www.plusrewards.com.au Open in urlscan Pro
104.26.2.172  Public Scan

3 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 52

• https://dpm.demdex.net/id?d_visid_ver=5.1.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=5FE61C8B533204850A490D4D%40AdobeOrg&d_nsid=0&ts=1663952734532 HTTP 302
• https://dpm.demdex.net/id/rd?d_visid_ver=5.1.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=5FE61C8B533204850A490D4D%40AdobeOrg&d_nsid=0&ts=1663952734532

Request Chain 70

• https://cm.everesttech.net/cm/dd?d_uuid=64705704657746833911222068185127209814 HTTP 302
• https://dpm.demdex.net/ibs:dpid=411&dpuuid=Yy3nYAAAAGT1RAM5

Request Chain 73

• https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=664246827&utmhn=www.plusrewards.com.au&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Home%20%7C%20%2BRewards&utmhid=1572363381&utmr=-&utmp=%2Fgeelongadvertiser&utmht=1663952736165&utmac=UA-5748164-21&utmcc=__utma%3D215327702.1944812390.1663952735.1663952735.1663952735.1%3B%2B__utmz%3D215327702.1663952736.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=805071691&utmredir=1&utmmt=1&utmu=qhAgAAAAAAAAAAAAAgQAAAAE~ HTTP 302
• https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-5748164-21&cid=1944812390.1663952735&jid=805071691&_v=5.7.2&z=664246827

Request Chain 74

• https://ib.adnxs.com/getuid?https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D358%26dpuuid%3D%24UID HTTP 307
• https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fdpm.demdex.net%252Fibs%253Adpid%253D358%2526dpuuid%253D%2524UID HTTP 302
• https://dpm.demdex.net/ibs:dpid=358&dpuuid=8120189085316700700

Request Chain 76

• https://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMjM2NTYzMjkvdC8y/url/https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D470%26dpuuid%3D%24!%7BTURN_UUID%7D HTTP 302
• https://d3273622690172371738-t3742989737531796284.id.amgdgt.com/r/telco/tuid/3742989737531796284/duid/3273622690172371738/url/https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D470%26dpuuid%3D3742989737531796284 HTTP 302
• https://dpm.demdex.net/ibs:dpid=470&dpuuid=3742989737531796284

Request Chain 79

• https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm&gdpr=0&gdpr_consent=&google_hm=NjQ3MDU3MDQ2NTc3NDY4MzM5MTEyMjIwNjgxODUxMjcyMDk4MTQ= HTTP 302
• https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEK87j3Br4s54i3J53A7qR68&google_cver=1?gdpr=0&gdpr_consent=

Request Chain 80

• https://match.adsrvr.org/track/cmf/generic?ttd_pid=aam&gdpr=0&gdpr_consent=&domain=www.plusrewards.com.au&ttd_tpi=1 HTTP 302
• https://match.adsrvr.org/track/cmb/generic?ttd_pid=aam&gdpr=0&gdpr_consent=&domain=www.plusrewards.com.au&ttd_tpi=1 HTTP 302
• https://dpm.demdex.net/ibs:dpid=903&dpuuid=171eab33-8fb1-4d3c-8403-0cb3fec750ba

Request Chain 83

• https://ssum.casalemedia.com/usermatchredir?s=183607&cb=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D23728%26dpuuid%3D__UID__ HTTP 302
• https://ssum.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D23728%26dpuuid%3D__UID__&s=183607&C=1 HTTP 302
• https://dpm.demdex.net/ibs:dpid=23728&dpuuid=Yy3nYU9tuuQz1Bag7OaWGgAA%264732

Request Chain 84

• https://dt.scanscout.com/ssframework/uid?UIAA=64705704657746833911222068185127209814&url=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D30432%26dpuuid%3D%5BUSER_ID%5D HTTP 302
• https://dpm.demdex.net/ibs:dpid=30432&dpuuid=CI-2f7a1a2760b2b4c1cf63223ae7dd67e0

Request Chain 85

• https://ps.eyeota.net/match?bid=6j5b2cv&uid=64705704657746833911222068185127209814&r=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D30064%26dpuuid%3D%7BUUID_6j5b2cv%7D HTTP 302
• https://ps.eyeota.net/match/bounce/?bid=6j5b2cv&uid=64705704657746833911222068185127209814&r=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D30064%26dpuuid%3D%7BUUID_6j5b2cv%7D HTTP 302
• https://dpm.demdex.net/ibs:dpid=30064&dpuuid=%7BUUID_6j5b2cv%7D

Request Chain 86

• https://usermatch.krxd.net/um/v2?partner=adobe&id=64705704657746833911222068185127209814 HTTP 302
• https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=adobe&id=64705704657746833911222068185127209814

Request Chain 87

• https://tags.bluekai.com/site/43981?id=64705704657746833911222068185127209814&redir=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D134096%26dpuuid%3D%24_BK_UUID HTTP 302
• https://dpm.demdex.net/ibs:dpid=134096&dpuuid=$_BK_UUID

Request Chain 88

• https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_push%26google_sc%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_push&google_sc&google_hm=WXkzbllBQUFBR1QxUkFNNQ==

Request Chain 89

• https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D7941%26nid%3D2243%26put%3D%24%7BUSER_ID%7D%26expires%3D90 HTTP 302
• https://pixel.rubiconproject.com/tap.php?v=7941&nid=2243&put=Yy3nYAAAAGT1RAM5&expires=90

Request Chain 92

• https://sync-tm.everesttech.net/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D HTTP 302
• https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=Yy3nYAAAAGT1RAM5

Request Chain 93

• https://sync-tm.everesttech.net/upi/pid/UH6TUt9n?redir=https%3A%2F%2Fib.adnxs.com%2Fsetuid%3Fentity%3D158%26code%3D%24%7BTM_USER_ID%7D HTTP 302
• https://ib.adnxs.com/setuid?entity=158&code=Yy3nYAAAAGT1RAM5

Request Chain 95

• https://sync-tm.everesttech.net/upi/pid/ny75r2x0?redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537148856%26val%3D%24%7BTM_USER_ID%7D HTTP 302
• https://us-u.openx.net/w/1.0/sd?id=537148856&val=Yy3nYAAAAGT1RAM5 HTTP 302
• https://us-u.openx.net/w/1.0/sd?cc=1&id=537148856&val=Yy3nYAAAAGT1RAM5

Request Chain 96

• https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D HTTP 302
• https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=Yy3nYAAAAGT1RAM5

Request Chain 97

• https://sync-tm.everesttech.net/upi/pid/h0r58thg?redir=https%3A%2F%2Fsync.search.spotxchange.com%2Fpartner%3Fadv_id%3D6409%26uid%3D%24%7BUSER_ID%7D%26img%3D1 HTTP 302
• https://sync.search.spotxchange.com/partner?adv_id=6409&uid=Yy3nYAAAAGT1RAM5&img=1

Request Chain 98

• https://sync-tm.everesttech.net/upi/pid/r7ifn0SL?redir=https%3A%2F%2Fwww.facebook.com%2Ffr%2Fb.php%3Fp%3D1531105787105294%26e%3D%24%7BTM_USER_ID%7D%26t%3D2592000%26o%3D0 HTTP 302
• https://www.facebook.com/fr/b.php?p=1531105787105294&e=Yy3nYAAAAGT1RAM5&t=2592000&o=0

