www.news.com.au Open in urlscan Pro
2.18.233.28  Public Scan

1 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

1. https://click.e.newscorpaus.com.au/?qs=cffc14ca5a78ce1ac30f0b000d51899497fdcb84cdac31887a918fc69a3a1b4779687f5ba63a6b2187009f0ca212e4deb7deec513b5cc1eb HTTP 302
   https://www.news.com.au/subscribe/news/1/?offerset=nw_default&utm_medium=EDM&int_source=EDM&int_campaign=Project_Zero_Apr21&int_content=EDM&sourceCode=NWWEB_EDM0104202114365 Page URL
   

---

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 27

• https://cm.everesttech.net/cm/dd?d_uuid=51259672326821810483196490237152936539 HTTP 302
• https://dpm.demdex.net/ibs:dpid=411&dpuuid=Yf824gAAAF0HsgP7

Request Chain 28

• https://ib.adnxs.com/getuid?https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D358%26dpuuid%3D%24UID HTTP 307
• https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fdpm.demdex.net%252Fibs%253Adpid%253D358%2526dpuuid%253D%2524UID HTTP 302
• https://dpm.demdex.net/ibs:dpid=358&dpuuid=6604950145403243054

Request Chain 29

• https://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMjM2NTYzMjkvdC8y/url/https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D470%26dpuuid%3D%24!%7BTURN_UUID%7D HTTP 302
• https://dpm.demdex.net/ibs:dpid=470&dpuuid=7214935692623460864

Request Chain 33

• https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm&gdpr=0&gdpr_consent=&google_hm=NTEyNTk2NzIzMjY4MjE4MTA0ODMxOTY0OTAyMzcxNTI5MzY1Mzk= HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm=&gdpr=0&gdpr_consent=&google_hm=NTEyNTk2NzIzMjY4MjE4MTA0ODMxOTY0OTAyMzcxNTI5MzY1Mzk=&google_tc= HTTP 302
• https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEH3jW7_Elk89OdoKK3Y_twk&google_cver=1?gdpr=0&gdpr_consent=

Request Chain 34

• https://match.adsrvr.org/track/cmf/generic?ttd_pid=aam&gdpr=0&gdpr_consent=&ttd_tpi=1 HTTP 302
• https://match.adsrvr.org/track/cmb/generic?ttd_pid=aam&gdpr=0&gdpr_consent=&ttd_tpi=1 HTTP 302
• https://dpm.demdex.net/ibs:dpid=903&dpuuid=06045354-c74d-4d64-a57b-269ecae593fb

Request Chain 36

• https://ssum.casalemedia.com/usermatchredir?s=183607&cb=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D23728%26dpuuid%3D__UID__ HTTP 302
• https://ssum.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D23728%26dpuuid%3D__UID__&s=183607&C=1 HTTP 302
• https://dpm.demdex.net/ibs:dpid=23728&dpuuid=Yf824w48bsl8.zADkfcZsQAA%261107

Request Chain 37

• https://dt.scanscout.com/ssframework/uid?UIAA=51259672326821810483196490237152936539&url=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D30432%26dpuuid%3D%5BUSER_ID%5D HTTP 302
• https://dpm.demdex.net/ibs:dpid=30432&dpuuid=CI-9969a27f9fa181b7564f0785cda285b8

Request Chain 38

• https://ps.eyeota.net/match?bid=6j5b2cv&uid=51259672326821810483196490237152936539&r=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D30064%26dpuuid%3D%7BUUID_6j5b2cv%7D HTTP 302
• https://dpm.demdex.net/ibs:dpid=30064&dpuuid=%7BUUID_6j5b2cv%7D

Request Chain 39

• https://usermatch.krxd.net/um/v2?partner=adobe&id=51259672326821810483196490237152936539 HTTP 302
• https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=adobe&id=51259672326821810483196490237152936539

Request Chain 50

• https://tags.bluekai.com/site/43981?id=51259672326821810483196490237152936539&redir=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D134096%26dpuuid%3D%24_BK_UUID HTTP 302
• https://dpm.demdex.net/ibs:dpid=134096&dpuuid=$_BK_UUID

Request Chain 57

• https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_push%26google_sc%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_push&google_sc&google_hm=WWY4MjRnQUFBRjBIc2dQNw==

Request Chain 72

• https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D7941%26nid%3D2243%26put%3D%24%7BUSER_ID%7D%26expires%3D90 HTTP 302
• https://pixel.rubiconproject.com/tap.php?v=7941&nid=2243&put=Yf824gAAAF0HsgP7&expires=90

Request Chain 90

• https://sync-tm.everesttech.net/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D HTTP 302
• https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=Yf824gAAAF0HsgP7

Request Chain 99

• https://googleads.g.doubleclick.net/pagead/viewthroughconversion/991686727/?value=1.00&label=jl_KCPGyzgkQx-Dv2AM&guid=ON&script=0 HTTP 302
• https://www.google.com/pagead/1p-user-list/991686727/?value=1.00&label=jl_KCPGyzgkQx-Dv2AM&guid=ON&script=0&is_vtc=1&random=634434388 HTTP 302
• https://www.google.de/pagead/1p-user-list/991686727/?value=1.00&label=jl_KCPGyzgkQx-Dv2AM&guid=ON&script=0&is_vtc=1&random=634434388&ipr=y

Request Chain 100

• https://googleads.g.doubleclick.net/pagead/viewthroughconversion/991686727/?value=1.00&label=wbPrCOmzzgkQx-Dv2AM&guid=ON&script=0 HTTP 302
• https://www.google.com/pagead/1p-user-list/991686727/?value=1.00&label=wbPrCOmzzgkQx-Dv2AM&guid=ON&script=0&is_vtc=1&random=2304880169 HTTP 302
• https://www.google.de/pagead/1p-user-list/991686727/?value=1.00&label=wbPrCOmzzgkQx-Dv2AM&guid=ON&script=0&is_vtc=1&random=2304880169&ipr=y

Request Chain 103

• https://sync-tm.everesttech.net/upi/pid/UH6TUt9n?redir=https%3A%2F%2Fib.adnxs.com%2Fsetuid%3Fentity%3D158%26code%3D%24%7BTM_USER_ID%7D HTTP 302
• https://ib.adnxs.com/setuid?entity=158&code=Yf824gAAAF0HsgP7

Request Chain 111

• https://sync-tm.everesttech.net/upi/pid/ny75r2x0?redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537148856%26val%3D%24%7BTM_USER_ID%7D HTTP 302
• https://us-u.openx.net/w/1.0/sd?id=537148856&val=Yf824gAAAF0HsgP7

Request Chain 125

• https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D HTTP 302
• https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=Yf824gAAAF0HsgP7

Request Chain 149

• https://googleads.g.doubleclick.net/pagead/viewthroughconversion/991686727/?value=1.00&label=jl_KCPGyzgkQx-Dv2AM&guid=ON&script=0 HTTP 302
• https://www.google.com/pagead/1p-user-list/991686727/?value=1.00&label=jl_KCPGyzgkQx-Dv2AM&guid=ON&script=0&is_vtc=1&random=1345946728 HTTP 302
• https://www.google.de/pagead/1p-user-list/991686727/?value=1.00&label=jl_KCPGyzgkQx-Dv2AM&guid=ON&script=0&is_vtc=1&random=1345946728&ipr=y

Request Chain 150

• https://googleads.g.doubleclick.net/pagead/viewthroughconversion/991686727/?value=1.00&label=wbPrCOmzzgkQx-Dv2AM&guid=ON&script=0 HTTP 302
• https://www.google.com/pagead/1p-user-list/991686727/?value=1.00&label=wbPrCOmzzgkQx-Dv2AM&guid=ON&script=0&is_vtc=1&random=3832686810 HTTP 302
• https://www.google.de/pagead/1p-user-list/991686727/?value=1.00&label=wbPrCOmzzgkQx-Dv2AM&guid=ON&script=0&is_vtc=1&random=3832686810&ipr=y

Request Chain 153

• https://sync-tm.everesttech.net/upi/pid/h0r58thg?redir=https%3A%2F%2Fsync.search.spotxchange.com%2Fpartner%3Fadv_id%3D6409%26uid%3D%24%7BUSER_ID%7D%26img%3D1 HTTP 302
• https://sync.search.spotxchange.com/partner?adv_id=6409&uid=Yf824gAAAF0HsgP7&img=1 HTTP 302
• https://sync.search.spotxchange.com/partner?adv_id=6409&uid=Yf824gAAAF0HsgP7&img=1&__user_check__=1&sync_id=34e3596b-86f7-11ec-9c0f-1342c0320506

Request Chain 154

• https://sync-tm.everesttech.net/upi/pid/r7ifn0SL?redir=https%3A%2F%2Fwww.facebook.com%2Ffr%2Fb.php%3Fp%3D1531105787105294%26e%3D%24%7BTM_USER_ID%7D%26t%3D2592000%26o%3D0 HTTP 302
• https://www.facebook.com/fr/b.php?p=1531105787105294&e=Yf824gAAAF0HsgP7&t=2592000&o=0

Request Chain 156

• https://sync.1rx.io/usersync/adobe/0?dspret=1&redir=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D461447%26dpuuid%3D%5BRX_UUID%5D HTTP 302
• https://sync.1rx.io/usersync/adobe/0?zcc=1&redir=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D461447%26dpuuid%3D%5BRX_UUID%5D&cb=1644115684506 HTTP 302
• https://sync.targeting.unrulymedia.com/csync/RX-1f1c872e-871f-4761-995b-0a5d416b1ed0-003?redir=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D461447%26dpuuid%3DRX-1f1c872e-871f-4761-995b-0a5d416b1ed0-003 HTTP 302
• https://dpm.demdex.net/ibs:dpid=461447&dpuuid=RX-1f1c872e-871f-4761-995b-0a5d416b1ed0-003

