial-services%2Fcba-launches-steppay-lifts-payment-revenue-20210817-p58je4&ul=en-us&de=UTF-8&dt=CBA%20launches%20StepPay%2C%20lifts%20payment%20revenue&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=meter&ea=meter%20impression&el=inline&ev=0&_u=aGBAAEALAAAAAC~&jid=1267160987&gjid=1187369915&cid=919107620.1629284441&tid=UA-91053368-8&_gid=228732433.1629284441&_r=1&gtm=2wg8g0NN4PPKH&cd1=afr&cd2=2021-08-17T19%3A00%3A00.000Z&cd3=2021-08-17T19%3A00%3A00.000Z&cd4=James%20Eyers&cd5=WEB&cd6=A211D3CF-5AF3-4B6E-929F-3E8110507F65&cd7=article&cd8=Companies&cd9=financialservices&cd10=authoring&cd11=p58je4&cd12=false&cd14=visitor&cd21=AFR&cd22=Commonwealth%20Bank%20of%20Australia%7CDebit%20cards%7CCredit%20cards&cd23=Buy%20Now%20Pay%20Later&cd24=non%20metered&cd27=(not%20set)&cd28=P70F2B436-31E2-4369-A3CB-294DC350A880&cd29=afr.com-brand%20only&cd38=&cd40=desktop&cd42=https%3A%2F%2Fwww.afr.com%2Fcompanies%2Ffinancial-services%2Fcba-launches-steppay-lifts-payment-revenue-20210817-p58je4&cd46=CBA%20launches%20StepPay%2C%20lifts%20payment%20revenue&cd56=visitor&cd57=false&cd60=&cd62=&cd63=&cd64=&cd65=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F89.0.4389.72%20Safari%2F537.36&cd66=&promo1cr=companies&promo1id=inline&promo1nm=meter&promo1ps=Save%2050%25%20for%20your%20first%203%20months.&z=676511449

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 11:00:41 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.afr.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 collect
www.google-analytics.com/ 35 B
55 B 7ms
6ms Image
image/gif 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j92&a=156130148&t=pageview&ni=0&_s=2&dl=https%3A%2F%2Fwww.afr.com%2Fcompanies%2Ffinancial-services%2Fcba-launches-steppay-lifts-payment-revenue-20210817-p58je4&dp=%2Fcompanies%2Ffinancial-services%2Fcba-launches-steppay-lifts-payment-revenue-20210817-p58je4&ul=en-us&de=UTF-8&dt=CBA%20launches%20StepPay%2C%20lifts%20payment%20revenue&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGBAAEALAAAAAC~&jid=&gjid=&cid=919107620.1629284441&tid=UA-91053368-8&_gid=228732433.1629284441&gtm=2wg8g0NN4PPKH&cd1=afr&cd2=2021-08-17T19%3A00%3A00.000Z&cd3=2021-08-17T19%3A00%3A00.000Z&cd4=James%20Eyers&cd5=WEB&cd6=A211D3CF-5AF3-4B6E-929F-3E8110507F65&cd7=article&cd8=Companies&cd9=financialservices&cd10=authoring&cd11=p58je4&cd12=false&cd14=visitor&cd21=AFR&cd22=Commonwealth%20Bank%20of%20Australia%7CDebit%20cards%7CCredit%20cards&cd23=Buy%20Now%20Pay%20Later&cd24=non%20metered&cd27=(not%20set)&cd28=P70F2B436-31E2-4369-A3CB-294DC350A880&cd29=afr.com-brand%20only&cd38=&cd40=desktop&cd42=https%3A%2F%2Fwww.afr.com%2Fcompanies%2Ffinancial-services%2Fcba-launches-steppay-lifts-payment-revenue-20210817-p58je4&cd46=CBA%20launches%20StepPay%2C%20lifts%20payment%20revenue&cd56=visitor&cd57=false&cd60=&cd62=&cd63=&cd64=&cd65=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F89.0.4389.72%20Safari%2F537.36&cd66=&promo1cr=companies&promo1id=inline&promo1nm=meter&promo1ps=Save%2050%25%20for%20your%20first%203%20months.&z=616773000

Requested by

Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 Aug 2021 22:24:24 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 45377
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 track_page_view
nova.collect.igodigital.com/c2/10510523/ 43 B
711 B 138ms
127ms Image
image/gif 23.21.180.34
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://nova.collect.igodigital.com/c2/10510523/track_page_view?payload=%7B%22title%22%3A%22CBA%20launches%20StepPay%2C%20lifts%20payment%20revenue%22%2C%22url%22%3A%22https%3A%2F%2Fwww.afr.com%2Fcompanies%2Ffinancial-services%2Fcba-launches-steppay-lifts-payment-revenue-20210817-p58je4%22%2C%22referrer%22%3A%22%22%2C%22user_info%22%3A%7B%7D%7D

Requested by

Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

23.21.180.34 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-23-21-180-34.compute-1.amazonaws.com

Software

Resource Hash

98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-runtime: 0.005529
date: Wed, 18 Aug 2021 11:00:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
etag: W/"98b3d9d20e032f90aca49e9b116225d5"
x-frame-options: SAMEORIGIN
content-type: image/gif
cache-control: private
content-transfer-encoding: binary
content-disposition: inline
vary: Accept-Encoding
x-xss-protection: 1; mode=block
x-request-id: 5ac005f1-6f90-4c87-94fb-e5aa7059c679

GET
H2 200 ls.html Show response
cdn-gl.imrworldwide.com/novms/html/ Frame 3F56 12 KB
4 KB 15ms
15ms Document
text/html 2600:9000:2190:9800:2:42d9:3100:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-gl.imrworldwide.com/novms/html/ls.html
Requested by: Host: cdn-gl.imrworldwide.com
URL: https://cdn-gl.imrworldwide.com/novms/js/2/nlsSDK600.bundle.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2190:9800:2:42d9:3100:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c1ca15aa8598ac972f25c8812a1c189cd22f8926ec7b890bc8ea6a70a7779fd1

Request headers

:method: GET
:authority: cdn-gl.imrworldwide.com
:scheme: https
:path: /novms/html/ls.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.afr.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.afr.com/

Response headers

content-type: text/html
last-modified: Tue, 17 Aug 2021 13:40:58 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: zpOrZdUsdtFSUglONNnszp78Z80REEcP
server: AmazonS3
content-encoding: gzip
date: Wed, 18 Aug 2021 10:19:00 GMT
cache-control: max-age=86400
etag: W/"7fa83dfc7b78314b137e2eb13834daa7"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a70d280cd058ea89c08954ea0ad67199.cloudfront.net (CloudFront)
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: Y4B1d33RpU-qrJQeRDPS1qa2pRvN8iUPWrfkNLruI84kIc4pp1xFDA==
age: 2502

POST
H3-29 200 /
www.facebook.com/tr/ 0
15 B 7ms
7ms Ping
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundary5XGDgusVJck7vFMk

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
server: proxygen-bolt
date: Wed, 18 Aug 2021 11:00:41 GMT
content-type: text/plain
access-control-allow-origin: https://www.afr.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
content-length: 0
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority: u=3,i

GET
H3-29 200 /
www.facebook.com/tr/ 44 B
88 B 8ms
7ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=953970877989909&ev=PageView&dl=https%3A%2F%2Fwww.afr.com%2Fcompanies%2Ffinancial-services%2Fcba-launches-steppay-lifts-payment-revenue-20210817-p58je4&rl=&if=false&ts=1629284441584&cd[user.status]=visitor&cd[brand]=afr&cd[page.type]=article&cd[section.primaryCategory]=companies&cd[section.subCategory]=financialservices&cd[page.renderedPlatform]=WEB&cd[Container%20ID]=GTM-NN4PPKH&cd[page.name]=CBA%20launches%20StepPay%2C%20lifts%20payment%20revenue&cd[page.primaryTag]=Buy%20Now%20Pay%20Later&cd[page.author]=James%20Eyers&cd[page.fullPageLoad]=true&cd[userAgent]=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F89.0.4389.72%20Safari%2F537.36&sw=1600&sh=1200&v=2.9.44&r=stable&ec=0&o=30&fbp=fb.1.1629284440833.365429931&it=1629284440239&coo=false&rqm=GET

Requested by

Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 11:00:41 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority: u=3,i
expires: Wed, 18 Aug 2021 11:00:41 GMT

GET
H3-29 200 /
www.facebook.com/tr/ 44 B
88 B 8ms
7ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=419599435931961&ev=Paywall&dl=https%3A%2F%2Fwww.afr.com%2Fcompanies%2Ffinancial-services%2Fcba-launches-steppay-lifts-payment-revenue-20210817-p58je4&rl=&if=false&ts=1629284441586&cd[eventCategory]=meter&cd[eventLabel]=inline&cd[eventAction]=meter%20impression&cd[userStatus]=visitor&sw=1600&sh=1200&v=2.9.44&r=stable&a=tmgoogletagmanager&ec=1&o=30&fbp=fb.1.1629284440833.365429931&it=1629284440239&coo=false&rqm=GET

Requested by

Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 11:00:41 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority: u=3,i
expires: Wed, 18 Aug 2021 11:00:41 GMT

GET
H3-29 200 /
www.facebook.com/tr/ 44 B
88 B 14ms
12ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1831268437115893&ev=Paywall&dl=https%3A%2F%2Fwww.afr.com%2Fcompanies%2Ffinancial-services%2Fcba-launches-steppay-lifts-payment-revenue-20210817-p58je4&rl=&if=false&ts=1629284441590&cd[eventCategory]=meter&cd[eventLabel]=inline&cd[eventAction]=meter%20impression&cd[userStatus]=visitor&sw=1600&sh=1200&v=2.9.44&r=stable&ec=1&o=30&fbp=fb.1.1629284440833.365429931&it=1629284440239&coo=false&rqm=GET

Requested by

Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 11:00:41 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority: u=3,i
expires: Wed, 18 Aug 2021 11:00:41 GMT

GET
H3-29 200 /
www.facebook.com/tr/ 44 B
88 B 14ms
13ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=953970877989909&ev=Paywall&dl=https%3A%2F%2Fwww.afr.com%2Fcompanies%2Ffinancial-services%2Fcba-launches-steppay-lifts-payment-revenue-20210817-p58je4&rl=&if=false&ts=1629284441591&cd[eventCategory]=meter&cd[eventLabel]=inline&cd[eventAction]=meter%20impression&cd[userStatus]=visitor&sw=1600&sh=1200&v=2.9.44&r=stable&ec=1&o=30&fbp=fb.1.1629284440833.365429931&it=1629284440239&coo=false&rqm=GET

Requested by

Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 11:00:41 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority: u=3,i
expires: Wed, 18 Aug 2021 11:00:41 GMT

GET
H3-29 200 /
www.facebook.com/tr/ 44 B
88 B 14ms
13ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=419599435931961&ev=Metered%20Page%20Visitor&dl=https%3A%2F%2Fwww.afr.com%2Fcompanies%2Ffinancial-services%2Fcba-launches-steppay-lifts-payment-revenue-20210817-p58je4&rl=&if=false&ts=1629284441593&cd[eventCategory]=meter&cd[eventLabel]=inline&cd[userStatus]=visitor&sw=1600&sh=1200&v=2.9.44&r=stable&a=tmgoogletagmanager&ec=2&o=30&fbp=fb.1.1629284440833.365429931&it=1629284440239&coo=false&rqm=GET

Requested by

Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 11:00:41 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority: u=3,i
expires: Wed, 18 Aug 2021 11:00:41 GMT

GET
H3-29 200 /
www.facebook.com/tr/ 44 B
88 B 14ms
13ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1831268437115893&ev=Metered%20Page%20Visitor&dl=https%3A%2F%2Fwww.afr.com%2Fcompanies%2Ffinancial-services%2Fcba-launches-steppay-lifts-payment-revenue-20210817-p58je4&rl=&if=false&ts=1629284441595&cd[eventCategory]=meter&cd[eventLabel]=inline&cd[userStatus]=visitor&sw=1600&sh=1200&v=2.9.44&r=stable&ec=2&o=30&fbp=fb.1.1629284440833.365429931&it=1629284440239&coo=false&rqm=GET

Requested by

Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 11:00:41 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority: u=3,i
expires: Wed, 18 Aug 2021 11:00:41 GMT

GET
H3-29 200 /
www.facebook.com/tr/ 44 B
88 B 14ms
13ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=953970877989909&ev=Metered%20Page%20Visitor&dl=https%3A%2F%2Fwww.afr.com%2Fcompanies%2Ffinancial-services%2Fcba-launches-steppay-lifts-payment-revenue-20210817-p58je4&rl=&if=false&ts=1629284441596&cd[eventCategory]=meter&cd[eventLabel]=inline&cd[userStatus]=visitor&sw=1600&sh=1200&v=2.9.44&r=stable&ec=2&o=30&fbp=fb.1.1629284440833.365429931&it=1629284440239&coo=false&rqm=GET

Requested by

Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 11:00:41 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority: u=3,i
expires: Wed, 18 Aug 2021 11:00:41 GMT

GET
H/1.1 200
OK /
p1.parsely.com/plogger/ 43 B
260 B 466ms
115ms Image
image/gif 54.144.144.142
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p1.parsely.com/plogger/?rand=1629284441648&plid=16774715&idsite=afr.com&url=https%3A%2F%2Fwww.afr.com%2Fcompanies%2Ffinancial-services%2Fcba-launches-steppay-lifts-payment-revenue-20210817-p58je4&urlref=&screen=1600x1200%7C1600x1200%7C24&data=%7B%22_pageviewID%22%3A%22A211D3CF-5AF3-4B6E-929F-3E8110507F65%22%2C%22user_engagement%22%3A%22single%2Floyal%22%7D&sid=1&surl=https%3A%2F%2Fwww.afr.com%2Fcompanies%2Ffinancial-services%2Fcba-launches-steppay-lifts-payment-revenue-20210817-p58je4&sref=&sts=1629284441638&slts=0&title=CBA+launches+StepPay%2C+lifts+payment+revenue&date=Wed+Aug+18+2021+13%3A00%3A41+GMT%2B0200+(Central+European+Summer+Time)&action=pageview&js=1&pvid=68834108&u=pid%3Dc88866909c7d47e566600d377dc5aa92
Requested by: Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.144.144.142 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-144-144-142.compute-1.amazonaws.com
Software: nginx /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 18 Aug 2021 11:00:42 GMT
Cache-Control: no-cache
Last-Modified: Wednesday, 18-Aug-2021 11:00:42 GMT
Server: nginx
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

POST
H3-29 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
25 B 32ms
14ms XHR
text/plain 2a00:1450:400c:c08::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j92&tid=UA-91053368-8&cid=919107620.1629284441&jid=1267160987&gjid=1187369915&_gid=228732433.1629284441&_u=aGBAAEAKAAAAAC~&z=82098195

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c08::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Wed, 18 Aug 2021 11:00:41 GMT
content-type: text/plain
access-control-allow-origin: https://www.afr.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

demconf.jpg
dpm.demdex.net/ Frame 5B80
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D358%26dpuuid%3D%24UID
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fdpm.demdex.net%252Fibs%253Adpid%253D358%2526dpuuid%253D%2524UID
https://dpm.demdex.net/ibs:dpid=358&dpuuid=5540616611377753189
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=358&dpuuid=5540616611377753189

42 B
958 B

109ms
49ms

Image
image/gif

18.203.33.226
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=358&dpuuid=5540616611377753189

Requested by

Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.203.33.226 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-203-33-226.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://fairfaxau.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v012-070ade798.edge-irl1.demdex.com 6.3.1.20210623115127
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: IuPwQ2GQRfA=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS: dcs-prod-irl1-2-v012-0724e0829.edge-irl1.demdex.com 6.3.1.20210623115127
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: uSJdLNDOQdg=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=358&dpuuid=5540616611377753189
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 gn
secure-dcr.imrworldwide.com/cgi-bin/ Frame 3F56 44 B
559 B 52ms
47ms Image
image/gif 54.246.201.247
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-dcr.imrworldwide.com/cgi-bin/gn?prd=session&c9=devid,&c13=asid,P70F2B436-31E2-4369-A3CB-294DC350A880&sessionId=gkwfkymfrgeikgjzv2gq2bel5ypbf1629284441&c16=sdkv,bj.6.0.0&uoo=&fp_id=&fp_cr_tm=&fp_acc_tm=&fp_emm_tm=&ve_id=&c30=bldv,6.0.0.602&uid2=&uid2_token=&hem_sha256=&hem_sha1=&hem_md5=&hem_unknown=&sdd=retry,~~retryreason,~~devmodel,~~devtypid,~~sysname,~~sysversion,~~manuf,&retry=0
Requested by: Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.246.201.247 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-246-201-247.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 5ecb58845a9ac30e4eb4b18eb0e7431ba1fb195ce035309735efaee67421c7a3

Request headers

Referer: https://cdn-gl.imrworldwide.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 11:00:41 GMT
server: nginx
access-control-allow-methods: POST, OPTIONS
p3p: P3P policyref="http://secure-dcr.imrworldwide.com/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
access-control-allow-origin: *
cache-control: no-cache
cross-origin-resource-policy: cross-origin
content-type: image/gif
content-length: 44
expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H2 200 /
gkwfkymfrgeikgjzv2gq2bel5ypbf1629284441.nuid.imrworldwide.com/ Frame 3F56 35 B
349 B 57ms
13ms Image
image/gif 2600:9000:2156:c200:1d:667e:2a40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gkwfkymfrgeikgjzv2gq2bel5ypbf1629284441.nuid.imrworldwide.com/
Requested by: Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:c200:1d:667e:2a40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://cdn-gl.imrworldwide.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 01:33:48 GMT
via: 1.1 e64eb476d8f76c461d21278e018e194f.cloudfront.net (CloudFront)
last-modified: Tue, 11 Sep 2018 17:05:20 GMT
server: AmazonS3
age: 34014
etag: "c2196de8ba412c60c22ab491af7b1409"
x-cache: Hit from cloudfront
content-type: image/gif
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 35
x-amz-cf-id: rF9MLaLUZ5Fw4waucodSr24eBJbVisdejW9fIIzahXjmjfmab3xpRA==

GET
H3-29 200 ga-audiences
www.google.com/ads/ 42 B
63 B 34ms
33ms Image
image/gif 2a00:1450:4001:809::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-91053368-8&cid=919107620.1629284441&jid=1267160987&_u=aGBAAEAKAAAAAC~&z=1959882605

Requested by

Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 11:00:41 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 ga-audiences
www.google.de/ads/ 42 B
63 B 28ms
27ms Image
image/gif 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-91053368-8&cid=919107620.1629284441&jid=1267160987&_u=aGBAAEAKAAAAAC~&z=1959882605

Requested by

Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 11:00:41 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

ibs:dpid=470&dpuuid=8668025462436669173
dpm.demdex.net/ Frame 5B80
Redirect Chain

https://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMjM2NTYzMjkvdC8y/url/https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D470%26dpuuid%3D%24!%7BTURN_UUID%7D
https://dpm.demdex.net/ibs:dpid=470&dpuuid=8668025462436669173

42 B
958 B

100ms
49ms

Image
image/gif

18.203.33.226
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=470&dpuuid=8668025462436669173

Requested by

Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.203.33.226 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-203-33-226.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://fairfaxau.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v012-044ab1bbb.edge-irl1.demdex.com 6.3.1.20210623115127
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: u2kc8UllTXs=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

location: https://dpm.demdex.net/ibs:dpid=470&dpuuid=8668025462436669173
pragma: no-cache
date: Wed, 18 Aug 2021 11:00:40 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

GET
H/1.1 204
No Content token
token.rubiconproject.com/ Frame 5B80 0
719 B 93ms
24ms Image
text/plain 69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://token.rubiconproject.com/token?pid=6404&puid=58701520801729284010511172961087358693&gdpr=0&gdpr_consent=
Requested by: Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://fairfaxau.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
X-RPHost: a66cbf3142c6ef39e3614b84a34262cf
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

POST
H3-29 200 /
www.facebook.com/tr/ 0
15 B 6ms
6ms Ping
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundary28DF8SdrYA8nUbvw

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
server: proxygen-bolt
date: Wed, 18 Aug 2021 11:00:41 GMT
content-type: text/plain
access-control-allow-origin: https://www.afr.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
content-length: 0
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority: u=3,i

GET
H/1.1

200
OK

ibs:dpid=466&dpuuid=%s
dpm.demdex.net/ Frame 5B80
Redirect Chain

https://image5.pubmatic.com/AdServer/usersync/usersync.html?predirect=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid=466%26dpuuid=PM_UID&userIdMacro=PM_UID
https://dpm.demdex.net/ibs:dpid=466&dpuuid=%s

42 B
976 B

47ms
45ms

Image
image/gif

18.203.33.226
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=466&dpuuid=%s

Requested by

Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.203.33.226 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-203-33-226.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://fairfaxau.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v012-012f73cb5.edge-irl1.demdex.com 6.3.1.20210623115127
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-Error: 300,104
X-TID: w2coqQVtTEw=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

pragma: no-cache
date: Wed, 18 Aug 2021 11:00:42 GMT
server: nginx
etag: "60b842b3-cde"
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
location: https://dpm.demdex.net/ibs:dpid=466&dpuuid=%s
cache-control: max-age=0, no-cache, no-store
content-type: text/html
content-length: 154
expires: Wed, 18 Aug 2021 11:00:42 GMT

GET
H/1.1

200
OK

ibs:dpid=771&dpuuid=CAESECJ07hRreZ9pkNMzd8ZsGrk&google_cver=1
dpm.demdex.net/ Frame 5B80
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm&gdpr=0&gdpr_consent=&google_hm=NTg3MDE1MjA4MDE3MjkyODQwMTA1MTExNzI5NjEwODczNTg2OTM=
https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESECJ07hRreZ9pkNMzd8ZsGrk&google_cver=1?gdpr=0&gdpr_consent=

42 B
958 B

51ms
51ms

Image
image/gif

18.203.33.226
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESECJ07hRreZ9pkNMzd8ZsGrk&google_cver=1?gdpr=0&gdpr_consent=

Requested by

Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.203.33.226 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-203-33-226.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://fairfaxau.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v012-0ade9229d.edge-irl1.demdex.com 6.3.1.20210623115127
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: C6VSKA3HS7I=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

pragma: no-cache
date: Wed, 18 Aug 2021 11:00:41 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESECJ07hRreZ9pkNMzd8ZsGrk&google_cver=1?gdpr=0&gdpr_consent=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 314
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

ibs:dpid=782&dpuuid=YRzoWgAASCMruABD
dpm.demdex.net/ Frame 5B80
Redirect Chain

https://rtd.tubemogul.com/upi/pid/r7ifn0SL?redir=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D782%26dpuuid%3D%24%7BTM_USER_ID%7D
https://rtd-tm.everesttech.net/upi/pid/r7ifn0SL?redir=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D782%26dpuuid%3D%24%7BTM_USER_ID%7D
https://rtd-tm.everesttech.net/ct/upi/pid/r7ifn0SL?redir=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D782%26dpuuid%3D%24%7BTM_USER_ID%7D&_test=YRzoWgAASCMruABD
https://dpm.demdex.net/ibs:dpid=782&dpuuid=YRzoWgAASCMruABD

42 B
964 B

53ms
52ms

Image
image/gif

18.203.33.226
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=782&dpuuid=YRzoWgAASCMruABD

Requested by

Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.203.33.226 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-203-33-226.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://fairfaxau.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

DCS: dcscanary-prod-irl1-1-v018-0d697b020.edge-irl1.demdex.com 6.3.1.20210623115127
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: pX857VrkRzU=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

pragma: no-cache
date: Wed, 18 Aug 2021 11:00:42 GMT
via: 1.1 varnish
server: Jetty(9.4.35.v20201120)
x-timer: S1629284442.155823,VS0,VE94
x-served-by: cache-fra19125-FRA
x-cache: MISS
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
location: https://dpm.demdex.net/ibs:dpid=782&dpuuid=YRzoWgAASCMruABD
cache-control: no-cache
accept-ranges: bytes
access-control-allow-origin: *
content-length: 0
x-cache-hits: 0

GET
H/1.1

200
OK

ibs:dpid=832&dpuuid=EUX2889609206026708622
dpm.demdex.net/ Frame 5B80
Redirect Chain

https://sync.adap.tv/demdex_user_sync
https://sync.adaptv.advertising.com/demdex_user_sync?
https://dpm.demdex.net/ibs:dpid=832&dpuuid=EUX2889609206026708622

42 B
958 B

51ms
51ms

Image
image/gif

18.203.33.226
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=832&dpuuid=EUX2889609206026708622