105 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request geelongadvertiser Show response www.plusrewards.com.au/	268 KB 28 KB	498ms 293ms	Document text/html	104.26.2.172 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.plusrewards.com.au/geelongadvertiser Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.26.2.172 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash d7a100e2d4fef2390c6745697aff9bc2c6ca937db0995c4d0d767e610905a46f Security Headers Name Value Content-Security-Policy default-src * 'unsafe-eval' 'unsafe-inline'; object-src 'none'; frame-ancestors 'self' https://myaccount.news.com.au https://myaccount.news.com.au Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 0 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 accept-language en-AU,en;q=0.9 Response headers age 0 cache-control max-age=0 cf-cache-status DYNAMIC cf-ray 74f4dd917b545a5b-MEL content-encoding br content-security-policy default-src * 'unsafe-eval' 'unsafe-inline'; object-src 'none'; frame-ancestors 'self' https://myaccount.news.com.au https://myaccount.news.com.au content-type text/html; charset=utf-8 date Fri, 23 Sep 2022 17:05:30 GMT expires 0 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} pragma no-cache report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IvKV4HnxvrsmtNk4B6dgJvMjvonHlv0hhZ4sEBHv58AYLk1yxn2CEY5U9aNK1Bf7v%2Bxdz8SD6bvDDaxwOiR%2Bv2CRQxUoyRX06N93Hso1s9Vj8Zj49QQ%2BQCpkreu%2FO6O9Ll1UrL2VIyo%3D"}],"group":"cf-nel","max_age":604800} server cloudflare strict-transport-security max-age=31536000 vary Accept-Encoding via 1.1 varnish (Varnish/6.0) x-clock-cacheable NO:No TTL x-content-type-options nosniff x-frame-options sameorigin x-response-time 131.765ms x-ua-compatible IE=edge,chrome=1 x-varnish 45504630 x-xss-protection 0
GET H2	200	index-rewards.css www.plusrewards.com.au/assets/css/d44e92a377608b5e31f74e990e5e2578/	120 KB 19 KB	108ms 108ms	Stylesheet text/css	104.26.2.172 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.plusrewards.com.au/assets/css/d44e92a377608b5e31f74e990e5e2578/index-rewards.css Requested by Host: www.plusrewards.com.au URL: https://www.plusrewards.com.au/geelongadvertiser Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.26.2.172 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 304e2126a3bcf40c779902bfbf54c18322a4e9c9e582f5f54a56d687517a534d Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/geelongadvertiser User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers date Fri, 23 Sep 2022 17:05:30 GMT via 1.1 varnish (Varnish/6.0) vary Accept-Encoding cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 11773354 cf-ray 74f4dd937cef5a5b-MEL x-clock-cacheable NO:Cookie content-encoding br x-response-time 6.198ms last-modified Tue, 10 May 2022 10:37:54 GMT server cloudflare etag W/"1df61-180ad8bfd4c" strict-transport-security max-age=31536000 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OgWVttAcI1XpdDgDzgDoyyBVpm2JxdZg8lwmnDinC1zU25gBl9kfqKP%2B6tFPgEBkjsuzZDwvs6N%2BuqWzmVUeTUd3tlUb%2Fxh%2FwwpvsUmqgvDGEh%2B3rafr%2BkLhJAmlEyNcPFuFLWMoV5I%3D"}],"group":"cf-nel","max_age":604800} x-varnish 19353907 cache-control public, max-age=31536000 content-type text/css; charset=UTF-8
GET H2	200	css2 fonts.googleapis.com/	7 KB 1 KB	531ms 184ms	Stylesheet text/css	142.251.10.95 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css2?family=Source+Sans+Pro:wght@400;600;700&display=swap Requested by Host: www.plusrewards.com.au URL: https://www.plusrewards.com.au/geelongadvertiser Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.251.10.95 , United States, ASN15169 (GOOGLE, US), Reverse DNS sd-in-f95.1e100.net Software ESF / Resource Hash b28bb10d1b574db881cdd742dbe4593c1344f78e3ba378350c51cbfcaec51da1 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers strict-transport-security max-age=31536000 content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" x-xss-protection 0 last-modified Fri, 23 Sep 2022 16:48:07 GMT server ESF cross-origin-opener-policy same-origin-allow-popups date Fri, 23 Sep 2022 17:05:30 GMT x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Fri, 23 Sep 2022 17:05:30 GMT
GET H2	200	geelong-white.png www.plusrewards.com.au/darkroom/original/87b18a326518f47093b2dbeb9560489e:004f060cef0a39ff9523a82db91a935d/	3 KB 4 KB	225ms 212ms	Image image/png	104.26.2.172 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.plusrewards.com.au/darkroom/original/87b18a326518f47093b2dbeb9560489e:004f060cef0a39ff9523a82db91a935d/geelong-white.png Requested by Host: www.plusrewards.com.au URL: https://www.plusrewards.com.au/geelongadvertiser Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.26.2.172 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 0fce187a4eb12e4122816ef8076aa863fd2bd17d1742972930610cc44f6d44bf Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/geelongadvertiser User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers x-application-method Original Image date Fri, 23 Sep 2022 17:05:30 GMT via 1.1 varnish (Varnish/6.0) vary Accept-Encoding cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 13542285 authorized-request /original/87b18a326518f47093b2dbeb9560489e:004f060cef0a39ff9523a82db91a935d/geelong-white.png x-clock-cacheable YES content-length 3362 cf-ray 74f4dd938d225a5b-MEL d-cache MISS last-modified Tue, 19 Apr 2022 23:20:45 GMT server cloudflare strict-transport-security max-age=31536000 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SPnjqv7Pqr7ckcETyLPjnZ0eCtWUfDsDYoBQG1NlH%2F4zxz4E%2BKDz6%2FNS9h%2BOinSN4hjNEhvtDa7XBgynu%2BDFCJjt0G5Ee7ZuM%2F%2FdxnHcI%2BKVcLMYFznD0CpQxGB1DbAulvCk3u90OXg%3D"}],"group":"cf-nel","max_age":604800} x-varnish 16045961 197179 cache-control max-age=315360000 accept-ranges bytes content-type image/png; charset=binary
GET H2	200	ebOneTag.js Show response secure-ds.serving-sys.com/SemiCachedScripts/	69 KB 21 KB	864ms 288ms	Script application/javascript	42.99.140.160 ASN-TELSTRA-GLOBA...
General Check archive.org Show headers Download Go to Full URL https://secure-ds.serving-sys.com/SemiCachedScripts/ebOneTag.js Requested by Host: www.plusrewards.com.au URL: https://www.plusrewards.com.au/geelongadvertiser Protocol H2 Security TLS 1.3, , AES_256_GCM Server 42.99.140.160 , Japan, ASN4637 (ASN-TELSTRA-GLOBAL Telstra Global, HK), Reverse DNS ip-42-99-140-160.pacnet.net Software AmazonS3 / Resource Hash 704de20959867ad7e42c0e25a807e6a87daab17c4e8755cdf36fa105f6a7400f Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers date Fri, 23 Sep 2022 17:05:30 GMT content-encoding gzip last-modified Mon, 05 Sep 2022 08:55:48 GMT server AmazonS3 x-amz-cf-pop ATL58-P1 etag W/"095a7b562e641bfc203fc3ef9697c6bc" vary Accept-Encoding content-type application/javascript access-control-allow-origin * accept-ranges bytes content-length 21384 x-amz-cf-id Mg-PJrPZYvUFlAGyPVC9EWlvXHDkYYQUS1sjVFkZHnJNCU2RdwDlbg==
GET H2	200	1831814686-braingains-rewards-websiteoffer-1920x1080-v2.jpg www.plusrewards.com.au/darkroom/1200/cf6a5c2c27060b5eae26c9ba4fc9e573:79ccc7be7191ec52544ee4921366b198/	74 KB 75 KB	225ms 212ms	Image image/webp	104.26.2.172 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.plusrewards.com.au/darkroom/1200/cf6a5c2c27060b5eae26c9ba4fc9e573:79ccc7be7191ec52544ee4921366b198/1831814686-braingains-rewards-websiteoffer-1920x1080-v2.jpg Requested by Host: www.plusrewards.com.au URL: https://www.plusrewards.com.au/geelongadvertiser Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.26.2.172 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash f680a97514b68d444f8f8bf43fec5c27172e7eb2b2a1740fc01521770b60d88c Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/geelongadvertiser User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers date Fri, 23 Sep 2022 17:05:30 GMT via 1.1 varnish (Varnish/6.0) vary Accept-Encoding cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 919140 authorized-request /1200/cf6a5c2c27060b5eae26c9ba4fc9e573:79ccc7be7191ec52544ee4921366b198/1831814686-braingains-rewards-websiteoffer-1920x1080-v2.webp x-clock-cacheable NO:Cookie content-length 76116 x-webworker active cf-ray 74f4dd938d235a5b-MEL d-cache MISS, HIT last-modified Tue, 13 Sep 2022 01:45:56 GMT server cloudflare strict-transport-security max-age=31536000 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B6hC7oRm%2B50gGTuXTyZQsHRNGg5njScAoQ1YdfHEP35EruAMiBY0CYAZYMn5aYlLO%2FP40wGUcMLAdOi2bRkQHOO7DfhcH79nYFpxVa1xXDmicVoCHYZyjqxSEQcIfx4noI57Gbp9%2B00%3D"}],"group":"cf-nel","max_age":604800} x-varnish 46198689 cache-control max-age=315360000 accept-ranges bytes content-type image/webp
GET H2	200	tbtpartner166-1920x1080.jpg www.plusrewards.com.au/darkroom/1200/aed0dd8305b70467ef06a7e87d6ebaf4:d35dc6a7a8eeaca1babe025e0468fff2/	201 KB 202 KB	225ms 213ms	Image image/webp	104.26.2.172 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.plusrewards.com.au/darkroom/1200/aed0dd8305b70467ef06a7e87d6ebaf4:d35dc6a7a8eeaca1babe025e0468fff2/tbtpartner166-1920x1080.jpg Requested by Host: www.plusrewards.com.au URL: https://www.plusrewards.com.au/geelongadvertiser Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.26.2.172 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash b33410413ec8eb4b168affb5ab1e79dfdd38e63a0b937059a162c9b75028f589 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/geelongadvertiser User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers x-application-method Resize width and maintain aspect ratio date Fri, 23 Sep 2022 17:05:30 GMT via 1.1 varnish (Varnish/6.0) vary Accept-Encoding cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 1620303 authorized-request /1200/aed0dd8305b70467ef06a7e87d6ebaf4:d35dc6a7a8eeaca1babe025e0468fff2/tbtpartner166-1920x1080.webp x-clock-cacheable NO:Cookie x-webworker active cf-ray 74f4dd938d245a5b-MEL d-cache MISS last-modified Sun, 04 Sep 2022 23:00:27 GMT server cloudflare strict-transport-security max-age=31536000 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rcJqd%2Boe4Mb%2BqHCNYHUJox5liXuqOQc0zOUTvZaT%2B2B8IqBCiB66Vvjrxd2zoFM4HBahX2X3mkNH2purabJQOHPx%2FH3Sn9BjyiYOsO4J1hin39w22J1So6XRR5TvHp5JbwwePW2gKEE%3D"}],"group":"cf-nel","max_age":604800} x-varnish 43966258 cache-control max-age=315360000 content-type image/webp cf-bgj h2pri
GET H2	200	microsoftteams-image-5.png www.plusrewards.com.au/darkroom/1200/b864926342d4d9d11043f5c5cec6b8d9:e2df2564732aa62eaa1eb0a0f5aafc24/	158 KB 159 KB	225ms 166ms	Image image/webp	104.26.2.172 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.plusrewards.com.au/darkroom/1200/b864926342d4d9d11043f5c5cec6b8d9:e2df2564732aa62eaa1eb0a0f5aafc24/microsoftteams-image-5.png Requested by Host: www.plusrewards.com.au URL: https://www.plusrewards.com.au/geelongadvertiser Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.26.2.172 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 0df34bab6ca5f91a71c3d4eda5ba04d3895aa10793274849cfb89f01d6dbb70e Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/geelongadvertiser User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers date Fri, 23 Sep 2022 17:05:30 GMT via 1.1 varnish (Varnish/6.0) vary Accept-Encoding cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 1620243 authorized-request /1200/b864926342d4d9d11043f5c5cec6b8d9:e2df2564732aa62eaa1eb0a0f5aafc24/microsoftteams-image-5.webp x-clock-cacheable NO:Cookie content-length 161830 x-webworker active cf-ray 74f4dd939d2e5a5b-MEL d-cache MISS, HIT last-modified Sun, 04 Sep 2022 23:00:58 GMT server cloudflare strict-transport-security max-age=31536000 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VPyOlNQIKgdp702CFaAVeLLGGRmkmf16FhUXJ%2FamKeC%2BEFZv0ZgVplQbfaFdIweI%2BfG9%2B%2B47vOOZZGjL%2FP%2FhRdctauuYGYBK54gqHSzoHXbD1dYoOH7DM2Bt3GVdiNNYRtqAwjosqaE%3D"}],"group":"cf-nel","max_age":604800} x-varnish 44977229 cache-control max-age=315360000 accept-ranges bytes content-type image/webp
GET H2	200	code-sports-image-2.JPG www.plusrewards.com.au/darkroom/1200/482626df40809e937983f26c21f101a4:31a8707cabe5f54417d8a2fdf96d925f/	55 KB 55 KB	224ms 164ms	Image image/webp	104.26.2.172 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.plusrewards.com.au/darkroom/1200/482626df40809e937983f26c21f101a4:31a8707cabe5f54417d8a2fdf96d925f/code-sports-image-2.JPG Requested by Host: www.plusrewards.com.au URL: https://www.plusrewards.com.au/geelongadvertiser Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.26.2.172 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 7a7da4ee3b922c13049653bac0230e01fcf9c4c481747be3703de2aeb3c82c5a Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/geelongadvertiser User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers date Fri, 23 Sep 2022 17:05:30 GMT via 1.1 varnish (Varnish/6.0) vary Accept-Encoding cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 1620243 authorized-request /1200/482626df40809e937983f26c21f101a4:31a8707cabe5f54417d8a2fdf96d925f/code-sports-image-2.webp x-clock-cacheable NO:Cookie content-length 56046 x-webworker active cf-ray 74f4dd939d2f5a5b-MEL d-cache MISS, HIT last-modified Sun, 04 Sep 2022 23:00:50 GMT server cloudflare strict-transport-security max-age=31536000 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PCRAp%2FU5z2hbmYXS21tIg8sH5rbISXAhl7frX2VwcCqH2QGK6dtG0PTUblC8oD6z2o784cLEOZ5I%2F5nyyBnxtJLc0GWFOTnQ04lrp0cBA%2F%2FFb9OZiwiJj97rut2i47LPHhztHFI0V7M%3D"}],"group":"cf-nel","max_age":604800} x-varnish 45130123 cache-control max-age=315360000 accept-ranges bytes content-type image/webp
GET H2	200	ep-au-13756-resize-images-1920x1080px-1.jpg www.plusrewards.com.au/darkroom/1200/b813ccf1a1dd1d8ea76e3bab516fd79d:dfc22e3c9721000d8cdf3fd2e1955b9e/	198 KB 199 KB	223ms 164ms	Image image/webp	104.26.2.172 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.plusrewards.com.au/darkroom/1200/b813ccf1a1dd1d8ea76e3bab516fd79d:dfc22e3c9721000d8cdf3fd2e1955b9e/ep-au-13756-resize-images-1920x1080px-1.jpg Requested by Host: www.plusrewards.com.au URL: https://www.plusrewards.com.au/geelongadvertiser Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.26.2.172 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash a6fcc68f00eaa1b31ac5e767e7b2db8ef378fb7c598ad8c447b270939c261bb3 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/geelongadvertiser User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers x-application-method Resize width and maintain aspect ratio date Fri, 23 Sep 2022 17:05:30 GMT via 1.1 varnish (Varnish/6.0) vary Accept-Encoding cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 1620303 authorized-request /1200/b813ccf1a1dd1d8ea76e3bab516fd79d:dfc22e3c9721000d8cdf3fd2e1955b9e/ep-au-13756-resize-images-1920x1080px-1.webp x-clock-cacheable NO:Cookie x-webworker active cf-ray 74f4dd939d305a5b-MEL d-cache MISS last-modified Sun, 04 Sep 2022 23:00:27 GMT server cloudflare strict-transport-security max-age=31536000 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q6ie%2BR0iDhOE24BRkte9W1JGfoFS00Zr24d0BHRsfxzsR9ThTSsXg%2FplmNuLxjdUcnGE%2F53k6KXkyOMzgs0N2lKsJ6LshR%2BZc6vN7Gd1SGR0dVQhSCYujheFmupooPtC5VJxzZGE%2BPg%3D"}],"group":"cf-nel","max_age":604800} x-varnish 45014270 cache-control max-age=315360000 content-type image/webp cf-bgj h2pri
GET H2	200	istock-495394304-1.jpg www.plusrewards.com.au/darkroom/1200/3f268a21f0136160b5a77fdbab6fa87e:4e9daf3fa262187270f3856049d90046/	74 KB 75 KB	125ms 67ms	Image image/webp	104.26.2.172 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.plusrewards.com.au/darkroom/1200/3f268a21f0136160b5a77fdbab6fa87e:4e9daf3fa262187270f3856049d90046/istock-495394304-1.jpg Requested by Host: www.plusrewards.com.au URL: https://www.plusrewards.com.au/geelongadvertiser Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.26.2.172 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash cb5006e49459d5946e5d279effaff2311af5ea69d59394b574523efd90b67259 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/geelongadvertiser User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers date Fri, 23 Sep 2022 17:05:30 GMT via 1.1 varnish (Varnish/6.0) vary Accept-Encoding cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 5955065 authorized-request /1200/3f268a21f0136160b5a77fdbab6fa87e:4e9daf3fa262187270f3856049d90046/istock-495394304-1.webp x-clock-cacheable YES content-length 75764 x-webworker active cf-ray 74f4dd939d325a5b-MEL d-cache MISS, HIT last-modified Sun, 06 Feb 2022 13:00:42 GMT server cloudflare strict-transport-security max-age=31536000 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EFRGh32qKDv3%2BnCsE4FEsJdS39TC3Tza%2BHjbIIBUki1gAdVlF4j7SwYuI5ysGjGda8EI1amT2CFwZm6jEN7XyiXq1Vq%2FS1TJH4czUGsI6qVj%2B5NWsCUdc7zAHQJ20inIYgNjRD74YjI%3D"}],"group":"cf-nel","max_age":604800} x-varnish 31548296 1646851 cache-control max-age=315360000 accept-ranges bytes content-type image/webp
GET H2	200	lg3.JPG www.plusrewards.com.au/darkroom/1200/a612b0682fcd911123c1297d284e11c1:054b05b838335b46a14cf0e769298e4e/	136 KB 136 KB	225ms 167ms	Image image/webp	104.26.2.172 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.plusrewards.com.au/darkroom/1200/a612b0682fcd911123c1297d284e11c1:054b05b838335b46a14cf0e769298e4e/lg3.JPG Requested by Host: www.plusrewards.com.au URL: https://www.plusrewards.com.au/geelongadvertiser Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.26.2.172 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 38be8bc156c1b259189a364bf10b90892fcdf263c1277aa65b12a6b75636a001 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/geelongadvertiser User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers x-application-method Resize width and maintain aspect ratio date Fri, 23 Sep 2022 17:05:30 GMT via 1.1 varnish (Varnish/6.0) vary Accept-Encoding cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 1620303 authorized-request /1200/a612b0682fcd911123c1297d284e11c1:054b05b838335b46a14cf0e769298e4e/lg3.webp x-clock-cacheable NO:Cookie x-webworker active cf-ray 74f4dd940dca5a5b-MEL d-cache MISS last-modified Sun, 04 Sep 2022 23:00:27 GMT server cloudflare strict-transport-security max-age=31536000 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2s9bwm882cC8AFPer6S9%2B5b7JbqI9pbKMUKM9lDIIA45I5vzm%2BTpR0O2ieU%2FZs%2FKwMkJNKphBLdcGbcy%2Bg%2F7gun%2BlEw8RlmwmAmH3C%2BDLrplCA%2BR%2FsThx9b3SWUL3G%2BSBg8f8fVCWZc%3D"}],"group":"cf-nel","max_age":604800} x-varnish 45224081 cache-control max-age=315360000 content-type image/webp cf-bgj h2pri
GET H2	200	samsonite-3.JPG www.plusrewards.com.au/darkroom/1200/4ab258851b82a8ddb0557bfa5afc7594:b0f1e114a896c43174b5802a9d0cf05e/	160 KB 161 KB	225ms 167ms	Image image/webp	104.26.2.172 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.plusrewards.com.au/darkroom/1200/4ab258851b82a8ddb0557bfa5afc7594:b0f1e114a896c43174b5802a9d0cf05e/samsonite-3.JPG Requested by Host: www.plusrewards.com.au URL: https://www.plusrewards.com.au/geelongadvertiser Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.26.2.172 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e0a25d93f31178bb37ee78e21b5b788a9362689f95e49c725dbb47fbaa6d517a Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/geelongadvertiser User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers x-application-method Resize width and maintain aspect ratio date Fri, 23 Sep 2022 17:05:30 GMT via 1.1 varnish (Varnish/6.0) vary Accept-Encoding cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 1620325 authorized-request /1200/4ab258851b82a8ddb0557bfa5afc7594:b0f1e114a896c43174b5802a9d0cf05e/samsonite-3.webp x-clock-cacheable NO:Cookie x-webworker active cf-ray 74f4dd940dcc5a5b-MEL d-cache MISS last-modified Sun, 04 Sep 2022 23:00:05 GMT server cloudflare strict-transport-security max-age=31536000 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HWWjv21CPkNLWr7%2BXwBaS%2FrOROYXEGuORUMxlpfXsKVdQAYUiX3KWo6wx68I%2BwxueIyiGYSRWNIuyWsa0rJCDt06LgId%2F6XQJCGAltrKgm1dJgphjK5ibv4uG2%2Fhfphcjk7Wl9BJxrI%3D"}],"group":"cf-nel","max_age":604800} x-varnish 45189242 cache-control max-age=315360000 content-type image/webp cf-bgj h2pri