197 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
4 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response www.news.com.au/subscribe/news/1/ Redirect Chain https://click.e.newscorpaus.com.au/?qs=cffc14ca5a78ce1ac30f0b000d51899497fdcb84cdac31887a918fc69a3a1b4779687f5ba63a6b2187009f0ca212e4deb7deec513b5cc1eb https://www.news.com.au/subscribe/news/1/?offerset=nw_default&utm_medium=EDM&int_source=EDM&int_campaign=Project_Zero_Apr21&int_content=EDM&sourceCode=NWWEB_EDM0104202114365	27 KB 8 KB	1614ms 1431ms	Document text/html	2.18.233.28 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://www.news.com.au/subscribe/news/1/?offerset=nw_default&utm_medium=EDM&int_source=EDM&int_campaign=Project_Zero_Apr21&int_content=EDM&sourceCode=NWWEB_EDM0104202114365 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2.18.233.28 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a2-18-233-28.deploy.static.akamaitechnologies.com Software nginx / WordPress VIP <https://wpvip.com> Resource Hash e85f9541f1b765807643c1537ba945d19782b982a0c4361b452a1a1ef78c0e18 Security Headers Name Value Content-Security-Policy block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; X-Content-Security-Policy block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Accept-Language de-DE,de;q=0.9 Response headers server nginx content-type text/html; charset=UTF-8 x-powered-by WordPress VIP <https://wpvip.com> content-security-policy block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; x-content-security-policy block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; x-webkit-csp block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; is-https true vary User-Agent Accept-Encoding x-rq ewr2 0 2 9980 host-header a9130478a60e5f9135f765b23f26593b x-akamai-transformed 9 27342 0 pmb=mTOE,2 content-encoding gzip expires Sun, 06 Feb 2022 02:48:01 GMT cache-control max-age=0, no-cache, no-store pragma no-cache date Sun, 06 Feb 2022 02:48:01 GMT content-length 6888 Redirect headers Cache-Control private Content-Type text/html; charset=utf-8 Location https://www.news.com.au/subscribe/news/1/?offerset=nw_default&utm_medium=EDM&int_source=EDM&int_campaign=Project_Zero_Apr21&int_content=EDM&sourceCode=NWWEB_EDM0104202114365 Date Sun, 06 Feb 2022 02:47:59 GMT Connection close Content-Length 310
GET H2	200	/ dsf.newscorpaustralia.com/news/_static/	262 KB 31 KB	49ms 7ms	Stylesheet text/css	2a04:fa87:fffd::c000:4298 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://dsf.newscorpaustralia.com/news/_static/??-eJxljksOwjAMBS9E6vJngzhL6hpqkThR7KrK7QlVN4j1mxk9WLJjwTCPpICqMLIaDCHh2wUeii8V1GqgLrJ0DdhBMzCJkRjkML9YmlTFR0anU8ruWdoKXpVsy327a1JBaFFM0c+wYn9FmyjSb3AFHU4cxu1Kkx7xvr+cjte+v50PH/QaSVk= Requested by Host: www.news.com.au URL: https://www.news.com.au/subscribe/news/1/?offerset=nw_default&utm_medium=EDM&int_source=EDM&int_campaign=Project_Zero_Apr21&int_content=EDM&sourceCode=NWWEB_EDM0104202114365 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:fa87:fffd::c000:4298 , Ireland, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash ead3b470b0c2af5b017439c905248463b53674dd59e9612afa29127a4758c051 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.news.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sun, 06 Feb 2022 02:48:01 GMT x-rq hhn2 0 2 9980 last-modified Tue, 01 Feb 2022 07:34:12 GMT server nginx age 1448 vary Accept-Encoding x-cache hit content-type text/css;charset=utf-8 cache-control max-age=300, must-revalidate accept-ranges bytes content-encoding gzip content-length 31838
GET H2	200	utag.sync.js Show response tags.tiqcdn.com/utag/newsltd/news.sops/prod/	732 B 938 B	412ms 393ms	Script application/x-javascript	104.75.88.194 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://tags.tiqcdn.com/utag/newsltd/news.sops/prod/utag.sync.js?ver=5.8.3 Requested by Host: www.news.com.au URL: https://www.news.com.au/subscribe/news/1/?offerset=nw_default&utm_medium=EDM&int_source=EDM&int_campaign=Project_Zero_Apr21&int_content=EDM&sourceCode=NWWEB_EDM0104202114365 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 104.75.88.194 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-75-88-194.deploy.static.akamaitechnologies.com Software AkamaiNetStorage / Resource Hash 7c186ab01a908200ccf3aa91f02d705cfa868a4ec2cd5c941569cc3e7d2c79e9 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.news.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sun, 06 Feb 2022 02:48:01 GMT last-modified Tue, 07 Sep 2021 01:19:44 GMT server AkamaiNetStorage etag "2708c0fcbb165b5ee4e2f2d397e70d3c:1630977584.152342" content-type application/x-javascript cache-control max-age=300 accept-ranges bytes content-length 732 expires Sun, 06 Feb 2022 02:53:01 GMT
GET H2	200	rampart.js Show response www.news.com.au/remote/identity/rampart/latest/	278 KB 83 KB	184ms 184ms	Script application/x-javascript	2.18.233.28 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://www.news.com.au/remote/identity/rampart/latest/rampart.js?ver=5.8.3 Requested by Host: www.news.com.au URL: https://www.news.com.au/subscribe/news/1/?offerset=nw_default&utm_medium=EDM&int_source=EDM&int_campaign=Project_Zero_Apr21&int_content=EDM&sourceCode=NWWEB_EDM0104202114365 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2.18.233.28 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a2-18-233-28.deploy.static.akamaitechnologies.com Software AkamaiNetStorage / Resource Hash cfbc28456df3bf7c54a17607f30ce34c5d9af8ce5a63835909a6e14df86e2bcb Security Headers Name Value Content-Security-Policy block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; X-Content-Security-Policy block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.news.com.au/subscribe/news/1/?offerset=nw_default&utm_medium=EDM&int_source=EDM&int_campaign=Project_Zero_Apr21&int_content=EDM&sourceCode=NWWEB_EDM0104202114365 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers content-security-policy block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; content-encoding gzip x-content-security-policy block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; server AkamaiNetStorage etag "66c4dba788caf010cc03758553c1cf72:1643006397.848692" vary User-Agent, Accept-Encoding content-type application/x-javascript cache-control max-age=190 date Sun, 06 Feb 2022 02:48:01 GMT is-https true x-webkit-csp block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; expires Sun, 06 Feb 2022 02:51:11 GMT
GET H2	200	20352597942.js Show response cdn.optimizely.com/js/	290 KB 88 KB	53ms 17ms	Script text/javascript	2a02:26f0:1700:793::13b8 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://cdn.optimizely.com/js/20352597942.js?ver=5.8.3 Requested by Host: www.news.com.au URL: https://www.news.com.au/subscribe/news/1/?offerset=nw_default&utm_medium=EDM&int_source=EDM&int_campaign=Project_Zero_Apr21&int_content=EDM&sourceCode=NWWEB_EDM0104202114365 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:1700:793::13b8 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software AmazonS3 / Resource Hash 97b128bcd1ca14c9e8bef002349057f10f2333b634f620efa0933c48d1e32c63 Security Headers Name Value Strict-Transport-Security max-age=15768000 Request headers Referer https://www.news.com.au/ Origin https://www.news.com.au Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers x-amz-meta-pci_enabled False x-amz-version-id DuPo9ejUNQvMurID3igQwi0.s0PryStc content-encoding gzip etag "ebb6baa5ec28cf4d5d035f3f15dc07f8" x-amz-request-id DSCTZ67VVZCNCYRK x-amz-server-side-encryption AES256 x-amz-meta-revision 231 x-amz-replication-status COMPLETED access-control-allow-methods GET, HEAD server-timing cdn;desc="AkamaiION";dur=0,rtt;desc="6";dur=0,cdnip;desc="2a02:26f0:1700:793::13b8";dur=0,cdnmap;desc="a5048.dsca.akamaiedge.net";dur=0,proto;desc="h2";dur=0 vary Accept-Encoding content-length 89669 x-amz-id-2 IXTU3VQVkY59pzPXt3pbkMlATOlx1GaCauABUNfqV08I/lIXKHG8iYNdc9ACS0JrEEleaf3yNZw= last-modified Wed, 02 Feb 2022 03:17:09 GMT server AmazonS3 date Sun, 06 Feb 2022 02:48:01 GMT access-control-max-age 86400 strict-transport-security max-age=15768000 content-type text/javascript; charset=utf-8 access-control-allow-origin * access-control-expose-headers x-amz-meta-revision cache-control max-age=120 accept-ranges bytes timing-allow-origin * access-control-allow-headers *
GET H2	200	/ Show response dsf.newscorpaustralia.com/news/_static/	98 KB 34 KB	49ms 8ms	Script application/javascript	2a04:fa87:fffd::c000:4298 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://dsf.newscorpaustralia.com/news/_static/??-eJzTLy/QzcxLzilNSS3WzwKiwtLUokoopZebmaeXVayjj0+Rbm5melFiSSpUsX2uraGZibGhiaGRuWkWAK9HIho= Requested by Host: www.news.com.au URL: https://www.news.com.au/subscribe/news/1/?offerset=nw_default&utm_medium=EDM&int_source=EDM&int_campaign=Project_Zero_Apr21&int_content=EDM&sourceCode=NWWEB_EDM0104202114365 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:fa87:fffd::c000:4298 , Ireland, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash 75839e3ea0cd949a33dc21dd8b0931f396829fea8e0e3148b576b1228f40e469 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.news.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sun, 06 Feb 2022 02:48:01 GMT x-rq hhn2 0 2 9980 last-modified Tue, 25 Jan 2022 20:07:55 GMT server nginx age 1448 vary Accept-Encoding x-cache hit content-type application/javascript cache-control max-age=300, must-revalidate accept-ranges bytes content-encoding gzip content-length 34312
GET H2	200	3ddecd04 Show response www.news.com.au/akam/11/	32 KB 12 KB	53ms 52ms	Script application/javascript	2.18.233.28 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://www.news.com.au/akam/11/3ddecd04 Requested by Host: www.news.com.au URL: https://www.news.com.au/subscribe/news/1/?offerset=nw_default&utm_medium=EDM&int_source=EDM&int_campaign=Project_Zero_Apr21&int_content=EDM&sourceCode=NWWEB_EDM0104202114365 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2.18.233.28 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a2-18-233-28.deploy.static.akamaitechnologies.com Software / Resource Hash fcacb4cefffa48c03bccc92d826a387fe86801c9959048d2abfd9b5d0404e60c Security Headers Name Value Content-Security-Policy block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; X-Content-Security-Policy block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.news.com.au/subscribe/news/1/?offerset=nw_default&utm_medium=EDM&int_source=EDM&int_campaign=Project_Zero_Apr21&int_content=EDM&sourceCode=NWWEB_EDM0104202114365 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers content-security-policy block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; content-encoding gzip etag "d42066a787ca955282d3c11b1b01d4e2f550fb4c1250b11d5295ea63180878b8" x-arrg45 adlite is-https true content-length 10448 pragma no-cache date Sun, 06 Feb 2022 02:48:01 GMT vary User-Agent, Accept-Encoding content-type application/javascript expires Sun, 06 Feb 2022 02:48:01 GMT cache-control max-age=0, no-cache, no-store x-arrrg1 /blaize/decision-engine?path=https%3a%2f%2fwww.news.com.au%2fakam%2f11%2f3ddecd04&blaizehost=cdn.news.newscorp.blaize.io&content_id=3ddecd04&session=cc873177cdc9191e34a3597510bfa0eb x-sppdebug /akam/11/3ddecd04?wpa=249773C60B8F845BC60654C0BAA5BE730BF5A8A0&editiondata=none&fromakamai=true&pt=none&device=DESKTOP&ck_st=null x-webkit-csp block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; x-content-security-policy block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
GET H2	200	loader.js Show response subscriptions.news.com.au/loader/	259 KB 78 KB	75ms 8ms	Script text/javascript	18.66.97.29 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://subscriptions.news.com.au/loader/loader.js Requested by Host: www.news.com.au URL: https://www.news.com.au/subscribe/news/1/?offerset=nw_default&utm_medium=EDM&int_source=EDM&int_campaign=Project_Zero_Apr21&int_content=EDM&sourceCode=NWWEB_EDM0104202114365 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.97.29 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-97-29.fra56.r.cloudfront.net Software AmazonS3 / Resource Hash 70d7bd883dec3c6ec10a212cabb69f88087231d4b8165c3163e257a97b663c86 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.news.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sat, 05 Feb 2022 10:43:40 GMT content-encoding gzip last-modified Wed, 12 Jan 2022 03:46:15 GMT server AmazonS3 age 57862 etag W/"bb3db80be80b32248ae7d5872b956351" vary Accept-Encoding x-cache Hit from cloudfront content-type text/javascript via 1.1 93b8205e2f07a7099af2e6fd126d9658.cloudfront.net (CloudFront) x-amz-cf-pop FRA56-P2 x-amz-cf-id 5WJO-QVVgKaqidWgCjai2dDXdPdYzaDFLqVo2eYB3R7wCwmM6z20rA==
GET H2	200	/ Show response dsf.newscorpaustralia.com/news/_static/	52 KB 15 KB	65ms 24ms	Script application/javascript	2a04:fa87:fffd::c000:4298 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://dsf.newscorpaustralia.com/news/_static/??/wp-content/plugins/dynamic-shop-front/assets/dist/js/dsf-front.build.js,/wp-content/themes/dynamic-shopfront/js/navigation.js?m=1643774416j Requested by Host: www.news.com.au URL: https://www.news.com.au/subscribe/news/1/?offerset=nw_default&utm_medium=EDM&int_source=EDM&int_campaign=Project_Zero_Apr21&int_content=EDM&sourceCode=NWWEB_EDM0104202114365 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:fa87:fffd::c000:4298 , Ireland, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash c6cd965e03addb4a2caef0a596f5d5432212f83fdaf701a846e583f0f4244c5e Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.news.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sun, 06 Feb 2022 02:48:01 GMT x-rq hhn2 0 2 9980 last-modified Wed, 02 Feb 2022 04:00:16 GMT server nginx age 1448 vary Accept-Encoding x-cache hit content-type application/javascript cache-control max-age=300, must-revalidate accept-ranges bytes content-encoding gzip content-length 14877
GET H2	200	icon-faq-plus.png dsf.newscorpaustralia.com/wp-content/plugins/dynamic-shop-front/assets/common/images/	466 B 586 B	7ms 7ms	Image image/png	2a04:fa87:fffd::c000:4298 AUTOMATTIC
General Check archive.org Show headers Download Go to Show image Full URL https://dsf.newscorpaustralia.com/wp-content/plugins/dynamic-shop-front/assets/common/images/icon-faq-plus.png Requested by Host: dsf.newscorpaustralia.com URL: https://dsf.newscorpaustralia.com/news/_static/??-eJxljksOwjAMBS9E6vJngzhL6hpqkThR7KrK7QlVN4j1mxk9WLJjwTCPpICqMLIaDCHh2wUeii8V1GqgLrJ0DdhBMzCJkRjkML9YmlTFR0anU8ruWdoKXpVsy327a1JBaFFM0c+wYn9FmyjSb3AFHU4cxu1Kkx7xvr+cjte+v50PH/QaSVk= Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:fa87:fffd::c000:4298 , Ireland, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash 48e995c834f9cbb64904650cbb722ab0c92effb6c59cf493aa055fcc1fc0417a Request headers Accept-Language de-DE,de;q=0.9 Referer https://dsf.newscorpaustralia.com/news/_static/??-eJxljksOwjAMBS9E6vJngzhL6hpqkThR7KrK7QlVN4j1mxk9WLJjwTCPpICqMLIaDCHh2wUeii8V1GqgLrJ0DdhBMzCJkRjkML9YmlTFR0anU8ruWdoKXpVsy327a1JBaFFM0c+wYn9FmyjSb3AFHU4cxu1Kkx7xvr+cjte+v50PH/QaSVk= User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sun, 06 Feb 2022 02:48:01 GMT x-rq hhn2 0 2 9980 last-modified Mon, 10 Jan 2022 05:59:32 GMT server nginx age 2249792 etag "61dbcb44-1d2" x-cache hit content-type image/png cache-control max-age=31536000 accept-ranges bytes content-length 466 expires Mon, 06 Feb 2023 02:48:01 GMT
GET H2	200	Eva-Bold.woff2 dsf.newscorpaustralia.com/wp-content/plugins/dynamic-shop-front/assets/common/fonts/	19 KB 19 KB	302ms 225ms	Font font/woff2	2a04:fa87:fffd::c000:4298 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://dsf.newscorpaustralia.com/wp-content/plugins/dynamic-shop-front/assets/common/fonts/Eva-Bold.woff2 Requested by Host: dsf.newscorpaustralia.com URL: https://dsf.newscorpaustralia.com/news/_static/??-eJxljksOwjAMBS9E6vJngzhL6hpqkThR7KrK7QlVN4j1mxk9WLJjwTCPpICqMLIaDCHh2wUeii8V1GqgLrJ0DdhBMzCJkRjkML9YmlTFR0anU8ruWdoKXpVsy327a1JBaFFM0c+wYn9FmyjSb3AFHU4cxu1Kkx7xvr+cjte+v50PH/QaSVk= Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:fa87:fffd::c000:4298 , Ireland, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash 5877830ab315f6730602512594573f4c9e023d8bab3d47b2d307f73f0ec9718d Request headers Referer https://dsf.newscorpaustralia.com/news/_static/??-eJxljksOwjAMBS9E6vJngzhL6hpqkThR7KrK7QlVN4j1mxk9WLJjwTCPpICqMLIaDCHh2wUeii8V1GqgLrJ0DdhBMzCJkRjkML9YmlTFR0anU8ruWdoKXpVsy327a1JBaFFM0c+wYn9FmyjSb3AFHU4cxu1Kkx7xvr+cjte+v50PH/QaSVk= Origin https://www.news.com.au Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sun, 06 Feb 2022 02:48:01 GMT content-encoding gzip age 0 x-cache miss content-length 19476 x-rq mxp2 0 2 9980 last-modified Mon, 31 Jan 2022 01:27:50 GMT server nginx etag W/"61f73b16-4bf8" vary X-Mobile-Class access-control-allow-methods GET, HEAD content-type font/woff2 access-control-allow-origin * cache-control max-age=31536000 accept-ranges bytes expires Mon, 06 Feb 2023 02:48:01 GMT
GET H2	200	SourceSansPro-SemiBold.woff2 dsf.newscorpaustralia.com/wp-content/plugins/dynamic-shop-front/assets/common/fonts/	82 KB 82 KB	122ms 45ms	Font font/woff2	2a04:fa87:fffd::c000:4298 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://dsf.newscorpaustralia.com/wp-content/plugins/dynamic-shop-front/assets/common/fonts/SourceSansPro-SemiBold.woff2 Requested by Host: dsf.newscorpaustralia.com URL: https://dsf.newscorpaustralia.com/news/_static/??-eJxljksOwjAMBS9E6vJngzhL6hpqkThR7KrK7QlVN4j1mxk9WLJjwTCPpICqMLIaDCHh2wUeii8V1GqgLrJ0DdhBMzCJkRjkML9YmlTFR0anU8ruWdoKXpVsy327a1JBaFFM0c+wYn9FmyjSb3AFHU4cxu1Kkx7xvr+cjte+v50PH/QaSVk= Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:fa87:fffd::c000:4298 , Ireland, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash 0b3376aa27741ca90899fed12bcccbf1ea22edb596846ba6b26e263463686590 Request headers Referer https://dsf.newscorpaustralia.com/news/_static/??-eJxljksOwjAMBS9E6vJngzhL6hpqkThR7KrK7QlVN4j1mxk9WLJjwTCPpICqMLIaDCHh2wUeii8V1GqgLrJ0DdhBMzCJkRjkML9YmlTFR0anU8ruWdoKXpVsy327a1JBaFFM0c+wYn9FmyjSb3AFHU4cxu1Kkx7xvr+cjte+v50PH/QaSVk= Origin https://www.news.com.au Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sun, 06 Feb 2022 02:48:01 GMT content-encoding gzip age 173 x-cache hit content-length 83897 x-rq mxp2 0 2 9980 last-modified Mon, 31 Jan 2022 01:27:50 GMT server nginx etag W/"61f73b16-14808" vary X-Mobile-Class access-control-allow-methods GET, HEAD content-type font/woff2 access-control-allow-origin * cache-control max-age=31536000 accept-ranges bytes expires Mon, 06 Feb 2023 02:48:01 GMT