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.203.33.226 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-203-33-226.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://fairfaxau.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v012-0ce83c453.edge-irl1.demdex.com 6.3.1.20210623115127
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: U2ANSZHvSbk=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location: //dpm.demdex.net/ibs:dpid=832&dpuuid=EUX2889609206026708622
Server: ribs2.0
Connection: keep-alive
Content-Length: 0
Content-Type: text/plain

GET
H/1.1

200
OK

ibs:dpid=23728&dpuuid=YRzoWhHkyq2q1BcvlLByDwAA%261169
dpm.demdex.net/ Frame 5B80
Redirect Chain

https://ssum.casalemedia.com/usermatchredir?s=183607&cb=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D23728%26dpuuid%3D__UID__
https://ssum.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D23728%26dpuuid%3D__UID__&s=183607&C=1
https://dpm.demdex.net/ibs:dpid=23728&dpuuid=YRzoWhHkyq2q1BcvlLByDwAA%261169

42 B
958 B

55ms
51ms

Image
image/gif

18.203.33.226
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=23728&dpuuid=YRzoWhHkyq2q1BcvlLByDwAA%261169

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.203.33.226 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-203-33-226.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://fairfaxau.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v012-03fb4066a.edge-irl1.demdex.com 6.3.1.20210623115127
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: iqfX1p4zTd4=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Pragma: no-cache
Date: Wed, 18 Aug 2021 11:00:43 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dpm.demdex.net/ibs:dpid=23728&dpuuid=YRzoWhHkyq2q1BcvlLByDwAA%261169
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 264
Expires: Wed, 18 Aug 2021 11:00:43 GMT

GET
H/1.1

200
OK

ibs:dpid=30064&dpuuid=2FyUBq-H8Wx5jXmVmToQZonstRzRX2y1_q1VPoBuJs44
dpm.demdex.net/ Frame 5B80
Redirect Chain

https://ps.eyeota.net/match?bid=6j5b2cv&uid=58701520801729284010511172961087358693&r=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D30064%26dpuuid%3D%7BUUID_6j5b2cv%7D
https://ps.eyeota.net/match/bounce/?bid=6j5b2cv&uid=58701520801729284010511172961087358693&r=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D30064%26dpuuid%3D%7BUUID_6j5b2cv%7D
https://dpm.demdex.net/ibs:dpid=30064&dpuuid=2FyUBq-H8Wx5jXmVmToQZonstRzRX2y1_q1VPoBuJs44

42 B
958 B

54ms
53ms

Image
image/gif

18.203.33.226
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=30064&dpuuid=2FyUBq-H8Wx5jXmVmToQZonstRzRX2y1_q1VPoBuJs44

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.203.33.226 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-203-33-226.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://fairfaxau.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v012-0461d9108.edge-irl1.demdex.com 6.3.1.20210623115127
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: UvQfX0fGRpA=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location: https://dpm.demdex.net/ibs:dpid=30064&dpuuid=2FyUBq-H8Wx5jXmVmToQZonstRzRX2y1_q1VPoBuJs44
Date: Wed, 18 Aug 2021 11:00:44 GMT
Content-Length: 0
P3P: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"

GET
H/1.1

200
OK

ibs:dpid=30646
dpm.demdex.net/ Frame 5B80
Redirect Chain

https://cms.analytics.yahoo.com/cms?partner_id=ADOBE&_hosted_id=58701520801729284010511172961087358693&gdpr=0&gdpr_consent=
https://dpm.demdex.net/ibs:dpid=30646?dpuuid=y-zeiXHVxE2pEvdYkjcnTBWZig_cwh8yehFWA-~A

42 B
958 B

609ms
48ms

Image
image/gif

18.203.33.226
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=30646?dpuuid=y-zeiXHVxE2pEvdYkjcnTBWZig_cwh8yehFWA-~A

Requested by

Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.203.33.226 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-203-33-226.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://fairfaxau.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v012-04fed2ec9.edge-irl1.demdex.com 6.3.1.20210623115127
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: E0E8NWwxTJY=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

date: Wed, 18 Aug 2021 11:00:42 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
content-type: text/html;charset=utf-8
location: https://dpm.demdex.net/ibs:dpid=30646?dpuuid=y-zeiXHVxE2pEvdYkjcnTBWZig_cwh8yehFWA-~A
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000
content-length: 0
x-content-type-options: nosniff

GET
H/1.1

200
OK

ibs:dpid=481&dpuuid=KSHDW162-G-9YBB
dpm.demdex.net/ Frame 5B80
Redirect Chain

https://token.rubiconproject.com/token?pid=6404&puid=58701520801729284010511172961087358693&gdpr=0&gdpr_consent=
https://dpm.demdex.net/ibs:dpid=481&dpuuid=KSHDW162-G-9YBB?gdpr=0

42 B
958 B

89ms
58ms

Image
image/gif

18.203.33.226
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=481&dpuuid=KSHDW162-G-9YBB?gdpr=0

Requested by

Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.203.33.226 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-203-33-226.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://fairfaxau.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v012-0c9ddea73.edge-irl1.demdex.com 6.3.1.20210623115127
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: O95gFWLzTuk=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location: https://dpm.demdex.net/ibs:dpid=481&dpuuid=KSHDW162-G-9YBB?gdpr=0
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: a66cbf3142c6ef39e3614b84a34262cf
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

ibs:dpid=771&dpuuid=CAESEO84maMd6agPbkmnjXgvZ0c&google_cver=1
dpm.demdex.net/ Frame 5B80
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm&gdpr=0&gdpr_consent=&google_hm=NTg3MDE1MjA4MDE3MjkyODQwMTA1MTExNzI5NjEwODczNTg2OTM=
https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm=&gdpr=0&gdpr_consent=&google_hm=NTg3MDE1MjA4MDE3MjkyODQwMTA1MTExNzI5NjEwODczNTg2OTM=&google_tc=
https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEO84maMd6agPbkmnjXgvZ0c&google_cver=1?gdpr=0&gdpr_consent=

42 B
958 B

54ms
52ms

Image
image/gif

18.203.33.226
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEO84maMd6agPbkmnjXgvZ0c&google_cver=1?gdpr=0&gdpr_consent=

Requested by

Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.203.33.226 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-203-33-226.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://fairfaxau.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v012-0b80c2d87.edge-irl1.demdex.com 6.3.1.20210623115127
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: 02pPpU5QRw0=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

pragma: no-cache
date: Wed, 18 Aug 2021 11:00:42 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEO84maMd6agPbkmnjXgvZ0c&google_cver=1?gdpr=0&gdpr_consent=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 314
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 2E4E 6 KB
3 KB 17ms
17ms Document
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021081201.js?31062301

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.afr.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.afr.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Wed, 18 Aug 2021 11:00:41 GMT
expires: Thu, 18 Aug 2022 11:00:41 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 container.html Show response
ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 9BCB 6 KB
3 KB 12ms
12ms Document
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021081201.js?31062301

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.afr.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.afr.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Wed, 18 Aug 2021 11:00:41 GMT
expires: Thu, 18 Aug 2022 11:00:41 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 72 KB
27 KB 24ms
21ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021081201.js?31062301

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61fe4436f1d882b3acd98fb2763984bacd382664582f4918647b89894f46b871

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 11:00:42 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1629113446242536"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27733
x-xss-protection: 0
expires: Wed, 18 Aug 2021 11:00:42 GMT

POST
H2 200 /
www.facebook.com/tr/ 0
104 B 6ms
6ms Ping
text/plain 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundary97xdcSAneJPINECZ

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
server: proxygen-bolt
date: Wed, 18 Aug 2021 11:00:42 GMT
content-type: text/plain
access-control-allow-origin: https://www.afr.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 0

GET
H2

200

/ Show response
adc.nine.com.au/ Frame 1630
Redirect Chain

https://ib.adnxs.com/getuid?https://adc.nine.com.au?appNexusUid=$UID
https://adc.nine.com.au/?appNexusUid=5540616611377753189

89 B
472 B

339ms
339ms

Document
application/json

54.252.144.234
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://adc.nine.com.au/?appNexusUid=5540616611377753189

Requested by

Host: adc-js.nine.com.au
URL: https://adc-js.nine.com.au/adc.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.252.144.234 Sydney, Australia, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-252-144-234.ap-southeast-2.compute.amazonaws.com

Software

awselb/2.0 /

Resource Hash

25b85144f16a2def646929df9d3d32fca2f8f6e17df1f78a195b99691f33e517

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000

Request headers

:method: GET
:authority: adc.nine.com.au
:scheme: https
:path: /?appNexusUid=5540616611377753189
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.afr.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: NUID=3447da2424044865bafafc1a7baf70df
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.afr.com/

Response headers

server: awselb/2.0
date: Wed, 18 Aug 2021 11:00:42 GMT
content-type: application/json; charset=utf-8
content-length: 89
api-supported-versions: 1.0
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
cache-control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
set-cookie: NUID=3447da2424044865bafafc1a7baf70df; expires=Thu, 18 Aug 2022 11:00:42 GMT; domain=.nine.com.au; path=/; secure; samesite=none; sameparty
strict-transport-security: max-age=2592000

Redirect headers

Server: nginx/1.17.9
Date: Wed, 18 Aug 2021 11:00:42 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Location: https://adc.nine.com.au?appNexusUid=5540616611377753189
AN-X-Request-Uuid: ed1f9dda-5667-4103-87bf-1357781ca74a
Set-Cookie: uuid2=5540616611377753189; SameSite=None; Path=/; Max-Age=7776000; Expires=Tue, 16-Nov-2021 11:00:42 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 185.156.175.109; 185.156.175.109; 693.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 6312 478 B
303 B 19ms
19ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CKaD7pMCEL724ZUCGOzF5awBMAE&v=APEucNUNBjV6FZNNtq0MIix9vC5ycR9PObpyLBBRTwdgCFS9w1xIGOMicj21MftxLuqhLzarMxpKolB7oIt9YWuJ40jvHiv5pQ

Requested by

Host: ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com
URL: https://ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0414d0221112224b4c926de91a6e316f9d9aba685aa8b05fd0654848d8fcdf55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CKaD7pMCEL724ZUCGOzF5awBMAE&v=APEucNUNBjV6FZNNtq0MIix9vC5ycR9PObpyLBBRTwdgCFS9w1xIGOMicj21MftxLuqhLzarMxpKolB7oIt9YWuJ40jvHiv5pQ
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUliKZt5BhiOqvFUbIxfUcmFBkHUsj58KmtCKS6-t5rH_y1NTgXy4HYjKZh3voI
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Wed, 18 Aug 2021 11:00:42 GMT
server: cafe
cache-control: private
content-length: 230
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 2E4E 72 KB
28 KB 47ms
47ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-B0fE9e9uMvrYArokp_fa3YJuTUspvUobfxZVo3P2KrM3VbT_g8DpISud4BPMkljMJFqRpMwIz0qjjyL5RA3mwpU439eFZIYlivXC8vmgUtND5zsfMXIZ96gzlhGlrHq7LiNQIUYPkoMetjoJoxGF8a4u_3lA&dbm_d=AKAmf-BP-43DmIwhyyEv-mtbCSwBJQT97bbzjMwnn4Qa4Px6bcYin573nMaXCI9zSWM3m6w41H2sGsneHO-YlYpoIZLNw5O8nI1hevZhtQP--caiXZbQ_XC_4iPydqdwxEnwcAhBmH8YULduLzix71bzSJtEPd38sdUz-39oni01KRz2QrAFJPWvsaoNYiUunSYjfVBVjVGofXvKj3uPVw4w_kw55miL2lUoHtn1J7mVjxBw9p85cOaHwmhHftRco_27w-ZT-f7XlxiYCCHmxGPZMRkiQEoue4yh3sv848BZN5qTUwRRlNUudu2eeL-O-6QFF7FZYtPSjVfVgcmJ3vdG24FvNUKkDW5y7_YYYqD3Zi_7KebGvyXwwvOXH5tmVPtguh1uSV1XMGGpP_-0Mg52AeNigrSlB-x9Ho_6GYLNS2CoPmUqioJrhlJ_AhRGbJTYhMPfgwKK2oZa5V7cDLdb2gmrl660V5vNw40TfBfm50eXcI9pLLojxZZ6tZQdVKafNtgaTY1E-FN-3wljehu9Qd24MQiFCqtw3M5piQo8JH1quXQyuHykKV8awiQp3qc9SKPLbYo4t1WCpne89IZbD77ySlNg6fh18C9PSXpxduj2k2Nh8E4q8ca9vSN7imLDxG8qJYPEVI5nN1rc_YmhbCqDCwcanxrboe1SDCtkU86aIQH3XuNkIyvxpuM44zv9tTXaWJmXkaPx5eUjRADaei3EIJRuBnGE05k2zagQmxwQHefRH9M77AWwd7idLaST-ck2oyY48-wuCGxavH3x7dz3sKE8uP6geZfpwMHw4Zg7WrzMU8DqloRhGXNIJhJMEjMBnU-lnCm-IsCy8-_PMuCI6EuUa_5otrmX3rkaNWfISZ58j9mYPu0G7zSAtdmiTZQ4owDwcp_QQ_9h08HQNvq-LsrxBnSyDU5MQBTYgndq8OYk7ioGXMyjNSA9O2Vtg3je2vkRwZW9ZKOOUBdCbQ0gEWfELPiraSjTLTcRjKTCoJ3cI-54kMHWwoiKl74NmLHRP9ZD7YjA8e8WqV0GVJlXDZxBW_UjPXaX1GdXuLr1PkVPnoZusHv5BRVkWAKw6WuElRKpx0kW215m-7jz627hvpnUHl8oFOqg8eoX8uaBIDee_HiHSrLso-tS3BNuluCFN0SOHm0TOSxt29D-livEEvGlRxs26wgrPYKRxLXHk_K74Nh6s1690pBXyERNyu1UtCFGpGR1EwuxIDle1zS1AgMscdCzQsNyoyqlmvO3iDnhwCJwMlRu2Hy77DHpUDc4UUFfnOS6mAhSogYpMSKj4Zj8zJH9IiRCkadXXu3QjaKDS2szOKVO4eojqpAWkAGf7yVLO-4KxHYIX0w1RmiKo1vnP8o9LeI8b7Wk6ndkynvM71zBTlbYSUx3cl7jtIkvZ8nBwqKLhLx9aFkq-C9-8fJ7TZZMDuxcdbxbUwi57BLRSZxjFMoAE1nxxZqiw3g9KrVhSdUs-ysJrv-j8UhDv4AyJLFvtlCicGr3cQIBm3A9UQRL_IE38Z3JiTwWsUe2mcxx3DeG2kgX2ddhDidZebpv66L6sZbv6hsvVljDucAT4X_5BZrWOsIGPC8ENMO-jRhC1zrTmhpvbgoJd3SXJ4NThh1U9QkN5F_yNDN8A4xzF9Y85bGesL7RWJvlc7U665G_jWbTci336VCv-UG9cYK2537_1uo8Vlk9TrkRgXgbUGLc5SKoU9skMsc5PeRhU1GA2KSW_ubyhPRopTlYv_YhokSHHqLrGzDReYKRgr7VQq4tHDK-B0IL_zmKfnsAFLkgMVP3oYVlnpvmIrSKyTGamELGMfiAaEZ8Svxh25vJ_WgofkTNtqv-7OlEwvf9T7DCwvmUG1vhGyL1cN9QRtGMvX-jMxLftMfpTvqF9wARz0poUlK1eIF4GmGjDSo3B-COSBf7gRBoxbiKUofg_HfLmXhGgCJLhn0OxR6Z1wOD2sbjxfcQtqzls_AUmspb5oM_Nc3AHmCT3Kxqu7lCSE3QyLqgcrkfSsD6qhHQj04joDARuWIwf2T0H4YLGrN9ebOf1eW3OIQHaT9iPFiFbbK9tC91p5jD4OxTG5q8qsYCRRF0OSzeJraoKjLzBY5oB8jwxDgs2Wf3tBlfM_DEgwbZSt3_Q88T2QoIpHYpv96--0YjzEhVaaYo6fDTV9fG2FZoTmjmdYMdbpf9ah8vo9V7uiN9im3LbQGeF3AJi7xecoP7XW0EXdvk3Ak2RZb35trvCeB2DXKtVDCDiPnm_apBKt-p1Ppj0XQOb0uwlJ7JBQP7IyEz13Y2SZuvJ351rkUm7CLZh4g8j25erL7Tr3CPYQZMo-gwJReBMYNPnTHNBSwfy_p_1uSHARt6Qz7-M0GYXIwioG9iEZEN8ITDgbwUs7hILQ3u6dj7vS2HH7ND-hdoKuFXfeDEUtRHuL_dcgkiOWokVyhSwWUYG7rvzN45lpA_vunqUWrNXK7X5VlIuj1tLbqSctvvNHBOyrJP44ArOGwivv7yMb4NutDPTmfGagIBm4zyoE5sFAp1PB-_GB7h9jFUqk6GFuTqhZr1ytYLXKKVrGAW9PfkYSwCvuZBWXLqJd5fH5kEow4YjrGrwAD89EMJYb3dsu2JuoK5Mr0lRo8zp6dqJ9nDN0B-MKZ0xwXuwAJ69BCBd2PdSzZRXKyAw9LWy_jjutKeGppZS2tcItYOjaVPjfU7FupmDrtOREIQlkw4jT9VoZtLnnYz29ZaaaBEp2rwe6sXHI_GToRnke_Q3kYwf6ORwd4JfvadDR55c0kF2Mgga1QO6DSfSyi-kzHBqVE8SitXvDf5MTojZQV9xIfxBGLziHlp-DAwKqJjWBWG14wrBw7EMwv52e1rkoQ_tCkIT7tHS3bk4ErPqnb7CIlNtw9g-sS0u_R0wEr01kMfH9zxT0ywnqUeoCsVe4Z6WUFX5XVRq1VPbkmWxGfJuibWOMCL35HA5e0POotNT-k9Xvquzb4rMD33Ova79LsG0qXETOKg1vZOHzCZx7VEVA2XdlTGH17GeBHj19wZV64BgSFXPqsvWW9caSqLmz4M50DXWkATzHTZfEmcAzWmQfUSZYsGzowBOgRQKm2yEfN6c2xAfviIzLFK_gA&cid=CAASEuRovJUmn_hj798LHDU3ivX9jw&rfl=1%2Chttps%253A%252F%252Fwww.afr.com%252F%240

Requested by

Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

99980ee00c64587dbf7d47b2f59317458d752915d8a2e6b17ba76b9f120c7e37

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 11:00:42 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29032
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2E4E 42 B
173 B 28ms
26ms Image
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-Da0uhIV9M4K-yBDoUouE0YVBqceFE1o9WP8Zi1WKimcLZZLW0quCqgSYcwtk48j-5OEv87GFfDb05jBs5wj5FTkrYKC3MtZk6OeYXRPcnkSo-zjZo

Requested by

Host: ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com
URL: https://ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 11:00:42 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210812/r20110914/client/ Frame 2E4E 2 KB
1 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210812/r20110914/client/window_focus_fy2019.js

Requested by

Host: ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com
URL: https://ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 10:59:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 50
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 01 Sep 2021 10:59:52 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 2E4E 124 KB
37 KB 28ms
26ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com
URL: https://ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d7ea26b93c08451c3b36edf3aeed10447fcff13d7cd7fab7a8b9284d6af53185

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 11:00:42 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1629113426487594"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38194
x-xss-protection: 0
expires: Wed, 18 Aug 2021 11:00:42 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210812/r20110914/client/ Frame 2E4E 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210812/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com
URL: https://ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

03032b7414541a98aaa00a220920ce2980d55afcb45c4328c156737f9fb995e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 11:00:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 29
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6205
x-xss-protection: 0
server: cafe
etag: 3431872159862141604
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 01 Sep 2021 11:00:13 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 2E4E 0
0 15ms
15ms Image
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQZu1d8D5JprQqdLw3hNjjg0iC_Ggb16x2a8lYQzIrt-TJNgCrAepeSKB56BuMo2UgaRrzeM4phCIIsuCyjhjbXztNXmQ
Requested by: Host: ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com
URL: https://ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 789D 478 B
294 B 18ms
17ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CJ-3LhC3tXEY1M_4kwEwAQ&v=APEucNXkc4QYMZiXnLZCBQ_hbr4SwvGSRTYmPrxMNO6lBfnS0ERC5llxbCIh6nqaf_9TpLYyTbogVlclnGZPVMPm9oJxI_V0WQ

Requested by

Host: ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com
URL: https://ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0414d0221112224b4c926de91a6e316f9d9aba685aa8b05fd0654848d8fcdf55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CJ-3LhC3tXEY1M_4kwEwAQ&v=APEucNXkc4QYMZiXnLZCBQ_hbr4SwvGSRTYmPrxMNO6lBfnS0ERC5llxbCIh6nqaf_9TpLYyTbogVlclnGZPVMPm9oJxI_V0WQ
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUliKZt5BhiOqvFUbIxfUcmFBkHUsj58KmtCKS6-t5rH_y1NTgXy4HYjKZh3voI
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Wed, 18 Aug 2021 11:00:42 GMT
server: cafe
cache-control: private
content-length: 230
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 9BCB 74 KB
29 KB 57ms
57ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Cr9uZp8aJA7xfBO53PgnSmz8pR_YOLNDUoZdHIO3HwGHBOk833zjPeLo4B15EiJeU8_7Vzavu8ebOaEo3tqbg2nfBNQJ6RFvu-xK_HZwQNuHmLGmSiSH_rGDHbeMFMQQOQjfBvX8fRmS9yJOeRSB7dNzdkdw&dbm_d=AKAmf-C2yugo9qyq1QxKC40tRmRK3CfCsCH-CrPPa68pLLT0JSmE5uGJf7bElnwva5mMFdNKZjFjX2d0D4bbB32UP3aIU1tAwkOs5Mr9w0Y3wAIcfaOhlMZHkd7jw3Kzx1ueI2PrNTL2amjJAxySm1DlBhcfSS-hNZQK9rhvnEYWZUs9cjP4qhxUp1CO44e1wU6kjsKs5U8mhp5jTZEU11APVYWp_Cs4RtefFkAn4XeRlcISHmNN2XFA0bBK-e23xlnKltczQvh_BhqRYDoWGSa2yagz555-W9QM8vlhlxOEO6TFt1ojFh_XBQ2TRk1V41uOtrEh49P4JvxxkHz6mNS9stLTEn1i2qnRd32zkItWiaZ2L_ytmJ8VZL-QOMVj4stWPIQvr8GW7-mL6a0i0rjsHoAkadsEYj0WxlxhWHGBpi37DLLOz_SWrP1JqPsagKriYIgTO8DxAlsu1tcPpTXjrEnl39hyh-jE5cL5ZsVLUBk8jMKEd3R4MwNFJIT_jGbOxCWsVeL4MwaO9CIeDvUBoGqvH_NDqW0G-LUtOg1YLcKCBl4dGi8SfwdfqmYTry8Oy3YtuBaZFHfFIQhWuKqia2Jr37MvE2T1vgiv3m9w0jGJ9_atQUrpEq5Y4A8iC8XmXo8E-G5gSYzVpopVxRRRi0gL0uNZ6NDjmB0WREMahXmz5IkS52U1HWv-yltVQEywKmKEHvw6Rtzhpz7CQVcSPUN4AQ5Tfxcja5VHm_fzt1Ej-Yu6Kr_1gOZEQRISnz2b-4Oxw3DBzqCzaPM7HqIQ5bot2JIkJYziJNwAodPCtXKLenTS1hIHVbEEl0JBH-9Jgkn6Gl2yyHJR76rgILN5_uErRWqssVCHxjrmshdNkQ5IEEn045a202FpNSjsCR6FWmEVXakLRs7CmZ-8OxavqR7KKOlDQ4rOpw5801LMee8pstaownWubhlfnG86CbXGf1qyYAgd2V_5zv3_M3-o7c_IKzoJSqr9Tg8JYvUMfusavcdJF5VfAXAvT9YrcVuXsPRFh9xK4Iyu1tgeyT0f3Q3iYvYWPFtRhItvA_SL55Da3qfnFtm9Fosah8aMFtZ-VFzy5HC2j_67HFGC7gah_QTR1ApFtlXO9zuWxlLOo5oXdrDSSbjvLgV490wRuwQEuTtnWi2qE3vvsl_dyvvOuIqEuRxKn3_1zmp622mGAe_nR9uEs18xVn0CTqBwf3Fj3eVQZBjJyAZMKOjsWC2BtA6FCzJQImYmZVeCxunYqR7a2RsJa15SndyCYurK_SnWt5ZIlkNMfww1jTpRbxFLmDlXoN687_Tu1tYickONec9vxHTgxglUmxoLYt6upfwQbQ7uomBz6UFNnsIpoaoC_BWb6cWUAwnFzlSbg_gDgmY-5WnN4Ges1bYumJM-lQhJTuQOpLphm_l1FbzAT_7R_BWUwz4LeTnHn2keDiJ0qX0JaoCYxcJ4fie-4s2e1YUEG-U-hfEnWjv2F7H4gizgSS4Y-6kW8ppOoAIVg5kPoXOWVmSgl-rhC233AchXZJvFuHgGRe8k9gWC0TYQL2YEEin0cCAn9meSCrfAj8G6pR6Lhjs3gZYHjP5-7KX_hunpIiklSoCMI-bvA-zsgM3vS9nAHgTOYromYRMRcQSwyZrIMWNtWil7f1T0D2V-eieaGszoBYct0ZK4AJlFyLz2wyHZkdXjoCX_i6akxMI9Y-lksgQFDFOVdlFyqJ5UWF_Q3sBkN3miw0ykwCGZ7Tr3crkY77kQYqk7Zrl_9GprmQeGcjftWZ5lmS8YNvYfpheP_nXwNOGviYvTT7DhIqubZQdA8KbpE68QY8o8brct-KIbKhmhP4ket89jjN77girLjuSbizQy2-KFsjI5LrK_DZ-TDsS885xvFoXErpZbsswIo6DWEMwjkFpixsqGgnuOaGD50nC5JWHqFfLcv-ZyfDrNMbgEF8O_QDW3TnlMMMEFG1SzEjdu4KddbQwIdvywZ1aDIcK-_VrmrZmzA_kX3UMP2KpzqHMfPY4T8gjZfpY31ptZIOVpyi3bt-7QVA5cjDpEAEHjj41y8yd8Y_0WyYS8w1IxNQ3r1rL9CKD2YUy4I5XHi9804k9FRjZYakvJ2IKGMRlKNXoU72K6DtRNVRm9M6P4t4d7bLRgTaOiaeNz2MjIN-epSgGSvxIdDp37TcVjDLF3VuUDYomQZpCfxW6Dje2BT2jfGyGuCJtmLekUv4pBO9YfXFfPI7YY6KfQIdj_nYWHiEm0PSUkUcQCI0iaDlVCcOL6n9rFwhgnDNViFkjMT2cioA7ElCmKCJI-C5ALucHqewKC3k5uVHGggTvN8W8w-6F5wyfKRKrE9cRfnoKcBmenRas1ggQkoyIM3wGQgNoi-4mxAoe_dOb3mgBVjSxKk2lCN-KDaZv4jXMiPiq7otonlm7p7R-aI4-jJAoKfpmbJ1I1K8fHXfZeT057I17UdInUwmWD7loYGDdqky_jfQL48ALsLsagOCAHok_aPpIRsml_zJEgWAkKMPyXoi5VocoWFaKuv-1S_TNMsYkW2KaTBqwSYqCFXxs_5vVtpJmEiFS6NjPCjMc5LNjGA1NF3EFvXHyXD_8SPBhFOsHFbDqHieEnixjizoHw-YQ6zUtAG8VcS5QxKv_8jjZ6CI984-t3gJTcSUhfa8NtFjxfQ9iC95b_Bt7hX5BSh7ZDKFUpfx4b2kmf-rGIS9m-R3N3JnhefOCyEnyIwSkJzPqbcZd5M7gCNlaPvyqVhGeuvbZ4T-lgE3YgLa19F7qrO5SckY183S44_QNhq3vhRahrqhoejIXysTobYEupjWHbzZNM9-vRLmXf0pSb6wOSBNZn4cwpWhCPmUHOYHVUA4PChL_opnO6JTEMh7OfbHyxBF79dLtdD0jKhISomdIEzu0Q6jsd3Eya1QkAcF7a3tnS6FS4TQy-S9_IIrNWRW5CXJ3a&cid=CAASEuRoDM6t70vnV1N6Z9Y0rXzVUA&rfl=1%2Chttps%253A%252F%252Fwww.afr.com%252F%240