GET H2	200	jwd-beauty-prize-pack-horizontal-1920x1080.jpg www.plusrewards.com.au/darkroom/1200/8b4396b524ddd5cbb8c0a6ddfa8aca7f:e3bbf465680105891d0352dbc53b9b69/	143 KB 144 KB	226ms 168ms	Image image/webp	104.26.2.172 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.plusrewards.com.au/darkroom/1200/8b4396b524ddd5cbb8c0a6ddfa8aca7f:e3bbf465680105891d0352dbc53b9b69/jwd-beauty-prize-pack-horizontal-1920x1080.jpg Requested by Host: www.plusrewards.com.au URL: https://www.plusrewards.com.au/geelongadvertiser Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.26.2.172 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 9a2bdb4fdac73faae0f13f6f6a352832ff64a1689d5024c3681f66e0fb4cb684 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/geelongadvertiser User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers x-application-method Resize width and maintain aspect ratio date Fri, 23 Sep 2022 17:05:30 GMT via 1.1 varnish (Varnish/6.0) vary Accept-Encoding cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 1652493 authorized-request /1200/8b4396b524ddd5cbb8c0a6ddfa8aca7f:e3bbf465680105891d0352dbc53b9b69/jwd-beauty-prize-pack-horizontal-1920x1080.webp x-clock-cacheable NO:Cookie x-webworker active cf-ray 74f4dd940dce5a5b-MEL d-cache MISS last-modified Sun, 04 Sep 2022 14:03:56 GMT server cloudflare strict-transport-security max-age=31536000 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gVOLV7hs3i3WtZPizyKf0k6w6Aa2C4DyXkEsa80zWBYNMAH2DCbReEcJBmG5Kwgk7TIygPnOd3NTH9wcBKPO2dKpJ1TZiJaZ%2BL4S%2BDVnCxs6CZ382RvOfVxj3PfgKRsirRumvHENOps%3D"}],"group":"cf-nel","max_age":604800} x-varnish 33815186 cache-control max-age=315360000 content-type image/webp cf-bgj h2pri
GET H2	200	iittala-3.JPG www.plusrewards.com.au/darkroom/1200/07954b879c96571fc984009ddaa8e3a4:5a370be4cc89bd0b6bb047b37b0e1bcd/	63 KB 63 KB	226ms 168ms	Image image/webp	104.26.2.172 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.plusrewards.com.au/darkroom/1200/07954b879c96571fc984009ddaa8e3a4:5a370be4cc89bd0b6bb047b37b0e1bcd/iittala-3.JPG Requested by Host: www.plusrewards.com.au URL: https://www.plusrewards.com.au/geelongadvertiser Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.26.2.172 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash c5abff11d6f2c78a58214e646f7213a55f1459f42bb2960dcb0a209413b428c6 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/geelongadvertiser User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers x-application-method Resize width and maintain aspect ratio date Fri, 23 Sep 2022 17:05:30 GMT via 1.1 varnish (Varnish/6.0) vary Accept-Encoding cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 1620324 authorized-request /1200/07954b879c96571fc984009ddaa8e3a4:5a370be4cc89bd0b6bb047b37b0e1bcd/iittala-3.webp x-clock-cacheable NO:Cookie x-webworker active cf-ray 74f4dd940dd15a5b-MEL d-cache MISS last-modified Sun, 04 Sep 2022 23:00:05 GMT server cloudflare strict-transport-security max-age=31536000 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UoXtC2%2F5dPAoqMEFoM21NNRzjayh3jXvTa5cLH1%2FH3DCLLjuH%2BmukvKH0BdWb2A12Y0zYrUtH4kAIXF00%2BN6o8n4SChM%2Bp35SrF8YP3YWDB04RxdnnDKeWV4I7gHGw5TjdlUWRXz8Ns%3D"}],"group":"cf-nel","max_age":604800} x-varnish 45097214 cache-control max-age=315360000 content-type image/webp cf-bgj h2pri
GET H2	200	news-image-2.jpg www.plusrewards.com.au/darkroom/1200/bc800d40d703fdd7c181115227976d89:2220b1850651959e0c17cd1a4bdc59e2/	131 KB 132 KB	224ms 167ms	Image image/webp	104.26.2.172 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.plusrewards.com.au/darkroom/1200/bc800d40d703fdd7c181115227976d89:2220b1850651959e0c17cd1a4bdc59e2/news-image-2.jpg Requested by Host: www.plusrewards.com.au URL: https://www.plusrewards.com.au/geelongadvertiser Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.26.2.172 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash b8e8bae8a87a6bc86f4fa08e911234b70d93d3d1c9b80ea04e2d4a10fa41554f Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/geelongadvertiser User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers x-application-method Resize width and maintain aspect ratio date Fri, 23 Sep 2022 17:05:30 GMT via 1.1 varnish (Varnish/6.0) vary Accept-Encoding cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 1620284 authorized-request /1200/bc800d40d703fdd7c181115227976d89:2220b1850651959e0c17cd1a4bdc59e2/news-image-2.webp x-clock-cacheable NO:Cookie x-webworker active cf-ray 74f4dd940dd25a5b-MEL d-cache MISS last-modified Sun, 04 Sep 2022 23:00:46 GMT server cloudflare strict-transport-security max-age=31536000 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wO%2FwWhioEv%2BmLQXaPbW%2BPU4n8rClKwaQssI6pZtKCNjjXW0HxQNO0rs5WD2gQqOGK8%2BaaTeR5uWgKbB9yxa2cx7TvNIZMUVbjZT2DnGBtg2K%2FStMAGsGEG6vcU3PnBYSxn%2FuW2OWquA%3D"}],"group":"cf-nel","max_age":604800} x-varnish 45100663 cache-control max-age=315360000 content-type image/webp cf-bgj h2pri
GET H2	200	badness-books.jpg www.plusrewards.com.au/darkroom/1200/0875467b9b9eca99b27a820ca13d7ab2:e8f02f0181b9448ef2e9024481073c34/	179 KB 180 KB	226ms 169ms	Image image/webp	104.26.2.172 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.plusrewards.com.au/darkroom/1200/0875467b9b9eca99b27a820ca13d7ab2:e8f02f0181b9448ef2e9024481073c34/badness-books.jpg Requested by Host: www.plusrewards.com.au URL: https://www.plusrewards.com.au/geelongadvertiser Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.26.2.172 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 46dc5e9503f5997e21c3c0e03d457edbf3748f14380b3b066234188e08555290 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/geelongadvertiser User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers x-application-method Resize width and maintain aspect ratio date Fri, 23 Sep 2022 17:05:30 GMT via 1.1 varnish (Varnish/6.0) vary Accept-Encoding cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 1620324 authorized-request /1200/0875467b9b9eca99b27a820ca13d7ab2:e8f02f0181b9448ef2e9024481073c34/badness-books.webp x-clock-cacheable NO:Cookie x-webworker active cf-ray 74f4dd940dd45a5b-MEL d-cache MISS last-modified Sun, 04 Sep 2022 23:00:05 GMT server cloudflare strict-transport-security max-age=31536000 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1bWbT4UxMeHXsWZjjZ8pmAEcMiJCBNpL0tCbGRpQFvYEI%2BP6Y0VYuQbA%2Bgr25O4%2FVXTRmnuVlC%2BRjPgFewR04LlFEPdKG1N5JS9VnnjLCxszkc%2BCbqTXT%2FkQHN%2BMOan8DDk0IX9KCDc%3D"}],"group":"cf-nel","max_age":604800} x-varnish 45100629 cache-control max-age=315360000 content-type image/webp cf-bgj h2pri
GET H2	200	geelong-black.png www.plusrewards.com.au/darkroom/original/d405c251058f9dcae356a07ba20f72fb:cdc29b01ef5263d129c0506647c1374f/	4 KB 5 KB	224ms 167ms	Image image/png	104.26.2.172 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.plusrewards.com.au/darkroom/original/d405c251058f9dcae356a07ba20f72fb:cdc29b01ef5263d129c0506647c1374f/geelong-black.png Requested by Host: www.plusrewards.com.au URL: https://www.plusrewards.com.au/geelongadvertiser Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.26.2.172 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash a4d822dfd95a2ec98b26834adffd97b5bc91f67e6caa485dcf9765bd7883a81f Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/geelongadvertiser User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers x-application-method Original Image date Fri, 23 Sep 2022 17:05:30 GMT via 1.1 varnish (Varnish/6.0) vary Accept-Encoding cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 1098511 authorized-request /original/d405c251058f9dcae356a07ba20f72fb:cdc29b01ef5263d129c0506647c1374f/geelong-black.png x-clock-cacheable YES content-length 4228 cf-ray 74f4dd940dd55a5b-MEL d-cache MISS last-modified Sat, 10 Sep 2022 23:56:59 GMT server cloudflare strict-transport-security max-age=31536000 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kFJDPanq%2FTMJ76WaO4HdETDGwuD73qeHmfjccfXrgEd2qkCs1QU88TR70M8NpsC%2B7u6PsxWwecwt%2F2Niby%2F52iIZBMs2KV9ekcpU%2Beqtgm4lpknVCWVmiEfqdH0P9SkubV3nntBMVqo%3D"}],"group":"cf-nel","max_age":604800} x-varnish 46434650 445851 cache-control max-age=315360000 accept-ranges bytes content-type image/png; charset=binary
GET H2	200	geelong-addy.png www.plusrewards.com.au/darkroom/515/139344d72908fa356dbe2d9f02e44adf:3954b10513fa06d77d923c29ea3f76bd/	70 KB 71 KB	224ms 168ms	Image image/webp	104.26.2.172 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.plusrewards.com.au/darkroom/515/139344d72908fa356dbe2d9f02e44adf:3954b10513fa06d77d923c29ea3f76bd/geelong-addy.png Requested by Host: www.plusrewards.com.au URL: https://www.plusrewards.com.au/geelongadvertiser Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.26.2.172 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 30a121cc29e305ae771e92a53738297122f90bc94afbada3f22d4ca4d49e8cdc Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/geelongadvertiser User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers date Fri, 23 Sep 2022 17:05:30 GMT via 1.1 varnish (Varnish/6.0) vary Accept-Encoding cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 1098511 authorized-request /515/139344d72908fa356dbe2d9f02e44adf:3954b10513fa06d77d923c29ea3f76bd/geelong-addy.webp x-clock-cacheable YES content-length 72128 x-webworker active cf-ray 74f4dd940dd65a5b-MEL d-cache MISS, HIT last-modified Sun, 08 Sep 2019 06:08:20 GMT server cloudflare strict-transport-security max-age=31536000 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=agxIt%2Bmg90O8XG4s4w5tYZIlEAGGOoKPxS7m%2BLSJhrqQcQRJjatnq8ysNf6gFHrPPoFmCiSocEbEL7an%2BUOc66ES1kjTYi1l2WqiNLzdvj46%2FEGdA%2FHofQEYE0OxJupPcGwsBWGDr7w%3D"}],"group":"cf-nel","max_age":604800} x-varnish 45965200 1995848 cache-control max-age=315360000 accept-ranges bytes content-type image/webp
GET H2	200	news-corp-logo.png www.plusrewards.com.au/assets/img/content/	2 KB 2 KB	223ms 166ms	Image image/png	104.26.2.172 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.plusrewards.com.au/assets/img/content/news-corp-logo.png Requested by Host: www.plusrewards.com.au URL: https://www.plusrewards.com.au/geelongadvertiser Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.26.2.172 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dc17f8f103be6eb21a2a665ca699009649851c4b049892cb384beaa519e8922d Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/geelongadvertiser User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers date Fri, 23 Sep 2022 17:05:30 GMT via 1.1 varnish (Varnish/6.0) cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 12140753 cf-ray 74f4dd940dd75a5b-MEL x-clock-cacheable YES strict-transport-security max-age=31536000 content-length 1944 x-response-time 11.782ms last-modified Wed, 22 Dec 2021 09:50:17 GMT server cloudflare etag W/"798-17de18c6fa8" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iw6Qg2CQ%2BsxPCxjobgVs4Q6n8WARoCjpKfZIvoQyEDMXwlYsHlRPSJVkWt%2Fa%2FYbbyJH0W8vqzl4ctKKRTWVKMQuNg9mypxKw4K1kaRsSlU9VG6OjxNGVOSPfHRFeZ8yP3P%2Bvz7Fvnik%3D"}],"group":"cf-nel","max_age":604800} x-varnish 15974216 329175 cache-control public, max-age=31536000 accept-ranges bytes content-type image/png
GET H2	200	raven.min.js Show response cdn.ravenjs.com/3.26.4/	37 KB 14 KB	269ms 85ms	Script application/javascript	151.101.66.217 FASTLY
General Check archive.org Show headers Download Go to Full URL https://cdn.ravenjs.com/3.26.4/raven.min.js Requested by Host: www.plusrewards.com.au URL: https://www.plusrewards.com.au/geelongadvertiser Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.66.217 , United States, ASN54113 (FASTLY, US), Reverse DNS Software Fastly / Resource Hash 3b6205206b5c515bb685b81ad82ecedf1264a0f1b6b0a99b2d89ce18fe30bc5e Request headers Referer https://www.plusrewards.com.au/ Origin https://www.plusrewards.com.au accept-language en-AU,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers date Fri, 23 Sep 2022 17:05:30 GMT content-encoding gzip last-modified Fri, 20 Jul 2018 09:10:03 GMT server Fastly age 63449 etag "e7a52e3ca61154fb6077ca08d351e3e3" vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * content-length 13757
GET H2	200	vendor.js Show response www.plusrewards.com.au/assets/js/build/595f5e535d3f36e4eaf0eec89c4f1ac9/	739 KB 206 KB	221ms 165ms	Script application/javascript	104.26.2.172 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.plusrewards.com.au/assets/js/build/595f5e535d3f36e4eaf0eec89c4f1ac9/vendor.js Requested by Host: www.plusrewards.com.au URL: https://www.plusrewards.com.au/geelongadvertiser Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.26.2.172 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash bfe0856a9f8731fc55282a133710e17933f69a539da102b9f3a89b518e217151 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/geelongadvertiser User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers date Fri, 23 Sep 2022 17:05:30 GMT via 1.1 varnish (Varnish/6.0) vary Accept-Encoding cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 11773354 cf-ray 74f4dd939d2a5a5b-MEL x-clock-cacheable YES content-encoding br x-response-time 17.842ms last-modified Tue, 10 May 2022 10:37:50 GMT server cloudflare etag W/"b8aea-180ad8bec30" strict-transport-security max-age=31536000 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=41%2F2m45VF7ji5PeJjoiL%2FXr7zpA6kQzFI6%2FaGYHgeeSVfGknSTvE13Xxsr2j%2F5Q8ffoFLXxzJzKob%2BrRPTDMBwYQmed%2BrQEoORny6aNtUKt%2BtOTNfUzS9%2FO%2FtMpqzvbIS5mMvIgYl3I%3D"}],"group":"cf-nel","max_age":604800} x-varnish 19353909 20285491 cache-control public, max-age=31536000 content-type application/javascript; charset=UTF-8
GET H2	200	base.js Show response www.plusrewards.com.au/assets/js/build/859c619adf8c9ff67aa050e87ee91228/	502 KB 66 KB	218ms 164ms	Script application/javascript	104.26.2.172 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.plusrewards.com.au/assets/js/build/859c619adf8c9ff67aa050e87ee91228/base.js Requested by Host: www.plusrewards.com.au URL: https://www.plusrewards.com.au/geelongadvertiser Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.26.2.172 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 83fef0829368090eb4a6919e013a592dc47682bd20a02cebcbfd6295739552a0 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/geelongadvertiser User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers date Fri, 23 Sep 2022 17:05:30 GMT via 1.1 varnish (Varnish/6.0) vary Accept-Encoding cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 974030 cf-ray 74f4dd939d2c5a5b-MEL x-clock-cacheable NO:Cookie content-encoding br x-response-time 7.053ms last-modified Mon, 12 Sep 2022 10:29:35 GMT server cloudflare etag W/"7d615-183313f4a98" strict-transport-security max-age=31536000 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TchJZy4h5RdZlKS%2FG1ACj8ISesba1fRIJAJ2GTgy11enmFaBkT4VtQWuX%2FqvLdc3NtsSwbHJVISvPpyvXKc112vdRzZBVZK7MhXihplbdIhGbquT2ReCwH2DE1zwTo0%2B8Xt8qiE65Ik%3D"}],"group":"cf-nel","max_age":604800} x-varnish 46247440 cache-control public, max-age=31536000 content-type application/javascript; charset=UTF-8
GET H2	200	utag.js Show response tags.tiqcdn.com/utag/newsltd/gea.wl/prod/	44 KB 13 KB	1406ms 989ms	Script application/x-javascript	104.71.48.190 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://tags.tiqcdn.com/utag/newsltd/gea.wl/prod/utag.js Requested by Host: www.plusrewards.com.au URL: https://www.plusrewards.com.au/geelongadvertiser Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 104.71.48.190 Central, Hong Kong, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-71-48-190.deploy.static.akamaitechnologies.com Software AkamaiNetStorage / Resource Hash 9a152e0027c725788c265d4a7428044ffc7d4ce0fa5c3a0fe25269c4fda255e5 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers date Fri, 23 Sep 2022 17:05:31 GMT content-encoding gzip last-modified Thu, 21 Jul 2022 10:11:46 GMT server AkamaiNetStorage etag "b5f0ceef5258e1e8d910972ea9b0c343:1658398306.481226" vary Accept-Encoding content-type application/x-javascript cache-control max-age=300 accept-ranges bytes content-length 12562 expires Fri, 23 Sep 2022 17:10:31 GMT
GET H2	200	fbevents.js Show response connect.facebook.net/en_US/	101 KB 27 KB	516ms 172ms	Script application/x-javascript	157.240.7.26 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/en_US/fbevents.js Requested by Host: www.plusrewards.com.au URL: https://www.plusrewards.com.au/geelongadvertiser Protocol H2 Security TLS 1.3, , AES_128_GCM Server 157.240.7.26 Singapore, Singapore, ASN32934 (FACEBOOK, US), Reverse DNS xx-fbcdn-shv-01-sin6.fbcdn.net Software / Resource Hash 844bfb2ff3311ad9b5611b51d8c72e0c483a8ceafe7c625a5c321637f9277399 Security Headers Name Value Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers content-security-policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests; content-encoding gzip x-content-type-options nosniff document-policy force-load-at-top cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400,h3-29=":443"; ma=86400 content-length 26839 x-xss-protection 0 pragma public x-fb-debug MENBUdKMXDEv0hm1FesnC/ESRs2LhuYXOMjKJKdsClJ2TUjImQcW7+t59ZiUyMEvzQOkJYOx+sHTj5pHAJetPg== x-fb-trip-id 2050670934 cross-origin-opener-policy same-origin-allow-popups x-frame-options DENY date Fri, 23 Sep 2022 17:05:31 GMT strict-transport-security max-age=31536000; preload; includeSubDomains content-type application/x-javascript; charset=utf-8 vary Accept-Encoding cache-control public, max-age=1200 x-fb-rlafr 0 expires Sat, 01 Jan 2000 00:00:00 GMT
GET H2	200	6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2 fonts.gstatic.com/s/sourcesanspro/v21/	13 KB 13 KB	531ms 175ms	Font font/woff2	142.251.10.94 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/sourcesanspro/v21/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css2?family=Source+Sans+Pro:wght@400;600;700&display=swap Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.251.10.94 , United States, ASN15169 (GOOGLE, US), Reverse DNS sd-in-f94.1e100.net Software sffe / Resource Hash c124c88ca4fcb4336e97617647ef0d32441329371120c8eabaea0fea226560b0 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://www.plusrewards.com.au accept-language en-AU,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers date Sun, 18 Sep 2022 05:58:47 GMT x-content-type-options nosniff age 472004 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 13036 x-xss-protection 0 last-modified Wed, 27 Apr 2022 16:04:42 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Mon, 18 Sep 2023 05:58:47 GMT
GET H2	200	9625 Show response secure-ds.serving-sys.com/adServingData/PROD/TMClient/5/	106 B 440 B	1597ms 1033ms	XHR application/octet-stream	42.99.140.160 ASN-TELSTRA-GLOBA...
General Check archive.org Show headers Download Go to Full URL https://secure-ds.serving-sys.com/adServingData/PROD/TMClient/5/9625 Requested by Host: secure-ds.serving-sys.com URL: https://secure-ds.serving-sys.com/SemiCachedScripts/ebOneTag.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 42.99.140.160 , Japan, ASN4637 (ASN-TELSTRA-GLOBAL Telstra Global, HK), Reverse DNS ip-42-99-140-160.pacnet.net Software AmazonS3 / Resource Hash 5076bd7c5c84d0b533c19313a1ef4c0e6e4ba41b22f87b4ed7dcd0caea8947c7 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers x-amz-version-id ni06aRNJ.oW5iot1yEoFCHIYC9YxODnP content-encoding gzip last-modified Thu, 25 Jun 2020 00:21:01 GMT server AmazonS3 x-amz-cf-pop ATL58-P4 etag "871ff70fb44fe71ad31c207b97a5e109" vary Accept-Encoding content-type application/octet-stream access-control-allow-origin * cache-control max-age=473 date Fri, 23 Sep 2022 17:05:32 GMT x-amz-replication-status COMPLETED accept-ranges bytes content-length 112 x-amz-cf-id ubTN7RP6KlnHWuyNNhVm7jil1SvYYdIVZLQt-5HOmamFHn1fqnAzlA==
