www.heraldsun.com.au Open in urlscan Pro
92.123.36.246 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations
Effective URL:
https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations?nk=bffdbacfe6649b0d1a...
Submission: On August 04 via manual (August 4th 2022, 4:42:35 am UTC) from AU — Scanned from DE

Summary HTTP 191 Redirects Behaviour Indicators

Summary

This website contacted 74 IPs in 8 countries across 53 domains to perform 191 HTTP transactions. The main IP is 92.123.36.246, located in Vienna, Austria and belongs to AKAMAI-AS, US. The main domain is www.heraldsun.com.au. The Cisco Umbrella rank of the primary domain is 242904.
TLS certificate: Issued by DigiCert SHA2 Secure Server CA on February 7th 2022. Valid for: a year.

This is the only time www.heraldsun.com.au was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
3 19	92.123.36.246 92.123.36.246	16625 (AKAMAI-AS) (AKAMAI-AS)
1 10	2.18.233.169 2.18.233.169	16625 (AKAMAI-AS) (AKAMAI-AS)
10	23.47.212.205 23.47.212.205	16625 (AKAMAI-AS) (AKAMAI-AS)
1	151.101.66.217 151.101.66.217	54113 (FASTLY) (FASTLY)
23	151.101.1.44 151.101.1.44	54113 (FASTLY) (FASTLY)
1	2a00:1450:400... 2a00:1450:4001:80f::2001	15169 (GOOGLE) (GOOGLE)
2	151.101.129.44 151.101.129.44	54113 (FASTLY) (FASTLY)
2	13.32.121.17 13.32.121.17	16509 (AMAZON-02) (AMAZON-02)
2	2606:4700:303... 2606:4700:3032::ac43:a9f7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2600:1901:0:b... 2600:1901:0:b14d::1	15169 (GOOGLE) (GOOGLE)
3	23.47.212.221 23.47.212.221	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2620:0:890::100 2620:0:890::100	54113 (FASTLY) (FASTLY)
5	141.226.228.48 141.226.228.48	200478 (TABOOLA-AS) (TABOOLA-AS)
1	2600:9000:21f... 2600:9000:21f3:8400:8:48e:53c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1 3	142.250.186.70 142.250.186.70	15169 (GOOGLE) (GOOGLE)
1	2600:9000:223... 2600:9000:223c:7200:18:1fcd:351:7bc1	16509 (AMAZON-02) (AMAZON-02)
1	13.224.189.93 13.224.189.93	16509 (AMAZON-02) (AMAZON-02)
2	151.101.193.175 151.101.193.175	54113 (FASTLY) (FASTLY)
1 13	142.250.186.162 142.250.186.162	15169 (GOOGLE) (GOOGLE)
3	52.222.209.55 52.222.209.55	16509 (AMAZON-02) (AMAZON-02)
1	13.224.189.94 13.224.189.94	16509 (AMAZON-02) (AMAZON-02)
1	2600:1f18:612... 2600:1f18:612b:4264:f887:8ace:4fd:1ad4	14618 (AMAZON-AES) (AMAZON-AES)
4	3.33.220.150 3.33.220.150	16509 (AMAZON-02) (AMAZON-02)
2 3	185.94.180.126 185.94.180.126	35220 (SPOTX-AMS) (SPOTX-AMS)
3	2600:9000:206... 2600:9000:206e:a00:2:42d9:3100:93a1	16509 (AMAZON-02) (AMAZON-02)
4	13.224.189.90 13.224.189.90	16509 (AMAZON-02) (AMAZON-02)
2	2.16.186.25 2.16.186.25	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 10	34.241.142.170 34.241.142.170	16509 (AMAZON-02) (AMAZON-02)
1	13.225.78.97 13.225.78.97	16509 (AMAZON-02) (AMAZON-02)
1	50.16.218.57 50.16.218.57	14618 (AMAZON-AES) (AMAZON-AES)
1	142.250.186.34 142.250.186.34	15169 (GOOGLE) (GOOGLE)
1	52.16.110.65 52.16.110.65	16509 (AMAZON-02) (AMAZON-02)
2	15.188.95.229 15.188.95.229	16509 (AMAZON-02) (AMAZON-02)
1 1	34.242.156.102 34.242.156.102	16509 (AMAZON-02) (AMAZON-02)
2	52.208.102.42 52.208.102.42	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:21f... 2600:9000:21f3:ba00:1d:667e:2a40:93a1	16509 (AMAZON-02) (AMAZON-02)
1	3.69.41.135 3.69.41.135	16509 (AMAZON-02) (AMAZON-02)
1	54.75.58.172 54.75.58.172	16509 (AMAZON-02) (AMAZON-02)
2 4	185.89.210.180 185.89.210.180	29990 (ASN-APPNEX) (ASN-APPNEX)
1 1	2001:678:cb4:... 2001:678:cb4:bbbb::13	56396 (AMOBEE) (AMOBEE)
1	69.173.144.139 69.173.144.139	26667 (RUBICONPR...) (RUBICONPROJECT)
2	108.138.15.119 108.138.15.119	16509 (AMAZON-02) (AMAZON-02)
1	199.232.136.157 199.232.136.157	54113 (FASTLY) (FASTLY)
1	2a02:26f0:10e... 2a02:26f0:10e::6860:5bba	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a00:1450:400... 2a00:1450:4001:82b::2008	15169 (GOOGLE) (GOOGLE)
1	151.101.65.108 151.101.65.108	54113 (FASTLY) (FASTLY)
2	142.250.185.66 142.250.185.66	15169 (GOOGLE) (GOOGLE)
1	35.227.202.26 35.227.202.26	15169 (GOOGLE) (GOOGLE)
2	185.89.210.212 185.89.210.212	29990 (ASN-APPNEX) (ASN-APPNEX)
1 2	142.250.181.226 142.250.181.226	15169 (GOOGLE) (GOOGLE)
1	194.97.45.96 194.97.45.96	5430 (FREENETDE...) (FREENETDE freenet Datenkommunikations GmbH)
1	3.74.119.102 3.74.119.102	16509 (AMAZON-02) (AMAZON-02)
1	104.244.42.197 104.244.42.197	13414 (TWITTER) (TWITTER)
1	104.244.42.67 104.244.42.67	13414 (TWITTER) (TWITTER)
3 3	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	23.47.208.212 23.47.208.212	16625 (AKAMAI-AS) (AKAMAI-AS)
2	2a00:1450:400... 2a00:1450:4001:801::2002	15169 (GOOGLE) (GOOGLE)
1 1	104.18.19.126 104.18.19.126	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	104.18.18.126 104.18.18.126	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
1 1	199.127.207.182 199.127.207.182	26120 (RHYTHMONE) (RHYTHMONE)
1	2a04:4e42:200... 2a04:4e42:200::300	54113 (FASTLY) (FASTLY)
6	2a00:1450:400... 2a00:1450:4001:80f::2004	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:80f::2003	15169 (GOOGLE) (GOOGLE)
1	3.122.214.165 3.122.214.165	16509 (AMAZON-02) (AMAZON-02)
1	141.226.224.32 141.226.224.32	200478 (TABOOLA-AS) (TABOOLA-AS)
1 1	100.24.249.189 100.24.249.189	14618 (AMAZON-AES) (AMAZON-AES)
1	34.249.133.154 34.249.133.154	16509 (AMAZON-02) (AMAZON-02)
1 1	23.7.201.234 23.7.201.234	16625 (AKAMAI-AS) (AKAMAI-AS)
8 8	151.101.194.49 151.101.194.49	54113 (FASTLY) (FASTLY)
1	69.173.144.165 69.173.144.165	26667 (RUBICONPR...) (RUBICONPROJECT)
1	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
1	185.64.190.80 185.64.190.80	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1	2a03:2880:f10... 2a03:2880:f107:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	213.19.147.44 213.19.147.44	26120 (RHYTHMONE) (RHYTHMONE)
1	35.241.45.82 35.241.45.82	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:806::2002	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:806::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
1 1	2a00:1450:400... 2a00:1450:4001:82a::2006	() ()
1	2a00:1450:400... 2a00:1450:4001:802::200e	() ()
191	74

19 92.123.36.246 (Vienna, Austria) 3 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a92-123-36-246.deploy.static.akamaitechnologies.com

www.heraldsun.com.au	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2.18.233.169 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-233-169.deploy.static.akamaitechnologies.com

tags.news.com.au	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 23.47.212.205 (Vienna, Austria)

ASN16625 (AKAMAI-AS, US)
PTR: a23-47-212-205.deploy.static.akamaitechnologies.com

resourcesssl.newscdn.com.au	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.66.217 (United States)

ASN54113 (FASTLY, US)

cdn.speedcurve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

23 151.101.1.44 (United States)

ASN54113 (FASTLY, US)

cdn.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
trc.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
vidstat.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
images.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
imprammp.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.129.44 (United States)

ASN54113 (FASTLY, US)

widget.perfectmarket.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.32.121.17 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-121-17.fra60.r.cloudfront.net

sb.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:3032::ac43:a9f7 (United States)

ASN13335 (CLOUDFLARENET, US)

use.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1901:0:b14d::1 (Kansas City, United States)

ASN15169 (GOOGLE, US)

bedsberry.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.47.212.221 (Vienna, Austria)

ASN16625 (AKAMAI-AS, US)
PTR: a23-47-212-221.deploy.static.akamaitechnologies.com

tags.tiqcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:0:890::100 (United States)

ASN54113 (FASTLY, US)

ts2020-indies-client.web.app	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 141.226.228.48 (Netherlands)

ASN200478 (TABOOLA-AS, IL)

am-trc-events.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
am-vid-events.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync-t1.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:21f3:8400:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.186.70 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
8228261.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:223c:7200:18:1fcd:351:7bc1 (United States)

ASN16509 (AMAZON-02, US)

static.chartbeat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.189.93 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-189-93.fra2.r.cloudfront.net

au.tags.newscgp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.193.175 (United States)

ASN54113 (FASTLY, US)

nebula-cdn.kampyle.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 142.250.186.162 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.222.209.55 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-209-55.fra56.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.189.94 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-189-94.fra2.r.cloudfront.net

ats.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f18:612b:4264:f887:8ace:4fd:1ad4 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

taboola-supply-partners.tremorhub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 3.33.220.150 (United States)

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
insight.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.94.180.126 (Amsterdam, Netherlands) 2 redirects

ASN35220 (SPOTX-AMS, US)

sync.search.spotxchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:206e:a00:2:42d9:3100:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn-gl.imrworldwide.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 13.224.189.90 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-189-90.fra2.r.cloudfront.net

au-script.dotmetrics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.16.186.25 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-16-186-25.deploy.static.akamaitechnologies.com

secure-ds.serving-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 34.241.142.170 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-241-142-170.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.225.78.97 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-78-97.fra2.r.cloudfront.net

cdn.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 50.16.218.57 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-50-16-218-57.compute-1.amazonaws.com

ping.chartbeat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.34 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.16.110.65 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-16-110-65.eu-west-1.compute.amazonaws.com

newscorpau.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 15.188.95.229 (Paris, France)

ASN16509 (AMAZON-02, US)
PTR: ec2-15-188-95-229.eu-west-3.compute.amazonaws.com

metrics.heraldsun.com.au	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.242.156.102 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-242-156-102.eu-west-1.compute.amazonaws.com

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.208.102.42 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-208-102-42.eu-west-1.compute.amazonaws.com

secure-sdk.imrworldwide.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:21f3:ba00:1d:667e:2a40:93a1 (United States)

ASN16509 (AMAZON-02, US)

rvipxrbom2vawjzelwxkbvl9fzr2y1659588149.nuid.imrworldwide.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.69.41.135 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-69-41-135.eu-central-1.compute.amazonaws.com

bs.serving-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.75.58.172 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-75-58-172.eu-west-1.compute.amazonaws.com

pixel.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.89.210.180 (Frankfurt am Main, Germany) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:678:cb4:bbbb::13 (United Kingdom) 1 redirects

ASN56396 (AMOBEE, GB)

d.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.139 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

token.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 108.138.15.119 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-15-119.fra56.r.cloudfront.net

js.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.232.136.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:10e::6860:5bba (Vienna, Austria)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.65.108 (United States)

ASN54113 (FASTLY, US)

acdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.227.202.26 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 26.202.227.35.bc.googleusercontent.com

au-gmtdmp.mookie1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.89.210.212 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 942.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.181.226 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 194.97.45.96 (Germany)

ASN5430 (FREENETDE freenet Datenkommunikations GmbH, DE)
PTR: picco.freent.de

blob.freent.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.74.119.102 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-74-119-102.eu-central-1.compute.amazonaws.com

lm.serving-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.197 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.67 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:21::14 (United States) 3 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.47.208.212 (Vienna, Austria)

ASN16625 (AKAMAI-AS, US)
PTR: a23-47-208-212.deploy.static.akamaitechnologies.com

image5.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:801::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.19.126 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

ssum.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.18.18.126 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

r.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.127.207.182 (United States) 1 redirects

ASN26120 (RHYTHMONE, US)

dt.scanscout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:200::300 (United States)

ASN54113 (FASTLY, US)

pips.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:80f::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.122.214.165 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-122-214-165.eu-central-1.compute.amazonaws.com

ps.eyeota.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 141.226.224.32 (United States)

ASN200478 (TABOOLA-AS, IL)

cds.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 100.24.249.189 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-100-24-249-189.compute-1.amazonaws.com

usermatch.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.249.133.154 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-249-133-154.eu-west-1.compute.amazonaws.com

beacon.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.7.201.234 (Vienna, Austria) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-7-201-234.deploy.static.akamaitechnologies.com

tags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 151.101.194.49 (United States) 8 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.165 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.159.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.190.80 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

image2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f107:83:face:b00c:0:25de (Vienna, Austria)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 213.19.147.44 (Beverwijk, Netherlands)

ASN26120 (RHYTHMONE, US)

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.241.45.82 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 82.45.241.35.bc.googleusercontent.com

udc-neb.kampyle.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:806::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:806::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2006 (None, ) 1 redirects

ASN- ()

m.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:802::200e (None, )

ASN- ()

marketingplatform.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
30	taboola.com cdn.taboola.com — Cisco Umbrella Rank: 900 trc.taboola.com — Cisco Umbrella Rank: 653 vidstat.taboola.com — Cisco Umbrella Rank: 2125 am-trc-events.taboola.com — Cisco Umbrella Rank: 14800 images.taboola.com — Cisco Umbrella Rank: 1499 imprammp.taboola.com — Cisco Umbrella Rank: 11487 am-vid-events.taboola.com — Cisco Umbrella Rank: 10577 sync-t1.taboola.com — Cisco Umbrella Rank: 1048 pips.taboola.com — Cisco Umbrella Rank: 1391 cds.taboola.com — Cisco Umbrella Rank: 1284	508 KB
21	heraldsun.com.au 3 redirects www.heraldsun.com.au — Cisco Umbrella Rank: 242904 metrics.heraldsun.com.au	224 KB
17	doubleclick.net 4 redirects ad.doubleclick.net — Cisco Umbrella Rank: 214 securepubads.g.doubleclick.net — Cisco Umbrella Rank: 222 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 313 8228261.fls.doubleclick.net — Cisco Umbrella Rank: 704969 cm.g.doubleclick.net — Cisco Umbrella Rank: 208 googleads.g.doubleclick.net — Cisco Umbrella Rank: 55 m.doubleclick.net	198 KB
12	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 124 d59a0ac26df7934462d3d489430e1024.safeframe.googlesyndication.com Failed tpc.googlesyndication.com — Cisco Umbrella Rank: 160	48 KB
11	demdex.net 1 redirects dpm.demdex.net — Cisco Umbrella Rank: 188 newscorpau.demdex.net — Cisco Umbrella Rank: 113512	15 KB
10	newscdn.com.au resourcesssl.newscdn.com.au — Cisco Umbrella Rank: 106011	82 KB
10	news.com.au 1 redirects tags.news.com.au — Cisco Umbrella Rank: 56660	222 KB
9	google.com adservice.google.com — Cisco Umbrella Rank: 98 www.google.com — Cisco Umbrella Rank: 10 marketingplatform.google.com	2 KB
9	everesttech.net 9 redirects cm.everesttech.net — Cisco Umbrella Rank: 816 sync-tm.everesttech.net — Cisco Umbrella Rank: 623	2 KB
7	adnxs.com 2 redirects ib.adnxs.com — Cisco Umbrella Rank: 238 acdn.adnxs.com — Cisco Umbrella Rank: 584 secure.adnxs.com — Cisco Umbrella Rank: 462	9 KB
6	imrworldwide.com cdn-gl.imrworldwide.com — Cisco Umbrella Rank: 2600 secure-sdk.imrworldwide.com — Cisco Umbrella Rank: 6606 rvipxrbom2vawjzelwxkbvl9fzr2y1659588149.nuid.imrworldwide.com	68 KB
6	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 381 js.adsrvr.org — Cisco Umbrella Rank: 1298 insight.adsrvr.org — Cisco Umbrella Rank: 619	6 KB
4	linkedin.com 3 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 361 www.linkedin.com — Cisco Umbrella Rank: 491 px4.ads.linkedin.com — Cisco Umbrella Rank: 5619	3 KB
4	serving-sys.com secure-ds.serving-sys.com — Cisco Umbrella Rank: 1756 bs.serving-sys.com — Cisco Umbrella Rank: 1037 lm.serving-sys.com — Cisco Umbrella Rank: 1755	42 KB
4	dotmetrics.net au-script.dotmetrics.net — Cisco Umbrella Rank: 49411	39 KB
3	google.de www.google.de — Cisco Umbrella Rank: 5596 adservice.google.de — Cisco Umbrella Rank: 8117	1 KB
3	casalemedia.com 2 redirects ssum.casalemedia.com — Cisco Umbrella Rank: 1365 r.casalemedia.com — Cisco Umbrella Rank: 713 dsum-sec.casalemedia.com — Cisco Umbrella Rank: 530	3 KB
3	spotxchange.com 2 redirects sync.search.spotxchange.com — Cisco Umbrella Rank: 516	2 KB
3	amazon-adsystem.com c.amazon-adsystem.com — Cisco Umbrella Rank: 323	42 KB
3	kampyle.com nebula-cdn.kampyle.com — Cisco Umbrella Rank: 3988 udc-neb.kampyle.com — Cisco Umbrella Rank: 1961	90 KB
3	adsafeprotected.com static.adsafeprotected.com — Cisco Umbrella Rank: 594 cdn.adsafeprotected.com — Cisco Umbrella Rank: 3325 pixel.adsafeprotected.com — Cisco Umbrella Rank: 602	8 KB
3	tiqcdn.com tags.tiqcdn.com — Cisco Umbrella Rank: 817	21 KB
2	krxd.net 1 redirects usermatch.krxd.net — Cisco Umbrella Rank: 1229 beacon.krxd.net — Cisco Umbrella Rank: 502	529 B
2	pubmatic.com image5.pubmatic.com — Cisco Umbrella Rank: 50388 image2.pubmatic.com — Cisco Umbrella Rank: 869	225 B
2	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 125	32 KB
2	rubiconproject.com token.rubiconproject.com — Cisco Umbrella Rank: 707 pixel.rubiconproject.com — Cisco Umbrella Rank: 326	453 B
2	bedsberry.com bedsberry.com — Cisco Umbrella Rank: 195580	28 KB
2	fontawesome.com use.fontawesome.com — Cisco Umbrella Rank: 951	90 KB
2	scorecardresearch.com sb.scorecardresearch.com — Cisco Umbrella Rank: 145	2 KB
2	perfectmarket.com widget.perfectmarket.com — Cisco Umbrella Rank: 3204	32 KB
1	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 187	43 KB
1	1rx.io sync.1rx.io — Cisco Umbrella Rank: 550	99 B
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 100	543 B
1	openx.net us-u.openx.net — Cisco Umbrella Rank: 396	273 B
1	bluekai.com 1 redirects tags.bluekai.com — Cisco Umbrella Rank: 508	488 B
1	eyeota.net ps.eyeota.net — Cisco Umbrella Rank: 1014	83 B
1	scanscout.com 1 redirects dt.scanscout.com — Cisco Umbrella Rank: 23464	698 B
1	twitter.com analytics.twitter.com — Cisco Umbrella Rank: 506	355 B
1	t.co t.co — Cisco Umbrella Rank: 445	337 B
1	freent.de blob.freent.de — Cisco Umbrella Rank: 898209
1	mookie1.com au-gmtdmp.mookie1.com — Cisco Umbrella Rank: 234717	641 B
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 94	45 KB
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 734	3 KB
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 609	15 KB
1	turn.com 1 redirects d.turn.com — Cisco Umbrella Rank: 987	402 B
1	chartbeat.net ping.chartbeat.net — Cisco Umbrella Rank: 1018	201 B
1	tremorhub.com taboola-supply-partners.tremorhub.com — Cisco Umbrella Rank: 3058	183 B
1	rlcdn.com ats.rlcdn.com — Cisco Umbrella Rank: 1366	37 KB
1	newscgp.com au.tags.newscgp.com — Cisco Umbrella Rank: 122390	48 KB
1	chartbeat.com static.chartbeat.com — Cisco Umbrella Rank: 1197	24 KB
1	web.app ts2020-indies-client.web.app — Cisco Umbrella Rank: 166107	3 KB
1	ampproject.org cdn.ampproject.org — Cisco Umbrella Rank: 374	2 KB
1	speedcurve.com cdn.speedcurve.com — Cisco Umbrella Rank: 5550	7 KB
191	53

	Domain	Requested by
19	www.heraldsun.com.au	3 redirects www.heraldsun.com.au
10	dpm.demdex.net	1 redirects www.heraldsun.com.au tags.news.com.au
10	images.taboola.com	www.heraldsun.com.au
10	resourcesssl.newscdn.com.au	www.heraldsun.com.au ts2020-indies-client.web.app
10	tags.news.com.au	1 redirects www.heraldsun.com.au tags.tiqcdn.com au.tags.newscgp.com
8	sync-tm.everesttech.net	8 redirects
8	securepubads.g.doubleclick.net	1 redirects tags.tiqcdn.com securepubads.g.doubleclick.net www.heraldsun.com.au
7	tpc.googlesyndication.com	securepubads.g.doubleclick.net www.heraldsun.com.au tpc.googlesyndication.com
7	cdn.taboola.com	www.heraldsun.com.au cdn.taboola.com
6	www.google.com	www.heraldsun.com.au securepubads.g.doubleclick.net tpc.googlesyndication.com
5	pagead2.googlesyndication.com	ad.doubleclick.net www.heraldsun.com.au securepubads.g.doubleclick.net tpc.googlesyndication.com
4	ib.adnxs.com	2 redirects www.heraldsun.com.au
4	au-script.dotmetrics.net	tags.news.com.au www.heraldsun.com.au au-script.dotmetrics.net
4	trc.taboola.com	cdn.taboola.com www.heraldsun.com.au
3	cdn-gl.imrworldwide.com	tags.news.com.au cdn-gl.imrworldwide.com
3	sync.search.spotxchange.com	2 redirects www.heraldsun.com.au
3	c.amazon-adsystem.com	tags.tiqcdn.com c.amazon-adsystem.com
3	am-trc-events.taboola.com	www.heraldsun.com.au
3	tags.tiqcdn.com	www.heraldsun.com.au tags.tiqcdn.com
2	insight.adsrvr.org	js.adsrvr.org
2	www.google.de	www.heraldsun.com.au
2	adservice.google.com	8228261.fls.doubleclick.net securepubads.g.doubleclick.net
2	googleads.g.doubleclick.net	www.googleadservices.com
2	px.ads.linkedin.com	2 redirects
2	cm.g.doubleclick.net	1 redirects www.heraldsun.com.au
2	secure.adnxs.com	www.heraldsun.com.au
2	www.googleadservices.com	secure-ds.serving-sys.com www.googletagmanager.com
2	8228261.fls.doubleclick.net	1 redirects www.heraldsun.com.au
2	js.adsrvr.org	secure-ds.serving-sys.com
2	secure-sdk.imrworldwide.com	www.heraldsun.com.au
2	metrics.heraldsun.com.au	tags.news.com.au www.heraldsun.com.au
2	secure-ds.serving-sys.com	tags.tiqcdn.com secure-ds.serving-sys.com
2	match.adsrvr.org	imprammp.taboola.com www.heraldsun.com.au
2	nebula-cdn.kampyle.com	tags.tiqcdn.com nebula-cdn.kampyle.com
2	bedsberry.com	www.heraldsun.com.au bedsberry.com
2	use.fontawesome.com	cdn.taboola.com use.fontawesome.com
2	sb.scorecardresearch.com	cdn.taboola.com www.heraldsun.com.au
2	widget.perfectmarket.com	cdn.taboola.com widget.perfectmarket.com
1	marketingplatform.google.com	www.heraldsun.com.au
1	m.doubleclick.net	1 redirects
1	www.googletagservices.com	securepubads.g.doubleclick.net
1	adservice.google.de	securepubads.g.doubleclick.net
1	udc-neb.kampyle.com
1	sync.1rx.io	www.heraldsun.com.au
1	www.facebook.com	www.heraldsun.com.au
1	image2.pubmatic.com	www.heraldsun.com.au
1	us-u.openx.net	www.heraldsun.com.au
1	dsum-sec.casalemedia.com	www.heraldsun.com.au
1	pixel.rubiconproject.com	www.heraldsun.com.au
1	tags.bluekai.com	1 redirects
1	beacon.krxd.net	www.heraldsun.com.au
1	usermatch.krxd.net	1 redirects
1	cds.taboola.com	cdn.taboola.com
1	ps.eyeota.net	www.heraldsun.com.au
1	pips.taboola.com	cdn.taboola.com
1	dt.scanscout.com	1 redirects
1	r.casalemedia.com	1 redirects
1	ssum.casalemedia.com	1 redirects
1	image5.pubmatic.com	www.heraldsun.com.au
1	px4.ads.linkedin.com	www.heraldsun.com.au
1	www.linkedin.com	1 redirects
1	analytics.twitter.com	www.heraldsun.com.au
1	t.co	www.heraldsun.com.au
1	lm.serving-sys.com	secure-ds.serving-sys.com
1	blob.freent.de	www.heraldsun.com.au
1	au-gmtdmp.mookie1.com	www.heraldsun.com.au
1	acdn.adnxs.com	www.heraldsun.com.au
1	www.googletagmanager.com	secure-ds.serving-sys.com
1	snap.licdn.com	www.heraldsun.com.au
1	static.ads-twitter.com	www.heraldsun.com.au
1	token.rubiconproject.com	www.heraldsun.com.au
1	d.turn.com	1 redirects
1	pixel.adsafeprotected.com	cdn.adsafeprotected.com
1	bs.serving-sys.com	secure-ds.serving-sys.com
1	rvipxrbom2vawjzelwxkbvl9fzr2y1659588149.nuid.imrworldwide.com	www.heraldsun.com.au
1	cm.everesttech.net	1 redirects
1	newscorpau.demdex.net	tags.news.com.au
1	googleads4.g.doubleclick.net	ad.doubleclick.net
1	ping.chartbeat.net	www.heraldsun.com.au
1	cdn.adsafeprotected.com	tags.news.com.au
1	sync-t1.taboola.com	imprammp.taboola.com
1	taboola-supply-partners.tremorhub.com	imprammp.taboola.com
1	ats.rlcdn.com	tags.tiqcdn.com
1	au.tags.newscgp.com	tags.tiqcdn.com
1	static.chartbeat.com	tags.tiqcdn.com
1	ad.doubleclick.net	tags.tiqcdn.com
1	am-vid-events.taboola.com	www.heraldsun.com.au
1	imprammp.taboola.com	vidstat.taboola.com
1	static.adsafeprotected.com	bedsberry.com
1	vidstat.taboola.com	cdn.taboola.com
1	ts2020-indies-client.web.app	www.heraldsun.com.au
1	cdn.ampproject.org	www.heraldsun.com.au
1	cdn.speedcurve.com	www.heraldsun.com.au
0	d59a0ac26df7934462d3d489430e1024.safeframe.googlesyndication.com Failed	securepubads.g.doubleclick.net
191	94

This site contains no links.

Subject Issuer	Validity	Valid
news.com.au DigiCert SHA2 Secure Server CA	`2022-02-07` - `2023-02-06`	a year	crt.sh
*.speedcurve.com GlobalSign Atlas R3 DV TLS CA 2022 Q3	`2022-07-16` - `2023-08-17`	a year	crt.sh
*.taboola.com DigiCert TLS RSA SHA256 2020 CA1	`2021-11-28` - `2022-12-29`	a year	crt.sh
misc-sni.google.com GTS CA 1C3	`2022-07-18` - `2022-10-10`	3 months	crt.sh
widget.perfectmarket.com GlobalSign Atlas R3 DV TLS CA H2 2021	`2021-12-24` - `2023-01-25`	a year	crt.sh
*.scorecardresearch.com Amazon	`2022-01-29` - `2023-02-27`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-06` - `2023-06-05`	a year	crt.sh
bedsberry.com R3	`2022-06-18` - `2022-09-16`	3 months	crt.sh
*.tiqcdn.com DigiCert SHA2 Secure Server CA	`2022-02-27` - `2023-02-28`	a year	crt.sh
web.app GTS CA 1D4	`2022-06-13` - `2022-09-11`	3 months	crt.sh
static.adsafeprotected.com Amazon	`2021-09-05` - `2022-10-04`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-07-11` - `2022-10-03`	3 months	crt.sh
*.chartbeat.com Thawte RSA CA 2018	`2022-05-06` - `2023-06-03`	a year	crt.sh
au.tags.newscgp.com Amazon	`2022-01-11` - `2023-02-08`	a year	crt.sh
*.kampyle.com GlobalSign Atlas R3 DV TLS CA 2022 Q1	`2022-02-22` - `2023-03-26`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-07-11` - `2022-10-03`	3 months	crt.sh
c.amazon-adsystem.com Amazon	`2022-05-09` - `2023-04-18`	a year	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2022-02-03` - `2023-02-25`	a year	crt.sh
*.tremorhub.com Amazon	`2022-03-24` - `2023-04-22`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2022-03-31` - `2023-05-02`	a year	crt.sh
*.imrworldwide.com DigiCert TLS RSA SHA256 2020 CA1	`2022-01-04` - `2023-02-03`	a year	crt.sh
*.dotmetrics.net Amazon	`2021-10-24` - `2022-11-21`	a year	crt.sh
secure-ds.serving-sys.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-05` - `2023-03-08`	a year	crt.sh
*.adsafeprotected.com Amazon	`2022-06-21` - `2023-07-20`	a year	crt.sh
*.chartbeat.net Thawte RSA CA 2018	`2021-12-01` - `2022-12-30`	a year	crt.sh
*.demdex.net DigiCert TLS RSA SHA256 2020 CA1	`2021-10-19` - `2022-11-19`	a year	crt.sh
metrics.heraldsun.com.au DigiCert TLS RSA SHA256 2020 CA1	`2022-06-17` - `2023-07-18`	a year	crt.sh
*.nuid.imrworldwide.com Amazon	`2022-05-12` - `2023-06-10`	a year	crt.sh
bs.serving-sys.com Amazon	`2022-04-10` - `2023-05-09`	a year	crt.sh
fw.adsafeprotected.com Amazon	`2022-04-28` - `2023-05-27`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2022-03-08` - `2023-04-04`	a year	crt.sh
ads-twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2022-07-22` - `2023-08-22`	a year	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2022-03-01` - `2023-03-01`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-07-11` - `2022-10-03`	3 months	crt.sh
cdn.adnxs.com GeoTrust TLS RSA CA G1	`2022-03-11` - `2023-04-11`	a year	crt.sh
www.googleadservices.com GTS CA 1C3	`2022-07-18` - `2022-10-10`	3 months	crt.sh
*.mookie1.com DigiCert TLS RSA SHA256 2020 CA1	`2022-02-24` - `2023-03-27`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2022-02-11` - `2023-03-14`	a year	crt.sh
*.freent.de Sectigo RSA Domain Validation Secure Server CA	`2022-03-17` - `2023-04-15`	a year	crt.sh
lm.serving-sys.com Amazon	`2022-02-15` - `2023-03-16`	a year	crt.sh
t.co DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-07` - `2023-03-06`	a year	crt.sh
*.twitter.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-07` - `2023-03-06`	a year	crt.sh
*.pubmatic.com DigiCert SHA2 Secure Server CA	`2022-02-04` - `2023-02-03`	a year	crt.sh
*.googleadservices.com GTS CA 1C3	`2022-07-18` - `2022-10-10`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-07-18` - `2022-10-10`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-07-18` - `2022-10-10`	3 months	crt.sh
www.google.de GTS CA 1C3	`2022-07-18` - `2022-10-10`	3 months	crt.sh
eyeota.net GoGetSSL RSA DV CA	`2022-03-18` - `2023-03-18`	a year	crt.sh
*.google.de GTS CA 1C3	`2022-07-18` - `2022-10-10`	3 months	crt.sh
*.1rx.io Sectigo RSA Domain Validation Secure Server CA	`2022-06-28` - `2023-07-29`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-07-11` - `2022-10-03`	3 months	crt.sh

This page contains 19 frames:

Primary Page: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations?nk=bffdbacfe6649b0d1a2b0edf80c408cd-1659588143
Frame ID: 0151AE6288A60879478B424460706EB8
Requests: 134 HTTP requests in this frame

Frame: https://imprammp.taboola.com/st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=66361655&crid=-1&dast=V7mGgCFgOqDS9WLz6yIgSqDS9WLz6yIgUAAAAGBvQHG0EjUTYb5oI4GY2Gq9VwMpuMBpvZZLdYDGEjaCTKZsNcECej0XC1Gk5mk9FgM5vsFospcBjLZTKoBRKW2e87CBo-l0FUdL0tdofT7HnDGZpOh891r9f9fnehy_Iwmzyvu13jd9sVrr_c5fv8ZU-P6W95Ovxql9nid13uLrfaZbr83YLL3-rymN6Sv8frMrklzrfE8rS4LM-35OFxet5uhdns8jlMT7_dcwcAAACAh____38IAAAAgAgAAAAACQAAAACKgIp_C4ELAAAAAIz___9_DQAojgL2G-0ufwAAAACAAAAAAJAAFOwVlwBsjPSf_P_________HDNBn3sj8____3xj0ADz4ADwIAQAAfAyVxGgYIWQAtxMVmBYxAgAAAMit3oQ9mtQJlUXV__9_vxXAFQBAgOBZit9Hlu6gxFsYAADAgJip2dwxNhnz1dgCPSx-v9lh1_jdLvv_________N_s_-0cTghJ-TAtiQLFX-wUEAFj7BQQAYBM3AIA3AbiQO0PT6fC57vW63-8udFkeZpPndbdr_G67wvWXu3yfv-zpMf0tT4df7TJb_K7L3eVWu0yXv1tw-VtdHtNb8vd4XSa3xPmWWJ4Wl-X5ljw8Ts_brTCbXT6H6em3e05H0IrBYHUKMZkNNqvdcjiaHQAAAMDd____P56p2dwxNhnzlR5IDkYbz8o1mfkWnoVnYhk5bKPZzOFaTYyr2cY42R7s-u1sMuhuaJ-HsMx-30HQ8LkMoqLrbbE7nGbPQXzQMCwng2B-E7YYrSaTzXI4Wy4mg-FoOBrtbyAGowFOxGC5nEwWk91qtBpthrvRbLBAgRhMkKJFg8lqNJosJsPVaLKaLRe73QYpWrWajTaD4Wo2me12q-FguByNcMIWo9VkslkOZ8vFZDAcDUejIcLEzLIYTjYet2blW7hFI9vIrXBNTGvVZDdbWCyjxWLkW4teH9NzZRp5JqYpQtDtcuqbHmZP5XZ57GsPLgoGoO1FcJFO5C7f5-O3HB6ut8J1cgtdlofZ5HndLWKJ5mSRTmSXfXMw2nhWrsnMt_AsPBPLyGEbzWYO12piXM02xsm-MbMshpONx61Z-RZu0cg2citcE9NaNdnNFhbLaLEY-dai18f0XJlGnolp35itlqvhcDEa7huz1XI1HC5Gw32HyfRMfc5Gz1An8tjU3-Didrs5DAqXweL9SUyLaXd2MJ18R6fLK0wWdUbf9Xv0GhSeg0c1_j5umdHz2TeHzd2DQRFLBKeLdKJxmF4-v-V5EUskT4t0IpnMTJPhaOYYbia2wWK3MS0mvoVrsbH5Vh7nxjgRS5Smi3Sil7t8n7_s6TH9LU-HX-0yW_yuy93lVrtMl79bcPlbXR7TW_L3eF0mt8T5llieFpfl-ZY8PE7P260wm10-h-npt3su6j8-xHA1lyw2c8VqNVfsZqsEAAAAAAAAALCEOfMmAAAAAKfBrJab2WqdB7HbDWfD1XIBIvIBdX96WfJ4teBsihs_xnCX7_PxWw4P11vhOrmFLsvDbPK87lYGiLhnZd78mSDWarWsAQAABLABAAACuHXzFnBexf_____HAQAAyMjRAwAA0O8DMeGNO-KMIwI!&cmcv=&pix=undefined&cb=1659588149323&uv=3210&tms=1659588149323&abt=adh5c-1_vA!inc_all_video_vA!Noappq22_vB!spa2_vA!ttdfpc_vC!ufm&ft=0&unm=FEED_MANAGER&aure=false&agl=1&cirid=AFD23C9A8244855826240362711&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1
Frame ID: 272A6C4094D2CFDA5409CD9E538022F4
Requests: 4 HTTP requests in this frame

Frame: https://newscorpau.demdex.net/dest5.html?d_nsid=0
Frame ID: 756D3F636D6C64C05FDDE91119BBF40B
Requests: 22 HTTP requests in this frame

Frame: https://cdn-gl.imrworldwide.com/novms/html/ls.html
Frame ID: 435294AE1A3EB69CF3BD2FDFB845AF84
Requests: 3 HTTP requests in this frame

Frame: https://js.adsrvr.org/up_loader.1.1.0.js
Frame ID: A801BD920CE5FBEDA47048CABF968746
Requests: 1 HTTP requests in this frame

Frame: https://static.ads-twitter.com/uwt.js
Frame ID: 8C2A5CA7B25E73ED6496600CC29A7CE4
Requests: 3 HTTP requests in this frame

Frame: https://snap.licdn.com/li.lms-analytics/insight.min.js
Frame ID: 82174D35E51DCE3D5FCDD4451565F499
Requests: 2 HTTP requests in this frame

Frame: https://www.googletagmanager.com/gtag/js?id=AW-707564276
Frame ID: 3135850B7C8167AEBFE77E101B47AB7C
Requests: 5 HTTP requests in this frame