Requested by

Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

929b13196933ef33553ee5a6dd3012784e65c11b5b1efa70e7ec32145f3d2e45

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 11:00:42 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29248
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9BCB 42 B
107 B 28ms
26ms Image
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CoyfYbEGVVVlfgRnBDyp4xS4rxRrLh6LxbR7W1zYTcQ29Ne5HFrdrRP-rEK5yqm_3boMsVBUAvkEfHfP1ixVxBJEVKqIE7UwQotPl14dMyfcN_3XM

Requested by

Host: ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com
URL: https://ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 11:00:42 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210812/r20110914/client/ Frame 9BCB 2 KB
1 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210812/r20110914/client/window_focus_fy2019.js

Requested by

Host: ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com
URL: https://ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 10:59:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 50
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 01 Sep 2021 10:59:52 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9BCB 124 KB
37 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com
URL: https://ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d7ea26b93c08451c3b36edf3aeed10447fcff13d7cd7fab7a8b9284d6af53185

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 11:00:42 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1629113426487594"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38194
x-xss-protection: 0
expires: Wed, 18 Aug 2021 11:00:42 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210812/r20110914/client/ Frame 9BCB 14 KB
6 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210812/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com
URL: https://ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

03032b7414541a98aaa00a220920ce2980d55afcb45c4328c156737f9fb995e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 11:00:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 29
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6205
x-xss-protection: 0
server: cafe
etag: 3431872159862141604
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 01 Sep 2021 11:00:13 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 9BCB 0
0 14ms
13ms Image
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRC-fe2uYZxwP0b3GHB1cW8mAggT1g9-vu_yuYwdARzQnIkapKBUTRNdDeKl0KMk5F7kqZZrTIaUc1yh1QwBdQF6gdKnA
Requested by: Host: ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com
URL: https://ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 pixel
cm.g.doubleclick.net/ Frame 6312 170 B
188 B 42ms
40ms Image
image/png 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_dbm

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKaD7pMCEL724ZUCGOzF5awBMAE&v=APEucNUNBjV6FZNNtq0MIix9vC5ycR9PObpyLBBRTwdgCFS9w1xIGOMicj21MftxLuqhLzarMxpKolB7oIt9YWuJ40jvHiv5pQ

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 11:00:42 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 6312
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEhBlE1Hy7dYSladsNcqJlY&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEhBlE1Hy7dYSladsNcqJlY&google_cver=1&C=1

43 B
894 B

41ms
40ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEhBlE1Hy7dYSladsNcqJlY&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKaD7pMCEL724ZUCGOzF5awBMAE&v=APEucNUNBjV6FZNNtq0MIix9vC5ycR9PObpyLBBRTwdgCFS9w1xIGOMicj21MftxLuqhLzarMxpKolB7oIt9YWuJ40jvHiv5pQ
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 18 Aug 2021 11:00:42 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Wed, 18 Aug 2021 11:00:42 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 18 Aug 2021 11:00:42 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEhBlE1Hy7dYSladsNcqJlY&google_cver=1&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 308
Expires: Wed, 18 Aug 2021 11:00:42 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 6312
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YRzoWgWZUZz8TW09fyw2igAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEhBlE1Hy7dYSladsNcqJlY&google_cver=1

43 B
894 B

152ms
39ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEhBlE1Hy7dYSladsNcqJlY&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKaD7pMCEL724ZUCGOzF5awBMAE&v=APEucNUNBjV6FZNNtq0MIix9vC5ycR9PObpyLBBRTwdgCFS9w1xIGOMicj21MftxLuqhLzarMxpKolB7oIt9YWuJ40jvHiv5pQ
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 18 Aug 2021 11:00:42 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Wed, 18 Aug 2021 11:00:42 GMT

Redirect headers

pragma: no-cache
date: Wed, 18 Aug 2021 11:00:42 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEhBlE1Hy7dYSladsNcqJlY&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 pixel
cm.g.doubleclick.net/ Frame 789D 170 B
188 B 44ms
42ms Image
image/png 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_dbm

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJ-3LhC3tXEY1M_4kwEwAQ&v=APEucNXkc4QYMZiXnLZCBQ_hbr4SwvGSRTYmPrxMNO6lBfnS0ERC5llxbCIh6nqaf_9TpLYyTbogVlclnGZPVMPm9oJxI_V0WQ

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 11:00:42 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 789D
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEhBlE1Hy7dYSladsNcqJlY&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEhBlE1Hy7dYSladsNcqJlY&google_cver=1&C=1

43 B
894 B

43ms
39ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEhBlE1Hy7dYSladsNcqJlY&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJ-3LhC3tXEY1M_4kwEwAQ&v=APEucNXkc4QYMZiXnLZCBQ_hbr4SwvGSRTYmPrxMNO6lBfnS0ERC5llxbCIh6nqaf_9TpLYyTbogVlclnGZPVMPm9oJxI_V0WQ
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 18 Aug 2021 11:00:42 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Wed, 18 Aug 2021 11:00:42 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 18 Aug 2021 11:00:42 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEhBlE1Hy7dYSladsNcqJlY&google_cver=1&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 308
Expires: Wed, 18 Aug 2021 11:00:42 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 789D
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YRzoWgWZUZz8TW09fyw2igAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEhBlE1Hy7dYSladsNcqJlY&google_cver=1

43 B
894 B

206ms
45ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEhBlE1Hy7dYSladsNcqJlY&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJ-3LhC3tXEY1M_4kwEwAQ&v=APEucNXkc4QYMZiXnLZCBQ_hbr4SwvGSRTYmPrxMNO6lBfnS0ERC5llxbCIh6nqaf_9TpLYyTbogVlclnGZPVMPm9oJxI_V0WQ
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 18 Aug 2021 11:00:42 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Wed, 18 Aug 2021 11:00:42 GMT

Redirect headers

pragma: no-cache
date: Wed, 18 Aug 2021 11:00:42 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEhBlE1Hy7dYSladsNcqJlY&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 html_inpage_rendering_lib_200_273.js Show response
s0.2mdn.net/879366/ Frame 2E4E 169 KB
59 KB 30ms
8ms Script
text/javascript 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_273.js

Requested by

Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2cff7ab03cb4e476b49ea05511c6cfcc71af6d5ed20d40e9b40ee31062149e77

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com
Referer: https://ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Aug 2021 19:02:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 57491
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 59842
x-xss-protection: 0
last-modified: Wed, 30 Jun 2021 20:54:49 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 18 Aug 2021 19:02:31 GMT

GET
H3-29 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20210812/r20110914/elements/html/ Frame 2E4E 8 KB
3 KB 15ms
13ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210812/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-B0fE9e9uMvrYArokp_fa3YJuTUspvUobfxZVo3P2KrM3VbT_g8DpISud4BPMkljMJFqRpMwIz0qjjyL5RA3mwpU439eFZIYlivXC8vmgUtND5zsfMXIZ96gzlhGlrHq7LiNQIUYPkoMetjoJoxGF8a4u_3lA&dbm_d=AKAmf-BP-43DmIwhyyEv-mtbCSwBJQT97bbzjMwnn4Qa4Px6bcYin573nMaXCI9zSWM3m6w41H2sGsneHO-YlYpoIZLNw5O8nI1hevZhtQP--caiXZbQ_XC_4iPydqdwxEnwcAhBmH8YULduLzix71bzSJtEPd38sdUz-39oni01KRz2QrAFJPWvsaoNYiUunSYjfVBVjVGofXvKj3uPVw4w_kw55miL2lUoHtn1J7mVjxBw9p85cOaHwmhHftRco_27w-ZT-f7XlxiYCCHmxGPZMRkiQEoue4yh3sv848BZN5qTUwRRlNUudu2eeL-O-6QFF7FZYtPSjVfVgcmJ3vdG24FvNUKkDW5y7_YYYqD3Zi_7KebGvyXwwvOXH5tmVPtguh1uSV1XMGGpP_-0Mg52AeNigrSlB-x9Ho_6GYLNS2CoPmUqioJrhlJ_AhRGbJTYhMPfgwKK2oZa5V7cDLdb2gmrl660V5vNw40TfBfm50eXcI9pLLojxZZ6tZQdVKafNtgaTY1E-FN-3wljehu9Qd24MQiFCqtw3M5piQo8JH1quXQyuHykKV8awiQp3qc9SKPLbYo4t1WCpne89IZbD77ySlNg6fh18C9PSXpxduj2k2Nh8E4q8ca9vSN7imLDxG8qJYPEVI5nN1rc_YmhbCqDCwcanxrboe1SDCtkU86aIQH3XuNkIyvxpuM44zv9tTXaWJmXkaPx5eUjRADaei3EIJRuBnGE05k2zagQmxwQHefRH9M77AWwd7idLaST-ck2oyY48-wuCGxavH3x7dz3sKE8uP6geZfpwMHw4Zg7WrzMU8DqloRhGXNIJhJMEjMBnU-lnCm-IsCy8-_PMuCI6EuUa_5otrmX3rkaNWfISZ58j9mYPu0G7zSAtdmiTZQ4owDwcp_QQ_9h08HQNvq-LsrxBnSyDU5MQBTYgndq8OYk7ioGXMyjNSA9O2Vtg3je2vkRwZW9ZKOOUBdCbQ0gEWfELPiraSjTLTcRjKTCoJ3cI-54kMHWwoiKl74NmLHRP9ZD7YjA8e8WqV0GVJlXDZxBW_UjPXaX1GdXuLr1PkVPnoZusHv5BRVkWAKw6WuElRKpx0kW215m-7jz627hvpnUHl8oFOqg8eoX8uaBIDee_HiHSrLso-tS3BNuluCFN0SOHm0TOSxt29D-livEEvGlRxs26wgrPYKRxLXHk_K74Nh6s1690pBXyERNyu1UtCFGpGR1EwuxIDle1zS1AgMscdCzQsNyoyqlmvO3iDnhwCJwMlRu2Hy77DHpUDc4UUFfnOS6mAhSogYpMSKj4Zj8zJH9IiRCkadXXu3QjaKDS2szOKVO4eojqpAWkAGf7yVLO-4KxHYIX0w1RmiKo1vnP8o9LeI8b7Wk6ndkynvM71zBTlbYSUx3cl7jtIkvZ8nBwqKLhLx9aFkq-C9-8fJ7TZZMDuxcdbxbUwi57BLRSZxjFMoAE1nxxZqiw3g9KrVhSdUs-ysJrv-j8UhDv4AyJLFvtlCicGr3cQIBm3A9UQRL_IE38Z3JiTwWsUe2mcxx3DeG2kgX2ddhDidZebpv66L6sZbv6hsvVljDucAT4X_5BZrWOsIGPC8ENMO-jRhC1zrTmhpvbgoJd3SXJ4NThh1U9QkN5F_yNDN8A4xzF9Y85bGesL7RWJvlc7U665G_jWbTci336VCv-UG9cYK2537_1uo8Vlk9TrkRgXgbUGLc5SKoU9skMsc5PeRhU1GA2KSW_ubyhPRopTlYv_YhokSHHqLrGzDReYKRgr7VQq4tHDK-B0IL_zmKfnsAFLkgMVP3oYVlnpvmIrSKyTGamELGMfiAaEZ8Svxh25vJ_WgofkTNtqv-7OlEwvf9T7DCwvmUG1vhGyL1cN9QRtGMvX-jMxLftMfpTvqF9wARz0poUlK1eIF4GmGjDSo3B-COSBf7gRBoxbiKUofg_HfLmXhGgCJLhn0OxR6Z1wOD2sbjxfcQtqzls_AUmspb5oM_Nc3AHmCT3Kxqu7lCSE3QyLqgcrkfSsD6qhHQj04joDARuWIwf2T0H4YLGrN9ebOf1eW3OIQHaT9iPFiFbbK9tC91p5jD4OxTG5q8qsYCRRF0OSzeJraoKjLzBY5oB8jwxDgs2Wf3tBlfM_DEgwbZSt3_Q88T2QoIpHYpv96--0YjzEhVaaYo6fDTV9fG2FZoTmjmdYMdbpf9ah8vo9V7uiN9im3LbQGeF3AJi7xecoP7XW0EXdvk3Ak2RZb35trvCeB2DXKtVDCDiPnm_apBKt-p1Ppj0XQOb0uwlJ7JBQP7IyEz13Y2SZuvJ351rkUm7CLZh4g8j25erL7Tr3CPYQZMo-gwJReBMYNPnTHNBSwfy_p_1uSHARt6Qz7-M0GYXIwioG9iEZEN8ITDgbwUs7hILQ3u6dj7vS2HH7ND-hdoKuFXfeDEUtRHuL_dcgkiOWokVyhSwWUYG7rvzN45lpA_vunqUWrNXK7X5VlIuj1tLbqSctvvNHBOyrJP44ArOGwivv7yMb4NutDPTmfGagIBm4zyoE5sFAp1PB-_GB7h9jFUqk6GFuTqhZr1ytYLXKKVrGAW9PfkYSwCvuZBWXLqJd5fH5kEow4YjrGrwAD89EMJYb3dsu2JuoK5Mr0lRo8zp6dqJ9nDN0B-MKZ0xwXuwAJ69BCBd2PdSzZRXKyAw9LWy_jjutKeGppZS2tcItYOjaVPjfU7FupmDrtOREIQlkw4jT9VoZtLnnYz29ZaaaBEp2rwe6sXHI_GToRnke_Q3kYwf6ORwd4JfvadDR55c0kF2Mgga1QO6DSfSyi-kzHBqVE8SitXvDf5MTojZQV9xIfxBGLziHlp-DAwKqJjWBWG14wrBw7EMwv52e1rkoQ_tCkIT7tHS3bk4ErPqnb7CIlNtw9g-sS0u_R0wEr01kMfH9zxT0ywnqUeoCsVe4Z6WUFX5XVRq1VPbkmWxGfJuibWOMCL35HA5e0POotNT-k9Xvquzb4rMD33Ova79LsG0qXETOKg1vZOHzCZx7VEVA2XdlTGH17GeBHj19wZV64BgSFXPqsvWW9caSqLmz4M50DXWkATzHTZfEmcAzWmQfUSZYsGzowBOgRQKm2yEfN6c2xAfviIzLFK_gA&cid=CAASEuRovJUmn_hj798LHDU3ivX9jw&rfl=1%2Chttps%253A%252F%252Fwww.afr.com%252F%240

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 10:58:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 150
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3124
x-xss-protection: 0
server: cafe
etag: 4537136162986801320
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 01 Sep 2021 10:58:12 GMT

GET
H3-29 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210812/r20110914/ Frame 2E4E 24 KB
9 KB 11ms
10ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210812/r20110914/abg_lite.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

63ed4c66bf3ba06512f7028be62a4bd53295e1ba68a919a7591f5fd392e72b90

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 10:56:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 270
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9341
x-xss-protection: 0
server: cafe
etag: 177112232901409761
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 01 Sep 2021 10:56:12 GMT

GET
H3-29 200 html_inpage_rendering_lib_200_273.js Show response
s0.2mdn.net/879366/ Frame 9BCB 169 KB
58 KB 23ms
7ms Script
text/javascript 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_273.js

Requested by

Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2cff7ab03cb4e476b49ea05511c6cfcc71af6d5ed20d40e9b40ee31062149e77

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com
Referer: https://ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Aug 2021 19:02:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 57491
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 59842
x-xss-protection: 0
last-modified: Wed, 30 Jun 2021 20:54:49 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 18 Aug 2021 19:02:31 GMT

GET
H3-29 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20210812/r20110914/elements/html/ Frame 9BCB 8 KB
3 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210812/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Cr9uZp8aJA7xfBO53PgnSmz8pR_YOLNDUoZdHIO3HwGHBOk833zjPeLo4B15EiJeU8_7Vzavu8ebOaEo3tqbg2nfBNQJ6RFvu-xK_HZwQNuHmLGmSiSH_rGDHbeMFMQQOQjfBvX8fRmS9yJOeRSB7dNzdkdw&dbm_d=AKAmf-C2yugo9qyq1QxKC40tRmRK3CfCsCH-CrPPa68pLLT0JSmE5uGJf7bElnwva5mMFdNKZjFjX2d0D4bbB32UP3aIU1tAwkOs5Mr9w0Y3wAIcfaOhlMZHkd7jw3Kzx1ueI2PrNTL2amjJAxySm1DlBhcfSS-hNZQK9rhvnEYWZUs9cjP4qhxUp1CO44e1wU6kjsKs5U8mhp5jTZEU11APVYWp_Cs4RtefFkAn4XeRlcISHmNN2XFA0bBK-e23xlnKltczQvh_BhqRYDoWGSa2yagz555-W9QM8vlhlxOEO6TFt1ojFh_XBQ2TRk1V41uOtrEh49P4JvxxkHz6mNS9stLTEn1i2qnRd32zkItWiaZ2L_ytmJ8VZL-QOMVj4stWPIQvr8GW7-mL6a0i0rjsHoAkadsEYj0WxlxhWHGBpi37DLLOz_SWrP1JqPsagKriYIgTO8DxAlsu1tcPpTXjrEnl39hyh-jE5cL5ZsVLUBk8jMKEd3R4MwNFJIT_jGbOxCWsVeL4MwaO9CIeDvUBoGqvH_NDqW0G-LUtOg1YLcKCBl4dGi8SfwdfqmYTry8Oy3YtuBaZFHfFIQhWuKqia2Jr37MvE2T1vgiv3m9w0jGJ9_atQUrpEq5Y4A8iC8XmXo8E-G5gSYzVpopVxRRRi0gL0uNZ6NDjmB0WREMahXmz5IkS52U1HWv-yltVQEywKmKEHvw6Rtzhpz7CQVcSPUN4AQ5Tfxcja5VHm_fzt1Ej-Yu6Kr_1gOZEQRISnz2b-4Oxw3DBzqCzaPM7HqIQ5bot2JIkJYziJNwAodPCtXKLenTS1hIHVbEEl0JBH-9Jgkn6Gl2yyHJR76rgILN5_uErRWqssVCHxjrmshdNkQ5IEEn045a202FpNSjsCR6FWmEVXakLRs7CmZ-8OxavqR7KKOlDQ4rOpw5801LMee8pstaownWubhlfnG86CbXGf1qyYAgd2V_5zv3_M3-o7c_IKzoJSqr9Tg8JYvUMfusavcdJF5VfAXAvT9YrcVuXsPRFh9xK4Iyu1tgeyT0f3Q3iYvYWPFtRhItvA_SL55Da3qfnFtm9Fosah8aMFtZ-VFzy5HC2j_67HFGC7gah_QTR1ApFtlXO9zuWxlLOo5oXdrDSSbjvLgV490wRuwQEuTtnWi2qE3vvsl_dyvvOuIqEuRxKn3_1zmp622mGAe_nR9uEs18xVn0CTqBwf3Fj3eVQZBjJyAZMKOjsWC2BtA6FCzJQImYmZVeCxunYqR7a2RsJa15SndyCYurK_SnWt5ZIlkNMfww1jTpRbxFLmDlXoN687_Tu1tYickONec9vxHTgxglUmxoLYt6upfwQbQ7uomBz6UFNnsIpoaoC_BWb6cWUAwnFzlSbg_gDgmY-5WnN4Ges1bYumJM-lQhJTuQOpLphm_l1FbzAT_7R_BWUwz4LeTnHn2keDiJ0qX0JaoCYxcJ4fie-4s2e1YUEG-U-hfEnWjv2F7H4gizgSS4Y-6kW8ppOoAIVg5kPoXOWVmSgl-rhC233AchXZJvFuHgGRe8k9gWC0TYQL2YEEin0cCAn9meSCrfAj8G6pR6Lhjs3gZYHjP5-7KX_hunpIiklSoCMI-bvA-zsgM3vS9nAHgTOYromYRMRcQSwyZrIMWNtWil7f1T0D2V-eieaGszoBYct0ZK4AJlFyLz2wyHZkdXjoCX_i6akxMI9Y-lksgQFDFOVdlFyqJ5UWF_Q3sBkN3miw0ykwCGZ7Tr3crkY77kQYqk7Zrl_9GprmQeGcjftWZ5lmS8YNvYfpheP_nXwNOGviYvTT7DhIqubZQdA8KbpE68QY8o8brct-KIbKhmhP4ket89jjN77girLjuSbizQy2-KFsjI5LrK_DZ-TDsS885xvFoXErpZbsswIo6DWEMwjkFpixsqGgnuOaGD50nC5JWHqFfLcv-ZyfDrNMbgEF8O_QDW3TnlMMMEFG1SzEjdu4KddbQwIdvywZ1aDIcK-_VrmrZmzA_kX3UMP2KpzqHMfPY4T8gjZfpY31ptZIOVpyi3bt-7QVA5cjDpEAEHjj41y8yd8Y_0WyYS8w1IxNQ3r1rL9CKD2YUy4I5XHi9804k9FRjZYakvJ2IKGMRlKNXoU72K6DtRNVRm9M6P4t4d7bLRgTaOiaeNz2MjIN-epSgGSvxIdDp37TcVjDLF3VuUDYomQZpCfxW6Dje2BT2jfGyGuCJtmLekUv4pBO9YfXFfPI7YY6KfQIdj_nYWHiEm0PSUkUcQCI0iaDlVCcOL6n9rFwhgnDNViFkjMT2cioA7ElCmKCJI-C5ALucHqewKC3k5uVHGggTvN8W8w-6F5wyfKRKrE9cRfnoKcBmenRas1ggQkoyIM3wGQgNoi-4mxAoe_dOb3mgBVjSxKk2lCN-KDaZv4jXMiPiq7otonlm7p7R-aI4-jJAoKfpmbJ1I1K8fHXfZeT057I17UdInUwmWD7loYGDdqky_jfQL48ALsLsagOCAHok_aPpIRsml_zJEgWAkKMPyXoi5VocoWFaKuv-1S_TNMsYkW2KaTBqwSYqCFXxs_5vVtpJmEiFS6NjPCjMc5LNjGA1NF3EFvXHyXD_8SPBhFOsHFbDqHieEnixjizoHw-YQ6zUtAG8VcS5QxKv_8jjZ6CI984-t3gJTcSUhfa8NtFjxfQ9iC95b_Bt7hX5BSh7ZDKFUpfx4b2kmf-rGIS9m-R3N3JnhefOCyEnyIwSkJzPqbcZd5M7gCNlaPvyqVhGeuvbZ4T-lgE3YgLa19F7qrO5SckY183S44_QNhq3vhRahrqhoejIXysTobYEupjWHbzZNM9-vRLmXf0pSb6wOSBNZn4cwpWhCPmUHOYHVUA4PChL_opnO6JTEMh7OfbHyxBF79dLtdD0jKhISomdIEzu0Q6jsd3Eya1QkAcF7a3tnS6FS4TQy-S9_IIrNWRW5CXJ3a&cid=CAASEuRoDM6t70vnV1N6Z9Y0rXzVUA&rfl=1%2Chttps%253A%252F%252Fwww.afr.com%252F%240