GET H2	200	lg3.JPG www.plusrewards.com.au/darkroom/1500/a612b0682fcd911123c1297d284e11c1:556a676e3b0a4ce5f6287eb3de326b82/	172 KB 172 KB	112ms 105ms	Image image/webp	104.26.2.172 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.plusrewards.com.au/darkroom/1500/a612b0682fcd911123c1297d284e11c1:556a676e3b0a4ce5f6287eb3de326b82/lg3.JPG Requested by Host: www.plusrewards.com.au URL: https://www.plusrewards.com.au/geelongadvertiser Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.26.2.172 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash ef0c7dd60dc727f8ae8a44c1d2611301a052b364820f061c377199cb79b219ea Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/geelongadvertiser User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers date Fri, 23 Sep 2022 17:05:31 GMT via 1.1 varnish (Varnish/6.0) vary Accept-Encoding cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 1008524 authorized-request /1500/a612b0682fcd911123c1297d284e11c1:556a676e3b0a4ce5f6287eb3de326b82/lg3.webp x-clock-cacheable NO:Cookie content-length 175620 x-webworker active cf-ray 74f4dd9919f85a5b-MEL d-cache MISS, HIT last-modified Mon, 12 Sep 2022 00:56:44 GMT server cloudflare strict-transport-security max-age=31536000 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NmXLN4v%2BlDP6W5bO234wk1voEqwfLD6J2BhD96drC5fyteO7079HrxnpEpb6E7wAysHz2RinMApZRsz5rrkj02Ag8PFVkR4PDUUfAU80ppFc940O6jI4uUclrSvv9KGA8OJkhD7lAlg%3D"}],"group":"cf-nel","max_age":604800} x-varnish 45335114 cache-control max-age=315360000 accept-ranges bytes content-type image/webp
GET H2	200	charter-bold.woff2 www.plusrewards.com.au/assets/fonts/charter/	15 KB 15 KB	114ms 105ms	Font application/font-woff2	104.26.2.172 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.plusrewards.com.au/assets/fonts/charter/charter-bold.woff2 Requested by Host: www.plusrewards.com.au URL: https://www.plusrewards.com.au/assets/css/d44e92a377608b5e31f74e990e5e2578/index-rewards.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.26.2.172 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash ca14510c9c719c3d07bb457eb2e914f48e942fc1e6906c03008197559e03b5f9 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Referer https://www.plusrewards.com.au/assets/css/d44e92a377608b5e31f74e990e5e2578/index-rewards.css Origin https://www.plusrewards.com.au accept-language en-AU,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers date Fri, 23 Sep 2022 17:05:31 GMT via 1.1 varnish (Varnish/6.0) cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 13543595 cf-ray 74f4dd9929fe5a5b-MEL x-clock-cacheable YES strict-transport-security max-age=31536000 content-length 15164 x-response-time 1.713ms last-modified Wed, 22 Dec 2021 09:50:17 GMT server cloudflare etag W/"3b3c-17de18c6fa8" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DN3QCSUVBMWsKWJFEsdk%2FmKyr4KqGZsr34XVKYx4s2ChXEuEt918brK5HdquiQ%2FY69cvO2VWDVBGE6wd0Kb0T4DZGmXif3Vttp%2FaucfaW5NgzMLTrYK7l6vU8OzpjmoB26cr%2BU%2FqOnY%3D"}],"group":"cf-nel","max_age":604800} x-varnish 16319278 197190 cache-control public, max-age=31536000 accept-ranges bytes content-type application/font-woff2
GET H2	200	6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2 fonts.gstatic.com/s/sourcesanspro/v21/	13 KB 13 KB	206ms 198ms	Font font/woff2	142.251.10.94 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css2?family=Source+Sans+Pro:wght@400;600;700&display=swap Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.251.10.94 , United States, ASN15169 (GOOGLE, US), Reverse DNS sd-in-f94.1e100.net Software sffe / Resource Hash 7348a2eb48c9a681d6178433394c7037144d85b57ee33a11339d3a33fa1001a4 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://www.plusrewards.com.au accept-language en-AU,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers date Thu, 22 Sep 2022 13:24:21 GMT x-content-type-options nosniff age 99670 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 12924 x-xss-protection 0 last-modified Wed, 27 Apr 2022 16:02:31 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Fri, 22 Sep 2023 13:24:21 GMT
GET H2	200	rollerscript-smooth.woff2 www.plusrewards.com.au/assets/fonts/rollerscript/	115 KB 115 KB	115ms 107ms	Font application/font-woff2	104.26.2.172 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.plusrewards.com.au/assets/fonts/rollerscript/rollerscript-smooth.woff2 Requested by Host: www.plusrewards.com.au URL: https://www.plusrewards.com.au/assets/css/d44e92a377608b5e31f74e990e5e2578/index-rewards.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.26.2.172 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 3a5128f3f03a9ae9f18f02f1981e916854f9a95a29f319b9d7ca8407df00ae53 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Referer https://www.plusrewards.com.au/assets/css/d44e92a377608b5e31f74e990e5e2578/index-rewards.css Origin https://www.plusrewards.com.au accept-language en-AU,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers date Fri, 23 Sep 2022 17:05:31 GMT via 1.1 varnish (Varnish/6.0) cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 13543594 cf-ray 74f4dd9929ff5a5b-MEL x-clock-cacheable YES strict-transport-security max-age=31536000 content-length 117392 x-response-time 1.263ms last-modified Wed, 22 Dec 2021 09:50:17 GMT server cloudflare etag W/"1ca90-17de18c724f" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JlsFMYpUlZEUVpi5Jx7ZaO6mwMVgPALVF9PIw%2FAFaPx4X4xMxc4np725AuJ2QAupx%2BUEx8yVR0zIqR%2Bl1D6MrCeRCSUtmc4OKdHJfEbaEKr6nLM9WfGZi9icyjHbbypu0MLXHQuAgZw%3D"}],"group":"cf-nel","max_age":604800} x-varnish 9125512 262157 cache-control public, max-age=31536000 accept-ranges bytes content-type application/font-woff2
GET H2	200	charter-bold-italic.woff2 www.plusrewards.com.au/assets/fonts/charter/	16 KB 16 KB	103ms 102ms	Font application/font-woff2	104.26.2.172 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.plusrewards.com.au/assets/fonts/charter/charter-bold-italic.woff2 Requested by Host: www.plusrewards.com.au URL: https://www.plusrewards.com.au/assets/css/d44e92a377608b5e31f74e990e5e2578/index-rewards.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.26.2.172 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 601fa4a2d543489560222e5ebc4f2a06a546c3f3c89340a78018420966743313 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Referer https://www.plusrewards.com.au/assets/css/d44e92a377608b5e31f74e990e5e2578/index-rewards.css Origin https://www.plusrewards.com.au accept-language en-AU,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers date Fri, 23 Sep 2022 17:05:31 GMT via 1.1 varnish (Varnish/6.0) cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 13543556 cf-ray 74f4dd99ba605a5b-MEL x-clock-cacheable YES strict-transport-security max-age=31536000 content-length 16388 x-response-time 0.851ms last-modified Wed, 22 Dec 2021 09:50:17 GMT server cloudflare etag W/"4004-17de18c6fa8" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B5%2FubV7Ogg2CC%2BHrQCHiquRrrer2uJd%2FQmMu81XhgN%2FndXPlH55gB%2FM6gYD0tfRg9SOAEUHl2V9WIEnLgGPhFjqZ66bbSjojg%2FpNjNw%2BLMU8OOoKP8M%2FitE7rKHubSkS9IBAAImb1HI%3D"}],"group":"cf-nel","max_age":604800} x-varnish 15820864 4336 cache-control public, max-age=31536000 accept-ranges bytes content-type application/font-woff2
GET H2	200	703689593410048 Show response connect.facebook.net/signals/config/	293 KB 84 KB	466ms 465ms	Script application/x-javascript	157.240.7.26 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/signals/config/703689593410048?v=2.9.83&r=stable Requested by Host: connect.facebook.net URL: https://connect.facebook.net/en_US/fbevents.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 157.240.7.26 Singapore, Singapore, ASN32934 (FACEBOOK, US), Reverse DNS xx-fbcdn-shv-01-sin6.fbcdn.net Software / Resource Hash 8238bd081b57716efac9abd4bd389e52327b45947ea81127cd59e56d64a4b271 Security Headers Name Value Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers content-security-policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests; content-encoding gzip x-content-type-options nosniff document-policy force-load-at-top cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400,h3-29=":443"; ma=86400 x-xss-protection 0 pragma public x-fb-debug j2hMbkHSFpl5b8yxs9yhGM9pugjOZlMZp01sMLeuhT4pBChJDG4qtyDiYktGwkmyisRQjn8TYOXEzAYtmBQ/8A== x-fb-trip-id 2050670934 cross-origin-opener-policy same-origin-allow-popups x-frame-options DENY date Fri, 23 Sep 2022 17:05:31 GMT strict-transport-security max-age=31536000; preload; includeSubDomains content-type application/x-javascript; charset=utf-8 vary Accept-Encoding cache-control public, max-age=1200 x-fb-rlafr 0 priority u=3,i expires Sat, 01 Jan 2000 00:00:00 GMT
GET H2	200	utrack.js Show response tags.news.com.au/prod/utrack/	2 KB 1 KB	1276ms 320ms	Script application/x-javascript	104.83.196.200 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://tags.news.com.au/prod/utrack/utrack.js?cb=16639527315350.43348102242423203 Requested by Host: tags.tiqcdn.com URL: https://tags.tiqcdn.com/utag/newsltd/gea.wl/prod/utag.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 104.83.196.200 Singapore, Singapore, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-83-196-200.deploy.static.akamaitechnologies.com Software AkamaiNetStorage / Resource Hash 73a2e968573cdebeb06619be73e0eed1863d513e6ff521fe671d9379f4315eeb Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers pragma no-cache date Fri, 23 Sep 2022 17:05:32 GMT content-encoding gzip server AkamaiNetStorage etag "ab4f3fe7c5c43b61d4377ef72d3952fa:1558613430" vary Accept-Encoding p3p CP="News Ltd does not have a P3P policy. You can view our Privacy Policy at http://www.newscorpaustraliaprivacy.com" cache-control max-age=0, no-cache, no-store content-type application/x-javascript content-length 839 expires Fri, 23 Sep 2022 17:05:32 GMT
GET H2	200	mitas.js Show response tags.news.com.au/prod/mitas/	666 B 905 B	1275ms 320ms	Script application/x-javascript	104.83.196.200 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://tags.news.com.au/prod/mitas/mitas.js Requested by Host: tags.tiqcdn.com URL: https://tags.tiqcdn.com/utag/newsltd/gea.wl/prod/utag.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 104.83.196.200 Singapore, Singapore, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-83-196-200.deploy.static.akamaitechnologies.com Software AkamaiNetStorage / Resource Hash d160b7999ef36a6814e7e673a78ee2388f00131908cf533155005798db86cfff Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers date Fri, 23 Sep 2022 17:05:32 GMT cache-control max-age=69605 server AkamaiNetStorage content-type application/x-javascript etag "83a2bbd4d3829f1d4278f4ff0988804c:1490850995" content-length 666 p3p CP="News Ltd does not have a P3P policy. You can view our Privacy Policy at http://www.newscorpaustraliaprivacy.com"
GET H2	200	gdpr_user_check.esi Show response tags.news.com.au/prod/data-esi/top/	65 B 352 B	1273ms 318ms	XHR text/plain	104.83.196.200 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://tags.news.com.au/prod/data-esi/top/gdpr_user_check.esi Requested by Host: cdn.ravenjs.com URL: https://cdn.ravenjs.com/3.26.4/raven.min.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 104.83.196.200 Singapore, Singapore, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-83-196-200.deploy.static.akamaitechnologies.com Software AkamaiNetStorage / Resource Hash 149fc725698121ad80649bd3cbae47790208ad23eb6ea345d260ef9c1431f654 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers date Fri, 23 Sep 2022 17:05:32 GMT server AkamaiNetStorage etag "519053bf13ef3980b8829a5ec0f4dbc4:1638256850.601476" vary Origin, Origin, Origin p3p CP="News Ltd does not have a P3P policy. You can view our Privacy Policy at http://www.newscorpaustraliaprivacy.com" access-control-allow-origin https://www.plusrewards.com.au cache-control max-age=393 content-type text/plain content-length 65
GET H2	200	rampart.js Show response www.news.com.au/remote/identity/rampart/latest/	277 KB 83 KB	900ms 240ms	Script application/x-javascript	104.71.48.157 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://www.news.com.au/remote/identity/rampart/latest/rampart.js Requested by Host: www.plusrewards.com.au URL: https://www.plusrewards.com.au/assets/js/build/859c619adf8c9ff67aa050e87ee91228/base.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 104.71.48.157 Central, Hong Kong, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-71-48-157.deploy.static.akamaitechnologies.com Software AkamaiNetStorage / Resource Hash d4a2fce65d2d504b230a33f50280f034564461cdf46d929ef540790208f8df47 Security Headers Name Value Content-Security-Policy block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; X-Content-Security-Policy block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers content-security-policy block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; content-encoding gzip vary User-Agent, Accept-Encoding x-content-security-policy block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; server AkamaiNetStorage etag "b4a3b9b58bfcfee5da16aa61754376ea:1658294497.988769" content-security-policy-report-only frame-ancestors 'self'; report-uri https://www.news.com.au/csp-reports content-type application/x-javascript cache-control max-age=1558 date Fri, 23 Sep 2022 17:05:32 GMT is-https true x-webkit-csp block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; expires Fri, 23 Sep 2022 17:31:30 GMT
GET H2	200	/ www.facebook.com/tr/	0 204 B	510ms 170ms	Image text/plain	157.240.7.35 FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/tr/?id=703689593410048&ev=PageView&dl=https%3A%2F%2Fwww.plusrewards.com.au%2Fgeelongadvertiser&rl=&if=false&ts=1663952732177&sw=1600&sh=1200&v=2.9.83&r=stable&ec=0&o=30&fbp=fb.2.1663952732176.246867924&it=1663952731406&coo=false&rqm=GET Requested by Host: www.plusrewards.com.au URL: https://www.plusrewards.com.au/geelongadvertiser Protocol H2 Security TLS 1.3, , AES_128_GCM Server 157.240.7.35 Singapore, Singapore, ASN32934 (FACEBOOK, US), Reverse DNS edge-star-mini-shv-01-sin6.facebook.com Software proxygen-bolt / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains server proxygen-bolt date Fri, 23 Sep 2022 17:05:32 GMT content-type text/plain access-control-allow-origin access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 0
GET H2	200	Serving Show response bs.serving-sys.com/	384 B 865 B	678ms 175ms	Script text/html	54.251.132.236 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://bs.serving-sys.com/Serving?cn=ot&onetagid=9625&dispType=js&sync=0&sessionid=7900275291692142756&pageurl=$$https%3A%2F%2Fwww.plusrewards.com.au%2Fgeelongadvertiser$$&activityValues=$$Session%3D5971508116439652399$$&ns=0&rnd=8671058382871764&uinadv=%7B%7D Requested by Host: secure-ds.serving-sys.com URL: https://secure-ds.serving-sys.com/SemiCachedScripts/ebOneTag.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.251.132.236 Singapore, Singapore, ASN16509 (AMAZON-02, US), Reverse DNS ec2-54-251-132-236.ap-southeast-1.compute.amazonaws.com Software Microsoft-IIS/10.0 / ASP.NET Resource Hash 1f2eddc28e4cbf04eb483e208a7360277f089e871db22b463870d0f2aa011aac Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers pragma no-cache date Fri, 23 Sep 2022 17:05:33 GMT content-encoding gzip server Microsoft-IIS/10.0 x-powered-by ASP.NET p3p CP="NOI DEVa OUR BUS UNI" access-control-allow-origin * cache-control no-cache, no-store content-type text/html; charset=UTF-8 content-length 287 expires Sun, 05-Jun-2005 22:00:00 GMT
GET H2	200	/ www.facebook.com/tr/	0 31 B	171ms 169ms	Image text/plain	157.240.7.35 FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/tr/?id=703689593410048&ev=Microdata&dl=https%3A%2F%2Fwww.plusrewards.com.au%2Fgeelongadvertiser&rl=&if=false&ts=1663952732679&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22Home%20%7C%20%2BRewards%22%2C%22meta%3Adescription%22%3A%22%20The%20official%20website%20of%20%2BRewards%22%7D&cd[OpenGraph]=%7B%22og%3Aimage%22%3A%22https%3A%2F%2Fnca-plus-production.clockhosting.com%2Fassets%2Fimg%2Fmeta%2Frewards%2Fdf0ffb6a93b53c160893035c12275b70%2Fmeta-icon-1000x1000.png%22%2C%22og%3Aimage%3Aurl%22%3A%22https%3A%2F%2Fnca-plus-production.clockhosting.com%2Fassets%2Fimg%2Fmeta%2Frewards%2Fdf0ffb6a93b53c160893035c12275b70%2Fmeta-icon-1000x1000.png%22%2C%22og%3Aimage%3Asecure_url%22%3A%22https%3A%2F%2Fnca-plus-production.clockhosting.com%2Fassets%2Fimg%2Fmeta%2Frewards%2Fdf0ffb6a93b53c160893035c12275b70%2Fmeta-icon-1000x1000.png%22%2C%22og%3Asite_name%22%3A%22The%20Australian%20%26%20Plus%20Rewards%22%2C%22og%3Aurl%22%3A%22https%3A%2F%2Fwww.plusrewards.com.au%2Fgeelongadvertiser%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.83&r=stable&ec=1&o=30&fbp=fb.2.1663952732176.246867924&it=1663952731406&coo=false&es=automatic&tm=3&rqm=GET Requested by Host: www.plusrewards.com.au URL: https://www.plusrewards.com.au/geelongadvertiser Protocol H2 Security TLS 1.3, , AES_128_GCM Server 157.240.7.35 Singapore, Singapore, ASN32934 (FACEBOOK, US), Reverse DNS edge-star-mini-shv-01-sin6.facebook.com Software proxygen-bolt / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains server proxygen-bolt date Fri, 23 Sep 2022 17:05:32 GMT content-type text/plain access-control-allow-origin access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 0
GET H2	200	authorize Show response login.newscorpaustralia.com/ Frame 1EFA	2 KB 3 KB	1684ms 586ms	Document text/html	23.199.136.8 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://login.newscorpaustralia.com/authorize?client_id=O4L1VeAatkTgDxyODmLAS4ZB6NUgoO6k&response_type=token%20id_token&scope=openid%20profile&audience=newscorpaustralia&redirect_uri=https%3A%2F%2Fwww.plusrewards.com.au%2Fauth%2Fcallback&state=PjtelCRNonMIcwL3yfpxHGt53KkQDSH9&nonce=pBNB2P-4iFBe9cXJY1CMsFiBRc4aOvL7&response_mode=web_message&prompt=none&auth0Client=eyJuYW1lIjoiYXV0aDAuanMiLCJ2ZXJzaW9uIjoiOS4xOS4wIn0%3D Requested by Host: www.news.com.au URL: https://www.news.com.au/remote/identity/rampart/latest/rampart.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.199.136.8 Kuala Lumpur, Malaysia, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-199-136-8.deploy.static.akamaitechnologies.com Software cloudflare / Resource Hash 0a5b6ed25d466b9660ca2ce322f6ded1f2c1d298d540e5b1b485e1577d467412 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff Request headers Referer https://www.plusrewards.com.au/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 accept-language en-AU,en;q=0.9 Response headers cache-control max-age=0, no-cache, no-store cf-cache-status DYNAMIC cf-ray 74f4ddac4dca7395-JHB content-encoding gzip content-length 802 content-security-policy-report-only frame-ancestors 'self'; report-uri https://login.newscorpaustralia.com/csp-reports content-type text/html;charset=UTF-8 date Fri, 23 Sep 2022 17:05:34 GMT expires Fri, 23 Sep 2022 17:05:34 GMT ot-baggage-auth0-request-id 74f4ddac4dca7395 ot-tracer-sampled true ot-tracer-spanid 67bc74151df1a536 ot-tracer-traceid 7265bd7e1ed0ea4e pragma no-cache server cloudflare strict-transport-security max-age=31536000 traceparent 00-67bc74151df1a536-00000000000000007265bd7e1ed0ea4e-01 tracestate auth0-request-id=74f4ddac4dca7395,auth0=true vary Accept-Encoding x-akamai-transformed 9 543 0 pmb=mTOE,3 x-auth0-requestid cf5a3131d213373f438b x-content-type-options nosniff x-ratelimit-limit 1000 x-ratelimit-remaining 999 x-ratelimit-reset 1663952735
GET H2	200	metrics.js Show response tags.news.com.au/prod/metrics/	184 KB 63 KB	416ms 412ms	Script application/x-javascript	104.83.196.200 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://tags.news.com.au/prod/metrics/metrics.js Requested by Host: tags.tiqcdn.com URL: https://tags.tiqcdn.com/utag/newsltd/gea.wl/prod/utag.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 104.83.196.200 Singapore, Singapore, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-83-196-200.deploy.static.akamaitechnologies.com Software AkamaiNetStorage / Resource Hash 36e299f45673885e6b5d62d38c3b76d863aa2a0b511a2c1327359273380703a0 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers date Fri, 23 Sep 2022 17:05:33 GMT content-encoding gzip server AkamaiNetStorage etag "9eb05ec342e2e8bb70ca106d47373e89:1663130616.359726" vary Accept-Encoding p3p CP="News Ltd does not have a P3P policy. You can view our Privacy Policy at http://www.newscorpaustraliaprivacy.com" cache-control max-age=36014 content-type application/x-javascript