Frame: https://js.adsrvr.org/up_loader.1.1.0.js
Frame ID: 2D6357C82F273B68996479EE767F49E6
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/up/pixie.js
Frame ID: D5D7D70FAD35FB41C5F971C31067E76C
Requests: 2 HTTP requests in this frame

Frame: https://8228261.fls.doubleclick.net/activityi;dc_pre=CPLSxNGvrPkCFUYFBgAdOdAIBA;src=8228261;type=invmedia;cat=newsc00a;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=2804981174236.03
Frame ID: 831E105EE428666C5771F76F0F140CDA
Requests: 2 HTTP requests in this frame

Frame: https://www.googleadservices.com/pagead/conversion.js
Frame ID: 2D6443999621107391F3E1F3AA21FE38
Requests: 4 HTTP requests in this frame

Frame: https://au-gmtdmp.mookie1.com/t/v2/activity?tagid=V2_296557&src.rand=[timestamp]
Frame ID: 84A3DFB02A3175DF6BFDE5D740F0B817
Requests: 1 HTTP requests in this frame

Frame: https://secure.adnxs.com/px?id=879166&seg=9702347&t=2
Frame ID: B309EFDC12BC19D57A7A900FB703C29F
Requests: 1 HTTP requests in this frame

Frame: https://insight.adsrvr.org/track/up?adv=12uiapu&ref=https%3A%2F%2Fwww.heraldsun.com.au%2Fnews%2Fvictoria%2Fmelbourne-metro-project-rocked-by-bribery-racism-allegations&upid=trk7f24&upv=1.1.0
Frame ID: D1B8416D584796E946616B4489FAAD55
Requests: 1 HTTP requests in this frame

Frame: https://insight.adsrvr.org/track/up?adv=vrges6n&ref=https%3A%2F%2Fwww.heraldsun.com.au%2Fnews%2Fvictoria%2Fmelbourne-metro-project-rocked-by-bribery-racism-allegations&upid=ekg5qxt&upv=1.1.0
Frame ID: 6C41594483D43085069B4931E057DCCD
Requests: 1 HTTP requests in this frame

Frame: https://d59a0ac26df7934462d3d489430e1024.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: EDBD5F3EAC7CFAB2F39CFDCAC67D462E
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: B8432DB54F116C1D3D4B163C8CCB1AB4
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 6D5A2B4D352DDA2FFF35E13F646E6675
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations HTTP 302
https://www.heraldsun.com.au/remote/check_cookie.html?url=https%3a%2f%2fwww.heraldsun.com.au%2fnews%2fvic... HTTP 302
https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations HTTP 302
https://tags.news.com.au/prod/newskey/generator.html?origin=https%3a%2f%2fwww.heraldsun.com.au%2fnews... HTTP 302
https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations?n... Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Akamai Bot Manager (Security) Expand

Overall confidence: 100%
Detected patterns

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Prebid (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

/prebid\.js

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

Sizmek (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

serving-sys\.com/

comScore (Analytics) Expand

Overall confidence: 100%
Detected patterns

\.scorecardresearch\.com/beacon\.js|COMSCORE\.beacon

Page Statistics

191
Requests

88 %
HTTPS

29 %
IPv6

53
Domains

94
Subdomains

74
IPs

8
Countries

2032 kB
Transfer

5703 kB
Size

86
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations HTTP 302
https://www.heraldsun.com.au/remote/check_cookie.html?url=https%3a%2f%2fwww.heraldsun.com.au%2fnews%2fvictoria%2fmelbourne-metro-project-rocked-by-bribery-racism-allegations HTTP 302
https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations HTTP 302
https://tags.news.com.au/prod/newskey/generator.html?origin=https%3a%2f%2fwww.heraldsun.com.au%2fnews%2fvictoria%2fmelbourne-metro-project-rocked-by-bribery-racism-allegations&1659588142559960664 HTTP 302
https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations?nk=bffdbacfe6649b0d1a2b0edf80c408cd-1659588143 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 80

https://sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26 HTTP 302
https://sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=d91612a1-13af-11ed-bd3b-1ac054420106 HTTP 302
https://sync-t1.taboola.com/sg/spotx-rtb-network/1/rtb-h?taboola_hm=d9161269-13af-11ed-bd3b-1ac054420106&orig=video&us_privacy=1---gdpr=1&

Request Chain 85

https://dpm.demdex.net/id?d_visid_ver=5.1.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=5FE61C8B533204850A490D4D%40AdobeOrg&d_nsid=0&ts=1659588149472 HTTP 302
https://dpm.demdex.net/id/rd?d_visid_ver=5.1.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=5FE61C8B533204850A490D4D%40AdobeOrg&d_nsid=0&ts=1659588149472

Request Chain 99

https://cm.everesttech.net/cm/dd?d_uuid=38195624764858219322756263564516324651 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=YutONgAAAGwF9gOV

Request Chain 111

https://ib.adnxs.com/getuid?https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D358%26dpuuid%3D%24UID HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fdpm.demdex.net%252Fibs%253Adpid%253D358%2526dpuuid%253D%2524UID HTTP 302
https://dpm.demdex.net/ibs:dpid=358&dpuuid=2906528172550949699

Request Chain 112

https://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMjM2NTYzMjkvdC8y/url/https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D470%26dpuuid%3D%24!%7BTURN_UUID%7D HTTP 302
https://dpm.demdex.net/ibs:dpid=470&dpuuid=3226917389351372034

Request Chain 121

https://8228261.fls.doubleclick.net/activityi;src=8228261;type=invmedia;cat=newsc00a;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=2804981174236.03 HTTP 302
https://8228261.fls.doubleclick.net/activityi;dc_pre=CPLSxNGvrPkCFUYFBgAdOdAIBA;src=8228261;type=invmedia;cat=newsc00a;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=2804981174236.03

Request Chain 127

https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm&gdpr=0&gdpr_consent=&google_hm=MzgxOTU2MjQ3NjQ4NTgyMTkzMjI3NTYyNjM1NjQ1MTYzMjQ2NTE= HTTP 302
https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEN1tfZrK_eyR6aHap1MyU-U&google_cver=1?gdpr=0&gdpr_consent=

Request Chain 133

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1765380&time=1659588150683&url=https%3A%2F%2Fwww.heraldsun.com.au%2F HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D1765380%26time%3D1659588150683%26url%3Dhttps%253A%252F%252Fwww.heraldsun.com.au%252F%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1765380&time=1659588150683&url=https%3A%2F%2Fwww.heraldsun.com.au%2F&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=1765380&time=1659588150683&url=https%3A%2F%2Fwww.heraldsun.com.au%2F&liSync=true&e_ipv6=AQK-XWl6ay-6JgAAAYJnKYhp_cOev-KontbaIf5I-qVK_p3C6zsXZFUwWqCI-BxsQ5dXv2SP

Request Chain 138

https://ssum.casalemedia.com/usermatchredir?s=183607&cb=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D23728%26dpuuid%3D__UID__ HTTP 302
https://r.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D23728%26dpuuid%3D__UID__&s=183607&C=1 HTTP 302
https://dpm.demdex.net/ibs:dpid=23728&dpuuid=YutON8CD-nY67Jb5xHBnFAAA%261182

Request Chain 141

https://dt.scanscout.com/ssframework/uid?UIAA=38195624764858219322756263564516324651&url=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D30432%26dpuuid%3D%5BUSER_ID%5D HTTP 302
https://dpm.demdex.net/ibs:dpid=30432&dpuuid=CI-72194b64a7bfc4df8867066ee0dc0387

Request Chain 148

https://usermatch.krxd.net/um/v2?partner=adobe&id=38195624764858219322756263564516324651 HTTP 302
https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=adobe&id=38195624764858219322756263564516324651

Request Chain 149

https://tags.bluekai.com/site/43981?id=38195624764858219322756263564516324651&redir=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D134096%26dpuuid%3D%24_BK_UUID HTTP 302
https://dpm.demdex.net/ibs:dpid=134096&dpuuid=$_BK_UUID

Request Chain 152

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_push%26google_sc%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_push&google_sc&google_hm=WXV0T05nQUFBR3dGOWdPVg==

Request Chain 153

https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D7941%26nid%3D2243%26put%3D%24%7BUSER_ID%7D%26expires%3D90 HTTP 302
https://pixel.rubiconproject.com/tap.php?v=7941&nid=2243&put=YutONgAAAGwF9gOV&expires=90

Request Chain 156

https://sync-tm.everesttech.net/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=YutONgAAAGwF9gOV

Request Chain 157

https://sync-tm.everesttech.net/upi/pid/UH6TUt9n?redir=https%3A%2F%2Fib.adnxs.com%2Fsetuid%3Fentity%3D158%26code%3D%24%7BTM_USER_ID%7D HTTP 302
https://ib.adnxs.com/setuid?entity=158&code=YutONgAAAGwF9gOV

Request Chain 159

https://sync-tm.everesttech.net/upi/pid/ny75r2x0?redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537148856%26val%3D%24%7BTM_USER_ID%7D HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537148856&val=YutONgAAAGwF9gOV

Request Chain 160

https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YutONgAAAGwF9gOV

Request Chain 162

https://sync-tm.everesttech.net/upi/pid/h0r58thg?redir=https%3A%2F%2Fsync.search.spotxchange.com%2Fpartner%3Fadv_id%3D6409%26uid%3D%24%7BUSER_ID%7D%26img%3D1 HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=6409&uid=YutONgAAAGwF9gOV&img=1

Request Chain 163

https://sync-tm.everesttech.net/upi/pid/r7ifn0SL?redir=https%3A%2F%2Fwww.facebook.com%2Ffr%2Fb.php%3Fp%3D1531105787105294%26e%3D%24%7BTM_USER_ID%7D%26t%3D2592000%26o%3D0 HTTP 302
https://www.facebook.com/fr/b.php?p=1531105787105294&e=YutONgAAAGwF9gOV&t=2592000&o=0

Request Chain 187

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsv19gA6cHCOPI7HuYzpsQBLRsyntCCJ06F0HJ6Fm2OZlOKmjeC42yB9daq7ehDPILi4I0FcXLfdbdLgQQhUg-HEJjF7KSwMgwjrIzan8WWZZuWH8TCQm_0-2dxpt4sQ_gqZv-85hacCEfY-uT3qdMLpnGYgFDbu78xD1JjdkawXPL3s_tWued1VA6FRAT9TmT7-X4J3WYsve5UfoZCRB4V-dea1S5Wg49pNPkZq-YNqmlliUHtfSMQiQgRr8EMf4iXeXIJxCWpEuqOpl-tOvhl1mUV_jmxyabBI0kI1IJlndQLSnILFq0YLg4yoJiwBgDFmeSehAFjICFA&sig=Cg0ArKJSzGIuRGu_0fJFEAE&uach_m=[UACH]&urlfix=1&adurl=http://m.doubleclick.net HTTP 302
https://m.doubleclick.net/ HTTP 301
https://marketingplatform.google.com/about/enterprise/

191 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

404

Primary Request melbourne-metro-project-rocked-by-bribery-racism-allegations Show response
www.heraldsun.com.au/news/victoria/
Redirect Chain

https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations
https://www.heraldsun.com.au/remote/check_cookie.html?url=https%3a%2f%2fwww.heraldsun.com.au%2fnews%2fvictoria%2fmelbourne-metro-project-rocked-by-bribery-racism-allegations
https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations
https://tags.news.com.au/prod/newskey/generator.html?origin=https%3a%2f%2fwww.heraldsun.com.au%2fnews%2fvictoria%2fmelbourne-metro-project-rocked-by-bribery-racism-allegations&1659588142559960664
https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations?nk=bffdbacfe6649b0d1a2b0edf80c408cd-1659588143

269 KB
55 KB

4187ms
4187ms

Document
text/html

92.123.36.246
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations?nk=bffdbacfe6649b0d1a2b0edf80c408cd-1659588143

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

92.123.36.246 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-36-246.deploy.static.akamaitechnologies.com

Software

nginx / WordPress VIP <https://wpvip.com>

Resource Hash

16522f32fedaa365726bdc300197db4623e8051dd45d4e3a4a57e3cf7b7099c5

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
X-Content-Security-Policy	block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

blaizehappened: true
cache-control: max-age=0, no-cache, no-store
content-encoding: gzip
content-security-policy: block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://www.heraldsun.com.au/csp-reports
content-type: text/html; charset=UTF-8
date: Thu, 04 Aug 2022 04:42:27 GMT
expires: Thu, 04 Aug 2022 04:42:27 GMT
host-header: a9130478a60e5f9135f765b23f26593b
is-https: true
pragma: no-cache
server: nginx
vary: User-Agent Accept-Encoding
x-akamai-transformed: 9 275044 0 pmb=mTOE,2
x-arrrg4
x-arrrg5: /blaize/decision-engine?path=https%3a%2f%2fwww.heraldsun.com.au%2fnews%2fvictoria%2fmelbourne-metro-project-rocked-by-bribery-racism-allegations%3fnk%3dbffdbacfe6649b0d1a2b0edf80c408cd-1659588143&blaizehost=cdn.heraldsun.newscorp.blaize.io&content_id=melbourne-metro-project-rocked-by-bribery-racism-allegations&session=bffdbacfe6649b0d1a2b0edf80c408cd
x-bpath: OLD
x-content-security-policy: block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
x-content-type-options: nosniff
x-opw: 4
x-powered-by: WordPress VIP <https://wpvip.com>
x-rq: sin1 0 2 9980
x-webkit-csp: block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
x-xss-protection: 1

Redirect headers

cache-control: max-age=0, no-cache
content-length: 154
content-type: text/html
date: Thu, 04 Aug 2022 04:42:23 GMT
etag: "33ff9d0c67eb5d47fbc47cd4b02fa26c:1652934576.471666"
expires: Thu, 04 Aug 2022 04:42:23 GMT
location: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations?nk=bffdbacfe6649b0d1a2b0edf80c408cd-1659588143
mime-version: 1.0
p3p: CP="News Ltd does not have a P3P policy. You can view our Privacy Policy at http://www.newscorpaustraliaprivacy.com"
pragma: no-cache
server: AkamaiGHost
vary: Accept-Encoding

GET
H2 200 css-metro-desktop-lazy.css
www.heraldsun.com.au/wp-content/themes/newscorpau-news-dna/dist/stylesheets/ 55 B
763 B 377ms
375ms Stylesheet
text/css 92.123.36.246
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.heraldsun.com.au/wp-content/themes/newscorpau-news-dna/dist/stylesheets/css-metro-desktop-lazy.css?v=21

Requested by

Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations?nk=bffdbacfe6649b0d1a2b0edf80c408cd-1659588143

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

92.123.36.246 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-36-246.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

5de6739e9847c4f4d179a4b69eab45a9d7d893472a354ac7a3d477fc8c0be048

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
X-Content-Security-Policy	block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;

Request headers

Referer: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations?nk=bffdbacfe6649b0d1a2b0edf80c408cd-1659588143
Origin: https://www.heraldsun.com.au
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Thu, 04 Aug 2022 04:42:28 GMT
content-encoding: gzip
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://www.heraldsun.com.au/csp-reports
is-https: true
x-opw: 4
content-length: 74
x-rq: sin2 0 2 9980
last-modified: Wed, 27 Jul 2022 07:59:29 GMT
server: nginx
etag: "62e0f061-37"
vary: User-Agent
content-type: text/css
expires: Thu, 04 Aug 2022 04:43:15 GMT
cache-control: max-age=47
content-security-policy: block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
accept-ranges: bytes
x-webkit-csp: block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
x-content-security-policy: block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;

GET
H2 200 charter_bold.woff2
resourcesssl.newscdn.com.au/cs/ts2020/assets/fonts/ 11 KB
12 KB 521ms
121ms Font
binary/octet-stream 23.47.212.205
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://resourcesssl.newscdn.com.au/cs/ts2020/assets/fonts/charter_bold.woff2
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations?nk=bffdbacfe6649b0d1a2b0edf80c408cd-1659588143
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.47.212.205 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-47-212-205.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 6819b8c0c5650d0ca031a2b12f8335f2f0af7457832e2856a4285f1132eecccf

Request headers

Referer: https://www.heraldsun.com.au/
Origin: https://www.heraldsun.com.au
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

unused62: 8096267
date: Thu, 04 Aug 2022 04:42:28 GMT
last-modified: Fri, 25 Sep 2020 03:04:51 GMT
server: AmazonS3
x-amz-request-id: 822C52D49900E1A5
etag: "c4ced7adf03d84494a6c1da275896d38"
access-control-allow-methods: GET,POST
content-type: binary/octet-stream
access-control-allow-origin: *
cache-control: max-age=488038
accept-ranges: bytes
content-length: 11472
x-amz-id-2: lNfSs+D5nOdqmOeEeQu+es+zgQHb8EnWZowfh8vu7Gi/W+9GCytIpPkJImMDD3AIEVsUiK7WEFs=
expires: Tue, 09 Aug 2022 20:16:26 GMT

GET
H2 200 charter_italic.woff2
resourcesssl.newscdn.com.au/cs/ts2020/assets/fonts/ 12 KB
12 KB 548ms
148ms Font
binary/octet-stream 23.47.212.205
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://resourcesssl.newscdn.com.au/cs/ts2020/assets/fonts/charter_italic.woff2
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations?nk=bffdbacfe6649b0d1a2b0edf80c408cd-1659588143
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.47.212.205 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-47-212-205.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 5ffaa38b1eb97aa761378ac0ab66b43d92aa9a5706b465e5dc99ae2007b440ec

Request headers

Referer: https://www.heraldsun.com.au/
Origin: https://www.heraldsun.com.au
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

unused62: 8096267
date: Thu, 04 Aug 2022 04:42:28 GMT
last-modified: Fri, 25 Sep 2020 03:04:51 GMT
server: AmazonS3
x-amz-request-id: B00632A942D90248
etag: "ad24be3fafec705de20c00e56afe05ae"
access-control-allow-methods: GET,POST
content-type: binary/octet-stream
access-control-allow-origin: *
cache-control: max-age=293752
accept-ranges: bytes
content-length: 12052
x-amz-id-2: EcR9BsUTXAMnXhXqferO6XFk2GpHe/IiATWgjp69fPOuNL9gh6td24MYKHj4f0Vc7NR9+Lx7k7c=
expires: Sun, 07 Aug 2022 14:18:20 GMT

GET
H2 200 charter_bold_italic.woff2
resourcesssl.newscdn.com.au/cs/ts2020/assets/fonts/ 12 KB
13 KB 582ms
182ms Font
binary/octet-stream 23.47.212.205
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://resourcesssl.newscdn.com.au/cs/ts2020/assets/fonts/charter_bold_italic.woff2
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations?nk=bffdbacfe6649b0d1a2b0edf80c408cd-1659588143
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.47.212.205 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-47-212-205.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 1d5c29fa89d8c1c62950640a2e0acf7eeebb2d06eb4b784f102d2925fa708971

Request headers

Referer: https://www.heraldsun.com.au/
Origin: https://www.heraldsun.com.au
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

unused62: 8096267
date: Thu, 04 Aug 2022 04:42:28 GMT
last-modified: Fri, 25 Sep 2020 03:04:51 GMT
server: AmazonS3
x-amz-request-id: 7793FFB64BE88EC2
etag: "da48b0752549dabb4675d82412c9cd2d"
access-control-allow-methods: GET,POST
content-type: binary/octet-stream
access-control-allow-origin: *
cache-control: max-age=514175
accept-ranges: bytes
content-length: 12440
x-amz-id-2: WP+fhnFMJweJzhDs8jNT3aoMY7YWnhxFEbns7mRGLvpZL85jNLI0g/nWjmTZURix9TFjxEH5yZg=
expires: Wed, 10 Aug 2022 03:32:03 GMT

GET
H2 200 charter_regular.woff2
resourcesssl.newscdn.com.au/cs/ts2020/assets/fonts/ 11 KB
11 KB 574ms
175ms Font
binary/octet-stream 23.47.212.205
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://resourcesssl.newscdn.com.au/cs/ts2020/assets/fonts/charter_regular.woff2
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations?nk=bffdbacfe6649b0d1a2b0edf80c408cd-1659588143
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.47.212.205 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-47-212-205.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: da2fd84220ee9fc01bb1cd5f584e0fbb0b23ec48f548681dd28c00d1522a1fd0

Request headers

Referer: https://www.heraldsun.com.au/
Origin: https://www.heraldsun.com.au
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

unused62: 8096267
date: Thu, 04 Aug 2022 04:42:28 GMT
last-modified: Fri, 25 Sep 2020 03:04:51 GMT
server: AmazonS3
x-amz-request-id: 59A936C138FB732B
etag: "29e85ea235248e0a7761df4fe6643e1a"
access-control-allow-methods: GET,POST
content-type: binary/octet-stream
access-control-allow-origin: *
cache-control: max-age=495781
accept-ranges: bytes
content-length: 11372
x-amz-id-2: vNNCWmFfm7KmosAUqFsj/eBu424tI06FuwZ2AzN6n14c+hc+KlWH+QrjUMsYgFJHYhIV405yDUU=
expires: Tue, 09 Aug 2022 22:25:29 GMT

GET
H2 200 lux.js Show response
cdn.speedcurve.com/js/ 18 KB
7 KB 131ms
32ms Script
application/javascript 151.101.66.217
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.speedcurve.com/js/lux.js?id=338391603
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations?nk=bffdbacfe6649b0d1a2b0edf80c408cd-1659588143
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.66.217 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache /
Resource Hash: 749017b53b677c8309df48f408a6446f0d29e8256fe34d6a8521ce804b1e370e

Request headers

Referer: https://www.heraldsun.com.au/
Origin: https://www.heraldsun.com.au
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Thu, 04 Aug 2022 04:42:27 GMT
via: 1.1 vegur, 1.1 varnish
age: 693
x-cache: HIT
x-cache-hits: 4
content-encoding: gzip
content-length: 6552
x-served-by: cache-hhn4064-HHN
last-modified: Thu, 04 Aug 2022 04:30:54 GMT
server: Apache
x-timer: S1659588148.916914,VS0,VE0
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 11 Aug 2022 04:30:54 GMT

GET
H2 200 ipad-interface.js Show response
www.heraldsun.com.au/wp-content/themes/newscorpau-news-dna/dist/javascripts/ 2 KB
2 KB 315ms
313ms Script
application/javascript 92.123.36.246
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.heraldsun.com.au/wp-content/themes/newscorpau-news-dna/dist/javascripts/ipad-interface.js

Requested by

Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations?nk=bffdbacfe6649b0d1a2b0edf80c408cd-1659588143

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

92.123.36.246 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-36-246.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

727ad8dc8c8b03a4f2cc5ecb39491ff5f590c79c0bd8981faa408cd706332f3b

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
X-Content-Security-Policy	block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations?nk=bffdbacfe6649b0d1a2b0edf80c408cd-1659588143
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Thu, 04 Aug 2022 04:42:28 GMT
content-encoding: gzip
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://www.heraldsun.com.au/csp-reports
is-https: true
x-opw: 4
content-length: 958
x-rq: sin2 0 2 9980
last-modified: Wed, 27 Jul 2022 07:59:28 GMT
server: nginx
etag: W/"62e0f060-879"
vary: User-Agent
content-type: application/javascript
expires: Thu, 04 Aug 2022 04:42:29 GMT
cache-control: max-age=1
content-security-policy: block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
accept-ranges: bytes
x-webkit-csp: block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
x-content-security-policy: block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;

GET
H2 200 js-critical-desktop.js Show response
www.heraldsun.com.au/wp-content/themes/newscorpau-news-dna/dist/javascripts/ 7 KB
4 KB 436ms
434ms Script
application/javascript 92.123.36.246
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.heraldsun.com.au/wp-content/themes/newscorpau-news-dna/dist/javascripts/js-critical-desktop.js?v=21

Requested by

Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations?nk=bffdbacfe6649b0d1a2b0edf80c408cd-1659588143

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

92.123.36.246 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-36-246.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

27cab8964dd6da6b824813caaf9c878588797e58ca970a9e99583813d303df64

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
X-Content-Security-Policy	block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations?nk=bffdbacfe6649b0d1a2b0edf80c408cd-1659588143
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Thu, 04 Aug 2022 04:42:28 GMT
content-encoding: gzip
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://www.heraldsun.com.au/csp-reports
is-https: true
x-opw: 4
content-length: 2945
x-rq: sin2 0 2 9980
last-modified: Wed, 27 Jul 2022 07:59:28 GMT
server: nginx
etag: W/"62e0f060-1d61"
vary: User-Agent
content-type: application/javascript
expires: Thu, 04 Aug 2022 04:42:29 GMT
cache-control: max-age=1
content-security-policy: block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
accept-ranges: bytes
x-webkit-csp: block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
x-content-security-policy: block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;

GET
H2 200 css-logos.css
www.heraldsun.com.au/wp-content/themes/newscorpau-news-dna/dist/stylesheets/ 0
2 KB 338ms
337ms Other
text/css 92.123.36.246
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.heraldsun.com.au/wp-content/themes/newscorpau-news-dna/dist/stylesheets/css-logos.css

Requested by

Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations?nk=bffdbacfe6649b0d1a2b0edf80c408cd-1659588143

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

92.123.36.246 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-36-246.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
X-Content-Security-Policy	block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;

Request headers

Referer: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations?nk=bffdbacfe6649b0d1a2b0edf80c408cd-1659588143
Origin: https://www.heraldsun.com.au
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Thu, 04 Aug 2022 04:42:28 GMT
content-encoding: gzip
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://www.heraldsun.com.au/csp-reports
is-https: true
x-opw: 4
content-length: 1440
x-rq: sin2 0 2 9980
last-modified: Wed, 27 Jul 2022 07:59:29 GMT
server: nginx
etag: W/"62e0f061-2882"
vary: User-Agent
content-type: text/css
expires: Thu, 04 Aug 2022 04:42:29 GMT
cache-control: max-age=1
content-security-policy: block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
accept-ranges: bytes
x-webkit-csp: block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
x-content-security-policy: block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;

GET
H2 200 app.css
www.heraldsun.com.au/wp-content/plugins/newscorpau-plugins/liveblog/assets/ 0
7 KB 426ms
425ms Other
text/css 92.123.36.246
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.heraldsun.com.au/wp-content/plugins/newscorpau-plugins/liveblog/assets/app.css

Requested by

Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations?nk=bffdbacfe6649b0d1a2b0edf80c408cd-1659588143

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

92.123.36.246 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-36-246.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
X-Content-Security-Policy	block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;

Request headers

Referer: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations?nk=bffdbacfe6649b0d1a2b0edf80c408cd-1659588143
Origin: https://www.heraldsun.com.au
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Thu, 04 Aug 2022 04:42:28 GMT
content-encoding: gzip
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://www.heraldsun.com.au/csp-reports
is-https: true
x-opw: 4
content-length: 6236
x-rq: sin1 0 2 9980
last-modified: Tue, 02 Aug 2022 00:40:11 GMT
server: nginx
etag: W/"62e8726b-7b68"
vary: User-Agent
content-type: text/css
expires: Thu, 04 Aug 2022 04:42:35 GMT
cache-control: max-age=7
content-security-policy: block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
accept-ranges: bytes
x-webkit-csp: block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
x-content-security-policy: block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;

GET
H2 200 theme.css
www.heraldsun.com.au/wp-content/plugins/newscorpau-plugins/liveblog/assets/ 0
2 KB 341ms
340ms Other
text/css 92.123.36.246
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.heraldsun.com.au/wp-content/plugins/newscorpau-plugins/liveblog/assets/theme.css

Requested by

Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations?nk=bffdbacfe6649b0d1a2b0edf80c408cd-1659588143

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

92.123.36.246 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-36-246.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
X-Content-Security-Policy	block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;

Request headers

Referer: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations?nk=bffdbacfe6649b0d1a2b0edf80c408cd-1659588143
Origin: https://www.heraldsun.com.au
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Thu, 04 Aug 2022 04:42:28 GMT
content-encoding: gzip
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://www.heraldsun.com.au/csp-reports
is-https: true
x-opw: 4
content-length: 894
x-rq: sin1 0 2 9980
last-modified: Wed, 27 Jul 2022 07:59:27 GMT
server: nginx
etag: W/"62e0f05f-b62"
vary: User-Agent
content-type: text/css
expires: Thu, 04 Aug 2022 04:42:29 GMT
cache-control: max-age=1
content-security-policy: block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
accept-ranges: bytes
x-webkit-csp: block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
x-content-security-policy: block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;

GET
H2 200 loader.js Show response
cdn.taboola.com/libtrc/newscorpau-aud-heraldsun/ 233 KB
35 KB 345ms
236ms Script
application/javascript 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/newscorpau-aud-heraldsun/loader.js
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations?nk=bffdbacfe6649b0d1a2b0edf80c408cd-1659588143
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 38cd4e4ae59a14d770a57361d04bb5120a3fd424a4294d1af8e20519d2d91cff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-version-id: r0zm.rMv5ArA8qW9QoM254nztBLKlSO7
content-encoding: gzip
etag: "f9a221eda899f800f417dea532cf279f"
age: 0
x-cache: HIT
content-length: 34979
x-amz-id-2: PXiEBmPdVeSanaWpjkn2UmmaaazNxMfy1I7C5vp8VbBvxZ5L+6GzcJg3CyWDAyN6/wXZpBuTJ18=
x-served-by: cache-hhn4075-HHN
last-modified: Wed, 03 Aug 2022 09:17:24 GMT
server: AmazonS3
x-timer: S1659588148.926332,VS0,VE196
date: Thu, 04 Aug 2022 04:42:28 GMT
vary: Accept-Encoding
x-amz-request-id: 51FWP0G3YD5Z1BNT
via: 1.1 varnish
cache-control: private,max-age=14401
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
abp: 53
x-cache-hits: 1

GET
H2 200 54acb8e6 Show response
www.heraldsun.com.au/akam/13/ 26 KB
10 KB 716ms
715ms Script
application/javascript 92.123.36.246
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.heraldsun.com.au/akam/13/54acb8e6

Requested by

Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

92.123.36.246 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-36-246.deploy.static.akamaitechnologies.com

Software

Resource Hash

d53f7b12fb39eb9f7b3443abe42ce9b7f6b76eda3ae7c0db50870bdf7d833bce

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
X-Content-Security-Policy	block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

content-security-policy: block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
content-encoding: gzip
etag: "2154182a2242d5f75b2121c3a228f1c5884150cfbf6b8014191e65c348e606cf"
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://www.heraldsun.com.au/csp-reports
is-https: true
x-arrrg4: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations
x-opw: 4
content-length: 8768
pragma: no-cache
x-bpath: OLD
blaizehappened: true
date: Thu, 04 Aug 2022 04:42:28 GMT
vary: User-Agent, Accept-Encoding
content-type: application/javascript
expires: Thu, 04 Aug 2022 04:42:28 GMT
cache-control: max-age=0, no-cache, no-store
x-arrrg5: /blaize/decision-engine?path=https%3a%2f%2fwww.heraldsun.com.au%2fakam%2f13%2f54acb8e6&blaizehost=cdn.heraldsun.newscorp.blaize.io&content_id=54acb8e6&session=bffdbacfe6649b0d1a2b0edf80c408cd
x-webkit-csp: block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
x-content-security-policy: block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;

GET
H2 200 heraldsun.svg
www.heraldsun.com.au/wp-content/themes/newscorpau-news-dna/dist/images/logos/ 8 KB
4 KB 154ms
153ms Image
image/svg+xml 92.123.36.246
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.heraldsun.com.au/wp-content/themes/newscorpau-news-dna/dist/images/logos/heraldsun.svg

Requested by

Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

92.123.36.246 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-36-246.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

5e7b471a7b5dcd0107a7a7d6e057c7a6377f258a3bf28087ce83711e0ae4826a

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
X-Content-Security-Policy	block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Thu, 04 Aug 2022 04:42:27 GMT
content-encoding: gzip
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://www.heraldsun.com.au/csp-reports
is-https: true
x-opw: 4
content-length: 3055
x-rq: sin1 0 2 9980
last-modified: Tue, 12 Jul 2022 04:32:40 GMT
server: nginx
etag: W/"62ccf968-1f69"
vary: User-Agent
content-type: image/svg+xml
expires: Thu, 11 Aug 2022 18:06:16 GMT
cache-control: max-age=653029
content-security-policy: block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
accept-ranges: bytes
x-webkit-csp: block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
x-content-security-policy: block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;

GET
H2 200 heraldsun-white.svg
www.heraldsun.com.au/wp-content/themes/newscorpau-news-dna/dist/images/logos/ 8 KB
4 KB 174ms
174ms Image
image/svg+xml 92.123.36.246
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.heraldsun.com.au/wp-content/themes/newscorpau-news-dna/dist/images/logos/heraldsun-white.svg

Requested by

Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

92.123.36.246 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-36-246.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

07eebaabb6e2422ce7a01c346a62b108257cae5a07b5a3a630f0937013ddc05c

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
X-Content-Security-Policy	block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Thu, 04 Aug 2022 04:42:27 GMT
content-encoding: gzip
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://www.heraldsun.com.au/csp-reports
is-https: true
x-opw: 4
content-length: 2891
x-rq: ewr3 0 2 9980
last-modified: Sun, 10 Jul 2022 08:13:00 GMT
server: nginx
etag: W/"62ca8a0c-1e5e"
vary: User-Agent
content-type: image/svg+xml
expires: Wed, 17 Aug 2022 14:20:23 GMT
cache-control: max-age=1157876
content-security-policy: block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
accept-ranges: bytes
x-webkit-csp: block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
x-content-security-policy: block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;

GET
H2 200 title-arrow.svg
resourcesssl.newscdn.com.au/cs/ts2020/assets/images/icons/ 540 B
875 B 401ms
67ms Image
image/svg+xml 23.47.212.205
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://resourcesssl.newscdn.com.au/cs/ts2020/assets/images/icons/title-arrow.svg
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.47.212.205 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-47-212-205.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: e6913000ad0d73535ca314d6fce75229b8de1a20ac464247359d710713384596

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

unused62: 8096267
date: Thu, 04 Aug 2022 04:42:28 GMT
last-modified: Wed, 16 Sep 2020 23:56:43 GMT
server: AmazonS3
x-amz-request-id: E9E0C1C87C1DBCF8
etag: "4d7595f832e4962b83a9428c3723233b"
access-control-allow-methods: GET,POST
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=486372
accept-ranges: bytes
content-length: 540
x-amz-id-2: yeNHYUPszNIHLChFTjA9SBJdcbg22kvf0JGd9JsVTPj2pDiEBAMC0955Q8C+KyRliacnb0HkIkY=
expires: Tue, 09 Aug 2022 19:48:40 GMT

GET
H2 200 title-arrow-white.svg
resourcesssl.newscdn.com.au/cs/ts2020/assets/images/icons/ 535 B
853 B 400ms
68ms Image
image/svg+xml 23.47.212.205
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://resourcesssl.newscdn.com.au/cs/ts2020/assets/images/icons/title-arrow-white.svg
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.47.212.205 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-47-212-205.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 03e5a0363db4c88e26d041592531853130bef1d37948d99988a18f11bf77779f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Thu, 04 Aug 2022 04:42:28 GMT
last-modified: Thu, 17 Sep 2020 00:28:25 GMT
server: AmazonS3
x-amz-request-id: 6TDW9GEQ3J3PAHFY
etag: "b0f5ec7455ded53e84de4fee006a5110"
access-control-allow-methods: GET,POST
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=490460
accept-ranges: bytes
content-length: 535
x-amz-id-2: mdTPqSRLhKFGe0mc4rwgmD3DLtgNhWhpgJVjuRX5zsDKQ03s4A0lLg1fbSvrYu1QbE1TqBabs/4=
expires: Tue, 09 Aug 2022 20:56:48 GMT

GET
H2 200 source-sans-pro-regular.woff2
resourcesssl.newscdn.com.au/cs/ts2020/assets/fonts/ 16 KB
16 KB 394ms
62ms Font
binary/octet-stream 23.47.212.205
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://resourcesssl.newscdn.com.au/cs/ts2020/assets/fonts/source-sans-pro-regular.woff2
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.47.212.205 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-47-212-205.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: a9950fa5ca9cf47072770900d259bcf6778aa1119652d2e706d5eb92df254199

Request headers

Referer: https://www.heraldsun.com.au/
Origin: https://www.heraldsun.com.au
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

unused62: 8096267
date: Thu, 04 Aug 2022 04:42:28 GMT
last-modified: Tue, 01 Sep 2020 04:31:33 GMT
server: AmazonS3
x-amz-request-id: 4914338122526F79
etag: "899c8f78ce650d4009d42443897aa723"
access-control-allow-methods: GET,POST
content-type: binary/octet-stream
access-control-allow-origin: *
cache-control: max-age=126389
accept-ranges: bytes
content-length: 16112
x-amz-id-2: R3+5aJyoi3XqxFHkAsp+YePjDSpRw259hCvQ8xHTD0G+8OwGQBX57QfXpgnl0h5SQubihgQVwwc=
expires: Fri, 05 Aug 2022 15:48:57 GMT

GET
H2 200 source-sans-pro-600.woff2
resourcesssl.newscdn.com.au/cs/ts2020/assets/fonts/ 16 KB
16 KB 452ms
120ms Font
binary/octet-stream 23.47.212.205
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://resourcesssl.newscdn.com.au/cs/ts2020/assets/fonts/source-sans-pro-600.woff2
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.47.212.205 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-47-212-205.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: efb3cdc5e4582fd67dffab6fc6e5062074ce3f8c51747346af944e97749dc309

Request headers

Referer: https://www.heraldsun.com.au/
Origin: https://www.heraldsun.com.au
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Thu, 04 Aug 2022 04:42:28 GMT
last-modified: Tue, 22 Sep 2020 06:30:09 GMT
server: AmazonS3
x-amz-request-id: E20BDF5E52A4CEF6
etag: "c85615b296302af51e683eecb5e371d4"
access-control-allow-methods: GET,POST
content-type: binary/octet-stream
access-control-allow-origin: *
cache-control: max-age=76503
accept-ranges: bytes
content-length: 15948
x-amz-id-2: DMtZFAAWbSF+vftZXyvIN7Q/PKUECURFx38/wDolxBRfPBgiUVM6eQ99V6aU9YNrMtxWvHQu9QI=
expires: Fri, 05 Aug 2022 01:57:31 GMT

GET
H2 200 amp-story-player-v0.css
cdn.ampproject.org/ 1 KB
2 KB 322ms
78ms Stylesheet
text/css 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/amp-story-player-v0.css?ver=v0

Requested by

Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e5e2ca77a43ecfab315c2404e0c40c56453692fe70fc9205cb46fc06556ef834

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 433
x-xss-protection: 0
server: sffe
date: Thu, 04 Aug 2022 04:42:28 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: private, max-age=3000, stale-while-revalidate=1206600
etag: "934344e5d8b964b3"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 04 Aug 2022 04:42:28 GMT