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 10:58:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 150
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3124
x-xss-protection: 0
server: cafe
etag: 4537136162986801320
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 01 Sep 2021 10:58:12 GMT

GET
H3-29 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210812/r20110914/ Frame 9BCB 24 KB
9 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210812/r20110914/abg_lite.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

63ed4c66bf3ba06512f7028be62a4bd53295e1ba68a919a7591f5fd392e72b90

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 10:56:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 270
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9341
x-xss-protection: 0
server: cafe
etag: 177112232901409761
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 01 Sep 2021 10:56:12 GMT

GET
H3-29 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 2E4E 41 KB
15 KB 28ms
20ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com
URL: https://ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 13 Aug 2021 17:07:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 409971
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 13 Aug 2022 17:07:51 GMT

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame C87D 1 KB
749 B 8ms
5ms Document
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com
URL: https://ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Tue, 17 Aug 2021 11:56:19 GMT
expires: Wed, 18 Aug 2021 11:56:19 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 83063
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 2E4E 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 55e804412748e3effa6fbff8a75e9726447e6202eb42ccf9973f5da54536d80f

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 index.html Show response
s0.2mdn.net/ads/richmedia/studio/pv2/61742004/20210602050734216/ Frame 8782 149 KB
38 KB 104ms
89ms Document
text/html 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61742004/20210602050734216/index.html?e=69&leftOffset=0&topOffset=0&c=h0LqZsaPSA&t=1&renderingType=2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_273.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9be5340180dd0ebeb223b6dee20a7ed45f94fbddbf55e7603f10565bbd8985de

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: s0.2mdn.net
:scheme: https
:path: /ads/richmedia/studio/pv2/61742004/20210602050734216/index.html?e=69&leftOffset=0&topOffset=0&c=h0LqZsaPSA&t=1&renderingType=2
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 39011
date: Wed, 18 Aug 2021 11:00:42 GMT
expires: Thu, 19 Aug 2021 11:00:42 GMT
cache-control: public, max-age=86400
last-modified: Wed, 02 Jun 2021 12:07:34 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 2E4E 0
107 B 396ms
51ms Ping
image/gif 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstCS4i-rcyUHr9YMK0cxhGGPh95agvmZFXoFgO5qJnda7Jl0_WyS2oatmyp4m9wYjjdQ0p3CoVEKo0DSTAa--mHmG6jRXbBW7ntJd7rcmppBD-7p-vkA6LIln2qXaHJ13jBHC4tlwYwtPeP3Tct7SwhvtgqbPRT_8tsvW4y8WGhdFPqb-yicjB4tihf3-kGUnlpi5L5dwlPzVLfOkw05HAD7EPmPzhjharE5h6X-hlTVnxmWUncDBS7KMq4PMaFwE21_wFLk87I5WpRdHej37g72uePpAQp5xP6xeXAiPg4VWSMosuxx0Q26HhqWUzH3qeLbk5DkpB9AslXvR5hVInSmm-MnvxVExMejYlm8c99MRJmSEzfsv_5ZKNIDNQrhGsy-Dril5H_wkDYWVeUuUY5TgrDwjAFS_0e8EYNk4nRbFVe__QFUxCfNAKFcv_OrulUo5lLiMXBs0Z9SXLS1H6FLPZriV8lBA-ZQgoT8xuhFyfUJMoUp4eHaeMHAMkuyJi7Usf98ABZ67Pzfh4nBTnAny3kP-g_N09UZi0PjL-Vf74C-WauEQcNsJndnb6s2hxUtE66VZwi425N2YTVpAW8Ubd6yQtlilVZyOMF0eU7nXe21lCzeHe-7jV2djtWXhEXB5AYZm3Iu8sPzFBde2Cc2Mqq2c_eXZ8FC2nVPzcNoueGegHyOSDMO3sNGK1AP5DVDTndAavvAA61-mG0hnKxSr6hhxzS18BkHzBNzBhSOCUUd3itGfwAT_VbryZ0n0npyWWo-GuWrqrXu5cbqH33jKKofM-n9M2ZOD-WqgPbw1hsrC02eK9LJwj9d2a7uDK_QzD61vJ8UeqFR8YGSlrQ7iR6rqUxKVduICJ4PQlQzFfmO5BnEEG7E9CpH-dqbaMCPpXuXQXndcmPpoGy4AmLlxhzTOESmmtlg9JSUqapICifNTfRahx6kdDzjgCXrZDSOadHila4Mr_Xvwd0m7VSfce0dAjqiwU9qaowQM-TYQnS3OFF874PI3jp1e6pc8MzRCOMj6OftKmDRs37DoPDjNvlftr6bUablyLhNxSu2JSOI3bEod-jUi3iCL2B0afsLovV2oJnjpjoAj7fOK9mlIG46ydcaZcIGDs&sai=AMfl-YTwdmLauM7PAy4AbuIkIb7kI9eopREvmNzdWbC0eP5xP2pb9z3VGD3jIoENFQzSkWqYLS7PQfkon3qLKi7Ghc-MqQFqkIsFfiozi9IoJYHB-NDwHE2mSB46aJLIDSQQWttBNFWm7tcijjQ2IhfCFZLvuR3xSg&sig=Cg0ArKJSzMPoEBYoQ1aJEAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=151&cbvp=1&cstd=142&cisv=r20210812.80282&adurl=

Requested by

Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Wed, 18 Aug 2021 11:00:42 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 21A5 22 KB
8 KB 8ms
7ms Document
text/html 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Mon, 16 Aug 2021 00:46:47 GMT
expires: Tue, 16 Aug 2022 00:46:47 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 209635
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 t.js;adv=11197244306530;ec=11197244306735;adv.a=8057622;c.a=24777550;s.a=4151399;p.a=285483482;a.a=479329333;cache=475035333; Show response
ad.atdmt.com/i/ Frame 9BCB 43 B
1 KB 71ms
49ms Script
image/gif 2a03:2880:f01c:8004:face:b00c:0:8c
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.atdmt.com/i/t.js;adv=11197244306530;ec=11197244306735;adv.a=8057622;c.a=24777550;s.a=4151399;p.a=285483482;a.a=479329333;cache=475035333;

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_273.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8004:face:b00c:0:8c Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

d346801abbf9bb4e9e9a055239053d4ab5596514304f601a6c70604187acb744

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: br
x-content-type-options: nosniff
x-xss-protection: 0
pragma: no-cache
x-fb-debug: hO/DjcuA28IThn8a7BVbMS63mZw7sfphE/hxUvqqz0Tp5IisvH+ATffaB57a42XRhqSPXxEY4S9N4eQWoTz9Xg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coop_report"
x-frame-options: DENY
date: Wed, 18 Aug 2021 11:00:42 GMT
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}],"group":"coep_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}],"group":"coop_report"}
content-type: image/gif
cache-control: private, no-cache, no-store, must-revalidate
x-fb-rlafr: 0
cross-origin-opener-policy-report-only: same-origin-allow-popups;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3-29 200 index.html Show response
s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/ Frame B723 26 KB
7 KB 16ms
15ms Document
text/html 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/index.html?e=69&leftOffset=0&topOffset=0&c=5EDe0OVuak&t=1&renderingType=2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_273.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9ced619cc2d366a6457574c1e9f3acdc51dc85dcfe10545030a6b9110df004c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: s0.2mdn.net
:scheme: https
:path: /ads/richmedia/studio/pv2/61604391/20201118075456358/index.html?e=69&leftOffset=0&topOffset=0&c=5EDe0OVuak&t=1&renderingType=2
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 6892
date: Wed, 18 Aug 2021 11:00:42 GMT
expires: Thu, 19 Aug 2021 11:00:42 GMT
cache-control: public, max-age=86400
last-modified: Wed, 18 Nov 2020 15:54:56 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 9BCB 0
61 B 370ms
51ms Ping
image/gif 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssqG2FBO6QrX-Yx6iG9sKKRA_w3grhOlLRA8jkjmbgb2sDORGkRPN24lsY3oLSjVM-9bOuRUlcSPEyIW0qoiJG13WffJnTcyOk4g-Efu1r-Cbn5WrS9td_mNLsZG_yyy6nkFCo90rcTMtS0BJn1qfjIMVMGLyygdn84p5HhEH37vt4qB2Eb9QKzN7141ma0Fw8HHfqTnwJ5MtzGxhuCdKSo6nqpruNBVZoHrudK4b3nQCG08Or-QtHxPP04dzAsZY_EbPi91uW069OQfgbByTQ8HAn2LMbI9xsGFlNojMiDfPwWL-z7BG1n4PEPbQgXdaYvjX9s1dopk8fCW6cE4r4UIWGE1XpsvoCIJw_TfphWk7UxZOywsuJtjesF36QMYcABV9aKObfCYgpvwdtCygtSSGMAlonjNf9cSIynLQVisA33eQ1FW36Q3HBMuMY1JM6YWps6Y76HVMXZLUlgGhhvpWhOEe-JdfDyNGbWWc8bZqE66Y5GN4g4pgzcA9FMJ9BUfgzduxUbZHS1yTakwY3XxLRVt3vTLugw4udJ2REAypKd-OeyMCGCE0ghT_6Jj3vXaDfKwKBbIkso-bAY5MUAgox9OLwQlTBQss7oRj9bmilO6bQKV0SCwYYJpuq7tQCca19dLkczmC0R1OZmbNZnWj4D38iMN3qot8reTPYyiTl92rPDtVYIic-CE5TkgFjfjXr-yH-r6fWLvGwHdyaJ06W9GG-pOFQHQ3Yh3Rl0SCJU8B9Fooq__Xbe0Po4JFVekLOqn9d2IKke2NQfaGti0BTB7GVJGiX5ab9ggq1pCdP3pdZTmvO7eBwWp0wPdJc7O8zCeYSM4yIDODVMle6TSdW7P3cEgcKHS_JW7EOIjlZOWuoitLgKXUwrB5MmrMI_mD7MzZdaGbcQWJvax5zsjjmzxa2--hlRrJh3q0Z_1sMQsaw0eFG3H8gCluQaI2b1g2kD4B1VgJinKRkBnkmQdz1M_ceZPVFoCmWim60Vtp83x75IrabDvfP_rXSRVCVm-S9rnHKFslYuUnxwFspVAlS0-EZJ-C6oTYS9xlS9jfT-tH_cPnPG6OsDhQjlmhL3JoZVh_9HnWTUlSeOVda4FTyi7qyn3VEplqg8EdmhPw60czgSf5Lxo_NOtvabg1yJ59RzXUH9aIc&sai=AMfl-YTSqL_-8e2UBwddxA1zT1NJTAvGWlJJYB1JlnxHYEQZz_DzA3A0o60Y18IFhuJlXPLKDeoT4zLmIt4RaP41FEY53lP3viXPcRJOQRvtbuUFkz5sV-96Rs1p7Rk-ypcbx2evzkOStTahW0KPpS-2GHe7cp4-2A&sig=Cg0ArKJSzLivgPbtmFXrEAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=155&cbvp=1&cstd=150&cisv=r20210812.51485&adurl=

Requested by

Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Wed, 18 Aug 2021 11:00:42 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 9BCB 41 KB
15 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com
URL: https://ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 13 Aug 2021 17:07:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 409971
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 13 Aug 2022 17:07:51 GMT

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 74DC 1 KB
749 B 6ms
5ms Document
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com
URL: https://ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Tue, 17 Aug 2021 11:56:19 GMT
expires: Wed, 18 Aug 2021 11:56:19 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 83063
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 9BCB 209 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f1edb9d3125eb757615b0a6cac8144f77beba41666bdc2b6106da661b0a2e36a

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

POST
H/1.1 200
OK tp2 Show response
i.ffx.io/com.snowplowanalytics.snowplow/ 2 B
435 B 1896ms
293ms XHR
text/plain 3.24.38.18
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://i.ffx.io/com.snowplowanalytics.snowplow/tp2
Requested by: Host: d2uhnetoehh304.cloudfront.net
URL: https://d2uhnetoehh304.cloudfront.net/2.11.0-patched/sp.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.24.38.18 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-24-38-18.ap-southeast-2.compute.amazonaws.com
Software: akka-http/10.0.9 /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json; charset=UTF-8

Response headers

Date: Wed, 18 Aug 2021 11:00:44 GMT
Server: akka-http/10.0.9
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
Access-Control-Allow-Origin: https://www.afr.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/plain; charset=UTF-8
Content-Length: 2

OPTIONS
H/1.1 200
OK tp2
i.ffx.io/com.snowplowanalytics.snowplow/ Frame 0
0 283ms
283ms Preflight 3.24.38.18
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://i.ffx.io/com.snowplowanalytics.snowplow/tp2
Protocol: HTTP/1.1
Server: 3.24.38.18 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-24-38-18.ap-southeast-2.compute.amazonaws.com
Software: akka-http/10.0.9 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.afr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Origin: https://www.afr.com
Date: Wed, 18 Aug 2021 11:00:42 GMT
Server: akka-http/10.0.9
Content-Length: 0
Connection: keep-alive

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame C87D
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESECFG5JZoTQJpnkAi9PrWQQc&google_cve...
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESECFG5JZoTQJpnkAi9PrWQQc&goog...
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=VHJvMExKWXExTWdqams1&google_gid=CAESECFG5JZoTQJpnkAi9PrWQQc&google_cver=1&google_push=AYg5qPLhjA1iJKdokxJQCZklYFe_Kn9dDaBlfRrPBPjteCS...

170 B
188 B

40ms
40ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=VHJvMExKWXExTWdqams1&google_gid=CAESECFG5JZoTQJpnkAi9PrWQQc&google_cver=1&google_push=AYg5qPLhjA1iJKdokxJQCZklYFe_Kn9dDaBlfRrPBPjteCS-pSRw7besR-fzhUfjt9EstjzsuIF4eFDFHoKsgT-WML17Xq3aaM-W

Requested by

Host: ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com
URL: https://ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 11:00:42 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 18 Aug 2021 11:00:42 GMT
Server: PingMatch/v2.0.30-661-ga8ef792#rel-ec2-master i-08f8fc1eb6758b8c0@eu-central-1a@dxedge-app-eu-central-1-prod-asg
Strict-Transport-Security: max-age=604800; includeSubDomains
P3P: policyref="https://cts.w55c.net/ct/p3p_policy_ref.xml", CP="UNI PUR COM INT STA OTC STP OUR CUR TAIo COR DSP NOI"
Location: https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=VHJvMExKWXExTWdqams1&google_gid=CAESECFG5JZoTQJpnkAi9PrWQQc&google_cver=1&google_push=AYg5qPLhjA1iJKdokxJQCZklYFe_Kn9dDaBlfRrPBPjteCS-pSRw7besR-fzhUfjt9EstjzsuIF4eFDFHoKsgT-WML17Xq3aaM-W
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame C87D
Redirect Chain

https://a.c.appier.net/gcm?google_gid=CAESEIpt2oU5xJ_9YVGxBBIF7W4&google_cver=1&google_push=AYg5qPJJtw48mcFj_oBSyNHJ4W1XRs7tEZH9QX-VQ6RPWvOSLRDe24wFjCvrSGLL2kkbQuXXeEbyq8v_HPLZnYK2ofpWQNVTliNk
https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=c2Y3WTRDUHNDQU9SZloxMVhPZ2NZUQ%3D%3D&google_push=AYg5qPJJtw48mcFj_oBSyNHJ4W1XRs7tEZH9QX-VQ6RPWvOSLRDe24wFjCvrSGLL2kkbQuXXeEbyq8v_HPLZn...

170 B
188 B

48ms
47ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=c2Y3WTRDUHNDQU9SZloxMVhPZ2NZUQ%3D%3D&google_push=AYg5qPJJtw48mcFj_oBSyNHJ4W1XRs7tEZH9QX-VQ6RPWvOSLRDe24wFjCvrSGLL2kkbQuXXeEbyq8v_HPLZnYK2ofpWQNVTliNk

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 11:00:44 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=c2Y3WTRDUHNDQU9SZloxMVhPZ2NZUQ%3D%3D&google_push=AYg5qPJJtw48mcFj_oBSyNHJ4W1XRs7tEZH9QX-VQ6RPWvOSLRDe24wFjCvrSGLL2kkbQuXXeEbyq8v_HPLZnYK2ofpWQNVTliNk
date: Wed, 18 Aug 2021 11:00:44 GMT
cache-control: no-store
server: nginx
content-type: text/html; charset=utf-8
content-length: 243
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame C87D
Redirect Chain

https://px.adhigh.net/p/gm/rub?google_gid=CAESEF5sBCU8WbTcBhJO2SVMdzw&google_cver=1&google_push=AYg5qPK-0Vjk4hkByVFiBp_XloOZ2Y1YWnk7Y2rReh4MnUpZOwueBJ-FOf9Kz8RquVeuFVtAPNeVtP66rzKX4FR2JJPjPnGghdwY
https://px.adhigh.net/p/gm/rub?google_gid=CAESEF5sBCU8WbTcBhJO2SVMdzw&google_cver=1&google_push=AYg5qPK-0Vjk4hkByVFiBp_XloOZ2Y1YWnk7Y2rReh4MnUpZOwueBJ-FOf9Kz8RquVeuFVtAPNeVtP66rzKX4FR2JJPjPnGghdwY&...
https://cm.g.doubleclick.net/pixel?google_nid=gint&google_push=AYg5qPK-0Vjk4hkByVFiBp_XloOZ2Y1YWnk7Y2rReh4MnUpZOwueBJ-FOf9Kz8RquVeuFVtAPNeVtP66rzKX4FR2JJPjPnGghdwY&google_hm=yhSNrGYJzQ8AAikABlF7WOu...

170 B
188 B

39ms
39ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=gint&google_push=AYg5qPK-0Vjk4hkByVFiBp_XloOZ2Y1YWnk7Y2rReh4MnUpZOwueBJ-FOf9Kz8RquVeuFVtAPNeVtP66rzKX4FR2JJPjPnGghdwY&google_hm=yhSNrGYJzQ8AAikABlF7WOuiKA%3D%3D

Requested by

Host: ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com
URL: https://ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 11:00:42 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 18 Aug 2021 11:00:42 GMT
server: nginx
access-control-allow-origin: *
x-backend-id: f9-ru
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://cm.g.doubleclick.net/pixel?google_nid=gint&google_push=AYg5qPK-0Vjk4hkByVFiBp_XloOZ2Y1YWnk7Y2rReh4MnUpZOwueBJ-FOf9Kz8RquVeuFVtAPNeVtP66rzKX4FR2JJPjPnGghdwY&google_hm=yhSNrGYJzQ8AAikABlF7WOuiKA%3D%3D
cache-control: no-cache, no-store
access-control-allow-credentials: true
content-length: 0
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame C87D
Redirect Chain

https://sync.srv.stackadapt.com/sync?nid=154&google_gid=CAESELbylrDJsBihtrVH-dCazcM&google_cver=1&google_push=AYg5qPL5SnbI8jFecl0gORWH8TDzR43QSBiZOhh1EOTnpE8spE0uMlJhlYsd0eyOlgVSOQzyNkx8_6lwcA8rLut...
https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=CoTP3vlSSQxmZgKhk87u7bmcr20&google_push=AYg5qPL5SnbI8jFecl0gORWH8TDzR43QSBiZOhh1EOTnpE8spE0uMlJhlYsd0eyOlgVSOQzyNkx8_6lwcA8rLu...

170 B
188 B

40ms
40ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=CoTP3vlSSQxmZgKhk87u7bmcr20&google_push=AYg5qPL5SnbI8jFecl0gORWH8TDzR43QSBiZOhh1EOTnpE8spE0uMlJhlYsd0eyOlgVSOQzyNkx8_6lwcA8rLutdvH5jNbYSxGC9

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 11:00:44 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=CoTP3vlSSQxmZgKhk87u7bmcr20&google_push=AYg5qPL5SnbI8jFecl0gORWH8TDzR43QSBiZOhh1EOTnpE8spE0uMlJhlYsd0eyOlgVSOQzyNkx8_6lwcA8rLutdvH5jNbYSxGC9
Date: Wed, 18 Aug 2021 11:00:44 GMT
Connection: keep-alive
Content-Length: 242
Content-Type: text/html; charset=utf-8

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame C87D
Redirect Chain

https://ads.yieldmo.com/exptsync?google_gid=CAESECwSziFdmk9yAb--m5aiF2A&google_cver=1&google_push=AYg5qPIaCBIdIUBAgVwIDeJBXEhpU1DMhpvMF18l8fvNISCZ5DaoiJkIJYYpsNT7-xGGXDobqQlobKPPbESZoD-igWMIEeFqFeS3
https://cm.g.doubleclick.net/pixel?google_nid=yieldmo&google_push=AYg5qPIaCBIdIUBAgVwIDeJBXEhpU1DMhpvMF18l8fvNISCZ5DaoiJkIJYYpsNT7-xGGXDobqQlobKPPbESZoD-igWMIEeFqFeS3&google_hm=ZzM5NGVkMDE3OTJiOWY2...