GET H2	200	tad.js Show response tags.news.com.au/prod/tad/	107 KB 33 KB	402ms 398ms	Script application/x-javascript	104.83.196.200 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://tags.news.com.au/prod/tad/tad.js Requested by Host: tags.tiqcdn.com URL: https://tags.tiqcdn.com/utag/newsltd/gea.wl/prod/utag.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 104.83.196.200 Singapore, Singapore, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-83-196-200.deploy.static.akamaitechnologies.com Software AkamaiNetStorage / Resource Hash e70bd440c10e5906797794cb77fa09cede63306250588bce7ed75f466b41884d Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers date Fri, 23 Sep 2022 17:05:33 GMT content-encoding gzip server AkamaiNetStorage etag "08fe99de660944ffd677aa09c2ad8154:1663643873.920173" vary Accept-Encoding p3p CP="News Ltd does not have a P3P policy. You can view our Privacy Policy at http://www.newscorpaustraliaprivacy.com" cache-control max-age=53716 content-type application/x-javascript content-length 33375
GET H2	200	gpt.js Show response securepubads.g.doubleclick.net/tag/js/	80 KB 28 KB	519ms 180ms	Script text/javascript	172.217.194.154 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://securepubads.g.doubleclick.net/tag/js/gpt.js Requested by Host: tags.tiqcdn.com URL: https://tags.tiqcdn.com/utag/newsltd/gea.wl/prod/utag.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.217.194.154 , United States, ASN15169 (GOOGLE, US), Reverse DNS si-in-f154.1e100.net Software sffe / Resource Hash 3916243359bf2cfb605813c893d37dbca79b468279dcf1daad25fea83e649102 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers date Fri, 23 Sep 2022 17:05:33 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 27811 x-xss-protection 0 server sffe etag "1342 / 258 of 1000 / last-modified: 1663931308" vary Accept-Encoding report-to {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]} content-type text/javascript cache-control private, max-age=900, stale-while-revalidate=3600 timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="ads-gpt-scs" expires Fri, 23 Sep 2022 17:05:33 GMT
GET H2	200	nielsen.js Show response tags.news.com.au/prod/nielsen/	25 KB 10 KB	332ms 329ms	Script application/x-javascript	104.83.196.200 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://tags.news.com.au/prod/nielsen/nielsen.js Requested by Host: tags.tiqcdn.com URL: https://tags.tiqcdn.com/utag/newsltd/gea.wl/prod/utag.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 104.83.196.200 Singapore, Singapore, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-83-196-200.deploy.static.akamaitechnologies.com Software AkamaiNetStorage / Resource Hash 002856eb594d2755e967afbc01ed1d8cfcc4232f4abfe714a5b8a9b55a367258 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers date Fri, 23 Sep 2022 17:05:33 GMT content-encoding gzip server AkamaiNetStorage etag "ecacc4b7d71d3eee8eaca9fbb3295f91:1638242930.652258" vary Accept-Encoding p3p CP="News Ltd does not have a P3P policy. You can view our Privacy Policy at http://www.newscorpaustraliaprivacy.com" cache-control max-age=52881 content-type application/x-javascript content-length 9840
GET H2	200	embed.js Show response nebula-cdn.kampyle.com/au/wau/132224/onsite/	1 KB 949 B	261ms 86ms	Script application/javascript	151.101.1.175 FASTLY
General Check archive.org Show headers Download Go to Full URL https://nebula-cdn.kampyle.com/au/wau/132224/onsite/embed.js Requested by Host: tags.tiqcdn.com URL: https://tags.tiqcdn.com/utag/newsltd/gea.wl/prod/utag.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.1.175 , United States, ASN54113 (FASTLY, US), Reverse DNS Software AmazonS3 / Resource Hash 1e0048d90172ebbb946617c24a981dbc8a4d585329c16ecd3eeac25d6a0acd58 Security Headers Name Value Strict-Transport-Security max-age=31557600 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers x-amz-version-id G_uOFaRAX6MbltPrZ4eQxYjXSVaorpvs content-encoding gzip etag "d3a4ba724c6dc4f78dd9808b516fecba" age 305371 via 1.1 varnish x-cache HIT vary Accept-Encoding content-length 520 x-amz-id-2 T3GZEFkLDo9N8/3VTBJpi188JWOEJYpe5g6gfVvQPE58ZvWEOCBaByhiwn48eOXBGoly88KOHUw= x-served-by cache-mel11247-MEL last-modified Tue, 20 Sep 2022 04:16:03 GMT server AmazonS3 x-timer S1663952734.740403,VS0,VE0 date Fri, 23 Sep 2022 17:05:33 GMT strict-transport-security max-age=31557600 x-amz-request-id 73HQHDHHEYFP1R1P access-control-allow-origin * cache-control max-age=0,must-revalidate accept-ranges bytes content-type application/javascript x-cache-hits 254611
GET H2	200	nca_ipsos.js Show response tags.news.com.au/prod/ipsos/	30 KB 7 KB	359ms 357ms	Script application/x-javascript	104.83.196.200 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://tags.news.com.au/prod/ipsos/nca_ipsos.js Requested by Host: tags.tiqcdn.com URL: https://tags.tiqcdn.com/utag/newsltd/gea.wl/prod/utag.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 104.83.196.200 Singapore, Singapore, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-83-196-200.deploy.static.akamaitechnologies.com Software AkamaiNetStorage / Resource Hash 21f20f84cde9b9bb5d03446360d1909696d9e346bd970e8306a3d0565a82fc82 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers date Fri, 23 Sep 2022 17:05:33 GMT content-encoding gzip server AkamaiNetStorage etag "f195a817810e0c6b1880a6e2edc2d073:1660712926.791363" vary Accept-Encoding p3p CP="News Ltd does not have a P3P policy. You can view our Privacy Policy at http://www.newscorpaustraliaprivacy.com" cache-control max-age=53875 content-type application/x-javascript content-length 7136
GET H2	200	utag.625.js Show response tags.tiqcdn.com/utag/newsltd/gea.wl/prod/	4 KB 2 KB	2049ms 2047ms	Script application/x-javascript	104.71.48.190 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://tags.tiqcdn.com/utag/newsltd/gea.wl/prod/utag.625.js?utv=ut4.46.202111250407 Requested by Host: tags.tiqcdn.com URL: https://tags.tiqcdn.com/utag/newsltd/gea.wl/prod/utag.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 104.71.48.190 Central, Hong Kong, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-71-48-190.deploy.static.akamaitechnologies.com Software AkamaiNetStorage / Resource Hash 1d651ea3257f5f9cef5915d597367e1800065b994de7930dac549b880d32661a Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers date Fri, 23 Sep 2022 17:05:35 GMT content-encoding gzip last-modified Thu, 16 Sep 2021 05:01:35 GMT server AkamaiNetStorage etag "63b21c10a2f540b1a305ea832f49a54b:1631768495.155844" vary Accept-Encoding content-type application/x-javascript cache-control max-age=1296000 accept-ranges bytes content-length 1701 expires Sat, 08 Oct 2022 17:05:35 GMT
GET H2	200	P9639CC51-2F11-48E8-B888-393496680A12.js Show response cdn-gl.imrworldwide.com/conf/	32 KB 7 KB	527ms 175ms	Script application/javascript	13.224.250.112 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cdn-gl.imrworldwide.com/conf/P9639CC51-2F11-48E8-B888-393496680A12.js Requested by Host: tags.news.com.au URL: https://tags.news.com.au/prod/nielsen/nielsen.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.250.112 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-250-112.sin52.r.cloudfront.net Software AmazonS3 / Resource Hash c261147bf4256326fe74979596ca8fb13dae170d9b7586b1edbf7f0bb2fe9cf6 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers x-amz-version-id osiFhC4BsEukeAQaNcBwSQJMz_8TzyAj content-encoding gzip etag W/"b76e8b8476a48119b813a1c358420395" last-modified Fri, 23 Sep 2022 11:17:50 GMT server AmazonS3 age 29 x-amz-server-side-encryption AES256 vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript via 1.1 a372f2a2c858a55a472ec9d3d1c6b816.cloudfront.net (CloudFront) cache-control max-age=86400,s-maxage=86400 date Fri, 23 Sep 2022 17:05:05 GMT x-amz-cf-pop SIN52-C2 x-amz-cf-id p6RpZBbUxgDEBJjeuafOFUWHADSlj8BXigk5CbGotg68QJxHhD49qg==
GET H2	200	door.js Show response au-script.dotmetrics.net/	9 KB 4 KB	613ms 268ms	Script application/javascript	54.192.150.97 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://au-script.dotmetrics.net/door.js?id=13075 Requested by Host: tags.news.com.au URL: https://tags.news.com.au/prod/ipsos/nca_ipsos.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 54.192.150.97 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-54-192-150-97.sin2.r.cloudfront.net Software Kestrel / Resource Hash a3108c99213e19fd023ae94bdd6fda8ce80cf8ef744b751e2ac30703fef8cd66 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers date Fri, 23 Sep 2022 17:05:34 GMT content-encoding br server Kestrel x-amz-cf-pop SIN2-C1 etag "13075...214.2022092317" vary Accept-Encoding x-cache Miss from cloudfront p3p policyref="https://au-script.dotmetrics.net/w3c/p3p.xml", CP="NOI DSP LAW CURa ADMa DEVa PSAa HISa OUR IND STA" via 1.1 9a5938d4350356dbc5967e5d8ef5ba48.cloudfront.net (CloudFront) cache-control private content-type application/javascript x-amz-cf-id TK77AOUbaPtiCmFGvz7rT97kUjceGMz8qLZo7yQdFu_fSzcFipcNsg==
GET H2	200	pubads_impl_2022091901.js Show response securepubads.g.doubleclick.net/gpt/	379 KB 128 KB	479ms 177ms	Script text/javascript	172.217.194.154 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022091901.js Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.217.194.154 , United States, ASN15169 (GOOGLE, US), Reverse DNS si-in-f154.1e100.net Software sffe / Resource Hash b64c070e33c73628d39ab223f17487bc8efb2944794231186aeef2c3e32f5288 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers date Mon, 19 Sep 2022 10:39:29 GMT content-encoding gzip x-content-type-options nosniff age 368765 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 131339 x-xss-protection 0 last-modified Mon, 19 Sep 2022 08:34:51 GMT server sffe vary Accept-Encoding report-to {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]} content-type text/javascript cache-control public, immutable, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="ads-gpt-scs" expires Tue, 19 Sep 2023 10:39:29 GMT
GET H3	200	ppub_config Show response securepubads.g.doubleclick.net/pagead/	80 B 100 B	517ms 179ms	XHR application/json	172.217.194.154 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.plusrewards.com.au Requested by Host: cdn.ravenjs.com URL: https://cdn.ravenjs.com/3.26.4/raven.min.js Protocol H3 Security QUIC, , AES_128_GCM Server 172.217.194.154 , United States, ASN15169 (GOOGLE, US), Reverse DNS si-in-f154.1e100.net Software cafe / Resource Hash 0257506dbbb614ddce593a1ca0b5c7d9e1a7c9e154368eff80751e4c59c36aed Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers timing-allow-origin * date Fri, 23 Sep 2022 17:05:34 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" access-control-allow-origin * cache-control private, max-age=3600, stale-while-revalidate=3600 cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type application/json; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 75 x-xss-protection 0 expires Fri, 23 Sep 2022 17:05:34 GMT
GET H2	200	nlsSDK600.bundle.min.js Show response cdn-gl.imrworldwide.com/novms/js/2/	195 KB 55 KB	198ms 197ms	Script application/javascript	13.224.250.112 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cdn-gl.imrworldwide.com/novms/js/2/nlsSDK600.bundle.min.js Requested by Host: cdn-gl.imrworldwide.com URL: https://cdn-gl.imrworldwide.com/conf/P9639CC51-2F11-48E8-B888-393496680A12.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.250.112 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-250-112.sin52.r.cloudfront.net Software AmazonS3 / Resource Hash 2d0ade31483bf44bbdbc9822066eaebf674738b370092fcfc8295e7ae3195d98 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers x-amz-version-id DrLErfhsYc9Oxds2t7Wz_kyLr0yC.GSp content-encoding gzip etag W/"81a9e2a298d0019660cb2966f0c24748" age 2261 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-amz-storage-class INTELLIGENT_TIERING last-modified Mon, 02 May 2022 13:40:06 GMT server AmazonS3 date Fri, 23 Sep 2022 16:27:54 GMT vary Accept-Encoding content-type application/javascript via 1.1 a372f2a2c858a55a472ec9d3d1c6b816.cloudfront.net (CloudFront) cache-control max-age=86400 x-amz-cf-pop SIN52-C2 x-amz-cf-id rMdONDMFDHs7Wj2hw645fiFJsw2HS02e4lUHV2Fs14_yWs10Pb3sRA==
GET H/1.1	200 OK	rd Show response dpm.demdex.net/id/ Redirect Chain https://dpm.demdex.net/id?d_visid_ver=5.1.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=5FE61C8B533204850A490D4D%40AdobeOrg&d_nsid=0&ts=1663952734532 https://dpm.demdex.net/id/rd?d_visid_ver=5.1.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=5FE61C8B533204850A490D4D%40AdobeOrg&d_nsid=0&ts=1663952734532	5 KB 2 KB	173ms 173ms	XHR application/json	18.136.162.157 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://dpm.demdex.net/id/rd?d_visid_ver=5.1.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=5FE61C8B533204850A490D4D%40AdobeOrg&d_nsid=0&ts=1663952734532 Requested by Host: www.plusrewards.com.au URL: https://www.plusrewards.com.au/geelongadvertiser Protocol HTTP/1.1 Server 18.136.162.157 Singapore, Singapore, ASN16509 (AMAZON-02, US), Reverse DNS ec2-18-136-162-157.ap-southeast-1.compute.amazonaws.com Software / Resource Hash e081bebdb35f9efa21dca1b264c016d85a0dfdccf73c39f0e987bd7d5a12a307 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers DCS dcs-prod-apse-2-v038-008f70772.edge-apse.demdex.com 2 ms Pragma no-cache Strict-Transport-Security max-age=31536000; includeSubDomains content-encoding gzip X-TID Wa3o9KooTnQ= Vary Origin P3P policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT" Access-Control-Allow-Origin https://www.plusrewards.com.au Cache-Control no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private Access-Control-Allow-Credentials true Connection keep-alive Content-Type application/json;charset=utf-8 Content-Length 1559 Expires Thu, 01 Jan 1970 00:00:00 UTC Redirect headers DCS dcs-prod-apse-2-v038-04becb7e4.edge-apse.demdex.com 0 ms Pragma no-cache Strict-Transport-Security max-age=31536000; includeSubDomains Access-Control-Allow-Origin https://www.plusrewards.com.au X-TID E1VFnxMeQUk= Vary Origin P3P policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT" Location https://dpm.demdex.net/id/rd?d_visid_ver=5.1.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=5FE61C8B533204850A490D4D%40AdobeOrg&d_nsid=0&ts=1663952734532 Cache-Control no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private Access-Control-Allow-Credentials true Connection keep-alive Content-Length 0 Expires Thu, 01 Jan 1970 00:00:00 UTC
GET H2	200	hit.gif au-script.dotmetrics.net/	43 B 1 KB	452ms 452ms	Image image/gif	54.192.150.97 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://au-script.dotmetrics.net/hit.gif?id=13075&url=https%3A%2F%2Fwww.plusrewards.com.au%2Fgeelongadvertiser&dom=www.plusrewards.com.au&r=1663952734550&pvs=1&pvid=34dbc1a0-1db9-4f19-bc14-d7bb26325225&c=true&tzOffset=0 Requested by Host: www.plusrewards.com.au URL: https://www.plusrewards.com.au/geelongadvertiser Protocol H2 Security TLS 1.3, , AES_128_GCM Server 54.192.150.97 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-54-192-150-97.sin2.r.cloudfront.net Software Kestrel / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers date Fri, 23 Sep 2022 17:05:34 GMT dotmetrics-hit-status 05 DOMAIN_INVALID server Kestrel x-amz-cf-pop SIN2-C1 x-cache Miss from cloudfront p3p policyref="https://au-script.dotmetrics.net/w3c/p3p.xml", CP="NOI DSP LAW CURa ADMa DEVa PSAa HISa OUR IND STA" via 1.1 9a5938d4350356dbc5967e5d8ef5ba48.cloudfront.net (CloudFront) cache-control no-cache content-type image/gif x-amz-cf-id YIYKb1D0SXQp6VGPDkW2WF0ETwgR44zhn7sOmLeB85uOhsNVXjTmaQ==
POST H2	403	csp-reports login.newscorpaustralia.com/	0 0	1465ms 375ms	Other text/html	23.199.136.8 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://login.newscorpaustralia.com/csp-reports Requested by Host: www.plusrewards.com.au URL: https://www.plusrewards.com.au/geelongadvertiser Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.199.136.8 Kuala Lumpur, Malaysia, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-199-136-8.deploy.static.akamaitechnologies.com Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://www.plusrewards.com.au/ accept-language en-AU,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Content-Type application/csp-report Response headers
GET		2970e277 login.newscorpaustralia.com/akam/13/ Frame 1EFA	0 0
GET		1McDhLIVMB login.newscorpaustralia.com/aXHkEKIDVd/_e/DE4odUOX/EbiOVQGS/RV89Lg/dl/ Frame 1EFA	0 0
GET H2	200	madammarch2020-23.jpg www.plusrewards.com.au/darkroom/1500/234260c70d934410ca27e66f61b3b754:dc147cf9cd2ce220c3acde61f9323eaf/	235 KB 236 KB	115ms 114ms	Image image/webp	104.26.2.172 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.plusrewards.com.au/darkroom/1500/234260c70d934410ca27e66f61b3b754:dc147cf9cd2ce220c3acde61f9323eaf/madammarch2020-23.jpg Requested by Host: www.plusrewards.com.au URL: https://www.plusrewards.com.au/geelongadvertiser Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.26.2.172 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash a95fdcd28e6c95c4b844a12b0d290d03db5444c39358bf662f457721aa66c9f3 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/geelongadvertiser User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers date Fri, 23 Sep 2022 17:05:34 GMT via 1.1 varnish (Varnish/6.0) vary Accept-Encoding cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 403250 authorized-request /1500/234260c70d934410ca27e66f61b3b754:dc147cf9cd2ce220c3acde61f9323eaf/madammarch2020-23.webp x-clock-cacheable NO:Cookie content-length 240688 x-webworker active cf-ray 74f4ddafae235a5b-MEL d-cache MISS, HIT last-modified Tue, 12 Jul 2022 06:18:29 GMT server cloudflare strict-transport-security max-age=31536000 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g42JR6SgW3hNzOuQX5FGO6eHSTRRrZ0HiNz5jAvzhL4kKLKVx4oI9mHVQnKt2SA2BiNE4SK89IemOu09yHqN1EjG%2BcsEdRJvD7gBtFaGPDpr9xiAui0Gi3RPMPQ4YvD2hBNHVzAilK4%3D"}],"group":"cf-nel","max_age":604800} x-varnish 47050463 cache-control max-age=315360000 accept-ranges bytes content-type image/webp
GET H2	200	8329-adc-rewards-1920x1080-1.jpg www.plusrewards.com.au/darkroom/1500/3d195e2cca812074a243605aa6baf35d:4ab051d826062783ab6c63793680294a/	140 KB 141 KB	109ms 109ms	Image image/webp	104.26.2.172 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.plusrewards.com.au/darkroom/1500/3d195e2cca812074a243605aa6baf35d:4ab051d826062783ab6c63793680294a/8329-adc-rewards-1920x1080-1.jpg Requested by Host: www.plusrewards.com.au URL: https://www.plusrewards.com.au/geelongadvertiser Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.26.2.172 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 83102b5d4af69703cfa3e8233c9f65087b3f63f9cf57d37e44db0cc036ba8fc8 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/geelongadvertiser User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers x-application-method Resize width and maintain aspect ratio date Fri, 23 Sep 2022 17:05:34 GMT via 1.1 varnish (Varnish/6.0) vary Accept-Encoding cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 403249 authorized-request /1500/3d195e2cca812074a243605aa6baf35d:4ab051d826062783ab6c63793680294a/8329-adc-rewards-1920x1080-1.webp x-clock-cacheable NO:Cookie x-webworker active cf-ray 74f4ddafae245a5b-MEL d-cache MISS last-modified Mon, 19 Sep 2022 01:04:44 GMT server cloudflare strict-transport-security max-age=31536000 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GEZ3RjtKLcbnFdmP06R3r8w%2FTw8XN1a5Urxf%2BB0A2%2ByIYBz17Ddie587X%2F%2BmaQ94OeCwB8ePCgorLpFqt%2BpPCVRJ5HPd9u3Lxc3YlQkDNLvpUpcBO8%2Blv0gb%2FKhSdtGGYVuXjoeJgfc%3D"}],"group":"cf-nel","max_age":604800} x-varnish 46478747 cache-control max-age=315360000 content-type image/webp cf-bgj h2pri