GET
H2 200 / Show response
www.heraldsun.com.au/_static/ 98 KB
99 KB 718ms
717ms Script
application/javascript 92.123.36.246
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.heraldsun.com.au/_static/??-eJzTLy/QzcxLzilNSS3WzwKiwtLUokoopZebmaeXVayjj0+Rbm5melFiSSpUsX2uraGZqYWFkbmphXEWAK/GIi0=

Requested by

Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

92.123.36.246 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-36-246.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

75839e3ea0cd949a33dc21dd8b0931f396829fea8e0e3148b576b1228f40e469

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
X-Content-Security-Policy	block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Thu, 04 Aug 2022 04:42:28 GMT
x-content-security-policy: block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://www.heraldsun.com.au/csp-reports
is-https: true
x-opw: 4
content-length: 100749
x-rq: sin1 0 2 9980
last-modified: Tue, 26 Jul 2022 09:26:23 GMT
server: nginx
vary: User-Agent
content-type: application/javascript
cache-control: max-age=1
content-security-policy: block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
accept-ranges: bytes
x-webkit-csp: block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
expires: Thu, 04 Aug 2022 04:42:29 GMT

GET
H2 200 adblock.js Show response
tags.news.com.au/prod/adblock/ 102 B
345 B 31ms
30ms Script
application/x-javascript 2.18.233.169
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.news.com.au/prod/adblock/adblock.js
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.169 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-169.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: ce227a433689c18ee8ee40b39f9998aba7e64d917be1f263bdfc39c134bc6556

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Thu, 04 Aug 2022 04:42:27 GMT
cache-control: max-age=54786
server: AkamaiNetStorage
content-type: application/x-javascript
etag: "bebf5f8dc74222b04669a0854d13b696:1634099175.124073"
content-length: 102
p3p: CP="News Ltd does not have a P3P policy. You can view our Privacy Policy at http://www.newscorpaustraliaprivacy.com"

GET
H2 200 load.js Show response
widget.perfectmarket.com/newscorpau-aud-heraldsun/ 3 KB
2 KB 343ms
193ms Script
application/javascript 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://widget.perfectmarket.com/newscorpau-aud-heraldsun/load.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/newscorpau-aud-heraldsun/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c6b30be9e2ecab19294bbf313c1b95df4ef35c8299bbabfd6e4ec67d95a12376

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-version-id: 7clDTlv1b9nqXkJZmi.ciVRIswky16L3
content-encoding: gzip
etag: "1a868d280f9424f5d82876d6cf0c46b9"
age: 178
x-cache: HIT, HIT
content-length: 1123
x-amz-id-2: 9QbpSpBLoOCOAYxTfkzaIqKVdiRpxwhQsiSlrIM5q1TFk0VhooHLIP8ahAFYA8o1BcHaYtUZNyY=
x-served-by: cache-sna10744-LGB, cache-hhn4039-HHN
last-modified: Tue, 07 Apr 2020 10:39:09 GMT
server: AmazonS3
x-timer: S1659588148.346460,VS0,VE141
date: Thu, 04 Aug 2022 04:42:28 GMT
vary: Accept-Encoding,,
x-amz-request-id: NVTE84TH5VRCWWR1
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=300
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
x-cache-hits: 1, 1

GET
H2 200 impl.20220803-10-RELEASE.js Show response
cdn.taboola.com/libtrc/ 677 KB
140 KB 40ms
39ms Script
application/javascript 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/impl.20220803-10-RELEASE.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/newscorpau-aud-heraldsun/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3-br /
Resource Hash: 2403e64188eb03ebfd687ac0f69082c6ef0db4104c3a7cfab9a1767b5e017231

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-version-id: vMtXGiETXMR9xxvApp6XY8VtXCekrt8W
content-encoding: br
etag: "4db0d9058e013cc246a9d0e272e68f8b"
age: 14148
x-cache: HIT
content-length: 143231
x-amz-id-2: GGdIERjGzcbI3GgpCvTRvmK8LWuSIdBNjzRom1VCD/Xbd1rPgFnegkLqC+ZPWuczdo8omy04+b0=
x-served-by: cache-hhn4075-HHN
last-modified: Wed, 03 Aug 2022 08:38:53 GMT
server: AmazonS3-br
x-timer: S1659588148.196702,VS0,VE0
date: Thu, 04 Aug 2022 04:42:28 GMT
vary: Accept-Encoding
x-amz-request-id: DSHNV5FHK98C1G60
via: 1.1 varnish
cache-control: private,max-age=31536000
accept-ranges: bytes
content-type: application/javascript
abp: 62
x-cache-hits: 2984

GET
H2 200 beacon.js Show response
sb.scorecardresearch.com/ 4 KB
2 KB 200ms
38ms Script
application/javascript 13.32.121.17
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sb.scorecardresearch.com/beacon.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/newscorpau-aud-heraldsun/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.17 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-17.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ee54b51af15f1f68f707da981f3c135c249a25e9293871e1e0cbd2c24c7b6117

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 06:31:03 GMT
content-encoding: gzip
etag: W/"eaf85c1c6758e84acfe134efd70e9373"
last-modified: Tue, 28 Jun 2022 13:19:23 GMT
server: AmazonS3
age: 79888
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 bf791e1829ff18782cd9837fbba03616.cloudfront.net (CloudFront)
cache-control: max-age=86400
x-amz-cf-pop: FRA60-P1
x-amz-cf-id: rPIcK5wRLyIiXn8ubS1dn6uo9ckYQoxj4mPC0xUrRbYn6Y9WyU_aog==

GET
H2 200 all.css
use.fontawesome.com/releases/v5.6.3/css/ 52 KB
12 KB 155ms
78ms Stylesheet
text/css 2606:4700:3032::ac43:a9f7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.6.3/css/all.css
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/newscorpau-aud-heraldsun/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:a9f7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 481a0574246e281316ffa0e15399bf5388bb81ae550ce0401a0353b6bb2d1e5a

Request headers

Referer: https://www.heraldsun.com.au/
Origin: https://www.heraldsun.com.au
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Thu, 04 Aug 2022 04:42:28 GMT
content-encoding: br
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 13526819
access-control-allow-methods: GET
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 3RBXR5V6CKT2222P
x-amz-id-2: B+jrfQYU1/J+zz3lQ4lSgLuxDto+ZTMomzr2aMKyNIRyI1LVItBQzqwU5SP0gql5o7M4By7ml9o=
last-modified: Wed, 30 Jun 2021 15:44:33 GMT
server: cloudflare
etag: W/"dc93d584e41f8417f6b7163320d34329"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B8yvahlJBIAPI9MN1jTBFLyqyYMO%2Fk3uH4V3YlBJM9utbjqlu5D5PQHb9gxfWrlc1P%2BJ3dviJXmOXjU%2F7eHGpuX3Ef3jWXqMUAlGeNBwUdR0N16OkAZmCLfsZW2GrkFLcNPGChCzwlBPdyYohJgLLjvM"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556926
cf-ray: 7354a067fd8c9c01-FRA

GET
H2 204 b
sb.scorecardresearch.com/ 0
190 B 31ms
31ms Image
text/plain 13.32.121.17
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/b?c1=7&c2=34354936&c3=1&cs_it=b3&cv=3.8.0.210223&ns__t=1659588148410&ns_c=UTF-8&c7=https%3A%2F%2Fwww.heraldsun.com.au%2Fnews%2Fvictoria%2Fmelbourne-metro-project-rocked-by-bribery-racism-allegations&c8=Melbourne%20metro%20project%20rocked%20by%20bribery%20racism%20allegations%20%7C%20Herald%20Sun&c9=
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.17 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-17.fra60.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Thu, 04 Aug 2022 04:42:28 GMT
via: 1.1 bf791e1829ff18782cd9837fbba03616.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P1
x-amz-cf-id: neuA5gQXEkt8NQo4cyA32eOzY4YVFSEy4rNRpbBtAuVWuMu_FkNoPg==
x-cache: Miss from cloudfront

GET
H2 200 pmk-202003261.4.js Show response
widget.perfectmarket.com/newscorpau-aud-heraldsun/ 111 KB
30 KB 45ms
44ms Script
application/javascript 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://widget.perfectmarket.com/newscorpau-aud-heraldsun/pmk-202003261.4.js
Requested by: Host: widget.perfectmarket.com
URL: https://widget.perfectmarket.com/newscorpau-aud-heraldsun/load.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f6f9b28ce46bc46d6dc12b7a3e09437e46b159144cf7ea835cfd4702cad05ad8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-version-id: vvUnpxiCp2d1vGKAsSzC893juA9_vk_J
content-encoding: gzip
etag: "b7fcedf037c57085d364b689ca46f32e"
age: 2564004
x-cache: HIT, HIT
content-length: 30954
x-amz-id-2: oXRkyDgBSQiV5JVKU5eTnu2044t2ABQ4wgnzrH96GTRBXb53StswkIC6/W1fnNJ4zFE9MAtH0tE=
x-served-by: cache-lax10668-LGB, cache-hhn4039-HHN
last-modified: Tue, 07 Apr 2020 10:39:09 GMT
server: AmazonS3
x-timer: S1659588149.541413,VS0,VE1
date: Thu, 04 Aug 2022 04:42:28 GMT
vary: Accept-Encoding,,
x-amz-request-id: BGP0P9WG9KYCP4WB
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=31536000
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
x-cache-hits: 2, 1

GET
H2 200 v2xidAbl27_bbGoUgH9vkj5iV54PlV0QELR1sl88mnfEo97R4u9tcdK4 Show response
bedsberry.com/ 91 KB
27 KB 466ms
230ms Script
text/javascript 2600:1901:0:b14d::1
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bedsberry.com/v2xidAbl27_bbGoUgH9vkj5iV54PlV0QELR1sl88mnfEo97R4u9tcdK4

Requested by

Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1901:0:b14d::1 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Resource Hash

847d6d5bd2d7093e1ca3087ce1372ab31e6b379c98627aeacbac05b4f4a33b7c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; preload
content-encoding: br
x-datacenter: gce-europe-west1
etag: "6f1b0caa6fe135de7978dcd8e9a9045d56c334e40f9636fb9817a88abd03a65e"
x-buildname: hoothoot
vary: Accept-Encoding, Accept-Language
x-hostname: fen-hoothoot-europe-west1-spot-d6q6
content-type: text/javascript; charset=utf-8
via: 1.1 google
cache-control: private, must-revalidate, max-age=21600
date: Thu, 04 Aug 2022 04:42:29 GMT
x-buildnumber: 600550791
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2 200 json Show response
trc.taboola.com/newscorpau-aud-heraldsun/trc/3/ 62 KB
18 KB 241ms
195ms XHR
application/javascript 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.taboola.com/newscorpau-aud-heraldsun/trc/3/json?tim=04%3A42%3A28.692&lti=deflated&data=%7B%22id%22%3A0%2C%22ii%22%3A%22%2Fnews%2Fvictoria%2Fmelbourne-metro-project-rocked-by-bribery-racism-allegations%22%2C%22it%22%3A%22category%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22uifp%22%3Anull%2C%22lbt%22%3A1659518239107%2C%22vi%22%3A1659588148684%2C%22cv%22%3A%2220220803-10-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fwww.heraldsun.com.au%2Fnews%2Fvictoria%2Fmelbourne-metro-project-rocked-by-bribery-racism-allegations%22%2C%22ul%22%3A%5B%22en-US%22%2C%22en%22%5D%2C%22btv%22%3A%220%22%2C%22cos%22%3A%224g%22%2C%22bu%22%3A%22https%3A%2F%2Fwww.heraldsun.com.au%2Fnews%2Fvictoria%2Fmelbourne-metro-project-rocked-by-bribery-racism-allegations%22%2C%22vpi%22%3A%22%2Fnews%2Fvictoria%2Fmelbourne-metro-project-rocked-by-bribery-racism-allegations%22%2C%22e%22%3A%22https%3A%2F%2Fwww.heraldsun.com.au%2Fnews%2Fvictoria%2Fmelbourne-metro-project-rocked-by-bribery-racism-allegations%22%2C%22bad%22%3A-1%2C%22sw%22%3A1600%2C%22sh%22%3A1200%2C%22bw%22%3A1600%2C%22sde%22%3A%221.000%22%2C%22bh%22%3A1200%2C%22dw%22%3A1600%2C%22dh%22%3A2479%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-c2m%22%2C%22s%22%3A6%2C%22uim%22%3A%22alternating-thumbnails-a%3Aabp%3D0%22%2C%22uip%22%3A%22Below%20Page%20Thumbnails%22%2C%22orig_uip%22%3A%22Below%20Page%20Thumbnails%22%2C%22cd%22%3A1710.5%2C%22mw%22%3A1248%7D%5D%2C%22cacheKey%22%3A%22category%3D%2Fnews%2Fvictoria%2Fmelbourne-metro-project-rocked-by-bribery-racism-allegations%2CBelow%20Page%20Thumbnails%3Dalternating-thumbnails-a%3Aabp%3D0%22%2C%22cb%22%3A%22TRC.callbacks.recommendations_1%22%2C%22lt%22%3A%22deflated%22%7D&llvl=2
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20220803-10-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 80833acc1b2e975713e1e34b5d3ce6e6f8d218022620d815d6196f775139e45e

Request headers

Referer: https://www.heraldsun.com.au/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

x-vcl-time-ms: 153
date: Thu, 04 Aug 2022 04:42:28 GMT
content-encoding: gzip
server: nginx
x-timer: S1659588149.741977,VS0,VE153
x-served-by: cache-hhn4075-HHN
vary: Accept-Encoding
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://www.heraldsun.com.au
access-control-allow-credentials: true
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
via: 1.1 varnish
x-cache-hits: 0

GET
H2 200 css-metro-desktop-lazy.css
www.heraldsun.com.au/wp-content/themes/newscorpau-news-dna/dist/stylesheets/ 55 B
763 B 79ms
77ms Stylesheet
text/css 92.123.36.246
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.heraldsun.com.au/wp-content/themes/newscorpau-news-dna/dist/stylesheets/css-metro-desktop-lazy.css?v=21

Requested by

Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/wp-content/themes/newscorpau-news-dna/dist/javascripts/js-critical-desktop.js?v=21

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

92.123.36.246 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-36-246.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

5de6739e9847c4f4d179a4b69eab45a9d7d893472a354ac7a3d477fc8c0be048

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
X-Content-Security-Policy	block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Thu, 04 Aug 2022 04:42:28 GMT
content-encoding: gzip
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://www.heraldsun.com.au/csp-reports
is-https: true
x-opw: 4
content-length: 74
x-rq: sin2 0 2 9980
last-modified: Wed, 27 Jul 2022 07:59:29 GMT
server: nginx
etag: "62e0f061-37"
vary: User-Agent
content-type: text/css
expires: Thu, 04 Aug 2022 04:43:15 GMT
cache-control: max-age=47
content-security-policy: block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
accept-ranges: bytes
x-webkit-csp: block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
x-content-security-policy: block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;

GET
H2 200 utag.js Show response
tags.tiqcdn.com/utag/newsltd/hwt/prod/ 74 KB
20 KB 415ms
62ms Script
application/x-javascript 23.47.212.221
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/newsltd/hwt/prod/utag.js
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/wp-content/themes/newscorpau-news-dna/dist/javascripts/js-critical-desktop.js?v=21
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.47.212.221 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-47-212-221.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 9a260409c86cabba5585068608a374b1fbe88d744d311596e79c0beab1939633

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Thu, 04 Aug 2022 04:42:29 GMT
content-encoding: gzip
last-modified: Thu, 21 Jul 2022 05:50:59 GMT
server: AkamaiNetStorage
etag: "eb1a971b1106d30c78dfddef57c89041:1658382658.992769"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=300
accept-ranges: bytes
content-length: 19741
expires: Thu, 04 Aug 2022 04:47:29 GMT

GET
H2 200 indies-loader.js Show response
ts2020-indies-client.web.app/ 7 KB
3 KB 240ms
46ms Script
text/javascript 2620:0:890::100
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://ts2020-indies-client.web.app/indies-loader.js

Requested by

Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/wp-content/themes/newscorpau-news-dna/dist/javascripts/js-critical-desktop.js?v=21

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:0:890::100 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

375eb1402faeaba7978d6f984b0e89473fa190562c591b7097c2b782645123e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
last-modified: Wed, 29 Jun 2022 04:00:25 GMT
x-timer: S1659588149.896148,VS0,VE0
etag: "5ba2861ce9ae9d8b6d1e23b21ee04a45a7bb0716b2c6e39acabd1aa379b57322-br"
x-served-by: cache-hhn4068-HHN
vary: x-fh-requested-host, accept-encoding
x-cache: HIT
content-type: text/javascript; charset=utf-8
cache-control: max-age=3600
date: Thu, 04 Aug 2022 04:42:28 GMT
accept-ranges: bytes
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 2326
x-cache-hits: 62

GET
H2 200 js-metro-desktop-lazy.js Show response
www.heraldsun.com.au/wp-content/themes/newscorpau-news-dna/dist/javascripts/ 77 KB
23 KB 321ms
320ms Script
application/javascript 92.123.36.246
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.heraldsun.com.au/wp-content/themes/newscorpau-news-dna/dist/javascripts/js-metro-desktop-lazy.js?v=21

Requested by

Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/wp-content/themes/newscorpau-news-dna/dist/javascripts/js-critical-desktop.js?v=21

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

92.123.36.246 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-36-246.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

2ea686a08efedbca084fc6263963bded22c10de9eb0e30e3c5527110eb3db5b4

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
X-Content-Security-Policy	block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Thu, 04 Aug 2022 04:42:28 GMT
content-encoding: gzip
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://www.heraldsun.com.au/csp-reports
is-https: true
x-opw: 4
content-length: 22769
x-rq: sin1 0 2 9980
last-modified: Mon, 01 Aug 2022 00:26:04 GMT
server: nginx
etag: W/"62e71d9c-132f5"
vary: User-Agent
content-type: application/javascript
expires: Thu, 04 Aug 2022 04:42:29 GMT
cache-control: max-age=1
content-security-policy: block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
accept-ranges: bytes
x-webkit-csp: block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
x-content-security-policy: block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;

GET
H2 200 js-weather.js Show response
www.heraldsun.com.au/wp-content/themes/newscorpau-news-dna/dist/javascripts/ 6 KB
3 KB 431ms
430ms Script
application/javascript 92.123.36.246
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.heraldsun.com.au/wp-content/themes/newscorpau-news-dna/dist/javascripts/js-weather.js?v=21

Requested by

Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/wp-content/themes/newscorpau-news-dna/dist/javascripts/js-critical-desktop.js?v=21

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

92.123.36.246 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-36-246.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

811cf25ea0dc00bb1f971ca522518a04551f49c5e2786a9c244cebd8760ce77c

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
X-Content-Security-Policy	block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Thu, 04 Aug 2022 04:42:29 GMT
content-encoding: gzip
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://www.heraldsun.com.au/csp-reports
is-https: true
x-opw: 4
content-length: 2149
x-rq: sin2 0 2 9980
last-modified: Wed, 27 Jul 2022 07:59:28 GMT
server: nginx
etag: W/"62e0f060-1973"
vary: User-Agent
content-type: application/javascript
expires: Thu, 04 Aug 2022 04:42:59 GMT
cache-control: max-age=30
content-security-policy: block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
accept-ranges: bytes
x-webkit-csp: block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
x-content-security-policy: block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;

GET
DATA 200
OK truncated
/ 9 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 63b693778274923011281f0c339ac4116f8a31b9d186d0657849380cd5bd34b7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 157 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 80d54533f80e8233621f965ae0a7713928bdb4d491ed0eb5e90434550f1894cb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 campaigns Show response
resourcesssl.newscdn.com.au/indies/ 46 B
518 B 275ms
274ms XHR
application/json 23.47.212.205
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://resourcesssl.newscdn.com.au/indies/campaigns?query={getCampaignsBySiteAndPageType(userType:%22anonymous%22,pageType:%22page-not-found%22,site:%22heraldsun.com.au%22,section:%22/page-not-found%22,device:%22desktop%22){indieId,indieName,selectedIndie,jiraTicketNumber,isOnHold,isAllowed,hideBreachMessage,startDate,endDate,locations{id,site,device,cusVars,include,exclude,pageType,pageInjectType},source{css,html,js}}}

Requested by

Host: ts2020-indies-client.web.app
URL: https://ts2020-indies-client.web.app/indies-loader.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.47.212.205 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-47-212-205.deploy.static.akamaitechnologies.com

Software

Google Frontend / Express

Resource Hash

5ba313b7fa9dd06ba89db2a1f6c6642375203f081bf64563d8571e0ef07a0739

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Referer: https://www.heraldsun.com.au/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: application/json

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: gzip
etag: W/"2e-plev5r3ULIxi7VsUGbEefPcqbKs"
x-powered-by: Express
date: Thu, 04 Aug 2022 04:42:29 GMT
x-cache-hits: 0
content-length: 66
x-served-by: cache-lin2290025-LIN
server: Google Frontend
x-timer: S1659588149.243899,VS0,VE189
x-i: true
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-cloud-trace-context: e6d6fdf9d6b5fe1203b1e97a43f776ff
cache-control: private, max-age=1742
function-execution-id: kqa9onvqrg85
accept-ranges: bytes
x-orig-accept-language: de-DE,de;q=0.9
x-country-code: IT
expires: Thu, 04 Aug 2022 05:11:31 GMT

GET
H2 200 UnitFeedManagerDesktop.min.js Show response
vidstat.taboola.com/lite-unit/3.8.6/ 101 KB
29 KB 57ms
56ms Script
application/javascript 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vidstat.taboola.com/lite-unit/3.8.6/UnitFeedManagerDesktop.min.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20220803-10-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ec80f35488c24c555b7493d28164a9dcc34e976d5b1461e755684e35242dff58

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Thu, 04 Aug 2022 04:42:28 GMT
via: 1.1 bb3ac1595bb014e3b09608a0358d33da.cloudfront.net (CloudFront), 1.1 varnish
age: 839359
x-cache: Hit from cloudfront, HIT
content-encoding: gzip
content-length: 29631
x-served-by: cache-hhn4075-HHN
last-modified: Tue, 28 Jun 2022 09:03:30 GMT
server: AmazonS3
x-timer: S1659588149.955014,VS0,VE0
etag: "c97abc7f3c30f1d114b5a7f59cd4ae68"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=2592000
x-amz-cf-pop: FRA56-P4
accept-ranges: bytes
access-control-allow-headers: *
x-amz-cf-id: GxHk0L5Ii9vbHNmWPUQLEjyq4mnbBXDVISwIILy8iw-ffw1WebFC0g==
x-cache-hits: 22465

GET
H2 200 feed-card-placeholder.20220803-10-RELEASE.es6.js Show response
cdn.taboola.com/libtrc/ 5 KB
2 KB 61ms
60ms Script
application/javascript 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/feed-card-placeholder.20220803-10-RELEASE.es6.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/newscorpau-aud-heraldsun/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d38c3078ab1f5658fb6d96371d2c9ea70724d363da8d17fe677228ad1e97d6ac

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-version-id: cjCzM5yCZrtNALFbvg51dYnVC16xiduQ
content-encoding: gzip
etag: "df47dbd49be886dbb7f1ca41f38bc8ef"
age: 46
x-cache: HIT
x-amz-replication-status: PENDING
content-length: 1263
x-amz-id-2: 4d+Z2Xnr5+cSp64AnXrr4RXv4UKhMoK1HRQkBzk/vV3IFMb/wsrTZoY9xYsDURn0kQ+2e5N2rnUesmREX1qRPQ==
x-served-by: cache-hhn4075-HHN
last-modified: Wed, 03 Aug 2022 09:09:06 GMT
server: AmazonS3
x-timer: S1659588149.956538,VS0,VE0
date: Thu, 04 Aug 2022 04:42:28 GMT
vary: Accept-Encoding
x-amz-request-id: NDWWP4PBMMBR9NPR
via: 1.1 varnish
cache-control: private,max-age=14400
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
abp: 62
x-cache-hits: 18

GET
H2 200 userx.20220803-10-RELEASE.es6.js Show response
cdn.taboola.com/libtrc/ 17 KB
6 KB 54ms
53ms Script
application/javascript 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/userx.20220803-10-RELEASE.es6.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/newscorpau-aud-heraldsun/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2adde6ff85af215edf87bd7c9d3110c759f4100bbe2eb763fc65571ed98f1d75

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-version-id: BiZh0KSWL8fGGAvO22vWkOJedVkRbxSL
content-encoding: gzip
etag: "30ab61ef2a55f53e97a5e9e5682e30e3"
age: 41
x-cache: HIT
x-amz-replication-status: PENDING
content-length: 5398
x-amz-id-2: enxJxkfRg4JRKm408dR6um+7cQDq1C1HGeKCBt/rFHS1NEXY0miqv97IPkpcMJJM/CMH+ZCUPFc=
x-served-by: cache-hhn4075-HHN
last-modified: Wed, 03 Aug 2022 09:12:00 GMT
server: AmazonS3
x-timer: S1659588149.966834,VS0,VE0
date: Thu, 04 Aug 2022 04:42:28 GMT
vary: Accept-Encoding
x-amz-request-id: PPEAJKNN71E8TF2G
via: 1.1 varnish
cache-control: private,max-age=14400
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
abp: 62
x-cache-hits: 6

GET
H2 204 debug
am-trc-events.taboola.com/newscorpau-aud-heraldsun/log/2/ 0
90 B 443ms
91ms Image
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://am-trc-events.taboola.com/newscorpau-aud-heraldsun/log/2/debug?tim=04%3A42%3A28.957&type=error&msg=Exit%20TRCRBox.loadScriptCallback(retry%3D0)%3A%20no%20items%20in%20response%20-%20thumbs-feed-01&llvl=2&id=6546&cv=20220803-10-RELEASE&lt=deflated&pct=1
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Thu, 04 Aug 2022 04:42:29 GMT
access-control-allow-credentials: true
server: nginx
x-fastly-to-nlb-rtt: 130071

GET
H2 204 debug
am-trc-events.taboola.com/newscorpau-aud-heraldsun/log/2/ 0
89 B 443ms
91ms Image
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://am-trc-events.taboola.com/newscorpau-aud-heraldsun/log/2/debug?tim=04%3A42%3A28.958&type=error&msg=Exit%20TRCRBox.loadScriptCallback(retry%3D0)%3A%20no%20items%20in%20response%20-%20organic-thumbs-feed-01&llvl=2&id=2708&cv=20220803-10-RELEASE&lt=deflated&pct=1
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Thu, 04 Aug 2022 04:42:29 GMT
access-control-allow-credentials: true
server: nginx
x-fastly-to-nlb-rtt: 130071

GET
H2 200 f89e1763-220d-4e09-ba69-9e040548fb7a.svg
cdn.taboola.com/static/f8/ 4 KB
2 KB 53ms
53ms Image
image/svg+xml 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.taboola.com/static/f8/f89e1763-220d-4e09-ba69-9e040548fb7a.svg
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 39b076e4bb4fab9b8a142499cf6155f8c128464974691a04de7e764f71b72618

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-version-id: cMrDKn.emLmm9kiiOOF64ulDT4DRy6LK
content-encoding: gzip
etag: "b8b410e4b18d45aa2f3d9bc09cd335fb"
age: 42
via: 1.1 varnish
x-cache: HIT
x-amz-replication-status: COMPLETED
content-length: 1758
x-amz-id-2: 1KWxLSBTcLhOnbIB3k+XuC+LpNop7puOaMH6xxsZNrRy/lRExDgRp0IBef7EyQzt+HD0LzIsJHE=
x-served-by: cache-hhn4075-HHN
last-modified: Wed, 07 Feb 2018 11:15:52 GMT
server: AmazonS3
x-timer: S1659588149.971858,VS0,VE0
date: Thu, 04 Aug 2022 04:42:28 GMT
vary: Accept-Encoding
access-control-allow-methods: GET
x-amz-request-id: 27BS5W881GS0TBJJ
access-control-allow-origin: *
cache-control: private,max-age=31536000
accept-ranges: bytes
content-type: image/svg+xml
access-control-allow-headers: *
abp: 62
x-cache-hits: 9

GET
H2 200 fa-solid-900.woff2
use.fontawesome.com/releases/v5.6.3/webfonts/ 77 KB
78 KB 61ms
61ms Font
font/woff2 2606:4700:3032::ac43:a9f7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.6.3/webfonts/fa-solid-900.woff2
Requested by: Host: use.fontawesome.com
URL: https://use.fontawesome.com/releases/v5.6.3/css/all.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:a9f7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f419ad7a4477f36ce73c74a23dce784150ca38fa5075a8e06109709cbb716903

Request headers

Referer: https://use.fontawesome.com/releases/v5.6.3/css/all.css
Origin: https://www.heraldsun.com.au
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Thu, 04 Aug 2022 04:42:28 GMT
access-control-allow-methods: GET
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 13507308
cf-ray: 7354a06b187c9c01-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 79100
x-amz-id-2: jWsO5s+Gb0oaaS4Jejiv9OGmu+B4FcM45AQgDuUbbRDE75MK8lQMsUAra3cOIJ9o+L2h/a9URfY=
last-modified: Wed, 30 Jun 2021 15:44:54 GMT
server: cloudflare
etag: "5dc01cfcd5336f696cb85da7ce53fa9b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SgY3miXLMvc5bbw59Pd8liEFhj9%2BsvPUYTvxjJsSpDiHYZEipdOQQjn0B%2FtynaHi0VpnUY0ZlM61gV86ryszVFe%2FqzEawofmiHDARSA%2BQuwYyjT%2Bi5izS3vrnorv7ioNeF8tiRcE3oHB1DbCBXuZgAw2"}],"group":"cf-nel","max_age":604800}
x-amz-request-id: KVHNXTXB3R2KQHRJ
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
content-type: font/woff2

GET
H2 204 social
am-trc-events.taboola.com/newscorpau-aud-heraldsun/log/3/ 0
230 B 426ms
92ms Image
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://am-trc-events.taboola.com/newscorpau-aud-heraldsun/log/3/social?route=AM:AM:V&lti=deflated&ri=22f4284f183b6017c41b7a51cf7ec9c8&sd=v2_904c3e52f7a3a3b2da646fa55b856c82_1f2182cc-3e7a-4d6d-a5b4-5276ab2411d7-tuct9e4d3b4_1659588148_1659588148_CIi3jgYQgPNHGMz7pbmmMCABKAEwODib4wlAiIoQSKW02QNQouwQWABgAGjxwc-fhs3_9X9wAA&ui=1f2182cc-3e7a-4d6d-a5b4-5276ab2411d7-tuct9e4d3b4&pi=/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations&wi=-3179851830095069426&pt=category&vi=1659588148684&st=social-available&d=%7B%22data%22%3A%5B%7B%22i%22%3A%22ctx%22%2C%22ism%22%3Afalse%2C%22srx%22%3A1600%2C%22sry%22%3A1200%2C%22pd%22%3Anull%2C%22tpl%22%3A%22%22%2C%22url%22%3A%22%22%2C%22rref%22%3A%22%22%2C%22sref%22%3A%22_sessionPending_%22%2C%22hdl%22%3A%22Melbourne%20metro%20project%20rocked%20by%20bribery%20racism%20allegations%20%7C%20Herald%20Sun%22%2C%22sec%22%3A%22news%22%2C%22aut%22%3A%5B%5D%2C%22img%22%3A%22%22%2C%22v%22%3A15%2C%22pw%22%3Afalse%7D%5D%7D&tim=04%3A42%3A28.984&id=9921&llvl=2&cv=20220803-10-RELEASE&
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

access-control-allow-origin: *
pragma: no-cache
date: Thu, 04 Aug 2022 04:42:29 GMT
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"

GET
H2 200 json Show response
trc.taboola.com/newscorpau-aud-heraldsun/trc/3/ 10 KB
4 KB 193ms
193ms XHR
application/javascript 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.taboola.com/newscorpau-aud-heraldsun/trc/3/json?tim=04%3A42%3A28.988&route=AM:AM:V&lti=deflated&data=%7B%22id%22%3A729%2C%22ii%22%3A%22%2Fnews%2Fvictoria%2Fmelbourne-metro-project-rocked-by-bribery-racism-allegations%22%2C%22it%22%3A%22category%22%2C%22sd%22%3A%22v2_904c3e52f7a3a3b2da646fa55b856c82_1f2182cc-3e7a-4d6d-a5b4-5276ab2411d7-tuct9e4d3b4_1659588148_1659588148_CIi3jgYQgPNHGMz7pbmmMCABKAEwODib4wlAiIoQSKW02QNQouwQWABgAGjxwc-fhs3_9X9wAA%22%2C%22ui%22%3A%221f2182cc-3e7a-4d6d-a5b4-5276ab2411d7-tuct9e4d3b4%22%2C%22uifp%22%3A%221f2182cc-3e7a-4d6d-a5b4-5276ab2411d7-tuct9e4d3b4%22%2C%22lbt%22%3A1659518239107%2C%22vi%22%3A1659588148684%2C%22cv%22%3A%2220220803-10-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fwww.heraldsun.com.au%2Fnews%2Fvictoria%2Fmelbourne-metro-project-rocked-by-bribery-racism-allegations%22%2C%22ul%22%3A%5B%22en-US%22%2C%22en%22%5D%2C%22btv%22%3A%220%22%2C%22cos%22%3A%224g%22%2C%22plf%22%3A%7B%22stop_tslt%22%3Atrue%7D%2C%22bu%22%3A%22https%3A%2F%2Fwww.heraldsun.com.au%2Fnews%2Fvictoria%2Fmelbourne-metro-project-rocked-by-bribery-racism-allegations%22%2C%22vpi%22%3A%22%2Fnews%2Fvictoria%2Fmelbourne-metro-project-rocked-by-bribery-racism-allegations%22%2C%22e%22%3A%22https%3A%2F%2Fwww.heraldsun.com.au%2Fnews%2Fvictoria%2Fmelbourne-metro-project-rocked-by-bribery-racism-allegations%22%2C%22bad%22%3A-1%2C%22sw%22%3A1600%2C%22sh%22%3A1200%2C%22bw%22%3A1600%2C%22sde%22%3A%221.000%22%2C%22bh%22%3A1200%2C%22dw%22%3A1600%2C%22dh%22%3A3275%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-c2m%22%2C%22s%22%3A6%2C%22uim%22%3A%22alternating-thumbnails-a%3Aabp%3D0%22%2C%22uip%22%3A%22Below%20Page%20Thumbnails%22%2C%22orig_uip%22%3A%22Below%20Page%20Thumbnails%22%2C%22cd%22%3A1713.5%2C%22mw%22%3A1248%2C%22fi%22%3A4%2C%22fb%22%3A2%2C%22fti%22%3A%22newscorpau-aud-heraldsun-newscorpau-aud-newscomau-mobile-feed-action-bucket-1627970022861-2%22%7D%5D%2C%22cacheKey%22%3A%22category%3D%2Fnews%2Fvictoria%2Fmelbourne-metro-project-rocked-by-bribery-racism-allegations%2CBelow%20Page%20Thumbnails%3Dalternating-thumbnails-a%3Aabp%3D0%22%2C%22cb%22%3A%22TRC.callbacks.recommendations_2%22%2C%22lt%22%3A%22deflated%22%7D&llvl=2
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20220803-10-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 29ec44fb9d9b41b871e7c5ab0f86fb505e12d45bc7462f11ac34d9991c420af3

Request headers

Referer: https://www.heraldsun.com.au/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

x-vcl-time-ms: 100
date: Thu, 04 Aug 2022 04:42:29 GMT
content-encoding: gzip
server: nginx
x-timer: S1659588149.991518,VS0,VE100
x-served-by: cache-hhn4075-HHN
vary: Accept-Encoding
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://www.heraldsun.com.au
access-control-allow-credentials: true
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
via: 1.1 varnish
x-cache-hits: 0

GET
H2 200 4e78a62cd09d5c804652fbec2d32a4ea.jpeg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_412%2Cw_740%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 14 KB
14 KB 135ms
53ms Image
image/webp 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_412%2Cw_740%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/4e78a62cd09d5c804652fbec2d32a4ea.jpeg
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e03e40389b0971a03a65c9b916591822ee3182b845471becd926d4e3cecdc84e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-vcl-time-ms: 1
date: Thu, 04 Aug 2022 04:42:29 GMT
via: 1.1 varnish, 1.1 varnish
age: 2835371
edge-cache-tag: 516678765374853989415053149092228209791,344084207907225147675794535276677417900,29ecf9b93bbf306179626feeda1fab70
cache-tag: 516678765374853989415053149092228209791,344084207907225147675794535276677417900,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-ratelimit-remaining: 100
x-envoy-upstream-service-time: 456
x-cache: MISS, MISS, MISS, HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_412%2Cw_740%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/4e78a62cd09d5c804652fbec2d32a4ea.jpeg
content-length: 13994
x-request-id: 49800049509796596165e86b2a86994f
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb202
last-modified: Sat, 04 Jun 2022 05:41:31 GMT
server: nginx
x-timer: S1659588149.076721,VS0,VE1
etag: "8445b5f0f8bd9160ae6b7f0be4a0e296"
x-served-by: cache-iad-kjyo7100050-IAD, cache-iad-kcgs7200147-IAD, cache-sna10722-LGB, cache-iad-kcgs7200096-IAD, cache-hhn4075-HHN
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 0, 0, 1, 1

GET
H2 200 ca7f99fd431ea863505bd0f30e692e31.jpeg
images.taboola.com/taboola/image/fetch/h_412,w_740,c_fill,g_xy_center,x_1790,y_1397/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 52 KB
52 KB 141ms
59ms Image
image/webp 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/h_412,w_740,c_fill,g_xy_center,x_1790,y_1397/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ca7f99fd431ea863505bd0f30e692e31.jpeg
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: cd477bacdd6669148fe7cffeba6f0f904b76c1bcd85816080b8af74843bae523

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-vcl-time-ms: 1
date: Thu, 04 Aug 2022 04:42:29 GMT
via: 1.1 varnish, 1.1 varnish
age: 2580891
edge-cache-tag: 454771573378842108627444759036577361844,351459144555788013716284522600538713219,29ecf9b93bbf306179626feeda1fab70
cache-tag: 454771573378842108627444759036577361844,351459144555788013716284522600538713219,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-ratelimit-remaining: 100
x-envoy-upstream-service-time: 950
x-cache: MISS, MISS, MISS, HIT, HIT
x-debug: /taboola/image/fetch/h_412,w_740,c_fill,g_xy_center,x_1790,y_1397/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ca7f99fd431ea863505bd0f30e692e31.jpeg
content-length: 52884
x-request-id: c21898d76998537f3e7f361354c5a4ba
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb203
last-modified: Thu, 16 Jun 2022 17:40:06 GMT
server: nginx
x-timer: S1659588149.076703,VS0,VE1
etag: "f1ed03e56d4a4c3f3ff4485d2a5b024d"
x-served-by: cache-iad-kjyo7100092-IAD, cache-iad-kiad7000037-IAD, cache-sna10720-LGB, cache-iad-kjyo7100113-IAD, cache-hhn4075-HHN
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 0, 0, 1, 1