GET H2	200	SourceSansPro-Regular.woff2 dsf.newscorpaustralia.com/wp-content/plugins/dynamic-shop-front/assets/common/fonts/	83 KB 83 KB	87ms 46ms	Font font/woff2	2a04:fa87:fffd::c000:4298 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://dsf.newscorpaustralia.com/wp-content/plugins/dynamic-shop-front/assets/common/fonts/SourceSansPro-Regular.woff2 Requested by Host: dsf.newscorpaustralia.com URL: https://dsf.newscorpaustralia.com/news/_static/??-eJxljksOwjAMBS9E6vJngzhL6hpqkThR7KrK7QlVN4j1mxk9WLJjwTCPpICqMLIaDCHh2wUeii8V1GqgLrJ0DdhBMzCJkRjkML9YmlTFR0anU8ruWdoKXpVsy327a1JBaFFM0c+wYn9FmyjSb3AFHU4cxu1Kkx7xvr+cjte+v50PH/QaSVk= Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:fa87:fffd::c000:4298 , Ireland, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash f2696e8eb9d876987998374c51e4d14a24f6f24a23fe697493ebf761c3bcc4b9 Request headers Referer https://dsf.newscorpaustralia.com/news/_static/??-eJxljksOwjAMBS9E6vJngzhL6hpqkThR7KrK7QlVN4j1mxk9WLJjwTCPpICqMLIaDCHh2wUeii8V1GqgLrJ0DdhBMzCJkRjkML9YmlTFR0anU8ruWdoKXpVsy327a1JBaFFM0c+wYn9FmyjSb3AFHU4cxu1Kkx7xvr+cjte+v50PH/QaSVk= Origin https://www.news.com.au Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sun, 06 Feb 2022 02:48:01 GMT content-encoding gzip age 173 x-cache hit content-length 84664 x-rq mxp2 0 2 9980 last-modified Mon, 31 Jan 2022 01:27:50 GMT server nginx etag W/"61f73b16-14aec" vary X-Mobile-Class access-control-allow-methods GET, HEAD content-type font/woff2 access-control-allow-origin * cache-control max-age=31536000 accept-ranges bytes expires Mon, 06 Feb 2023 02:48:01 GMT
GET H2	200	news-logo.svg dsf.newscorpaustralia.com/wp-content/plugins/dynamic-shop-front/assets/common/images/	4 KB 2 KB	183ms 183ms	Image image/svg+xml	2a04:fa87:fffd::c000:4298 AUTOMATTIC
General Check archive.org Show headers Download Go to Show image Full URL https://dsf.newscorpaustralia.com/wp-content/plugins/dynamic-shop-front/assets/common/images/news-logo.svg Requested by Host: www.news.com.au URL: https://www.news.com.au/subscribe/news/1/?offerset=nw_default&utm_medium=EDM&int_source=EDM&int_campaign=Project_Zero_Apr21&int_content=EDM&sourceCode=NWWEB_EDM0104202114365 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:fa87:fffd::c000:4298 , Ireland, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash f8713020a0536791b384789b4e25b3fabc68cb264642c79c096ef0744e7dbd09 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.news.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sun, 06 Feb 2022 02:48:01 GMT content-encoding gzip x-rq hhn2 0 2 9980 last-modified Mon, 31 Jan 2022 01:27:50 GMT server nginx age 0 etag W/"61f73b16-114c" vary X-Mobile-Class x-cache miss content-type image/svg+xml cache-control max-age=31536000 accept-ranges bytes content-length 1878 expires Mon, 06 Feb 2023 02:48:01 GMT
GET H2	200	avatar.svg dsf.newscorpaustralia.com/wp-content/plugins/dynamic-shop-front/assets/common/images/	264 B 366 B	172ms 172ms	Image image/svg+xml	2a04:fa87:fffd::c000:4298 AUTOMATTIC
General Check archive.org Show headers Download Go to Show image Full URL https://dsf.newscorpaustralia.com/wp-content/plugins/dynamic-shop-front/assets/common/images/avatar.svg Requested by Host: www.news.com.au URL: https://www.news.com.au/subscribe/news/1/?offerset=nw_default&utm_medium=EDM&int_source=EDM&int_campaign=Project_Zero_Apr21&int_content=EDM&sourceCode=NWWEB_EDM0104202114365 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:fa87:fffd::c000:4298 , Ireland, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash e30565d344697a80f05882c11755c6d6a71626791bbc124df343b5edc7901312 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.news.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sun, 06 Feb 2022 02:48:01 GMT x-rq hhn2 0 2 9980 last-modified Mon, 31 Jan 2022 01:27:50 GMT server nginx age 0 etag "61f73b16-108" vary X-Mobile-Class x-cache miss content-type image/svg+xml cache-control max-age=31536000 accept-ranges bytes content-length 264 expires Mon, 06 Feb 2023 02:48:01 GMT
GET H2	200	newspremium.png dsf.newscorpaustralia.com/news/wp-content/uploads/sites/73/2021/09/	3 KB 3 KB	7ms 7ms	Image image/webp	2a04:fa87:fffd::c000:4298 AUTOMATTIC
General Check archive.org Show headers Download Go to Show image Full URL https://dsf.newscorpaustralia.com/news/wp-content/uploads/sites/73/2021/09/newspremium.png Requested by Host: www.news.com.au URL: https://www.news.com.au/subscribe/news/1/?offerset=nw_default&utm_medium=EDM&int_source=EDM&int_campaign=Project_Zero_Apr21&int_content=EDM&sourceCode=NWWEB_EDM0104202114365 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:fa87:fffd::c000:4298 , Ireland, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash 68c61bab1dff583c0bfc1a26fe03d3d5f60e92e263d7422c39862a80efa638c0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.news.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sun, 06 Feb 2022 02:48:01 GMT x-rq hhn2 109 88 443 last-modified Tue, 23 Nov 2021 15:39:58 GMT server nginx etag "43ac82388598e27f" vary Accept x-cache HIT content-type image/webp cache-control max-age=2592000 accept-ranges bytes content-length 2602 expires Wed, 23 Nov 2022 15:39:58 GMT
GET H2	200	icon-phone.png dsf.newscorpaustralia.com/wp-content/plugins/dynamic-shop-front/assets/common/images/	337 B 390 B	7ms 7ms	Image image/png	2a04:fa87:fffd::c000:4298 AUTOMATTIC
General Check archive.org Show headers Download Go to Show image Full URL https://dsf.newscorpaustralia.com/wp-content/plugins/dynamic-shop-front/assets/common/images/icon-phone.png Requested by Host: www.news.com.au URL: https://www.news.com.au/subscribe/news/1/?offerset=nw_default&utm_medium=EDM&int_source=EDM&int_campaign=Project_Zero_Apr21&int_content=EDM&sourceCode=NWWEB_EDM0104202114365 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:fa87:fffd::c000:4298 , Ireland, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash 4e1a4f2c605f26bcf80a2cd8e5d48e887c2062a53cd1d993cb05250223e386a6 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.news.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sun, 06 Feb 2022 02:48:01 GMT x-rq hhn2 0 2 9980 last-modified Mon, 10 Jan 2022 05:59:32 GMT server nginx age 2250232 etag "61dbcb44-151" x-cache hit content-type image/png cache-control max-age=31536000 accept-ranges bytes content-length 337 expires Mon, 06 Feb 2023 02:48:01 GMT
GET H2	200	SourceSansPro.css subscriptions.news.com.au/media/fonts/SourceSansPro/	2 KB 2 KB	8ms 8ms	Stylesheet text/css	18.66.97.29 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://subscriptions.news.com.au/media/fonts/SourceSansPro/SourceSansPro.css Requested by Host: client URL: about:client Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.97.29 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-97-29.fra56.r.cloudfront.net Software AmazonS3 / Resource Hash 388d1df3fdfee665c3bc7d059e42500524e8f180febba13620847ec8b836fd33 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.news.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers x-amz-version-id BU9pslV_1tk2oM9KNiljnrkOp3wYAVog via 1.1 93b8205e2f07a7099af2e6fd126d9658.cloudfront.net (CloudFront) last-modified Wed, 23 Sep 2020 08:43:42 GMT server AmazonS3 age 82233 etag "2a13a755f725cea2c202bc30af451d10" x-cache Hit from cloudfront content-type text/css date Sat, 05 Feb 2022 03:57:29 GMT x-amz-cf-pop FRA56-P2 accept-ranges bytes content-length 2173 x-amz-cf-id aHd6fENqem4rnjr4-Ph2wT3XNgj2sqWHUFOvF_B-zKqtnOQI5PNArA==
GET H2	200	Charter.css subscriptions.news.com.au/media/fonts/Charter/	2 KB 2 KB	9ms 8ms	Stylesheet text/css	18.66.97.29 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://subscriptions.news.com.au/media/fonts/Charter/Charter.css Requested by Host: client URL: about:client Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.97.29 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-97-29.fra56.r.cloudfront.net Software AmazonS3 / Resource Hash ccda4fea5d95b6e07fadfff761f20fd106531b7f780fe470aa565f4c365301d7 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.news.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers x-amz-version-id 78tZPx9F6ldnoT3vI7OxzT3AZa.JXQqe via 1.1 93b8205e2f07a7099af2e6fd126d9658.cloudfront.net (CloudFront) last-modified Wed, 23 Sep 2020 08:43:10 GMT server AmazonS3 age 86320 etag "9d796e9621f8bd2ea24552819973cb20" x-cache Hit from cloudfront content-type text/css date Sun, 06 Feb 2022 01:55:17 GMT x-amz-cf-pop FRA56-P2 accept-ranges bytes content-length 1635 x-amz-cf-id FdxyBX3G5Txn6ojasMgujb3Zpiinj-xl7R9LblsIhzoPIA-Q3qi0zA==
GET H2	200	a20352597942.html Show response a20352597942.cdn.optimizely.com/client_storage/ Frame 4183	2 KB 1 KB	61ms 15ms	Document text/html	104.117.200.111 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://a20352597942.cdn.optimizely.com/client_storage/a20352597942.html Requested by Host: cdn.optimizely.com URL: https://cdn.optimizely.com/js/20352597942.js?ver=5.8.3 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.117.200.111 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-117-200-111.deploy.static.akamaitechnologies.com Software AmazonS3 / Resource Hash 78e9525f27478abe1dc785fa56d07b2594cb7e0a5d2b6653a5b0dddbabdae769 Security Headers Name Value Strict-Transport-Security max-age=15768000 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://www.news.com.au/ Response headers x-amz-id-2 CKjl07q3zMw6jZoLNWXmtRlKRgWdTyWfs6D+8xrz06IHmh2cCKQJNKlqvKWXSWtHcM85gi48dT8= x-amz-request-id Z7MMX1D6P2P0NZRC x-amz-replication-status COMPLETED last-modified Wed, 02 Feb 2022 03:17:06 GMT etag "a79c697113ffe599c5710a9f7d1d30fd" x-amz-server-side-encryption AES256 x-amz-meta-pci_enabled False content-encoding gzip x-amz-version-id hGFCdRfkJxwldYAAItMLPY5zJn12PYgd accept-ranges bytes content-type text/html; charset=utf-8 server AmazonS3 content-length 841 vary Accept-Encoding cache-control max-age=120 date Sun, 06 Feb 2022 02:48:01 GMT server-timing cdn;desc="AkamaiION";dur=0,rtt;desc="8";dur=0,cdnip;desc="104.117.200.111";dur=0,cdnmap;desc="a4728.x.akamaiedge.net";dur=0,proto;desc="h2";dur=0 strict-transport-security max-age=15768000
GET H2	200	adobe_visitor.js Show response tags.news.com.au/prod/visitor/	60 KB 20 KB	107ms 23ms	Script application/x-javascript	2.18.233.169 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://tags.news.com.au/prod/visitor/adobe_visitor.js Requested by Host: tags.tiqcdn.com URL: https://tags.tiqcdn.com/utag/newsltd/news.sops/prod/utag.sync.js?ver=5.8.3 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2.18.233.169 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a2-18-233-169.deploy.static.akamaitechnologies.com Software AkamaiNetStorage / Resource Hash 1bc3625c4e923d79a85677113b548e5444129ead716d43e10e2a6e9d56939143 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.news.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sun, 06 Feb 2022 02:48:02 GMT content-encoding gzip server AkamaiNetStorage etag "762b36524699d0c801c527b6e71f35e4:1593471758.804374" vary Accept-Encoding p3p CP="News Ltd does not have a P3P policy. You can view our Privacy Policy at http://www.newscorpaustraliaprivacy.com" cache-control max-age=36154 content-type application/x-javascript content-length 19871
GET DATA	200 OK	truncated /	9 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 63b693778274923011281f0c339ac4116f8a31b9d186d0657849380cd5bd34b7 Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	157 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 80d54533f80e8233621f965ae0a7713928bdb4d491ed0eb5e90434550f1894cb Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Content-Type image/png
GET H2	200	authorize Show response login.newscorpaustralia.com/ Frame CB8E	2 KB 3 KB	1322ms 1247ms	Document text/html	104.111.230.77 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://login.newscorpaustralia.com/authorize?client_id=4kpLW1s8YHsjoFv70uRwHdOjIg3sE85A&response_type=token%20id_token&scope=openid%20profile&audience=newscorpaustralia&redirect_uri=https%3A%2F%2Fwww.news.com.au%2Fremote%2Fidentity%2Fauth%2Flatest%2Flogin%2Fcallback.html&state=XQo-2qRd2Orhm~s-N6XILH0~FRwh6aII&nonce=aCkJzjdRxiOJ_iki2Er3lva1LKfYk9er&response_mode=web_message&prompt=none&auth0Client=eyJuYW1lIjoiYXV0aDAuanMiLCJ2ZXJzaW9uIjoiOS4xOC4xIn0%3D Requested by Host: www.news.com.au URL: https://www.news.com.au/remote/identity/rampart/latest/rampart.js?ver=5.8.3 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.111.230.77 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-111-230-77.deploy.static.akamaitechnologies.com Software cloudflare / Resource Hash 3d50624b2bd04d8a8c5fb8e836b6b598148b7a6b5c20eda09d726638509ab169 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://www.news.com.au/ Response headers content-type text/html;charset=UTF-8 cf-ray 6d910ea50b9f9143-FRA strict-transport-security max-age=31536000 cf-cache-status DYNAMIC expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" ot-baggage-auth0-request-id 6d910ea50b9f9143 ot-tracer-sampled true ot-tracer-spanid 291557a027fbe926 ot-tracer-traceid 7aff09ba63950166 x-auth0-requestid d439f02e9f0e29fd2a8f x-content-type-options nosniff x-ratelimit-limit 1000 x-ratelimit-remaining 999 x-ratelimit-reset 1644115684 server cloudflare content-encoding gzip x-akamai-transformed 9 534 0 pmb=mTOE,3 expires Sun, 06 Feb 2022 02:48:03 GMT cache-control max-age=0, no-cache, no-store pragma no-cache date Sun, 06 Feb 2022 02:48:03 GMT content-length 806 vary Accept-Encoding
GET H2	200	rampart.js Show response www.news.com.au/remote/identity/rampart/latest/	278 KB 83 KB	96ms 96ms	Script application/x-javascript	2.18.233.28 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://www.news.com.au/remote/identity/rampart/latest/rampart.js Requested by Host: subscriptions.news.com.au URL: https://subscriptions.news.com.au/loader/loader.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2.18.233.28 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a2-18-233-28.deploy.static.akamaitechnologies.com Software AkamaiNetStorage / Resource Hash cfbc28456df3bf7c54a17607f30ce34c5d9af8ce5a63835909a6e14df86e2bcb Security Headers Name Value Content-Security-Policy block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; X-Content-Security-Policy block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.news.com.au/subscribe/news/1/?offerset=nw_default&utm_medium=EDM&int_source=EDM&int_campaign=Project_Zero_Apr21&int_content=EDM&sourceCode=NWWEB_EDM0104202114365 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers content-security-policy block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; content-encoding gzip x-content-security-policy block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; server AkamaiNetStorage etag "66c4dba788caf010cc03758553c1cf72:1643006397.848692" vary User-Agent, Accept-Encoding content-type application/x-javascript cache-control max-age=678 date Sun, 06 Feb 2022 02:48:02 GMT is-https true x-webkit-csp block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; expires Sun, 06 Feb 2022 02:59:20 GMT
GET H/1.1	200 OK	id Show response dpm.demdex.net/	5 KB 2 KB	119ms 31ms	XHR application/json	52.31.238.195 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://dpm.demdex.net/id?d_visid_ver=4.5.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=5FE61C8B533204850A490D4D%40AdobeOrg&d_nsid=0&ts=1644115682064 Requested by Host: tags.news.com.au URL: https://tags.news.com.au/prod/visitor/adobe_visitor.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.31.238.195 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-31-238-195.eu-west-1.compute.amazonaws.com Software / Resource Hash 6493fc869d35835b2d5a25fed86864077306bc63088a02fe85a5d6d424dcfe85 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer https://www.news.com.au/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Content-Type application/x-www-form-urlencoded Response headers DCS dcs-prod-irl1-1-v027-0e88eeebe.edge-irl1.demdex.com UNKNOWN Pragma no-cache Strict-Transport-Security max-age=31536000; includeSubDomains content-encoding gzip X-TID 1n4He5urR0k= Vary Origin P3P policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT" Access-Control-Allow-Origin https://www.news.com.au Cache-Control no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private Access-Control-Allow-Credentials true Connection keep-alive Content-Type application/json;charset=utf-8 Content-Length 1543 Expires Thu, 01 Jan 1970 00:00:00 UTC
GET H/1.1	200 OK	dest5.html Show response newscorpau.demdex.net/ Frame 4334	7 KB 3 KB	131ms 30ms	Document text/html	54.72.72.188 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://newscorpau.demdex.net/dest5.html?d_nsid=0 Requested by Host: tags.news.com.au URL: https://tags.news.com.au/prod/visitor/adobe_visitor.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.72.72.188 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-54-72-72-188.eu-west-1.compute.amazonaws.com Software / Resource Hash 7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://www.news.com.au/ Response headers Accept-Ranges bytes Cache-Control no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private content-encoding gzip Content-Type text/html;charset=UTF-8 date Sun, 6 Feb 2022 02:48:02 GMT DCS dcs-prod-irl1-1-v027-04d2b909f.edge-irl1.demdex.com UNKNOWN Expires Thu, 01 Jan 1970 00:00:00 UTC last-modified Wed, 19 Jan 2022 13:28:58 GMT P3P policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT" Pragma no-cache Strict-Transport-Security max-age=31536000; includeSubDomains vary accept-encoding X-TID z3Fr6RyMTi4= Content-Length 2791 Connection keep-alive
GET H2	200	id Show response newscorpau.sc.omtrdc.net/	2 B 316 B	60ms 16ms	XHR application/x-javascript	15.236.176.210 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://newscorpau.sc.omtrdc.net/id?d_visid_ver=4.5.1&d_fieldgroup=A&mcorgid=5FE61C8B533204850A490D4D%40AdobeOrg&mid=51283567641469298263194384379692585793&ts=1644115682192 Requested by Host: tags.news.com.au URL: https://tags.news.com.au/prod/visitor/adobe_visitor.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 15.236.176.210 Paris, France, ASN16509 (AMAZON-02, US), Reverse DNS ec2-15-236-176-210.eu-west-3.compute.amazonaws.com Software jag / Resource Hash 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://www.news.com.au/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Content-Type application/x-www-form-urlencoded Response headers date Sun, 06 Feb 2022 02:48:02 GMT x-content-type-options nosniff server jag xserver anedge-cdfbd77b-m4mmt vary Origin x-c main-1585.I7afc85.M0-540 p3p CP="This is not a P3P policy" access-control-allow-origin https://www.news.com.au cache-control no-cache, no-store, max-age=0, no-transform, private access-control-allow-credentials true content-type application/x-javascript;charset=utf-8 content-length 2 x-xss-protection 1; mode=block