170 B
188 B

39ms
39ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yieldmo&google_push=AYg5qPIaCBIdIUBAgVwIDeJBXEhpU1DMhpvMF18l8fvNISCZ5DaoiJkIJYYpsNT7-xGGXDobqQlobKPPbESZoD-igWMIEeFqFeS3&google_hm=ZzM5NGVkMDE3OTJiOWY2M2VjYmI=

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 11:00:43 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 18 Aug 2021 11:00:43 GMT
location: https://cm.g.doubleclick.net/pixel?google_nid=yieldmo&google_push=AYg5qPIaCBIdIUBAgVwIDeJBXEhpU1DMhpvMF18l8fvNISCZ5DaoiJkIJYYpsNT7-xGGXDobqQlobKPPbESZoD-igWMIEeFqFeS3&google_hm=ZzM5NGVkMDE3OTJiOWY2M2VjYmI=
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-allow-headers: Cache-Control, Pragma, *
content-length: 0

GET

pixel
cm.g.doubleclick.net/ Frame C87D
Redirect Chain

https://cs.chocolateplatform.com/pub?pid=ebda&google_gid=CAESEKFqvriYN9jUkYH8GrxrRJU&google_cver=1&google_push=AYg5qPIuGJajLOhSC0v8Xu28J6_uGtuQdPHx5uIOuzSvMY8EyXMIkeH85O-kpf7NqJyswZst1wUyvjcgdG4WQt...
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZDNhNzY1NTRjM2M2NDkwMTRhZTQwMzlmYTZjYTA4ZTU=&google_push=AYg5qPIuGJajLOhSC0v8Xu28J6_uGtuQdPHx5uIOuzSvMY8EyXMIkeH85O-kpf...
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZDNhNzY1NTRjM2M2NDkwMTRhZTQwMzlmYTZjYTA4ZTU=&google_push=AYg5qPIuGJajLOhSC0v8Xu28J6_uGtuQdPHx5uIOuzSvMY8EyXMIkeH85O-kpf...
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZDNhNzY1NTRjM2M2NDkwMTRhZTQwMzlmYTZjYTA4ZTU=&google_push=AYg5qPIuGJajLOhSC0v8Xu28J6_uGtuQdPHx5uIOuzSvMY8EyXMIkeH85O-kpf...
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZDNhNzY1NTRjM2M2NDkwMTRhZTQwMzlmYTZjYTA4ZTU=&google_push=AYg5qPIuGJajLOhSC0v8Xu28J6_uGtuQdPHx5uIOuzSvMY8EyXMIkeH85O-kpf...
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZDNhNzY1NTRjM2M2NDkwMTRhZTQwMzlmYTZjYTA4ZTU=&google_push=AYg5qPIuGJajLOhSC0v8Xu28J6_uGtuQdPHx5uIOuzSvMY8EyXMIkeH85O-kpf...
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZDNhNzY1NTRjM2M2NDkwMTRhZTQwMzlmYTZjYTA4ZTU=&google_push=AYg5qPIuGJajLOhSC0v8Xu28J6_uGtuQdPHx5uIOuzSvMY8EyXMIkeH85O-kpf...
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZDNhNzY1NTRjM2M2NDkwMTRhZTQwMzlmYTZjYTA4ZTU=&google_push=AYg5qPIuGJajLOhSC0v8Xu28J6_uGtuQdPHx5uIOuzSvMY8EyXMIkeH85O-kpf...
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZDNhNzY1NTRjM2M2NDkwMTRhZTQwMzlmYTZjYTA4ZTU=&google_push=AYg5qPIuGJajLOhSC0v8Xu28J6_uGtuQdPHx5uIOuzSvMY8EyXMIkeH85O-kpf...
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZDNhNzY1NTRjM2M2NDkwMTRhZTQwMzlmYTZjYTA4ZTU=&google_push=AYg5qPIuGJajLOhSC0v8Xu28J6_uGtuQdPHx5uIOuzSvMY8EyXMIkeH85O-kpf...
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZDNhNzY1NTRjM2M2NDkwMTRhZTQwMzlmYTZjYTA4ZTU=&google_push=AYg5qPIuGJajLOhSC0v8Xu28J6_uGtuQdPHx5uIOuzSvMY8EyXMIkeH85O-kpf...
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZDNhNzY1NTRjM2M2NDkwMTRhZTQwMzlmYTZjYTA4ZTU=&google_push=AYg5qPIuGJajLOhSC0v8Xu28J6_uGtuQdPHx5uIOuzSvMY8EyXMIkeH85O-kpf...
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZDNhNzY1NTRjM2M2NDkwMTRhZTQwMzlmYTZjYTA4ZTU=&google_push=AYg5qPIuGJajLOhSC0v8Xu28J6_uGtuQdPHx5uIOuzSvMY8EyXMIkeH85O-kpf...
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZDNhNzY1NTRjM2M2NDkwMTRhZTQwMzlmYTZjYTA4ZTU=&google_push=AYg5qPIuGJajLOhSC0v8Xu28J6_uGtuQdPHx5uIOuzSvMY8EyXMIkeH85O-kpf...
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZDNhNzY1NTRjM2M2NDkwMTRhZTQwMzlmYTZjYTA4ZTU=&google_push=AYg5qPIuGJajLOhSC0v8Xu28J6_uGtuQdPHx5uIOuzSvMY8EyXMIkeH85O-kpf...
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZDNhNzY1NTRjM2M2NDkwMTRhZTQwMzlmYTZjYTA4ZTU=&google_push=AYg5qPIuGJajLOhSC0v8Xu28J6_uGtuQdPHx5uIOuzSvMY8EyXMIkeH85O-kpf...
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZDNhNzY1NTRjM2M2NDkwMTRhZTQwMzlmYTZjYTA4ZTU=&google_push=AYg5qPIuGJajLOhSC0v8Xu28J6_uGtuQdPHx5uIOuzSvMY8EyXMIkeH85O-kpf...
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZDNhNzY1NTRjM2M2NDkwMTRhZTQwMzlmYTZjYTA4ZTU=&google_push=AYg5qPIuGJajLOhSC0v8Xu28J6_uGtuQdPHx5uIOuzSvMY8EyXMIkeH85O-kpf...
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZDNhNzY1NTRjM2M2NDkwMTRhZTQwMzlmYTZjYTA4ZTU=&google_push=AYg5qPIuGJajLOhSC0v8Xu28J6_uGtuQdPHx5uIOuzSvMY8EyXMIkeH85O-kpf...
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZDNhNzY1NTRjM2M2NDkwMTRhZTQwMzlmYTZjYTA4ZTU=&google_push=AYg5qPIuGJajLOhSC0v8Xu28J6_uGtuQdPHx5uIOuzSvMY8EyXMIkeH85O-kpf...
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZDNhNzY1NTRjM2M2NDkwMTRhZTQwMzlmYTZjYTA4ZTU=&google_push=AYg5qPIuGJajLOhSC0v8Xu28J6_uGtuQdPHx5uIOuzSvMY8EyXMIkeH85O-kpf...

0
0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame C87D
Redirect Chain

https://sm.rtb.mts.ru/p?ssp=googlevid&pm=1&google_gid=CAESEL53Ct5Q9SrcJ6X-RBbJOXw&google_cver=1&google_push=AYg5qPIC_8wqIPWdE5ye7wvVblJ3A2lLFxaEzZ02wAwuPnbcnAVPmKDVXc3d3r3V2XSHIYN3whVumAIhw5PyLzrWN...
https://sm.rtb.mts.ru/match/second?r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dstream_llc_2%26id%3D3ace7719-662f-4e3f-89bd-5c950a0534d4%26google_push%3DAYg5qPIC_8wqIPWdE5ye7wvVblJ3A...
https://tech.rtb.mts.ru/?dsp_uid=3ace7719-662f-4e3f-89bd-5c950a0534d4&return_url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dstream_llc_2%26id%3D3ace7719-662f-4e3f-89bd-5c950a0534d4%2...
https://cm.g.doubleclick.net/pixel?google_nid=stream_llc_2&id=3ace7719-662f-4e3f-89bd-5c950a0534d4&google_push=AYg5qPIC_8wqIPWdE5ye7wvVblJ3A2lLFxaEzZ02wAwuPnbcnAVPmKDVXc3d3r3V2XSHIYN3whVumAIhw5PyLz...

170 B
188 B

44ms
44ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=stream_llc_2&id=3ace7719-662f-4e3f-89bd-5c950a0534d4&google_push=AYg5qPIC_8wqIPWdE5ye7wvVblJ3A2lLFxaEzZ02wAwuPnbcnAVPmKDVXc3d3r3V2XSHIYN3whVumAIhw5PyLzrWNAOa8Dd5Ioq0Sw

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 11:00:44 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Wed, 18 Aug 2021 11:00:44 GMT
Server: nginx/1.13.12
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Content-Type: text/html; charset=utf-8
Location: https://cm.g.doubleclick.net/pixel?google_nid=stream_llc_2&id=3ace7719-662f-4e3f-89bd-5c950a0534d4&google_push=AYg5qPIC_8wqIPWdE5ye7wvVblJ3A2lLFxaEzZ02wAwuPnbcnAVPmKDVXc3d3r3V2XSHIYN3whVumAIhw5PyLzrWNAOa8Dd5Ioq0Sw
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With

GET
H3-29 204 attr
cm.g.doubleclick.net/pixel/ Frame C87D 0
12 B 44ms
37ms Image
text/html 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13K1Y5YiNfg7engYLzFNsng79v7T41Kk6qP6tXxFIblenxEl00mfPt42uWkNfDrGmU5SfY5PDw

Requested by

Host: ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com
URL: https://ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 11:00:42 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3-29 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 101C 22 KB
8 KB 9ms
6ms Document
text/html 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Mon, 16 Aug 2021 00:46:47 GMT
expires: Tue, 16 Aug 2022 00:46:47 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 209635
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 Enabler_01_245.js Show response
s0.2mdn.net/879366/ Frame B723 110 KB
38 KB 10ms
10ms Script
text/javascript 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_245.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/index.html?e=69&leftOffset=0&topOffset=0&c=5EDe0OVuak&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4642568b405b3750fb18df621889e27def95e8162c1cdd256a21b319c9a4e24b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/index.html?e=69&leftOffset=0&topOffset=0&c=5EDe0OVuak&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Aug 2021 19:02:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 57490
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38568
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 19:32:54 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 18 Aug 2021 19:02:32 GMT

GET
H3-29 200 HYPE-674.thin.min.js Show response
s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/ Frame B723 55 KB
24 KB 15ms
8ms Script
text/javascript 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/HYPE-674.thin.min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/index.html?e=69&leftOffset=0&topOffset=0&c=5EDe0OVuak&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

31f480386d809e2ad66cedf791def1da9aaa98f014fe1ab4307c71dc2fd3803c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/index.html?e=69&leftOffset=0&topOffset=0&c=5EDe0OVuak&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Aug 2021 11:43:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 83849
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24495
x-xss-protection: 0
last-modified: Wed, 18 Nov 2020 15:54:56 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 18 Aug 2021 11:43:13 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 74DC
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=WVJ6b1dnQUFTQ01ydUFCRA==&google_gid=CAESEFchlr13iZp_INu8IxSIN7Y&google_cver=1&google_push=AYg5qPJK7P4JuMcGjxY7OxziqjVUlKq6Y3...

170 B
188 B

44ms
40ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=WVJ6b1dnQUFTQ01ydUFCRA==&google_gid=CAESEFchlr13iZp_INu8IxSIN7Y&google_cver=1&google_push=AYg5qPJK7P4JuMcGjxY7OxziqjVUlKq6Y3MRJAsLSAq3Kp4qKuHWt1NerWaQR_hSfUzmHJp7iDzi29y4q5LVw4rVpgUeMfV8_17DTQ

Requested by

Host: ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com
URL: https://ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 11:00:42 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 18 Aug 2021 11:00:42 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1629284443.533464,VS0,VE0
x-served-by: cache-fra19125-FRA
x-cache: HIT
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=WVJ6b1dnQUFTQ01ydUFCRA==&google_gid=CAESEFchlr13iZp_INu8IxSIN7Y&google_cver=1&google_push=AYg5qPJK7P4JuMcGjxY7OxziqjVUlKq6Y3MRJAsLSAq3Kp4qKuHWt1NerWaQR_hSfUzmHJp7iDzi29y4q5LVw4rVpgUeMfV8_17DTQ
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame 74DC 70 B
265 B 3141ms
43ms Image
image/gif 76.223.111.131
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESEGrLXLVYZSOIg6tK_u_hMVE&google_cver=1&google_push=AYg5qPIGP194fWcmCMSz43ADum7Z6nZJPCU8_IcGL9mUBhh8SoRtO3WB5VvGkvgqCBE5YCbBRI0ZHOis9Ur4bQF22bZs9SkdMNCEeQ
Requested by: Host: ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com
URL: https://ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.111.131 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a97adde81b00f2ca4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 11:00:45 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2 204 AdxPixel
tr.blismedia.com/v1/api/sync/ Frame 74DC 0
136 B 6084ms
29ms Image
text/plain 34.96.105.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tr.blismedia.com/v1/api/sync/AdxPixel?google_gid=CAESEC8RZRvqpvm8CBLsrKiwPfc&google_cver=1&google_push=AYg5qPLGHBILGOCOlcIxORHq5nvq5Vm1HJKZMGBafkIYMNFXUyc6VHETV6lu6WLAnXigisE44IClkbybTX6w9vebCc1TZI7pJYa1
Requested by: Host: ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com
URL: https://ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.105.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.105.96.34.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 11:00:48 GMT
via: 1.1 google
alt-svc: clear

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 74DC
Redirect Chain

https://tracking.m6r.eu/sync/adxRedirect?gdprFallback=true&google_gid=&google_gid=CAESEE3HWMCzl4GkSfv6ecwCnrU&google_cver=1&google_push=AYg5qPJIUSNNfyKMlL5LimQiKsc920qqRvqwqlU23r3OFbwJgmjN_l8zfWA1k...
https://tracking.m6r.eu/sync/adxRedirect?gdprFallback=true&google_gid=&google_gid=CAESEE3HWMCzl4GkSfv6ecwCnrU&google_cver=1&google_push=AYg5qPJIUSNNfyKMlL5LimQiKsc920qqRvqwqlU23r3OFbwJgmjN_l8zfWA1k...
https://cm.g.doubleclick.net/pixel?google_nid=m6r&google_ula=158217889&google_hm=g33RoGOXH_pXF8IEKSrbcg&google_push=AYg5qPJIUSNNfyKMlL5LimQiKsc920qqRvqwqlU23r3OFbwJgmjN_l8zfWA1k08t-T6q1AhMa50h92Z-J...
https://cm.g.doubleclick.net/pixel?google_nid=m6r&google_ula=158217889&google_hm=g33RoGOXH_pXF8IEKSrbcg&google_push=AYg5qPJIUSNNfyKMlL5LimQiKsc920qqRvqwqlU23r3OFbwJgmjN_l8zfWA1k08t-T6q1AhMa50h92Z-J...

170 B
188 B

39ms
39ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=m6r&google_ula=158217889&google_hm=g33RoGOXH_pXF8IEKSrbcg&google_push=AYg5qPJIUSNNfyKMlL5LimQiKsc920qqRvqwqlU23r3OFbwJgmjN_l8zfWA1k08t-T6q1AhMa50h92Z-Ji9_3xnr-eNvc8fF5QyR0g&google_tc=

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 11:00:49 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 18 Aug 2021 11:00:49 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=m6r&google_ula=158217889&google_hm=g33RoGOXH_pXF8IEKSrbcg&google_push=AYg5qPJIUSNNfyKMlL5LimQiKsc920qqRvqwqlU23r3OFbwJgmjN_l8zfWA1k08t-T6q1AhMa50h92Z-Ji9_3xnr-eNvc8fF5QyR0g&google_tc=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 442
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 74DC
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESENaYSp0wIe9pbO2-TCmvJnc&google_cver=1&google_push=AYg5qPLIeGMpKBWr02bTiLPNBRFNk4BerIMtd8nalPVqvbzH0D7j4nbUsxWEVJh13M_XTOcx2yfn6sA9CBfZd85S51rzTrnjd2YXOw
https://rtb.openx.net/sync/dds?google_gid=CAESENaYSp0wIe9pbO2-TCmvJnc&google_cver=1&google_push=AYg5qPLIeGMpKBWr02bTiLPNBRFNk4BerIMtd8nalPVqvbzH0D7j4nbUsxWEVJh13M_XTOcx2yfn6sA9CBfZd85S51rzTrnjd2YXO...
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPLIeGMpKBWr02bTiLPNBRFNk4BerIMtd8nalPVqvbzH0D7j4nbUsxWEVJh13M_XTOcx2yfn6sA9CBfZd85S51rzTrnjd2YXOw&google_hm=NK2X4wbDyrYSjd-N9ntMDA==

170 B
188 B

40ms
39ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPLIeGMpKBWr02bTiLPNBRFNk4BerIMtd8nalPVqvbzH0D7j4nbUsxWEVJh13M_XTOcx2yfn6sA9CBfZd85S51rzTrnjd2YXOw&google_hm=NK2X4wbDyrYSjd-N9ntMDA==

Requested by

Host: ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com
URL: https://ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 11:00:42 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 18 Aug 2021 11:00:41 GMT
via: 1.1 google
server: Cowboy
access-control-allow-origin: null
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPLIeGMpKBWr02bTiLPNBRFNk4BerIMtd8nalPVqvbzH0D7j4nbUsxWEVJh13M_XTOcx2yfn6sA9CBfZd85S51rzTrnjd2YXOw&google_hm=NK2X4wbDyrYSjd-N9ntMDA==
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-request-id: ofes6ubf8iib2volu72jl98micnb1es2

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 74DC
Redirect Chain

https://sm.rtb.mts.ru/p?ssp=googleban&pm=1&google_gid=CAESEKxpy0KJAZVvnlrBs4vTSnM&google_cver=1&google_push=AYg5qPLxNh0_nI9wAhhtcrcdPMcfsi2t8nbbTErCXtoT7G4gXbc_o_-2OXYNx9pc8pb3DcTRorJm9gSqSFL8COtcp...
https://sm.rtb.mts.ru/match/second?r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dstream_llc%26id%3D4309b72d-278d-42d3-8bc5-bce4980bcef0%26google_push%3DAYg5qPLxNh0_nI9wAhhtcrcdPMcfsi2...
https://tech.rtb.mts.ru/?dsp_uid=4309b72d-278d-42d3-8bc5-bce4980bcef0&return_url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dstream_llc%26id%3D4309b72d-278d-42d3-8bc5-bce4980bcef0%26g...
https://cm.g.doubleclick.net/pixel?google_nid=stream_llc&id=4309b72d-278d-42d3-8bc5-bce4980bcef0&google_push=AYg5qPLxNh0_nI9wAhhtcrcdPMcfsi2t8nbbTErCXtoT7G4gXbc_o_-2OXYNx9pc8pb3DcTRorJm9gSqSFL8COtc...

170 B
188 B

38ms
38ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=stream_llc&id=4309b72d-278d-42d3-8bc5-bce4980bcef0&google_push=AYg5qPLxNh0_nI9wAhhtcrcdPMcfsi2t8nbbTErCXtoT7G4gXbc_o_-2OXYNx9pc8pb3DcTRorJm9gSqSFL8COtcpEcpyIMotIE_Dog

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 11:00:44 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Wed, 18 Aug 2021 11:00:44 GMT
Server: nginx/1.13.12
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Content-Type: text/html; charset=utf-8
Location: https://cm.g.doubleclick.net/pixel?google_nid=stream_llc&id=4309b72d-278d-42d3-8bc5-bce4980bcef0&google_push=AYg5qPLxNh0_nI9wAhhtcrcdPMcfsi2t8nbbTErCXtoT7G4gXbc_o_-2OXYNx9pc8pb3DcTRorJm9gSqSFL8COtcpEcpyIMotIE_Dog
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 74DC
Redirect Chain

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEEHsNV6LOK-w76-JJamY5vo&google_cver=1&google_push=AYg5qPJxVedoRRvm4DCH6FGIidR8GGlw6-exwxnbDdklf_VOjtwmbJLuIxP17CSdFK-LiVTjIR...
https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEEHsNV6LOK-w76-JJamY5vo&google_cver=1&google_push=AYg5qPJxVedoRRvm4DCH6FGIidR8GGlw6-exwxnbDdklf_VOjtwmbJLuIxP17CSdFK-LiVTjIR...
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS14ekZ6bnp0RTJ1R0Q0MHFZYVQ4UDlBbmJ5QlVfNEZxbn5B&google_push=AYg5qPJxVedoRRvm4DCH6FGIidR8GGlw6-exwxnbDdklf_VOjtwmbJLuI...

170 B
188 B

39ms
38ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS14ekZ6bnp0RTJ1R0Q0MHFZYVQ4UDlBbmJ5QlVfNEZxbn5B&google_push=AYg5qPJxVedoRRvm4DCH6FGIidR8GGlw6-exwxnbDdklf_VOjtwmbJLuIxP17CSdFK-LiVTjIRco914GC2cJOmT5qVyPF3b3GD9z28w

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 11:00:49 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Wed, 18 Aug 2021 11:00:49 GMT
Server: ATS/7.1.2.128
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS14ekZ6bnp0RTJ1R0Q0MHFZYVQ4UDlBbmJ5QlVfNEZxbn5B&google_push=AYg5qPJxVedoRRvm4DCH6FGIidR8GGlw6-exwxnbDdklf_VOjtwmbJLuIxP17CSdFK-LiVTjIRco914GC2cJOmT5qVyPF3b3GD9z28w
Connection: keep-alive
Content-Length: 0

GET
H3-29 204 attr
cm.g.doubleclick.net/pixel/ Frame 74DC 0
12 B 43ms
38ms Image
text/html 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JsYwz4cYZAfP8WLNlWNywSYoR4eDY6ZJJH4RYmKrxMb78MBOUVvXMPbxHEI8gvOrIvR1cH2Zo

Requested by

Host: ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com
URL: https://ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 11:00:42 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3-29 200 2Mamy1gctW5X5kkoV06eENoOKaZzKSb08nEhfCw43oY.js Show response
pagead2.googlesyndication.com/bg/ Frame 21A5 35 KB
13 KB 15ms
8ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/2Mamy1gctW5X5kkoV06eENoOKaZzKSb08nEhfCw43oY.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d8c6a6cb581cb56e57e64928574e9e10da0e29a6732926f4f271217c2c38de86

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Aug 2021 08:47:56 GMT
content-encoding: br
x-content-type-options: nosniff
age: 94366
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13268
x-xss-protection: 0
last-modified: Mon, 09 Aug 2021 14:48:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 17 Aug 2022 08:47:56 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 8782 6 KB
767 B 20ms
16ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:500,700,regular

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61742004/20210602050734216/index.html?e=69&leftOffset=0&topOffset=0&c=h0LqZsaPSA&t=1&renderingType=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

53a25ec3114fb90ff5b7c82f36b6ed226932ea0f96ecbe82b682fffe4db1ac1d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 18 Aug 2021 11:00:42 GMT
server: ESF
date: Wed, 18 Aug 2021 11:00:42 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 18 Aug 2021 11:00:42 GMT

GET
H3-29 200 Enabler_01_245.js Show response
s0.2mdn.net/879366/ Frame 8782 110 KB
38 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_245.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61742004/20210602050734216/index.html?e=69&leftOffset=0&topOffset=0&c=h0LqZsaPSA&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4642568b405b3750fb18df621889e27def95e8162c1cdd256a21b319c9a4e24b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61742004/20210602050734216/index.html?e=69&leftOffset=0&topOffset=0&c=h0LqZsaPSA&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Aug 2021 19:02:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 57490
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38568
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 19:32:54 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 18 Aug 2021 19:02:32 GMT

GET
H3-29 200 2Mamy1gctW5X5kkoV06eENoOKaZzKSb08nEhfCw43oY.js Show response
pagead2.googlesyndication.com/bg/ Frame 101C 35 KB
13 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/2Mamy1gctW5X5kkoV06eENoOKaZzKSb08nEhfCw43oY.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d8c6a6cb581cb56e57e64928574e9e10da0e29a6732926f4f271217c2c38de86

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Aug 2021 08:47:56 GMT
content-encoding: br
x-content-type-options: nosniff
age: 94366
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13268
x-xss-protection: 0
last-modified: Mon, 09 Aug 2021 14:48:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 17 Aug 2022 08:47:56 GMT

GET
H3-29 200 credit_suisse_sn_bw_fo_100mm.svg
s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/ Frame B723 7 KB
3 KB 34ms
29ms Image
image/svg+xml 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/credit_suisse_sn_bw_fo_100mm.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/index.html?e=69&leftOffset=0&topOffset=0&c=5EDe0OVuak&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0ae3db223d1ee5a88f5293fb25645a24eb4c8b1cc1caf76fcd55d27425e6decc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/index.html?e=69&leftOffset=0&topOffset=0&c=5EDe0OVuak&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 06:22:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 16700
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3193
x-xss-protection: 0
last-modified: Wed, 18 Nov 2020 15:54:56 GMT
server: sffe
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 19 Aug 2021 06:22:22 GMT

GET
H3-29 200 credit_suisse_sp_rgb_fo_100mm.svg
s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/ Frame B723 7 KB
3 KB 31ms
28ms Image
image/svg+xml 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/credit_suisse_sp_rgb_fo_100mm.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/index.html?e=69&leftOffset=0&topOffset=0&c=5EDe0OVuak&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

65c4230a26597853a276f154e975c2a0cd90a3b18077fb1a76d0aa2929c80b3a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/index.html?e=69&leftOffset=0&topOffset=0&c=5EDe0OVuak&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 06:22:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 16700
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3164
x-xss-protection: 0
last-modified: Wed, 18 Nov 2020 15:54:56 GMT
server: sffe
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 19 Aug 2021 06:22:22 GMT