GET
H2 200 elderly-woman-44864.jpg%3Fb%3D0%26c%3D0%26width%3D800%26height%3D533%26top%3D208%26left%3D59%26zoom%3D0.82304526754
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_267%2Cw_480%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//www.postfun.com/wp-content/uploads/2021/07/ 27 KB
28 KB 155ms
73ms Image
image/webp 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_267%2Cw_480%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//www.postfun.com/wp-content/uploads/2021/07/elderly-woman-44864.jpg%3Fb%3D0%26c%3D0%26width%3D800%26height%3D533%26top%3D208%26left%3D59%26zoom%3D0.82304526754
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: fd91f90c9575e85db4378cbdceb8cb1141a24d7f0f5f853c0e55d42ed6f3a057

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-vcl-time-ms: 1
date: Thu, 04 Aug 2022 04:42:29 GMT
via: 1.1 varnish, 1.1 varnish
age: 3080623
edge-cache-tag: 300161618750989461230394695023790900825,350619564615369038224034608363896712309,29ecf9b93bbf306179626feeda1fab70
cache-tag: 300161618750989461230394695023790900825,350619564615369038224034608363896712309,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining: 100
x-envoy-upstream-service-time: 231
expiration: expiry-date="Fri, 15 Jul 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: MISS, HIT, MISS, HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_267%2Cw_480%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//www.postfun.com/wp-content/uploads/2021/07/elderly-woman-44864.jpg%3Fb%3D0%26c%3D0%26width%3D800%26height%3D533%26top%3D208%26left%3D59%26zoom%3D0.82304526754
content-length: 27776
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb202
last-modified: Tue, 14 Jun 2022 12:14:03 GMT
server: nginx
x-timer: S1659588149.076690,VS0,VE1
etag: "c510cb86f5254d0d26056a317d01c705"
x-served-by: cache-iad-kiad7000100-IAD, cache-iad-kiad7000085-IAD, cache-sna10727-LGB, cache-iad-kcgs7200091-IAD, cache-hhn4075-HHN
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1, 0, 1, 1

GET
H2 400 boris-becker--arm-in-arm-mit-lilian-de-carvalho-mo-img-1001016-image-0-jpg.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_267%2Cw_480%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//blob.freent.de/image/8408228/460x307/460/307/b0/8838eea2c34435c282a80271250364d8/ft/ 0
0 1574ms
1493ms Image
application/json 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_267%2Cw_480%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//blob.freent.de/image/8408228/460x307/460/307/b0/8838eea2c34435c282a80271250364d8/ft/boris-becker--arm-in-arm-mit-lilian-de-carvalho-mo-img-1001016-image-0-jpg.jpg
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

GET
H2 200 8d327d3fc3bc8dc16e4e1cffbefb7bd6.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_267%2Cw_480%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 16 KB
17 KB 108ms
50ms Image
image/webp 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_267%2Cw_480%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/8d327d3fc3bc8dc16e4e1cffbefb7bd6.jpg
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 735f6164b80ac5b101950537cb3d50eb2f95220857dffc7395b1f179b50b87bd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-vcl-time-ms: 1
date: Thu, 04 Aug 2022 04:42:29 GMT
via: 1.1 varnish, 1.1 varnish
age: 3062825
edge-cache-tag: 343249585548962652879192257622956519820,444014603528429213436794596852223382768,29ecf9b93bbf306179626feeda1fab70
cache-tag: 343249585548962652879192257622956519820,444014603528429213436794596852223382768,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining: 100
x-envoy-upstream-service-time: 33
expiration: expiry-date="Sun, 03 Jul 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: MISS, MISS, HIT, HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_267%2Cw_480%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/8d327d3fc3bc8dc16e4e1cffbefb7bd6.jpg
content-length: 16272
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb804
last-modified: Thu, 02 Jun 2022 18:26:16 GMT
server: nginx
x-timer: S1659588149.076420,VS0,VE1
etag: "f2b9546f5539103261eaa39797036278"
x-served-by: cache-iad-kiad7000075-IAD, cache-iad-kiad7000171-IAD, cache-chi-klot8100152-CHI, cache-iad-kcgs7200133-IAD, cache-hhn4075-HHN
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 0, 1, 1, 1

GET
H2 200 3000 Show response
www.heraldsun.com.au/wp-json/api/weather/ 2 KB
3 KB 391ms
390ms Fetch
application/json 92.123.36.246
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.heraldsun.com.au/wp-json/api/weather/3000

Requested by

Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/wp-content/themes/newscorpau-news-dna/dist/javascripts/js-metro-desktop-lazy.js?v=21

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

92.123.36.246 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-36-246.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

279b436820a07ab86a4c09fe639d3afd1b5d7fdc172371299694cf4f814c686d

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
X-Content-Security-Policy	block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

content-security-policy: block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
x-content-type-options: nosniff
x-content-security-policy: block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://www.heraldsun.com.au/csp-reports
is-https: true
x-opw: 4
vary: User-Agent
content-length: 1701
x-rq: sin1 0 2 9980
server: nginx
date: Thu, 04 Aug 2022 04:42:29 GMT
allow: GET
content-type: application/json; charset=UTF-8
access-control-expose-headers: X-WP-Total, X-WP-TotalPages, Link
cache-control: max-age=45
x-robots-tag: noindex
access-control-allow-headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type
x-webkit-csp: block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
expires: Thu, 04 Aug 2022 04:43:14 GMT

OPTIONS
H2 204 campaigns
resourcesssl.newscdn.com.au/indies/ Frame 0
0 269ms
269ms Preflight
text/html 23.47.212.205
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.47.212.205 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-47-212-205.deploy.static.akamaitechnologies.com

Software

Google Frontend / Express

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://www.heraldsun.com.au
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-headers: content-type
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: *
cache-control: private, max-age=1778
content-type: text/html
date: Thu, 04 Aug 2022 04:42:29 GMT
expires: Thu, 04 Aug 2022 05:12:07 GMT
function-execution-id: keq1463h9v4t
server: Google Frontend
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-cache-hits: 0
x-cloud-trace-context: 701537cb5c0aa48f0a65459d03f1c65c
x-country-code: IT
x-i: true
x-powered-by: Express
x-served-by: cache-lin2290024-LIN
x-timer: S1659588149.961211,VS0,VE160

GET
H2 200 Taboola-Tires-3.jpg%3F1657275471
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_412%2Cw_740%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//s3-eu-west-1.amazonaws.com/infotoss-wizzard/prod/images/000/001/406/ 34 KB
35 KB 66ms
65ms Image
image/webp 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_412%2Cw_740%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//s3-eu-west-1.amazonaws.com/infotoss-wizzard/prod/images/000/001/406/Taboola-Tires-3.jpg%3F1657275471
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: d0d1a0e583e6778d8108e92e6f0900beb02e8f21c3eaf1dc475583e8485eefd1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-vcl-time-ms: 1
date: Thu, 04 Aug 2022 04:42:29 GMT
via: 1.1 varnish, 1.1 varnish
age: 583853
edge-cache-tag: 628987678799627402613303729707332876035,377215341905243169283200138401510287004,29ecf9b93bbf306179626feeda1fab70
cache-tag: 628987678799627402613303729707332876035,377215341905243169283200138401510287004,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-ratelimit-remaining: 100
x-envoy-upstream-service-time: 1109
x-cache: MISS, MISS, MISS, HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_412%2Cw_740%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//s3-eu-west-1.amazonaws.com/infotoss-wizzard/prod/images/000/001/406/Taboola-Tires-3.jpg%3F1657275471
content-length: 35170
x-request-id: 54b4060f88b535ddb6b079aa38d2ee9c
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb804
last-modified: Thu, 28 Jul 2022 09:31:36 GMT
server: nginx
x-timer: S1659588149.206103,VS0,VE1
etag: "a6d918f33f7c834a803d153038412410"
x-served-by: cache-iad-kiad7000118-IAD, cache-iad-kcgs7200065-IAD, cache-lga21925-LGA, cache-iad-kiad7000156-IAD, cache-hhn4075-HHN
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 0, 0, 1, 1

GET
H2 200 fec823934a86825dc6146d76b02ae0bd.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_412%2Cw_740%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 35 KB
36 KB 72ms
71ms Image
image/webp 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_412%2Cw_740%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/fec823934a86825dc6146d76b02ae0bd.jpg
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 3e00a559781a64376faaf2d968c19f409f6c7604391557e796905c37ae0d4e2a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-vcl-time-ms: 1
date: Thu, 04 Aug 2022 04:42:29 GMT
via: 1.1 varnish, 1.1 varnish
age: 4438649
edge-cache-tag: 308835117538848280405679083032238554678,344084207907225147675794535276677417900,29ecf9b93bbf306179626feeda1fab70
cache-tag: 308835117538848280405679083032238554678,344084207907225147675794535276677417900,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-ratelimit-remaining: 100
x-envoy-upstream-service-time: 121
x-cache: MISS, HIT, MISS, HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_412%2Cw_740%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/fec823934a86825dc6146d76b02ae0bd.jpg
content-length: 36214
x-request-id: dfd3f095a7c1ff6a3e17dbdd78d7d30f
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb203
last-modified: Mon, 13 Jun 2022 14:57:02 GMT
server: nginx
x-timer: S1659588149.206348,VS0,VE1
etag: "74191be34fbc99ace914e0ca82ddeb87"
x-served-by: cache-iad-kjyo7100125-IAD, cache-iad-kcgs7200103-IAD, cache-bur-kbur8200086-BUR, cache-iad-kjyo7100174-IAD, cache-hhn4075-HHN
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1, 0, 1, 1

GET
H2 200 0ad41bd3085d8f908ca45a488b5303c4.jpeg
images.taboola.com/taboola/image/fetch/h_267,w_480,c_fill,g_xy_center,x_654,y_578/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 15 KB
15 KB 79ms
79ms Image
image/webp 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/h_267,w_480,c_fill,g_xy_center,x_654,y_578/http%3A//cdn.taboola.com/libtrc/static/thumbnails/0ad41bd3085d8f908ca45a488b5303c4.jpeg
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: f383e739e53afcffd9b21156525608a3d45c9a8597fed3f2a85b4963e6d1fbc0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-vcl-time-ms: 1
date: Thu, 04 Aug 2022 04:42:29 GMT
via: 1.1 varnish, 1.1 varnish
age: 2934768
edge-cache-tag: 311119726166781827802459969786642311226,332939560805812261283581947351960565536,29ecf9b93bbf306179626feeda1fab70
cache-tag: 311119726166781827802459969786642311226,332939560805812261283581947351960565536,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining: 99
x-envoy-upstream-service-time: 47
expiration: expiry-date="Tue, 19 Jul 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: MISS, HIT, MISS, HIT, HIT
x-debug: /taboola/image/fetch/h_267,w_480,c_fill,g_xy_center,x_654,y_578/http%3A//cdn.taboola.com/libtrc/static/thumbnails/0ad41bd3085d8f908ca45a488b5303c4.jpeg
content-length: 14896
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb803
last-modified: Sat, 18 Jun 2022 09:44:50 GMT
server: nginx
x-timer: S1659588149.206650,VS0,VE1
etag: "a215cdeac5dc491c7ea40eabc1bb153a"
x-served-by: cache-iad-kjyo7100054-IAD, cache-iad-kjyo7100051-IAD, cache-chi-klot8100138-CHI, cache-iad-kcgs7200105-IAD, cache-hhn4075-HHN
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1, 0, 1, 1

GET
H2 200 1f6ee5d0ab9fd3aa7b8e85ed3e60d484.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_267%2Cw_480%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 29 KB
30 KB 81ms
81ms Image
image/webp 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_267%2Cw_480%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/1f6ee5d0ab9fd3aa7b8e85ed3e60d484.jpg
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 45a085189ed8431aed7758efff0ec176fa249b4c50213105a9bc6d2a727ccda7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-vcl-time-ms: 1
date: Thu, 04 Aug 2022 04:42:29 GMT
via: 1.1 varnish, 1.1 varnish
age: 3580402
edge-cache-tag: 380308977332491484130259084591651683607,350619564615369038224034608363896712309,29ecf9b93bbf306179626feeda1fab70
cache-tag: 380308977332491484130259084591651683607,350619564615369038224034608363896712309,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining: 100
x-envoy-upstream-service-time: 228
expiration: expiry-date="Fri, 15 Jul 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: MISS, HIT, HIT, HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_267%2Cw_480%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/1f6ee5d0ab9fd3aa7b8e85ed3e60d484.jpg
content-length: 30186
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb201
last-modified: Tue, 14 Jun 2022 10:20:39 GMT
server: nginx
x-timer: S1659588149.207186,VS0,VE1
etag: "720802960a2ec4f31614a2d78d67fa82"
x-served-by: cache-iad-kiad7000110-IAD, cache-iad-kcgs7200155-IAD, cache-bur-kbur8200178-BUR, cache-iad-kcgs7200112-IAD, cache-hhn4075-HHN
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1, 1, 1, 1

GET
H2 200 ferrari-328-gts-10%2Cid%3De58e20c7%2Cb%3Dmaennersache%2Cw%3D1600%2Crm%3Dsk.jpeg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_267%2Cw_480%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//images.maennersache.de/ 40 KB
41 KB 96ms
96ms Image
image/webp 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_267%2Cw_480%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//images.maennersache.de/ferrari-328-gts-10%2Cid%3De58e20c7%2Cb%3Dmaennersache%2Cw%3D1600%2Crm%3Dsk.jpeg
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: cf4f58a00ac11449432c97caa0c1df8a9ffbcfd193e7b2f88eb27b2410e9b65d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-vcl-time-ms: 1
date: Thu, 04 Aug 2022 04:42:29 GMT
via: 1.1 varnish, 1.1 varnish
age: 3426782
edge-cache-tag: 415450347399736024238136127624323141005,444014603528429213436794596852223382768,29ecf9b93bbf306179626feeda1fab70
cache-tag: 415450347399736024238136127624323141005,444014603528429213436794596852223382768,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-ratelimit-remaining: 100
x-envoy-upstream-service-time: 152
x-cache: HIT, HIT, MISS, HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_267%2Cw_480%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//images.maennersache.de/ferrari-328-gts-10%2Cid%3De58e20c7%2Cb%3Dmaennersache%2Cw%3D1600%2Crm%3Dsk.jpeg
content-length: 40726
x-request-id: 869fa6eafe8b2162630935d278ed445e
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb202
last-modified: Wed, 08 Jun 2022 19:52:16 GMT
server: nginx
x-timer: S1659588149.269774,VS0,VE1
etag: "42d06138299e600b93e535b81c4bd3d4"
x-served-by: cache-iad-kcgs7200041-IAD, cache-iad-kcgs7200075-IAD, cache-bur-kbur8200030-BUR, cache-iad-kjyo7100035-IAD, cache-hhn4075-HHN
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1, 0, 1, 1

POST
H2 200 pixel_54acb8e6 Show response
www.heraldsun.com.au/akam/13/ 0
2 KB 932ms
931ms XHR
text/html 92.123.36.246
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.heraldsun.com.au/akam/13/pixel_54acb8e6

Requested by

Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/akam/13/54acb8e6

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

92.123.36.246 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-36-246.deploy.static.akamaitechnologies.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
X-Content-Security-Policy	block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;

Request headers

Referer: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

is-https: true
content-security-policy: block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
x-bpath: OLD
vary: User-Agent
blaizehappened: true
date: Thu, 04 Aug 2022 04:42:30 GMT
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://www.heraldsun.com.au/csp-reports
content-type: text/html
x-webkit-csp: block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
x-arrrg5: /blaize/decision-engine?path=https%3a%2f%2fwww.heraldsun.com.au%2fakam%2f13%2fpixel_54acb8e6&blaizehost=cdn.heraldsun.newscorp.blaize.io&content_id=pixel_54acb8e6&session=bffdbacfe6649b0d1a2b0edf80c408cd
x-arrrg4: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations
x-opw: 4
content-length: 0
x-content-security-policy: block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;

GET
H2 200 skeleton.js Show response
static.adsafeprotected.com/ 17 B
462 B 190ms
33ms Script
application/javascript 2600:9000:21f3:8400:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/skeleton.js
Requested by: Host: bedsberry.com
URL: https://bedsberry.com/v2xidAbl27_bbGoUgH9vkj5iV54PlV0QELR1sl88mnfEo97R4u9tcdK4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:8400:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bdeed1e1c0751610c8f3dc2a5c78c93f841c366b36a7f7a54f5e6752c2656c05

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Fri, 01 Jul 2022 02:01:00 GMT
via: 1.1 e5b93012e2bfb81dc9846f43efd610a6.cloudfront.net (CloudFront)
age: 2947290
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 17
last-modified: Mon, 17 Aug 2020 23:54:35 GMT
server: AmazonS3
etag: "53fab767ecbd3bf07990b10246befbd4"
x-amz-version-id: nylqTweorRThFHMBJSrf_fHcWx3KVKN3
cache-control: max-age=315360000
x-amz-cf-pop: FRA2-C2
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: sKqDVx88QeYm7Hl2IOn2Sj-niPqBel-wowjWropRNcgjCWf1A1CsaQ==

GET
H2 200 st Show response
imprammp.taboola.com/ Frame 272A 742 B
533 B 53ms
52ms Document
text/html 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://imprammp.taboola.com/st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=66361655&crid=-1&dast=V7mGgCFgOqDS9WLz6yIgSqDS9WLz6yIgUAAAAGBvQHG0EjUTYb5oI4GY2Gq9VwMpuMBpvZZLdYDGEjaCTKZsNcECej0XC1Gk5mk9FgM5vsFospcBjLZTKoBRKW2e87CBo-l0FUdL0tdofT7HnDGZpOh891r9f9fnehy_Iwmzyvu13jd9sVrr_c5fv8ZU-P6W95Ovxql9nid13uLrfaZbr83YLL3-rymN6Sv8frMrklzrfE8rS4LM-35OFxet5uhdns8jlMT7_dcwcAAACAh____38IAAAAgAgAAAAACQAAAACKgIp_C4ELAAAAAIz___9_DQAojgL2G-0ufwAAAACAAAAAAJAAFOwVlwBsjPSf_P_________HDNBn3sj8____3xj0ADz4ADwIAQAAfAyVxGgYIWQAtxMVmBYxAgAAAMit3oQ9mtQJlUXV__9_vxXAFQBAgOBZit9Hlu6gxFsYAADAgJip2dwxNhnz1dgCPSx-v9lh1_jdLvv_________N_s_-0cTghJ-TAtiQLFX-wUEAFj7BQQAYBM3AIA3AbiQO0PT6fC57vW63-8udFkeZpPndbdr_G67wvWXu3yfv-zpMf0tT4df7TJb_K7L3eVWu0yXv1tw-VtdHtNb8vd4XSa3xPmWWJ4Wl-X5ljw8Ts_brTCbXT6H6em3e05H0IrBYHUKMZkNNqvdcjiaHQAAAMDd____P56p2dwxNhnzlR5IDkYbz8o1mfkWnoVnYhk5bKPZzOFaTYyr2cY42R7s-u1sMuhuaJ-HsMx-30HQ8LkMoqLrbbE7nGbPQXzQMCwng2B-E7YYrSaTzXI4Wy4mg-FoOBrtbyAGowFOxGC5nEwWk91qtBpthrvRbLBAgRhMkKJFg8lqNJosJsPVaLKaLRe73QYpWrWajTaD4Wo2me12q-FguByNcMIWo9VkslkOZ8vFZDAcDUejIcLEzLIYTjYet2blW7hFI9vIrXBNTGvVZDdbWCyjxWLkW4teH9NzZRp5JqYpQtDtcuqbHmZP5XZ57GsPLgoGoO1FcJFO5C7f5-O3HB6ut8J1cgtdlofZ5HndLWKJ5mSRTmSXfXMw2nhWrsnMt_AsPBPLyGEbzWYO12piXM02xsm-MbMshpONx61Z-RZu0cg2citcE9NaNdnNFhbLaLEY-dai18f0XJlGnolp35itlqvhcDEa7huz1XI1HC5Gw32HyfRMfc5Gz1An8tjU3-Didrs5DAqXweL9SUyLaXd2MJ18R6fLK0wWdUbf9Xv0GhSeg0c1_j5umdHz2TeHzd2DQRFLBKeLdKJxmF4-v-V5EUskT4t0IpnMTJPhaOYYbia2wWK3MS0mvoVrsbH5Vh7nxjgRS5Smi3Sil7t8n7_s6TH9LU-HX-0yW_yuy93lVrtMl79bcPlbXR7TW_L3eF0mt8T5llieFpfl-ZY8PE7P260wm10-h-npt3su6j8-xHA1lyw2c8VqNVfsZqsEAAAAAAAAALCEOfMmAAAAAKfBrJab2WqdB7HbDWfD1XIBIvIBdX96WfJ4teBsihs_xnCX7_PxWw4P11vhOrmFLsvDbPK87lYGiLhnZd78mSDWarWsAQAABLABAAACuHXzFnBexf_____HAQAAyMjRAwAA0O8DMeGNO-KMIwI!&cmcv=&pix=undefined&cb=1659588149323&uv=3210&tms=1659588149323&abt=adh5c-1_vA!inc_all_video_vA!Noappq22_vB!spa2_vA!ttdfpc_vC!ufm&ft=0&unm=FEED_MANAGER&aure=false&agl=1&cirid=AFD23C9A8244855826240362711&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1
Requested by: Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/lite-unit/3.8.6/UnitFeedManagerDesktop.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 878a2c6c7257a40f4bd4a98b8e865f1307fadd09a359b067f19049d6f096a4c3

Request headers

Referer: https://www.heraldsun.com.au/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
content-encoding: gzip
content-type: text/html;charset=ISO-8859-1
date: Thu, 04 Aug 2022 04:42:29 GMT
server: nginx
vary: Accept-Encoding
via: 1.1 varnish
x-cache: MISS
x-cache-hits: 0
x-served-by: cache-hhn4075-HHN
x-timer: S1659588149.328608,VS0,VE11

GET
H2 200 st
am-vid-events.taboola.com/ 0
43 B 167ms
95ms Image
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://am-vid-events.taboola.com/st?cijs=convusmp&ttype=45&cisd=convusmp&cipid=66361655&crid=-1&dast=V7mGgCFgOqDS9WLz6yIgSqDS9WLz6yIgUAAAAGBvQHG0EjUTYb5oI4GY2Gq9VwMpuMBpvZZLdYDGEjaCTKZsNcECej0XC1Gk5mk9FgM5vsFospcBjLZTKoBRKW2e87CBo-l0FUdL0tdofT7HnDGZpOh891r9f9fnehy_Iwmzyvu13jd9sVrr_c5fv8ZU-P6W95Ovxql9nid13uLrfaZbr83YLL3-rymN6Sv8frMrklzrfE8rS4LM-35OFxet5uhdns8jlMT7_dcwcAAACAh____38IAAAAgAgAAAAACQAAAACKgIp_C4ELAAAAAIz___9_DQAojgL2G-0ufwAAAACAAAAAAJAAFOwVlwBsjPSf_P_________HDNBn3sj8____3xj0ADz4ADwIAQAAfAyVxGgYIWQAtxMVmBYxAgAAAMit3oQ9mtQJlUXV__9_vxXAFQBAgOBZit9Hlu6gxFsYAADAgJip2dwxNhnz1dgCPSx-v9lh1_jdLvv_________N_s_-0cTghJ-TAtiQLFX-wUEAFj7BQQAYBM3AIA3AbiQO0PT6fC57vW63-8udFkeZpPndbdr_G67wvWXu3yfv-zpMf0tT4df7TJb_K7L3eVWu0yXv1tw-VtdHtNb8vd4XSa3xPmWWJ4Wl-X5ljw8Ts_brTCbXT6H6em3e05H0IrBYHUKMZkNNqvdcjiaHQAAAMDd____P56p2dwxNhnzlR5IDkYbz8o1mfkWnoVnYhk5bKPZzOFaTYyr2cY42R7s-u1sMuhuaJ-HsMx-30HQ8LkMoqLrbbE7nGbPQXzQMCwng2B-E7YYrSaTzXI4Wy4mg-FoOBrtbyAGowFOxGC5nEwWk91qtBpthrvRbLBAgRhMkKJFg8lqNJosJsPVaLKaLRe73QYpWrWajTaD4Wo2me12q-FguByNcMIWo9VkslkOZ8vFZDAcDUejIcLEzLIYTjYet2blW7hFI9vIrXBNTGvVZDdbWCyjxWLkW4teH9NzZRp5JqYpQtDtcuqbHmZP5XZ57GsPLgoGoO1FcJFO5C7f5-O3HB6ut8J1cgtdlofZ5HndLWKJ5mSRTmSXfXMw2nhWrsnMt_AsPBPLyGEbzWYO12piXM02xsm-MbMshpONx61Z-RZu0cg2citcE9NaNdnNFhbLaLEY-dai18f0XJlGnolp35itlqvhcDEa7huz1XI1HC5Gw32HyfRMfc5Gz1An8tjU3-Didrs5DAqXweL9SUyLaXd2MJ18R6fLK0wWdUbf9Xv0GhSeg0c1_j5umdHz2TeHzd2DQRFLBKeLdKJxmF4-v-V5EUskT4t0IpnMTJPhaOYYbia2wWK3MS0mvoVrsbH5Vh7nxjgRS5Smi3Sil7t8n7_s6TH9LU-HX-0yW_yuy93lVrtMl79bcPlbXR7TW_L3eF0mt8T5llieFpfl-ZY8PE7P260wm10-h-npt3su6j8-xHA1lyw2c8VqNVfsZqsEAAAAAAAAALCEOfMmAAAAAKfBrJab2WqdB7HbDWfD1XIBIvIBdX96WfJ4teBsihs_xnCX7_PxWw4P11vhOrmFLsvDbPK87lYGiLhnZd78mSDWarWsAQAABLABAAACuHXzFnBexf_____HAQAAyMjRAwAA0O8DMeGNO-KMIwI!&cmcv=&pix=31589837&cb=1659588149323&uv=3210&tms=1659588149323&abt=adh5c-1_vA!inc_all_video_vA!Noappq22_vB!spa2_vA!ttdfpc_vC!ufm&ft=0&unm=FEED_MANAGER&debug=pn:!sqg:!torgn:1659588141665.3!ts:1659588149323&mntl=1
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Thu, 04 Aug 2022 04:42:29 GMT
content-length: 0
server: nginx

GET
H2 200 utrack.js Show response
tags.news.com.au/prod/utrack/ 2 KB
1 KB 33ms
32ms Script
application/x-javascript 2.18.233.169
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.news.com.au/prod/utrack/utrack.js?cb=16595881493620.45047397764736585
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/newsltd/hwt/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.169 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-169.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: bfa67e2ce103d04234fa84f7595c316d23f46eed219683f06e264fb27dc91637

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 04 Aug 2022 04:42:29 GMT
content-encoding: gzip
server: AkamaiNetStorage
etag: "ab4f3fe7c5c43b61d4377ef72d3952fa:1558613430"
vary: Accept-Encoding
p3p: CP="News Ltd does not have a P3P policy. You can view our Privacy Policy at http://www.newscorpaustraliaprivacy.com"
cache-control: max-age=0, no-cache, no-store
content-type: application/x-javascript
content-length: 831
expires: Thu, 04 Aug 2022 04:42:29 GMT

GET
H2 200 mitas.js Show response
tags.news.com.au/prod/mitas/ 666 B
905 B 32ms
31ms Script
application/x-javascript 2.18.233.169
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.news.com.au/prod/mitas/mitas.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/newsltd/hwt/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.169 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-169.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: d160b7999ef36a6814e7e673a78ee2388f00131908cf533155005798db86cfff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Thu, 04 Aug 2022 04:42:29 GMT
cache-control: max-age=80926
server: AkamaiNetStorage
content-type: application/x-javascript
etag: "83a2bbd4d3829f1d4278f4ff0988804c:1490850995"
content-length: 666
p3p: CP="News Ltd does not have a P3P policy. You can view our Privacy Policy at http://www.newscorpaustraliaprivacy.com"

GET
H2 200 B7670439;dcadv=4149947;sz=1x2;ord=750756404611.045 Show response
ad.doubleclick.net/adj/N7203.197812.NSO.CODESRV/ 37 KB
14 KB 234ms
89ms Script
text/javascript 142.250.186.70
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/adj/N7203.197812.NSO.CODESRV/B7670439;dcadv=4149947;sz=1x2;ord=750756404611.045?

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/newsltd/hwt/prod/utag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f6.1e100.net

Software

cafe /

Resource Hash

b34f09c87bfb5e44dea329d4a3f1f3335d4764649ea8c857d56b115262111c32

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 04 Aug 2022 04:42:29 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13619
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 chartbeat_video.js Show response
static.chartbeat.com/js/ 70 KB
24 KB 177ms
36ms Script
application/x-javascript 2600:9000:223c:7200:18:1fcd:351:7bc1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.chartbeat.com/js/chartbeat_video.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/newsltd/hwt/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223c:7200:18:1fcd:351:7bc1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 4b00ed621740620bfd79c6c4d2501d53390214d6bb3fb90a31a1c24637f05bb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Thu, 04 Aug 2022 03:06:01 GMT
content-encoding: gzip
last-modified: Wed, 20 Jul 2022 00:51:11 GMT
server: nginx
age: 5788
etag: W/"62d7517f-1181e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/x-javascript
via: 1.1 84294257ed643a88ee54d2e3f7d7ccea.cloudfront.net (CloudFront)
cache-control: max-age=7200
cross-origin-resource-policy: cross-origin
x-amz-cf-pop: FRA56-P2
x-amz-cf-id: j5Rq6dzSCaDqn52-9Jc7zVvQm_TPZEqM6XplVCF_TXk8FkuzDSfFDQ==
expires: Thu, 04 Aug 2022 05:06:01 GMT

GET
H2 200 metrics.js Show response
tags.news.com.au/prod/metrics/ 183 KB
63 KB 54ms
54ms Script
application/x-javascript 2.18.233.169
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.news.com.au/prod/metrics/metrics.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/newsltd/hwt/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.169 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-169.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: f49534287a61791dbdad8bc4c0a6c4fae4b38209f99630d4b80ea2ae4590cfcd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Thu, 04 Aug 2022 04:42:29 GMT
content-encoding: gzip
server: AkamaiNetStorage
etag: "a1a8299d1557a9e53277dd1219cab7b5:1659424478.115916"
vary: Accept-Encoding
p3p: CP="News Ltd does not have a P3P policy. You can view our Privacy Policy at http://www.newscorpaustraliaprivacy.com"
cache-control: max-age=78216
content-type: application/x-javascript

GET
H2 200 nielsen.js Show response
tags.news.com.au/prod/nielsen/ 25 KB
10 KB 29ms
28ms Script
application/x-javascript 2.18.233.169
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.news.com.au/prod/nielsen/nielsen.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/newsltd/hwt/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.169 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-169.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 002856eb594d2755e967afbc01ed1d8cfcc4232f4abfe714a5b8a9b55a367258

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Thu, 04 Aug 2022 04:42:29 GMT
content-encoding: gzip
server: AkamaiNetStorage
etag: "ecacc4b7d71d3eee8eaca9fbb3295f91:1638242930.652258"
vary: Accept-Encoding
p3p: CP="News Ltd does not have a P3P policy. You can view our Privacy Policy at http://www.newscorpaustraliaprivacy.com"
cache-control: max-age=53201
content-type: application/x-javascript
content-length: 9840

GET
H/1.1 200
OK ncg.js Show response
au.tags.newscgp.com/prod/ncg/ 155 KB
48 KB 237ms
34ms Script
text/javascript 13.224.189.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://au.tags.newscgp.com/prod/ncg/ncg.js?v=2.14.0
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/newsltd/hwt/prod/utag.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.93 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-93.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 7f601a8f162545a5b8aa2e2d05a4fc4bd508efd9ec19c65df29f6627edcbbd4a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Thu, 04 Aug 2022 04:01:19 GMT
Content-Encoding: gzip
Connection: keep-alive
Last-Modified: Mon, 21 Mar 2022 03:18:38 GMT
Server: AmazonS3
Age: 2507
ETag: W/"cd21e4d44772e851dcd7105fef09c01e"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Content-Type: text/javascript
Via: 1.1 2bbba694ff55d664208103e9c25dce14.cloudfront.net (CloudFront)
Cache-Control: max-age=3600
Transfer-Encoding: chunked
X-Amz-Cf-Pop: FRA2-C1
X-Amz-Cf-Id: S-HnnEs8VBUGGot607m_1CZFI34nDUJO7LUk70WZGU7WY-xKx0LGDQ==

GET
H2 200 embed.js Show response
nebula-cdn.kampyle.com/au/wau/132224/onsite/ 2 KB
1 KB 147ms
32ms Script
application/javascript 151.101.193.175
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://nebula-cdn.kampyle.com/au/wau/132224/onsite/embed.js

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/newsltd/hwt/prod/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.193.175 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

0e07a4183f084c781749d23b16f1d52fc13aeefe1027995354b794bf9c2de3c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-version-id: qtmj5P0kyf4blvWb44XOZk2NSV3XMUul
content-encoding: gzip
etag: "71b50f46029bdc1fe299101f5da62c22"
age: 20970
via: 1.1 varnish
x-cache: HIT
vary: Accept-Encoding
content-length: 665
x-amz-id-2: 9KzEYdniCWuAALj9oXJ32s+OojbcJ1lMqCNE6eZTLNyjktKPCzkjNAphTjxMBdJ6aPZ07IpvUJM=
x-served-by: cache-hhn4064-HHN
last-modified: Wed, 03 Aug 2022 22:52:59 GMT
server: AmazonS3
x-timer: S1659588149.494511,VS0,VE0
date: Thu, 04 Aug 2022 04:42:29 GMT
strict-transport-security: max-age=31557600
x-amz-request-id: XGJEGV91E4T1HDMZ
access-control-allow-origin: *
cache-control: max-age=0,must-revalidate
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 81

GET
H2 200 tad.js Show response
tags.news.com.au/prod/tad/ 89 KB
28 KB 39ms
38ms Script
application/x-javascript 2.18.233.169
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.news.com.au/prod/tad/tad.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/newsltd/hwt/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.169 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-169.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 7adebb77cda36fdd10f1fcbb6227f32ab586195147385fe65e5004ae0190440a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Thu, 04 Aug 2022 04:42:29 GMT
content-encoding: gzip
server: AkamaiNetStorage
etag: "59f8537bc2fc29e59b8913cf0a19f1fb:1657865610.52625"
vary: Accept-Encoding
p3p: CP="News Ltd does not have a P3P policy. You can view our Privacy Policy at http://www.newscorpaustraliaprivacy.com"
cache-control: max-age=74997
content-type: application/x-javascript
content-length: 28378

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 83 KB
29 KB 274ms
124ms Script
text/javascript 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/newsltd/hwt/prod/utag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

sffe /

Resource Hash

374cc046f653dbba7141ed44dd5eaae128bc4d6bb99015fa2421b5a94fc5c4c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Thu, 04 Aug 2022 04:42:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28616
x-xss-protection: 0
server: sffe
etag: "1293 / 235 of 1000 / last-modified: 1659568641"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 04 Aug 2022 04:42:29 GMT

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 140 KB
39 KB 177ms
34ms Script
application/javascript 52.222.209.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/newsltd/hwt/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.209.55 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-209-55.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: b95939599754deb2250672a0ecba1494e7af2352a3598695df9684d77f953d73

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Thu, 04 Aug 2022 03:53:34 GMT
via: 1.1 ec1ac21acdbd36c971eca9d6b61d0744.cloudfront.net (CloudFront), 1.1 33febf2d58aeb0618cba096d54cae018.cloudfront.net (CloudFront)
last-modified: Thu, 30 Jun 2022 20:51:38 GMT
server: AmazonS3
age: 2936
etag: W/"72916dde70b34122b394074010b382ce"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public, max-age=3600
x-amz-cf-pop: FRA60-P1, FRA56-P3
content-encoding: gzip
x-amz-cf-id: wvk8xEygfaZ0Z_g6VCdZxGnPZJpJEVyvQBdDh2l9C41Or4caixQEfw==

GET
H2 200 prebid.js Show response
tags.news.com.au/prod/prebid/ 362 KB
111 KB 85ms
84ms Script
application/x-javascript 2.18.233.169
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.news.com.au/prod/prebid/prebid.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/newsltd/hwt/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.169 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-169.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 42ffbcd5fae6a0eda00246031330f0c87d21ec4c9451787199c02d49746a3d12

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Thu, 04 Aug 2022 04:42:29 GMT
content-encoding: gzip
server: AkamaiNetStorage
etag: "38085f66de7dcd7c22d408e9044e03b1:1655686301.436641"
vary: Accept-Encoding
p3p: CP="News Ltd does not have a P3P policy. You can view our Privacy Policy at http://www.newscorpaustraliaprivacy.com"
cache-control: max-age=23624
content-type: application/x-javascript

GET
H2 200 ats.js Show response
ats.rlcdn.com/ 109 KB
37 KB 130ms
33ms Script
application/x-javascript 13.224.189.94
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ats.rlcdn.com/ats.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/newsltd/hwt/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.94 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-94.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4b05d7f4339a505c65d2fcb1b21addd2a13a0c155ddf7ca766d1e7203b2b6cae

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-version-id: qhkEQKrW4Gg_gxbK41emvSsDXWYdvDMl
content-encoding: gzip
etag: W/"148e21f812b555a13b2a9c6b616141f4"
age: 74642
x-amz-server-side-encryption: AES256
x-amz-meta-codebuild-buildarn: arn:aws:codebuild:eu-west-1:469675294282:build/ATSLibrary-prod:598424ed-c6de-48e8-8068-45662e39c3ce
x-cache: Hit from cloudfront
x-amz-meta-codebuild-content-md5: 58acf9e97c03c481f490be71338f7f57
last-modified: Tue, 17 May 2022 11:35:33 GMT
server: AmazonS3
date: Wed, 03 Aug 2022 07:58:28 GMT
vary: Accept-Encoding
x-amz-meta-codebuild-content-sha256: 57180e34d853b9e6be67670dae22a049fb237e6bca37c60f7ba138272a8487cc
via: 1.1 cb33a7a4640adbb55df3e0d143601558.cloudfront.net (CloudFront)
cache-control: must-revalidate,public,max-age=86400
x-amz-cf-pop: FRA2-C1
content-type: application/x-javascript
x-amz-cf-id: BtJVdRGIS4A9-0zNebF_QC1FBSKYgIxfNeYRaxzIP_zWaaEPTTRNlg==