GET H/1.1	200 OK	ibs:dpid=411&dpuuid=Yf824gAAAF0HsgP7 dpm.demdex.net/ Redirect Chain https://cm.everesttech.net/cm/dd?d_uuid=51259672326821810483196490237152936539 https://dpm.demdex.net/ibs:dpid=411&dpuuid=Yf824gAAAF0HsgP7	42 B 943 B	32ms 32ms	Image image/gif	52.31.238.195 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://dpm.demdex.net/ibs:dpid=411&dpuuid=Yf824gAAAF0HsgP7 Requested by Host: www.news.com.au URL: https://www.news.com.au/subscribe/news/1/?offerset=nw_default&utm_medium=EDM&int_source=EDM&int_campaign=Project_Zero_Apr21&int_content=EDM&sourceCode=NWWEB_EDM0104202114365 Protocol HTTP/1.1 Server 52.31.238.195 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-31-238-195.eu-west-1.compute.amazonaws.com Software / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.news.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers DCS dcs-prod-irl1-2-v027-0da95bd13.edge-irl1.demdex.com UNKNOWN Pragma no-cache Strict-Transport-Security max-age=31536000; includeSubDomains content-encoding gzip X-Content-Type-Options nosniff X-TID Mrr5nP5URRU= P3P policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT" Cache-Control no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private Connection keep-alive Content-Type image/gif Content-Length 59 Expires Thu, 01 Jan 1970 00:00:00 UTC Redirect headers Location https://dpm.demdex.net/ibs:dpid=411&dpuuid=Yf824gAAAF0HsgP7 Date Sun, 06 Feb 2022 02:48:02 GMT Cache-Control no-cache Server AMO-cookiemap/1.1 Connection keep-alive Content-Length 0 P3P CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
GET H/1.1	200 OK	ibs:dpid=358&dpuuid=6604950145403243054 dpm.demdex.net/ Frame 4334 Redirect Chain https://ib.adnxs.com/getuid?https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D358%26dpuuid%3D%24UID https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fdpm.demdex.net%252Fibs%253Adpid%253D358%2526dpuuid%253D%2524UID https://dpm.demdex.net/ibs:dpid=358&dpuuid=6604950145403243054	42 B 943 B	32ms 32ms	Image image/gif	52.31.238.195 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://dpm.demdex.net/ibs:dpid=358&dpuuid=6604950145403243054 Requested by Host: www.news.com.au URL: https://www.news.com.au/subscribe/news/1/?offerset=nw_default&utm_medium=EDM&int_source=EDM&int_campaign=Project_Zero_Apr21&int_content=EDM&sourceCode=NWWEB_EDM0104202114365 Protocol HTTP/1.1 Server 52.31.238.195 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-31-238-195.eu-west-1.compute.amazonaws.com Software / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://newscorpau.demdex.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers DCS dcs-prod-irl1-1-v027-0c6e3a1f4.edge-irl1.demdex.com UNKNOWN Pragma no-cache Strict-Transport-Security max-age=31536000; includeSubDomains content-encoding gzip X-Content-Type-Options nosniff X-TID QZUqlrVlQsY= P3P policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT" Cache-Control no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private Connection keep-alive Content-Type image/gif Content-Length 59 Expires Thu, 01 Jan 1970 00:00:00 UTC Redirect headers Pragma no-cache Date Sun, 06 Feb 2022 02:48:02 GMT X-Proxy-Origin 193.27.14.40; 193.27.14.40; 539.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com AN-X-Request-Uuid 5635cd22-a6c0-4243-82e9-93b039ab65fb Server nginx/1.17.9 Access-Control-Allow-Origin * P3P policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" Location https://dpm.demdex.net/ibs:dpid=358&dpuuid=6604950145403243054 Cache-Control no-store, no-cache, private Access-Control-Allow-Credentials true Connection keep-alive Content-Type text/html; charset=utf-8 Content-Length 0 X-XSS-Protection 0 Expires Sat, 15 Nov 2008 16:00:00 GMT
GET H/1.1	200 OK	ibs:dpid=470&dpuuid=7214935692623460864 dpm.demdex.net/ Frame 4334 Redirect Chain https://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMjM2NTYzMjkvdC8y/url/https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D470%26dpuuid%3D%24!%7BTURN_UUID%7D https://dpm.demdex.net/ibs:dpid=470&dpuuid=7214935692623460864	42 B 943 B	32ms 32ms	Image image/gif	52.31.238.195 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://dpm.demdex.net/ibs:dpid=470&dpuuid=7214935692623460864 Requested by Host: www.news.com.au URL: https://www.news.com.au/subscribe/news/1/?offerset=nw_default&utm_medium=EDM&int_source=EDM&int_campaign=Project_Zero_Apr21&int_content=EDM&sourceCode=NWWEB_EDM0104202114365 Protocol HTTP/1.1 Server 52.31.238.195 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-31-238-195.eu-west-1.compute.amazonaws.com Software / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://newscorpau.demdex.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers DCS dcs-prod-irl1-1-v027-0a4dca2b0.edge-irl1.demdex.com UNKNOWN Pragma no-cache Strict-Transport-Security max-age=31536000; includeSubDomains content-encoding gzip X-Content-Type-Options nosniff X-TID O0LE3/DxTAs= P3P policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT" Cache-Control no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private Connection keep-alive Content-Type image/gif Content-Length 59 Expires Thu, 01 Jan 1970 00:00:00 UTC Redirect headers location https://dpm.demdex.net/ibs:dpid=470&dpuuid=7214935692623460864 pragma no-cache date Sun, 06 Feb 2022 02:48:02 GMT cache-control max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0 content-length 0 p3p policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
POST H2	200	pixel_3ddecd04 Show response www.news.com.au/akam/11/	0 1 KB	31ms 30ms	XHR text/html	2.18.233.28 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://www.news.com.au/akam/11/pixel_3ddecd04 Requested by Host: www.news.com.au URL: https://www.news.com.au/akam/11/3ddecd04 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2.18.233.28 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a2-18-233-28.deploy.static.akamaitechnologies.com Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Content-Security-Policy block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; X-Content-Security-Policy block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; Request headers Referer https://www.news.com.au/subscribe/news/1/?offerset=nw_default&utm_medium=EDM&int_source=EDM&int_campaign=Project_Zero_Apr21&int_content=EDM&sourceCode=NWWEB_EDM0104202114365 Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Content-Type application/x-www-form-urlencoded Response headers content-security-policy block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; x-arrg45 adlite date Sun, 06 Feb 2022 02:48:02 GMT vary User-Agent content-type text/html x-webkit-csp block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; is-https true x-sppdebug /akam/11/pixel_3ddecd04?wpa=249773C60B8F845BC60654C0BAA5BE730BF5A8A0&editiondata=none&fromakamai=true&pt=none&device=DESKTOP&ck_st=null x-arrrg1 /blaize/decision-engine?path=https%3a%2f%2fwww.news.com.au%2fakam%2f11%2fpixel_3ddecd04&blaizehost=cdn.news.newscorp.blaize.io&content_id=pixel_3ddecd04&session=cc873177cdc9191e34a3597510bfa0eb content-length 0 x-content-security-policy block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
GET H/1.1	204 No Content	token token.rubiconproject.com/ Frame 4334	0 214 B	38ms 7ms	Image text/plain	69.173.144.138 RUBICONPROJECT
General Check archive.org Show headers Download Go to Show image Full URL https://token.rubiconproject.com/token?pid=6404&puid=51259672326821810483196490237152936539&gdpr=0&gdpr_consent= Requested by Host: www.news.com.au URL: https://www.news.com.au/subscribe/news/1/?offerset=nw_default&utm_medium=EDM&int_source=EDM&int_campaign=Project_Zero_Apr21&int_content=EDM&sourceCode=NWWEB_EDM0104202114365 Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_256_GCM Server 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language de-DE,de;q=0.9 Referer https://newscorpau.demdex.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Pragma no-cache Expires 0 Cache-Control no-cache,no-store,must-revalidate X-RPHost 78e3bdce5107450057bade54d54a0a7e P3P CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
POST H/1.1	204 No Content	events Show response logx.optimizely.com/v1/	0 360 B	401ms 98ms	XHR text/plain	3.231.20.39 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://logx.optimizely.com/v1/events Requested by Host: cdn.optimizely.com URL: https://cdn.optimizely.com/js/20352597942.js?ver=5.8.3 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 3.231.20.39 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-3-231-20-39.compute-1.amazonaws.com Software nginx/1.17.2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://www.news.com.au/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers Date Sun, 06 Feb 2022 02:48:02 GMT Server nginx/1.17.2 Content-Type text/plain Access-Control-Allow-Origin https://www.news.com.au Access-Control-Expose-Headers X-Results-Data-Source Access-Control-Allow-Credentials true Connection keep-alive Timing-Allow-Origin * X-Request-Id d8348b79-41df-43f6-ad24-4b771690c021
GET H/1.1	200 OK	ibs:dpid=771&dpuuid=CAESEH3jW7_Elk89OdoKK3Y_twk&google_cver=1 dpm.demdex.net/ Frame 4334 Redirect Chain https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm&gdpr=0&gdpr_consent=&google_hm=NTEyNTk2NzIzMjY4MjE4MTA0ODMxOTY0OTAyMzcxNTI5MzY1Mzk= https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm=&gdpr=0&gdpr_consent=&google_hm=NTEyNTk2NzIzMjY4MjE4MTA0ODMxOTY0OTAyMzcxNTI5MzY1Mzk=&google_tc= https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEH3jW7_Elk89OdoKK3Y_twk&google_cver=1?gdpr=0&gdpr_consent=	42 B 943 B	32ms 32ms	Image image/gif	52.31.238.195 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEH3jW7_Elk89OdoKK3Y_twk&google_cver=1?gdpr=0&gdpr_consent= Requested by Host: www.news.com.au URL: https://www.news.com.au/subscribe/news/1/?offerset=nw_default&utm_medium=EDM&int_source=EDM&int_campaign=Project_Zero_Apr21&int_content=EDM&sourceCode=NWWEB_EDM0104202114365 Protocol HTTP/1.1 Server 52.31.238.195 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-31-238-195.eu-west-1.compute.amazonaws.com Software / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://newscorpau.demdex.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers DCS dcs-prod-irl1-2-v027-0da9e18e5.edge-irl1.demdex.com UNKNOWN Pragma no-cache Strict-Transport-Security max-age=31536000; includeSubDomains content-encoding gzip X-Content-Type-Options nosniff X-TID msJhgKMVTrk= P3P policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT" Cache-Control no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private Connection keep-alive Content-Type image/gif Content-Length 59 Expires Thu, 01 Jan 1970 00:00:00 UTC Redirect headers pragma no-cache date Sun, 06 Feb 2022 02:48:02 GMT server HTTP server (unknown) p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" location https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEH3jW7_Elk89OdoKK3Y_twk&google_cver=1?gdpr=0&gdpr_consent= cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type text/html; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 314 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H/1.1	200 OK	ibs:dpid=903&dpuuid=06045354-c74d-4d64-a57b-269ecae593fb dpm.demdex.net/ Frame 4334 Redirect Chain https://match.adsrvr.org/track/cmf/generic?ttd_pid=aam&gdpr=0&gdpr_consent=&ttd_tpi=1 https://match.adsrvr.org/track/cmb/generic?ttd_pid=aam&gdpr=0&gdpr_consent=&ttd_tpi=1 https://dpm.demdex.net/ibs:dpid=903&dpuuid=06045354-c74d-4d64-a57b-269ecae593fb	42 B 943 B	32ms 31ms	Image image/gif	52.31.238.195 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://dpm.demdex.net/ibs:dpid=903&dpuuid=06045354-c74d-4d64-a57b-269ecae593fb Requested by Host: www.news.com.au URL: https://www.news.com.au/subscribe/news/1/?offerset=nw_default&utm_medium=EDM&int_source=EDM&int_campaign=Project_Zero_Apr21&int_content=EDM&sourceCode=NWWEB_EDM0104202114365 Protocol HTTP/1.1 Server 52.31.238.195 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-31-238-195.eu-west-1.compute.amazonaws.com Software / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://newscorpau.demdex.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers DCS dcs-prod-irl1-2-v027-0fee7815f.edge-irl1.demdex.com UNKNOWN Pragma no-cache Strict-Transport-Security max-age=31536000; includeSubDomains content-encoding gzip X-Content-Type-Options nosniff X-TID Gxwvtfn3QQg= P3P policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT" Cache-Control no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private Connection keep-alive Content-Type image/gif Content-Length 59 Expires Thu, 01 Jan 1970 00:00:00 UTC Redirect headers pragma no-cache date Sun, 06 Feb 2022 02:48:02 GMT x-aspnet-version 4.0.30319 p3p CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV" location https://dpm.demdex.net/ibs:dpid=903&dpuuid=06045354-c74d-4d64-a57b-269ecae593fb cache-control private,no-cache, must-revalidate content-type text/html content-length 189
GET H2	500	usersync.html image5.pubmatic.com/AdServer/usersync/ Frame 4334	0 0	112ms 34ms	Image text/html	2.21.141.175 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://image5.pubmatic.com/AdServer/usersync/usersync.html?predirect=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid=19566%26dpuuid=PM_UID&userIdMacro=PM_UID Requested by Host: www.news.com.au URL: https://www.news.com.au/subscribe/news/1/?offerset=nw_default&utm_medium=EDM&int_source=EDM&int_campaign=Project_Zero_Apr21&int_content=EDM&sourceCode=NWWEB_EDM0104202114365 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2.21.141.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a2-21-141-175.deploy.static.akamaitechnologies.com Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language de-DE,de;q=0.9 Referer https://newscorpau.demdex.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers
GET H/1.1	200 OK	ibs:dpid=23728&dpuuid=Yf824w48bsl8.zADkfcZsQAA%261107 dpm.demdex.net/ Frame 4334 Redirect Chain https://ssum.casalemedia.com/usermatchredir?s=183607&cb=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D23728%26dpuuid%3D__UID__ https://ssum.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D23728%26dpuuid%3D__UID__&s=183607&C=1 https://dpm.demdex.net/ibs:dpid=23728&dpuuid=Yf824w48bsl8.zADkfcZsQAA%261107	42 B 943 B	32ms 32ms	Image image/gif	52.31.238.195 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://dpm.demdex.net/ibs:dpid=23728&dpuuid=Yf824w48bsl8.zADkfcZsQAA%261107 Requested by Host: www.news.com.au URL: https://www.news.com.au/subscribe/news/1/?offerset=nw_default&utm_medium=EDM&int_source=EDM&int_campaign=Project_Zero_Apr21&int_content=EDM&sourceCode=NWWEB_EDM0104202114365 Protocol HTTP/1.1 Server 52.31.238.195 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-31-238-195.eu-west-1.compute.amazonaws.com Software / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://newscorpau.demdex.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers DCS dcs-prod-irl1-1-v027-0a49fd80e.edge-irl1.demdex.com UNKNOWN Pragma no-cache Strict-Transport-Security max-age=31536000; includeSubDomains content-encoding gzip X-Content-Type-Options nosniff X-TID Gx/4N+T8Rjc= P3P policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT" Cache-Control no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private Connection keep-alive Content-Type image/gif Content-Length 59 Expires Thu, 01 Jan 1970 00:00:00 UTC Redirect headers Pragma no-cache Date Sun, 06 Feb 2022 02:48:03 GMT Server Apache P3p policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI" Location https://dpm.demdex.net/ibs:dpid=23728&dpuuid=Yf824w48bsl8.zADkfcZsQAA%261107 Cache-Control max-age=0, no-cache, no-store Connection keep-alive Content-Type text/html; charset=iso-8859-1 Content-Length 264 Expires Sun, 06 Feb 2022 02:48:03 GMT
GET H/1.1	200 OK	ibs:dpid=30432&dpuuid=CI-9969a27f9fa181b7564f0785cda285b8 dpm.demdex.net/ Frame 4334 Redirect Chain https://dt.scanscout.com/ssframework/uid?UIAA=51259672326821810483196490237152936539&url=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D30432%26dpuuid%3D%5BUSER_ID%5D https://dpm.demdex.net/ibs:dpid=30432&dpuuid=CI-9969a27f9fa181b7564f0785cda285b8	42 B 943 B	32ms 32ms	Image image/gif	52.31.238.195 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://dpm.demdex.net/ibs:dpid=30432&dpuuid=CI-9969a27f9fa181b7564f0785cda285b8 Requested by Host: www.news.com.au URL: https://www.news.com.au/subscribe/news/1/?offerset=nw_default&utm_medium=EDM&int_source=EDM&int_campaign=Project_Zero_Apr21&int_content=EDM&sourceCode=NWWEB_EDM0104202114365 Protocol HTTP/1.1 Server 52.31.238.195 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-31-238-195.eu-west-1.compute.amazonaws.com Software / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://newscorpau.demdex.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers DCS dcs-prod-irl1-2-v027-0e1375e85.edge-irl1.demdex.com UNKNOWN Pragma no-cache Strict-Transport-Security max-age=31536000; includeSubDomains content-encoding gzip X-Content-Type-Options nosniff X-TID NdgImD2TTbc= P3P policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT" Cache-Control no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private Connection keep-alive Content-Type image/gif Content-Length 59 Expires Thu, 01 Jan 1970 00:00:00 UTC Redirect headers Location https://dpm.demdex.net/ibs:dpid=30432&dpuuid=CI-9969a27f9fa181b7564f0785cda285b8 Date Sun, 06 Feb 2022 02:48:03 GMT useSecure true Server openresty/1.19.9.1 Connection keep-alive Content-Length 43 Content-Type image/gif
GET H/1.1	200 OK	ibs:dpid=30064&dpuuid=%7BUUID_6j5b2cv%7D dpm.demdex.net/ Frame 4334 Redirect Chain https://ps.eyeota.net/match?bid=6j5b2cv&uid=51259672326821810483196490237152936539&r=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D30064%26dpuuid%3D%7BUUID_6j5b2cv%7D https://dpm.demdex.net/ibs:dpid=30064&dpuuid=%7BUUID_6j5b2cv%7D	42 B 961 B	30ms 30ms	Image image/gif	52.31.238.195 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://dpm.demdex.net/ibs:dpid=30064&dpuuid=%7BUUID_6j5b2cv%7D Requested by Host: www.news.com.au URL: https://www.news.com.au/subscribe/news/1/?offerset=nw_default&utm_medium=EDM&int_source=EDM&int_campaign=Project_Zero_Apr21&int_content=EDM&sourceCode=NWWEB_EDM0104202114365 Protocol HTTP/1.1 Server 52.31.238.195 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-31-238-195.eu-west-1.compute.amazonaws.com Software / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://newscorpau.demdex.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers DCS dcs-prod-irl1-2-v027-04eb20598.edge-irl1.demdex.com UNKNOWN Pragma no-cache Strict-Transport-Security max-age=31536000; includeSubDomains content-encoding gzip X-Content-Type-Options nosniff X-Error 303,104 X-TID xUa+KYU9TIM= P3P policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT" Cache-Control no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private Connection keep-alive Content-Type image/gif Content-Length 59 Expires Thu, 01 Jan 1970 00:00:00 UTC Redirect headers Location https://dpm.demdex.net/ibs:dpid=30064&dpuuid={UUID_6j5b2cv} Date Sun, 06 Feb 2022 02:48:03 GMT Content-Length 0 P3P CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"