GET
H3-29 200 credit_suisse_sp_bw_fo_100mm.svg
s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/ Frame B723 7 KB
3 KB 32ms
29ms Image
image/svg+xml 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/credit_suisse_sp_bw_fo_100mm.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/index.html?e=69&leftOffset=0&topOffset=0&c=5EDe0OVuak&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4240e62d63f79618a455e082e5f4e4fa3803c3178f2352bab4d6e9284b72bc0d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/index.html?e=69&leftOffset=0&topOffset=0&c=5EDe0OVuak&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 07:08:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 13932
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3185
x-xss-protection: 0
last-modified: Wed, 18 Nov 2020 15:54:56 GMT
server: sffe
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 19 Aug 2021 07:08:30 GMT

GET
H3-29 200 cs_arrow_white.svg
s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/ Frame B723 259 B
226 B 31ms
28ms Image
image/svg+xml 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/cs_arrow_white.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/index.html?e=69&leftOffset=0&topOffset=0&c=5EDe0OVuak&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bef825473017999e06fb1bd4d9a8998e9cee97692c877cb408df63089f9ab46f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/index.html?e=69&leftOffset=0&topOffset=0&c=5EDe0OVuak&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:07:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 6803
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 200
x-xss-protection: 0
last-modified: Wed, 18 Nov 2020 15:54:56 GMT
server: sffe
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 19 Aug 2021 09:07:19 GMT

GET
H3-29 200 Step_994x250-1.png
s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/ Frame B723 16 KB
16 KB 32ms
29ms Image
image/png 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/Step_994x250-1.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/index.html?e=69&leftOffset=0&topOffset=0&c=5EDe0OVuak&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ab9293f24d43895ad17d1b0f24cb9bfa0221624e61b700722e0fbc1700740751

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/index.html?e=69&leftOffset=0&topOffset=0&c=5EDe0OVuak&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 06:01:48 GMT
x-content-type-options: nosniff
last-modified: Wed, 18 Nov 2020 15:54:56 GMT
server: sffe
age: 17934
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16210
x-xss-protection: 0
expires: Thu, 19 Aug 2021 06:01:48 GMT

GET
H3-29 200 icon_googleplay.svg
s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/ Frame B723 18 KB
5 KB 32ms
29ms Image
image/svg+xml 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/icon_googleplay.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/index.html?e=69&leftOffset=0&topOffset=0&c=5EDe0OVuak&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f40848121887698d6798fd17905cb0c5e5bd4d8be66b792d01f0a8181e448a72

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/index.html?e=69&leftOffset=0&topOffset=0&c=5EDe0OVuak&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 08:01:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 10744
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4833
x-xss-protection: 0
last-modified: Wed, 18 Nov 2020 15:54:56 GMT
server: sffe
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 19 Aug 2021 08:01:38 GMT

GET
H3-29 200 icon_applestore.svg
s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/ Frame B723 6 KB
2 KB 32ms
29ms Image
image/svg+xml 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/icon_applestore.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/index.html?e=69&leftOffset=0&topOffset=0&c=5EDe0OVuak&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

38d742af777582ea8ec03fd2897373e5111fad1272ca389fdde838a453fc784d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/index.html?e=69&leftOffset=0&topOffset=0&c=5EDe0OVuak&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 05:28:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 19955
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2324
x-xss-protection: 0
last-modified: Wed, 18 Nov 2020 15:54:56 GMT
server: sffe
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 19 Aug 2021 05:28:07 GMT

GET
H3-29 200 gebuehrenfrei_1_wideboard.jpg
s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/ Frame B723 32 KB
32 KB 32ms
30ms Image
image/jpeg 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/gebuehrenfrei_1_wideboard.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/index.html?e=69&leftOffset=0&topOffset=0&c=5EDe0OVuak&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

75b44719f42e50db5301c3aae15bef8f6b5ed774a10c45b41a9c745041ee1eee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/index.html?e=69&leftOffset=0&topOffset=0&c=5EDe0OVuak&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 08:01:38 GMT
x-content-type-options: nosniff
last-modified: Wed, 18 Nov 2020 15:54:56 GMT
server: sffe
age: 10744
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32755
x-xss-protection: 0
expires: Thu, 19 Aug 2021 08:01:38 GMT

GET
H3-29 200 endingscreen_2_wideboard.jpg
s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/ Frame B723 15 KB
15 KB 35ms
32ms Image
image/jpeg 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/endingscreen_2_wideboard.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/index.html?e=69&leftOffset=0&topOffset=0&c=5EDe0OVuak&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7e67334c97cfbc34e37919a58a6e6f9b456d86426c57aabff53b91cb298941a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/index.html?e=69&leftOffset=0&topOffset=0&c=5EDe0OVuak&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 06:22:22 GMT
x-content-type-options: nosniff
last-modified: Wed, 18 Nov 2020 15:54:56 GMT
server: sffe
age: 16700
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15421
x-xss-protection: 0
expires: Thu, 19 Aug 2021 06:22:22 GMT

GET
H3-29 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v27/ Frame 8782 15 KB
15 KB 9ms
8ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:500,700,regular

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://s0.2mdn.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Aug 2021 12:00:01 GMT
x-content-type-options: nosniff
age: 82841
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15828
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:46 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 17 Aug 2022 12:00:01 GMT

GET
H3-29 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v27/ Frame 8782 15 KB
15 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:500,700,regular

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://s0.2mdn.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 16 Aug 2021 18:26:24 GMT
x-content-type-options: nosniff
age: 146058
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:35 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 16 Aug 2022 18:26:24 GMT

GET
H3-29 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v27/ Frame 8782 16 KB
16 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:500,700,regular

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://s0.2mdn.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Aug 2021 17:17:27 GMT
x-content-type-options: nosniff
age: 63795
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15920
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:39 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 17 Aug 2022 17:17:27 GMT

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 2E4E 0
60 B 98ms
46ms Ping
image/gif 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Wed, 18 Aug 2021 11:00:42 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 9BCB 0
545 B 65ms
45ms Ping
image/gif 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Wed, 18 Aug 2021 11:00:42 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 8782 6 KB
4 KB 24ms
24ms XHR
application/json 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_245&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_245.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

14a319b4c359383f5c941491caade37c622bdf8032a4330423fc2bb58586d2f3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 18 Aug 2021 11:00:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4431
x-xss-protection: 0

GET
H3-29 200 endingscreen_2_wideboard.jpg
s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/ Frame B723 15 KB
15 KB 7ms
7ms Image
image/jpeg 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/endingscreen_2_wideboard.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/index.html?e=69&leftOffset=0&topOffset=0&c=5EDe0OVuak&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7e67334c97cfbc34e37919a58a6e6f9b456d86426c57aabff53b91cb298941a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/index.html?e=69&leftOffset=0&topOffset=0&c=5EDe0OVuak&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 06:22:22 GMT
x-content-type-options: nosniff
last-modified: Wed, 18 Nov 2020 15:54:56 GMT
server: sffe
age: 16700
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15421
x-xss-protection: 0
expires: Thu, 19 Aug 2021 06:22:22 GMT

GET
H3-29 200 credit_suisse_sp_bw_fo_100mm.svg
s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/ Frame B723 7 KB
3 KB 10ms
6ms Image
image/svg+xml 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/credit_suisse_sp_bw_fo_100mm.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/index.html?e=69&leftOffset=0&topOffset=0&c=5EDe0OVuak&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4240e62d63f79618a455e082e5f4e4fa3803c3178f2352bab4d6e9284b72bc0d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/index.html?e=69&leftOffset=0&topOffset=0&c=5EDe0OVuak&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 07:08:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 13932
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3185
x-xss-protection: 0
last-modified: Wed, 18 Nov 2020 15:54:56 GMT
server: sffe
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 19 Aug 2021 07:08:30 GMT

GET
H3-29 200 credit_suisse_sp_rgb_fo_100mm.svg
s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/ Frame B723 7 KB
3 KB 11ms
6ms Image
image/svg+xml 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/credit_suisse_sp_rgb_fo_100mm.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/index.html?e=69&leftOffset=0&topOffset=0&c=5EDe0OVuak&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

65c4230a26597853a276f154e975c2a0cd90a3b18077fb1a76d0aa2929c80b3a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/index.html?e=69&leftOffset=0&topOffset=0&c=5EDe0OVuak&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 06:22:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 16700
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3164
x-xss-protection: 0
last-modified: Wed, 18 Nov 2020 15:54:56 GMT
server: sffe
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 19 Aug 2021 06:22:22 GMT

GET
H3-29 200 credit_suisse_sn_bw_fo_100mm.svg
s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/ Frame B723 7 KB
3 KB 12ms
8ms Image
image/svg+xml 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/credit_suisse_sn_bw_fo_100mm.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/index.html?e=69&leftOffset=0&topOffset=0&c=5EDe0OVuak&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0ae3db223d1ee5a88f5293fb25645a24eb4c8b1cc1caf76fcd55d27425e6decc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/index.html?e=69&leftOffset=0&topOffset=0&c=5EDe0OVuak&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 06:22:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 16700
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3193
x-xss-protection: 0
last-modified: Wed, 18 Nov 2020 15:54:56 GMT
server: sffe
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 19 Aug 2021 06:22:22 GMT

GET
H3-29 200 cs_arrow_white.svg
s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/ Frame B723 259 B
226 B 13ms
8ms Image
image/svg+xml 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/cs_arrow_white.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/index.html?e=69&leftOffset=0&topOffset=0&c=5EDe0OVuak&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bef825473017999e06fb1bd4d9a8998e9cee97692c877cb408df63089f9ab46f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/index.html?e=69&leftOffset=0&topOffset=0&c=5EDe0OVuak&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:07:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 6803
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 200
x-xss-protection: 0
last-modified: Wed, 18 Nov 2020 15:54:56 GMT
server: sffe
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 19 Aug 2021 09:07:19 GMT

GET
H3-29 200 icon_applestore.svg
s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/ Frame B723 6 KB
2 KB 13ms
9ms Image
image/svg+xml 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/icon_applestore.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/index.html?e=69&leftOffset=0&topOffset=0&c=5EDe0OVuak&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

38d742af777582ea8ec03fd2897373e5111fad1272ca389fdde838a453fc784d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/index.html?e=69&leftOffset=0&topOffset=0&c=5EDe0OVuak&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 05:28:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 19955
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2324
x-xss-protection: 0
last-modified: Wed, 18 Nov 2020 15:54:56 GMT
server: sffe
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 19 Aug 2021 05:28:07 GMT

GET
H3-29 200 icon_googleplay.svg
s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/ Frame B723 18 KB
5 KB 13ms
8ms Image
image/svg+xml 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/icon_googleplay.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/index.html?e=69&leftOffset=0&topOffset=0&c=5EDe0OVuak&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f40848121887698d6798fd17905cb0c5e5bd4d8be66b792d01f0a8181e448a72

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/index.html?e=69&leftOffset=0&topOffset=0&c=5EDe0OVuak&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 08:01:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 10744
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4833
x-xss-protection: 0
last-modified: Wed, 18 Nov 2020 15:54:56 GMT
server: sffe
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 19 Aug 2021 08:01:38 GMT

GET
H3-29 200 gebuehrenfrei_1_wideboard.jpg
s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/ Frame B723 32 KB
32 KB 13ms
8ms Image
image/jpeg 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/gebuehrenfrei_1_wideboard.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/index.html?e=69&leftOffset=0&topOffset=0&c=5EDe0OVuak&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

75b44719f42e50db5301c3aae15bef8f6b5ed774a10c45b41a9c745041ee1eee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/index.html?e=69&leftOffset=0&topOffset=0&c=5EDe0OVuak&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 08:01:38 GMT
x-content-type-options: nosniff
last-modified: Wed, 18 Nov 2020 15:54:56 GMT
server: sffe
age: 10744
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32755
x-xss-protection: 0
expires: Thu, 19 Aug 2021 08:01:38 GMT

GET
H3-29 200 Step_994x250-1.png
s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/ Frame B723 16 KB
16 KB 17ms
11ms Image
image/png 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/Step_994x250-1.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/index.html?e=69&leftOffset=0&topOffset=0&c=5EDe0OVuak&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ab9293f24d43895ad17d1b0f24cb9bfa0221624e61b700722e0fbc1700740751

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/index.html?e=69&leftOffset=0&topOffset=0&c=5EDe0OVuak&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 06:01:48 GMT
x-content-type-options: nosniff
last-modified: Wed, 18 Nov 2020 15:54:56 GMT
server: sffe
age: 17934
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16210
x-xss-protection: 0
expires: Thu, 19 Aug 2021 06:01:48 GMT

GET
H3-29 200 CreditSuisseHeadline-Regular.woff2
s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/ Frame B723 31 KB
31 KB 14ms
10ms Font
font/woff2 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/CreditSuisseHeadline-Regular.woff2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/index.html?e=69&leftOffset=0&topOffset=0&c=5EDe0OVuak&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

82cc9b2882730bd4a05ebc7bfea9aec2097c140df6421a2a2181cd4e95378110

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://s0.2mdn.net
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/index.html?e=69&leftOffset=0&topOffset=0&c=5EDe0OVuak&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 06:22:22 GMT
x-content-type-options: nosniff
last-modified: Wed, 18 Nov 2020 15:54:56 GMT
server: sffe
age: 16700
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31996
x-xss-protection: 0
expires: Thu, 19 Aug 2021 06:22:22 GMT

GET
H3-29 200 CS_Bold.woff2
s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/ Frame B723 33 KB
33 KB 12ms
9ms Font
font/woff2 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/CS_Bold.woff2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/index.html?e=69&leftOffset=0&topOffset=0&c=5EDe0OVuak&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

975c290cf24b15334df0fc60a18c97b8f6569bddc83b6eda41843ab6dc33c832

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://s0.2mdn.net
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/index.html?e=69&leftOffset=0&topOffset=0&c=5EDe0OVuak&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:06:51 GMT
x-content-type-options: nosniff
last-modified: Wed, 18 Nov 2020 15:54:56 GMT
server: sffe
age: 6831
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33832
x-xss-protection: 0
expires: Thu, 19 Aug 2021 09:06:51 GMT

GET
H3-29 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame B723 6 KB
4 KB 19ms
18ms XHR
application/json 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_245&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_245.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3f31c8f68a4595e1acb6350a0dadbaa9bf4b3cadb9dd6d1716f8eb84adaba3f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 18 Aug 2021 11:00:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4542
x-xss-protection: 0

GET
H3-29 200 60004362_20210329090123025_Product_Wideboard_white.jpg
s0.2mdn.net/ads/richmedia/studio/60004362/ Frame B723 76 KB
76 KB 7ms
7ms Image
image/jpeg 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60004362/60004362_20210329090123025_Product_Wideboard_white.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/index.html?e=69&leftOffset=0&topOffset=0&c=5EDe0OVuak&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d834cd91de4ff3d54b9754c712ce55273966c77f5cdfc5c74cdc78de508e61c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/index.html?e=69&leftOffset=0&topOffset=0&c=5EDe0OVuak&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 07:29:40 GMT
x-content-type-options: nosniff
last-modified: Mon, 29 Mar 2021 16:01:23 GMT
server: sffe
age: 12662
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 78223
x-xss-protection: 0
expires: Thu, 19 Aug 2021 07:29:40 GMT

GET
H3-29 200 60004362_20210329084435596_Banner_1200x300_40_Suite_1.jpg
s0.2mdn.net/ads/richmedia/studio/60004362/ Frame B723 46 KB
47 KB 8ms
8ms Image
image/jpeg 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60004362/60004362_20210329084435596_Banner_1200x300_40_Suite_1.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/index.html?e=69&leftOffset=0&topOffset=0&c=5EDe0OVuak&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a553b53e02df9f21b5e35839495241e44a140c6ccf111603365eb4a32b6d7567

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61604391/20201118075456358/index.html?e=69&leftOffset=0&topOffset=0&c=5EDe0OVuak&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 08:34:53 GMT
x-content-type-options: nosniff
last-modified: Mon, 29 Mar 2021 15:44:35 GMT
server: sffe
age: 8749
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47588
x-xss-protection: 0
expires: Thu, 19 Aug 2021 08:34:53 GMT

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 8782 17 KB
6 KB 35ms
29ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_245.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 11:00:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
expires: Wed, 18 Aug 2021 11:00:42 GMT

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame B723 17 KB
6 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_245.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 11:00:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
expires: Wed, 18 Aug 2021 11:00:42 GMT

OPTIONS
H/1.1 200
OK log
errors.client.optimizely.com/ Frame 0
0 355ms
118ms Preflight
text/plain 52.72.27.138
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://errors.client.optimizely.com/log
Protocol: HTTP/1.1
Server: 52.72.27.138 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-72-27-138.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.afr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With,Content-Type,Accept,Origin
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: https://www.afr.com
Access-Control-Max-Age: 1800
Allow: POST,OPTIONS
Content-Type: text/plain
Date: Wed, 18 Aug 2021 11:00:43 GMT
Content-Length: 13
Connection: keep-alive

POST
H/1.1 204
No Content log Show response
errors.client.optimizely.com/ 0
237 B 119ms
119ms XHR
text/plain 52.72.27.138
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://errors.client.optimizely.com/log
Requested by: Host: cdn.optimizely.com
URL: https://cdn.optimizely.com/js/13780390039.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.72.27.138 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-72-27-138.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

Access-Control-Allow-Origin: https://www.afr.com
Access-Control-Expose-Headers
Access-Control-Allow-Credentials: true
Connection: keep-alive
Date: Wed, 18 Aug 2021 11:00:43 GMT
Content-Type: text/plain

GET
H2 200 / Show response
zn1zw3m3dlvzezje2-nineresearch.siteintercept.qualtrics.com/SIE/ 7 KB
4 KB 1103ms
32ms Script
application/javascript 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://zn1zw3m3dlvzezje2-nineresearch.siteintercept.qualtrics.com/SIE/?Q_ZID=ZN_1zw3m3dlvZEzjE2

Requested by

Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

226d4fcfc32f42330734de29df74cdb8af040a15f6fda79f370601c2791cd2b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 11:00:43 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 450968
cf-polished: origSize=8383
edge-control: max-age=604800
x-envoy-upstream-service-time: 4
vary: Accept-Encoding
cf-bgj: minify
server: cloudflare
x-powered-by: Express
etag: W/"20bf-apfwugL5/h8/DWtimMXWbiGQkoc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=3600, s-maxage=604800
cf-ray: 680aa3deab6f0221-ZRH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept

GET
H2 200 chartbeat.js Show response
static.chartbeat.com/js/ 36 KB
14 KB 53ms
18ms Script
application/x-javascript 2600:9000:2190:7a00:18:1fcd:34f:cdc1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.chartbeat.com/js/chartbeat.js
Requested by: Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2190:7a00:18:1fcd:34f:cdc1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 612e6b00354d56a1726cd40dc9a28d83ffda033d63214eae704d1e61ef59b3b5

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 10:15:38 GMT
content-encoding: gzip
last-modified: Fri, 09 Jul 2021 00:11:37 GMT
server: nginx
age: 2703
etag: W/"60e79439-8e96"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/x-javascript
via: 1.1 871dedfc10f4428aa2412b6f788b791a.cloudfront.net (CloudFront)
cache-control: max-age=7200
cross-origin-resource-policy: cross-origin
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: oWF2UbJU002-SSNMII4kl0k5Z0lVk82EzzdEoNjnQiFFXcQUdpiJow==
expires: Wed, 18 Aug 2021 12:15:38 GMT

GET
H/1.1 200
OK dest5.html Show response
nd.demdex.net/ Frame CF34 7 KB
3 KB 1166ms
45ms Document
text/html 63.32.159.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://nd.demdex.net/dest5.html?d_nsid=0

Requested by

Host: www.afr.com
URL: https://www.afr.com/companies/financial-services/cba-launches-steppay-lifts-payment-revenue-20210817-p58je4

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

63.32.159.255 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-63-32-159-255.eu-west-1.compute.amazonaws.com

Software

Resource Hash

7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Host: nd.demdex.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.afr.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: dextp=30064-1-1629284441860|30646-1-1629284441872|358-1-1629284441892|470-1-1629284441914|481-1-1629284441928|466-1-1629284441943|771-1-1629284441961|782-1-1629284441975|832-1-1629284441992|23728-1-1629284442007; demdex=58701520801729284010511172961087358693
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.afr.com/

Response headers

Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: text/html;charset=UTF-8
date: Wed, 18 Aug 2021 11:00:44 GMT
DCS: dcs-prod-irl1-1-v012-0c7f2393d.edge-irl1.demdex.com 6.3.1.20210623115127
Expires: Thu, 01 Jan 1970 00:00:00 UTC
last-modified: Fri, 2 Jul 2021 08:33:35 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
vary: accept-encoding
X-TID: TqXJryjyTLE=
Content-Length: 2791
Connection: keep-alive

GET
H3-29 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 11 KB
8 KB 19ms
18ms XHR
application/json 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021081201&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021081201.js?31062301

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

77cd0ddae10de5c17b64d69e76c120e8665df4faa7b86212570eff9e9c3b200e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 18 Aug 2021 11:00:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8545
x-xss-protection: 0

GET
H3-29 200 BBU-Backup.jpg
s0.2mdn.net/ads/richmedia/studio/pv2/61742004/20210602050734216/ Frame 8782 51 KB
51 KB 31ms
30ms Image
image/jpeg 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61742004/20210602050734216/BBU-Backup.jpg

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2bc0509f792545da1144e270cabda6cbea8ec535494234274cbfacd60ded8cd5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61742004/20210602050734216/index.html?e=69&leftOffset=0&topOffset=0&c=h0LqZsaPSA&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 11:00:42 GMT
x-content-type-options: nosniff
last-modified: Wed, 02 Jun 2021 12:07:34 GMT
server: sffe
age: 0
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 52446
x-xss-protection: 0
expires: Thu, 19 Aug 2021 11:00:42 GMT

GET
H3-29 200 Artboard_15.svg
s0.2mdn.net/ads/richmedia/studio/pv2/61742004/20210602050734216/ Frame 8782 3 KB
1 KB 23ms
23ms Image
image/svg+xml 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61742004/20210602050734216/Artboard_15.svg

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

427b219b731b8c02b81031fde0a4b5dd58165ddfe7a662f266841d2ee39d325f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61742004/20210602050734216/index.html?e=69&leftOffset=0&topOffset=0&c=h0LqZsaPSA&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 11:00:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1157
x-xss-protection: 0
last-modified: Wed, 02 Jun 2021 12:07:34 GMT
server: sffe
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 19 Aug 2021 11:00:42 GMT

GET
H3-29 200 hover_arrow-01.svg
s0.2mdn.net/ads/richmedia/studio/pv2/61742004/20210602050734216/ Frame 8782 221 B
226 B 24ms
23ms Image
image/svg+xml 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61742004/20210602050734216/hover_arrow-01.svg

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

224b626e735ffb683a55276ec486a0e60b121aa2e2856ac2295847a47e317cb5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61742004/20210602050734216/index.html?e=69&leftOffset=0&topOffset=0&c=h0LqZsaPSA&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 11:00:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 192
x-xss-protection: 0
last-modified: Wed, 02 Jun 2021 12:07:34 GMT
server: sffe
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 19 Aug 2021 11:00:42 GMT

GET
H3-29 200 arrow.svg
s0.2mdn.net/ads/richmedia/studio/pv2/61742004/20210602050734216/ Frame 8782 238 B
235 B 26ms
26ms Image
image/svg+xml 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61742004/20210602050734216/arrow.svg

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3cde954a41b6ec43f77cd63b687d33ae3af998546738b4d4520f5ab9eab74159

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61742004/20210602050734216/index.html?e=69&leftOffset=0&topOffset=0&c=h0LqZsaPSA&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 11:00:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 201
x-xss-protection: 0
last-modified: Wed, 02 Jun 2021 12:07:34 GMT
server: sffe
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 19 Aug 2021 11:00:42 GMT

GET
H3-29 200 41359781_20210528155517315_1044533241_BBU_US_Rebound.png
s0.2mdn.net/ads/richmedia/studio/41359781/ Frame 8782 350 KB
350 KB 9ms
9ms Image
image/png 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/41359781/41359781_20210528155517315_1044533241_BBU_US_Rebound.png