GET
H2 200 nca_ipsos.js Show response
tags.news.com.au/prod/ipsos/ 30 KB
7 KB 29ms
28ms Script
application/x-javascript 2.18.233.169
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.news.com.au/prod/ipsos/nca_ipsos.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/newsltd/hwt/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.169 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-169.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 0e5ec55a3d418014ca126be8ee33f2816927af159c19b41f98c04d144ede039c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Thu, 04 Aug 2022 04:42:29 GMT
content-encoding: gzip
server: AkamaiNetStorage
etag: "02db67d1f85afa22202ddcb153db5af5:1658722464.1309"
vary: Accept-Encoding
p3p: CP="News Ltd does not have a P3P policy. You can view our Privacy Policy at http://www.newscorpaustraliaprivacy.com"
cache-control: max-age=76319
content-type: application/x-javascript
content-length: 7136

GET
H2 200 utag.985.js Show response
tags.tiqcdn.com/utag/newsltd/hwt/prod/ 2 KB
1 KB 36ms
35ms Script
application/x-javascript 23.47.212.221
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/newsltd/hwt/prod/utag.985.js?utv=ut4.46.201911200449
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/newsltd/hwt/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.47.212.221 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-47-212-221.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 7b6c0b25c2cb3a2edfe8c42852119cffb292560fe035805ec58d85522316996d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

unused62: 8096267
date: Thu, 04 Aug 2022 04:42:29 GMT
content-encoding: gzip
last-modified: Tue, 21 Sep 2021 02:18:16 GMT
server: AkamaiNetStorage
etag: "479ba55551c0a2369f399625b1c2c4ea:1632190696.475182"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 899
expires: Fri, 19 Aug 2022 04:42:29 GMT

GET
H2 200 sync
taboola-supply-partners.tremorhub.com/ Frame 272A 43 B
183 B 473ms
152ms Image
image/gif 2600:1f18:612b:4264:f887:8ace:4fd:1ad4
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://taboola-supply-partners.tremorhub.com/sync?UISTB=%3CtaboolaUserId%3E&gdpr=1&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Ftelaria-rtb-network%2F1%2Frtb-h%2F%3Fgdpr%3D1%26us_privacy%3D1---%26taboola_hm%3D%5BTVUSER_ID%5D%26orig%3Dvideo
Requested by: Host: imprammp.taboola.com
URL: https://imprammp.taboola.com/st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=66361655&crid=-1&dast=V7mGgCFgOqDS9WLz6yIgSqDS9WLz6yIgUAAAAGBvQHG0EjUTYb5oI4GY2Gq9VwMpuMBpvZZLdYDGEjaCTKZsNcECej0XC1Gk5mk9FgM5vsFospcBjLZTKoBRKW2e87CBo-l0FUdL0tdofT7HnDGZpOh891r9f9fnehy_Iwmzyvu13jd9sVrr_c5fv8ZU-P6W95Ovxql9nid13uLrfaZbr83YLL3-rymN6Sv8frMrklzrfE8rS4LM-35OFxet5uhdns8jlMT7_dcwcAAACAh____38IAAAAgAgAAAAACQAAAACKgIp_C4ELAAAAAIz___9_DQAojgL2G-0ufwAAAACAAAAAAJAAFOwVlwBsjPSf_P_________HDNBn3sj8____3xj0ADz4ADwIAQAAfAyVxGgYIWQAtxMVmBYxAgAAAMit3oQ9mtQJlUXV__9_vxXAFQBAgOBZit9Hlu6gxFsYAADAgJip2dwxNhnz1dgCPSx-v9lh1_jdLvv_________N_s_-0cTghJ-TAtiQLFX-wUEAFj7BQQAYBM3AIA3AbiQO0PT6fC57vW63-8udFkeZpPndbdr_G67wvWXu3yfv-zpMf0tT4df7TJb_K7L3eVWu0yXv1tw-VtdHtNb8vd4XSa3xPmWWJ4Wl-X5ljw8Ts_brTCbXT6H6em3e05H0IrBYHUKMZkNNqvdcjiaHQAAAMDd____P56p2dwxNhnzlR5IDkYbz8o1mfkWnoVnYhk5bKPZzOFaTYyr2cY42R7s-u1sMuhuaJ-HsMx-30HQ8LkMoqLrbbE7nGbPQXzQMCwng2B-E7YYrSaTzXI4Wy4mg-FoOBrtbyAGowFOxGC5nEwWk91qtBpthrvRbLBAgRhMkKJFg8lqNJosJsPVaLKaLRe73QYpWrWajTaD4Wo2me12q-FguByNcMIWo9VkslkOZ8vFZDAcDUejIcLEzLIYTjYet2blW7hFI9vIrXBNTGvVZDdbWCyjxWLkW4teH9NzZRp5JqYpQtDtcuqbHmZP5XZ57GsPLgoGoO1FcJFO5C7f5-O3HB6ut8J1cgtdlofZ5HndLWKJ5mSRTmSXfXMw2nhWrsnMt_AsPBPLyGEbzWYO12piXM02xsm-MbMshpONx61Z-RZu0cg2citcE9NaNdnNFhbLaLEY-dai18f0XJlGnolp35itlqvhcDEa7huz1XI1HC5Gw32HyfRMfc5Gz1An8tjU3-Didrs5DAqXweL9SUyLaXd2MJ18R6fLK0wWdUbf9Xv0GhSeg0c1_j5umdHz2TeHzd2DQRFLBKeLdKJxmF4-v-V5EUskT4t0IpnMTJPhaOYYbia2wWK3MS0mvoVrsbH5Vh7nxjgRS5Smi3Sil7t8n7_s6TH9LU-HX-0yW_yuy93lVrtMl79bcPlbXR7TW_L3eF0mt8T5llieFpfl-ZY8PE7P260wm10-h-npt3su6j8-xHA1lyw2c8VqNVfsZqsEAAAAAAAAALCEOfMmAAAAAKfBrJab2WqdB7HbDWfD1XIBIvIBdX96WfJ4teBsihs_xnCX7_PxWw4P11vhOrmFLsvDbPK87lYGiLhnZd78mSDWarWsAQAABLABAAACuHXzFnBexf_____HAQAAyMjRAwAA0O8DMeGNO-KMIwI!&cmcv=&pix=undefined&cb=1659588149323&uv=3210&tms=1659588149323&abt=adh5c-1_vA!inc_all_video_vA!Noappq22_vB!spa2_vA!ttdfpc_vC!ufm&ft=0&unm=FEED_MANAGER&aure=false&agl=1&cirid=AFD23C9A8244855826240362711&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:612b:4264:f887:8ace:4fd:1ad4 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://imprammp.taboola.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Thu, 04 Aug 2022 04:42:29 GMT
server: Apache-Coyote/1.1
p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
content-type: image/gif

GET
H2 200 generic
match.adsrvr.org/track/cmf/ Frame 272A 70 B
265 B 182ms
52ms Image
image/gif 3.33.220.150
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?gdpr=1&ttd_pid=054f32o&us_privacy=1---&ttd_tpi=1
Requested by: Host: imprammp.taboola.com
URL: https://imprammp.taboola.com/st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=66361655&crid=-1&dast=V7mGgCFgOqDS9WLz6yIgSqDS9WLz6yIgUAAAAGBvQHG0EjUTYb5oI4GY2Gq9VwMpuMBpvZZLdYDGEjaCTKZsNcECej0XC1Gk5mk9FgM5vsFospcBjLZTKoBRKW2e87CBo-l0FUdL0tdofT7HnDGZpOh891r9f9fnehy_Iwmzyvu13jd9sVrr_c5fv8ZU-P6W95Ovxql9nid13uLrfaZbr83YLL3-rymN6Sv8frMrklzrfE8rS4LM-35OFxet5uhdns8jlMT7_dcwcAAACAh____38IAAAAgAgAAAAACQAAAACKgIp_C4ELAAAAAIz___9_DQAojgL2G-0ufwAAAACAAAAAAJAAFOwVlwBsjPSf_P_________HDNBn3sj8____3xj0ADz4ADwIAQAAfAyVxGgYIWQAtxMVmBYxAgAAAMit3oQ9mtQJlUXV__9_vxXAFQBAgOBZit9Hlu6gxFsYAADAgJip2dwxNhnz1dgCPSx-v9lh1_jdLvv_________N_s_-0cTghJ-TAtiQLFX-wUEAFj7BQQAYBM3AIA3AbiQO0PT6fC57vW63-8udFkeZpPndbdr_G67wvWXu3yfv-zpMf0tT4df7TJb_K7L3eVWu0yXv1tw-VtdHtNb8vd4XSa3xPmWWJ4Wl-X5ljw8Ts_brTCbXT6H6em3e05H0IrBYHUKMZkNNqvdcjiaHQAAAMDd____P56p2dwxNhnzlR5IDkYbz8o1mfkWnoVnYhk5bKPZzOFaTYyr2cY42R7s-u1sMuhuaJ-HsMx-30HQ8LkMoqLrbbE7nGbPQXzQMCwng2B-E7YYrSaTzXI4Wy4mg-FoOBrtbyAGowFOxGC5nEwWk91qtBpthrvRbLBAgRhMkKJFg8lqNJosJsPVaLKaLRe73QYpWrWajTaD4Wo2me12q-FguByNcMIWo9VkslkOZ8vFZDAcDUejIcLEzLIYTjYet2blW7hFI9vIrXBNTGvVZDdbWCyjxWLkW4teH9NzZRp5JqYpQtDtcuqbHmZP5XZ57GsPLgoGoO1FcJFO5C7f5-O3HB6ut8J1cgtdlofZ5HndLWKJ5mSRTmSXfXMw2nhWrsnMt_AsPBPLyGEbzWYO12piXM02xsm-MbMshpONx61Z-RZu0cg2citcE9NaNdnNFhbLaLEY-dai18f0XJlGnolp35itlqvhcDEa7huz1XI1HC5Gw32HyfRMfc5Gz1An8tjU3-Didrs5DAqXweL9SUyLaXd2MJ18R6fLK0wWdUbf9Xv0GhSeg0c1_j5umdHz2TeHzd2DQRFLBKeLdKJxmF4-v-V5EUskT4t0IpnMTJPhaOYYbia2wWK3MS0mvoVrsbH5Vh7nxjgRS5Smi3Sil7t8n7_s6TH9LU-HX-0yW_yuy93lVrtMl79bcPlbXR7TW_L3eF0mt8T5llieFpfl-ZY8PE7P260wm10-h-npt3su6j8-xHA1lyw2c8VqNVfsZqsEAAAAAAAAALCEOfMmAAAAAKfBrJab2WqdB7HbDWfD1XIBIvIBdX96WfJ4teBsihs_xnCX7_PxWw4P11vhOrmFLsvDbPK87lYGiLhnZd78mSDWarWsAQAABLABAAACuHXzFnBexf_____HAQAAyMjRAwAA0O8DMeGNO-KMIwI!&cmcv=&pix=undefined&cb=1659588149323&uv=3210&tms=1659588149323&abt=adh5c-1_vA!inc_all_video_vA!Noappq22_vB!spa2_vA!ttdfpc_vC!ufm&ft=0&unm=FEED_MANAGER&aure=false&agl=1&cirid=AFD23C9A8244855826240362711&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.33.220.150 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://imprammp.taboola.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 04 Aug 2022 04:42:29 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2

200

rtb-h Show response
sync-t1.taboola.com/sg/spotx-rtb-network/1/ Frame 272A
Redirect Chain

https://sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3D...
https://sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3D...
https://sync-t1.taboola.com/sg/spotx-rtb-network/1/rtb-h?taboola_hm=d9161269-13af-11ed-bd3b-1ac054420106&orig=video&us_privacy=1---gdpr=1&

0
98 B

67ms
66ms

Script
text/plain

141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://sync-t1.taboola.com/sg/spotx-rtb-network/1/rtb-h?taboola_hm=d9161269-13af-11ed-bd3b-1ac054420106&orig=video&us_privacy=1---gdpr=1&
Requested by: Host: imprammp.taboola.com
URL: https://imprammp.taboola.com/st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=66361655&crid=-1&dast=V7mGgCFgOqDS9WLz6yIgSqDS9WLz6yIgUAAAAGBvQHG0EjUTYb5oI4GY2Gq9VwMpuMBpvZZLdYDGEjaCTKZsNcECej0XC1Gk5mk9FgM5vsFospcBjLZTKoBRKW2e87CBo-l0FUdL0tdofT7HnDGZpOh891r9f9fnehy_Iwmzyvu13jd9sVrr_c5fv8ZU-P6W95Ovxql9nid13uLrfaZbr83YLL3-rymN6Sv8frMrklzrfE8rS4LM-35OFxet5uhdns8jlMT7_dcwcAAACAh____38IAAAAgAgAAAAACQAAAACKgIp_C4ELAAAAAIz___9_DQAojgL2G-0ufwAAAACAAAAAAJAAFOwVlwBsjPSf_P_________HDNBn3sj8____3xj0ADz4ADwIAQAAfAyVxGgYIWQAtxMVmBYxAgAAAMit3oQ9mtQJlUXV__9_vxXAFQBAgOBZit9Hlu6gxFsYAADAgJip2dwxNhnz1dgCPSx-v9lh1_jdLvv_________N_s_-0cTghJ-TAtiQLFX-wUEAFj7BQQAYBM3AIA3AbiQO0PT6fC57vW63-8udFkeZpPndbdr_G67wvWXu3yfv-zpMf0tT4df7TJb_K7L3eVWu0yXv1tw-VtdHtNb8vd4XSa3xPmWWJ4Wl-X5ljw8Ts_brTCbXT6H6em3e05H0IrBYHUKMZkNNqvdcjiaHQAAAMDd____P56p2dwxNhnzlR5IDkYbz8o1mfkWnoVnYhk5bKPZzOFaTYyr2cY42R7s-u1sMuhuaJ-HsMx-30HQ8LkMoqLrbbE7nGbPQXzQMCwng2B-E7YYrSaTzXI4Wy4mg-FoOBrtbyAGowFOxGC5nEwWk91qtBpthrvRbLBAgRhMkKJFg8lqNJosJsPVaLKaLRe73QYpWrWajTaD4Wo2me12q-FguByNcMIWo9VkslkOZ8vFZDAcDUejIcLEzLIYTjYet2blW7hFI9vIrXBNTGvVZDdbWCyjxWLkW4teH9NzZRp5JqYpQtDtcuqbHmZP5XZ57GsPLgoGoO1FcJFO5C7f5-O3HB6ut8J1cgtdlofZ5HndLWKJ5mSRTmSXfXMw2nhWrsnMt_AsPBPLyGEbzWYO12piXM02xsm-MbMshpONx61Z-RZu0cg2citcE9NaNdnNFhbLaLEY-dai18f0XJlGnolp35itlqvhcDEa7huz1XI1HC5Gw32HyfRMfc5Gz1An8tjU3-Didrs5DAqXweL9SUyLaXd2MJ18R6fLK0wWdUbf9Xv0GhSeg0c1_j5umdHz2TeHzd2DQRFLBKeLdKJxmF4-v-V5EUskT4t0IpnMTJPhaOYYbia2wWK3MS0mvoVrsbH5Vh7nxjgRS5Smi3Sil7t8n7_s6TH9LU-HX-0yW_yuy93lVrtMl79bcPlbXR7TW_L3eF0mt8T5llieFpfl-ZY8PE7P260wm10-h-npt3su6j8-xHA1lyw2c8VqNVfsZqsEAAAAAAAAALCEOfMmAAAAAKfBrJab2WqdB7HbDWfD1XIBIvIBdX96WfJ4teBsihs_xnCX7_PxWw4P11vhOrmFLsvDbPK87lYGiLhnZd78mSDWarWsAQAABLABAAACuHXzFnBexf_____HAQAAyMjRAwAA0O8DMeGNO-KMIwI!&cmcv=&pix=undefined&cb=1659588149323&uv=3210&tms=1659588149323&abt=adh5c-1_vA!inc_all_video_vA!Noappq22_vB!spa2_vA!ttdfpc_vC!ufm&ft=0&unm=FEED_MANAGER&aure=false&agl=1&cirid=AFD23C9A8244855826240362711&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1
Protocol: H2
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://imprammp.taboola.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Thu, 04 Aug 2022 04:42:30 GMT
access-control-allow-credentials: true
server: nginx
x-fastly-to-nlb-rtt: 105212

Redirect headers

Date: Thu, 04 Aug 2022 04:42:30 GMT
Server: nginx
Location: https://sync-t1.taboola.com/sg/spotx-rtb-network/1/rtb-h?taboola_hm=d9161269-13af-11ed-bd3b-1ac054420106&orig=video&us_privacy=1---gdpr=1&
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 133
Connection: keep-alive
Content-Length: 0

GET
H2 200 PE61ECF8B-8E10-4919-930F-697F3D3DBB98.js Show response
cdn-gl.imrworldwide.com/conf/ 32 KB
7 KB 261ms
63ms Script
application/javascript 2600:9000:206e:a00:2:42d9:3100:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-gl.imrworldwide.com/conf/PE61ECF8B-8E10-4919-930F-697F3D3DBB98.js
Requested by: Host: tags.news.com.au
URL: https://tags.news.com.au/prod/nielsen/nielsen.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206e:a00:2:42d9:3100:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 0ad16c462414f6a8c136057b1a6c04ac3a368efea33416c630e8d9a629fafd24

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-version-id: 3n.2F5s_NdpYj0WhgLL928wIuuzsgPXB
content-encoding: gzip
etag: W/"e62f72616976a73191566ee6f33a031e"
last-modified: Tue, 02 Aug 2022 17:19:37 GMT
server: AmazonS3
age: 1682
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 7c17b3af9cda4d5f0ff45961b7be9fdc.cloudfront.net (CloudFront)
cache-control: max-age=86400,s-maxage=86400
date: Thu, 04 Aug 2022 04:17:24 GMT
x-amz-cf-pop: VIE50-C1
x-amz-cf-id: -vDikZ2XTMv0vycwA__tPw7Vs1UqMp3P2oRdvO59IXfDvmHtxW8aCA==

GET
H2 200 door.js Show response
au-script.dotmetrics.net/ 8 KB
3 KB 906ms
776ms Script
application/javascript 13.224.189.90
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://au-script.dotmetrics.net/door.js?id=13215
Requested by: Host: tags.news.com.au
URL: https://tags.news.com.au/prod/ipsos/nca_ipsos.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-90.fra2.r.cloudfront.net
Software: Kestrel /
Resource Hash: 7d7c55a2c32de6cf59601af3da7ec4846dca6359449f29e9699d2c208a1e30b6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Thu, 04 Aug 2022 04:42:30 GMT
content-encoding: br
server: Kestrel
x-amz-cf-pop: FRA2-C1
etag: "13215...209.2022080404"
vary: Accept-Encoding
x-cache: Miss from cloudfront
p3p: policyref="https://au-script.dotmetrics.net/w3c/p3p.xml", CP="NOI DSP LAW CURa ADMa DEVa PSAa HISa OUR IND STA"
via: 1.1 c7f7b4cf7fd5efe64bac95586db3f62a.cloudfront.net (CloudFront)
cache-control: private
content-type: application/javascript
x-amz-cf-id: ZeK35sGlILZtX8NDmfX8yLYtPhvleXCzBiQmKzYD7K7gia2GpviEug==

GET
H2 200 ebOneTag.js Show response
secure-ds.serving-sys.com/SemiCachedScripts/ 69 KB
21 KB 279ms
43ms Script
application/javascript 2.16.186.25
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://secure-ds.serving-sys.com/SemiCachedScripts/ebOneTag.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/newsltd/hwt/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.186.25 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-186-25.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 704de20959867ad7e42c0e25a807e6a87daab17c4e8755cdf36fa105f6a7400f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Thu, 04 Aug 2022 04:42:29 GMT
content-encoding: gzip
last-modified: Sun, 31 Jul 2022 08:21:31 GMT
server: AmazonS3
x-amz-cf-pop: JFK51-C1
etag: W/"095a7b562e641bfc203fc3ef9697c6bc"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
accept-ranges: bytes
content-length: 21307
x-amz-cf-id: im927uomwmjCGvkivpreUIvxJESKvHYpR1G_MXME3pxXa2vLXsdBoQ==

GET
H2 200 utag.v.js Show response
tags.tiqcdn.com/utag/tiqapp/ 2 B
216 B 33ms
33ms Script
application/x-javascript 23.47.212.221
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=newsltd/hwt/202207210550&cb=1659588149419
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/newsltd/hwt/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.47.212.221 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-47-212-221.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

unused62: 8096267
date: Thu, 04 Aug 2022 04:42:29 GMT
last-modified: Thu, 14 Apr 2016 16:57:51 GMT
server: AkamaiNetStorage
etag: "7bc0ee636b3b83484fc3b9348863bd22:1460653071"
content-type: application/x-javascript
cache-control: max-age=600
accept-ranges: bytes
content-length: 2
expires: Thu, 04 Aug 2022 04:52:29 GMT

GET
H/1.1

200
OK

rd Show response
dpm.demdex.net/id/
Redirect Chain

https://dpm.demdex.net/id?d_visid_ver=5.1.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=5FE61C8B533204850A490D4D%40AdobeOrg&d_nsid=0&ts=1659588149472
https://dpm.demdex.net/id/rd?d_visid_ver=5.1.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=5FE61C8B533204850A490D4D%40AdobeOrg&d_nsid=0&ts=1659588149472

5 KB
2 KB

66ms
66ms

XHR
application/json

34.241.142.170
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id/rd?d_visid_ver=5.1.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=5FE61C8B533204850A490D4D%40AdobeOrg&d_nsid=0&ts=1659588149472

Requested by

Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations

Protocol

HTTP/1.1

Server

34.241.142.170 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-241-142-170.eu-west-1.compute.amazonaws.com

Software

Resource Hash

871d3975e6fa15012cee0983687bd826ea1486a7926e1ce6bd416a39020666e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v038-0c27a7d4b.edge-irl1.demdex.com 2 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-TID: 4pQHSmH5RWk=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://www.heraldsun.com.au
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 1539
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS: dcs-prod-irl1-1-v038-03fc651d6.edge-irl1.demdex.com 0 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
Access-Control-Allow-Origin: https://www.heraldsun.com.au
X-TID: vJmaqLbwTqQ=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://dpm.demdex.net/id/rd?d_visid_ver=5.1.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=5FE61C8B533204850A490D4D%40AdobeOrg&d_nsid=0&ts=1659588149472
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H/1.1 200
OK iasPET.1.js Show response
cdn.adsafeprotected.com/ 22 KB
7 KB 190ms
35ms Script
application/javascript 13.225.78.97
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adsafeprotected.com/iasPET.1.js
Requested by: Host: tags.news.com.au
URL: https://tags.news.com.au/prod/tad/tad.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.78.97 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-78-97.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 2afcabe2eb6314148dfd9dfdec1333b973d97d0780cc08fddab8501afbb013e9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Fri, 29 Jul 2022 17:47:45 GMT
Content-Encoding: gzip
Connection: keep-alive
Last-Modified: Wed, 02 Jun 2021 17:38:57 GMT
Server: AmazonS3
Age: 471285
ETag: W/"51636de3ce868a2172f9e6996c2934e0"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Content-Type: application/javascript
Via: 1.1 f8fe53d5464b299529d281799da8de30.cloudfront.net (CloudFront)
Cache-Control: max-age=604800
Transfer-Encoding: chunked
X-Amz-Cf-Pop: FRA2-C2
X-Amz-Cf-Id: Zg3nSljTaoc_wuKiiRs3NNRqb2Hw3vF8Wv26P8CidUW9500XigSPUA==

POST
H3 200 v2ksfRSTThW3ZiZZqil2PJgH29RqdqQ8y0KLTmpZKeHlF-GrSKAoguvpdTnyxe2K9K05ElX_o Show response
bedsberry.com/ 209 B
236 B 140ms
79ms Fetch
application/json 2600:1901:0:b14d::1
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bedsberry.com/v2ksfRSTThW3ZiZZqil2PJgH29RqdqQ8y0KLTmpZKeHlF-GrSKAoguvpdTnyxe2K9K05ElX_o

Requested by

Host: bedsberry.com
URL: https://bedsberry.com/v2xidAbl27_bbGoUgH9vkj5iV54PlV0QELR1sl88mnfEo97R4u9tcdK4

Protocol

Security

QUIC, , AES_128_GCM

Server

2600:1901:0:b14d::1 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Resource Hash

cbf7345bb3b48a889772393701dcd088f8e21c2b1ef04ad0764d66cb15be4d86

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

Referer: https://www.heraldsun.com.au/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

strict-transport-security: max-age=15724800; preload
via: 1.1 google
x-buildnumber: 600550791
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 209
x-datacenter: gce-europe-west1
date: Thu, 04 Aug 2022 04:42:29 GMT
x-buildname: hoothoot
vary: Accept-Encoding, Origin
access-control-allow-methods: POST, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.heraldsun.com.au
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-hostname: fen-hoothoot-europe-west1-spot-d6q6
timing-allow-origin: *
access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie
expires: Thu, 04 Aug 2022 04:42:28 GMT

GET
H2 200 ping
ping.chartbeat.net/ 43 B
201 B 433ms
133ms Image
image/gif 50.16.218.57
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ping.chartbeat.net/ping?h=heraldsun.com.au&p=%2Fnews%2Fvictoria%2Fmelbourne-metro-project-rocked-by-bribery-racism-allegations&u=CsYd7TB8GAUtQbpa4&d=heraldsun.com.au&g=36976&g0=page-not-found%2Cpage-not-found%2Cno_video&g1=No%20Author&n=1&f=00001&c=0&x=0&m=0&y=4029&o=1600&w=1200&j=45&R=1&W=0&I=0&E=0&e=0&r=&b=7912&t=B3Lt81D_zvT-DL3ElSOxXJgDZQBNx&V=136&i=Melbourne%20metro%20project%20rocked%20by%20bribery%20racism%20allegations%20%7C%20Herald%20Sun&tz=0&_acct=anon&sn=1&sv=E9Yl6CPV8mUDTSWs9DmP_fjBRF3Fg&sd=1&im=06030402&_
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 50.16.218.57 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-50-16-218-57.compute-1.amazonaws.com
Software: /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 04 Aug 2022 04:42:29 GMT
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
content-length: 43
expires: 0

GET
H2 204 config Show response
c.amazon-adsystem.com/cdn/prod/ 0
314 B 27ms
26ms XHR
text/plain 52.222.209.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=5119&u=https%3A%2F%2Fwww.heraldsun.com.au
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.209.55 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-209-55.fra56.r.cloudfront.net
Software: Server /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Thu, 04 Aug 2022 00:23:40 GMT
via: 1.1 33febf2d58aeb0618cba096d54cae018.cloudfront.net (CloudFront)
server: Server
age: 15529
x-cache: Hit from cloudfront
access-control-allow-origin: https://www.heraldsun.com.au
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P3
x-amz-cf-id: StFmLSbP9uj9JnF-dahbjzgclSS5gt0OY-Th1VlT4ATVQbgig5oycw==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 96ms
39ms XHR
application/javascript 52.222.209.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.209.55 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-209-55.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 22:19:19 GMT
content-encoding: gzip
vary: Accept-Encoding,Origin
age: 22991
x-cache: Hit from cloudfront
access-control-allow-origin: *
last-modified: Wed, 03 Aug 2022 22:19:11 GMT
server: AmazonS3
etag: W/"a4d296427fc806b21335359e398c025c"
access-control-max-age: 3000
access-control-allow-methods: GET
x-amz-version-id: JXufo2ctue2uysHllG2MRpKE8F0E4.a0
via: 1.1 910a343c3141ba3fe805e18bded62490.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-pop: FRA56-P3
content-type: application/javascript
x-amz-cf-id: W_hjgDjFA6WIpbdPlncCVubO8aF_oT6wqq_WgtwqugmfZAfQrzTRDg==

GET
H2 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20220802/r20110914/elements/html/ 8 KB
3 KB 125ms
91ms Script
text/javascript 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220802/r20110914/elements/html/omrhp.js

Requested by

Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/adj/N7203.197812.NSO.CODESRV/B7670439;dcadv=4149947;sz=1x2;ord=750756404611.045?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Thu, 04 Aug 2022 04:15:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1620
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3159
x-xss-protection: 0
server: cafe
etag: 1394524276809619753
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 18 Aug 2022 04:15:29 GMT

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ 0
575 B 270ms
105ms Ping
image/gif 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssWR5MtwX7RyPF4st3cExTXT0qHA_K05w8dAuyWs4V_EzYn4e5yteE7IhmeOLrFDE0Q9_XDTeNWDX00j1StnjAwv3o0mhaHdls10TuBV1DNcn1UUbVBCNn2N5W3lUXjglA0fW-qvNeGgwYq4TykrSM&sig=Cg0ArKJSzIWxb8KyOUy4EAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cisv=r20220802.95167&adurl=

Requested by

Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/adj/N7203.197812.NSO.CODESRV/B7670439;dcadv=4149947;sz=1x2;ord=750756404611.045?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 04 Aug 2022 04:42:29 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 gdpr_user_check.esi Show response
tags.news.com.au/prod/data-esi/top/ 63 B
404 B 592ms
492ms XHR
text/plain 2.18.233.169
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.news.com.au/prod/data-esi/top/gdpr_user_check.esi?
Requested by: Host: au.tags.newscgp.com
URL: https://au.tags.newscgp.com/prod/ncg/ncg.js?v=2.14.0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.169 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-169.deploy.static.akamaitechnologies.com
Software: AkamaiGHost /
Resource Hash: c234d3a6e7ff0a41542220e1202ea768bffeca48680c47de404653fa040a9c7c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 04 Aug 2022 04:42:30 GMT
server: AkamaiGHost
p3p: CP="News Ltd does not have a P3P policy. You can view our Privacy Policy at http://www.newscorpaustraliaprivacy.com"
etag: "519053bf13ef3980b8829a5ec0f4dbc4:1638256850.601476"
vary: Origin, Origin, Origin
content-type: text/plain
access-control-allow-origin: https://www.heraldsun.com.au
cache-control: max-age=0, no-cache
content-length: 63
mime-version: 1.0
expires: Thu, 04 Aug 2022 04:42:30 GMT

GET
H2 200 nlsSDK600.bundle.min.js Show response
cdn-gl.imrworldwide.com/novms/js/2/ 195 KB
55 KB 73ms
73ms Script
application/javascript 2600:9000:206e:a00:2:42d9:3100:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-gl.imrworldwide.com/novms/js/2/nlsSDK600.bundle.min.js
Requested by: Host: cdn-gl.imrworldwide.com
URL: https://cdn-gl.imrworldwide.com/conf/PE61ECF8B-8E10-4919-930F-697F3D3DBB98.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206e:a00:2:42d9:3100:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2d0ade31483bf44bbdbc9822066eaebf674738b370092fcfc8295e7ae3195d98

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-version-id: DrLErfhsYc9Oxds2t7Wz_kyLr0yC.GSp
content-encoding: gzip
etag: W/"81a9e2a298d0019660cb2966f0c24748"
age: 2897
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
last-modified: Mon, 02 May 2022 13:40:06 GMT
server: AmazonS3
date: Thu, 04 Aug 2022 03:54:12 GMT
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 7c17b3af9cda4d5f0ff45961b7be9fdc.cloudfront.net (CloudFront)
cache-control: max-age=86400
x-amz-cf-pop: VIE50-C1
x-amz-cf-id: aK9ngk6KKmghxBoZNlM1ao0QNx-kPLKUoufvblW0BP3enOUoOvY7dg==

GET
H3 200 pubads_impl_2022080101.js Show response
securepubads.g.doubleclick.net/gpt/ 381 KB
130 KB 199ms
59ms Script
text/javascript 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022080101.js?cb=31068740

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

sffe /

Resource Hash

a5910455615630589802ca15818aa163322871e6468f06a3660c53d6ab2936bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Thu, 04 Aug 2022 04:00:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2507
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 132749
x-xss-protection: 0
last-modified: Mon, 01 Aug 2022 16:11:51 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 04 Aug 2023 04:00:42 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 144 B
131 B 215ms
74ms XHR
application/json 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.heraldsun.com.au

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

ebb4807c4eb6dca83da209b9d9cbafd1191a5960535e9cfaf6cb2423d59e6f15

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 04 Aug 2022 04:42:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 106
x-xss-protection: 0
expires: Thu, 04 Aug 2022 04:42:29 GMT

GET
H/1.1 200
OK dest5.html Show response
newscorpau.demdex.net/ Frame 756D 7 KB
3 KB 428ms
61ms Document
text/html 52.16.110.65
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://newscorpau.demdex.net/dest5.html?d_nsid=0

Requested by

Host: tags.news.com.au
URL: https://tags.news.com.au/prod/metrics/metrics.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.16.110.65 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-16-110-65.eu-west-1.compute.amazonaws.com

Software

Resource Hash

7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.heraldsun.com.au/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 2791
Content-Type: text/html;charset=UTF-8
DCS: dcs-prod-irl1-1-v038-014595e4a.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: g4JtNw8GQw4=
content-encoding: gzip
date: Thu, 4 Aug 2022 04:42:30 GMT
last-modified: Wed, 3 Aug 2022 11:53:45 GMT
vary: accept-encoding

GET
H2 200 id Show response
metrics.heraldsun.com.au/ 48 B
516 B 255ms
40ms XHR
application/x-javascript 15.188.95.229
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://metrics.heraldsun.com.au/id?d_visid_ver=5.1.1&d_fieldgroup=A&mcorgid=5FE61C8B533204850A490D4D%40AdobeOrg&mid=38216589516615242142758659691708654641&ts=1659588149812

Requested by

Host: tags.news.com.au
URL: https://tags.news.com.au/prod/metrics/metrics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.188.95.229 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-188-95-229.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

4a8cf99461682eb9d7f9de2ff2f1cf7b0030b1af9368b1fc9ff94d3131295a17

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.heraldsun.com.au/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Thu, 04 Aug 2022 04:42:30 GMT
x-content-type-options: nosniff
server: jag
xserver: anedge-69c8d8cc76-cp4tf
vary: Origin
x-c: main-1661.I2f39db.M0-585
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://www.heraldsun.com.au
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript;charset=utf-8
content-length: 48
x-xss-protection: 1; mode=block

GET
H/1.1

200
OK

ibs:dpid=411&dpuuid=YutONgAAAGwF9gOV
dpm.demdex.net/
Redirect Chain

https://cm.everesttech.net/cm/dd?d_uuid=38195624764858219322756263564516324651
https://dpm.demdex.net/ibs:dpid=411&dpuuid=YutONgAAAGwF9gOV

42 B
942 B

52ms
51ms

Image
image/gif

34.241.142.170
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=411&dpuuid=YutONgAAAGwF9gOV

Requested by

Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations

Protocol

HTTP/1.1

Server

34.241.142.170 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-241-142-170.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v038-0c1b2a0e8.edge-irl1.demdex.com 3 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: /4nkI36mSJ0=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=YutONgAAAGwF9gOV
Date: Thu, 04 Aug 2022 04:42:30 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

GET
H2 200 6630 Show response
secure-ds.serving-sys.com/adServingData/PROD/TMClient/0/ 18 KB
18 KB 144ms
44ms XHR
application/octet-stream 2.16.186.25
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://secure-ds.serving-sys.com/adServingData/PROD/TMClient/0/6630
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/SemiCachedScripts/ebOneTag.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.186.25 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-186-25.deploy.static.akamaitechnologies.com
Software: ATS/7.1.0 /
Resource Hash: 2761a54e8d8a23b174d43bc34f5bbca503e28e16509ec94339ded50277f55062

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-version-id: RtCfFuFrXtvlcekSN3vfIYgE0EG89aSE
last-modified: Mon, 25 Jul 2022 01:42:25 GMT
server: ATS/7.1.0
x-amz-request-id: N75REEYNVTB7G0PQ
etag: "671299054ca111e5a6eb3a92fff2f69b"
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=14
date: Thu, 04 Aug 2022 04:42:29 GMT
accept-ranges: bytes
content-length: 18049
x-amz-id-2: 0nbgYHvW0r6uEtiTDQRZvq62OQkDQ1eMf+bHH24qVUzgYrrYYDV1JEWhFtOJA/Md+g0EGdx+LPE=

GET
H2 200 ls.html Show response
cdn-gl.imrworldwide.com/novms/html/ Frame 4352 12 KB
4 KB 59ms
58ms Document
text/html 2600:9000:206e:a00:2:42d9:3100:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-gl.imrworldwide.com/novms/html/ls.html
Requested by: Host: cdn-gl.imrworldwide.com
URL: https://cdn-gl.imrworldwide.com/novms/js/2/nlsSDK600.bundle.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206e:a00:2:42d9:3100:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c1ca15aa8598ac972f25c8812a1c189cd22f8926ec7b890bc8ea6a70a7779fd1

Request headers

Referer: https://www.heraldsun.com.au/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 1683
cache-control: max-age=86400
content-encoding: gzip
content-type: text/html
date: Thu, 04 Aug 2022 04:14:27 GMT
etag: W/"7fa83dfc7b78314b137e2eb13834daa7"
last-modified: Mon, 02 May 2022 13:40:06 GMT
server: AmazonS3
vary: Accept-Encoding
via: 1.1 7c17b3af9cda4d5f0ff45961b7be9fdc.cloudfront.net (CloudFront)
x-amz-cf-id: FQpONpAxytu995vm0d78qpOoOdvWNtjZYIsVBcPnrdJi2d-LmGNFiw==
x-amz-cf-pop: VIE50-C1
x-amz-server-side-encryption: AES256
x-amz-version-id: pCvO2RaXRfPysrOm9wpmYmW2HbKONfJo
x-cache: Hit from cloudfront