GET H2	204	usermatch.gif beacon.krxd.net/ Frame 4334 Redirect Chain https://usermatch.krxd.net/um/v2?partner=adobe&id=51259672326821810483196490237152936539 https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=adobe&id=51259672326821810483196490237152936539	0 338 B	143ms 32ms	Image text/plain	99.80.121.211 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=adobe&id=51259672326821810483196490237152936539 Requested by Host: www.news.com.au URL: https://www.news.com.au/subscribe/news/1/?offerset=nw_default&utm_medium=EDM&int_source=EDM&int_campaign=Project_Zero_Apr21&int_content=EDM&sourceCode=NWWEB_EDM0104202114365 Protocol H2 Server 99.80.121.211 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-99-80-121-211.eu-west-1.compute.amazonaws.com Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language de-DE,de;q=0.9 Referer https://newscorpau.demdex.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sun, 06 Feb 2022 02:48:03 GMT cache-control private, no-cache, no-store x-request-time D=52 t=1644115683 x-served-by beacon-n003-dub-prod.krxd.net p3p policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC" Redirect headers location https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=adobe&id=51259672326821810483196490237152936539 date Sun, 06 Feb 2022 02:48:03 GMT x-cache-hits 0 x-age 0 content-length 0 x-cache MISS x-served-by usermatch-a003-ash-prod.krxd.net
GET		ab1de4d login.newscorpaustralia.com/akam/11/ Frame CB8E	0 0
GET		dFxoQRo login.newscorpaustralia.com/Vz6N43/lU/f1/z1e4/0BoaQTOfCrqBE/aQNOwzbc/TXZPMGgAJwM/eygy/ Frame CB8E	0 0
GET H2	200	utag.js Show response tags.tiqcdn.com/utag/newsltd/news.sops/prod/	44 KB 13 KB	293ms 293ms	Script application/x-javascript	104.75.88.194 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://tags.tiqcdn.com/utag/newsltd/news.sops/prod/utag.js Requested by Host: subscriptions.news.com.au URL: https://subscriptions.news.com.au/loader/loader.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 104.75.88.194 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-75-88-194.deploy.static.akamaitechnologies.com Software AkamaiNetStorage / Resource Hash 1e343f41526a632de8a6179b2516267540ac4d47eea0f80c7742a7f1f2ffdfab Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.news.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sun, 06 Feb 2022 02:48:03 GMT content-encoding gzip last-modified Tue, 07 Sep 2021 01:19:45 GMT server AkamaiNetStorage etag "a87c653c3e686fa69da760fb67d068ad:1630977585.05119" vary Accept-Encoding content-type application/x-javascript cache-control max-age=300 accept-ranges bytes content-length 13261 expires Sun, 06 Feb 2022 02:53:03 GMT
GET H2	200	index.html Show response subscriptions.news.com.au/caas/ Frame E1CF	743 B 1 KB	12ms 12ms	Document text/html	18.66.97.29 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://subscriptions.news.com.au/caas/index.html?pageType=spc Requested by Host: subscriptions.news.com.au URL: https://subscriptions.news.com.au/loader/loader.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.97.29 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-97-29.fra56.r.cloudfront.net Software AmazonS3 / Resource Hash f87aef1698fdca4c0a213b84b081f185fda2a189cfa44436fd3487617c1b081a Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://www.news.com.au/ Response headers content-type text/html content-length 743 last-modified Mon, 20 Dec 2021 04:01:30 GMT accept-ranges bytes server AmazonS3 date Sat, 05 Feb 2022 09:08:14 GMT etag "c3e8106e8407d380a470c77b3b512e68" x-cache Hit from cloudfront via 1.1 93b8205e2f07a7099af2e6fd126d9658.cloudfront.net (CloudFront) x-amz-cf-pop FRA56-P2 x-amz-cf-id mFuDqmRTZgxqXRIDpDsA3FfCmsMc66SpjIzMDorbx63_ZjvJUcgsbw== age 63590
GET H2	200	/ Show response js.stripe.com/v3/	276 KB 73 KB	133ms 24ms	Script application/javascript	18.64.79.36 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.stripe.com/v3/ Requested by Host: subscriptions.news.com.au URL: https://subscriptions.news.com.au/loader/loader.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.64.79.36 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-64-79-36.txl50.r.cloudfront.net Software Cloudfront / Resource Hash 1bbd7775b4648a4c247825d3f5520d8d58f7447815688fda7bc42a78ab5b7c24 Security Headers Name Value Strict-Transport-Security max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.news.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers strict-transport-security max-age=31556926; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff age 59 x-cache Hit from cloudfront date Sun, 06 Feb 2022 02:48:02 GMT via 1.1 e525bea03a9d3936e48892de5d4c1354.cloudfront.net (CloudFront) last-modified Fri, 04 Feb 2022 22:48:29 GMT server Cloudfront etag W/"41c472a5d36507b361c3eeb20f9fb7f0" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=60 x-amz-cf-pop TXL50-P2 timing-allow-origin * x-amz-cf-id P6MGuoU-HeO14oAhoRh7JL6YUSOata8Wux2tyZGx3lv1sOOL5FlvYQ==
GET H2	200	swg-button.css news.google.com/swg/js/v1/ Frame E1CF	21 KB 7 KB	40ms 7ms	Stylesheet text/css	2a00:1450:4001:829::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://news.google.com/swg/js/v1/swg-button.css Requested by Host: subscriptions.news.com.au URL: https://subscriptions.news.com.au/caas/index.html?pageType=spc Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash bde06a0400c168573473e2de967d842eec383f2f755aef4ec017b2f333e7ff85 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://subscriptions.news.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sun, 06 Feb 2022 02:09:05 GMT content-encoding gzip x-content-type-options nosniff age 2338 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/news-frontend cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 6457 x-xss-protection 0 last-modified Wed, 12 Jan 2022 22:09:41 GMT server sffe cross-origin-opener-policy same-origin; report-to="news-frontend" vary Accept-Encoding report-to {"group":"news-frontend","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/news-frontend"}]} content-type text/css cache-control public, max-age=3000 accept-ranges bytes expires Sun, 06 Feb 2022 02:59:05 GMT
GET H2	200	runtime~main.js Show response subscriptions.news.com.au/caas/1.8.6/ Frame E1CF	4 KB 2 KB	10ms 9ms	Script text/javascript	18.66.97.29 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://subscriptions.news.com.au/caas/1.8.6/runtime~main.js?9eed0ed2ccb8a40de0a9 Requested by Host: subscriptions.news.com.au URL: https://subscriptions.news.com.au/caas/index.html?pageType=spc Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.97.29 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-97-29.fra56.r.cloudfront.net Software AmazonS3 / Resource Hash 49f9e1e455b623b160e1293c9a0f4c3a1d0aaa8207b846d17ff2a944383c7eba Request headers Accept-Language de-DE,de;q=0.9 Referer https://subscriptions.news.com.au/caas/index.html?pageType=spc User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sat, 05 Feb 2022 13:58:05 GMT content-encoding gzip last-modified Mon, 20 Dec 2021 04:01:30 GMT server AmazonS3 age 46199 etag W/"d93e271347e7ec149405dd20e8eb640f" vary Accept-Encoding x-cache Hit from cloudfront content-type text/javascript via 1.1 93b8205e2f07a7099af2e6fd126d9658.cloudfront.net (CloudFront) x-amz-cf-pop FRA56-P2 x-amz-cf-id -H3VPiomzawcD6MQ0tYcFriuq-Dq0W5MhtAr-dnj1hLYj0zF6jC4NQ==
GET H2	200	368.js Show response subscriptions.news.com.au/caas/1.8.6/ Frame E1CF	200 KB 64 KB	12ms 11ms	Script text/javascript	18.66.97.29 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://subscriptions.news.com.au/caas/1.8.6/368.js?9eed0ed2ccb8a40de0a9 Requested by Host: subscriptions.news.com.au URL: https://subscriptions.news.com.au/caas/index.html?pageType=spc Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.97.29 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-97-29.fra56.r.cloudfront.net Software AmazonS3 / Resource Hash ea98d785faefcce6010127439cefe944b44a85a06380402ee3ecb28b3b8fb114 Request headers Accept-Language de-DE,de;q=0.9 Referer https://subscriptions.news.com.au/caas/index.html?pageType=spc User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sat, 05 Feb 2022 08:13:33 GMT content-encoding gzip last-modified Mon, 20 Dec 2021 04:01:30 GMT server AmazonS3 age 66871 etag W/"e772c095dadaf101056fb0c936a4e950" vary Accept-Encoding x-cache Hit from cloudfront content-type text/javascript via 1.1 93b8205e2f07a7099af2e6fd126d9658.cloudfront.net (CloudFront) x-amz-cf-pop FRA56-P2 x-amz-cf-id yJJSm9MMSzeysbZqx5Q4pNYA6KaguLAxKKD0p10m-gsAUz8djz3XVg==
GET H2	200	664.js Show response subscriptions.news.com.au/caas/1.8.6/ Frame E1CF	538 KB 96 KB	18ms 17ms	Script text/javascript	18.66.97.29 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://subscriptions.news.com.au/caas/1.8.6/664.js?9eed0ed2ccb8a40de0a9 Requested by Host: subscriptions.news.com.au URL: https://subscriptions.news.com.au/caas/index.html?pageType=spc Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.97.29 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-97-29.fra56.r.cloudfront.net Software AmazonS3 / Resource Hash dccbf588352666111ca28972cdf39e91d63c1a5caf8bba8b484393336c818114 Request headers Accept-Language de-DE,de;q=0.9 Referer https://subscriptions.news.com.au/caas/index.html?pageType=spc User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sat, 05 Feb 2022 03:03:12 GMT content-encoding gzip last-modified Mon, 20 Dec 2021 04:01:30 GMT server AmazonS3 age 85492 etag W/"2db78d4d44c9c64e18fc417fee96453b" vary Accept-Encoding x-cache Hit from cloudfront content-type text/javascript via 1.1 93b8205e2f07a7099af2e6fd126d9658.cloudfront.net (CloudFront) x-amz-cf-pop FRA56-P2 x-amz-cf-id KK0A-R0t-rYIKzJOZ0rtStQfk5FjV9lXDu6M0ZjH0imClP5bKVsnkg==
GET H2	200	main.js Show response subscriptions.news.com.au/caas/1.8.6/ Frame E1CF	12 KB 5 KB	16ms 15ms	Script text/javascript	18.66.97.29 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://subscriptions.news.com.au/caas/1.8.6/main.js?9eed0ed2ccb8a40de0a9 Requested by Host: subscriptions.news.com.au URL: https://subscriptions.news.com.au/caas/index.html?pageType=spc Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.97.29 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-97-29.fra56.r.cloudfront.net Software AmazonS3 / Resource Hash ef09d1d59eb6f3d29aca0a650756de29118f74a208182733c4a05d93166bb515 Request headers Accept-Language de-DE,de;q=0.9 Referer https://subscriptions.news.com.au/caas/index.html?pageType=spc User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sat, 05 Feb 2022 13:58:05 GMT content-encoding gzip last-modified Mon, 20 Dec 2021 04:01:30 GMT server AmazonS3 age 46199 etag W/"93dd2cb3d231c6d2424a645b49ec2eec" vary Accept-Encoding x-cache Hit from cloudfront content-type text/javascript via 1.1 93b8205e2f07a7099af2e6fd126d9658.cloudfront.net (CloudFront) x-amz-cf-pop FRA56-P2 x-amz-cf-id Qo3i231T7m5mL5QgtxETmLX-ZL72xHxKbJ2w4KKz47XS6fJEm-xJ5g==
GET H/1.1	200 OK	ibs:dpid=134096&dpuuid=$_BK_UUID dpm.demdex.net/ Frame 4334 Redirect Chain https://tags.bluekai.com/site/43981?id=51259672326821810483196490237152936539&redir=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D134096%26dpuuid%3D%24_BK_UUID https://dpm.demdex.net/ibs:dpid=134096&dpuuid=$_BK_UUID	42 B 961 B	31ms 31ms	Image image/gif	52.31.238.195 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://dpm.demdex.net/ibs:dpid=134096&dpuuid=$_BK_UUID Requested by Host: www.news.com.au URL: https://www.news.com.au/subscribe/news/1/?offerset=nw_default&utm_medium=EDM&int_source=EDM&int_campaign=Project_Zero_Apr21&int_content=EDM&sourceCode=NWWEB_EDM0104202114365 Protocol HTTP/1.1 Server 52.31.238.195 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-31-238-195.eu-west-1.compute.amazonaws.com Software / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://newscorpau.demdex.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers DCS dcs-prod-irl1-1-v027-07b513162.edge-irl1.demdex.com UNKNOWN Pragma no-cache Strict-Transport-Security max-age=31536000; includeSubDomains content-encoding gzip X-Content-Type-Options nosniff X-Error 104,303 X-TID y9tkUcxSSJw= P3P policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT" Cache-Control no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private Connection keep-alive Content-Type image/gif Content-Length 59 Expires Thu, 01 Jan 1970 00:00:00 UTC Redirect headers Location https://dpm.demdex.net/ibs:dpid=134096&dpuuid=$_BK_UUID Date Sun, 06 Feb 2022 02:48:03 GMT Connection keep-alive Content-Length 0 P3P CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
GET H2	200	SourceSansPro.css subscriptions.news.com.au/media/fonts/SourceSansPro/ Frame E1CF	2 KB 2 KB	8ms 6ms	Stylesheet text/css	18.66.97.29 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://subscriptions.news.com.au/media/fonts/SourceSansPro/SourceSansPro.css Requested by Host: client URL: about:client Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.97.29 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-97-29.fra56.r.cloudfront.net Software AmazonS3 / Resource Hash 388d1df3fdfee665c3bc7d059e42500524e8f180febba13620847ec8b836fd33 Request headers Accept-Language de-DE,de;q=0.9 Referer https://subscriptions.news.com.au/caas/index.html?pageType=spc User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers x-amz-version-id BU9pslV_1tk2oM9KNiljnrkOp3wYAVog via 1.1 93b8205e2f07a7099af2e6fd126d9658.cloudfront.net (CloudFront) last-modified Wed, 23 Sep 2020 08:43:42 GMT server AmazonS3 age 82235 etag "2a13a755f725cea2c202bc30af451d10" x-cache Hit from cloudfront content-type text/css date Sat, 05 Feb 2022 03:57:29 GMT x-amz-cf-pop FRA56-P2 accept-ranges bytes content-length 2173 x-amz-cf-id KmLcTxfTN9ZxQtXM_Er23v8vv2XuS2_YXhzBeIXb9JPu8ICWG5pALQ==
GET H2	200	Charter.css subscriptions.news.com.au/media/fonts/Charter/ Frame E1CF	2 KB 2 KB	7ms 7ms	Stylesheet text/css	18.66.97.29 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://subscriptions.news.com.au/media/fonts/Charter/Charter.css Requested by Host: client URL: about:client Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.97.29 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-97-29.fra56.r.cloudfront.net Software AmazonS3 / Resource Hash ccda4fea5d95b6e07fadfff761f20fd106531b7f780fe470aa565f4c365301d7 Request headers Accept-Language de-DE,de;q=0.9 Referer https://subscriptions.news.com.au/caas/index.html?pageType=spc User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers x-amz-version-id 78tZPx9F6ldnoT3vI7OxzT3AZa.JXQqe via 1.1 93b8205e2f07a7099af2e6fd126d9658.cloudfront.net (CloudFront) last-modified Wed, 23 Sep 2020 08:43:10 GMT server AmazonS3 age 86322 etag "9d796e9621f8bd2ea24552819973cb20" x-cache Hit from cloudfront content-type text/css date Sun, 06 Feb 2022 01:55:17 GMT x-amz-cf-pop FRA56-P2 accept-ranges bytes content-length 1635 x-amz-cf-id qaUmvkHfxHLzNQGhcOqQOPPJ0dCw4Y2e-Q1ugtxSBXWlZUwIsKPY7Q==
GET H2	200	Eva.css subscriptions.news.com.au/media/fonts/Eva/ Frame E1CF	395 B 760 B	9ms 8ms	Stylesheet text/css	18.66.97.29 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://subscriptions.news.com.au/media/fonts/Eva/Eva.css Requested by Host: client URL: about:client Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.97.29 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-97-29.fra56.r.cloudfront.net Software AmazonS3 / Resource Hash 6a2f4b75929402e5b3fed0dcfe8fb8d3d747d65d51aefd9ec57c53158bb25511 Request headers Accept-Language de-DE,de;q=0.9 Referer https://subscriptions.news.com.au/caas/index.html?pageType=spc User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers x-amz-version-id wWxldQG0MXNMBKz140atvmOGuIy0Vbt1 via 1.1 93b8205e2f07a7099af2e6fd126d9658.cloudfront.net (CloudFront) last-modified Thu, 22 Apr 2021 02:14:15 GMT server AmazonS3 age 85490 etag "e8fe0f5fabfe6eabb219322272c621ec" x-cache Hit from cloudfront content-type text/css date Sat, 05 Feb 2022 03:03:14 GMT x-amz-cf-pop FRA56-P2 accept-ranges bytes content-length 395 x-amz-cf-id ZkBxZcz2L4jqjAY_VK5JfKNl3qp5FYV_iDLdHccAgscjhGXn-KqGoA==
GET H2	200	HelveticaNeue.css subscriptions.news.com.au/media/fonts/HelveticaNeue/ Frame E1CF	906 B 1 KB	8ms 8ms	Stylesheet text/css	18.66.97.29 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://subscriptions.news.com.au/media/fonts/HelveticaNeue/HelveticaNeue.css Requested by Host: client URL: about:client Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.97.29 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-97-29.fra56.r.cloudfront.net Software AmazonS3 / Resource Hash 832c7d00c0b5e479ba3c671a288af66b6e49c05164415d32539a1ac50b8f74cc Request headers Accept-Language de-DE,de;q=0.9 Referer https://subscriptions.news.com.au/caas/index.html?pageType=spc User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers x-amz-version-id QdXvt68lQTZMx8MzmY2DGTI4BK.nTI36 via 1.1 93b8205e2f07a7099af2e6fd126d9658.cloudfront.net (CloudFront) last-modified Thu, 22 Apr 2021 02:13:40 GMT server AmazonS3 age 46197 etag "ce98421cb38a23274ae438fd3d511cea" x-cache Hit from cloudfront content-type text/css date Sat, 05 Feb 2022 13:58:06 GMT x-amz-cf-pop FRA56-P2 accept-ranges bytes content-length 906 x-amz-cf-id SY9b5ldTrvaY5iMBtbYhnbMqbiFLPYO64bBVHmBOnUKL0FbEb01BpQ==
GET H2	200	env.json Show response subscriptions.news.com.au/caas/1.8.6/config/ Frame E1CF	1 KB 1 KB	8ms 7ms	XHR application/json	18.66.97.29 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://subscriptions.news.com.au/caas/1.8.6/config/env.json Requested by Host: subscriptions.news.com.au URL: https://subscriptions.news.com.au/caas/1.8.6/368.js?9eed0ed2ccb8a40de0a9 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.97.29 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-97-29.fra56.r.cloudfront.net Software AmazonS3 / Resource Hash 8ac972a09f7caaa1a2405c1ff7939e29b552d5f4f72c32886f32ce7df302344d Request headers Accept application/json, text/plain, */* Referer https://subscriptions.news.com.au/caas/index.html?pageType=spc Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sat, 05 Feb 2022 13:58:06 GMT content-encoding gzip last-modified Mon, 20 Dec 2021 04:01:30 GMT server AmazonS3 age 46197 etag W/"8429c17b53e4b8346af9123c7d21ce16" vary Accept-Encoding x-cache Hit from cloudfront content-type application/json via 1.1 93b8205e2f07a7099af2e6fd126d9658.cloudfront.net (CloudFront) x-amz-cf-pop FRA56-P2 x-amz-cf-id G_h3sdxKoVhu8GHuAyDc7AAIZJ7iTSP4JdzCjW1GphfGHeMdtkMtTQ==