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a1003dc38bf2c04e783d6fee1d634810197678d1219977411e519beeb888aca4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61742004/20210602050734216/index.html?e=69&leftOffset=0&topOffset=0&c=h0LqZsaPSA&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Aug 2021 15:45:27 GMT
x-content-type-options: nosniff
last-modified: Fri, 28 May 2021 22:55:17 GMT
server: sffe
age: 69315
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 358796
x-xss-protection: 0
expires: Wed, 18 Aug 2021 15:45:27 GMT

GET
H3-29 200 /
www.facebook.com/tr/ 44 B
88 B 11ms
7ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=419599435931961&ev=Paywall&dl=https%3A%2F%2Fwww.afr.com%2Fcompanies%2Ffinancial-services%2Fcba-launches-steppay-lifts-payment-revenue-20210817-p58je4&rl=&if=false&ts=1629284442933&sw=1600&sh=1200&v=2.9.44&r=stable&a=tmgoogletagmanager&ec=4&o=30&fbp=fb.1.1629284442160.352934578&it=1629284440239&coo=false&rqm=GET

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 11:00:42 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority: u=3,i
expires: Wed, 18 Aug 2021 11:00:42 GMT

GET
H3-29 200 /
www.facebook.com/tr/ 44 B
88 B 10ms
8ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1831268437115893&ev=Paywall&dl=https%3A%2F%2Fwww.afr.com%2Fcompanies%2Ffinancial-services%2Fcba-launches-steppay-lifts-payment-revenue-20210817-p58je4&rl=&if=false&ts=1629284442940&sw=1600&sh=1200&v=2.9.44&r=stable&ec=4&o=30&fbp=fb.1.1629284442160.352934578&it=1629284440239&coo=false&rqm=GET

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 11:00:42 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority: u=3,i
expires: Wed, 18 Aug 2021 11:00:42 GMT

GET
H3-29 200 /
www.facebook.com/tr/ 44 B
88 B 10ms
8ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=953970877989909&ev=Paywall&dl=https%3A%2F%2Fwww.afr.com%2Fcompanies%2Ffinancial-services%2Fcba-launches-steppay-lifts-payment-revenue-20210817-p58je4&rl=&if=false&ts=1629284442941&sw=1600&sh=1200&v=2.9.44&r=stable&ec=4&o=30&fbp=fb.1.1629284442160.352934578&it=1629284440239&coo=false&rqm=GET

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 11:00:42 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority: u=3,i
expires: Wed, 18 Aug 2021 11:00:42 GMT

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021081201.js?31062301

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 11:00:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
expires: Wed, 18 Aug 2021 11:00:42 GMT

GET
H3-29 200 2Mamy1gctW5X5kkoV06eENoOKaZzKSb08nEhfCw43oY.js Show response
pagead2.googlesyndication.com/bg/ Frame 9C6A 35 KB
13 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/2Mamy1gctW5X5kkoV06eENoOKaZzKSb08nEhfCw43oY.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d8c6a6cb581cb56e57e64928574e9e10da0e29a6732926f4f271217c2c38de86

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Aug 2021 08:47:56 GMT
content-encoding: br
x-content-type-options: nosniff
age: 94366
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13268
x-xss-protection: 0
last-modified: Mon, 09 Aug 2021 14:48:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 17 Aug 2022 08:47:56 GMT

GET
H3-29 200 2Mamy1gctW5X5kkoV06eENoOKaZzKSb08nEhfCw43oY.js Show response
pagead2.googlesyndication.com/bg/ Frame 3FD1 35 KB
13 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/2Mamy1gctW5X5kkoV06eENoOKaZzKSb08nEhfCw43oY.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d8c6a6cb581cb56e57e64928574e9e10da0e29a6732926f4f271217c2c38de86

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Aug 2021 08:47:56 GMT
content-encoding: br
x-content-type-options: nosniff
age: 94366
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13268
x-xss-protection: 0
last-modified: Mon, 09 Aug 2021 14:48:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 17 Aug 2022 08:47:56 GMT

GET
H2 200 ping
ping.chartbeat.net/ 43 B
201 B 1364ms
116ms Image
image/gif 34.199.126.245
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ping.chartbeat.net/ping?h=afr.com&p=%2Fcompanies%2Ffinancial-services%2Fcba-launches-steppay-lifts-payment-revenue-20210817-p58je4&u=4J9t6D059DTD6aKEX&d=afr.com&g=27223&g0=companies%2C%20article&g1=James%20Eyers&g4=article&n=1&f=00001&c=0&x=0&m=0&y=3841&o=1600&w=1200&j=45&R=1&W=0&I=0&E=0&e=0&r=&PA=https%3A%2F%2Fwww.afr.com%2Fcompanies%2Ffinancial-services%2Fcba-launches-steppay-lifts-payment-revenue-20210817-p58je4&b=4241&_s=%7B%22pageViewId%22%3A%22A211D3CF-5AF3-4B6E-929F-3E8110507F65%22%7D&t=vWTUJBXJphABGrnVABxXgWgDBswSY&V=128&i=CBA%20launches%20StepPay%2C%20lifts%20payment%20revenue&tz=-120&_acct=anon&sn=1&sv=BGgkVd2oQw3C14NukBVU5XpS4goD&sd=1&im=067b2ff3&_
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.199.126.245 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-199-126-245.compute-1.amazonaws.com
Software: /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 11:00:44 GMT
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
content-length: 43
expires: 0

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame F74E 12 KB
5 KB 6ms
6ms Document
text/html 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/224/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.afr.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.afr.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5029
date: Wed, 18 Aug 2021 10:58:09 GMT
expires: Thu, 18 Aug 2022 10:58:09 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 154
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 0933 783 B
531 B 16ms
16ms Document
text/html 2a00:1450:4001:809::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

c8ae22aeba4c8f0f49a6406094c80bcdf9a49771241c222a81cb8548080a7661

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-vvmN7rh9Pq2JmnHtJVF3cg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.afr.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: NID=221=tYPt36RxSLcMzLdaBDx7iyFVsa72tuJu51scHJODKnCyOF51XFvGWQ1KiW_e-I2hMrtDP8zjg-rewI1RTpcjXXIALCGNaZYgLnnOWOTm-LVnFdSOQL8syXZV7Av3PDQPtT-4M6l-oPbbBZPk4oexkGmDm3Yp7gy_pQydRJixOMI
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.afr.com/

Response headers

expires: Wed, 18 Aug 2021 11:00:43 GMT
date: Wed, 18 Aug 2021 11:00:43 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-vvmN7rh9Pq2JmnHtJVF3cg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 512
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 101C 0
20 B 41ms
41ms Image
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BCo0MWugcYbHqC-fn7_UP1ralgAoAAAAAOAHgBAI&bg=!aWqlai7NAAZvV8FTb1c7ACkAdvg8WpMrVs-lqCtyp49pqewkj4P-I5nwQXds24moVoWr_Mh_2GTqcAIAAAHOUgAAAEBoAQcKAAYfi6SpzZeZAsmDEMxMbQA0Fo4owslARyNj-rNOlOqh7O3F_us7r2kWt4_YrB4CqAyYMlfY-7b_hvdzOUTE2gz-ZHsM9xkxr6rJShrDoKl608i6mcWyYj9IRXHhLx-qgJfnuRRwZoRnyEQXsJ_ystcGG91SL9vd26zTd6PWWg4Nowis8WG5AmNKvaB94YbuaB28ah-pcTLMOSI9vrMdcdnzhDmcxjV2QNHkkiFSm7kt7Q2yKuTVm6zh4MuJ0KTWN7gqbt9I_FaFl7cck3XIMwLW5RL_lengDMkg2RWLlIFS8otFPIsWl4MbHU4Xnmvm7Mwrx4A35uJbGDV5z2j9fvHlI9rbR0om8iDakywHzUi3BNGrOFA-hfk0a2hb3fKE9PmmqjUndD_MoZFMNHwPrJZYzwKsDAmlG9ygWbnV4y9n-utj0xmaKjIkzmGTUqk_qgEU2g4K5R-IhZJ_d_fGX7r7jrPMPVv2PL4AInpFEvDdA8TI9NTdzkgsW3jbeo5dUtjhKORbnmpbTLPBJA98QCKNAiroA7WeQbNAPwwIUZgxoAjNEbQwsm4kU4oofR15OO03fFve1ddPbTcuB7rhI8OGjW6o0ZbxpLqY8gubAMB4ORgpAUgqN6JQZglq4MRaXoNhj_JgvjJYZwC7tqMC-_oO2st9pKSdtsSKCC3jIeq1-0j17Xm_K27IE0cExZPZJOv3QS2ua25HOl4a35NTv8uymwcROJgjx8HxBXk-LlVw2cFuoeRkWrvXkGOMk0RV6CgvFFALZH5ih74FekKfpox2obs4sQhvguzqD1tf9z_4TcSOrNYVDVbxKfr3wUlSda-BMgS0UJ8DcvnTgyVluSpPOylkOWeof1cqiox9l-3QBc1TQCakoZJnARrLLzcjj_nRvbdX_OcIZe5zzP7zkrXM5OwyCo0LuG7OIMPMz7F7CGfWjyEN5IlFu-kVrb6XUnQh4A

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 11:00:43 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 2Mamy1gctW5X5kkoV06eENoOKaZzKSb08nEhfCw43oY.js Show response
pagead2.googlesyndication.com/bg/ Frame F74E 35 KB
13 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/2Mamy1gctW5X5kkoV06eENoOKaZzKSb08nEhfCw43oY.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d8c6a6cb581cb56e57e64928574e9e10da0e29a6732926f4f271217c2c38de86

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Aug 2021 08:47:56 GMT
content-encoding: br
x-content-type-options: nosniff
age: 94367
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13268
x-xss-protection: 0
last-modified: Mon, 09 Aug 2021 14:48:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 17 Aug 2022 08:47:56 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 21A5 0
20 B 41ms
40ms Image
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BIe-QWugcYYK5C5GS9u8PpeK6kAQAAAAAOAHgBAI&bg=!DA-lD0vNAAZvV8FTb1c7ACkAdvg8Wn_MQL5QuKMIg9nlqXMqTimscQWrjGvuHEG5UajaqBB32aKjXgIAAAKgUgAAADRoAQeZAtBwA61RFQeg5HhHYfmgLoJtb0bWV5fq7brErts5aZBZBLM81j8SonQT3Vsy-u1f2ZdK8clJTEWSuP97FiSjj3sGAAmp3ZPAJT8owrfqUDUgPmky55MGQvGRtXZ0m0vJAgQ3Sl9Jp4FUWemQOibKYSgy45L7bIO1N1l7hRYtdU2qkgYH0yZpSCJLoN4Nv-cNz0x9myxHq2Iau1jxQWwdiVqsjQUVHlT5dss0WQ2wAGAoLJWXhwDaSJMrYufhOS_mX9SRItC7lEiNrI53OoPXkKU7ucCWmP2PKVF4y5RZY3KW3TIGmOw0Tp2GmyuSmaCVs53H9__HumkMw1D74UxWS-_caKQaekhfHdwTLreQDkJp3_MrL_0vUtcTWyL3uPL_YmN-a4JtwOfbdtylNlhAv8yOPoG5W95543GZqR267uxwV3QRpAc_1K49RHh_ufrdtYoqdXpr6KX82rVYvSSt5pGoEtYad5SWiy-dr_42INJk0oszao7LNzVwmfdn0QpZ8iIPmtA8WNdkZWzC6pE9wSnosZo5avJXY8l2iUgB5w2UiVxPVdOFcGSD_QFtud-NRCf9SXrknE4u9A_x4saPgEcxI1oX2yo7VaOEEa9cFMaKJMYD3o0-98frrvOuJwmdpe9bNLI9nWsl50qQVMsDqZ287T2kCmhc9apNFNEps9AAspgGlIiPmIrN5nGHFRjBlm2JtM8o9lfV3wLUyONa8SqMVkv2hBSKL7iZnyPOk1DvapqZvJ3pbjZa7I9DMh6_jpw1H1wnAUVlXbz5D9jsc6-mk1j_5euoTtWeCc4kkztDStA5QAgelVOZNkI89PoHwgyo7HsotUEMnfvL0LLkXCrVIYEBJlldUS4mmnX0L20ZKmFfCL0ll8pU07mRgu1C9ni7j5ZMVDPxJeRbEAgxYOq_b6BbD8DuT8Ddywpt5TuwENUiQC2WKuMpe5I9MuMfBPs

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 11:00:43 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 2E4E 42 B
64 B 41ms
40ms Fetch
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvwMMAlxQ7Xj5RfSZbwLwC__UtrhEkDNsRtIg3Bxk0WNuL8YPhUej-HKe5aZWfggWaI9NVBgvBD6SA-LYHe0Ba2pWsrnBKLf6j4O1EyZGr4FA&sai=AMfl-YRAISsSIzK4ZjakpT0GPJXxn5NvtWZxlE5bItki_a6G6Nz0XatmJA5tkiXfPYvjjYfAoGBXSqkpYIpyUBH47rn6ybXuK6moS9yLQpwny_fXnS5CluMD_egj_VQ&sig=Cg0ArKJSzCiA-Mn7qi6HEAE&cid=CAASEuRovJUmn_hj798LHDU3ivX9jw&id=lidar2&mcvt=1017&p=208,315,458,1285&asp=208,315,458,1285&mtos=1017,1017,1017,1017,1017&tos=1017,0,0,0,0&v=20210816&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=2737986184&rs=4&met=ce&la=1&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ%3D%3D&vs=4&eosm=0&rst=1629284442109&dlt=10&rpt=222&isd=0&lsd=0&msd=0&r=v&speed=1

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 11:00:43 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 43ms
42ms Image
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gpt_2021081201&jk=2441078680056827&bg=!b2ylbCjNAAZvV8FTb1c7ACkAdvg8Woyyy25mYrvljJwn7kkFJW1jcpOZ5aVR6RAsmwc-5Vu42nkSxwIAAACBUgAAAAxoAQcKAGQX6QjQH-ao5rFNkNP4cHcykvr2MgQKS3hsPjHyp6f7L3M1jabt18HhudWGpl8u1Ga-DqShZqGybGqlVWf9ayeGytOcDiPzUIe6x3TVGWsQBybGivNZOnrPstRDgMrBndtJKJl7mQJr1qJ6TJ5c67jBQyqbMUjw8CXN4IucS3BtjqhL-24UVhg60gnMQfrgl9Gdhz6Nr_piuNyf76fjfcNAm9BuHD8OJH1W71SxoxGgbRhsXbm2_O_beA33obQrJwChhlOqLq89qGC0ZkDfBmskYUVPENPIdLpndmJpYKE2FtsR8rl0iIwpJ3AgbHkHq4aOZ59mzsSDcZpQDdOXcshUJd6V2ieGirXZP43JyFdicg_9bUiv-HILFjSdjks0XQxYPPNFM-dpjhWERKTPnIewd9wlqsgkub6OIwQfUTcD-hDE2RGI3uWyYkrMWuuU-oHkJwgjLZqCULitbqDe97WH-P5G6xN9TvweSTeTilqm3hsP1-aWdlvqx6J-H7RKV9DNwDugJCue5ML2sSc83nCfKDklrWzMbr_b9JaT2wgfBM_IOZcph4U5gnJGvcjcRQxJxe45nyMexnN0HDZNB5kyHyc-I3zIV25Ai4clO-cNkLBo6KmHFWLOGp5oanRnX2ACsGAhfl47JjPJLE3IU0_FkTYbPllrFD9QReioxMt0NEqvNvnuAG_upHPuK4epVOCV2optdY78LJafqcAEfq0M7Tc2VaL3ITXdHfszHa27uzr2Qh7PTqHnNgYo9RTkgMdeqy4JV6Y_WYeN4Vl7mLI21W8BY3BDrYqqWjwa9Wkr1evxnL2qrlz4rspClheVUbAszBaRDTPDM2N4hl8KPgpNvQprBZMX4Gl-s2Pncwmm2gDJSYvCNl27u4f9eMcf0Or7Wl-mgjNmfiDNAJwCyBHwYEFSDTtba_k_DK3AQHFIIylGUVcFGG5ca-L2zU61wC_LHA

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 11:00:43 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gn
secure-dcr.imrworldwide.com/cgi-bin/ 44 B
560 B 49ms
48ms Image
image/gif 54.246.201.247
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-dcr.imrworldwide.com/cgi-bin/gn?prd=dcr&ci=au-302812&ch=au-302812_b25_afr.com-brand%20only_S&asn=afr.com-brand%20only&fp_id=&fp_cr_tm=&fp_acc_tm=&fp_emm_tm=&ve_id=&sessionId=gkwfkymfrgeikgjzv2gq2bel5ypbf1629284441&prv=1&c6=vc,b25&ca=NA&c13=asid,P70F2B436-31E2-4369-A3CB-294DC350A880&c32=segA,NA&c33=segB,NA&c34=segC,NA&c15=apn,afr&sup=1&segment2=&segment1=&forward=0&plugv=&playerv=&ad=0&cr=V&c9=devid,&enc=true&c1=nuid,999&at=view&rt=text&c16=sdkv,bj.6.0.0&c27=cln,0&crs=&lat=&lon=&c29=plid,16292844415624693&c30=bldv,6.0.0.602&st=dcr&c7=osgrp,&c8=devgrp,&c10=plt,&c40=adbid,&c14=osver,NA&c26=dmap,1&dd=&hrd=&wkd=&c35=adrsid,&c36=cref1,&c37=cref2,&c11=agg,1&c12=apv,&c51=adl,0&c52=noad,0&pc=NA&c53=fef,n&c54=oad,&c55=cref3,&c57=adldf,2&ai=p58je4&c3=st,c&c64=starttm,1629284443&adid=p58je4&c58=isLive,false&c59=sesid,&c61=createtm,1629284442&c63=pipMode,&uoo=&c68=bndlid,&nodeTM=&logTM=&c73=phtype,&c74=dvcnm,&c76=adbsnid,&c44=progen,&davty=0&si=https%3A%2F%2Fwww.afr.com%2Fcompanies%2Ffinancial-services%2Fcba-launches-steppay-lifts-payment-revenue-20210817-p58je4&c66=mediaurl,&sdd=retry,~~retryreason,~~devmodel,~~devtypid,~~sysname,~~sysversion,~~manuf,&c62=sendTime,1629284442&rnd=520872
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.246.201.247 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-246-201-247.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 5ecb58845a9ac30e4eb4b18eb0e7431ba1fb195ce035309735efaee67421c7a3

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 11:00:43 GMT
server: nginx
access-control-allow-methods: POST, OPTIONS
p3p: P3P policyref="http://secure-dcr.imrworldwide.com/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
access-control-allow-origin: *
cache-control: no-cache
cross-origin-resource-policy: cross-origin
content-type: image/gif
content-length: 44
expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H2 200 10.70bc16e4a97156565587.chunk.js Show response
siteintercept.qualtrics.com/dxjsmodule/ 49 KB
15 KB 36ms
34ms Script
application/javascript 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/dxjsmodule/10.70bc16e4a97156565587.chunk.js?Q_CLIENTVERSION=1.58.0&Q_CLIENTTYPE=web&Q_BRANDID=www.afr.com

Requested by

Host: zn1zw3m3dlvzezje2-nineresearch.siteintercept.qualtrics.com
URL: https://zn1zw3m3dlvzezje2-nineresearch.siteintercept.qualtrics.com/SIE/?Q_ZID=ZN_1zw3m3dlvZEzjE2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

57013dc279fddb7e1ee42968c9392c4539b274f5289bd34a4a6ee56cd44e980c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.afr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 11:00:43 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 460448
cf-polished: origSize=51239
edge-control: max-age=604800
x-envoy-upstream-service-time: 11
vary: Accept-Encoding
last-modified: Wed, 11 Aug 2021 20:21:37 GMT
server: cloudflare
x-powered-by: Express
etag: W/"c827-17b36e0a468"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800
cf-ray: 680aa3dedbbc0221-ZRH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify

GET
H2 404 sync
pixel.advertising.com/ups/28/ Frame CF34 0
255 B 1098ms
46ms Image
text/plain 18.184.201.8
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.advertising.com/ups/28/sync?uid=58500039301097033390522864760791515103&_origin=1&redir=true

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.184.201.8 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-184-201-8.eu-central-1.compute.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://nd.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 11:00:45 GMT
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H/1.1

200
OK

ibs:dpid=19566&dpuuid=%s
dpm.demdex.net/ Frame CF34
Redirect Chain

https://image5.pubmatic.com/AdServer/usersync/usersync.html?predirect=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid=19566%26dpuuid=PM_UID&userIdMacro=PM_UID
https://dpm.demdex.net/ibs:dpid=19566&dpuuid=%s

42 B
976 B

195ms
48ms

Image
image/gif

18.203.33.226
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=19566&dpuuid=%s

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.203.33.226 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-203-33-226.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://nd.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v012-01c85cc94.edge-irl1.demdex.com 6.3.1.20210623115127
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-Error: 303,104
X-TID: HpQ6FXzBSXI=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

pragma: no-cache
date: Wed, 18 Aug 2021 11:00:44 GMT
server: nginx
etag: "60b842b3-cde"
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
location: https://dpm.demdex.net/ibs:dpid=19566&dpuuid=%s
cache-control: max-age=0, no-cache, no-store
content-type: text/html
content-length: 154
expires: Wed, 18 Aug 2021 11:00:44 GMT

GET
H/1.1

200
OK

ibs:dpid=72352&dpuuid=3768466149905305353&gdpr=0&gdpr_consent=
dpm.demdex.net/ Frame CF34
Redirect Chain

https://dmpsync.3lift.com/getuid?redir=%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D72352%26dpuuid%3D$UID%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_consent=
https://dmpsync.3lift.com/getuid?ld=1&gdpr=0&cmp_cs=&us_privacy=&redir=%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D72352%26dpuuid%3D%24UID%26gdpr%3D0%26gdpr_consent%3D
https://dpm.demdex.net/ibs:dpid=72352&dpuuid=3768466149905305353&gdpr=0&gdpr_consent=

42 B
958 B

422ms
51ms

Image
image/gif

18.203.33.226
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=72352&dpuuid=3768466149905305353&gdpr=0&gdpr_consent=

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.203.33.226 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-203-33-226.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://nd.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v012-03bf80bc5.edge-irl1.demdex.com 6.3.1.20210623115127
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: Nrl1HKffSdU=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

location: https://dpm.demdex.net/ibs:dpid=72352&dpuuid=3768466149905305353&gdpr=0&gdpr_consent=
date: Wed, 18 Aug 2021 11:00:44 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2

204

usermatch.gif
beacon.krxd.net/ Frame CF34
Redirect Chain

https://usermatch.krxd.net/um/v2?partner=adobe&id=58500039301097033390522864760791515103
https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=adobe&id=58500039301097033390522864760791515103

0
338 B

130ms
42ms

Image
text/plain

52.209.186.116
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=adobe&id=58500039301097033390522864760791515103
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.209.186.116 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-209-186-116.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://nd.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 11:00:45 GMT
cache-control: private, no-cache, no-store
x-request-time: D=29 t=1629284445
x-served-by: beacon-n019-dub-prod.krxd.net
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location: https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=adobe&id=58500039301097033390522864760791515103
date: Wed, 18 Aug 2021 11:00:45 GMT
x-cache-hits: 0
x-age: 0
content-length: 0
x-cache: MISS
x-served-by: usermatch-a003-ash-prod.krxd.net

GET
H/1.1 200
OK u
dmp.v.fwmrm.net/ad/ Frame CF34 0
411 B 393ms
94ms Image
text/html 2600:1f18:6593:f608:78e4:ddc4:e083:81a6
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dmp.v.fwmrm.net/ad/u?mode=echo&cr=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D796%26dpuuid%3D%23%7Buser.id%7D%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_consent=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:6593:f608:78e4:ddc4:e083:81a6 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://nd.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 18 Aug 2021 11:00:44 GMT
P3P: policyref="https://www.freewheel.tv/w3c/p3p.xml",CP="ALL DSP COR NID"
Cache-Control: no-store
Connection: keep-alive
Content-Type: text/html
Keep-Alive: timeout=300
Content-Length: 0
Expires: 0