GET H2	200	script.js Show response au-script.dotmetrics.net/Scripts/	79 KB 33 KB	362ms 362ms	Script application/javascript	54.192.150.97 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://au-script.dotmetrics.net/Scripts/script.js?v=214 Requested by Host: au-script.dotmetrics.net URL: https://au-script.dotmetrics.net/door.js?id=13075 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 54.192.150.97 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-54-192-150-97.sin2.r.cloudfront.net Software Kestrel / Resource Hash b07f5a1999429f79826a2454193403d52131db0eab4dfbd79a38b8d980808ed3 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers date Fri, 23 Sep 2022 17:05:34 GMT content-encoding br last-modified Mon, 05 Sep 2022 12:02:11 GMT server Kestrel x-amz-cf-pop SIN2-C1 etag "1d8c11f544f5886" vary Accept-Encoding x-cache Miss from cloudfront content-type application/javascript via 1.1 9a5938d4350356dbc5967e5d8ef5ba48.cloudfront.net (CloudFront) accept-ranges bytes x-amz-cf-id Gr56nMgEBUQrQO9LgYi65sE-S4JlEdlCYsOBZc5UH4stm0pfQcs6HQ==
GET H2	200	ls.html Show response cdn-gl.imrworldwide.com/novms/html/ Frame 82AE	12 KB 4 KB	172ms 172ms	Document text/html	13.224.250.112 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cdn-gl.imrworldwide.com/novms/html/ls.html Requested by Host: cdn-gl.imrworldwide.com URL: https://cdn-gl.imrworldwide.com/novms/js/2/nlsSDK600.bundle.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.250.112 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-250-112.sin52.r.cloudfront.net Software AmazonS3 / Resource Hash c1ca15aa8598ac972f25c8812a1c189cd22f8926ec7b890bc8ea6a70a7779fd1 Request headers Referer https://www.plusrewards.com.au/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 accept-language en-AU,en;q=0.9 Response headers age 2270 cache-control max-age=86400 content-encoding gzip content-type text/html date Fri, 23 Sep 2022 16:27:45 GMT etag W/"7fa83dfc7b78314b137e2eb13834daa7" last-modified Mon, 02 May 2022 13:40:06 GMT server AmazonS3 vary Accept-Encoding via 1.1 a372f2a2c858a55a472ec9d3d1c6b816.cloudfront.net (CloudFront) x-amz-cf-id HEr5jy2VAarMIIQZUuEJHVnWOIT5RUFTsV-8yaE1h2EgWNB_JjgWGg== x-amz-cf-pop SIN52-C2 x-amz-server-side-encryption AES256 x-amz-version-id pCvO2RaXRfPysrOm9wpmYmW2HbKONfJo x-cache Hit from cloudfront
GET H2	200	gn secure-sdk.imrworldwide.com/cgi-bin/ Frame 82AE	44 B 721 B	516ms 174ms	Image image/gif	18.139.71.162 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://secure-sdk.imrworldwide.com/cgi-bin/gn?prd=session&c9=devid,&c13=asid,P9639CC51-2F11-48E8-B888-393496680A12&sessionId=rhp7f71yquvsav4hpdd1mdvxm2z9x1663952734&c16=sdkv,bj.6.0.0&uoo=&fp_id=gwfssyjle0gad3f5j25w1mshp8cam1663952734&fp_cr_tm=1663952734776&fp_acc_tm=1663952734776&fp_emm_tm=1663952734776&ve_id=&c30=bldv,6.0.0.623&uid2=&uid2_token=&hem_sha256=&hem_sha1=&hem_md5=&hem_unknown=&sdd=&retry=0 Requested by Host: www.plusrewards.com.au URL: https://www.plusrewards.com.au/geelongadvertiser Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 18.139.71.162 Singapore, Singapore, ASN16509 (AMAZON-02, US), Reverse DNS ec2-18-139-71-162.ap-southeast-1.compute.amazonaws.com Software nginx / Resource Hash 5ecb58845a9ac30e4eb4b18eb0e7431ba1fb195ce035309735efaee67421c7a3 Request headers accept-language en-AU,en;q=0.9 Referer https://cdn-gl.imrworldwide.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers pragma no-cache date Fri, 23 Sep 2022 17:05:35 GMT server nginx access-control-allow-methods POST, OPTIONS p3p P3P policyref="http://secure-sdk.imrworldwide.com/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM" access-control-allow-origin * cache-control no-cache cross-origin-resource-policy cross-origin accept-ch Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version content-type image/gif content-length 44 expires Thu, 01 Dec 1994 16:00:00 GMT
GET H2	200	/ rhp7f71yquvsav4hpdd1mdvxm2z9x1663952734.nuid.imrworldwide.com/ Frame 82AE	35 B 352 B	555ms 169ms	Image image/gif	13.224.250.85 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://rhp7f71yquvsav4hpdd1mdvxm2z9x1663952734.nuid.imrworldwide.com/ Requested by Host: www.plusrewards.com.au URL: https://www.plusrewards.com.au/geelongadvertiser Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.250.85 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-250-85.sin52.r.cloudfront.net Software AmazonS3 / Resource Hash 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992 Request headers accept-language en-AU,en;q=0.9 Referer https://cdn-gl.imrworldwide.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers date Thu, 22 Sep 2022 22:17:16 GMT via 1.1 0d4aa9f487883216469659ecf56a9a92.cloudfront.net (CloudFront) last-modified Tue, 11 Sep 2018 17:05:20 GMT server AmazonS3 age 67700 etag "c2196de8ba412c60c22ab491af7b1409" x-cache Hit from cloudfront content-type image/gif x-amz-cf-pop SIN52-C2 accept-ranges bytes content-length 35 x-amz-cf-id mkIEPz8BaE7QjgD-wKg3XvBR-nOuc7OSmEDpBOk678pbwT4CPFZS3Q==
GET H2	200	integrator.js Show response adservice.google.com.au/adsid/	107 B 792 B	636ms 183ms	Script application/javascript	74.125.200.154 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://adservice.google.com.au/adsid/integrator.js?domain=www.plusrewards.com.au Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022091901.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 74.125.200.154 , United States, ASN15169 (GOOGLE, US), Reverse DNS sa-in-f154.1e100.net Software cafe / Resource Hash a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers timing-allow-origin * date Fri, 23 Sep 2022 17:05:35 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info." cache-control private, no-cache, no-store cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type application/javascript; charset=UTF-8 alt-svc h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43" content-length 100 x-xss-protection 0
GET H2	200	integrator.js Show response adservice.google.com/adsid/	107 B 549 B	634ms 182ms	Script application/javascript	142.251.10.156 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://adservice.google.com/adsid/integrator.js?domain=www.plusrewards.com.au Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022091901.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.251.10.156 , United States, ASN15169 (GOOGLE, US), Reverse DNS sd-in-f156.1e100.net Software cafe / Resource Hash a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers timing-allow-origin * date Fri, 23 Sep 2022 17:05:35 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info." cache-control private, no-cache, no-store cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type application/javascript; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 100 x-xss-protection 0
GET H3	200	ads Show response securepubads.g.doubleclick.net/gampad/	754 B 434 B	212ms 212ms	XHR text/plain	172.217.194.154 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1293784493089730&correlator=2493959431649472&hxva=1&scor=558331722303215&eid=44774044&output=ldjh&gdfp_req=1&vrg=2022091901&ptt=17&impl=fifs&iu_parts=5129%2Cndm.gea%2Crewards&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=1x1&ifi=1&adks=1517511884&sfv=1-0-38&ists=1&fsapi=false&prev_scp=pos%3D1&eri=1&cust_params=us%3Db%26s%3D0%26kw%3D%26sec1%3Drewards%26ksgmnt%3D%26siteview%3D1%26pagetype%3Doffers%26adl%3Dfalse%26abtest%3Da%26pvid%3D00000000000000000000000000000000-00000000000000000000000000000000-1663952732819-990316&sc=1&cookie_enabled=1&abxe=1&dt=1663952735185&lmt=1663952735&dlt=1663952730086&idt=4970&adxs=0&adys=4656&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=1&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fwww.plusrewards.com.au%2Fgeelongadvertiser&frm=20&vis=1&psz=1600x4655&msz=1600x0&fws=0&ohw=0&ga_vid=1944812390.1663952735&ga_sid=1663952735&ga_hid=1572363381&ga_fc=false Requested by Host: cdn.ravenjs.com URL: https://cdn.ravenjs.com/3.26.4/raven.min.js Protocol H3 Security QUIC, , AES_128_GCM Server 172.217.194.154 , United States, ASN15169 (GOOGLE, US), Reverse DNS si-in-f154.1e100.net Software cafe / Resource Hash 65eac0784b119eddc6d5ee76650a20320406aa5db40482cdf480ca601db1aa8f Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers date Fri, 23 Sep 2022 17:05:35 GMT content-encoding br x-content-type-options nosniff google-mediationgroup-id -2 p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 404 x-xss-protection 0 google-lineitem-id -2 pragma no-cache server cafe google-mediationtag-id -2 google-creative-id -2 content-type text/plain; charset=UTF-8 access-control-allow-origin https://www.plusrewards.com.au cache-control no-cache, must-revalidate access-control-allow-credentials true timing-allow-origin * expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	container.html Show response c12432f6a1c0ffc4285d362a742b4db6.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame F8C0	6 KB 4 KB	537ms 180ms	Document text/html	142.251.12.132 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://c12432f6a1c0ffc4285d362a742b4db6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022091901.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.251.12.132 , United States, ASN15169 (GOOGLE, US), Reverse DNS se-in-f132.1e100.net Software sffe / Resource Hash a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://www.plusrewards.com.au/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 accept-language en-AU,en;q=0.9 Response headers accept-ranges bytes alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" cache-control public, immutable, max-age=31536000 content-encoding gzip content-length 3108 content-type text/html cross-origin-opener-policy-report-only same-origin; report-to="ads-gpt-scs" cross-origin-resource-policy cross-origin date Fri, 23 Sep 2022 17:05:35 GMT expires Sat, 23 Sep 2023 17:05:35 GMT last-modified Tue, 02 Mar 2021 20:17:03 GMT report-to {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]} server sffe timing-allow-origin * vary Accept-Encoding x-content-type-options nosniff x-xss-protection 0
GET H2	200	SiteEvent.dotmetrics Show response au-script.dotmetrics.net/	18 B 1 KB	454ms 454ms	Script application/javascript	54.192.150.97 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://au-script.dotmetrics.net/SiteEvent.dotmetrics?v=eyJpZCI6MTMwNzUsImZsIjp0cnVlLCJkb20iOiJ3d3cucGx1c3Jld2FyZHMuY29tLmF1IiwibHNvIjpudWxsLCJ1cmwiOiJodHRwczovL3d3dy5wbHVzcmV3YXJkcy5jb20uYXUvZ2VlbG9uZ2FkdmVydGlzZXIiLCJydXJsIjoiIiwicHZpZCI6IjM0ZGJjMWEwLTFkYjktNGYxOS1iYzE0LWQ3YmIyNjMyNTIyNSIsInR6T2Zmc2V0IjowLCJvc3MiOnRydWUsIm9zZXMiOnRydWV9&r=1663952735198 Requested by Host: au-script.dotmetrics.net URL: https://au-script.dotmetrics.net/Scripts/script.js?v=214 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 54.192.150.97 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-54-192-150-97.sin2.r.cloudfront.net Software Kestrel / Resource Hash 7153de840f0ead8b0b5015d3f47ae25c347476e0a24b851bb5ab0831c58a0226 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers date Fri, 23 Sep 2022 17:05:35 GMT content-encoding br server Kestrel x-amz-cf-pop SIN2-C1 vary Accept-Encoding x-cache Miss from cloudfront p3p policyref="https://au-script.dotmetrics.net/w3c/p3p.xml", CP="NOI DSP LAW CURa ADMa DEVa PSAa HISa OUR IND STA" via 1.1 9a5938d4350356dbc5967e5d8ef5ba48.cloudfront.net (CloudFront) cache-control no-cache content-type application/javascript x-amz-cf-id k9b780a9ksABfHJiy6_EhPy3XoVPRBc0iPpA9OS1v_jAq4TSJht9bQ==
GET H/1.1	200 OK	dest5.html Show response newscorpau.demdex.net/ Frame 9B94	7 KB 3 KB	683ms 171ms	Document text/html	3.1.114.116 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://newscorpau.demdex.net/dest5.html?d_nsid=0 Requested by Host: tags.news.com.au URL: https://tags.news.com.au/prod/metrics/metrics.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 3.1.114.116 Singapore, Singapore, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-1-114-116.ap-southeast-1.compute.amazonaws.com Software / Resource Hash 7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer https://www.plusrewards.com.au/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 accept-language en-AU,en;q=0.9 Response headers Accept-Ranges bytes Cache-Control no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private Connection keep-alive Content-Type text/html;charset=UTF-8 DCS dcs-prod-apse-1-v038-0dae3cf57.edge-apse.demdex.com 0 ms Expires Thu, 01 Jan 1970 00:00:00 UTC P3P policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT" Pragma no-cache Strict-Transport-Security max-age=31536000; includeSubDomains X-TID 1561DCKdSGQ= content-encoding gzip date Fri, 23 Sep 2022 17:05:36 GMT last-modified Mon, 19 Sep 2022 08:53:39 GMT transfer-encoding chunked vary accept-encoding
GET H2	200	id Show response metrics.plusrewards.com.au/	48 B 469 B	1016ms 325ms	XHR application/x-javascript	63.140.36.137
General Check archive.org Show headers Download Go to Full URL https://metrics.plusrewards.com.au/id?d_visid_ver=5.1.1&d_fieldgroup=A&mcorgid=5FE61C8B533204850A490D4D%40AdobeOrg&mid=64684629589754567411224176241682356812&ts=1663952735398 Requested by Host: cdn.ravenjs.com URL: https://cdn.ravenjs.com/3.26.4/raven.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 63.140.36.137 -, , ASN (), Reverse DNS Software jag / Resource Hash 142ec3ab832eb719b1a343d6159d905d0ddb2812fd45c0450ea017b27943e2c5 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://www.plusrewards.com.au/ accept-language en-AU,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Content-Type application/x-www-form-urlencoded Response headers date Fri, 23 Sep 2022 17:05:36 GMT x-content-type-options nosniff server jag vary Origin p3p CP="This is not a P3P policy" access-control-allow-origin https://www.plusrewards.com.au cache-control no-cache, no-store, max-age=0, no-transform, private access-control-allow-credentials true strict-transport-security max-age=31536000; includeSubDomains content-type application/x-javascript;charset=utf-8 content-length 48 x-xss-protection 1; mode=block
GET H/1.1	200 OK	ibs:dpid=411&dpuuid=Yy3nYAAAAGT1RAM5 dpm.demdex.net/ Redirect Chain https://cm.everesttech.net/cm/dd?d_uuid=64705704657746833911222068185127209814 https://dpm.demdex.net/ibs:dpid=411&dpuuid=Yy3nYAAAAGT1RAM5	42 B 942 B	173ms 172ms	Image image/gif	18.136.162.157 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://dpm.demdex.net/ibs:dpid=411&dpuuid=Yy3nYAAAAGT1RAM5 Requested by Host: www.plusrewards.com.au URL: https://www.plusrewards.com.au/geelongadvertiser Protocol HTTP/1.1 Server 18.136.162.157 Singapore, Singapore, ASN16509 (AMAZON-02, US), Reverse DNS ec2-18-136-162-157.ap-southeast-1.compute.amazonaws.com Software / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers DCS dcs-prod-apse-2-v038-046b1385a.edge-apse.demdex.com 2 ms Pragma no-cache Strict-Transport-Security max-age=31536000; includeSubDomains content-encoding gzip X-Content-Type-Options nosniff X-TID x/qZOeRwQ0c= P3P policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT" Cache-Control no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private Connection keep-alive Content-Type image/gif Content-Length 59 Expires Thu, 01 Jan 1970 00:00:00 UTC Redirect headers Location https://dpm.demdex.net/ibs:dpid=411&dpuuid=Yy3nYAAAAGT1RAM5 Date Fri, 23 Sep 2022 17:05:36 GMT Cache-Control no-cache Server AMO-cookiemap/1.1 Connection keep-alive Content-Length 0 P3P CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
GET H2	200	ga.js Show response ssl.google-analytics.com/	45 KB 17 KB	530ms 179ms	Script text/javascript	172.253.118.97 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://ssl.google-analytics.com/ga.js Requested by Host: tags.tiqcdn.com URL: https://tags.tiqcdn.com/utag/newsltd/gea.wl/prod/utag.625.js?utv=ut4.46.202111250407 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.253.118.97 , United States, ASN15169 (GOOGLE, US), Reverse DNS sl-in-f97.1e100.net Software Golfe2 / Resource Hash 1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers strict-transport-security max-age=10886400; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff last-modified Sun, 11 Sep 2022 13:50:09 GMT server Golfe2 age 1675 date Fri, 23 Sep 2022 16:37:41 GMT vary Accept-Encoding content-type text/javascript cache-control public, max-age=7200 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 17168 expires Fri, 23 Sep 2022 18:37:41 GMT
GET H2	200	utag.v.js Show response tags.tiqcdn.com/utag/tiqapp/	2 B 202 B	200ms 200ms	Script application/x-javascript	104.71.48.190 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=newsltd/gea.wl/202207211011&cb=1663952735576 Requested by Host: tags.tiqcdn.com URL: https://tags.tiqcdn.com/utag/newsltd/gea.wl/prod/utag.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 104.71.48.190 Central, Hong Kong, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-71-48-190.deploy.static.akamaitechnologies.com Software AkamaiNetStorage / Resource Hash a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers date Fri, 23 Sep 2022 17:05:35 GMT last-modified Thu, 14 Apr 2016 16:57:51 GMT server AkamaiNetStorage etag "7bc0ee636b3b83484fc3b9348863bd22:1460653071" content-type application/x-javascript cache-control max-age=600 accept-ranges bytes content-length 2 expires Fri, 23 Sep 2022 17:15:35 GMT
GET H2	200	collect stats.g.doubleclick.net/r/ Redirect Chain https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=664246827&utmhn=www.plusrewards.com.au&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmd... https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-5748164-21&cid=1944812390.1663952735&jid=805071691&_v=5.7.2&z=664246827	35 B 430 B	942ms 181ms	Image image/gif	142.251.12.156
General Check archive.org Show headers Download Go to Show image Full URL https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-5748164-21&cid=1944812390.1663952735&jid=805071691&_v=5.7.2&z=664246827 Requested by Host: www.plusrewards.com.au URL: https://www.plusrewards.com.au/geelongadvertiser Protocol H2 Server 142.251.12.156 -, , ASN (), Reverse DNS Software Golfe2 / Resource Hash 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015 Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers pragma no-cache strict-transport-security max-age=10886400; includeSubDomains; preload x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 date Fri, 23 Sep 2022 17:05:37 GMT content-type image/gif access-control-allow-origin * cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 35 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers pragma no-cache date Fri, 23 Sep 2022 17:05:36 GMT last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 location https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-5748164-21&cid=1944812390.1663952735&jid=805071691&_v=5.7.2&z=664246827 content-type text/html; charset=UTF-8 access-control-allow-origin * cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 369 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H/1.1	200 OK	ibs:dpid=358&dpuuid=8120189085316700700 dpm.demdex.net/ Frame 9B94 Redirect Chain https://ib.adnxs.com/getuid?https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D358%26dpuuid%3D%24UID https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fdpm.demdex.net%252Fibs%253Adpid%253D358%2526dpuuid%253D%2524UID https://dpm.demdex.net/ibs:dpid=358&dpuuid=8120189085316700700	42 B 942 B	173ms 173ms	Image image/gif	18.136.162.157 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://dpm.demdex.net/ibs:dpid=358&dpuuid=8120189085316700700 Requested by Host: www.plusrewards.com.au URL: https://www.plusrewards.com.au/geelongadvertiser Protocol HTTP/1.1 Server 18.136.162.157 Singapore, Singapore, ASN16509 (AMAZON-02, US), Reverse DNS ec2-18-136-162-157.ap-southeast-1.compute.amazonaws.com Software / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff Request headers accept-language en-AU,en;q=0.9 Referer https://newscorpau.demdex.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers DCS dcs-prod-apse-2-v038-0ab0c1be6.edge-apse.demdex.com 2 ms Pragma no-cache Strict-Transport-Security max-age=31536000; includeSubDomains content-encoding gzip X-Content-Type-Options nosniff X-TID pLFc7lc8TmY= P3P policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT" Cache-Control no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private Connection keep-alive Content-Type image/gif Content-Length 59 Expires Thu, 01 Jan 1970 00:00:00 UTC Redirect headers Pragma no-cache Date Fri, 23 Sep 2022 17:05:37 GMT X-Proxy-Origin 103.209.254.113; 103.209.254.113; 907.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net; adnxs.com AN-X-Request-Uuid c33559df-3989-4b94-a060-838f6b5bf11e Server nginx/1.21.3 Access-Control-Allow-Origin * P3P policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" Location https://dpm.demdex.net/ibs:dpid=358&dpuuid=8120189085316700700 Cache-Control no-store, no-cache, private Access-Control-Allow-Credentials true Connection keep-alive Content-Type text/html; charset=utf-8 Content-Length 0 X-XSS-Protection 0 Expires Sat, 15 Nov 2008 16:00:00 GMT