GET H2	200	rampart.js Show response www.news.com.au/remote/identity/rampart/latest/ Frame E1CF	278 KB 83 KB	53ms 53ms	Script application/x-javascript	2.18.233.28 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://www.news.com.au/remote/identity/rampart/latest/rampart.js Requested by Host: subscriptions.news.com.au URL: https://subscriptions.news.com.au/caas/1.8.6/main.js?9eed0ed2ccb8a40de0a9 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2.18.233.28 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a2-18-233-28.deploy.static.akamaitechnologies.com Software AkamaiNetStorage / Resource Hash cfbc28456df3bf7c54a17607f30ce34c5d9af8ce5a63835909a6e14df86e2bcb Security Headers Name Value Content-Security-Policy block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; X-Content-Security-Policy block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; Request headers Accept-Language de-DE,de;q=0.9 Referer https://subscriptions.news.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers content-security-policy block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; content-encoding gzip x-content-security-policy block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; server AkamaiNetStorage etag "66c4dba788caf010cc03758553c1cf72:1643006397.848692" vary User-Agent, Accept-Encoding content-type application/x-javascript cache-control max-age=677 date Sun, 06 Feb 2022 02:48:03 GMT is-https true x-webkit-csp block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; expires Sun, 06 Feb 2022 02:59:20 GMT
GET H3	200	pixel cm.g.doubleclick.net/ Frame 4334 Redirect Chain https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_push%26google_sc%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_... https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_push&google_sc&google_hm=WWY4MjRnQUFBRjBIc2dQNw==	170 B 188 B	25ms 25ms	Image image/png	142.250.186.34 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_push&google_sc&google_hm=WWY4MjRnQUFBRjBIc2dQNw== Requested by Host: www.news.com.au URL: https://www.news.com.au/subscribe/news/1/?offerset=nw_default&utm_medium=EDM&int_source=EDM&int_campaign=Project_Zero_Apr21&int_content=EDM&sourceCode=NWWEB_EDM0104202114365 Protocol H3 Server 142.250.186.34 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s04-in-f2.1e100.net Software HTTP server (unknown) / Resource Hash 0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5 Security Headers Name Value X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://newscorpau.demdex.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Sun, 06 Feb 2022 02:48:03 GMT server HTTP server (unknown) content-type image/png cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 170 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers pragma no-cache date Sun, 06 Feb 2022 02:48:03 GMT via 1.1 varnish server Varnish x-timer S1644115684.526852,VS0,VE0 x-served-by cache-hhn4050-HHN x-cache HIT location https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_push&google_sc&google_hm=WWY4MjRnQUFBRjBIc2dQNw== cache-control no-cache accept-ranges bytes content-length 0 retry-after 0 x-cache-hits 0
GET H2	200	controller-7901288b106c001d27f9116ef02a7440.html Show response js.stripe.com/v3/ Frame EC67	349 B 1 KB	34ms 33ms	Document text/html	18.64.79.36 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.stripe.com/v3/controller-7901288b106c001d27f9116ef02a7440.html Requested by Host: js.stripe.com URL: https://js.stripe.com/v3/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.64.79.36 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-64-79-36.txl50.r.cloudfront.net Software Cloudfront / Resource Hash 8a23ca739d54e4b5970063f1e65a26f5c5145b0e6e70596a53da329f74f875fc Security Headers Name Value Content-Security-Policy default-src 'self'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'self'; img-src 'self' https://q.stripe.com blob:; font-src data: https:; media-src 'none'; object-src 'self'; report-uri https://q.stripe.com/csp-report Strict-Transport-Security max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://www.news.com.au/ Response headers content-type text/html; charset=utf-8 content-length 349 last-modified Fri, 04 Feb 2022 22:21:58 GMT accept-ranges bytes server Cloudfront access-control-allow-origin * x-content-type-options nosniff strict-transport-security max-age=31556926; includeSubDomains; preload content-security-policy default-src 'self'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'self'; img-src 'self' https://q.stripe.com blob:; font-src data: https:; media-src 'none'; object-src 'self'; report-uri https://q.stripe.com/csp-report timing-allow-origin * date Sun, 06 Feb 2022 02:47:28 GMT cache-control max-age=60 etag "7901288b106c001d27f9116ef02a7440" vary Accept-Encoding x-cache Hit from cloudfront via 1.1 e525bea03a9d3936e48892de5d4c1354.cloudfront.net (CloudFront) x-amz-cf-pop TXL50-P2 x-amz-cf-id OSCciqbwsX376J_iDHYPJc-vdAauNDIXBXx6EDD2uIjkDW-297lm5w== age 37
GET H2	200	payment-request-inner-google-pay-b07989b70f274cbb8e3341b880d8bb73.html Show response js.stripe.com/v3/ Frame FEF8	434 B 1 KB	40ms 40ms	Document text/html	18.64.79.36 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.stripe.com/v3/payment-request-inner-google-pay-b07989b70f274cbb8e3341b880d8bb73.html Requested by Host: js.stripe.com URL: https://js.stripe.com/v3/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.64.79.36 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-64-79-36.txl50.r.cloudfront.net Software Cloudfront / Resource Hash dbbbaa836bcec0622675ef9e85364863d120abe823ac3a23cd388644a1199ad9 Security Headers Name Value Content-Security-Policy default-src 'none'; connect-src 'self' https://r.stripe.com https://google.com/pay https://pay.google.com; script-src 'self' https://pay.google.com; style-src 'self' 'unsafe-inline'; frame-src https://pay.google.com; img-src https://q.stripe.com https://www.gstatic.com; report-uri https://q.stripe.com/csp-report Strict-Transport-Security max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://www.news.com.au/ Response headers content-type text/html; charset=utf-8 content-length 434 last-modified Fri, 04 Feb 2022 22:21:09 GMT accept-ranges bytes server Cloudfront access-control-allow-origin * x-content-type-options nosniff strict-transport-security max-age=31556926; includeSubDomains; preload content-security-policy default-src 'none'; connect-src 'self' https://r.stripe.com https://google.com/pay https://pay.google.com; script-src 'self' https://pay.google.com; style-src 'self' 'unsafe-inline'; frame-src https://pay.google.com; img-src https://q.stripe.com https://www.gstatic.com; report-uri https://q.stripe.com/csp-report timing-allow-origin * date Sun, 06 Feb 2022 02:48:03 GMT cache-control max-age=60 etag "b07989b70f274cbb8e3341b880d8bb73" vary Accept-Encoding x-cache Hit from cloudfront via 1.1 e525bea03a9d3936e48892de5d4c1354.cloudfront.net (CloudFront) x-amz-cf-pop TXL50-P2 x-amz-cf-id zBz5fO-TRymjYy8jZOmT4EghtFo6lr_qB0juKV-djOpvvzyYLhqSHA== age 50
GET H2	200	payment-request-inner-browser-2545bd1ba0b4ff4088c50e429de71e9f.html Show response js.stripe.com/v3/ Frame 3106	370 B 1 KB	41ms 41ms	Document text/html	18.64.79.36 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.stripe.com/v3/payment-request-inner-browser-2545bd1ba0b4ff4088c50e429de71e9f.html Requested by Host: js.stripe.com URL: https://js.stripe.com/v3/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.64.79.36 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-64-79-36.txl50.r.cloudfront.net Software Cloudfront / Resource Hash c52f624af849204964ce0f575f0126ca9272626012dab242f2c6fcaa8b282205 Security Headers Name Value Content-Security-Policy default-src 'self'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com https://google.com/pay https://pay.google.com; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'self'; img-src 'self' https://q.stripe.com https://www.gstatic.com; font-src data: https:; media-src 'none'; object-src 'self'; report-uri https://q.stripe.com/csp-report Strict-Transport-Security max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://www.news.com.au/ Response headers content-type text/html; charset=utf-8 content-length 370 last-modified Fri, 04 Feb 2022 22:21:57 GMT accept-ranges bytes server Cloudfront access-control-allow-origin * x-content-type-options nosniff strict-transport-security max-age=31556926; includeSubDomains; preload content-security-policy default-src 'self'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com https://google.com/pay https://pay.google.com; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'self'; img-src 'self' https://q.stripe.com https://www.gstatic.com; font-src data: https:; media-src 'none'; object-src 'self'; report-uri https://q.stripe.com/csp-report timing-allow-origin * date Sun, 06 Feb 2022 02:48:03 GMT cache-control max-age=60 etag "2545bd1ba0b4ff4088c50e429de71e9f" vary Accept-Encoding x-cache Hit from cloudfront via 1.1 e525bea03a9d3936e48892de5d4c1354.cloudfront.net (CloudFront) x-amz-cf-pop TXL50-P2 x-amz-cf-id XK-lTkpRpsQmlpO-4slOrZW4d1_w_1WP4u-JbDpKatlwsuG0oBMxgQ== age 2
GET H2	200	messages Show response dsf.newscorpaustralia.com/dailytelegraph/wp-json/dsf-api/ Frame E1CF	6 KB 2 KB	312ms 312ms	XHR application/json	2a04:fa87:fffd::c000:4298 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://dsf.newscorpaustralia.com/dailytelegraph/wp-json/dsf-api/messages Requested by Host: subscriptions.news.com.au URL: https://subscriptions.news.com.au/caas/1.8.6/368.js?9eed0ed2ccb8a40de0a9 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:fa87:fffd::c000:4298 , Ireland, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash 56bc687b2a58d0145a7ab051dba9a1c8d64ff4bc048122726ed0960686e6d2e6 Security Headers Name Value X-Content-Type-Options nosniff Request headers Accept application/json, text/plain, */* Referer https://subscriptions.news.com.au/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sun, 06 Feb 2022 02:48:03 GMT content-encoding gzip x-content-type-options nosniff age 0 x-cache miss link <https://dsf.newscorpaustralia.com/dailytelegraph/wp-json/>; rel="https://api.w.org/" x-rq mxp2 0 2 9980 allow GET server nginx vary Accept-Encoding, Origin access-control-allow-methods OPTIONS, GET, POST, PUT, PATCH, DELETE content-type application/json; charset=UTF-8 access-control-allow-origin https://subscriptions.news.com.au access-control-expose-headers X-WP-Total, X-WP-TotalPages, Link cache-control max-age=60 access-control-allow-credentials true accept-ranges bytes x-robots-tag noindex access-control-allow-headers Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type
POST H2	200	csp-report q.stripe.com/ Frame EC67	0 356 B	500ms 178ms	Other text/plain	54.186.23.98 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://q.stripe.com/csp-report Requested by Host: www.news.com.au URL: https://www.news.com.au/subscribe/news/1/?offerset=nw_default&utm_medium=EDM&int_source=EDM&int_campaign=Project_Zero_Apr21&int_content=EDM&sourceCode=NWWEB_EDM0104202114365 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.186.23.98 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ip-54-186-23-98.stripe.com Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://js.stripe.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Content-Type application/csp-report Response headers date Sun, 06 Feb 2022 02:48:03 GMT server nginx access-control-max-age 3600 access-control-allow-methods GET, POST, OPTIONS access-control-allow-origin https://js.stripe.com access-control-expose-headers Server, Range, Content-Type x-envoy-upstream-service-time 1 access-control-allow-headers Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token content-length 0
POST H2	200	csp-report q.stripe.com/ Frame FEF8	0 357 B	497ms 178ms	Other text/plain	54.186.23.98 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://q.stripe.com/csp-report Requested by Host: www.news.com.au URL: https://www.news.com.au/subscribe/news/1/?offerset=nw_default&utm_medium=EDM&int_source=EDM&int_campaign=Project_Zero_Apr21&int_content=EDM&sourceCode=NWWEB_EDM0104202114365 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.186.23.98 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ip-54-186-23-98.stripe.com Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://js.stripe.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Content-Type application/csp-report Response headers date Sun, 06 Feb 2022 02:48:03 GMT server nginx access-control-max-age 3600 access-control-allow-methods GET, POST, OPTIONS access-control-allow-origin https://js.stripe.com access-control-expose-headers Server, Range, Content-Type x-envoy-upstream-service-time 0 access-control-allow-headers Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token content-length 0
POST H2	200	csp-report q.stripe.com/ Frame 3106	0 356 B	495ms 178ms	Other text/plain	54.186.23.98 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://q.stripe.com/csp-report Requested by Host: www.news.com.au URL: https://www.news.com.au/subscribe/news/1/?offerset=nw_default&utm_medium=EDM&int_source=EDM&int_campaign=Project_Zero_Apr21&int_content=EDM&sourceCode=NWWEB_EDM0104202114365 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.186.23.98 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ip-54-186-23-98.stripe.com Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://js.stripe.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Content-Type application/csp-report Response headers date Sun, 06 Feb 2022 02:48:03 GMT server nginx access-control-max-age 3600 access-control-allow-methods GET, POST, OPTIONS access-control-allow-origin https://js.stripe.com access-control-expose-headers Server, Range, Content-Type x-envoy-upstream-service-time 1 access-control-allow-headers Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token content-length 0
GET H2	200	shared-b6a8cdbf23b932ea2f703add0b40291a.js Show response js.stripe.com/v3/fingerprinted/js/ Frame EC67	203 KB 55 KB	46ms 46ms	Script application/javascript	18.64.79.36 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.stripe.com/v3/fingerprinted/js/shared-b6a8cdbf23b932ea2f703add0b40291a.js Requested by Host: js.stripe.com URL: https://js.stripe.com/v3/controller-7901288b106c001d27f9116ef02a7440.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.64.79.36 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-64-79-36.txl50.r.cloudfront.net Software Cloudfront / Resource Hash bb83bbf399e8e3a55ea658582617784625edac266a840481fc3765a8601a7ac7 Security Headers Name Value Strict-Transport-Security max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://js.stripe.com/v3/controller-7901288b106c001d27f9116ef02a7440.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers strict-transport-security max-age=31556926; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff age 56 x-cache Hit from cloudfront date Sun, 06 Feb 2022 02:48:03 GMT via 1.1 e525bea03a9d3936e48892de5d4c1354.cloudfront.net (CloudFront) last-modified Fri, 04 Feb 2022 22:21:25 GMT server Cloudfront etag W/"9ea986d5747d84c839e3af46261bfc40" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=60 x-amz-cf-pop TXL50-P2 timing-allow-origin * x-amz-cf-id 3ahiY5-8UOyNTMcH2H9Iab6psgFOdSs9xo6cRKWPyt7voiS9wcsuaA==
GET H2	200	controller-cc8ca56b08dd51bb574122f878782ccb.js Show response js.stripe.com/v3/fingerprinted/js/ Frame EC67	321 KB 89 KB	28ms 28ms	Script application/javascript	18.64.79.36 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.stripe.com/v3/fingerprinted/js/controller-cc8ca56b08dd51bb574122f878782ccb.js Requested by Host: js.stripe.com URL: https://js.stripe.com/v3/controller-7901288b106c001d27f9116ef02a7440.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.64.79.36 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-64-79-36.txl50.r.cloudfront.net Software Cloudfront / Resource Hash 8b78041c076ffc25b8d63fdbaed8134ba84fbb8238d29feebb546a0e46aee6a4 Security Headers Name Value Strict-Transport-Security max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://js.stripe.com/v3/controller-7901288b106c001d27f9116ef02a7440.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers strict-transport-security max-age=31556926; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff age 54 x-cache Hit from cloudfront date Sun, 06 Feb 2022 02:47:09 GMT via 1.1 e525bea03a9d3936e48892de5d4c1354.cloudfront.net (CloudFront) last-modified Fri, 04 Feb 2022 22:21:37 GMT server Cloudfront etag W/"a2896fe43fb777140d9be718cf0c10cb" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=60 x-amz-cf-pop TXL50-P2 timing-allow-origin * x-amz-cf-id RqyXHDaVh_RKCVB0wrqT5535nHH7C1ueHTS112AEHmG6VPLYkhsyYQ==
GET H2	200	pay.js Show response pay.google.com/gp/p/js/ Frame FEF8	95 KB 31 KB	127ms 67ms	Script application/javascript	2a00:1450:4013:c02::5c GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pay.google.com/gp/p/js/pay.js Requested by Host: js.stripe.com URL: https://js.stripe.com/v3/payment-request-inner-google-pay-b07989b70f274cbb8e3341b880d8bb73.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4013:c02::5c Groningen, Netherlands, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 0ecde91d88dbb2ac0fee3fd1fbb92977853f7e91ba1977c2c33b04d237165693 Security Headers Name Value Content-Security-Policy require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendHttp/cspreport, script-src 'report-sample' 'nonce-EvplFKpJZbrqubtmPQYNzg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendHttp/cspreport;worker-src 'self', script-src 'nonce-EvplFKpJZbrqubtmPQYNzg' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendHttp/cspreport Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://js.stripe.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sun, 06 Feb 2022 02:48:03 GMT content-encoding gzip x-content-type-options nosniff p3p CP="This is not a P3P policy! See g.co/p3phelp for more info." cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" x-xss-protection 0 server ESF cross-origin-opener-policy same-origin; report-to="InstantbuyFrontendHttp" x-frame-options SAMEORIGIN strict-transport-security max-age=31536000 report-to {"group":"InstantbuyFrontendHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/InstantbuyFrontendHttp/external"}]} content-type application/javascript; charset=utf-8 cache-control private, max-age=600 content-security-policy require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendHttp/cspreport, script-src 'report-sample' 'nonce-EvplFKpJZbrqubtmPQYNzg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendHttp/cspreport;worker-src 'self', script-src 'nonce-EvplFKpJZbrqubtmPQYNzg' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendHttp/cspreport expires Sun, 06 Feb 2022 02:48:03 GMT