GET
H2 200 dc_oe=ChMIgs6ow7W68gIVEYn9Bx0lsQ5CEAAYACCV1MZGQhMIrpv_wrW68gIV1Ir9Bx0RUwbp;met=1;&timestamp=1629284452796;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;
ade.googlesyndication.com/ddm/activity/ Frame 2E4E 42 B
300 B 59ms
57ms Image
image/gif 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIgs6ow7W68gIVEYn9Bx0lsQ5CEAAYACCV1MZGQhMIrpv_wrW68gIV1Ir9Bx0RUwbp;met=1;&timestamp=1629284452796;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 11:00:52 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_oe=ChMIsf-ow7W68gIV5_O7CB1WWwmgEAAYACCci8BCQhMIr5v_wrW68gIV1Ir9Bx0RUwbp;met=1;&timestamp=1629284452810;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;
ade.googlesyndication.com/ddm/activity/ Frame 9BCB 42 B
107 B 57ms
57ms Image
image/gif 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIsf-ow7W68gIV5_O7CB1WWwmgEAAYACCci8BCQhMIr5v_wrW68gIV1Ir9Bx0RUwbp;met=1;&timestamp=1629284452810;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 11:00:52 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZDNhNzY1NTRjM2M2NDkwMTRhZTQwMzlmYTZjYTA4ZTU=&google_push=AYg5qPIuGJajLOhSC0v8Xu28J6_uGtuQdPHx5uIOuzSvMY8EyXMIkeH85O-kpf7NqJyswZst1wUyvjcgdG4WQtkPAK5wnYhOmKZY

Verdicts & Comments Add Verdict or Comment

187 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

10 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.doubleclick.net/	1970-01-20 14:05:56	Name: IDE Value: AHWqTUliKZt5BhiOqvFUbIxfUcmFBkHUsj58KmtCKS6-t5rH_y1NTgXy4HYjKZh3voI
.demdex.net/	1970-01-20 00:53:56	Name: demdex Value: 58701520801729284010511172961087358693
.demdex.net/	1970-01-20 00:53:56	Name: dextp Value: 30064-1-1629284441860\|30646-1-1629284441872\|358-1-1629284441892\|470-1-1629284441914\|481-1-1629284441928\|466-1-1629284441943\|771-1-1629284441961\|782-1-1629284441975\|832-1-1629284441992\|23728-1-1629284442007
.nine.com.au/	1970-01-20 05:20:20	Name: NUID Value: 3447da2424044865bafafc1a7baf70df
.google.com/	1970-01-25 20:05:16	Name: CONSENT Value: PENDING+631
.afr.com/	1970-01-20 05:56:20	Name: __gads Value: ID=29af287f5e2f1d74:T=1629284441:S=ALNI_MZV6ht6c_ACY0BRvQaq7aCl54DHmw
.google.com/	1970-01-20 00:58:15	Name: NID Value: 221=tYPt36RxSLcMzLdaBDx7iyFVsa72tuJu51scHJODKnCyOF51XFvGWQ1KiW_e-I2hMrtDP8zjg-rewI1RTpcjXXIALCGNaZYgLnnOWOTm-LVnFdSOQL8syXZV7Av3PDQPtT-4M6l-oPbbBZPk4oexkGmDm3Yp7gy_pQydRJixOMI
www.afr.com/	1969-12-31 23:59:59	Name: _bsMode Value: false
.afr.com/	1970-01-20 05:20:20	Name: NUID Value: 3447da2424044865bafafc1a7baf70df
.afr.com/	1970-01-19 22:44:20	Name: _fbp Value: fb.1.1629284442160.352934578

10 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	error	URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021081201.js?31062301(Line 6) Message: [GPT] Error in googletag.defineSlot: Cannot create slot /21671780509/afr/companies/financialservices/buynowpaylater. Div element "adspot-970x250_728x90-pos2-desktop" is already associated with another slot: /21671780509/afr/companies/financialservices/buynowpaylater.
console-api	error	URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021081201.js?31062301(Line 6) Message: [GPT] Invalid arguments: googletag.defineSlot('/21671780509/afr/companies/financialservices/buynowpaylater', [[970, 250], [728, 90]], 'adspot-970x250_728x90-pos2-desktop').
console-api	error	URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021081201.js?31062301(Line 6) Message: [GPT] Error in googletag.defineSlot: Cannot create slot /21671780509/afr/companies/financialservices/buynowpaylater. Div element "adspot-970x250_728x90-pos2-desktop" is already associated with another slot: /21671780509/afr/companies/financialservices/buynowpaylater.
console-api	error	URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021081201.js?31062301(Line 6) Message: [GPT] Invalid arguments: googletag.defineSlot('/21671780509/afr/companies/financialservices/buynowpaylater', [[970, 250], [728, 90]], 'adspot-970x250_728x90-pos2-desktop').
console-api	warning	URL: https://connect.facebook.net/en_US/fbevents.js(Line 24) Message: [Facebook Pixel] - You are sending a non-standard event 'Paywall'. The preferred way to send these events is using trackCustom. See 'https://developers.facebook.com/docs/ads-for-websites/pixel-events/#events' for more information.
console-api	warning	URL: https://connect.facebook.net/en_US/fbevents.js(Line 24) Message: [Facebook Pixel] - You are sending a non-standard event 'Metered Page Visitor'. The preferred way to send these events is using trackCustom. See 'https://developers.facebook.com/docs/ads-for-websites/pixel-events/#events' for more information.
console-api	error	URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021081201.js?31062301(Line 6) Message: [GPT] Exception in slotRenderEnded event listener: "TypeError: Cannot read property 'parentElement' of null".
console-api	error	URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021081201.js?31062301(Line 6) Message: TypeError: Cannot read property 'parentElement' of null
console-api	error	URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021081201.js?31062301(Line 6) Message: [GPT] Exception in slotRenderEnded event listener: "TypeError: Cannot read property 'parentElement' of null".
console-api	error	URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021081201.js?31062301(Line 6) Message: TypeError: Cannot read property 'parentElement' of null

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

10510523.collect.igodigital.com
6633783.fls.doubleclick.net
a.c.appier.net
ad.atdmt.com
ad.doubleclick.net
ad2f76c93cf4013fec43ea4d348fdc3c.safeframe.googlesyndication.com
adc-js.nine.com.au
adc.nine.com.au
ade.googlesyndication.com
ads.yieldmo.com
adservice.google.ch
adservice.google.com
api.afr.com
beacon.krxd.net
cdn-gl.imrworldwide.com
cdn.optimizely.com
cdn.parsely.com
cm.g.doubleclick.net
cms.analytics.yahoo.com
connect.facebook.net
d.turn.com
d2uhnetoehh304.cloudfront.net
dmp.v.fwmrm.net
dmpsync.3lift.com
dpm.demdex.net
dsum-sec.casalemedia.com
errors.client.optimizely.com
fairfaxau.demdex.net
fairfaxau.sc.omtrdc.net
fairfaxmedia.gscontxt.net
fonts.googleapis.com
fonts.gstatic.com
gkwfkymfrgeikgjzv2gq2bel5ypbf1629284441.nuid.imrworldwide.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
i.ffx.io
ib.adnxs.com
image5.pubmatic.com
l.ffx.io
match.adsrvr.org
mb.moatads.com
nd.demdex.net
nova.collect.igodigital.com
p1.parsely.com
pagead2.googlesyndication.com
ping.chartbeat.net
pixel.advertising.com
platform.linkedin.com
platform.twitter.com
pm.w55c.net
ps.eyeota.net
px.adhigh.net
px.ads.linkedin.com
px.moatads.com
px4.ads.linkedin.com
rtb.openx.net
rtd-tm.everesttech.net
rtd.tubemogul.com
s0.2mdn.net
script.hotjar.com
secure-au.imrworldwide.com
secure-dcr.imrworldwide.com
secure-gl.imrworldwide.com
securepubads.g.doubleclick.net
siteintercept.qualtrics.com
sjs.bizographics.com
sm.rtb.mts.ru
snap.licdn.com
ssum.casalemedia.com
static-au.plista.com
static.chartbeat.com
static.ffx.io
static.hotjar.com
stats.g.doubleclick.net
sync-tm.everesttech.net
sync.adap.tv
sync.adaptv.advertising.com
sync.srv.stackadapt.com
syndication.twitter.com
tech.rtb.mts.ru
token.rubiconproject.com
tpc.googlesyndication.com
tr.blismedia.com
tracking.m6r.eu
ups.analytics.yahoo.com
usermatch.krxd.net
vars.hotjar.com
www.afr.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.linkedin.com
z.moatads.com
zn1zw3m3dlvzezje2-nineresearch.siteintercept.qualtrics.com
cm.g.doubleclick.net
104.17.209.240
104.244.42.200
108.174.10.14
13.224.95.38
13.224.96.116
13.224.96.12
13.224.96.63
13.238.169.139
13.248.245.213
138.201.125.235
142.250.181.226
142.250.185.198
142.250.185.226
142.250.185.66
142.250.186.34
15.188.95.229
151.101.14.49
158.101.192.251
172.105.232.22
172.217.23.102
18.156.0.31
18.184.201.8
18.194.125.59
18.203.33.226
193.232.148.148
2.18.233.180
2.18.234.21
2.18.235.40
2001:678:cb4:bbbb::13
212.82.100.182
213.87.44.187
217.66.147.170
23.21.180.34
2600:1f18:6593:f608:78e4:ddc4:e083:81a6
2600:9000:2156:7600:10:2964:9d00:21
2600:9000:2156:b000:7:3896:c640:93a1
2600:9000:2156:c200:1d:667e:2a40:93a1
2600:9000:2156:d000:1e:a43d:b640:93a1
2600:9000:2190:7a00:18:1fcd:34f:cdc1
2600:9000:2190:9800:2:42d9:3100:93a1
2606:2800:233:66b5:799a:7cd3:f74d:7071
2606:2800:234:59:254c:406:2366:268c
2620:119:50e4:101::6cae:b55
2620:1ec:21::14
2a00:1450:4001:800::2001
2a00:1450:4001:801::2002
2a00:1450:4001:808::2002
2a00:1450:4001:809::2001
2a00:1450:4001:809::2004
2a00:1450:4001:80e::2002
2a00:1450:4001:80f::200e
2a00:1450:4001:810::2002
2a00:1450:4001:812::2001
2a00:1450:4001:812::2003
2a00:1450:4001:813::2002
2a00:1450:4001:827::2004
2a00:1450:4001:828::2008
2a00:1450:4001:82a::2002
2a00:1450:4001:82b::2002
2a00:1450:4001:82f::2002
2a00:1450:4001:82f::2003
2a00:1450:4001:830::2006
2a00:1450:4001:831::200a
2a00:1450:400c:c08::9c
2a02:26f0:6c00:2a8::13b8
2a02:26f0:6c00:2ae::3adf
2a02:26f0:6c00:2bd::25ea
2a03:2880:f01c:216:face:b00c:0:3
2a03:2880:f01c:8004:face:b00c:0:8c
2a03:2880:f11c:8083:face:b00c:0:25de
2a03:2880:f11c:8183:face:b00c:0:25de
2a04:4e42:600::645
3.124.210.90
3.230.12.180
3.24.38.18
34.199.126.245
34.204.19.158
34.96.105.8
35.179.78.10
35.227.252.103
37.252.172.45
44.192.36.55
52.206.55.189
52.209.186.116
52.48.144.237
52.72.27.138
54.144.144.142
54.171.168.191
54.246.201.247
54.252.144.234
63.32.159.255
69.173.144.139
72.251.244.141
76.223.111.131
01e51940762b45561e5a0c1ea5e5ad122f4c732178d0cb428f8f4409030efb13
03032b7414541a98aaa00a220920ce2980d55afcb45c4328c156737f9fb995e0
0414d0221112224b4c926de91a6e316f9d9aba685aa8b05fd0654848d8fcdf55
043143aa508a10f92c1b04b3c91c12eaab463978086af45c2e1556f3557fb344
058ed961bfe422af7bfc65865f4c08531ec8ace995f8a1ec560a46581cb7712c
07a7e43a30c29cd24df54879f4fc788b60a76962f3b3c5623717c19762240225
0ae3db223d1ee5a88f5293fb25645a24eb4c8b1cc1caf76fcd55d27425e6decc
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
12bee420856477c7e5736f26aa9d04afabe0ea281eb9b55f895be9da4d880134
149df2a43242f35804b8e953f3edfc266ca3631444559cdf5950473259b1c67f
14a319b4c359383f5c941491caade37c622bdf8032a4330423fc2bb58586d2f3
14e4b088db7fbce1fc7c9e34f33ce0766a0359a92f87b73df2b4b72d24a6a769
1c5176a3014022ea98fa225fa96a98e69c839a27da31913d45aa2ed6f650e12d
224b626e735ffb683a55276ec486a0e60b121aa2e2856ac2295847a47e317cb5
226d4fcfc32f42330734de29df74cdb8af040a15f6fda79f370601c2791cd2b9
25b85144f16a2def646929df9d3d32fca2f8f6e17df1f78a195b99691f33e517
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
2a25a03a22630c866f03370076ed639ca69afeeef4db0859abfa16f746f4973b
2bc0509f792545da1144e270cabda6cbea8ec535494234274cbfacd60ded8cd5
2cff7ab03cb4e476b49ea05511c6cfcc71af6d5ed20d40e9b40ee31062149e77
2d3cddb62d792303881caf36ff9ddfd7bac187bbb5e703cd99dccba7318b9fce
2f1b3c20947609880fa669248919d46ad2b26b995cd8f7e2f3d764dff3e47bdb
315eb6a950884d71d78c09365ebebf793e2b6516f6757e1090559d9ae6d10e17
31f480386d809e2ad66cedf791def1da9aaa98f014fe1ab4307c71dc2fd3803c
338140f080782dd9fc999b9c240cde15f599e7ffd10b3fd3d9085717d38ad8d3
38d742af777582ea8ec03fd2897373e5111fad1272ca389fdde838a453fc784d
397e6540378a195608cbd601f809c0c96b3ae9253fffeaf070769a8272838ad7
3cde954a41b6ec43f77cd63b687d33ae3af998546738b4d4520f5ab9eab74159
3e15ba9c8aad5b64d6eaaaed7bca87cf952b1c37660c54373fc20a094c1fa11b
3f058f0f9721d340906f97d8a350ec6248f174846f4a8acfda7e471207047630
3f31c8f68a4595e1acb6350a0dadbaa9bf4b3cadb9dd6d1716f8eb84adaba3f2
4138fa24ba38146567fc1f9638842416895edd55637b0d9dfec8ad12d2b6695d
4240e62d63f79618a455e082e5f4e4fa3803c3178f2352bab4d6e9284b72bc0d
427b219b731b8c02b81031fde0a4b5dd58165ddfe7a662f266841d2ee39d325f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4611c34378b1bbbee8890a472c6390137ce8841041a646f0bdc58cf9180eb18a
4642568b405b3750fb18df621889e27def95e8162c1cdd256a21b319c9a4e24b
49d65831c7e98a7d885d223699a41198204329efff9d1904c8af71323f613d68
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
50df3c2e249e4ebf85fa0f2fabdaabab33dcf645936abd4dbae1a3c9e18ae287
5395c982040c785e1dcabb8b702f0a4798df6c4de8332bfe127513cdcdbaeac3
53a25ec3114fb90ff5b7c82f36b6ed226932ea0f96ecbe82b682fffe4db1ac1d
53aee9d960fec4d8f84684f8441b3afe5782d79f9d089679848ef788e73daf46
54b3121637851046e882df8591a9f2c4472adc2f0c39290cd583e9fccf1aace0
55ce473447398b8cf1945e50781237dc8d0a1ba109a661dff2a702f412a9b67f
55e804412748e3effa6fbff8a75e9726447e6202eb42ccf9973f5da54536d80f
57013dc279fddb7e1ee42968c9392c4539b274f5289bd34a4a6ee56cd44e980c
5ecb58845a9ac30e4eb4b18eb0e7431ba1fb195ce035309735efaee67421c7a3
612e6b00354d56a1726cd40dc9a28d83ffda033d63214eae704d1e61ef59b3b5
61fe4436f1d882b3acd98fb2763984bacd382664582f4918647b89894f46b871
63ed4c66bf3ba06512f7028be62a4bd53295e1ba68a919a7591f5fd392e72b90
65048f3a5caf412e3f86a0a830266c0ecc0e604aeadee4399dd7457374152153
655e8a9680dfd049a0253377c3ce2af79171c24e71df42acb96f00c5178ef872
65c4230a26597853a276f154e975c2a0cd90a3b18077fb1a76d0aa2929c80b3a
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6adf20a062f5d292458d0d26f08b775399b840636a10c3790156719c9111459f
6af5597ed69e0945a845005b4691d76e4f8bb271fbe4b1317a17f0cb44b6fcf7
6fc0610223b1566c3193b3f2ab6c6840b51f271afb0398f2d7df0e3a754b2a5c
714892f1fc598fef48b0331e7af69cdac69bfb2cec684d199b8650da4a278c75
726906ee6ce6dfe1b6e35ddad151196c50277e31520de30e916e9cd9affc0ef3
75481bc06d1b02e50fd1cc921a7838e3af6caa9b8c0745b50182ebf29f195e20
75b44719f42e50db5301c3aae15bef8f6b5ed774a10c45b41a9c745041ee1eee
77cd0ddae10de5c17b64d69e76c120e8665df4faa7b86212570eff9e9c3b200e
7a44e0685d8929b5d4d50476273c9957c8c76f03afc424c665a4066e5bc1beb9
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
7e67334c97cfbc34e37919a58a6e6f9b456d86426c57aabff53b91cb298941a1
802983f3a84c45d534bde37fdc8dafa95525a580590ad557e5dcbe533cc461ab
80bdc1d53821bce111dec90ad5dba4546d880d45fa7a2a95689d04d9f87240d4
8158847ebd6182d2c0eff38779444759b18113028972dabd727ec75be0ee30a8
82cc9b2882730bd4a05ebc7bfea9aec2097c140df6421a2a2181cd4e95378110
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
85b23ef2b5d148948a0e393c8af051177f818b7fb18cda003998916666caabee
88dd0207d35f1b18db74d4181cb5cf5d93071ffc7fb7df42e98336dedb40eb92
8a35f62823163162659645803ea69c2a846ac3bbdc906cbbdb8e66851490416f
8b56cf3ff69da24ee4d01b00d8bbad12a602a1f083e47c6646b02b639fd633fd
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8db61f95a8f3554830efc6c3942b7322efef09b9d7f0cbfe32135e0fac106d18
929b13196933ef33553ee5a6dd3012784e65c11b5b1efa70e7ec32145f3d2e45
934d4d6010b2bfc6795c8212555ff307c8e883a8fa5f974f601773d4f17e156f
95cffc09aa9c1ff67c0b8086c298df12f858abfbd353df9eec047d8efeed8005
966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38
96ba14df9d852d35a6a18aeaf5d3ae02f7b945df3ab4b2aae6cdca4591b6e030
975c290cf24b15334df0fc60a18c97b8f6569bddc83b6eda41843ab6dc33c832
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
99980ee00c64587dbf7d47b2f59317458d752915d8a2e6b17ba76b9f120c7e37
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9be5340180dd0ebeb223b6dee20a7ed45f94fbddbf55e7603f10565bbd8985de
9ced619cc2d366a6457574c1e9f3acdc51dc85dcfe10545030a6b9110df004c2
9e79fb1ca812a310f0ed1fb24bcc3a1d6528be4701b2b649d715c4f24a2786f5
9ee6a9d567ee4c7877784bd518a91ab8958306defe40c11daa3908e72a711f79
a1003dc38bf2c04e783d6fee1d634810197678d1219977411e519beeb888aca4
a1058da6e4115e63a1c3321f9ca16f21873c4971a39b880301633059eba36017
a3c78596628f7e53c40bbfd0e9eed225181c4c2933a6e051e8fa46c30b221d1f
a3d0f7c45107f6f097378459c64f8c02461a44afe9d787009eb75c709d6ff3df
a44fb6a26732b7892f2802aee69fb0413ecd26b508b5c79720a48c485f4889ee
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a553b53e02df9f21b5e35839495241e44a140c6ccf111603365eb4a32b6d7567
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
a66a5a8ed64e755c093f60bc0c20d8226190f583347ef5105736e45e4847c98a
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
ab9293f24d43895ad17d1b0f24cb9bfa0221624e61b700722e0fbc1700740751
acf3b5b3ade1391096f23120b725a032dce430448ba8aff2a6f0c3f9c598b2a3
afd98f171e8588e25994f62a5cab4b12805519f33edb1683c4e92631d2e09c46
b0717638626cf80479f94828b15eb3488c56c9a5521321c67c27bde07d463354
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b38a7ae76f3a7dea3d5cddbef446af3aa9eb115fab7615b9dbf6e80ee1e465d2
b462ede43ecdda05f2c835d4c3178d5d2fa2567dd194963027095fb4f8102f4d
b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11
b71c20271d9c80d1a71aa0ab9935281c4fa8ac404533f1a0747d7fb03fc68e79
b89dfe784db220c9e23135a20bb10c132c9499afdd755c807dcee7769baf1dac
b8e39dad2211fe2aafd3c487471c94934a5230aeb00608f59b80c880ce777440
bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f
bcf86c48df6f76b921cce4d3b354c52312027494dbac002cf58ff39ca8593ff5
be0cf5b4cef2606018b449d50f97ea00d23b1a0ed3e9039069849f5159ef05ed
be7d308af96cd2fa078cfdde209021a48d6a4c541421229a23e8a181018cd52a
bef825473017999e06fb1bd4d9a8998e9cee97692c877cb408df63089f9ab46f
c1ca15aa8598ac972f25c8812a1c189cd22f8926ec7b890bc8ea6a70a7779fd1
c337bd801dab3c93eba6a4a981df687ec1721dce1f366461bcb8aa6d6f1441b8
c4243f7f5aa95631ca62fab376c3804859e808b66d373d07270872d23b8b081b
c44f5df6ce6f369e021d2e101d633da3ca9ae9515414c90ba0d75491c11fa8d9
c4a7a91c88d43cc432032fa44187df051128ecc88d08a5f848ff074802093c9c
c6d03b7a5561687268e57b13d9d4a6a4c71ee570ea74718040ce9227676e3e5e
c892a3769be374194b10b31015342ea0365d1dad81afc105bfcb6737dbf0442f
c8ae22aeba4c8f0f49a6406094c80bcdf9a49771241c222a81cb8548080a7661
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d030bb6e0146d59880c78c3e67f9dea1be0d0ebfc777796146c3a2985d7ff295
d346801abbf9bb4e9e9a055239053d4ab5596514304f601a6c70604187acb744
d682c04ba7f09adcfad9a5b1b7bfc2e1130427d2a80edf538fec60536a156754
d7ea26b93c08451c3b36edf3aeed10447fcff13d7cd7fab7a8b9284d6af53185
d834cd91de4ff3d54b9754c712ce55273966c77f5cdfc5c74cdc78de508e61c1
d8c6a6cb581cb56e57e64928574e9e10da0e29a6732926f4f271217c2c38de86
dcb2ad91672f10d1a64259ff09e8b24870aa0c6e6be9430f44c03be94c9853f5
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e418ed54f83716677c0633e56a356ce56cccf12c3e3f695f8dda8a8407dafb3c
e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd
e8a2bc039ea82266ecd31dcb748fe90f212f6358fcf2502eb0061d9652b3638f
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef4d802215f6862241c109567f94e37b4a33f3d3e192a0a726645e8a2aa87122
f1edb9d3125eb757615b0a6cac8144f77beba41666bdc2b6106da661b0a2e36a
f24f0e99822c9b60763135559d3b656761e9fbb68116aa4d942cfe8fedc7d5e3
f40848121887698d6798fd17905cb0c5e5bd4d8be66b792d01f0a8181e448a72
f68ec7cf550e86cb14e4d992724157c4f625ea3f0cd7d06e9e533c17c735401d
fa84adaa52138db2f2ca946b1e3ce31105a39a9a1f1b5fb25ad456241c2d0e73
fc296748fb6694e56c220be64a01cbcdf39127c4036a137a1db3205dfbb81a5b
fdb3c6cf003fd30bfc3edd21a3664edc2b4407daef1879323378c491742c93ec
feb35a42307d1d625165e6eb904a59e09f72fed5510fd452dfd58905a8507ebf
fed785a6a8ca96fb67230fec5d85f9c508db49f4075aa0ef284af56cd89813e3

www.afr.com Open in urlscan Pro 2a04:4e42:600::645 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

262 Requests

100 %HTTPS

43 %IPv6

59 Domains

97 Subdomains

71 IPs

10 Countries

3603 kBTransfer

9397 kBSize

10 Cookies

24 Outgoing links

Redirected requests

262 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.afr.com Open in urlscan Pro
2a04:4e42:600::645 Public Scan

Screenshot
Live screenshot

Full Image

262
Requests

100 %
HTTPS

43 %
IPv6

59
Domains

97
Subdomains

71
IPs

10
Countries

3603 kB
Transfer

9397 kB
Size

10
Cookies

262 HTTP transactions
3 data transactions