GET
H2 200 gn
secure-sdk.imrworldwide.com/cgi-bin/ Frame 4352 44 B
722 B 917ms
69ms Image
image/gif 52.208.102.42
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-sdk.imrworldwide.com/cgi-bin/gn?prd=session&c9=devid,&c13=asid,PE61ECF8B-8E10-4919-930F-697F3D3DBB98&sessionId=rvipxrbom2vawjzelwxkbvl9fzr2y1659588149&c16=sdkv,bj.6.0.0&uoo=&fp_id=46ia003qf30sz7yrqmzago0uwwzne1659588149&fp_cr_tm=1659588149894&fp_acc_tm=1659588149894&fp_emm_tm=1659588149894&ve_id=&c30=bldv,6.0.0.623&uid2=&uid2_token=&hem_sha256=&hem_sha1=&hem_md5=&hem_unknown=&sdd=&retry=0
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.208.102.42 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-208-102-42.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 5ecb58845a9ac30e4eb4b18eb0e7431ba1fb195ce035309735efaee67421c7a3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn-gl.imrworldwide.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 04 Aug 2022 04:42:30 GMT
server: nginx
access-control-allow-methods: POST, OPTIONS
p3p: P3P policyref="http://secure-sdk.imrworldwide.com/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
access-control-allow-origin: *
cache-control: no-cache
cross-origin-resource-policy: cross-origin
accept-ch: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
content-type: image/gif
content-length: 44
expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H2 200 /
rvipxrbom2vawjzelwxkbvl9fzr2y1659588149.nuid.imrworldwide.com/ Frame 4352 35 B
349 B 198ms
38ms Image
image/gif 2600:9000:21f3:ba00:1d:667e:2a40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rvipxrbom2vawjzelwxkbvl9fzr2y1659588149.nuid.imrworldwide.com/
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:ba00:1d:667e:2a40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn-gl.imrworldwide.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Thu, 04 Aug 2022 03:39:44 GMT
via: 1.1 2b2e2811e641703aebf776da39317b9c.cloudfront.net (CloudFront)
last-modified: Tue, 11 Sep 2018 17:05:20 GMT
server: AmazonS3
age: 3767
etag: "c2196de8ba412c60c22ab491af7b1409"
x-cache: Hit from cloudfront
content-type: image/gif
x-amz-cf-pop: FRA2-C2
accept-ranges: bytes
content-length: 35
x-amz-cf-id: lQJsxSLzpqx1KHzEJKj5Io-Get-P77_PgY9gxGjsVTHjswSfwfPRbg==

GET
H2 200 Serving Show response
bs.serving-sys.com/ 8 KB
3 KB 497ms
32ms Script
text/html 3.69.41.135
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bs.serving-sys.com/Serving?cn=ot&onetagid=6630&dispType=js&sync=0&sessionid=7938959660760440428&pageurl=$$https%3A%2F%2Fwww.heraldsun.com.au%2Fnews%2Fvictoria%2Fmelbourne-metro-project-rocked-by-bribery-racism-allegations$$&activityValues=$$Session%3D4771619778253399791$$&ns=0&rnd=8046801364938456&uinadv=%7B%7D
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/SemiCachedScripts/ebOneTag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.69.41.135 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-69-41-135.eu-central-1.compute.amazonaws.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 174c3522bd95b2d24d12efadbcf3e2bff57d6477b3edd53868c5a665ef5f187e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 04 Aug 2022 04:42:30 GMT
content-encoding: gzip
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
p3p: CP="NOI DEVa OUR BUS UNI"
access-control-allow-origin: *
cache-control: no-cache, no-store
content-type: text/html; charset=UTF-8
content-length: 2361
expires: Sun, 05-Jun-2005 22:00:00 GMT

POST
H2 204 bulk Show response
trc.taboola.com/newscorpau-aud-heraldsun/log/3/ 0
267 B 51ms
51ms XHR
image/gif 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.taboola.com/newscorpau-aud-heraldsun/log/3/bulk?route=AM%3AAM%3AV&lti=deflated&bulkSize=5
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20220803-10-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.heraldsun.com.au/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-vcl-time-ms: 10
pragma: no-cache
date: Thu, 04 Aug 2022 04:42:30 GMT
via: 1.1 varnish
server: nginx
x-timer: S1659588150.990161,VS0,VE10
x-served-by: cache-hhn4075-HHN
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://www.heraldsun.com.au
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
content-type: image/gif
x-cache-hits: 0

GET
H2 200 f539211219b796ffbb49949997c764f0.png
cdn.taboola.com/libtrc/static/thumbnails/ 254 B
710 B 31ms
31ms Image
image/png 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.taboola.com/libtrc/static/thumbnails/f539211219b796ffbb49949997c764f0.png
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f68019eb4b4e5933301d4ee75969e0cb94ed8333bf514630fa749eb9c3e483c9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-version-id: hL.cyLD7Q4TL5ceY.7JQwF9m5IYI8mkC
via: 1.1 varnish
etag: "dfa7b52c86e56bd67fa4002f6ed19854"
age: 19478
x-cache: HIT
x-amz-replication-status: COMPLETED
content-length: 254
x-amz-id-2: yeuhtSaIHTRzn5Sb/BhoRbmorY6jlIGKTN3jBjNJ2gjscig6jQv3GZOmCUvDSqzUCzHWH69H00k=
x-served-by: cache-hhn4075-HHN
last-modified: Wed, 24 Jun 2015 07:14:11 GMT
server: AmazonS3
x-amz-meta-s3cmd-attrs: uid:0/gname:root/uname:root/gid:0/mode:33188/mtime:1377415166/atime:1435052450/md5:dfa7b52c86e56bd67fa4002f6ed19854/ctime:1422381567
x-timer: S1659588150.059611,VS0,VE0
date: Thu, 04 Aug 2022 04:42:30 GMT
x-amz-request-id: DM4PBFJ9QH08DD7N
cache-control: private,max-age=31536000
accept-ranges: bytes
content-type: image/png
abp: 62
x-cache-hits: 706

GET
H/1.1 200
OK id Show response
dpm.demdex.net/ 5 KB
2 KB 100ms
62ms XHR
application/json 34.241.142.170
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id?d_visid_ver=5.1.1&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=5FE61C8B533204850A490D4D%40AdobeOrg&d_nsid=0&d_mid=38216589516615242142758659691708654641&d_blob=RKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y&d_cid_ic=newsnkidcookie%01bffdbacfe6649b0d1a2b0edf80c408cd%011&ts=1659588150070

Requested by

Host: tags.news.com.au
URL: https://tags.news.com.au/prod/metrics/metrics.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.241.142.170 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-241-142-170.eu-west-1.compute.amazonaws.com

Software

Resource Hash

a8452df7f1bf74896f911e8d417dc80ddc94b6f7a1c4879df5dfce62aabbd9b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.heraldsun.com.au/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

DCS: dcs-prod-irl1-2-v038-0b22e8b66.edge-irl1.demdex.com 2 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-TID: c742olOPQzc=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://www.heraldsun.com.au
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 1537
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 pub Show response
pixel.adsafeprotected.com/services/ 558 B
796 B 312ms
57ms XHR
application/json 54.75.58.172
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.adsafeprotected.com/services/pub?anId=10507&slot=%7Bid:ad-block-728x90-1,ss:%5B728.90,970.250,970.50,1000.100%5D,p:/5129/ndm.hwt/pagenotfound,t:display%7D&slot=%7Bid:ad-block-728x90-2,ss:%5B728.90%5D,p:/5129/ndm.hwt/pagenotfound,t:display%7D&slot=%7Bid:ad-block-1000x50-1,ss:%5B1000.50,728.1%5D,p:/5129/ndm.hwt/pagenotfound,t:display%7D&slot=%7Bid:ad-out-of-page,ss:%5B1.1%5D,p:/5129/ndm.hwt/pagenotfound,t:display%7D&wr=1600.1200&sr=1600.1200&sessionId=f4730643-ca1d-1133-692a-6f6b01332240&url=https%253A%252F%252Fwww.heraldsun.com.au%252Fnews%252Fvictoria%252Fmelbourne-metro-project-rocked-by-bribery-racism-allegations
Requested by: Host: cdn.adsafeprotected.com
URL: https://cdn.adsafeprotected.com/iasPET.1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.75.58.172 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-75-58-172.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 89484fc8b0afcf06b0098f663950ecb5dec67751911a44fa530b0c7ba09f1d37

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Thu, 04 Aug 2022 04:42:30 GMT
x-server-name: app09.ie.303net.net
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://www.heraldsun.com.au
access-control-expose-headers: X-Server-Name
access-control-allow-credentials: true
timing-allow-origin: *
server: nginx

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 94ms
94ms Image
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=pp_iris_failure&pvsid=1827373365776935&fnc=5129&vrg=2022080101&nw_id=5129&nslots=4&eid=31068740%2C31068366%2C42531608%2C44764002&pub_url=https%3A%2F%2Fwww.heraldsun.com.au%2Fnews%2Fvictoria%2Fmelbourne-metro-project-rocked-by-bribery-racism-allegations

Requested by

Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 04 Aug 2022 04:42:30 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 s53311839802258
metrics.heraldsun.com.au/b/ss/newscorpau-hsweb,newscorpau-global/1/JS-2.22.4/ 43 B
442 B 49ms
48ms Image
image/gif 15.188.95.229
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://metrics.heraldsun.com.au/b/ss/newscorpau-hsweb,newscorpau-global/1/JS-2.22.4/s53311839802258?AQB=1&ndh=1&pf=1&t=4%2F7%2F2022%204%3A42%3A30%204%200&cid.&newsnkidcookie.&id=bffdbacfe6649b0d1a2b0edf80c408cd&as=1&.newsnkidcookie&.cid&vid=bffdbacfe6649b0d1a2b0edf80c408cd&mid=38216589516615242142758659691708654641&aamlh=6&ce=UTF-8&ns=newscorpau&cdp=3&pageName=hs%7Cpage-not-found%7Cpage-not-found%7Cpage%20not%20found&g=https%3A%2F%2Fwww.heraldsun.com.au%2Fnews%2Fvictoria%2Fmelbourne-metro-project-rocked-by-bribery-racism-allegations&c.&getNewRepeat=3.0&getPreviousValue=3.0&.c&cc=AUD&ch=D%3Dv4&events=event1%2Cevent8%2Cevent17%3D4%2Cevent18%2Cevent63%3D78&aamb=RKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y&c1=D%3Dv1&v1=news%20corp%20au&h1=news%20corp%20au%7Cherald%20sun%7Cherald%20sun%20web%7Cpage-not-found&l1=hybrid%3A1%7Chybrid-leader-billboard%3A1%7Cleader%3A1%7Croadblock-px%3A1&c2=D%3Dv2&v2=herald%20sun&c3=D%3Dv3&v3=herald%20sun%20web&c4=D%3Dv4&v4=page-not-found&c9=D%3Dv9&v9=page-not-found&c10=D%3Dg&v10=D%3DpageName&c11=D%3Dv11&v11=D%3Dvid&c14=D%3Dv14&v14=anonymous&c22=D%3Dv22&v22=2%3A42%20PM%7CThursday&c24=D%3Dv24&v24=New&c30=First%20Visit&v34=D%3Dg&c45=landscape&c46=D%3Dv46&v46=not%20logged%20in&v52=1600x1200%7Cwindows%7C10&c53=D%3Dv53&v53=1.0%2Btheme_newscorpau_news_dna&c60=D%3Dv60&v60=78&c65=D%3Dv65&v65=false&c75=D%3Dv80&v76=chrome%20pdf%20plugin%3Bchrome%20pdf%20viewer%3Bnative%20client&v77=D%3Dmid&v78=de%7Che%7Cfrankfurt%7C50.12%7C8.68%7Cgmt%2B1%7Cunknown&v79=de&v80=bffdbacfe6649b0d1a2b0edf80c408cd-00000000000000000000000000000000-1659588149401-888627&v110=2022-08-04%2004%3A42%3A23&v111=0&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=5FE61C8B533204850A490D4D%40AdobeOrg&AQE=1

Requested by

Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.188.95.229 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-188-95-229.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Thu, 04 Aug 2022 04:42:30 GMT
x-content-type-options: nosniff
x-c: main-1661.I2f39db.M0-585
p3p: CP="This is not a P3P policy"
vary: *
content-length: 43
x-xss-protection: 1; mode=block
pragma: no-cache
last-modified: Fri, 05 Aug 2022 04:42:30 GMT
server: jag
xserver: anedge-69c8d8cc76-r6t54
etag: 3563938414950023168-4619766182012678721
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif;charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, no-store, max-age=0, no-transform, private
expires: Wed, 03 Aug 2022 04:42:30 GMT

GET
H/1.1

200
OK

ibs:dpid=358&dpuuid=2906528172550949699
dpm.demdex.net/ Frame 756D
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D358%26dpuuid%3D%24UID
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fdpm.demdex.net%252Fibs%253Adpid%253D358%2526dpuuid%253D%2524UID
https://dpm.demdex.net/ibs:dpid=358&dpuuid=2906528172550949699

42 B
942 B

50ms
49ms

Image
image/gif

34.241.142.170
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=358&dpuuid=2906528172550949699

Requested by

Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations

Protocol

HTTP/1.1

Server

34.241.142.170 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-241-142-170.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://newscorpau.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v038-0d9230d80.edge-irl1.demdex.com 2 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: N0iIrctDT5Q=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Pragma: no-cache
Date: Thu, 04 Aug 2022 04:42:30 GMT
X-Proxy-Origin: 185.213.155.176; 185.213.155.176; 958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: ead36006-1f0b-4f5d-9c7d-cc51b4e502da
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://dpm.demdex.net/ibs:dpid=358&dpuuid=2906528172550949699
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

ibs:dpid=470&dpuuid=3226917389351372034
dpm.demdex.net/ Frame 756D
Redirect Chain

https://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMjM2NTYzMjkvdC8y/url/https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D470%26dpuuid%3D%24!%7BTURN_UUID%7D
https://dpm.demdex.net/ibs:dpid=470&dpuuid=3226917389351372034

42 B
942 B

60ms
60ms

Image
image/gif

34.241.142.170
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=470&dpuuid=3226917389351372034

Requested by

Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations

Protocol

HTTP/1.1

Server

34.241.142.170 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-241-142-170.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://newscorpau.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v038-0e4eece0b.edge-irl1.demdex.com 2 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: FLJ16dc2Rb8=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

location: https://dpm.demdex.net/ibs:dpid=470&dpuuid=3226917389351372034
pragma: no-cache
date: Thu, 04 Aug 2022 04:42:29 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

GET
H2 200 hit.gif
au-script.dotmetrics.net/ 43 B
1 KB 785ms
784ms Image
image/gif 13.224.189.90
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://au-script.dotmetrics.net/hit.gif?id=13215&url=https%3A%2F%2Fwww.heraldsun.com.au%2Fnews%2Fvictoria%2Fmelbourne-metro-project-rocked-by-bribery-racism-allegations&dom=www.heraldsun.com.au&r=1659588150402&pvs=1&pvid=21714cdc-f594-417e-9217-c5efedc86f0a&c=true&tzOffset=0
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-90.fra2.r.cloudfront.net
Software: Kestrel /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Thu, 04 Aug 2022 04:42:31 GMT
dotmetrics-hit-status: 01 OK
server: Kestrel
x-amz-cf-pop: FRA2-C1
x-cache: Miss from cloudfront
p3p: policyref="https://au-script.dotmetrics.net/w3c/p3p.xml", CP="NOI DSP LAW CURa ADMa DEVa PSAa HISa OUR IND STA"
via: 1.1 c7f7b4cf7fd5efe64bac95586db3f62a.cloudfront.net (CloudFront)
cache-control: no-cache
content-type: image/gif
x-amz-cf-id: l6eW92lOrRYteUipDXDn-buZXmo8xyA1y5IBxZVgu_HRKKRvrnE_kg==

GET
H/1.1 204
No Content token
token.rubiconproject.com/ Frame 756D 0
214 B 233ms
35ms Image
text/plain 69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://token.rubiconproject.com/token?pid=6404&puid=38195624764858219322756263564516324651&gdpr=0&gdpr_consent=
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://newscorpau.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
X-RPHost: 704c1e4d3fcc922a3031d436b584678b
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1 200
OK up_loader.1.1.0.js Show response
js.adsrvr.org/ Frame A801 4 KB
2 KB 160ms
38ms Script
application/x-javascript 108.138.15.119
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.adsrvr.org/up_loader.1.1.0.js
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/SemiCachedScripts/ebOneTag.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.15.119 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-15-119.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ee3a7301fe1e0c0f6bf6acff0d7a8d107f5cb3f62a2566740c0416d8e61f00b9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Wed, 03 Aug 2022 07:27:01 GMT
Content-Encoding: gzip
Last-Modified: Thu, 24 Sep 2020 15:15:34 GMT
Server: AmazonS3
Age: 76530
ETag: W/"98d98b3499058b76d58073cf8ede2f10"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Content-Type: application/x-javascript
Via: 1.1 df327bd0c8709a81ade8602ac9ef16e0.cloudfront.net (CloudFront)
Connection: keep-alive
Transfer-Encoding: chunked
X-Amz-Cf-Pop: FRA56-P7
X-Amz-Cf-Id: sGNWiOcbW8TJss374HhUGuSDbwNT3gsh7x7UzZIE3MQ6sraIQ3P5jg==

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ Frame 8C2A 56 KB
15 KB 183ms
34ms Script
application/javascript 199.232.136.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations?nk=bffdbacfe6649b0d1a2b0edf80c408cd-1659588143
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.232.136.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: ae57d5e97bf1a0db8777b7531cd32cb09ee6f07bed183bb880469cc20f355086

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Thu, 04 Aug 2022 04:42:30 GMT
content-encoding: gzip
last-modified: Thu, 28 Jul 2022 21:38:45 GMT
etag: "ca88912498e17137955859948f14e272+gzip+gzip"
vary: Accept-Encoding,Host
x-tw-cdn: FT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache
x-cache: HIT, HIT
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
content-length: 15196
x-served-by: cache-iad-kcgs7200128-IAD, cache-hhn11581-HHN

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ Frame 8217 8 KB
3 KB 184ms
44ms Script
application/x-javascript 2a02:26f0:10e::6860:5bba
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations?nk=bffdbacfe6649b0d1a2b0edf80c408cd-1659588143
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10e::6860:5bba Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 14f2ec002b176e0dee403cb7dd4ef2274a1353080e1e3e4084678770f4c15b9c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Thu, 04 Aug 2022 04:42:30 GMT
content-encoding: gzip
last-modified: Wed, 13 Apr 2022 23:25:22 GMT
x-cdn: AKAM
vary: Accept-Encoding
content-type: application/x-javascript;charset=utf-8
cache-control: max-age=22711
accept-ranges: bytes
content-length: 3085

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ Frame 3135 114 KB
45 KB 222ms
77ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-707564276

Requested by

Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/SemiCachedScripts/ebOneTag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

5fd4c746f4fd80bfb21dc024cc3ef3ab6dd6c44c3e3f4f26365dffec4feadf1d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Thu, 04 Aug 2022 04:42:30 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 45580
x-xss-protection: 0
last-modified: Thu, 04 Aug 2022 03:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 04 Aug 2022 04:42:30 GMT

GET
H/1.1 200
OK up_loader.1.1.0.js Show response
js.adsrvr.org/ Frame 2D63 4 KB
2 KB 139ms
39ms Script
application/x-javascript 108.138.15.119
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.adsrvr.org/up_loader.1.1.0.js
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/SemiCachedScripts/ebOneTag.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.15.119 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-15-119.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ee3a7301fe1e0c0f6bf6acff0d7a8d107f5cb3f62a2566740c0416d8e61f00b9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Wed, 03 Aug 2022 07:27:01 GMT
Content-Encoding: gzip
Last-Modified: Thu, 24 Sep 2020 15:15:34 GMT
Server: AmazonS3
Age: 76530
ETag: W/"98d98b3499058b76d58073cf8ede2f10"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Content-Type: application/x-javascript
Via: 1.1 26f61e70ac4b967ea82841cbd2dc7cf0.cloudfront.net (CloudFront)
Connection: keep-alive
Transfer-Encoding: chunked
X-Amz-Cf-Pop: FRA56-P7
X-Amz-Cf-Id: 40XcXloJ-5PPgHM8pnrL9NkNN06V1Xqmia-8GFKS4mkPqxFL1lxIFg==

GET
H/1.1 200
OK pixie.js Show response
acdn.adnxs.com/dmp/up/ Frame D5D7 9 KB
4 KB 206ms
35ms Script
application/javascript 151.101.65.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/up/pixie.js
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations?nk=bffdbacfe6649b0d1a2b0edf80c408cd-1659588143
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.65.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: f033d6a9b4acc24957ac5ca92d278b9aca16ec1b264658ae3267b1efa6ef4a5e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Thu, 04 Aug 2022 04:42:30 GMT
Content-Encoding: gzip
Age: 81985
X-Cache: HIT, HIT
Connection: keep-alive
Content-Length: 3340
X-Served-By: cache-lga21977-LGA, cache-hhn4045-HHN
Access-Control-Allow-Origin: *
Last-Modified: Wed, 02 Jun 2021 15:04:00 GMT
Server: nginx/1.18.0 (Ubuntu)
X-Timer: S1659588151.680164,VS0,VE0
ETag: W/"60b79de0-23b3"
Vary: Accept-Encoding
Content-Type: application/javascript
Via: 1.1 varnish, 1.1 varnish
Expires: Fri, 01 Oct 2021 05:45:37 GMT
Cache-Control: max-age=86402
Accept-Ranges: bytes
X-Cache-Hits: 1, 17698

GET
H3

200

activityi;dc_pre=CPLSxNGvrPkCFUYFBgAdOdAIBA;src=8228261;type=invmedia;cat=newsc00a;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=2804981174236.03 Show response
8228261.fls.doubleclick.net/ Frame 831E
Redirect Chain

https://8228261.fls.doubleclick.net/activityi;src=8228261;type=invmedia;cat=newsc00a;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=2804981174236.03?
https://8228261.fls.doubleclick.net/activityi;dc_pre=CPLSxNGvrPkCFUYFBgAdOdAIBA;src=8228261;type=invmedia;cat=newsc00a;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=280498117423...

401 B
354 B

219ms
93ms

Document
text/html

142.250.186.70
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8228261.fls.doubleclick.net/activityi;dc_pre=CPLSxNGvrPkCFUYFBgAdOdAIBA;src=8228261;type=invmedia;cat=newsc00a;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=2804981174236.03?

Requested by

Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations?nk=bffdbacfe6649b0d1a2b0edf80c408cd-1659588143

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f6.1e100.net

Software

cafe /

Resource Hash

de547d79f7e3ec74bb51be6e2724ffb858f2dbfeda483a326e813746f52ea5c5

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.heraldsun.com.au/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=0
content-encoding: gzip
content-length: 329
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 04 Aug 2022 04:42:30 GMT
expires: Thu, 04 Aug 2022 04:42:30 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 04 Aug 2022 04:42:30 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://8228261.fls.doubleclick.net/activityi;dc_pre=CPLSxNGvrPkCFUYFBgAdOdAIBA;src=8228261;type=invmedia;cat=newsc00a;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=2804981174236.03?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 conversion.js Show response
www.googleadservices.com/pagead/ Frame 2D64 44 KB
17 KB 252ms
79ms Script
text/javascript 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion.js

Requested by

Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/SemiCachedScripts/ebOneTag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

169654a2040e9f83c46d4cd65600c3dc9db6db042904c22cc97645fb4323c362

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Thu, 04 Aug 2022 04:42:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17001
x-xss-protection: 0
server: cafe
etag: 6464440653375776403
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 04 Aug 2022 04:42:30 GMT

GET
H2 200 activity
au-gmtdmp.mookie1.com/t/v2/ Frame 84A3 43 B
641 B 577ms
334ms Image
image/gif 35.227.202.26
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://au-gmtdmp.mookie1.com/t/v2/activity?tagid=V2_296557&src.rand=[timestamp]
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.202.26 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 26.202.227.35.bc.googleusercontent.com
Software: Apache /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 04 Aug 2022 04:42:30 GMT
via: 1.1 google
server: Apache
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif;charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK px
secure.adnxs.com/ Frame B309 43 B
965 B 131ms
44ms Image
image/gif 185.89.210.212
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.adnxs.com/px?id=879166&seg=9702347&t=2

Requested by

Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.212 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

942.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 04 Aug 2022 04:42:30 GMT
X-Proxy-Origin: 185.213.155.176; 185.213.155.176; 942.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: 7c03e6f9-9f3e-4b8a-930c-94e3b1ab700c
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK px
secure.adnxs.com/ 0
949 B 132ms
45ms Image
application/javascript 185.89.210.212
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.adnxs.com/px?id=1049974&seg=15374424&t=1

Requested by

Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.212 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

942.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 04 Aug 2022 04:42:30 GMT
X-Proxy-Origin: 185.213.155.176; 185.213.155.176; 942.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: cf8450f8-ee6c-444d-b471-d5b1d4211481
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: application/javascript; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 script.js Show response
au-script.dotmetrics.net/Scripts/ 79 KB
33 KB 784ms
784ms Script
application/javascript 13.224.189.90
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://au-script.dotmetrics.net/Scripts/script.js?v=209
Requested by: Host: au-script.dotmetrics.net
URL: https://au-script.dotmetrics.net/door.js?id=13215
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-90.fra2.r.cloudfront.net
Software: Kestrel /
Resource Hash: 25ade80d6b8698b6496174a8c95645b0052ba97c67a7634f043096df1a3dabf6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Thu, 04 Aug 2022 04:42:31 GMT
content-encoding: br
last-modified: Thu, 28 Jul 2022 13:00:07 GMT
server: Kestrel
x-amz-cf-pop: FRA2-C1
etag: "1d8a281f60c9f59"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/javascript
via: 1.1 c7f7b4cf7fd5efe64bac95586db3f62a.cloudfront.net (CloudFront)
accept-ranges: bytes
x-amz-cf-id: 3KiCphRntUjWjYchwL7-DS0oycvOIRL3Rp1N-q7NQqrUCTV2oO2VsQ==

GET
H/1.1

200
OK

ibs:dpid=771&dpuuid=CAESEN1tfZrK_eyR6aHap1MyU-U&google_cver=1
dpm.demdex.net/ Frame 756D
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm&gdpr=0&gdpr_consent=&google_hm=MzgxOTU2MjQ3NjQ4NTgyMTkzMjI3NTYyNjM1NjQ1MTYzMjQ2NTE=
https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEN1tfZrK_eyR6aHap1MyU-U&google_cver=1?gdpr=0&gdpr_consent=

42 B
942 B

73ms
72ms

Image
image/gif

34.241.142.170
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEN1tfZrK_eyR6aHap1MyU-U&google_cver=1?gdpr=0&gdpr_consent=

Requested by

Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations

Protocol

HTTP/1.1

Server

34.241.142.170 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-241-142-170.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://newscorpau.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v038-0c1b2a0e8.edge-irl1.demdex.com 2 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: wXE8JDG9S+E=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

pragma: no-cache
date: Thu, 04 Aug 2022 04:42:30 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEN1tfZrK_eyR6aHap1MyU-U&google_cver=1?gdpr=0&gdpr_consent=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 314
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 404 boris-becker--arm-in-arm-mit-lilian-de-carvalho-mo-img-1001016-image-0-jpg.jpg
blob.freent.de/image/8408228/460x307/460/307/b0/8838eea2c34435c282a80271250364d8/ft/ 0
0 220ms
48ms Image
text/html 194.97.45.96
FREENETDE freenet...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blob.freent.de/image/8408228/460x307/460/307/b0/8838eea2c34435c282a80271250364d8/ft/boris-becker--arm-in-arm-mit-lilian-de-carvalho-mo-img-1001016-image-0-jpg.jpg
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 194.97.45.96 , Germany, ASN5430 (FREENETDE freenet Datenkommunikations GmbH, DE),
Reverse DNS: picco.freent.de
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

GET
H2 200 generic
match.adsrvr.org/track/cmf/ Frame 756D 70 B
264 B 61ms
61ms Image
image/gif 3.33.220.150
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=aam&gdpr=0&gdpr_consent=&ttd_tpi=1
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.33.220.150 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://newscorpau.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 04 Aug 2022 04:42:30 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

POST
H/1.1 200
OK tme
lm.serving-sys.com/lm/ 0
186 B 597ms
46ms Ping
text/plain 3.74.119.102
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://lm.serving-sys.com/lm/tme
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/SemiCachedScripts/ebOneTag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.74.119.102 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-74-119-102.eu-central-1.compute.amazonaws.com
Software: LogModule 0.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.heraldsun.com.au/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://www.heraldsun.com.au
Access-Control-Allow-Credentials: true
Server: LogModule 0.4
Content-Length: 0
Content-Type: text/plain

GET
H2 200 adsct
t.co/i/ Frame 8C2A 43 B
337 B 380ms
137ms Image
image/gif 104.244.42.197
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?bci=3&eci=2&event_id=2d23081e-861a-48f8-81a1-2d66399955fb&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&p_id=Twitter&p_user_id=0&pl_id=22abcc86-e267-4eed-bccd-db054801f801&tw_document_href=https%3A%2F%2Fwww.heraldsun.com.au%2Fnews%2Fvictoria%2Fmelbourne-metro-project-rocked-by-bribery-racism-allegations&tw_document_referrer=https%3A%2F%2Fwww.heraldsun.com.au%2F&tw_iframe_status=1&tw_order_quantity=0&tw_sale_amount=0&txn_id=o3flk&type=javascript&version=2.4.15

Requested by

Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.197 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-response-time: 105
date: Thu, 04 Aug 2022 04:42:30 GMT
server: tsa_o
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0
x-connection-hash: 7b7cfbe562d322ce7c78100aa9143305a42d8d9d7efa9ebaf14bafff18c147f4
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/i/ Frame 8C2A 43 B
355 B 514ms
157ms Image
image/gif 104.244.42.67
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=2d23081e-861a-48f8-81a1-2d66399955fb&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&p_id=Twitter&p_user_id=0&pl_id=22abcc86-e267-4eed-bccd-db054801f801&tw_document_href=https%3A%2F%2Fwww.heraldsun.com.au%2Fnews%2Fvictoria%2Fmelbourne-metro-project-rocked-by-bribery-racism-allegations&tw_document_referrer=https%3A%2F%2Fwww.heraldsun.com.au%2F&tw_iframe_status=1&tw_order_quantity=0&tw_sale_amount=0&txn_id=o3flk&type=javascript&version=2.4.15

Requested by

Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.67 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-response-time: 116
date: Thu, 04 Aug 2022 04:42:30 GMT
server: tsa_o
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0
x-connection-hash: 7aa12def5983cca4cf82728f59288060b0753b4ccb0a047d9e6c1b34a9649e9d
content-length: 43

GET
H2

200

collect
px4.ads.linkedin.com/ Frame 8217
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1765380&time=1659588150683&url=https%3A%2F%2Fwww.heraldsun.com.au%2F
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D1765380%26time%3D1659588150683%26url%3Dhttps%253A%252F%252Fwww.heraldsun.com.au%2...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1765380&time=1659588150683&url=https%3A%2F%2Fwww.heraldsun.com.au%2F&liSync=true
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=1765380&time=1659588150683&url=https%3A%2F%2Fwww.heraldsun.com.au%2F&liSync=true&e_ipv6=AQK-XWl6ay-6JgAAAYJnKYhp_cOev-KontbaIf5I-qVK_p3C6zsXZFUwW...

0
265 B

456ms
210ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=1765380&time=1659588150683&url=https%3A%2F%2Fwww.heraldsun.com.au%2F&liSync=true&e_ipv6=AQK-XWl6ay-6JgAAAYJnKYhp_cOev-KontbaIf5I-qVK_p3C6zsXZFUwWqCI-BxsQ5dXv2SP
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Thu, 04 Aug 2022 04:42:31 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: FF4A59EDBCF5400A86A21466D3F93191 Ref B: FRAEDGE1318 Ref C: 2022-08-04T04:42:31Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXlYvpDyjUpQiGQpkYAyg==
x-li-fabric: prod-lor1

Redirect headers

date: Thu, 04 Aug 2022 04:42:30 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 87C6864FD8154F36B22326273C20CC51 Ref B: FRAEDGE1314 Ref C: 2022-08-04T04:42:31Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=1765380&time=1659588150683&url=https%3A%2F%2Fwww.heraldsun.com.au%2F&liSync=true&e_ipv6=AQK-XWl6ay-6JgAAAYJnKYhp_cOev-KontbaIf5I-qVK_p3C6zsXZFUwWqCI-BxsQ5dXv2SP
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXlYvo8eIpDBI1HZObHQw==

GET
H/1.1 200
OK pixie
ib.adnxs.com/ Frame D5D7 42 B
351 B 40ms
39ms Image
image/gif 185.89.210.180
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ib.adnxs.com/pixie?e=PageView&pi=4332873b-84ca-4d4d-a575-ee974bcdf99a&it=1659588150715&v=0.0.20&u=https%3A%2F%2Fwww.heraldsun.com.au%2Fnews%2Fvictoria%2Fmelbourne-metro-project-rocked-by-bribery-racism-allegations&r=https%3A%2F%2Fwww.heraldsun.com.au%2F&st=1659588150715&et=1659588150716&if=1
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 185.89.210.180 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS: 958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software: nginx/1.21.3 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Thu, 04 Aug 2022 04:42:30 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx/1.21.3
Connection: keep-alive
X-Proxy-Origin: 185.213.155.176; 185.213.155.176; 958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 42
Content-Type: image/gif

GET
H2 500 usersync.html
image5.pubmatic.com/AdServer/usersync/ Frame 756D 0
0 412ms
96ms Image
text/html 23.47.208.212
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image5.pubmatic.com/AdServer/usersync/usersync.html?predirect=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid=19566%26dpuuid=PM_UID&userIdMacro=PM_UID
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.47.208.212 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-47-208-212.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://newscorpau.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/859754747/ Frame 2D64 2 KB
2 KB 228ms
72ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/859754747/?random=1659588150801&cv=9&fst=1659588150801&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=375603261&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=1&url=https%3A%2F%2Fwww.heraldsun.com.au%2Fnews%2Fvictoria%2Fmelbourne-metro-project-rocked-by-bribery-racism-allegations&ref=https%3A%2F%2Fwww.heraldsun.com.au%2F&hn=www.googleadservices.com&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

373ad0d2b5026fe99339d51c2e34f09afcd722c2fbf60e2483431bbfecf5bcb3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 04 Aug 2022 04:42:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1042
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 conversion_async.js Show response
www.googleadservices.com/pagead/ Frame 3135 40 KB
15 KB 199ms
67ms Script
text/javascript 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-707564276

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

b3b810fd46e7aad5b789896519011ab5366b39dbb19a5663c53525f756e89bfb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Thu, 04 Aug 2022 04:42:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15160
x-xss-protection: 0
server: cafe
etag: 9823212955285023900
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 04 Aug 2022 04:42:30 GMT

GET
H/1.1

200
OK

ibs:dpid=23728&dpuuid=YutON8CD-nY67Jb5xHBnFAAA%261182
dpm.demdex.net/ Frame 756D
Redirect Chain

https://ssum.casalemedia.com/usermatchredir?s=183607&cb=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D23728%26dpuuid%3D__UID__
https://r.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D23728%26dpuuid%3D__UID__&s=183607&C=1
https://dpm.demdex.net/ibs:dpid=23728&dpuuid=YutON8CD-nY67Jb5xHBnFAAA%261182

42 B
942 B

70ms
70ms

Image
image/gif

34.241.142.170
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=23728&dpuuid=YutON8CD-nY67Jb5xHBnFAAA%261182

Requested by

Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations

Protocol

HTTP/1.1

Server

34.241.142.170 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-241-142-170.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://newscorpau.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v038-019009321.edge-irl1.demdex.com 2 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: LJ7f7c4XTNs=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

cf-ray: 7354a0799a9f9969-FRA
pragma: no-cache
date: Thu, 04 Aug 2022 04:42:31 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NjOHtHYh4TQKsw89jPGbUJXM7z5jg3KMrnK6Xl0iVbaKuTol32%2B8dPlNzUQzAC6KaMeAfOPUsjm385zw445CU6YWADiqH8DTuEBYNErlIM5V4jyZAaIshry7s1IncKX5Krl3"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: https://dpm.demdex.net/ibs:dpid=23728&dpuuid=YutON8CD-nY67Jb5xHBnFAAA%261182
cache-control: no-cache
content-type: text/html; charset=iso-8859-1
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: 0

GET
H2 200 dc_pre=CPLSxNGvrPkCFUYFBgAdOdAIBA;src=8228261;type=invmedia;cat=newsc00a;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=2804981174236.03
adservice.google.com/ddm/fls/z/ Frame 831E 42 B
494 B 250ms
112ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CPLSxNGvrPkCFUYFBgAdOdAIBA;src=8228261;type=invmedia;cat=newsc00a;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=2804981174236.03

Requested by

Host: 8228261.fls.doubleclick.net
URL: https://8228261.fls.doubleclick.net/activityi;dc_pre=CPLSxNGvrPkCFUYFBgAdOdAIBA;src=8228261;type=invmedia;cat=newsc00a;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=2804981174236.03?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8228261.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 04 Aug 2022 04:42:31 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cds-pips.js Show response
cdn.taboola.com/scripts/ 2 KB
1 KB 32ms
31ms Script
application/javascript 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/scripts/cds-pips.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20220803-10-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 70efe208587aa0220cbd71b13870394c06f90930540cbdfb677b1af997023bac

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-version-id: Q93sCEWoqxiO0LdTLulEOAOmIgRcHF1L
content-encoding: gzip
etag: "8cbcf8a5c724c32aa9be09d14a4c624d"
age: 1869
x-cache: HIT
x-amz-replication-status: COMPLETED
content-length: 923
x-amz-id-2: eBvA3Cn7Vmi0RQPvR7kaz9zs14aMYgzx2uA7jWWQOie8bh08mSXjXMH6nljkG1Q4xYusyg4kNp0=
x-served-by: cache-hhn4075-HHN
last-modified: Tue, 05 Apr 2022 10:34:30 GMT
server: AmazonS3
x-timer: S1659588151.949539,VS0,VE0
date: Thu, 04 Aug 2022 04:42:30 GMT
vary: Accept-Encoding
x-amz-request-id: 81KT1GAWAE081RQZ
via: 1.1 varnish
cache-control: private, max-age=3600
accept-ranges: bytes
content-type: application/javascript
abp: 62
x-cache-hits: 1268

GET
H/1.1

200
OK

ibs:dpid=30432&dpuuid=CI-72194b64a7bfc4df8867066ee0dc0387
dpm.demdex.net/ Frame 756D
Redirect Chain

https://dt.scanscout.com/ssframework/uid?UIAA=38195624764858219322756263564516324651&url=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D30432%26dpuuid%3D%5BUSER_ID%5D
https://dpm.demdex.net/ibs:dpid=30432&dpuuid=CI-72194b64a7bfc4df8867066ee0dc0387

42 B
942 B

69ms
68ms

Image
image/gif

34.241.142.170
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=30432&dpuuid=CI-72194b64a7bfc4df8867066ee0dc0387

Requested by

Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations

Protocol

HTTP/1.1

Server

34.241.142.170 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-241-142-170.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://newscorpau.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v038-09331a469.edge-irl1.demdex.com 2 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: CRXHnVNtQMs=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location: https://dpm.demdex.net/ibs:dpid=30432&dpuuid=CI-72194b64a7bfc4df8867066ee0dc0387
Date: Thu, 04 Aug 2022 04:42:31 GMT
useSecure: true
Server: openresty/1.19.9.1
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H2 200 / Show response
pips.taboola.com/ 64 B
244 B 132ms
46ms XHR
text/plain 2a04:4e42:200::300
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://pips.taboola.com/
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/scripts/cds-pips.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:200::300 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: 5b0143573d10639a93b9448b1ebfe1379a49e885accd47b37b3cdd14db2e468b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Thu, 04 Aug 2022 04:42:31 GMT
via: 1.1 varnish
server: Varnish
x-served-by: cache-hhn4043-HHN
access-control-allow-methods: GET
access-control-allow-origin: https://www.heraldsun.com.au
cache-control: no-store
x-cache: HIT
accept-ranges: bytes
content-length: 64
retry-after: 0
x-cache-hits: 0