GET H2	200	shared-b6a8cdbf23b932ea2f703add0b40291a.js Show response js.stripe.com/v3/fingerprinted/js/ Frame FEF8	203 KB 55 KB	59ms 59ms	Script application/javascript	18.64.79.36 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.stripe.com/v3/fingerprinted/js/shared-b6a8cdbf23b932ea2f703add0b40291a.js Requested by Host: js.stripe.com URL: https://js.stripe.com/v3/payment-request-inner-google-pay-b07989b70f274cbb8e3341b880d8bb73.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.64.79.36 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-64-79-36.txl50.r.cloudfront.net Software Cloudfront / Resource Hash bb83bbf399e8e3a55ea658582617784625edac266a840481fc3765a8601a7ac7 Security Headers Name Value Strict-Transport-Security max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://js.stripe.com/v3/payment-request-inner-google-pay-b07989b70f274cbb8e3341b880d8bb73.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers strict-transport-security max-age=31556926; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff age 56 x-cache Hit from cloudfront date Sun, 06 Feb 2022 02:48:03 GMT via 1.1 e525bea03a9d3936e48892de5d4c1354.cloudfront.net (CloudFront) last-modified Fri, 04 Feb 2022 22:21:25 GMT server Cloudfront etag W/"9ea986d5747d84c839e3af46261bfc40" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=60 x-amz-cf-pop TXL50-P2 timing-allow-origin * x-amz-cf-id ot3UB6ok71cpodabJR_xJ3O9EMthbdXSyn37-cZswoBjZmlxljAFZQ==
GET H2	200	payment-request-inner-google-pay-53683c7f260af3c27b6513eb8eaf8348.js Show response js.stripe.com/v3/fingerprinted/js/ Frame FEF8	13 KB 5 KB	72ms 72ms	Script application/javascript	18.64.79.36 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.stripe.com/v3/fingerprinted/js/payment-request-inner-google-pay-53683c7f260af3c27b6513eb8eaf8348.js Requested by Host: js.stripe.com URL: https://js.stripe.com/v3/payment-request-inner-google-pay-b07989b70f274cbb8e3341b880d8bb73.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.64.79.36 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-64-79-36.txl50.r.cloudfront.net Software Cloudfront / Resource Hash f7c6c691a394f89e002769da936ae601d73955103e646b2846dee757528ff78f Security Headers Name Value Strict-Transport-Security max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://js.stripe.com/v3/payment-request-inner-google-pay-b07989b70f274cbb8e3341b880d8bb73.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers strict-transport-security max-age=31556926; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff age 50 x-cache Hit from cloudfront date Sun, 06 Feb 2022 02:47:13 GMT via 1.1 e525bea03a9d3936e48892de5d4c1354.cloudfront.net (CloudFront) last-modified Thu, 27 Jan 2022 19:43:11 GMT server Cloudfront etag W/"365a7cdb884fda0612bedf209eae4658" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=60 x-amz-cf-pop TXL50-P2 timing-allow-origin * x-amz-cf-id h0s4l_Wcy1TCYJlIlW1G1pSvR2mTrouJf59j7DRRMAYrceXIGr-i1Q==
GET H2	200	shared-b6a8cdbf23b932ea2f703add0b40291a.js Show response js.stripe.com/v3/fingerprinted/js/ Frame 3106	203 KB 55 KB	67ms 66ms	Script application/javascript	18.64.79.36 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.stripe.com/v3/fingerprinted/js/shared-b6a8cdbf23b932ea2f703add0b40291a.js Requested by Host: js.stripe.com URL: https://js.stripe.com/v3/payment-request-inner-browser-2545bd1ba0b4ff4088c50e429de71e9f.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.64.79.36 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-64-79-36.txl50.r.cloudfront.net Software Cloudfront / Resource Hash bb83bbf399e8e3a55ea658582617784625edac266a840481fc3765a8601a7ac7 Security Headers Name Value Strict-Transport-Security max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://js.stripe.com/v3/payment-request-inner-browser-2545bd1ba0b4ff4088c50e429de71e9f.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers strict-transport-security max-age=31556926; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff age 56 x-cache Hit from cloudfront date Sun, 06 Feb 2022 02:48:03 GMT via 1.1 e525bea03a9d3936e48892de5d4c1354.cloudfront.net (CloudFront) last-modified Fri, 04 Feb 2022 22:21:25 GMT server Cloudfront etag W/"9ea986d5747d84c839e3af46261bfc40" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=60 x-amz-cf-pop TXL50-P2 timing-allow-origin * x-amz-cf-id KO8BdyS1OL6x97kt45iR6up0ffN3rLNN9r3WnprSviQst8G4FqLW9Q==
GET H2	200	payment-request-inner-browser-53b1c16e3d275920fa39409a23a55c68.js Show response js.stripe.com/v3/fingerprinted/js/ Frame 3106	11 KB 5 KB	71ms 71ms	Script application/javascript	18.64.79.36 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.stripe.com/v3/fingerprinted/js/payment-request-inner-browser-53b1c16e3d275920fa39409a23a55c68.js Requested by Host: js.stripe.com URL: https://js.stripe.com/v3/payment-request-inner-browser-2545bd1ba0b4ff4088c50e429de71e9f.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.64.79.36 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-64-79-36.txl50.r.cloudfront.net Software Cloudfront / Resource Hash e975df45fb7abcf35adc5a4f635783b2bf3831e80b7c3abcc45b408401da9419 Security Headers Name Value Strict-Transport-Security max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://js.stripe.com/v3/payment-request-inner-browser-2545bd1ba0b4ff4088c50e429de71e9f.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers strict-transport-security max-age=31556926; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff age 29 x-cache Hit from cloudfront date Sun, 06 Feb 2022 02:48:03 GMT via 1.1 e525bea03a9d3936e48892de5d4c1354.cloudfront.net (CloudFront) last-modified Thu, 27 Jan 2022 19:43:10 GMT server Cloudfront etag W/"3ba0b9c2ca62a1b673a66ad861fe7884" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=60 x-amz-cf-pop TXL50-P2 timing-allow-origin * x-amz-cf-id qV4wON4a9YuCLYJKGZIurVQJTzOuASu473oPifAnvDrPvc6k-jw7fA==
GET H/1.1	204 No Content	tap.php pixel.rubiconproject.com/ Frame 4334 Redirect Chain https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D7941%26nid%3D2243%26put%3D%24%7BUSER_ID%7D%26expires%3D90 https://pixel.rubiconproject.com/tap.php?v=7941&nid=2243&put=Yf824gAAAF0HsgP7&expires=90	0 239 B	59ms 8ms	Image image/gif	69.173.144.165 RUBICONPROJECT
General Check archive.org Show headers Download Go to Show image Full URL https://pixel.rubiconproject.com/tap.php?v=7941&nid=2243&put=Yf824gAAAF0HsgP7&expires=90 Requested by Host: www.news.com.au URL: https://www.news.com.au/subscribe/news/1/?offerset=nw_default&utm_medium=EDM&int_source=EDM&int_campaign=Project_Zero_Apr21&int_content=EDM&sourceCode=NWWEB_EDM0104202114365 Protocol HTTP/1.1 Server 69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language de-DE,de;q=0.9 Referer https://newscorpau.demdex.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Pragma no-cache Expires 0 Cache-Control no-cache,no-store,must-revalidate P3P CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT" X-RPHost 704c1e4d3fcc922a3031d436b584678b Content-Type image/gif Redirect headers pragma no-cache date Sun, 06 Feb 2022 02:48:03 GMT via 1.1 varnish server Varnish x-timer S1644115684.586092,VS0,VE0 x-served-by cache-hhn4050-HHN x-cache HIT location https://pixel.rubiconproject.com/tap.php?v=7941&nid=2243&put=Yf824gAAAF0HsgP7&expires=90 cache-control no-cache accept-ranges bytes content-length 0 retry-after 0 x-cache-hits 0
POST H2	200	0 Show response r.stripe.com/ Frame EC67	0 127 B	823ms 475ms	XHR text/plain	54.187.159.182 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://r.stripe.com/0 Requested by Host: js.stripe.com URL: https://js.stripe.com/v3/fingerprinted/js/shared-b6a8cdbf23b932ea2f703add0b40291a.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ip-54-187-159-182.stripe.com Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept application/json Referer https://js.stripe.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Content-Type application/x-www-form-urlencoded Response headers access-control-allow-origin https://js.stripe.com date Sun, 06 Feb 2022 02:48:04 GMT access-control-allow-credentials true server nginx content-length 0 content-type text/plain
GET H2	200	utrack.js Show response tags.news.com.au/prod/utrack/	2 KB 1 KB	24ms 23ms	Script application/x-javascript	2.18.233.169 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://tags.news.com.au/prod/utrack/utrack.js?cb=16441156836720.34483986516921616 Requested by Host: tags.tiqcdn.com URL: https://tags.tiqcdn.com/utag/newsltd/news.sops/prod/utag.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2.18.233.169 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a2-18-233-169.deploy.static.akamaitechnologies.com Software AkamaiNetStorage / Resource Hash bfa67e2ce103d04234fa84f7595c316d23f46eed219683f06e264fb27dc91637 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.news.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Sun, 06 Feb 2022 02:48:03 GMT content-encoding gzip server AkamaiNetStorage etag "ab4f3fe7c5c43b61d4377ef72d3952fa:1558613430" vary Accept-Encoding p3p CP="News Ltd does not have a P3P policy. You can view our Privacy Policy at http://www.newscorpaustraliaprivacy.com" cache-control max-age=0, no-cache, no-store content-type application/x-javascript content-length 831 expires Sun, 06 Feb 2022 02:48:03 GMT
GET H2	200	mitas.js Show response tags.news.com.au/prod/mitas/	666 B 905 B	22ms 22ms	Script application/x-javascript	2.18.233.169 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://tags.news.com.au/prod/mitas/mitas.js Requested by Host: tags.tiqcdn.com URL: https://tags.tiqcdn.com/utag/newsltd/news.sops/prod/utag.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2.18.233.169 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a2-18-233-169.deploy.static.akamaitechnologies.com Software AkamaiNetStorage / Resource Hash d160b7999ef36a6814e7e673a78ee2388f00131908cf533155005798db86cfff Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.news.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sun, 06 Feb 2022 02:48:03 GMT cache-control max-age=71943 server AkamaiNetStorage content-type application/x-javascript etag "83a2bbd4d3829f1d4278f4ff0988804c:1490850995" content-length 666 p3p CP="News Ltd does not have a P3P policy. You can view our Privacy Policy at http://www.newscorpaustraliaprivacy.com"
POST H2	200	0 Show response r.stripe.com/ Frame EC67	0 127 B	798ms 475ms	XHR text/plain	54.187.159.182 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://r.stripe.com/0 Requested by Host: js.stripe.com URL: https://js.stripe.com/v3/fingerprinted/js/shared-b6a8cdbf23b932ea2f703add0b40291a.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ip-54-187-159-182.stripe.com Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept application/json Referer https://js.stripe.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Content-Type application/x-www-form-urlencoded Response headers access-control-allow-origin https://js.stripe.com date Sun, 06 Feb 2022 02:48:04 GMT access-control-allow-credentials true server nginx content-length 0 content-type text/plain
POST H2	200	0 Show response r.stripe.com/ Frame EC67	0 127 B	798ms 475ms	XHR text/plain	54.187.159.182 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://r.stripe.com/0 Requested by Host: js.stripe.com URL: https://js.stripe.com/v3/fingerprinted/js/shared-b6a8cdbf23b932ea2f703add0b40291a.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ip-54-187-159-182.stripe.com Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept application/json Referer https://js.stripe.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Content-Type application/x-www-form-urlencoded Response headers access-control-allow-origin https://js.stripe.com date Sun, 06 Feb 2022 02:48:04 GMT access-control-allow-credentials true server nginx content-length 0 content-type text/plain
POST H2	200	0 Show response r.stripe.com/ Frame EC67	0 128 B	642ms 319ms	XHR text/plain	54.187.159.182 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://r.stripe.com/0 Requested by Host: js.stripe.com URL: https://js.stripe.com/v3/fingerprinted/js/shared-b6a8cdbf23b932ea2f703add0b40291a.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ip-54-187-159-182.stripe.com Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept application/json Referer https://js.stripe.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Content-Type application/x-www-form-urlencoded Response headers access-control-allow-origin https://js.stripe.com date Sun, 06 Feb 2022 02:48:04 GMT access-control-allow-credentials true server nginx content-length 0 content-type text/plain
POST H2	200	0 Show response r.stripe.com/ Frame EC67	0 127 B	643ms 321ms	XHR text/plain	54.187.159.182 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://r.stripe.com/0 Requested by Host: js.stripe.com URL: https://js.stripe.com/v3/fingerprinted/js/shared-b6a8cdbf23b932ea2f703add0b40291a.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ip-54-187-159-182.stripe.com Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept application/json Referer https://js.stripe.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Content-Type application/x-www-form-urlencoded Response headers access-control-allow-origin https://js.stripe.com date Sun, 06 Feb 2022 02:48:04 GMT access-control-allow-credentials true server nginx content-length 0 content-type text/plain
POST H2	200	0 Show response r.stripe.com/ Frame EC67	0 127 B	797ms 476ms	XHR text/plain	54.187.159.182 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://r.stripe.com/0 Requested by Host: js.stripe.com URL: https://js.stripe.com/v3/fingerprinted/js/shared-b6a8cdbf23b932ea2f703add0b40291a.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ip-54-187-159-182.stripe.com Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept application/json Referer https://js.stripe.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Content-Type application/x-www-form-urlencoded Response headers access-control-allow-origin https://js.stripe.com date Sun, 06 Feb 2022 02:48:04 GMT access-control-allow-credentials true server nginx content-length 0 content-type text/plain
POST H2	200	0 Show response r.stripe.com/ Frame EC67	0 127 B	642ms 320ms	XHR text/plain	54.187.159.182 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://r.stripe.com/0 Requested by Host: js.stripe.com URL: https://js.stripe.com/v3/fingerprinted/js/shared-b6a8cdbf23b932ea2f703add0b40291a.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ip-54-187-159-182.stripe.com Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept application/json Referer https://js.stripe.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Content-Type application/x-www-form-urlencoded Response headers access-control-allow-origin https://js.stripe.com date Sun, 06 Feb 2022 02:48:04 GMT access-control-allow-credentials true server nginx content-length 0 content-type text/plain
POST H2	200	0 Show response r.stripe.com/ Frame EC67	0 127 B	642ms 321ms	XHR text/plain	54.187.159.182 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://r.stripe.com/0 Requested by Host: js.stripe.com URL: https://js.stripe.com/v3/fingerprinted/js/shared-b6a8cdbf23b932ea2f703add0b40291a.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ip-54-187-159-182.stripe.com Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept application/json Referer https://js.stripe.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Content-Type application/x-www-form-urlencoded Response headers access-control-allow-origin https://js.stripe.com date Sun, 06 Feb 2022 02:48:04 GMT access-control-allow-credentials true server nginx content-length 0 content-type text/plain
GET H2	200	tad.js Show response tags.news.com.au/prod/tad/	86 KB 27 KB	28ms 28ms	Script application/x-javascript	2.18.233.169 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://tags.news.com.au/prod/tad/tad.js Requested by Host: tags.tiqcdn.com URL: https://tags.tiqcdn.com/utag/newsltd/news.sops/prod/utag.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2.18.233.169 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a2-18-233-169.deploy.static.akamaitechnologies.com Software AkamaiNetStorage / Resource Hash 205fa688191f8222dcc83a2abea249542db609eadc62f81b0725943894d4d883 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.news.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sun, 06 Feb 2022 02:48:03 GMT content-encoding gzip server AkamaiNetStorage etag "9aaeffa9489529ab641cc47cc518f814:1642049060.686522" vary Accept-Encoding p3p CP="News Ltd does not have a P3P policy. You can view our Privacy Policy at http://www.newscorpaustraliaprivacy.com" cache-control max-age=41900 content-type application/x-javascript content-length 27622
GET H2	200	gpt.js Show response securepubads.g.doubleclick.net/tag/js/	80 KB 27 KB	47ms 23ms	Script text/javascript	142.250.185.226 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://securepubads.g.doubleclick.net/tag/js/gpt.js Requested by Host: tags.tiqcdn.com URL: https://tags.tiqcdn.com/utag/newsltd/news.sops/prod/utag.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.185.226 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s53-in-f2.1e100.net Software sffe / Resource Hash 10a7e524db359a94a66ea75b97e81a52932f0e10a04deabb49fb73ec5d038946 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.news.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sun, 06 Feb 2022 02:48:03 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 27225 x-xss-protection 0 server sffe etag "1123 / 300 of 1000 / last-modified: 1644015869" vary Accept-Encoding report-to {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]} content-type text/javascript cache-control private, max-age=900, stale-while-revalidate=3600 timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="ads-gpt-scs" expires Sun, 06 Feb 2022 02:48:03 GMT