GET H/1.1	200 OK	id Show response dpm.demdex.net/	5 KB 2 KB	175ms 173ms	XHR application/json	18.136.162.157 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://dpm.demdex.net/id?d_visid_ver=5.1.1&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=5FE61C8B533204850A490D4D%40AdobeOrg&d_nsid=0&d_mid=64684629589754567411224176241682356812&d_blob=RKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y&ts=1663952736418 Requested by Host: cdn.ravenjs.com URL: https://cdn.ravenjs.com/3.26.4/raven.min.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 18.136.162.157 Singapore, Singapore, ASN16509 (AMAZON-02, US), Reverse DNS ec2-18-136-162-157.ap-southeast-1.compute.amazonaws.com Software / Resource Hash 2095f7c2912857406db35a6ccb9f425b29819e3e45c4ae8e9b7f78276252a877 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer https://www.plusrewards.com.au/ accept-language en-AU,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Content-Type application/x-www-form-urlencoded Response headers DCS dcs-prod-apse-1-v038-07aea2e4f.edge-apse.demdex.com 2 ms Pragma no-cache Strict-Transport-Security max-age=31536000; includeSubDomains content-encoding gzip X-TID x1y90pegRK8= Vary Origin P3P policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT" Access-Control-Allow-Origin https://www.plusrewards.com.au Cache-Control no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private Access-Control-Allow-Credentials true Connection keep-alive Content-Type application/json;charset=utf-8 Content-Length 1560 Expires Thu, 01 Jan 1970 00:00:00 UTC
GET H/1.1	200 OK	ibs:dpid=470&dpuuid=3742989737531796284 dpm.demdex.net/ Frame 9B94 Redirect Chain https://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMjM2NTYzMjkvdC8y/url/https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D470%26dpuuid%3D%24!%7BTURN_UUID%7D https://d3273622690172371738-t3742989737531796284.id.amgdgt.com/r/telco/tuid/3742989737531796284/duid/3273622690172371738/url/https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D470%26dpuuid%3D374298973753... https://dpm.demdex.net/ibs:dpid=470&dpuuid=3742989737531796284	42 B 942 B	262ms 173ms	Image image/gif	18.136.162.157 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://dpm.demdex.net/ibs:dpid=470&dpuuid=3742989737531796284 Protocol HTTP/1.1 Server 18.136.162.157 Singapore, Singapore, ASN16509 (AMAZON-02, US), Reverse DNS ec2-18-136-162-157.ap-southeast-1.compute.amazonaws.com Software / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff Request headers accept-language en-AU,en;q=0.9 Referer https://newscorpau.demdex.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers DCS dcs-prod-apse-2-v038-04becb7e4.edge-apse.demdex.com 3 ms Pragma no-cache Strict-Transport-Security max-age=31536000; includeSubDomains content-encoding gzip X-Content-Type-Options nosniff X-TID wjf4rGBvTpo= P3P policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT" Cache-Control no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private Connection keep-alive Content-Type image/gif Content-Length 59 Expires Thu, 01 Jan 1970 00:00:00 UTC Redirect headers Location https://dpm.demdex.net/ibs:dpid=470&dpuuid=3742989737531796284 Pragma no-cache Date Fri, 23 Sep 2022 17:05:37 GMT Cache-Control max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0 Content-Length 0 Strict-Transport-Security max-age=15768000 P3P policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
GET H/1.1	204 No Content	token token.rubiconproject.com/ Frame 9B94	0 719 B	685ms 171ms	Image text/plain	69.173.158.64
General Check archive.org Show headers Download Go to Show image Full URL https://token.rubiconproject.com/token?pid=6404&puid=64705704657746833911222068185127209814&gdpr=0&gdpr_consent= Requested by Host: www.plusrewards.com.au URL: https://www.plusrewards.com.au/geelongadvertiser Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_CBC Server 69.173.158.64 -, , ASN (), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language en-AU,en;q=0.9 Referer https://newscorpau.demdex.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers Pragma no-cache Expires 0 Cache-Control no-cache,no-store,must-revalidate X-RPHost 4b9b5fe4fdc8ed94e0f7cdc225df187a P3P CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
GET H2	200	s91481364506677 Show response metrics.plusrewards.com.au/b/ss/newscorpau-gaweb,newscorpau-global/10/JS-2.22.4/	5 KB 5 KB	498ms 497ms	Script application/x-javascript	63.140.36.137
General Check archive.org Show headers Download Go to Full URL https://metrics.plusrewards.com.au/b/ss/newscorpau-gaweb,newscorpau-global/10/JS-2.22.4/s91481364506677?AQB=1&ndh=1&pf=1&callback=s_c_il[0].doPostbacks&et=1&t=23%2F8%2F2022%2017%3A5%3A36%205%200&d.&nsid=0&jsonv=1&.d&mid=64684629589754567411224176241682356812&aamlh=3&ce=UTF-8&ns=newscorpau&cdp=3&pageName=ga%7Crewards%7Coffers%7Crewards%20offers&g=https%3A%2F%2Fwww.plusrewards.com.au%2Fgeelongadvertiser&c.&getNewRepeat=3.0&getPreviousValue=3.0&.c&cc=AUD&ch=D%3Dv4&events=event1%2Cevent8%2Cevent63%3D50&aamb=RKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y&c1=D%3Dv1&v1=news%20corp%20au&h1=news%20corp%20au%7Cgeelong%20advertiser%7Cgeelong%20advertiser%20web%7Crewards&c2=D%3Dv2&v2=geelong%20advertiser&c3=D%3Dv3&v3=geelong%20advertiser%20web&c4=D%3Dv4&v4=rewards&c9=D%3Dv9&v9=offers&c10=D%3Dg&v10=D%3DpageName&c11=D%3Dv11&v11=D%3Dvid&c14=D%3Dv14&v14=anonymous&c22=D%3Dv22&v22=3%3A05%20AM%7CSaturday&c24=D%3Dv24&v24=New&c30=First%20Visit&v34=D%3Dg&c45=landscape&c46=D%3Dv46&v46=not%20logged%20in&v52=1600x1200%7Cwindows%7C10&c60=D%3Dv60&v60=50&c65=D%3Dv65&v65=false&c75=D%3Dv80&v76=chrome%20pdf%20plugin%3Bchrome%20pdf%20viewer%3Bnative%20client&v77=D%3Dmid&v78=au%7Cvic%7Cmelbourne%7C-37.82%7C144.97%7Cgmt%2B10%7Cunknown&v79=au&v80=00000000000000000000000000000000-00000000000000000000000000000000-1663952732819-990316&v111=0&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=5FE61C8B533204850A490D4D%40AdobeOrg&AQE=1 Requested by Host: tags.news.com.au URL: https://tags.news.com.au/prod/metrics/metrics.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 63.140.36.137 -, , ASN (), Reverse DNS Software jag / Resource Hash 1ad40c990d95660d846782f087e52594e8d5e8e43dd45444b6d5f5b7b4293ac5 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers x-aam-tid sEN2ZGcnT5g= date Fri, 23 Sep 2022 17:05:36 GMT x-content-type-options nosniff p3p CP="This is not a P3P policy" vary * content-length 4953 x-xss-protection 1; mode=block dcs dcs-prod-apse-1-v038-0dae3cf57.edge-apse.demdex.com 5 ms pragma no-cache last-modified Sat, 24 Sep 2022 17:05:36 GMT server jag etag 3573311293019160576-4619839848971150920 strict-transport-security max-age=31536000; includeSubDomains content-type application/x-javascript;charset=utf-8 access-control-allow-origin * cache-control no-cache, no-store, max-age=0, no-transform, private expires Thu, 22 Sep 2022 17:05:36 GMT
GET H/1.1	200 OK	ibs:dpid=771&dpuuid=CAESEK87j3Br4s54i3J53A7qR68&google_cver=1 dpm.demdex.net/ Frame 9B94 Redirect Chain https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm&gdpr=0&gdpr_consent=&google_hm=NjQ3MDU3MDQ2NTc3NDY4MzM5MTEyMjIwNjgxODUxMjcyMDk4MTQ= https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEK87j3Br4s54i3J53A7qR68&google_cver=1?gdpr=0&gdpr_consent=	42 B 942 B	173ms 173ms	Image image/gif	18.136.162.157 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEK87j3Br4s54i3J53A7qR68&google_cver=1?gdpr=0&gdpr_consent= Protocol HTTP/1.1 Server 18.136.162.157 Singapore, Singapore, ASN16509 (AMAZON-02, US), Reverse DNS ec2-18-136-162-157.ap-southeast-1.compute.amazonaws.com Software / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff Request headers accept-language en-AU,en;q=0.9 Referer https://newscorpau.demdex.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers DCS dcs-prod-apse-1-v038-0bb4f4566.edge-apse.demdex.com 2 ms Pragma no-cache Strict-Transport-Security max-age=31536000; includeSubDomains content-encoding gzip X-Content-Type-Options nosniff X-TID 228Ws1P/RRk= P3P policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT" Cache-Control no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private Connection keep-alive Content-Type image/gif Content-Length 59 Expires Thu, 01 Jan 1970 00:00:00 UTC Redirect headers pragma no-cache date Fri, 23 Sep 2022 17:05:37 GMT server HTTP server (unknown) p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" location https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEK87j3Br4s54i3J53A7qR68&google_cver=1?gdpr=0&gdpr_consent= cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type text/html; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 314 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H/1.1	200 OK	ibs:dpid=903&dpuuid=171eab33-8fb1-4d3c-8403-0cb3fec750ba dpm.demdex.net/ Frame 9B94 Redirect Chain https://match.adsrvr.org/track/cmf/generic?ttd_pid=aam&gdpr=0&gdpr_consent=&domain=www.plusrewards.com.au&ttd_tpi=1 https://match.adsrvr.org/track/cmb/generic?ttd_pid=aam&gdpr=0&gdpr_consent=&domain=www.plusrewards.com.au&ttd_tpi=1 https://dpm.demdex.net/ibs:dpid=903&dpuuid=171eab33-8fb1-4d3c-8403-0cb3fec750ba	42 B 942 B	335ms 173ms	Image image/gif	18.136.162.157 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://dpm.demdex.net/ibs:dpid=903&dpuuid=171eab33-8fb1-4d3c-8403-0cb3fec750ba Protocol HTTP/1.1 Server 18.136.162.157 Singapore, Singapore, ASN16509 (AMAZON-02, US), Reverse DNS ec2-18-136-162-157.ap-southeast-1.compute.amazonaws.com Software / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff Request headers accept-language en-AU,en;q=0.9 Referer https://newscorpau.demdex.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers DCS dcs-prod-apse-1-v038-0ed51c3f7.edge-apse.demdex.com 2 ms Pragma no-cache Strict-Transport-Security max-age=31536000; includeSubDomains content-encoding gzip X-Content-Type-Options nosniff X-TID g+voV7IQT8Y= P3P policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT" Cache-Control no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private Connection keep-alive Content-Type image/gif Content-Length 59 Expires Thu, 01 Jan 1970 00:00:00 UTC Redirect headers pragma no-cache date Fri, 23 Sep 2022 17:05:37 GMT x-aspnet-version 4.0.30319 p3p CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV" location https://dpm.demdex.net/ibs:dpid=903&dpuuid=171eab33-8fb1-4d3c-8403-0cb3fec750ba cache-control private,no-cache, must-revalidate content-type text/html content-length 189
GET H2	200	gn secure-sdk.imrworldwide.com/cgi-bin/	44 B 597 B	174ms 173ms	Image image/gif	18.139.71.162 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://secure-sdk.imrworldwide.com/cgi-bin/gn?prd=dcr&ci=au-102695&ch=au-102695_b12_geelongadvertiser_S&asn=geelongadvertiser&fp_id=gwfssyjle0gad3f5j25w1mshp8cam1663952734&fp_cr_tm=1663952734776&fp_acc_tm=1663952734776&fp_emm_tm=1663952734776&ve_id=&sessionId=rhp7f71yquvsav4hpdd1mdvxm2z9x1663952734&prv=1&c6=vc,b12&ca=NA&c13=asid,P9639CC51-2F11-48E8-B888-393496680A12&c32=segA,NA&c33=segB,NA&c34=segC,DSK-OTT-WinPhn-OtherBrowser&c15=apn,&sup=1&segment2=&segment1=&forward=0&plugv=&playerv=&ad=0&cr=V&c9=devid,&enc=true&c1=nuid,9ji6pfk5s6djcxeo0vu4yrwl1dw661663952734&at=view&rt=text&c16=sdkv,bj.6.0.0&c27=cln,0&crs=&lat=&lon=&c29=plid,16639527347736973&c30=bldv,6.0.0.623&st=dcr&c7=osgrp,&c8=devgrp,&c10=plt,&c40=adbid,&c14=osver,NA&c26=dmap,1&dd=&hrd=&wkd=&c35=adrsid,&c36=cref1,&c37=cref2,&c11=agg,1&c12=apv,&c51=adl,0&c52=noad,0&pc=NA&c53=fef,n&c54=oad,&c55=cref3,&c57=adldf,2&ai=1663952733869&c3=st,c&c64=starttm,1663952736&adid=1663952733869&c58=isLive,false&c59=sesid,&c61=createtm,1663952735&c63=pipMode,&uoo=&c68=bndlid,&nodeTM=&logTM=&c73=phtype,&c74=dvcnm,&c76=adbsnid,&c44=progen,&davty=0&si=https%3A%2F%2Fwww.plusrewards.com.au%2Fgeelongadvertiser&c66=mediaurl,&sdd=&c62=sendTime,1663952735&rnd=72394 Requested by Host: www.plusrewards.com.au URL: https://www.plusrewards.com.au/geelongadvertiser Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 18.139.71.162 Singapore, Singapore, ASN16509 (AMAZON-02, US), Reverse DNS ec2-18-139-71-162.ap-southeast-1.compute.amazonaws.com Software nginx / Resource Hash 5ecb58845a9ac30e4eb4b18eb0e7431ba1fb195ce035309735efaee67421c7a3 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers pragma no-cache date Fri, 23 Sep 2022 17:05:36 GMT server nginx access-control-allow-methods POST, OPTIONS p3p P3P policyref="http://secure-sdk.imrworldwide.com/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM" access-control-allow-origin * cache-control no-cache cross-origin-resource-policy cross-origin accept-ch Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version content-type image/gif content-length 44 expires Thu, 01 Dec 1994 16:00:00 GMT
GET H2	500	usersync.html image5.pubmatic.com/AdServer/usersync/ Frame 9B94	0 0	858ms 270ms	Image text/html	23.78.217.19
General Check archive.org Show headers Download Go to Show image Full URL https://image5.pubmatic.com/AdServer/usersync/usersync.html?predirect=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid=19566%26dpuuid=PM_UID&userIdMacro=PM_UID Requested by Host: www.plusrewards.com.au URL: https://www.plusrewards.com.au/geelongadvertiser Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 23.78.217.19 -, , ASN (), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language en-AU,en;q=0.9 Referer https://newscorpau.demdex.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers
GET H/1.1	200 OK	ibs:dpid=23728&dpuuid=Yy3nYU9tuuQz1Bag7OaWGgAA%264732 dpm.demdex.net/ Frame 9B94 Redirect Chain https://ssum.casalemedia.com/usermatchredir?s=183607&cb=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D23728%26dpuuid%3D__UID__ https://ssum.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D23728%26dpuuid%3D__UID__&s=183607&C=1 https://dpm.demdex.net/ibs:dpid=23728&dpuuid=Yy3nYU9tuuQz1Bag7OaWGgAA%264732	42 B 942 B	279ms 174ms	Image image/gif	18.136.162.157 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://dpm.demdex.net/ibs:dpid=23728&dpuuid=Yy3nYU9tuuQz1Bag7OaWGgAA%264732 Protocol HTTP/1.1 Server 18.136.162.157 Singapore, Singapore, ASN16509 (AMAZON-02, US), Reverse DNS ec2-18-136-162-157.ap-southeast-1.compute.amazonaws.com Software / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff Request headers accept-language en-AU,en;q=0.9 Referer https://newscorpau.demdex.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers DCS dcs-prod-apse-1-v038-08d2cbcb2.edge-apse.demdex.com 2 ms Pragma no-cache Strict-Transport-Security max-age=31536000; includeSubDomains content-encoding gzip X-Content-Type-Options nosniff X-TID V8lvv6O3TFU= P3P policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT" Cache-Control no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private Connection keep-alive Content-Type image/gif Content-Length 59 Expires Thu, 01 Jan 1970 00:00:00 UTC Redirect headers pragma no-cache date Fri, 23 Sep 2022 17:05:38 GMT cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NI8JxijXCvcUxuJXZgHeCdSqWBSm53RaR1CEXJJeFyb16zGIxelD%2BL099oTS02%2FJ00KTnEHZP0QmZjm8jhG%2F2gBqYNleB9k%2BIiXG%2FO70RIOqlMzxyfGmmuZKjuds0OlF8PqnQtWX"}],"group":"cf-nel","max_age":604800} p3p policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI" location https://dpm.demdex.net/ibs:dpid=23728&dpuuid=Yy3nYU9tuuQz1Bag7OaWGgAA%264732 cache-control no-cache cf-ray 74f4ddc329bb5a4f-MEL alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 0 expires 0
GET H/1.1	200 OK	ibs:dpid=30432&dpuuid=CI-2f7a1a2760b2b4c1cf63223ae7dd67e0 dpm.demdex.net/ Frame 9B94 Redirect Chain https://dt.scanscout.com/ssframework/uid?UIAA=64705704657746833911222068185127209814&url=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D30432%26dpuuid%3D%5BUSER_ID%5D https://dpm.demdex.net/ibs:dpid=30432&dpuuid=CI-2f7a1a2760b2b4c1cf63223ae7dd67e0	42 B 948 B	174ms 174ms	Image image/gif	18.136.162.157 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://dpm.demdex.net/ibs:dpid=30432&dpuuid=CI-2f7a1a2760b2b4c1cf63223ae7dd67e0 Protocol HTTP/1.1 Server 18.136.162.157 Singapore, Singapore, ASN16509 (AMAZON-02, US), Reverse DNS ec2-18-136-162-157.ap-southeast-1.compute.amazonaws.com Software / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff Request headers accept-language en-AU,en;q=0.9 Referer https://newscorpau.demdex.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers DCS dcscanary-prod-apse-1-v049-0425248eb.edge-apse.demdex.com 2 ms Pragma no-cache Strict-Transport-Security max-age=31536000; includeSubDomains content-encoding gzip X-Content-Type-Options nosniff X-TID 96oy7IU0Qtg= P3P policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT" Cache-Control no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private Connection keep-alive Content-Type image/gif Content-Length 59 Expires Thu, 01 Jan 1970 00:00:00 UTC Redirect headers Location https://dpm.demdex.net/ibs:dpid=30432&dpuuid=CI-2f7a1a2760b2b4c1cf63223ae7dd67e0 Date Fri, 23 Sep 2022 17:05:37 GMT useSecure true Server openresty/1.19.9.1 Connection keep-alive Content-Length 43 Content-Type image/gif
GET H/1.1	200 OK	ibs:dpid=30064&dpuuid=%7BUUID_6j5b2cv%7D dpm.demdex.net/ Frame 9B94 Redirect Chain https://ps.eyeota.net/match?bid=6j5b2cv&uid=64705704657746833911222068185127209814&r=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D30064%26dpuuid%3D%7BUUID_6j5b2cv%7D https://ps.eyeota.net/match/bounce/?bid=6j5b2cv&uid=64705704657746833911222068185127209814&r=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D30064%26dpuuid%3D%7BUUID_6j5b2cv%7D https://dpm.demdex.net/ibs:dpid=30064&dpuuid=%7BUUID_6j5b2cv%7D	42 B 960 B	259ms 171ms	Image image/gif	18.136.162.157 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://dpm.demdex.net/ibs:dpid=30064&dpuuid=%7BUUID_6j5b2cv%7D Protocol HTTP/1.1 Server 18.136.162.157 Singapore, Singapore, ASN16509 (AMAZON-02, US), Reverse DNS ec2-18-136-162-157.ap-southeast-1.compute.amazonaws.com Software / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff Request headers accept-language en-AU,en;q=0.9 Referer https://newscorpau.demdex.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers DCS dcs-prod-apse-1-v038-0ed51c3f7.edge-apse.demdex.com 0 ms Pragma no-cache Strict-Transport-Security max-age=31536000; includeSubDomains content-encoding gzip X-Content-Type-Options nosniff X-Error 303,104 X-TID u676tQReRDM= P3P policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT" Cache-Control no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private Connection keep-alive Content-Type image/gif Content-Length 59 Expires Thu, 01 Jan 1970 00:00:00 UTC Redirect headers Location https://dpm.demdex.net/ibs:dpid=30064&dpuuid={UUID_6j5b2cv} Date Fri, 23 Sep 2022 17:05:37 GMT Content-Length 0 P3P CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"