GET
H2 200 /
www.google.com/pagead/1p-user-list/859754747/ Frame 2D64 42 B
548 B 250ms
88ms Image
image/gif 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/859754747/?random=1659588150801&cv=9&fst=1659585600000&num=1&guid=ON&eid=375603261&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=1&url=https%3A%2F%2Fwww.heraldsun.com.au%2Fnews%2Fvictoria%2Fmelbourne-metro-project-rocked-by-bribery-racism-allegations&ref=https%3A%2F%2Fwww.heraldsun.com.au%2F&fmt=3&is_vtc=1&random=3619053837&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 04 Aug 2022 04:42:31 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/859754747/ Frame 2D64 42 B
548 B 251ms
89ms Image
image/gif 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/859754747/?random=1659588150801&cv=9&fst=1659585600000&num=1&guid=ON&eid=375603261&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=1&url=https%3A%2F%2Fwww.heraldsun.com.au%2Fnews%2Fvictoria%2Fmelbourne-metro-project-rocked-by-bribery-racism-allegations&ref=https%3A%2F%2Fwww.heraldsun.com.au%2F&fmt=3&is_vtc=1&random=3619053837&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 04 Aug 2022 04:42:31 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 204
No Content match
ps.eyeota.net/ Frame 756D 0
83 B 226ms
46ms Image
text/plain 3.122.214.165
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ps.eyeota.net/match?bid=6j5b2cv&uid=38195624764858219322756263564516324651&r=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D30064%26dpuuid%3D%7BUUID_6j5b2cv%7D
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 3.122.214.165 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-122-214-165.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://newscorpau.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Thu, 04 Aug 2022 04:42:31 GMT
Content-Length: 0

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/707564276/ Frame 3135 2 KB
1 KB 243ms
86ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/707564276/?random=1659588151057&cv=9&fst=1659588151057&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa811&sendb=1&ig=1&data=event%3Dgtag.config&frm=1&url=https%3A%2F%2Fwww.heraldsun.com.au%2Fnews%2Fvictoria%2Fmelbourne-metro-project-rocked-by-bribery-racism-allegations&ref=https%3A%2F%2Fwww.heraldsun.com.au%2F&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

07a502da5b74caf9aebf20741d982219c7ea98cfc84d58b90e9c3ef6bf34cc24

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 04 Aug 2022 04:42:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1074
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 / Show response
cds.taboola.com/ 0
82 B 406ms
119ms XHR
text/plain 141.226.224.32
TABOOLA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cds.taboola.com/?uid=1f2182cc-3e7a-4d6d-a5b4-5276ab2411d7-tuct9e4d3b4&uad=c6670ba74f4332547bf31bf9937a31573a81a16e7f1ccc10b8d7c86ff5ce6e2f
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/scripts/cds-pips.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.224.32 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 04 Aug 2022 04:42:31 GMT
cache-control: no-store
server: nginx

GET
H2

204

usermatch.gif
beacon.krxd.net/ Frame 756D
Redirect Chain

https://usermatch.krxd.net/um/v2?partner=adobe&id=38195624764858219322756263564516324651
https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=adobe&id=38195624764858219322756263564516324651

0
338 B

259ms
47ms

Image
text/plain

34.249.133.154
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=adobe&id=38195624764858219322756263564516324651
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations
Protocol: H2
Server: 34.249.133.154 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-249-133-154.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://newscorpau.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Thu, 04 Aug 2022 04:42:31 GMT
cache-control: private, no-cache, no-store
x-request-time: D=33 t=1659588151
x-served-by: beacon-n010-dub-prod.krxd.net
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location: https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=adobe&id=38195624764858219322756263564516324651
date: Thu, 04 Aug 2022 04:42:31 GMT
x-cache-hits: 0
x-age: 0
content-length: 0
x-cache: MISS
x-served-by: usermatch-a001-ash-prod.krxd.net

GET
H/1.1

200
OK

ibs:dpid=134096&dpuuid=$_BK_UUID
dpm.demdex.net/ Frame 756D
Redirect Chain

https://tags.bluekai.com/site/43981?id=38195624764858219322756263564516324651&redir=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D134096%26dpuuid%3D%24_BK_UUID
https://dpm.demdex.net/ibs:dpid=134096&dpuuid=$_BK_UUID

42 B
960 B

52ms
52ms

Image
image/gif

34.241.142.170
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=134096&dpuuid=$_BK_UUID

Requested by

Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations

Protocol

HTTP/1.1

Server

34.241.142.170 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-241-142-170.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://newscorpau.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v038-0c296aa05.edge-irl1.demdex.com 0 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-Error: 104,303
X-TID: W1idrxT0RUk=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

location: https://dpm.demdex.net/ibs:dpid=134096&dpuuid=$_BK_UUID
date: Thu, 04 Aug 2022 04:42:31 GMT
content-length: 0
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"

GET
H3 200 /
www.google.com/pagead/1p-user-list/707564276/ Frame 3135 42 B
64 B 240ms
92ms Image
image/gif 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/707564276/?random=1659588151057&cv=9&fst=1659585600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa811&sendb=1&data=event%3Dgtag.config&frm=1&url=https%3A%2F%2Fwww.heraldsun.com.au%2Fnews%2Fvictoria%2Fmelbourne-metro-project-rocked-by-bribery-racism-allegations&ref=https%3A%2F%2Fwww.heraldsun.com.au%2F&async=1&fmt=3&is_vtc=1&random=2719049552&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 04 Aug 2022 04:42:31 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/707564276/ Frame 3135 42 B
64 B 238ms
91ms Image
image/gif 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/707564276/?random=1659588151057&cv=9&fst=1659585600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa811&sendb=1&data=event%3Dgtag.config&frm=1&url=https%3A%2F%2Fwww.heraldsun.com.au%2Fnews%2Fvictoria%2Fmelbourne-metro-project-rocked-by-bribery-racism-allegations&ref=https%3A%2F%2Fwww.heraldsun.com.au%2F&async=1&fmt=3&is_vtc=1&random=2719049552&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 04 Aug 2022 04:42:31 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 756D
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_push%26google_sc%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_push&google_sc&google_hm=WXV0T05nQUFBR3dGOWdPVg==

170 B
188 B

189ms
74ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_push&google_sc&google_hm=WXV0T05nQUFBR3dGOWdPVg==

Requested by

Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://newscorpau.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 04 Aug 2022 04:42:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 04 Aug 2022 04:42:31 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1659588152.639488,VS0,VE0
x-served-by: cache-hhn4075-HHN
x-cache: HIT
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_push&google_sc&google_hm=WXV0T05nQUFBR3dGOWdPVg==
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/ Frame 756D
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D7941%26nid%3D2243%26put%3D%24%7BUSER_ID%7D%26expires%3D90
https://pixel.rubiconproject.com/tap.php?v=7941&nid=2243&put=YutONgAAAGwF9gOV&expires=90

0
239 B

130ms
39ms

Image
image/gif

69.173.144.165
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=7941&nid=2243&put=YutONgAAAGwF9gOV&expires=90
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations
Protocol: HTTP/1.1
Server: 69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://newscorpau.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 4cdacfaa68e4ab216fffbcc107c5b898
Content-Type: image/gif

Redirect headers

pragma: no-cache
date: Thu, 04 Aug 2022 04:42:31 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1659588152.639632,VS0,VE0
x-served-by: cache-hhn4075-HHN
x-cache: HIT
location: https://pixel.rubiconproject.com/tap.php?v=7941&nid=2243&put=YutONgAAAGwF9gOV&expires=90
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H2 200 up Show response
insight.adsrvr.org/track/ Frame D1B8 0
181 B 160ms
90ms Document
text/html 3.33.220.150
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://insight.adsrvr.org/track/up?adv=12uiapu&ref=https%3A%2F%2Fwww.heraldsun.com.au%2Fnews%2Fvictoria%2Fmelbourne-metro-project-rocked-by-bribery-racism-allegations&upid=trk7f24&upv=1.1.0
Requested by: Host: js.adsrvr.org
URL: https://js.adsrvr.org/up_loader.1.1.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.33.220.150 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.heraldsun.com.au/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private,no-cache, must-revalidate
content-type: text/html
date: Thu, 04 Aug 2022 04:42:31 GMT
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pragma: no-cache
x-aspnet-version: 4.0.30319

GET
H2 200 up Show response
insight.adsrvr.org/track/ Frame 6C41 0
181 B 138ms
89ms Document
text/html 3.33.220.150
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://insight.adsrvr.org/track/up?adv=vrges6n&ref=https%3A%2F%2Fwww.heraldsun.com.au%2Fnews%2Fvictoria%2Fmelbourne-metro-project-rocked-by-bribery-racism-allegations&upid=ekg5qxt&upv=1.1.0
Requested by: Host: js.adsrvr.org
URL: https://js.adsrvr.org/up_loader.1.1.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.33.220.150 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.heraldsun.com.au/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private,no-cache, must-revalidate
content-type: text/html
date: Thu, 04 Aug 2022 04:42:31 GMT
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pragma: no-cache
x-aspnet-version: 4.0.30319

GET
H2

200

rum
dsum-sec.casalemedia.com/ Frame 756D
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=YutONgAAAGwF9gOV

43 B
1009 B

213ms
61ms

Image
image/gif

104.18.18.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=YutONgAAAGwF9gOV
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations
Protocol: H2
Server: 104.18.18.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://newscorpau.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

cf-ray: 7354a07ce93abba7-FRA
pragma: no-cache
date: Thu, 04 Aug 2022 04:42:31 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Is-Traffic-Usersync, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1EQrInYzIGWsc1ygAi5bwnBrkUTUQmMEP2FwFBfvdDmqlP%2BgrWqubfwzwYKnd11WO06Y1JNxxxZ950i6HDm%2B2qqmLXXCNGwiLiVlH0ZkGXG9Gl3HIVjKZ8pkPUGzb9pZhJbxADCOCaKyhQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control: no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 04 Aug 2022 04:42:31 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1659588152.639615,VS0,VE0
x-served-by: cache-hhn4075-HHN
x-cache: HIT
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=YutONgAAAGwF9gOV
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 756D
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/UH6TUt9n?redir=https%3A%2F%2Fib.adnxs.com%2Fsetuid%3Fentity%3D158%26code%3D%24%7BTM_USER_ID%7D
https://ib.adnxs.com/setuid?entity=158&code=YutONgAAAGwF9gOV

43 B
1 KB

34ms
33ms

Image
image/gif

185.89.210.180
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=158&code=YutONgAAAGwF9gOV

Requested by

Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations

Protocol

HTTP/1.1

Server

185.89.210.180 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://newscorpau.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 04 Aug 2022 04:42:31 GMT
X-Proxy-Origin: 185.213.155.176; 185.213.155.176; 958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: 28c41d53-ab7c-4e98-b8fc-998f363a64e6
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 04 Aug 2022 04:42:31 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1659588152.661602,VS0,VE0
x-served-by: cache-hhn4075-HHN
x-cache: HIT
location: https://ib.adnxs.com/setuid?entity=158&code=YutONgAAAGwF9gOV
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H2 200 SiteEvent.dotmetrics Show response
au-script.dotmetrics.net/ 399 B
1 KB 788ms
788ms Script
application/javascript 13.224.189.90
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://au-script.dotmetrics.net/SiteEvent.dotmetrics?v=eyJpZCI6MTMyMTUsImZsIjp0cnVlLCJkb20iOiJ3d3cuaGVyYWxkc3VuLmNvbS5hdSIsImxzbyI6bnVsbCwidXJsIjoiaHR0cHM6Ly93d3cuaGVyYWxkc3VuLmNvbS5hdS9uZXdzL3ZpY3RvcmlhL21lbGJvdXJuZS1tZXRyby1wcm9qZWN0LXJvY2tlZC1ieS1icmliZXJ5LXJhY2lzbS1hbGxlZ2F0aW9ucyIsInJ1cmwiOiIiLCJwdmlkIjoiMjE3MTRjZGMtZjU5NC00MTdlLTkyMTctYzVlZmVkYzg2ZjBhIiwidHpPZmZzZXQiOjAsIm9zcyI6dHJ1ZSwib3NlcyI6dHJ1ZX0%3D&r=1659588151701
Requested by: Host: au-script.dotmetrics.net
URL: https://au-script.dotmetrics.net/Scripts/script.js?v=209
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-90.fra2.r.cloudfront.net
Software: Kestrel /
Resource Hash: 741781b3c52b63e16e1b25a4efbafefca756a88728d62eec705fefe9e37f7751

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Thu, 04 Aug 2022 04:42:32 GMT
content-encoding: br
server: Kestrel
x-amz-cf-pop: FRA2-C1
vary: Accept-Encoding
x-cache: Miss from cloudfront
p3p: policyref="https://au-script.dotmetrics.net/w3c/p3p.xml", CP="NOI DSP LAW CURa ADMa DEVa PSAa HISa OUR IND STA"
via: 1.1 c7f7b4cf7fd5efe64bac95586db3f62a.cloudfront.net (CloudFront)
cache-control: no-cache
content-type: application/javascript
x-amz-cf-id: Q8EQoogo7cfdDMrwSD07EpIuJww2QVny5I_x5CaSqtHL-NMYwJ1HJQ==

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 756D
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/ny75r2x0?redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537148856%26val%3D%24%7BTM_USER_ID%7D
https://us-u.openx.net/w/1.0/sd?id=537148856&val=YutONgAAAGwF9gOV

43 B
273 B

225ms
66ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537148856&val=YutONgAAAGwF9gOV
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations
Protocol: H2
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://newscorpau.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 04 Aug 2022 04:42:31 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 04 Aug 2022 04:42:31 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1659588152.762776,VS0,VE0
x-served-by: cache-hhn4075-HHN
x-cache: HIT
location: https://us-u.openx.net/w/1.0/sd?id=537148856&val=YutONgAAAGwF9gOV
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame 756D
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER...
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YutONgAAAGwF9gOV

0
225 B

229ms
37ms

Image
text/html

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YutONgAAAGwF9gOV
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations
Protocol: H2
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://newscorpau.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Thu, 04 Aug 2022 04:42:32 GMT
content-encoding: gzip
server: nginx
cache-control: no-store, no-cache, private
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-type: text/html; charset=utf-8

Redirect headers

pragma: no-cache
date: Thu, 04 Aug 2022 04:42:31 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1659588152.864193,VS0,VE0
x-served-by: cache-hhn4075-HHN
x-cache: HIT
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YutONgAAAGwF9gOV
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H2 200 gn
secure-sdk.imrworldwide.com/cgi-bin/ 44 B
597 B 53ms
52ms Image
image/gif 52.208.102.42
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-sdk.imrworldwide.com/cgi-bin/gn?prd=dcr&ci=au-102695&ch=au-102695_b04_news_S&asn=news&fp_id=46ia003qf30sz7yrqmzago0uwwzne1659588149&fp_cr_tm=1659588149894&fp_acc_tm=1659588149894&fp_emm_tm=1659588149894&ve_id=&sessionId=rvipxrbom2vawjzelwxkbvl9fzr2y1659588149&prv=1&c6=vc,b04&ca=NA&c13=asid,PE61ECF8B-8E10-4919-930F-697F3D3DBB98&c32=segA,NA&c33=segB,NA&c34=segC,DSK-OTT-WinPhn-OtherBrowser&c15=apn,&sup=1&segment2=&segment1=&forward=0&plugv=&playerv=&ad=0&cr=V&c9=devid,&enc=true&c1=nuid,zqtnq2hwu94ifoqn8ptc528ngixxv1659588149&at=view&rt=text&c16=sdkv,bj.6.0.0&c27=cln,0&crs=&lat=&lon=&c29=plid,16595881498914040&c30=bldv,6.0.0.623&st=dcr&c7=osgrp,&c8=devgrp,&c10=plt,&c40=adbid,&c14=osver,NA&c26=dmap,1&dd=&hrd=&wkd=&c35=adrsid,&c36=cref1,&c37=cref2,&c11=agg,1&c12=apv,&c51=adl,0&c52=noad,0&pc=NA&c53=fef,n&c54=oad,&c55=cref3,&c57=adldf,2&ai=1659588149411&c3=st,c&c64=starttm,1659588151&adid=1659588149411&c58=isLive,false&c59=sesid,&c61=createtm,1659588150&c63=pipMode,&uoo=&c68=bndlid,&nodeTM=&logTM=&c73=phtype,&c74=dvcnm,&c76=adbsnid,&c44=progen,&davty=0&si=https%3A%2F%2Fwww.heraldsun.com.au%2Fnews%2Fvictoria%2Fmelbourne-metro-project-rocked-by-bribery-racism-allegations&c66=mediaurl,&sdd=&c62=sendTime,1659588150&rnd=510784
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.208.102.42 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-208-102-42.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 5ecb58845a9ac30e4eb4b18eb0e7431ba1fb195ce035309735efaee67421c7a3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 04 Aug 2022 04:42:31 GMT
server: nginx
access-control-allow-methods: POST, OPTIONS
p3p: P3P policyref="http://secure-sdk.imrworldwide.com/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
access-control-allow-origin: *
cache-control: no-cache
cross-origin-resource-policy: cross-origin
accept-ch: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
content-type: image/gif
content-length: 44
expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H/1.1

200

partner
sync.search.spotxchange.com/ Frame 756D
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/h0r58thg?redir=https%3A%2F%2Fsync.search.spotxchange.com%2Fpartner%3Fadv_id%3D6409%26uid%3D%24%7BUSER_ID%7D%26img%3D1
https://sync.search.spotxchange.com/partner?adv_id=6409&uid=YutONgAAAGwF9gOV&img=1

43 B
548 B

38ms
38ms

Image
image/gif

185.94.180.126
SPOTX-AMS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.search.spotxchange.com/partner?adv_id=6409&uid=YutONgAAAGwF9gOV&img=1
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations
Protocol: HTTP/1.1
Server: 185.94.180.126 Amsterdam, Netherlands, ASN35220 (SPOTX-AMS, US),
Reverse DNS
Software: nginx /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://newscorpau.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Thu, 04 Aug 2022 04:42:32 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 94
Connection: keep-alive
Content-Length: 43

Redirect headers

pragma: no-cache
date: Thu, 04 Aug 2022 04:42:31 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1659588152.971916,VS0,VE0
x-served-by: cache-hhn4075-HHN
x-cache: HIT
location: https://sync.search.spotxchange.com/partner?adv_id=6409&uid=YutONgAAAGwF9gOV&img=1
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H2

200

b.php
www.facebook.com/fr/ Frame 756D
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/r7ifn0SL?redir=https%3A%2F%2Fwww.facebook.com%2Ffr%2Fb.php%3Fp%3D1531105787105294%26e%3D%24%7BTM_USER_ID%7D%26t%3D2592000%26o%3D0
https://www.facebook.com/fr/b.php?p=1531105787105294&e=YutONgAAAGwF9gOV&t=2592000&o=0

43 B
543 B

249ms
97ms

Image
image/gif

2a03:2880:f107:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/fr/b.php?p=1531105787105294&e=YutONgAAAGwF9gOV&t=2592000&o=0

Requested by

Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations

Protocol

Server

2a03:2880:f107:83:face:b00c:0:25de Vienna, Austria, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://newscorpau.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 21:42:32 PDT
content-encoding: br
x-content-type-options: nosniff
document-policy: force-load-at-top
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-fb-rlafr: 0
pragma: public
x-fb-debug: e09UfZPMiGilKyNmIdd8Ca9OKztBBjJs6JmMGwaj52grEsSr3Jp7JlV7VEklERTYpdBHC1v74uHp7QtCr/lGmw==
cross-origin-opener-policy: same-origin-allow-popups
strict-transport-security: max-age=15552000; preload
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
content-type: image/gif
vary: Accept-Encoding
cache-control: public, max-age=0
priority: u=3,i
expires: Wed, 03 Aug 2022 21:42:32 PDT

Redirect headers

pragma: no-cache
date: Thu, 04 Aug 2022 04:42:32 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1659588152.065446,VS0,VE0
x-served-by: cache-hhn4075-HHN
x-cache: HIT
location: https://www.facebook.com/fr/b.php?p=1531105787105294&e=YutONgAAAGwF9gOV&t=2592000&o=0
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H2 200 cm
trc.taboola.com/sg/adobe/1/ Frame 756D 43 B
300 B 50ms
50ms Image
image/gif 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/sg/adobe/1/cm?gdpr=0&gdpr_consent=
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 0d9762a1a60deef8aa093c473ad27c38eed77184d6940e7df06d89d77cbd3e94

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://newscorpau.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-vcl-time-ms: 9
pragma: no-cache
date: Thu, 04 Aug 2022 04:42:32 GMT
via: 1.1 varnish
server: nginx
x-timer: S1659588152.167434,VS0,VE9
x-served-by: cache-hhn4075-HHN
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: *
cache-control: no-cache, no-store
access-control-allow-credentials: true
accept-ranges: bytes
x-cache-hits: 0

GET
H2 204 0
sync.1rx.io/usersync/adobe/ Frame 756D 0
99 B 177ms
38ms Image
text/plain 213.19.147.44
RHYTHMONE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.1rx.io/usersync/adobe/0?dspret=1&redir=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D461447%26dpuuid%3D%5BRX_UUID%5D
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 213.19.147.44 Beverwijk, Netherlands, ASN26120 (RHYTHMONE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://newscorpau.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 04 Aug 2022 04:42:32 GMT
cache-control: no-store, no-cache, must-revalidate
expires: 0

GET
H2 200 generic1659567178234.js Show response
nebula-cdn.kampyle.com/au/wau/132224/onsite/ 497 KB
89 KB 50ms
48ms Script
application/javascript 151.101.193.175
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://nebula-cdn.kampyle.com/au/wau/132224/onsite/generic1659567178234.js

Requested by

Host: nebula-cdn.kampyle.com
URL: https://nebula-cdn.kampyle.com/au/wau/132224/onsite/embed.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.193.175 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

c06ff5658d8d2900eb8a93773ff732159e6a74e22271b19f89522bf21de74a7e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-version-id: DA7Vq8quFaiKN6PnKeczQCUc1zIsy9.i
content-encoding: gzip
etag: "546efe4608202e014c0cb0c746c779a1"
age: 20968
via: 1.1 varnish
x-cache: HIT
vary: Accept-Encoding
content-length: 90683
x-amz-id-2: 4wkAv3ZP7b1aZP5s+5NM6elzblHV2vCxZlXbTJq9a/P5NADshb6LogvJbpqPSwCi8rQRE0OdXQE=
x-served-by: cache-hhn4064-HHN
last-modified: Wed, 03 Aug 2022 22:52:59 GMT
server: AmazonS3
x-timer: S1659588152.494797,VS0,VE0
date: Thu, 04 Aug 2022 04:42:32 GMT
strict-transport-security: max-age=31557600
x-amz-request-id: 98M26M1V2XYQ5HET
access-control-allow-origin: *
cache-control: max-age=31622400
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 41

GET
H2 200 __cool.gif
udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/ 0
317 B 413ms
165ms Image
image/gif 35.241.45.82
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTYwMHgxMjAwIiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEwNC4wLjUxMTIuNzkgU2FmYXJpLzUzNy4zNiIsInNlc3Npb25fcGxhdGZvcm0iOiAiV2luMzIiLCJwYWdlX3RpdGxlIjogIk1lbGJvdXJuZSBtZXRybyBwcm9qZWN0IHJvY2tlZCBieSBicmliZXJ5IHJhY2lzbSBhbGxlZ2F0aW9ucyB8IEhlcmFsZCBTdW4iLCJwYWdlX3VybCI6ICJodHRwczovL3d3dy5oZXJhbGRzdW4uY29tLmF1L25ld3MvdmljdG9yaWEvbWVsYm91cm5lLW1ldHJvLXByb2plY3Qtcm9ja2VkLWJ5LWJyaWJlcnktcmFjaXNtLWFsbGVnYXRpb25zIiwidHJhY2tlcl90eXBlIjogImphdmFzY3JpcHQiLCJ0cmFja2VyX3ZlcnNpb24iOiAiMi4yLjIzIiwiZXZlbnRfbmFtZSI6ICJuZWJ1bGFfcGFnZV92aWV3IiwiZXZlbnRfdGltZXN0YW1wX2Vwb2NoIjogIjE2NTk1ODgxNTI2NDciLCJldmVudF90aW1lem9uZV9vZmZzZXQiOiAwLCJ1c2VyX2lkIjogIjE4MjY3Mjk4ZDNlMmVhLTA3OWZjMDQ1MmFmZmVkLTFlMzAzNjc5LTFkNGMwMC0xODI2NzI5OGQzZjEwYWQiLCJlbnZpcm9tZW50IjogImRpZ2l0YWwtY2xvdWQtc3lkMSIsImFjY291bnRJZCI6IDEzMjIyMiwidXJsIjogImh0dHBzOi8vd3d3LmhlcmFsZHN1bi5jb20uYXUvbmV3cy92aWN0b3JpYS9tZWxib3VybmUtbWV0cm8tcHJvamVjdC1yb2NrZWQtYnktYnJpYmVyeS1yYWNpc20tYWxsZWdhdGlvbnMiLCJ3ZWJzaXRlSWQiOiAxMzIyMjQsImZvcm1JZCI6IG51bGwsImZvcm1UcmlnZ2VyVHlwZSI6IG51bGwsImthbXB5bGVfZGF0YSI6IHsibWRfaXNTdXJ2ZXlTdWJtaXR0ZWRJblNlc3Npb24iOiAiIiwiTEFTVF9JTlZJVEFUSU9OX1ZJRVciOiAiIiwiREVDTElORURfREFURSI6ICIiLCJrYW1weWxlSW52aXRlUHJlc2VudGVkIjogIiIsImthbXB5bGVfdXNlcmlkIjogImE4N2ItYjIxMi1jMmRkLTUzYTItM2MzMS1iZThhLTc1MGQtMjVhNiIsImthbXB5bGVVc2VyU2Vzc2lvbiI6ICIxNjU5NTg4MTUyNjQ0Iiwia2FtcHlsZVVzZXJQZXJjZW50aWxlIjogIiIsIlNVQk1JVFRFRF9EQVRFIjogIiJ9LCJjb29raWVfc2l6ZSI6IDI5NTMsImthbXB5bGVfdmVyc2lvbiI6ICIyLjQ2LjEiLCJvbnNpdGVfdmVyc2lvbiI6ICIyLjQ2LjEiLCJoaXN0b3J5X2xlbmd0aCI6IDIsImV2ZW50X2xvY2FsX3RpbWVzdGFtcCI6IDE2NTk1ODgxNTI2NDYsInBvc2l0aW9uIjogbnVsbCwiaXNVc2VySWRlbnRpZmllZCI6IGZhbHNlfQpdfQ==
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.45.82 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 82.45.241.35.bc.googleusercontent.com
Software: Jetty(9.2.11.v20150529) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-me: prod-instance-gatewayservice-blue-5nrf
date: Thu, 04 Aug 2022 04:42:32 GMT
via: 1.1 google
server: Jetty(9.2.11.v20150529)
access-control-allow-headers: X-Requested-With, Origin, Content-Type, Accept
access-control-max-age: 1800
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: image/gif; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-application-context: application:9090

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 253ms
82ms Script
application/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.heraldsun.com.au

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022080101.js?cb=31068740

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 04 Aug 2022 04:42:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 246ms
84ms Script
application/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.heraldsun.com.au

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022080101.js?cb=31068740

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 04 Aug 2022 04:42:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 142 KB
21 KB 130ms
129ms XHR
text/plain 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1827373365776935&correlator=233551391563336&hxva=1&scor=2725288755903439&eid=31068740%2C31068366%2C42531608%2C44764002&output=ldjh&gdfp_req=1&vrg=2022080101&ptt=17&impl=fifs&npa=1&iu_parts=5129%2Cndm.hwt%2Cpagenotfound&enc_prev_ius=%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2&prev_iu_szs=728x90%7C970x250%7C970x50%7C1000x100%2C728x90%2C1000x50%7C728x1%2C1x1&ifi=1&adks=1359529486%2C295603947%2C224075113%2C527140272&sfv=1-0-38&ists=1&fsapi=false&prev_scp=pos%3D1%26refreshnum%3D0%26refreshed%3Dfalse%26id%3Dd947d035-13af-11ed-bdc1-0a6c212fcb7f%7Cpos%3D2%26refreshnum%3D0%26refreshed%3Dfalse%26id%3Dd947d036-13af-11ed-bdc1-0a6c212fcb7f%7Cpos%3D1%26refreshed%3Dfalse%26id%3Dd947d037-13af-11ed-bdc1-0a6c212fcb7f%7Cpos%3D1%26id%3Dd947d038-13af-11ed-bdc1-0a6c212fcb7f&eri=1&cust_params=us%3Db%26s%3D0%26co%3D1%26kw%3D%26nk%3Dbffdbacfe6649b0d1a2b0edf80c408cd%26sec1%3Dpagenotfound%26ksgmnt%3D%26siteview%3D1%26pagetype%3Dpage-not-found%26adl%3Dfalse%26abtest%3Da%26pvid%3Dbffdbacfe6649b0d1a2b0edf80c408cd-00000000000000000000000000000000-1659588149401-888627%26amznbid%3D0%26amznp%3D0%26fr%3Dfalse%26adt%3DveryLow%26alc%3DveryLow%26dlm%3DveryLow%26drg%3DveryLow%26hat%3DveryLow%26off%3DveryLow%26vio%3DveryLow%26ias-kw%3DIAS_7232_KW%252CIAS_6155_1011_KW%252CIAS_3524_KW%252CIAS_7246_1381_KW%252CIAS_UNSCORED_PG%252CIAS_9588_1165_KW%252CIAS_11613_884_KW&sc=1&cookie_enabled=1&abxe=1&dt=1659588154236&lmt=1659588154&dlt=1659588147790&idt=2316&adxs=436%2C176%2C0%2C0&adys=48%2C3340%2C3340%2C4029&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0%7C1%7C2%7C3&ucis=1%7C2%7C3%7C4&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&nvt=1&url=https%3A%2F%2Fwww.heraldsun.com.au%2Fnews%2Fvictoria%2Fmelbourne-metro-project-rocked-by-bribery-racism-allegations&frm=20&vis=1&psz=1600x134%7C1248x0%7C1600x688%7C1600x4028&msz=728x93%7C1248x0%7C1600x0%7C1600x0&fws=512%2C0%2C0%2C0&ohw=0%2C0%2C0%2C0&ga_vid=916650220.1659588154&ga_sid=1659588154&ga_hid=279368884&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022080101.js?cb=31068740

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

3f85c8d620da22f4f71c730b925513c8a671500a513ac42d7b21809f43ef16de

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Thu, 04 Aug 2022 04:42:34 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2,-2,-2,-2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21272
x-xss-protection: 0
google-lineitem-id: 4682990628,4682990628,4682990628,4682990628
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138234025551,138234025461,138234082439,138386464268
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.heraldsun.com.au
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 13 KB
10 KB 85ms
85ms XHR
application/json 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022080101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022080101.js?cb=31068740

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

52e9d157ebc48469c624200e93fb065741aea1573a812332a94bbd57b00b2736

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 04 Aug 2022 04:42:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10485
x-xss-protection: 0

GET container.html
d59a0ac26df7934462d3d489430e1024.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame EDBD 0
0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 292ms
81ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022080101.js?cb=31068740

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Thu, 04 Aug 2022 04:42:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 04 Aug 2022 04:42:34 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ 0
0 98ms
97ms Fetch
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsu3qL0C1jd1iXnOVquQWDusBW61_iARGLgpWx_0v6ybBznr0lP9aPDpBxXtlSSOiz2Ux4D6SpefhIqhKscDB7HsrKUD5p-34Npz-RLqJE_iCRjAXAFbLdxrtaDJmErLp69GHrsRDye2Rv2vjUZC5dwiUznxCgprITMo_5LM_-w-0zskD-dAh9kP40KYJxJMby4ABSJXjsLrI5wxXLbBFmqRBvYQ3fphbxv1Pdu9c3JwkE_2ijwCuJ7ZjpaPsxIKIPui3BVwABYnwiM2NhLW7IjLII7AjI2ifxg3QMOGTWU4raWX7xADHGWqnwGByRCw3jfIePgd31RK_tY&sig=Cg0ArKJSzNc2AL_Cc_S4EAE&uach_m=[UACH]&adurl=

Requested by

Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations?nk=bffdbacfe6649b0d1a2b0edf80c408cd-1659588143

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 04 Aug 2022 04:42:34 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET abg_lite_fy2021.js
tpc.googlesyndication.com/pagead/js/r20220802/r20110914/ 0
0

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220802/r20110914/client/ 3 KB
2 KB 202ms
70ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220802/r20110914/client/window_focus_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022080101.js?cb=31068740

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Thu, 04 Aug 2022 03:53:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2933
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 18 Aug 2022 03:53:41 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ 139 KB
43 KB 285ms
86ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022080101.js?cb=31068740

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e30a952eadc89f735e92201acd81796193eebddb8926d345c6ce092126c9257a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.heraldsun.com.au/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Thu, 04 Aug 2022 04:42:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43822
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1659527892023609"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 04 Aug 2022 04:42:34 GMT

GET
H3 204 l
www.google.com/ads/measurement/ 0
0 80ms
79ms Image
text/html 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRErts064RxHEa9yYS29Cip4rhSnkKNOfxoUlz58acgbdJuNMmS2FerSmKDIN-9JYdXdCV_
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022080101.js?cb=31068740
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

GET
H2 200 7114969398400660195
tpc.googlesyndication.com/simgad/ 68 B
184 B 211ms
79ms Image
image/png 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/7114969398400660195

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022080101.js?cb=31068740

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f309b7c03d9cae63a9bedbee6ed655f3dbcdb194132943639344dead5f3b9710

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 01 Aug 2022 17:56:24 GMT
x-content-type-options: nosniff
age: 211570
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 68
x-xss-protection: 0
last-modified: Wed, 23 May 2018 07:39:36 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 01 Aug 2023 17:56:24 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ 0
0 97ms
96ms Fetch
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssDFkK4zRJKcPiOEAYH5aPgAXSHffLqUT8jwLl7RgvUSJqE1GCdKkBF7rYwhkwnI97TngvBwkr6wEFqp87eVQOBiP-lNzrRSMCTXZ9N_-ZBkzlmLVDWelqGyVXXu8UPYAW38S6tkhDCDNndomjdkwkDNZrk5c6mCpC3LQOGJt3k5Q5u-Wt2Xg0TVs5MxNjF3p8ye1aC3KiNIRGhPYI99m1-dYO5m605R91LqGewIbSayV7FncjKFVARKRhQwZNBTxFD7HE_UBOdioTvBfOyQ0xpiET1qCOh4TnbGupU8FIwE-SL9-92hRgNCJsDSqXWwkR-bZ22hpEnWEI&sig=Cg0ArKJSzDyPAH7o8ReVEAE&uach_m=[UACH]&adurl=

Requested by

Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations?nk=bffdbacfe6649b0d1a2b0edf80c408cd-1659588143

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 04 Aug 2022 04:42:34 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 204 l
www.google.com/ads/measurement/ 0
0 79ms
79ms Image
text/html 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaS4EqBC8SHyrxAyrRRl86zVe1tqrMwUsMTJMRpuq1CgLtUtAGetVKOePGJUzYnqJL7qMRiN
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022080101.js?cb=31068740
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ 0
0 96ms
96ms Fetch
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvYUiIG8TmyCdcsklxAbd0G7oOaRe0b3sCjZevqIIOeGH_LfacvrUDZzPUxuDsxZ5ZfRrJ41lINkHoRNLG7jDXj1I6sTnlyoq3Ofwe1Yn1wvmA3ebw0b90dTdGZb9TB6j7OAD_V3-ds-eBTWNtIkpnDqVYiiim8E7zTyrYG_dty5p5kb-EQE6w6rg3X5pe9bZmqzXRW4RzP9x7fR09uWit_btO1i9oC1yspbPP4Qg3n76GR0rxCLOVSJvLOVK_uu6vhzKiPqJ9fd_eVICrf18wmPe4uSvYRVDLjE_3IvelN9R8s0XV-oY7B6Isw1CJXKHGRYQeN1-42_AQ&sig=Cg0ArKJSzLO_CewlbZT5EAE&uach_m=[UACH]&adurl=

Requested by

Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations?nk=bffdbacfe6649b0d1a2b0edf80c408cd-1659588143

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 04 Aug 2022 04:42:34 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 204 l
www.google.com/ads/measurement/ 0
0 79ms
79ms Image
text/html 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQAMdHccptLHb1q1lEWTnNVwYN3ua26e6t5gG8sz6j-0ahk0kiVV-MuYi-Qwp3vhW9JlOeN
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022080101.js?cb=31068740
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

GET
H2 200 13503232906761715217
tpc.googlesyndication.com/simgad/ 3 KB
4 KB 198ms
71ms Image
image/png 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/13503232906761715217

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022080101.js?cb=31068740

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2a87453753b5611e7806718ec99a837dc8068d9eb20b4b6b3bb0d38ee2bd84d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 21:08:04 GMT
x-content-type-options: nosniff
age: 27270
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3270
x-xss-protection: 0
last-modified: Wed, 23 May 2018 04:43:28 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 03 Aug 2023 21:08:04 GMT

GET
DATA 200
OK truncated
/ 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a993e9bf0873d2087d4b060e6c34830c86bd0d50e6ec865c08dedb3941908c83

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 13503232906761715217
tpc.googlesyndication.com/simgad/ 3 KB
3 KB 201ms
76ms Image
image/png 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/13503232906761715217

Requested by

Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2a87453753b5611e7806718ec99a837dc8068d9eb20b4b6b3bb0d38ee2bd84d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 21:08:04 GMT
x-content-type-options: nosniff
age: 27270
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3270
x-xss-protection: 0
last-modified: Wed, 23 May 2018 04:43:28 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 03 Aug 2023 21:08:04 GMT

GET
H2

200

/
marketingplatform.google.com/about/enterprise/
Redirect Chain

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsv19gA6cHCOPI7HuYzpsQBLRsyntCCJ06F0HJ6Fm2OZlOKmjeC42yB9daq7ehDPILi4I0FcXLfdbdLgQQhUg-HEJjF7KSwMgwjrIzan8WWZZuWH8TCQm_0-2dxpt4sQ_gqZv-85hacCE...
https://m.doubleclick.net/
https://marketingplatform.google.com/about/enterprise/

0
0

487ms
220ms

Image
text/html

2a00:1450:4001:802::200e

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://marketingplatform.google.com/about/enterprise/
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations
Protocol: H2
Server: 2a00:1450:4001:802::200e -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Redirect headers

date: Thu, 04 Aug 2022 04:36:41 GMT
x-content-type-options: nosniff
server: sffe
age: 353
content-type: text/html; charset=UTF-8
location: https://marketingplatform.google.com/about/enterprise/
cache-control: public, max-age=1800
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 251
x-xss-protection: 0
expires: Thu, 04 Aug 2022 05:06:41 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame B843 13 KB
5 KB 239ms
98ms Document
text/html 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.heraldsun.com.au/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 28506
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 03 Aug 2022 20:47:28 GMT
expires: Thu, 03 Aug 2023 20:47:28 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 6D5A 783 B
535 B 76ms
75ms Document
text/html 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

7395746633ab2c43f321500502089c65a54c04b9679dbf1e741d8bb00b73decb

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-OdbhP6MKX9RS8ahuhWAOmA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.heraldsun.com.au/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 513
content-security-policy: script-src 'report-sample' 'nonce-OdbhP6MKX9RS8ahuhWAOmA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 04 Aug 2022 04:42:34 GMT
expires: Thu, 04 Aug 2022 04:42:34 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 6D5A 0
0 152ms
151ms Image
text/html 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022080101&jk=1827373365776935&rc=
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.186.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s08-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

GET
H3 200 UkaWbFdOBngpypKF1XmH91LOVqbH0hMQiz9LuN6ufos.js Show response
pagead2.googlesyndication.com/bg/ Frame B843 36 KB
14 KB 101ms
82ms Script
text/javascript 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/UkaWbFdOBngpypKF1XmH91LOVqbH0hMQiz9LuN6ufos.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

sffe /

Resource Hash

5246966c574e067829ca9285d57987f752ce56a6c7d213108b3f4bb8deae7e8b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 01 Aug 2022 19:31:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 205846
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14146
x-xss-protection: 0
last-modified: Fri, 29 Jul 2022 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 01 Aug 2023 19:31:49 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame B843 0
9 B 90ms
85ms Image
text/plain 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?YN0rDA
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Thu, 04 Aug 2022 04:42:35 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: d59a0ac26df7934462d3d489430e1024.safeframe.googlesyndication.com
URL: https://d59a0ac26df7934462d3d489430e1024.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Domain: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/js/r20220802/r20110914/abg_lite_fy2021.js

Verdicts & Comments Add Verdict or Comment

297 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

86 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.heraldsun.com.au/news/victoria	1970-01-20 13:45:24	Name: nk Value: bffdbacfe6649b0d1a2b0edf80c408cd
.heraldsun.com.au/	1969-12-31 23:59:59	Name: n_regis Value: 123456789
.news.com.au/	1970-01-20 14:35:48	Name: nk Value: bffdbacfe6649b0d1a2b0edf80c408cd
.heraldsun.com.au/	1970-01-20 14:35:48	Name: nk_debug Value: nk_set
.heraldsun.com.au/	1970-01-20 14:35:48	Name: nk_ts Value: 1659588143
.heraldsun.com.au/	1970-01-20 14:35:48	Name: nk Value: bffdbacfe6649b0d1a2b0edf80c408cd
www.heraldsun.com.au/	1970-01-20 04:59:49	Name: lux_uid Value: 165958814794848492
www.heraldsun.com.au/	1970-01-20 04:59:49	Name: _tb_sess_r Value:
www.heraldsun.com.au/	1970-01-20 04:59:49	Name: _tb_t_ppg Value: https%3A//www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations
www.heraldsun.com.au/	1970-01-20 13:45:24	Name: trc_cookie_storage Value: taboola%2520global%253Auser-id%3D1f2182cc-3e7a-4d6d-a5b4-5276ab2411d7-tuct9e4d3b4
.heraldsun.com.au/	1970-01-20 13:45:24	Name: utag_main Value: v_id:0182672980750002ed1a844ae7c103073006706b00b08$_sn:1$_se:1$_ss:1$_st:1659589949366$ses_id:1659588149366%3Bexp-session$_pn:1%3Bexp-session
.heraldsun.com.au/	1970-01-20 04:59:55	Name: bm_sv Value: 6CD246A30E2D7472B2F1B9921886256B~YAAQj2EXArsGT2SCAQAAkoApZxAEw1wDVGWyO5UNeS1R/dK02I8+iDv4Kgvozh9XcZUEgm1dbV15thN0gS5wkPFuOgoc0unCoiG9ygXXYb761hmBj2GsFN8dM2HO3JCfaZwIrwWYBZte+H11TG48XBSgyULlcIWFBgZabntEz6Iw3B+neHB343DMSnuQz41NxhVsUa9+Rwk7Z4ouIRhw53I71xkb4So67gxIjeDo92n2wtrGiJONUR/5GAj6lI3LtzR3qX4a~1
.heraldsun.com.au/	1970-01-20 13:45:24	Name: nc_eu Value: y
.heraldsun.com.au/	1970-01-20 14:28:36	Name: _cb Value: CsYd7TB8GAUtQbpa4
.heraldsun.com.au/	1970-01-20 14:28:36	Name: _chartbeat2 Value: .1659588149567.1659588149567.1.E9Yl6CPV8mUDTSWs9DmP_fjBRF3Fg.1
.heraldsun.com.au/	1970-01-20 04:59:49	Name: _cb_svref Value: null
.heraldsun.com.au/	1970-01-20 04:59:49	Name: _ncg_sp_ses.ff50 Value: *
.heraldsun.com.au/	1970-01-20 14:35:48	Name: _ncg_sp_id.ff50 Value: aa00c892-0ab0-46fa-82e7-95728181c774.1659588150.1.1659588150.1659588150.a47b0f37-a883-4a08-95dd-7a80f162f1ef
.heraldsun.com.au/	1970-01-20 14:35:48	Name: _awl Value: 3.1659588149.0.5-fac804b8d982a1adccd7a3eeecd2ae2f-6763652d6575726f70652d7765737431-0
.demdex.net/	1970-01-20 09:19:00	Name: demdex Value: 38195624764858219322756263564516324651
.heraldsun.com.au/	1969-12-31 23:59:59	Name: AMCVS_5FE61C8B533204850A490D4D%40AdobeOrg Value: 1
.heraldsun.com.au/	1970-01-20 09:19:00	Name: nol_fpid Value: 46ia003qf30sz7yrqmzago0uwwzne1659588149\|1659588149894\|1659588149894\|1659588149894
.everesttech.net/	1970-01-20 13:45:24	Name: everest_g_v2 Value: g_surferid~YutONgAAAGwF9gOV
.heraldsun.com.au/	1970-01-20 14:35:48	Name: s_ecid Value: MCMID%7C38216589516615242142758659691708654641
.spotxchange.com/	1970-01-20 05:40:07	Name: audience Value: d9161269-13af-11ed-bd3b-1ac054420106
.dpm.demdex.net/	1970-01-20 09:19:00	Name: dpm Value: 38195624764858219322756263564516324651
www.heraldsun.com.au/	1970-01-20 05:09:52	Name: AWSALB Value: PDGnBbdh++cQcsJPuF9NW6LJm1w32nLNGIloiYlN2JaLNRYl25fEurNst8CY/QeWyMUqCP2aX2rPjGdy7h96tRbLUQdR7StgMfNKm4VESNm6XIgopvkWUvq0twjp
.heraldsun.com.au/	1970-01-20 04:59:55	Name: ak_bmsc Value: 4BF8699F9654A4540C3DDBDF9FC88CA6~000000000000000000000000000000~YAAQj2EXAskGT2SCAQAAX4MpZxA+u+5hOeBMOWUSzcug1WKimQQYu33XnphM1J0bn5OEKGz3BOvS+eUYjboFqf57bN5xIYcSOylJX539muZuT5+OniNAAcnI29s5iDCjtFxA0gkjoyujVDIV+Que+xp+eLOT0Dc2+jjDtfWn9mh0SuqDvjWyFJgkpIgrpTVTs7lwvr0LWJKghhmzpGEFvPXsuzwRxHCRL6d5MoYTNG5nGH5OrJg3+umLjd04drnbMMdY9h/y4lqVzk5IigDlqlWxTaduyDUPhkA6vklRm20vMd6/VaQ4M4TwhHISuoTpoktiFdDBpywmaXZipxmZv/WV5MdA0mCEfrSs5le2Mag1pvHc3DDihyoJNOvcaawwHX35vH5o7dayV3L/biGjMo7FzokwA9HV9A1vyaptVKeiVv0+A3rXezXB/lPsHKdnPww6++KxJXZ9CsTilFTvVpbKvM4fl6b+Y4U6imFotOVrEVrL8NKhZIOfWFbO20EWxrIP
www.heraldsun.com.au/	1970-01-20 05:09:52	Name: AWSALBCORS Value: PDGnBbdh++cQcsJPuF9NW6LJm1w32nLNGIloiYlN2JaLNRYl25fEurNst8CY/QeWyMUqCP2aX2rPjGdy7h96tRbLUQdR7StgMfNKm4VESNm6XIgopvkWUvq0twjp
.heraldsun.com.au/	1970-01-20 14:35:48	Name: AMCV_5FE61C8B533204850A490D4D%40AdobeOrg Value: -637568504%7CMCIDTS%7C19209%7CMCMID%7C38216589516615242142758659691708654641%7CMCAAMLH-1660192950%7C6%7CMCAAMB-1660192950%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCCIDH%7C-2046130485%7CMCOPTOUT-1659595350s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-19216%7CvVersion%7C5.1.1
.heraldsun.com.au/	1970-01-20 05:43:00	Name: s_nr30 Value: 1659588150175-New
.heraldsun.com.au/	1970-01-20 14:35:48	Name: s_gdslv Value: 1659588150176
.heraldsun.com.au/	1970-01-20 04:59:49	Name: s_gdslv_s Value: First%20Visit
.heraldsun.com.au/	1970-01-20 04:59:49	Name: s_ppn Value: hs%7Cpage-not-found%7Cpage-not-found%7Cpage%20not%20found
.heraldsun.com.au/	1969-12-31 23:59:59	Name: tp Value: 4029
.heraldsun.com.au/	1969-12-31 23:59:59	Name: s_ppv Value: hs%257Cpage-not-found%257Cpage-not-found%257Cpage%2520not%2520found%2C30%2C30%2C1200
.heraldsun.com.au/	1969-12-31 23:59:59	Name: s_cc Value: true
.adnxs.com/	1970-01-20 07:09:24	Name: uuid2 Value: 2906528172550949699
bs.serving-sys.com/	1969-12-31 23:59:59	Name: OT_6630 Value: 1
.serving-sys.com/	1970-01-20 07:09:24	Name: ActivityInfo2 Value: 004c3mBPu0_
.serving-sys.com/	1970-01-20 07:09:24	Name: G4 Value: 0009fM00Hk_
.serving-sys.com/	1970-01-20 07:09:24	Name: OT2 Value: 0001DC1qYk
.serving-sys.com/	1970-01-20 07:09:24	Name: u2 Value: 0aab756e-6802-4b92-bcd1-997bbcb09f634I8060
.turn.com/	1970-01-20 09:19:00	Name: uid Value: 3226917389351372034
.heraldsun.com.au/	1970-01-20 07:09:24	Name: _gcl_au Value: 1.1.2021517774.1659588151
.imrworldwide.com/	1970-01-20 14:21:24	Name: IMRID Value: d98bb650-13af-11ed-b6a9-256dd60bda9f
.doubleclick.net/	1970-01-20 14:21:24	Name: IDE Value: AHWqTUmH0pnGD5bSD1FjZsHd4bBpJ7QUbIwu-1dEMVv9gY_-ZmKfCaVIlvJlZxIkDVo
.t.co/	1970-01-20 14:35:48	Name: muc_ads Value: 9ea80bdb-2d84-4a42-bc9c-1edf59b1999b
.linkedin.com/	1970-01-20 05:43:00	Name: UserMatchHistory Value: AQJp5VL7Ff7YngAAAYJnKYalkJUG55ajGru97OPTVZzuLNV3M2maFyZajLVPuHZBD906_-SV9xZ_Qw
.linkedin.com/	1970-01-20 05:43:00	Name: AnalyticsSyncHistory Value: AQJwDkRTdyso8wAAAYJnKYal5GKjQsm1Tr5v_OUFqjaVuLkaPUaBs_nf303r2C9H_VbtBxSWnNfu6OhZk31TFw
.ads.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=en-us
.linkedin.com/	1970-01-20 13:45:24	Name: bcookie Value: "v=2&b2efb7e1-d1bd-4dcd-8b20-fb7364daee9d"
.linkedin.com/	1970-01-20 05:01:14	Name: lidc Value: "b=OGST08:s=O:r=O:a=O:p=O:g=2364:u=1:x=1:i=1659588150:t=1659674550:v=2:sig=AQHu8kqPW5tyD_dAP-Xh2Fw55gGJBrI-"
.casalemedia.com/	1970-01-20 13:45:24	Name: CMID Value: YutON8CD-nY67Jb5xHBnFAAA
.casalemedia.com/	1970-01-20 07:09:24	Name: CMPS Value: 1110
.mookie1.com/	1970-01-20 14:28:36	Name: id Value: 10522238326546564836
.mookie1.com/	1970-01-20 14:28:36	Name: mdata Value: 1\|10522238326546564836\|1659588150905
.mookie1.com/	1970-01-20 14:28:36	Name: ov Value: f75bcd01c0848a4052369b2b5a7440f4
.dotmetrics.net/	1970-01-20 13:45:24	Name: DotMetrics.DeviceKey Value: DeviceID=
.dotmetrics.net/	1970-01-20 13:45:24	Name: DotMetrics.UniqueUserIdentityCookie Value: UserID=e0911cbc-d1d5-4f8b-bb46-9a6583c3d6fd&Created=08/04/2022 04:42:31&UserMode=0&guid=def96c39-b65e-495c-a2ec-b88f6663ffbc&ver=1
.twitter.com/	1970-01-20 14:35:48	Name: personalization_id Value: "v1_QKILjgbH4+6fItPCbZhuOw=="
.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=de-de
.www.linkedin.com/	1970-01-20 13:45:24	Name: bscookie Value: "v=1&202208040442311feb42ad-269c-4c91-82ef-5ca3da4011a3AQHAPyWeInoYikabv3MjZniDLfW5lPru"
.linkedin.com/	1970-01-20 09:19:00	Name: li_gc Value: MTswOzE2NTk1ODgxNTE7MjswMjFudvKgpDoklHWRykdF8VUUpC9G6TiQDWpgi2lBIMaJCg==
.casalemedia.com/	1970-01-20 07:09:24	Name: CMPRO Value: 1182
.casalemedia.com/	1970-01-20 05:01:14	Name: CMST Value: YutON2LrTjcA
.scanscout.com/	1970-01-20 13:45:24	Name: uid Value: CI-72194b64a7bfc4df8867066ee0dc0387
.scanscout.com/	1970-01-20 13:45:24	Name: UIAA Value: 38195624764858219322756263564516324651
.scanscout.com/	1970-01-20 13:45:24	Name: UIXX_UPDT Value: "UIAA=1659588151316"
www.heraldsun.com.au/	1969-12-31 23:59:59	Name: DM_SitId1557 Value: true
www.heraldsun.com.au/	1969-12-31 23:59:59	Name: DM_SitId1557SecId13215 Value: true
www.heraldsun.com.au/	1970-01-20 04:59:49	Name: DM_SitIdT1557 Value: true
www.heraldsun.com.au/	1970-01-20 04:59:49	Name: DM_SitId1557SecIdT13215 Value: true
.adnxs.com/	1970-01-20 07:09:24	Name: anj Value: dTM7k!M4.FErk#WF']wIg2Ilcf2xNL!]td48i_jAez_UZ18%4riPv(IJDWmpuQw7=JX7'Kr?unVF=Uc2D$25A)(rF5k*pv7Pm7gn'<u+d%vhLj)fy-E1n:DO
.casalemedia.com/	1970-01-20 07:09:24	Name: CMTS Value: 1200
.casalemedia.com/	1970-01-20 13:45:24	Name: CMRUM3 Value: 5862eb4e372760YutONgAAAGwF9gOV
.krxd.net/	1970-01-20 09:19:00	Name: _kuid_ Value: O_07v9QN
.demdex.net/	1970-01-20 09:19:00	Name: dextp Value: 358-1-1659588150247\|470-1-1659588150347\|481-1-1659588150449\|771-1-1659588150550\|903-1-1659588150650\|19566-1-1659588150751\|23728-1-1659588150852\|30432-1-1659588150953\|30064-1-1659588151054\|66757-1-1659588151154\|134096-1-1659588151256\|144230-1-1659588151357\|144231-1-1659588151458\|144232-1-1659588151558\|144233-1-1659588151659\|144234-1-1659588151759\|144235-1-1659588151860\|144236-1-1659588151961\|144237-1-1659588152061\|147592-1-1659588152163\|461447-1-1659588152265
au-script.dotmetrics.net/	1970-01-20 05:09:52	Name: AWSALBCORS Value: brd+dtfidt0ACnvfQcGx0ENsh5wTaQtP28WKjJXA2/U9Vr131Ca3yLytf/KSbWko3LYRUr7kZxcsBxf2bVjUVcjaOFVEXdhNzxHA2Spd+u7zzQq57tJRtsiqeJl4
www.heraldsun.com.au/	1970-01-20 13:45:24	Name: mdLogger Value: false
www.heraldsun.com.au/	1970-01-20 13:45:24	Name: kampyle_userid Value: a87b-b212-c2dd-53a2-3c31-be8a-750d-25a6
www.heraldsun.com.au/	1970-01-20 13:45:24	Name: kampyleUserSession Value: 1659588152644
www.heraldsun.com.au/	1970-01-20 13:45:24	Name: kampyleUserSessionsCount Value: 1
www.heraldsun.com.au/	1970-01-20 13:45:24	Name: kampyleSessionPageCounter Value: 1
www.heraldsun.com.au/	1970-01-20 13:45:24	Name: kampyleUserPercentile Value: 16.165548061140345
.heraldsun.com.au/	1970-01-20 14:21:24	Name: __gads Value: ID=310d25fa60e4034a:T=1659588154:S=ALNI_MZ5tK5hYIAY2To8RkW4_7nrJ7S8Uw

20 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://www.heraldsun.com.au/news/victoria/melbourne-metro-project-rocked-by-bribery-racism-allegations?nk=bffdbacfe6649b0d1a2b0edf80c408cd-1659588143 Message: Failed to load resource: the server responded with a status of 404 ()
other	warning	URL: https://www.heraldsun.com.au/wp-content/themes/newscorpau-news-dna/dist/javascripts/js-critical-desktop.js?v=21 Message: A preload for 'https://www.heraldsun.com.au/wp-content/themes/newscorpau-news-dna/dist/stylesheets/css-metro-desktop-lazy.css?v=21' is found, but is not used because the request credentials mode does not match. Consider taking a look at crossorigin attribute.
javascript	warning	URL: https://ad.doubleclick.net/adj/N7203.197812.NSO.CODESRV/B7670439;dcadv=4149947;sz=1x2;ord=750756404611.045? Message: Failed to execute 'write' on 'Document': It isn't possible to write into a document from an asynchronously-loaded external script unless it is explicitly opened.
javascript	warning	URL: https://ad.doubleclick.net/adj/N7203.197812.NSO.CODESRV/B7670439;dcadv=4149947;sz=1x2;ord=750756404611.045?(Line 145) Message: Failed to execute 'write' on 'Document': It isn't possible to write into a document from an asynchronously-loaded external script unless it is explicitly opened.
javascript	warning	URL: https://ad.doubleclick.net/adj/N7203.197812.NSO.CODESRV/B7670439;dcadv=4149947;sz=1x2;ord=750756404611.045?(Line 145) Message: Failed to execute 'write' on 'Document': It isn't possible to write into a document from an asynchronously-loaded external script unless it is explicitly opened.
network	error	URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_267%2Cw_480%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//blob.freent.de/image/8408228/460x307/460/307/b0/8838eea2c34435c282a80271250364d8/ft/boris-becker--arm-in-arm-mit-lilian-de-carvalho-mo-img-1001016-image-0-jpg.jpg Message: Failed to load resource: the server responded with a status of 400 ()
network	error	URL: https://blob.freent.de/image/8408228/460x307/460/307/b0/8838eea2c34435c282a80271250364d8/ft/boris-becker--arm-in-arm-mit-lilian-de-carvalho-mo-img-1001016-image-0-jpg.jpg Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://image5.pubmatic.com/AdServer/usersync/usersync.html?predirect=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid=19566%26dpuuid=PM_UID&userIdMacro=PM_UID Message: Failed to load resource: the server responded with a status of 500 ()
javascript	warning	URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022080101.js?cb=31068740(Line 5) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://tpc.googlesyndication.com/pagead/js/r20220802/r20110914/abg_lite_fy2021.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022080101.js?cb=31068740(Line 5) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022080101.js?cb=31068740(Line 5) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://tpc.googlesyndication.com/pagead/js/r20220802/r20110914/abg_lite_fy2021.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022080101.js?cb=31068740(Line 5) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022080101.js?cb=31068740(Line 5) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://tpc.googlesyndication.com/pagead/js/r20220802/r20110914/abg_lite_fy2021.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022080101.js?cb=31068740(Line 5) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022080101.js?cb=31068740(Line 5) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://tpc.googlesyndication.com/pagead/js/r20220802/r20110914/abg_lite_fy2021.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022080101.js?cb=31068740(Line 5) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022080101.js?cb=31068740(Line 5) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://tpc.googlesyndication.com/pagead/js/r20220802/r20110914/abg_lite_fy2021.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022080101.js?cb=31068740(Line 5) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022080101.js?cb=31068740(Line 5) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://tpc.googlesyndication.com/pagead/js/r20220802/r20110914/abg_lite_fy2021.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022080101.js?cb=31068740(Line 5) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
X-Content-Security-Policy	block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

8228261.fls.doubleclick.net
acdn.adnxs.com
ad.doubleclick.net
adservice.google.com
adservice.google.de
am-trc-events.taboola.com
am-vid-events.taboola.com
analytics.twitter.com
ats.rlcdn.com
au-gmtdmp.mookie1.com
au-script.dotmetrics.net
au.tags.newscgp.com
beacon.krxd.net
bedsberry.com
blob.freent.de
bs.serving-sys.com
c.amazon-adsystem.com
cdn-gl.imrworldwide.com
cdn.adsafeprotected.com
cdn.ampproject.org
cdn.speedcurve.com
cdn.taboola.com
cds.taboola.com
cm.everesttech.net
cm.g.doubleclick.net
d.turn.com
d59a0ac26df7934462d3d489430e1024.safeframe.googlesyndication.com
dpm.demdex.net
dsum-sec.casalemedia.com
dt.scanscout.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
ib.adnxs.com
image2.pubmatic.com
image5.pubmatic.com
images.taboola.com
imprammp.taboola.com
insight.adsrvr.org
js.adsrvr.org
lm.serving-sys.com
m.doubleclick.net
marketingplatform.google.com
match.adsrvr.org
metrics.heraldsun.com.au
nebula-cdn.kampyle.com
newscorpau.demdex.net
pagead2.googlesyndication.com
ping.chartbeat.net
pips.taboola.com
pixel.adsafeprotected.com
pixel.rubiconproject.com
ps.eyeota.net
px.ads.linkedin.com
px4.ads.linkedin.com
r.casalemedia.com
resourcesssl.newscdn.com.au
rvipxrbom2vawjzelwxkbvl9fzr2y1659588149.nuid.imrworldwide.com
sb.scorecardresearch.com
secure-ds.serving-sys.com
secure-sdk.imrworldwide.com
secure.adnxs.com
securepubads.g.doubleclick.net
snap.licdn.com
ssum.casalemedia.com
static.ads-twitter.com
static.adsafeprotected.com
static.chartbeat.com
sync-t1.taboola.com
sync-tm.everesttech.net
sync.1rx.io
sync.search.spotxchange.com
t.co
taboola-supply-partners.tremorhub.com
tags.bluekai.com
tags.news.com.au
tags.tiqcdn.com
token.rubiconproject.com
tpc.googlesyndication.com
trc.taboola.com
ts2020-indies-client.web.app
udc-neb.kampyle.com
us-u.openx.net
use.fontawesome.com
usermatch.krxd.net
vidstat.taboola.com
widget.perfectmarket.com
www.facebook.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.googletagservices.com
www.heraldsun.com.au
www.linkedin.com
d59a0ac26df7934462d3d489430e1024.safeframe.googlesyndication.com
tpc.googlesyndication.com
100.24.249.189
104.18.18.126
104.18.19.126
104.244.42.197
104.244.42.67
108.138.15.119
13.107.42.14
13.224.189.90
13.224.189.93
13.224.189.94
13.225.78.97
13.32.121.17
141.226.224.32
141.226.228.48
142.250.181.226
142.250.185.66
142.250.186.162
142.250.186.34
142.250.186.70
15.188.95.229
151.101.1.44
151.101.129.44
151.101.193.175
151.101.194.49
151.101.65.108
151.101.66.217
185.64.190.80
185.89.210.180
185.89.210.212
185.94.180.126
194.97.45.96
199.127.207.182
199.232.136.157
2.16.186.25
2.18.233.169
2001:678:cb4:bbbb::13
213.19.147.44
23.47.208.212
23.47.212.205
23.47.212.221
23.7.201.234
2600:1901:0:b14d::1
2600:1f18:612b:4264:f887:8ace:4fd:1ad4
2600:9000:206e:a00:2:42d9:3100:93a1
2600:9000:21f3:8400:8:48e:53c0:93a1
2600:9000:21f3:ba00:1d:667e:2a40:93a1
2600:9000:223c:7200:18:1fcd:351:7bc1
2606:4700:3032::ac43:a9f7
2620:0:890::100
2620:1ec:21::14
2a00:1450:4001:801::2002
2a00:1450:4001:802::200e
2a00:1450:4001:806::2001
2a00:1450:4001:806::2002
2a00:1450:4001:80e::2002
2a00:1450:4001:80f::2001
2a00:1450:4001:80f::2003
2a00:1450:4001:80f::2004
2a00:1450:4001:812::2002
2a00:1450:4001:82a::2006
2a00:1450:4001:82b::2008
2a02:26f0:10e::6860:5bba
2a03:2880:f107:83:face:b00c:0:25de
2a04:4e42:200::300
3.122.214.165
3.33.220.150
3.69.41.135
3.74.119.102
34.241.142.170
34.242.156.102
34.249.133.154
35.227.202.26
35.241.45.82
35.244.159.8
50.16.218.57
52.16.110.65
52.208.102.42
52.222.209.55
54.75.58.172
69.173.144.139
69.173.144.165
92.123.36.246
002856eb594d2755e967afbc01ed1d8cfcc4232f4abfe714a5b8a9b55a367258
03e5a0363db4c88e26d041592531853130bef1d37948d99988a18f11bf77779f
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
07a502da5b74caf9aebf20741d982219c7ea98cfc84d58b90e9c3ef6bf34cc24
07eebaabb6e2422ce7a01c346a62b108257cae5a07b5a3a630f0937013ddc05c
0ad16c462414f6a8c136057b1a6c04ac3a368efea33416c630e8d9a629fafd24
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0d9762a1a60deef8aa093c473ad27c38eed77184d6940e7df06d89d77cbd3e94
0e07a4183f084c781749d23b16f1d52fc13aeefe1027995354b794bf9c2de3c2
0e5ec55a3d418014ca126be8ee33f2816927af159c19b41f98c04d144ede039c
14f2ec002b176e0dee403cb7dd4ef2274a1353080e1e3e4084678770f4c15b9c
16522f32fedaa365726bdc300197db4623e8051dd45d4e3a4a57e3cf7b7099c5
169654a2040e9f83c46d4cd65600c3dc9db6db042904c22cc97645fb4323c362
174c3522bd95b2d24d12efadbcf3e2bff57d6477b3edd53868c5a665ef5f187e
1d5c29fa89d8c1c62950640a2e0acf7eeebb2d06eb4b784f102d2925fa708971
2403e64188eb03ebfd687ac0f69082c6ef0db4104c3a7cfab9a1767b5e017231
25ade80d6b8698b6496174a8c95645b0052ba97c67a7634f043096df1a3dabf6
2761a54e8d8a23b174d43bc34f5bbca503e28e16509ec94339ded50277f55062
279b436820a07ab86a4c09fe639d3afd1b5d7fdc172371299694cf4f814c686d
27cab8964dd6da6b824813caaf9c878588797e58ca970a9e99583813d303df64
28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9
29ec44fb9d9b41b871e7c5ab0f86fb505e12d45bc7462f11ac34d9991c420af3
2a87453753b5611e7806718ec99a837dc8068d9eb20b4b6b3bb0d38ee2bd84d4
2adde6ff85af215edf87bd7c9d3110c759f4100bbe2eb763fc65571ed98f1d75
2afcabe2eb6314148dfd9dfdec1333b973d97d0780cc08fddab8501afbb013e9
2d0ade31483bf44bbdbc9822066eaebf674738b370092fcfc8295e7ae3195d98
2ea686a08efedbca084fc6263963bded22c10de9eb0e30e3c5527110eb3db5b4
373ad0d2b5026fe99339d51c2e34f09afcd722c2fbf60e2483431bbfecf5bcb3
374cc046f653dbba7141ed44dd5eaae128bc4d6bb99015fa2421b5a94fc5c4c8
375eb1402faeaba7978d6f984b0e89473fa190562c591b7097c2b782645123e6
38cd4e4ae59a14d770a57361d04bb5120a3fd424a4294d1af8e20519d2d91cff
39b076e4bb4fab9b8a142499cf6155f8c128464974691a04de7e764f71b72618
3e00a559781a64376faaf2d968c19f409f6c7604391557e796905c37ae0d4e2a
3f85c8d620da22f4f71c730b925513c8a671500a513ac42d7b21809f43ef16de
42ffbcd5fae6a0eda00246031330f0c87d21ec4c9451787199c02d49746a3d12
45a085189ed8431aed7758efff0ec176fa249b4c50213105a9bc6d2a727ccda7
481a0574246e281316ffa0e15399bf5388bb81ae550ce0401a0353b6bb2d1e5a
4a8cf99461682eb9d7f9de2ff2f1cf7b0030b1af9368b1fc9ff94d3131295a17
4b00ed621740620bfd79c6c4d2501d53390214d6bb3fb90a31a1c24637f05bb7
4b05d7f4339a505c65d2fcb1b21addd2a13a0c155ddf7ca766d1e7203b2b6cae
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
5246966c574e067829ca9285d57987f752ce56a6c7d213108b3f4bb8deae7e8b
52e9d157ebc48469c624200e93fb065741aea1573a812332a94bbd57b00b2736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5b0143573d10639a93b9448b1ebfe1379a49e885accd47b37b3cdd14db2e468b
5ba313b7fa9dd06ba89db2a1f6c6642375203f081bf64563d8571e0ef07a0739
5de6739e9847c4f4d179a4b69eab45a9d7d893472a354ac7a3d477fc8c0be048
5e7b471a7b5dcd0107a7a7d6e057c7a6377f258a3bf28087ce83711e0ae4826a
5ecb58845a9ac30e4eb4b18eb0e7431ba1fb195ce035309735efaee67421c7a3
5fd4c746f4fd80bfb21dc024cc3ef3ab6dd6c44c3e3f4f26365dffec4feadf1d
5ffaa38b1eb97aa761378ac0ab66b43d92aa9a5706b465e5dc99ae2007b440ec
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
63b693778274923011281f0c339ac4116f8a31b9d186d0657849380cd5bd34b7
6819b8c0c5650d0ca031a2b12f8335f2f0af7457832e2856a4285f1132eecccf
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
704de20959867ad7e42c0e25a807e6a87daab17c4e8755cdf36fa105f6a7400f
70efe208587aa0220cbd71b13870394c06f90930540cbdfb677b1af997023bac
727ad8dc8c8b03a4f2cc5ecb39491ff5f590c79c0bd8981faa408cd706332f3b
735f6164b80ac5b101950537cb3d50eb2f95220857dffc7395b1f179b50b87bd
7395746633ab2c43f321500502089c65a54c04b9679dbf1e741d8bb00b73decb
741781b3c52b63e16e1b25a4efbafefca756a88728d62eec705fefe9e37f7751
749017b53b677c8309df48f408a6446f0d29e8256fe34d6a8521ce804b1e370e
75839e3ea0cd949a33dc21dd8b0931f396829fea8e0e3148b576b1228f40e469
7adebb77cda36fdd10f1fcbb6227f32ab586195147385fe65e5004ae0190440a
7b6c0b25c2cb3a2edfe8c42852119cffb292560fe035805ec58d85522316996d
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
7d7c55a2c32de6cf59601af3da7ec4846dca6359449f29e9699d2c208a1e30b6
7f601a8f162545a5b8aa2e2d05a4fc4bd508efd9ec19c65df29f6627edcbbd4a
80833acc1b2e975713e1e34b5d3ce6e6f8d218022620d815d6196f775139e45e
80d54533f80e8233621f965ae0a7713928bdb4d491ed0eb5e90434550f1894cb
811cf25ea0dc00bb1f971ca522518a04551f49c5e2786a9c244cebd8760ce77c
847d6d5bd2d7093e1ca3087ce1372ab31e6b379c98627aeacbac05b4f4a33b7c
871d3975e6fa15012cee0983687bd826ea1486a7926e1ce6bd416a39020666e8
878a2c6c7257a40f4bd4a98b8e865f1307fadd09a359b067f19049d6f096a4c3
89484fc8b0afcf06b0098f663950ecb5dec67751911a44fa530b0c7ba09f1d37
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
9a260409c86cabba5585068608a374b1fbe88d744d311596e79c0beab1939633
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5910455615630589802ca15818aa163322871e6468f06a3660c53d6ab2936bb
a8452df7f1bf74896f911e8d417dc80ddc94b6f7a1c4879df5dfce62aabbd9b0
a993e9bf0873d2087d4b060e6c34830c86bd0d50e6ec865c08dedb3941908c83
a9950fa5ca9cf47072770900d259bcf6778aa1119652d2e706d5eb92df254199
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ae57d5e97bf1a0db8777b7531cd32cb09ee6f07bed183bb880469cc20f355086
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b34f09c87bfb5e44dea329d4a3f1f3335d4764649ea8c857d56b115262111c32
b3b810fd46e7aad5b789896519011ab5366b39dbb19a5663c53525f756e89bfb
b95939599754deb2250672a0ecba1494e7af2352a3598695df9684d77f953d73
bdeed1e1c0751610c8f3dc2a5c78c93f841c366b36a7f7a54f5e6752c2656c05
bfa67e2ce103d04234fa84f7595c316d23f46eed219683f06e264fb27dc91637
c06ff5658d8d2900eb8a93773ff732159e6a74e22271b19f89522bf21de74a7e
c1ca15aa8598ac972f25c8812a1c189cd22f8926ec7b890bc8ea6a70a7779fd1
c234d3a6e7ff0a41542220e1202ea768bffeca48680c47de404653fa040a9c7c
c6b30be9e2ecab19294bbf313c1b95df4ef35c8299bbabfd6e4ec67d95a12376
cbf7345bb3b48a889772393701dcd088f8e21c2b1ef04ad0764d66cb15be4d86
cd477bacdd6669148fe7cffeba6f0f904b76c1bcd85816080b8af74843bae523
ce227a433689c18ee8ee40b39f9998aba7e64d917be1f263bdfc39c134bc6556
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cf4f58a00ac11449432c97caa0c1df8a9ffbcfd193e7b2f88eb27b2410e9b65d
d0d1a0e583e6778d8108e92e6f0900beb02e8f21c3eaf1dc475583e8485eefd1
d160b7999ef36a6814e7e673a78ee2388f00131908cf533155005798db86cfff
d38c3078ab1f5658fb6d96371d2c9ea70724d363da8d17fe677228ad1e97d6ac
d53f7b12fb39eb9f7b3443abe42ce9b7f6b76eda3ae7c0db50870bdf7d833bce
da2fd84220ee9fc01bb1cd5f584e0fbb0b23ec48f548681dd28c00d1522a1fd0
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
de547d79f7e3ec74bb51be6e2724ffb858f2dbfeda483a326e813746f52ea5c5
e03e40389b0971a03a65c9b916591822ee3182b845471becd926d4e3cecdc84e
e30a952eadc89f735e92201acd81796193eebddb8926d345c6ce092126c9257a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e5e2ca77a43ecfab315c2404e0c40c56453692fe70fc9205cb46fc06556ef834
e6913000ad0d73535ca314d6fce75229b8de1a20ac464247359d710713384596
ebb4807c4eb6dca83da209b9d9cbafd1191a5960535e9cfaf6cb2423d59e6f15
ec80f35488c24c555b7493d28164a9dcc34e976d5b1461e755684e35242dff58
ee3a7301fe1e0c0f6bf6acff0d7a8d107f5cb3f62a2566740c0416d8e61f00b9
ee54b51af15f1f68f707da981f3c135c249a25e9293871e1e0cbd2c24c7b6117
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efb3cdc5e4582fd67dffab6fc6e5062074ce3f8c51747346af944e97749dc309
f033d6a9b4acc24957ac5ca92d278b9aca16ec1b264658ae3267b1efa6ef4a5e
f309b7c03d9cae63a9bedbee6ed655f3dbcdb194132943639344dead5f3b9710
f383e739e53afcffd9b21156525608a3d45c9a8597fed3f2a85b4963e6d1fbc0
f419ad7a4477f36ce73c74a23dce784150ca38fa5075a8e06109709cbb716903
f49534287a61791dbdad8bc4c0a6c4fae4b38209f99630d4b80ea2ae4590cfcd
f68019eb4b4e5933301d4ee75969e0cb94ed8333bf514630fa749eb9c3e483c9
f6f9b28ce46bc46d6dc12b7a3e09437e46b159144cf7ea835cfd4702cad05ad8
fd91f90c9575e85db4378cbdceb8cb1141a24d7f0f5f853c0e55d42ed6f3a057

www.heraldsun.com.au Open in urlscan Pro 92.123.36.246 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

191 Requests

88 %HTTPS

29 %IPv6

53 Domains

94 Subdomains

74 IPs

8 Countries

2032 kBTransfer

5703 kBSize

86 Cookies

0 Outgoing links

Page URL History

Redirected requests

191 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.heraldsun.com.au Open in urlscan Pro
92.123.36.246 Public Scan

Screenshot
Live screenshot

Full Image

191
Requests

88 %
HTTPS

29 %
IPv6

53
Domains

94
Subdomains

74
IPs

8
Countries

2032 kB
Transfer

5703 kB
Size

86
Cookies

191 HTTP transactions
3 data transactions