GET		usermatch.gif beacon.krxd.net/ Frame 9B94 Redirect Chain https://usermatch.krxd.net/um/v2?partner=adobe&id=64705704657746833911222068185127209814 https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=adobe&id=64705704657746833911222068185127209814	0 0
GET H/1.1	200 OK	ibs:dpid=134096&dpuuid=$_BK_UUID dpm.demdex.net/ Frame 9B94 Redirect Chain https://tags.bluekai.com/site/43981?id=64705704657746833911222068185127209814&redir=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D134096%26dpuuid%3D%24_BK_UUID https://dpm.demdex.net/ibs:dpid=134096&dpuuid=$_BK_UUID	42 B 960 B	273ms 170ms	Image image/gif	18.136.162.157 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://dpm.demdex.net/ibs:dpid=134096&dpuuid=$_BK_UUID Protocol HTTP/1.1 Server 18.136.162.157 Singapore, Singapore, ASN16509 (AMAZON-02, US), Reverse DNS ec2-18-136-162-157.ap-southeast-1.compute.amazonaws.com Software / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff Request headers accept-language en-AU,en;q=0.9 Referer https://newscorpau.demdex.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers DCS dcs-prod-apse-2-v038-0450ba318.edge-apse.demdex.com 0 ms Pragma no-cache Strict-Transport-Security max-age=31536000; includeSubDomains content-encoding gzip X-Content-Type-Options nosniff X-Error 303,104 X-TID Ia2HzqmhRSg= P3P policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT" Cache-Control no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private Connection keep-alive Content-Type image/gif Content-Length 59 Expires Thu, 01 Jan 1970 00:00:00 UTC Redirect headers location https://dpm.demdex.net/ibs:dpid=134096&dpuuid=$_BK_UUID date Fri, 23 Sep 2022 17:05:38 GMT content-length 0 p3p CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
GET H2	200	pixel cm.g.doubleclick.net/ Frame 9B94 Redirect Chain https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_push%26google_sc%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_... https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_push&google_sc&google_hm=WXkzbllBQUFBR1QxUkFNNQ==	170 B 243 B	484ms 183ms	Image image/png	142.251.10.154
General Check archive.org Show headers Download Go to Show image Full URL https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_push&google_sc&google_hm=WXkzbllBQUFBR1QxUkFNNQ== Protocol H2 Server 142.251.10.154 -, , ASN (), Reverse DNS Software HTTP server (unknown) / Resource Hash 0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5 Security Headers Name Value X-Xss-Protection 0 Request headers accept-language en-AU,en;q=0.9 Referer https://newscorpau.demdex.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers pragma no-cache date Fri, 23 Sep 2022 17:05:38 GMT server HTTP server (unknown) content-type image/png cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 170 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers pragma no-cache date Fri, 23 Sep 2022 17:05:37 GMT via 1.1 varnish server Varnish x-timer S1663952738.684633,VS0,VE0 x-served-by cache-mel11247-MEL x-cache HIT location https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_push&google_sc&google_hm=WXkzbllBQUFBR1QxUkFNNQ== cache-control no-cache accept-ranges bytes content-length 0 retry-after 0 x-cache-hits 0
GET H/1.1	200 OK	tap.php pixel.rubiconproject.com/ Frame 9B94 Redirect Chain https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D7941%26nid%3D2243%26put%3D%24%7BUSER_ID%7D%26expires%3D90 https://pixel.rubiconproject.com/tap.php?v=7941&nid=2243&put=Yy3nYAAAAGT1RAM5&expires=90	42 B 798 B	683ms 171ms	Image image/gif	69.173.158.64
General Check archive.org Show headers Download Go to Show image Full URL https://pixel.rubiconproject.com/tap.php?v=7941&nid=2243&put=Yy3nYAAAAGT1RAM5&expires=90 Protocol HTTP/1.1 Server 69.173.158.64 -, , ASN (), Reverse DNS Software / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Request headers accept-language en-AU,en;q=0.9 Referer https://newscorpau.demdex.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers Pragma no-cache Expires 0 Cache-Control no-cache,no-store,must-revalidate P3P CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT" content-length 42 X-RPHost d335433bbbe0efeac67146df47932f6f Content-Type image/gif Redirect headers pragma no-cache date Fri, 23 Sep 2022 17:05:37 GMT via 1.1 varnish server Varnish x-timer S1663952738.754792,VS0,VE0 x-served-by cache-mel11247-MEL x-cache HIT location https://pixel.rubiconproject.com/tap.php?v=7941&nid=2243&put=Yy3nYAAAAGT1RAM5&expires=90 cache-control no-cache accept-ranges bytes content-length 0 retry-after 0 x-cache-hits 0
GET H2	200	generic1663647361901.js Show response nebula-cdn.kampyle.com/au/wau/132224/onsite/	482 KB 86 KB	86ms 85ms	Script application/javascript	151.101.1.175 FASTLY
General Check archive.org Show headers Download Go to Full URL https://nebula-cdn.kampyle.com/au/wau/132224/onsite/generic1663647361901.js Requested by Host: nebula-cdn.kampyle.com URL: https://nebula-cdn.kampyle.com/au/wau/132224/onsite/embed.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.1.175 , United States, ASN54113 (FASTLY, US), Reverse DNS Software AmazonS3 / Resource Hash 5ca2d0b308aadcf4c4b2cdfed9605be2da920cb5bb897515fe52dbf5e6c26db9 Security Headers Name Value Strict-Transport-Security max-age=31557600 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers x-amz-version-id HhLubpCf1meQtFIxNBHOr2Cy5Ooi6IZh content-encoding gzip etag "2a9535a9a8d52c0622bae0381d011e63" age 305375 via 1.1 varnish x-cache HIT vary Accept-Encoding content-length 87387 x-amz-id-2 CnraVirrSatmkjzo2WfbIR4nHPHM3Vm7yhwk3TEM8HQjYuGIRb5QK13Y+XLvvkRvqcjwd1zkRWQ= x-served-by cache-mel11247-MEL last-modified Tue, 20 Sep 2022 04:16:03 GMT server AmazonS3 x-timer S1663952738.667016,VS0,VE0 date Fri, 23 Sep 2022 17:05:37 GMT strict-transport-security max-age=31557600 x-amz-request-id 73HVD3MEEFM6Z18B access-control-allow-origin * cache-control max-age=86400 accept-ranges bytes content-type application/javascript x-cache-hits 182919
GET H2	200	sodar Show response pagead2.googlesyndication.com/getconfig/	14 KB 11 KB	531ms 186ms	XHR application/json	142.251.12.157
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022091901&st=env Requested by Host: cdn.ravenjs.com URL: https://cdn.ravenjs.com/3.26.4/raven.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.251.12.157 -, , ASN (), Reverse DNS Software cafe / Resource Hash a2b4df770c72479d8079602f80c88975ab1cbed06b38e8114502353f70998e20 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers timing-allow-origin * date Fri, 23 Sep 2022 17:05:38 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" access-control-allow-origin * cache-control private cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type application/json; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 11226 x-xss-protection 0
GET H2	200	rum dsum-sec.casalemedia.com/ Frame 9B94 Redirect Chain https://sync-tm.everesttech.net/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=Yy3nYAAAAGT1RAM5	43 B 884 B	549ms 355ms	Image image/gif	104.18.18.126
General Check archive.org Show headers Download Go to Show image Full URL https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=Yy3nYAAAAGT1RAM5 Protocol H2 Server 104.18.18.126 -, , ASN (), Reverse DNS Software cloudflare / Resource Hash b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b Request headers accept-language en-AU,en;q=0.9 Referer https://newscorpau.demdex.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers cf-ray 74f4ddc46f9c5a5b-MEL pragma no-cache date Fri, 23 Sep 2022 17:05:38 GMT cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TMU5fa5wK9m%2FXQEf9LVsUgtL0A%2FlPjjn2pJ0cDw0Rfbggm9jik05%2FMdCq4Fxn8xxEl88NaACM%2B9R3ibHQGYNGAIH%2BamgBrNxSNtUXlMRj1ouFjyqgth%2BMljdQSkvrmJ70YjzGRX1V551yg%3D%3D"}],"group":"cf-nel","max_age":604800} p3p policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI" cache-control no-cache content-type image/gif alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 43 expires 0 Redirect headers pragma no-cache date Fri, 23 Sep 2022 17:05:37 GMT via 1.1 varnish server Varnish x-timer S1663952738.702981,VS0,VE0 x-served-by cache-mel11247-MEL x-cache HIT location https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=Yy3nYAAAAGT1RAM5 cache-control no-cache accept-ranges bytes content-length 0 retry-after 0 x-cache-hits 0
GET H/1.1	200 OK	setuid ib.adnxs.com/ Frame 9B94 Redirect Chain https://sync-tm.everesttech.net/upi/pid/UH6TUt9n?redir=https%3A%2F%2Fib.adnxs.com%2Fsetuid%3Fentity%3D158%26code%3D%24%7BTM_USER_ID%7D https://ib.adnxs.com/setuid?entity=158&code=Yy3nYAAAAGT1RAM5	43 B 1 KB	234ms 234ms	Image image/gif	104.254.150.228
General Check archive.org Show headers Download Go to Show image Full URL https://ib.adnxs.com/setuid?entity=158&code=Yy3nYAAAAGT1RAM5 Protocol HTTP/1.1 Server 104.254.150.228 -, , ASN (), Reverse DNS Software nginx/1.21.3 / Resource Hash 4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef Security Headers Name Value X-Xss-Protection 0 Request headers accept-language en-AU,en;q=0.9 Referer https://newscorpau.demdex.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers Pragma no-cache Date Fri, 23 Sep 2022 17:05:38 GMT X-Proxy-Origin 103.209.254.113; 103.209.254.113; 907.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net; adnxs.com AN-X-Request-Uuid f8dc62b7-169c-46b4-94cf-a82fa57e70e1 Server nginx/1.21.3 P3P policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" Cache-Control no-store, no-cache, private Connection keep-alive Content-Type image/gif Content-Length 43 X-XSS-Protection 0 Expires Sat, 15 Nov 2008 16:00:00 GMT Redirect headers pragma no-cache date Fri, 23 Sep 2022 17:05:37 GMT via 1.1 varnish server Varnish x-timer S1663952738.803851,VS0,VE0 x-served-by cache-mel11247-MEL x-cache HIT location https://ib.adnxs.com/setuid?entity=158&code=Yy3nYAAAAGT1RAM5 cache-control no-cache accept-ranges bytes content-length 0 retry-after 0 x-cache-hits 0
GET H2	200	__cool.gif udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/	0 317 B	476ms 299ms	Image image/gif	35.241.45.82
General Check archive.org Show headers Download Go to Show image Full URL https://udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTYwMHgxMjAwIiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEwNS4wLjUxOTUuMTI1IFNhZmFyaS81MzcuMzYiLCJzZXNzaW9uX3BsYXRmb3JtIjogIldpbjMyIiwicGFnZV90aXRsZSI6ICJIb21lIHwgK1Jld2FyZHMiLCJwYWdlX3VybCI6ICJodHRwczovL3d3dy5wbHVzcmV3YXJkcy5jb20uYXUvZ2VlbG9uZ2FkdmVydGlzZXIiLCJ0cmFja2VyX3R5cGUiOiAiamF2YXNjcmlwdCIsInRyYWNrZXJfdmVyc2lvbiI6ICIyLjIuMjMiLCJldmVudF9uYW1lIjogIm5lYnVsYV9wYWdlX3ZpZXciLCJldmVudF90aW1lc3RhbXBfZXBvY2giOiAiMTY2Mzk1MjczNzg2NCIsImV2ZW50X3RpbWV6b25lX29mZnNldCI6IDAsInVzZXJfaWQiOiAiMTgzNmI0ZmQ2M2NmZDAtMGVlOGViNjRmM2M4NWQtNmIzZjUxNTItMWQ0YzAwLTE4MzZiNGZkNjNkMTBjNyIsImVudmlyb21lbnQiOiAiZGlnaXRhbC1jbG91ZC1zeWQxIiwiYWNjb3VudElkIjogMTMyMjIyLCJ1cmwiOiAiaHR0cHM6Ly93d3cucGx1c3Jld2FyZHMuY29tLmF1L2dlZWxvbmdhZHZlcnRpc2VyIiwid2Vic2l0ZUlkIjogMTMyMjI0LCJmb3JtSWQiOiBudWxsLCJmb3JtVHJpZ2dlclR5cGUiOiBudWxsLCJrYW1weWxlX2RhdGEiOiB7Im1kX2lzU3VydmV5U3VibWl0dGVkSW5TZXNzaW9uIjogIiIsIkxBU1RfSU5WSVRBVElPTl9WSUVXIjogIiIsIkRFQ0xJTkVEX0RBVEUiOiAiIiwia2FtcHlsZUludml0ZVByZXNlbnRlZCI6ICIiLCJrYW1weWxlX3VzZXJpZCI6ICIwOWVmLTE4MzItM2RjNC01ZTE0LWRiOWItODgyOC0xZWEyLWQ3YjIiLCJrYW1weWxlVXNlclNlc3Npb24iOiAiMTY2Mzk1MjczNzg1OCIsImthbXB5bGVVc2VyUGVyY2VudGlsZSI6ICIiLCJTVUJNSVRURURfREFURSI6ICIifSwiY29va2llX3NpemUiOiAyMDA4LCJrYW1weWxlX3ZlcnNpb24iOiAiMi40Ny4zIiwib25zaXRlX3ZlcnNpb24iOiAiMi40Ny4zIiwiaGlzdG9yeV9sZW5ndGgiOiAyLCJldmVudF9sb2NhbF90aW1lc3RhbXAiOiAxNjYzOTUyNzM3ODY0LCJwb3NpdGlvbiI6IG51bGwsImlzVXNlcklkZW50aWZpZWQiOiBmYWxzZX0KXX0= Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.241.45.82 -, , ASN (), Reverse DNS Software Jetty(9.2.11.v20150529) / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers x-me prod-instance-gatewayservice-blue-ztmv date Fri, 23 Sep 2022 17:05:38 GMT via 1.1 google server Jetty(9.2.11.v20150529) access-control-allow-headers X-Requested-With, Origin, Content-Type, Accept access-control-max-age 1800 access-control-allow-methods GET, POST, PUT, DELETE content-type image/gif; charset=UTF-8 access-control-allow-origin * access-control-allow-credentials true alt-svc clear content-length 0 x-application-context application:9090
GET H3	200	sd us-u.openx.net/w/1.0/ Frame 9B94 Redirect Chain https://sync-tm.everesttech.net/upi/pid/ny75r2x0?redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537148856%26val%3D%24%7BTM_USER_ID%7D https://us-u.openx.net/w/1.0/sd?id=537148856&val=Yy3nYAAAAGT1RAM5 https://us-u.openx.net/w/1.0/sd?cc=1&id=537148856&val=Yy3nYAAAAGT1RAM5	43 B 61 B	260ms 173ms	Image image/gif	35.244.159.8
General Check archive.org Show headers Download Go to Show image Full URL https://us-u.openx.net/w/1.0/sd?cc=1&id=537148856&val=Yy3nYAAAAGT1RAM5 Protocol H3 Server 35.244.159.8 -, , ASN (), Reverse DNS Software OXGW/0.0.0 / Resource Hash 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49 Request headers accept-language en-AU,en;q=0.9 Referer https://newscorpau.demdex.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers pragma no-cache date Fri, 23 Sep 2022 17:05:38 GMT via 1.1 google server OXGW/0.0.0 vary Accept p3p CP="CUR ADM OUR NOR STA NID" cache-control private, max-age=0, no-cache content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 43 expires Mon, 26 Jul 1997 05:00:00 GMT Redirect headers location https://us-u.openx.net/w/1.0/sd?cc=1&id=537148856&val=Yy3nYAAAAGT1RAM5 date Fri, 23 Sep 2022 17:05:38 GMT via 1.1 google server OXGW/0.0.0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 p3p CP="CUR ADM OUR NOR STA NID"
GET H2	200	Pug image2.pubmatic.com/AdServer/ Frame 9B94 Redirect Chain https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER... https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=Yy3nYAAAAGT1RAM5	1 B 450 B	507ms 169ms	Image text/html	67.199.150.86
General Check archive.org Show headers Download Go to Show image Full URL https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=Yy3nYAAAAGT1RAM5 Protocol H2 Server 67.199.150.86 -, , ASN (), Reverse DNS Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language en-AU,en;q=0.9 Referer https://newscorpau.demdex.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers date Fri, 23 Sep 2022 17:05:38 GMT cache-control no-store, no-cache, private server nginx content-type text/html; charset=utf-8 content-length 1 p3p CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC" Redirect headers pragma no-cache date Fri, 23 Sep 2022 17:05:38 GMT via 1.1 varnish server Varnish x-timer S1663952738.031505,VS0,VE0 x-served-by cache-mel11247-MEL x-cache HIT location https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=Yy3nYAAAAGT1RAM5 cache-control no-cache accept-ranges bytes content-length 0 retry-after 0 x-cache-hits 0
GET		partner sync.search.spotxchange.com/ Frame 9B94 Redirect Chain https://sync-tm.everesttech.net/upi/pid/h0r58thg?redir=https%3A%2F%2Fsync.search.spotxchange.com%2Fpartner%3Fadv_id%3D6409%26uid%3D%24%7BUSER_ID%7D%26img%3D1 https://sync.search.spotxchange.com/partner?adv_id=6409&uid=Yy3nYAAAAGT1RAM5&img=1	0 0
GET H3	200	b.php www.facebook.com/fr/ Frame 9B94 Redirect Chain https://sync-tm.everesttech.net/upi/pid/r7ifn0SL?redir=https%3A%2F%2Fwww.facebook.com%2Ffr%2Fb.php%3Fp%3D1531105787105294%26e%3D%24%7BTM_USER_ID%7D%26t%3D2592000%26o%3D0 https://www.facebook.com/fr/b.php?p=1531105787105294&e=Yy3nYAAAAGT1RAM5&t=2592000&o=0	43 B 71 B	559ms 386ms	Image image/gif	157.240.7.35 FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/fr/b.php?p=1531105787105294&e=Yy3nYAAAAGT1RAM5&t=2592000&o=0 Protocol H3 Server 157.240.7.35 Singapore, Singapore, ASN32934 (FACEBOOK, US), Reverse DNS edge-star-mini-shv-01-sin6.facebook.com Software / Resource Hash 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87 Security Headers Name Value Strict-Transport-Security max-age=15552000; preload X-Content-Type-Options nosniff Request headers accept-language en-AU,en;q=0.9 Referer https://newscorpau.demdex.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers date Fri, 23 Sep 2022 10:05:38 PDT content-encoding br x-content-type-options nosniff document-policy force-load-at-top cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 x-fb-rlafr 0 pragma public x-fb-debug nBrcNFOjIFYhl1cGZ/9ktwj4AtJTp3bZKW40ZwP+foxfiR/2XViL2m63DGzf22DXI72fVjLBIbm71Df9q2UktA== cross-origin-opener-policy same-origin-allow-popups strict-transport-security max-age=15552000; preload report-to {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]} content-type image/gif vary Accept-Encoding cache-control public, max-age=0 priority u=3,i expires Fri, 23 Sep 2022 10:05:38 PDT Redirect headers pragma no-cache date Fri, 23 Sep 2022 17:05:38 GMT via 1.1 varnish server Varnish x-timer S1663952738.233231,VS0,VE0 x-served-by cache-mel11247-MEL x-cache HIT location https://www.facebook.com/fr/b.php?p=1531105787105294&e=Yy3nYAAAAGT1RAM5&t=2592000&o=0 cache-control no-cache accept-ranges bytes content-length 0 retry-after 0 x-cache-hits 0
GET H2	200	sodar2.js Show response tpc.googlesyndication.com/sodar/	17 KB 7 KB	224ms 224ms	Script text/javascript	142.251.12.132 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/sodar/sodar2.js Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022091901.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.251.12.132 , United States, ASN15169 (GOOGLE, US), Reverse DNS se-in-f132.1e100.net Software sffe / Resource Hash 61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language en-AU,en;q=0.9 Referer https://www.plusrewards.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers date Fri, 23 Sep 2022 17:05:38 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 6386 x-xss-protection 0 server sffe cross-origin-opener-policy same-origin; report-to="adspam-signals-scs" etag "1637097310169751" vary Accept-Encoding report-to {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]} content-type text/javascript cache-control private, max-age=3000 accept-ranges bytes expires Fri, 23 Sep 2022 17:05:38 GMT
GET H2	200	cm trc.taboola.com/sg/adobe/1/ Frame 9B94	43 B 369 B	362ms 182ms	Image image/gif	151.101.193.44
General Check archive.org Show headers Download Go to Show image Full URL https://trc.taboola.com/sg/adobe/1/cm?gdpr=0&gdpr_consent= Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.193.44 -, , ASN (), Reverse DNS Software nginx / Resource Hash 0d9762a1a60deef8aa093c473ad27c38eed77184d6940e7df06d89d77cbd3e94 Request headers accept-language en-AU,en;q=0.9 Referer https://newscorpau.demdex.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers x-vcl-time-ms 97 pragma no-cache date Fri, 23 Sep 2022 17:05:38 GMT via 1.1 varnish server nginx x-timer S1663952739.513217,VS0,VE97 x-served-by cache-mel11238-MEL x-cache MISS p3p policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM" access-control-allow-origin * cache-control no-cache, no-store access-control-allow-credentials true accept-ranges bytes x-cache-hits 0
GET		0 sync.1rx.io/usersync/adobe/ Frame 9B94	0 0
GET		runner.html tpc.googlesyndication.com/sodar/sodar2/225/ Frame 5E8C	0 0
GET		aframe www.google.com/recaptcha/api2/ Frame 525E	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

login.newscorpaustralia.com

URL

https://login.newscorpaustralia.com/akam/13/2970e277

Domain

login.newscorpaustralia.com

URL

https://login.newscorpaustralia.com/aXHkEKIDVd/_e/DE4odUOX/EbiOVQGS/RV89Lg/dl/1McDhLIVMB

Domain

beacon.krxd.net

URL

https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=adobe&id=64705704657746833911222068185127209814

Domain

sync.search.spotxchange.com

URL

https://sync.search.spotxchange.com/partner?adv_id=6409&uid=Yy3nYAAAAGT1RAM5&img=1

Domain

sync.1rx.io

URL

https://sync.1rx.io/usersync/adobe/0?dspret=1&redir=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D461447%26dpuuid%3D%5BRX_UUID%5D

Domain

tpc.googlesyndication.com

URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Domain

www.google.com

URL

https://www.google.com/recaptcha/api2/aframe