GET H2	200	prebid.js Show response tags.news.com.au/prod/prebid/	310 KB 98 KB	51ms 50ms	Script application/x-javascript	2.18.233.169 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://tags.news.com.au/prod/prebid/prebid.js Requested by Host: tags.tiqcdn.com URL: https://tags.tiqcdn.com/utag/newsltd/news.sops/prod/utag.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2.18.233.169 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a2-18-233-169.deploy.static.akamaitechnologies.com Software AkamaiNetStorage / Resource Hash beeda9a17b4eee343f7ec43d45f3046b4133b8eea4b23ea0667d206c1d5f7d36 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.news.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sun, 06 Feb 2022 02:48:03 GMT content-encoding gzip server AkamaiNetStorage etag "a10134beab56207257f1f2ac785713ee:1632115066.493479" vary Accept-Encoding p3p CP="News Ltd does not have a P3P policy. You can view our Privacy Policy at http://www.newscorpaustraliaprivacy.com" cache-control max-age=15672 content-type application/x-javascript
GET H2	200	nielsen.js Show response tags.news.com.au/prod/nielsen/	25 KB 10 KB	22ms 22ms	Script application/x-javascript	2.18.233.169 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://tags.news.com.au/prod/nielsen/nielsen.js Requested by Host: tags.tiqcdn.com URL: https://tags.tiqcdn.com/utag/newsltd/news.sops/prod/utag.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2.18.233.169 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a2-18-233-169.deploy.static.akamaitechnologies.com Software AkamaiNetStorage / Resource Hash 002856eb594d2755e967afbc01ed1d8cfcc4232f4abfe714a5b8a9b55a367258 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.news.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sun, 06 Feb 2022 02:48:03 GMT content-encoding gzip server AkamaiNetStorage etag "ecacc4b7d71d3eee8eaca9fbb3295f91:1638242930.652258" vary Accept-Encoding p3p CP="News Ltd does not have a P3P policy. You can view our Privacy Policy at http://www.newscorpaustraliaprivacy.com" cache-control max-age=18460 content-type application/x-javascript content-length 9840
GET H2	200	metrics.js Show response tags.news.com.au/prod/metrics/	181 KB 62 KB	38ms 37ms	Script application/x-javascript	2.18.233.169 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://tags.news.com.au/prod/metrics/metrics.js Requested by Host: tags.tiqcdn.com URL: https://tags.tiqcdn.com/utag/newsltd/news.sops/prod/utag.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2.18.233.169 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a2-18-233-169.deploy.static.akamaitechnologies.com Software AkamaiNetStorage / Resource Hash d8aa84f8b7f0e4fe51f6080421619b56e2785f75bf62bd0c079256239c0c8b5e Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.news.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sun, 06 Feb 2022 02:48:03 GMT content-encoding gzip server AkamaiNetStorage etag "5ed752b58987ea67910b88bca9ab2714:1641876997.320689" vary Accept-Encoding p3p CP="News Ltd does not have a P3P policy. You can view our Privacy Policy at http://www.newscorpaustraliaprivacy.com" cache-control max-age=27837 content-type application/x-javascript
GET H/1.1	200 OK	ncg.js Show response au.tags.newscgp.com/prod/ncg/	155 KB 48 KB	38ms 9ms	Script text/javascript	13.32.99.58 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://au.tags.newscgp.com/prod/ncg/ncg.js?v=2.14.0 Requested by Host: tags.tiqcdn.com URL: https://tags.tiqcdn.com/utag/newsltd/news.sops/prod/utag.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 13.32.99.58 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-32-99-58.fra60.r.cloudfront.net Software AmazonS3 / Resource Hash 18ce848868d27ccd09f0701a569852b17a05608a24acde0f4883c82f3405ff74 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.news.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Date Sun, 06 Feb 2022 01:55:12 GMT Content-Encoding gzip Connection keep-alive Last-Modified Tue, 30 Nov 2021 07:22:26 GMT Server AmazonS3 Age 3187 ETag W/"55c95d52f12da6906cda6a2b1283a0d6" Vary Accept-Encoding X-Cache Hit from cloudfront Content-Type text/javascript Via 1.1 6fc439c8bc0a64a7ab978ce699795274.cloudfront.net (CloudFront) Cache-Control max-age=3600 Transfer-Encoding chunked X-Amz-Cf-Pop FRA60-P3 X-Amz-Cf-Id 9HWUrRfMQJMrNiLh27GZpdmq5ceGMP6luB5OnPCrmkNq_WFgqOZT0g==
GET H2	200	utag.584.js Show response tags.tiqcdn.com/utag/newsltd/news.sops/prod/	11 KB 4 KB	55ms 55ms	Script application/x-javascript	104.75.88.194 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://tags.tiqcdn.com/utag/newsltd/news.sops/prod/utag.584.js?utv=ut4.45.202106230502 Requested by Host: tags.tiqcdn.com URL: https://tags.tiqcdn.com/utag/newsltd/news.sops/prod/utag.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 104.75.88.194 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-75-88-194.deploy.static.akamaitechnologies.com Software AkamaiNetStorage / Resource Hash 444df7fe288371dbd85626e1799a018003ecfd89fc834a70ba9712d90ab64fd3 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.news.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sun, 06 Feb 2022 02:48:03 GMT content-encoding gzip last-modified Wed, 23 Jun 2021 05:02:09 GMT server AkamaiNetStorage etag "f79ca936387129b9915d9f0e449fb7f6:1624424529.337214" vary Accept-Encoding content-type application/x-javascript cache-control max-age=1296000 accept-ranges bytes content-length 3525 expires Mon, 21 Feb 2022 02:48:03 GMT
GET H/1.1	200 OK	rum dsum-sec.casalemedia.com/ Frame 4334 Redirect Chain https://sync-tm.everesttech.net/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=Yf824gAAAF0HsgP7	43 B 883 B	105ms 30ms	Image image/gif	2.18.234.21 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=Yf824gAAAF0HsgP7 Requested by Host: www.news.com.au URL: https://www.news.com.au/subscribe/news/1/?offerset=nw_default&utm_medium=EDM&int_source=EDM&int_campaign=Project_Zero_Apr21&int_content=EDM&sourceCode=NWWEB_EDM0104202114365 Protocol HTTP/1.1 Server 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a2-18-234-21.deploy.static.akamaitechnologies.com Software Apache / Resource Hash b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b Request headers Accept-Language de-DE,de;q=0.9 Referer https://newscorpau.demdex.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Pragma no-cache Date Sun, 06 Feb 2022 02:48:03 GMT Server Apache Vary Is-Traffic-Usersync P3p policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI" Cache-Control max-age=0, no-cache, no-store Connection keep-alive Content-Type image/gif Content-Length 43 Expires Sun, 06 Feb 2022 02:48:03 GMT Redirect headers pragma no-cache date Sun, 06 Feb 2022 02:48:03 GMT via 1.1 varnish server Varnish x-timer S1644115684.698477,VS0,VE0 x-served-by cache-hhn4050-HHN x-cache HIT location https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=Yf824gAAAF0HsgP7 cache-control no-cache accept-ranges bytes content-length 0 retry-after 0 x-cache-hits 0
POST H2	200	0 Show response r.stripe.com/ Frame EC67	0 127 B	626ms 320ms	XHR text/plain	54.187.159.182 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://r.stripe.com/0 Requested by Host: js.stripe.com URL: https://js.stripe.com/v3/fingerprinted/js/shared-b6a8cdbf23b932ea2f703add0b40291a.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ip-54-187-159-182.stripe.com Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept application/json Referer https://js.stripe.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Content-Type application/x-www-form-urlencoded Response headers access-control-allow-origin https://js.stripe.com date Sun, 06 Feb 2022 02:48:04 GMT access-control-allow-credentials true server nginx content-length 0 content-type text/plain
GET H2	200	PA29B4FFF-94A8-4A65-AA29-3329DFE3AEC3.js Show response cdn-gl.imrworldwide.com/conf/	33 KB 7 KB	85ms 11ms	Script application/javascript	2600:9000:2315:f200:2:42d9:3100:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cdn-gl.imrworldwide.com/conf/PA29B4FFF-94A8-4A65-AA29-3329DFE3AEC3.js Requested by Host: tags.news.com.au URL: https://tags.news.com.au/prod/nielsen/nielsen.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2315:f200:2:42d9:3100:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 47be23053c37043b89d712fd13a512ea37273c9396433e02c72c330c5d66f2ed Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.news.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers x-amz-version-id _AST9TfliImfScaQQsFMUhe9uovg0vFz content-encoding gzip etag W/"1b8a257bdf154b9e6bfb466712301aed" last-modified Fri, 04 Feb 2022 19:17:44 GMT server AmazonS3 age 2230 x-amz-server-side-encryption AES256 vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript via 1.1 c1c42e732809880dbf4b6deb496490ae.cloudfront.net (CloudFront) cache-control max-age=86400,s-maxage=86400 date Sun, 06 Feb 2022 02:12:21 GMT x-amz-cf-pop DUS51-P2 x-amz-cf-id ut9tswvp6vaYk_gX5_yLsV8srCH-vjA0maGRLGWZSCtQWXiiGU8j1A==
GET H/1.1	200 OK	iasPET.1.js Show response cdn.adsafeprotected.com/	22 KB 7 KB	52ms 7ms	Script application/javascript	52.222.214.98 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cdn.adsafeprotected.com/iasPET.1.js Requested by Host: tags.news.com.au URL: https://tags.news.com.au/prod/tad/tad.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 52.222.214.98 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-52-222-214-98.fra56.r.cloudfront.net Software AmazonS3 / Resource Hash 2afcabe2eb6314148dfd9dfdec1333b973d97d0780cc08fddab8501afbb013e9 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.news.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Date Tue, 01 Feb 2022 16:17:11 GMT Content-Encoding gzip Connection keep-alive Last-Modified Wed, 02 Jun 2021 17:38:57 GMT Server AmazonS3 Age 383453 ETag W/"51636de3ce868a2172f9e6996c2934e0" Vary Accept-Encoding X-Cache Hit from cloudfront Content-Type application/javascript Via 1.1 a23fc047c59f0902384fa94644607c00.cloudfront.net (CloudFront) Cache-Control max-age=604800 Transfer-Encoding chunked X-Amz-Cf-Pop FRA56-P3 X-Amz-Cf-Id qfrTNvswI1RrRTKDMqMJyKK6npOYeJl6EvgsIT1aL3NlEGDPHAfOQA==
GET H3	200	payframe Show response pay.google.com/gp/p/ui/ Frame 4ECC	17 KB 7 KB	93ms 77ms	Document text/html	2a00:1450:4013:c02::5c GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2Fjs.stripe.com&mid= Requested by Host: pay.google.com URL: https://pay.google.com/gp/p/js/pay.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4013:c02::5c Groningen, Netherlands, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash bb820f0899ba9c69674a8477eb4b3a5bd95494088ec571172e64770d2667cfa4 Security Headers Name Value Content-Security-Policy require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport script-src 'report-sample' 'nonce-2GTDK3y7KoeNF4qIlt+1UQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport;worker-src 'self' script-src 'nonce-2GTDK3y7KoeNF4qIlt+1UQ' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://js.stripe.com/ Response headers content-type text/html; charset=utf-8 vary Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site x-ua-compatible IE=edge expires Sun, 06 Feb 2022 02:48:03 GMT date Sun, 06 Feb 2022 02:48:03 GMT cache-control private, max-age=3600 strict-transport-security max-age=31536000 cross-origin-resource-policy same-site content-security-policy require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport script-src 'report-sample' 'nonce-2GTDK3y7KoeNF4qIlt+1UQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport;worker-src 'self' script-src 'nonce-2GTDK3y7KoeNF4qIlt+1UQ' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport report-to {"group":"InstantbuyFrontendBuyflowPayframeUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/InstantbuyFrontendBuyflowPayframeUi/external"}]} cross-origin-opener-policy same-origin; report-to="InstantbuyFrontendBuyflowPayframeUi" content-encoding gzip server ESF x-xss-protection 0 x-content-type-options nosniff alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H2	200	gdpr_user_check.esi Show response tags.news.com.au/prod/data-esi/top/	63 B 362 B	698ms 638ms	XHR text/plain	2.18.233.169 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://tags.news.com.au/prod/data-esi/top/gdpr_user_check.esi? Requested by Host: au.tags.newscgp.com URL: https://au.tags.newscgp.com/prod/ncg/ncg.js?v=2.14.0 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2.18.233.169 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a2-18-233-169.deploy.static.akamaitechnologies.com Software AkamaiGHost / Resource Hash c234d3a6e7ff0a41542220e1202ea768bffeca48680c47de404653fa040a9c7c Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.news.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Sun, 06 Feb 2022 02:48:04 GMT server AkamaiGHost p3p CP="News Ltd does not have a P3P policy. You can view our Privacy Policy at http://www.newscorpaustraliaprivacy.com" etag "519053bf13ef3980b8829a5ec0f4dbc4:1638256850.601476" content-type text/plain access-control-allow-origin * cache-control max-age=0, no-cache content-length 63 mime-version 1.0 expires Sun, 06 Feb 2022 02:48:04 GMT
GET H3	200	pubads_impl_2022020101.js Show response securepubads.g.doubleclick.net/gpt/	351 KB 119 KB	23ms 8ms	Script text/javascript	142.250.185.226 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022020101.js Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.185.226 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s53-in-f2.1e100.net Software sffe / Resource Hash b1ad18d59a923a30397279d4545c15ae7088bb6e70f37b6468b890fc4cfee8ba Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.news.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sun, 06 Feb 2022 00:10:10 GMT content-encoding gzip x-content-type-options nosniff age 9473 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 121756 x-xss-protection 0 last-modified Tue, 01 Feb 2022 09:38:49 GMT server sffe vary Accept-Encoding report-to {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]} content-type text/javascript cache-control public, immutable, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="ads-gpt-scs" expires Mon, 06 Feb 2023 00:10:10 GMT
GET H3	200	ppub_config Show response securepubads.g.doubleclick.net/pagead/	175 B 139 B	33ms 19ms	XHR application/json	142.250.185.226 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.news.com.au Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.185.226 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s53-in-f2.1e100.net Software cafe / Resource Hash dcf0b16718740cb011f6b67c9124693d19cf017d50cd42b43f8a3c199c2bda3c Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.news.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers timing-allow-origin * date Sun, 06 Feb 2022 02:48:03 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" access-control-allow-origin * cache-control private, max-age=3600, stale-while-revalidate=3600 cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type application/json; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 114 x-xss-protection 0 expires Sun, 06 Feb 2022 02:48:03 GMT
GET H/1.1	200 OK	id Show response dpm.demdex.net/	5 KB 2 KB	38ms 38ms	XHR application/json	52.31.238.195 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://dpm.demdex.net/id?d_visid_ver=4.5.1&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=5FE61C8B533204850A490D4D%40AdobeOrg&d_nsid=0&d_mid=51283567641469298263194384379692585793&d_blob=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&d_cid_ic=newsnkidcookie%01cc873177cdc9191e34a3597510bfa0eb%011&ts=1644115683794 Requested by Host: tags.news.com.au URL: https://tags.news.com.au/prod/visitor/adobe_visitor.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.31.238.195 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-31-238-195.eu-west-1.compute.amazonaws.com Software / Resource Hash 98de74a446d17ccff2625f99d89dafbc2ec881d41dcd862f558539d1e80ecbcd Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer https://www.news.com.au/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Content-Type application/x-www-form-urlencoded Response headers DCS dcs-prod-irl1-1-v027-06abf313b.edge-irl1.demdex.com UNKNOWN Pragma no-cache Strict-Transport-Security max-age=31536000; includeSubDomains content-encoding gzip X-TID wLM5U0WwQPo= Vary Origin P3P policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT" Access-Control-Allow-Origin https://www.news.com.au Cache-Control no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private Access-Control-Allow-Credentials true Connection keep-alive Content-Type application/json;charset=utf-8 Content-Length 1544 Expires Thu, 01 Jan 1970 00:00:00 UTC
GET H2	200	/ www.google.de/pagead/1p-user-list/991686727/ Redirect Chain https://googleads.g.doubleclick.net/pagead/viewthroughconversion/991686727/?value=1.00&label=jl_KCPGyzgkQx-Dv2AM&guid=ON&script=0 https://www.google.com/pagead/1p-user-list/991686727/?value=1.00&label=jl_KCPGyzgkQx-Dv2AM&guid=ON&script=0&is_vtc=1&random=634434388 https://www.google.de/pagead/1p-user-list/991686727/?value=1.00&label=jl_KCPGyzgkQx-Dv2AM&guid=ON&script=0&is_vtc=1&random=634434388&ipr=y	42 B 548 B	68ms 28ms	Image image/gif	2a00:1450:4001:829::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/pagead/1p-user-list/991686727/?value=1.00&label=jl_KCPGyzgkQx-Dv2AM&guid=ON&script=0&is_vtc=1&random=634434388&ipr=y Requested by Host: www.news.com.au URL: https://www.news.com.au/subscribe/news/1/?offerset=nw_default&utm_medium=EDM&int_source=EDM&int_campaign=Project_Zero_Apr21&int_content=EDM&sourceCode=NWWEB_EDM0104202114365 Protocol H2 Server 2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.news.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Sun, 06 Feb 2022 02:48:03 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-security-policy script-src 'none'; object-src 'none' content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers pragma no-cache date Sun, 06 Feb 2022 02:48:03 GMT x-content-type-options nosniff server cafe p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" content-type image/gif location https://www.google.de/pagead/1p-user-list/991686727/?value=1.00&label=jl_KCPGyzgkQx-Dv2AM&guid=ON&script=0&is_vtc=1&random=634434388&ipr=y cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-security-policy script-src 'none'; object-src 'none' timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	/ www.google.de/pagead/1p-user-list/991686727/ Redirect Chain https://googleads.g.doubleclick.net/pagead/viewthroughconversion/991686727/?value=1.00&label=wbPrCOmzzgkQx-Dv2AM&guid=ON&script=0 https://www.google.com/pagead/1p-user-list/991686727/?value=1.00&label=wbPrCOmzzgkQx-Dv2AM&guid=ON&script=0&is_vtc=1&random=2304880169 https://www.google.de/pagead/1p-user-list/991686727/?value=1.00&label=wbPrCOmzzgkQx-Dv2AM&guid=ON&script=0&is_vtc=1&random=2304880169&ipr=y	42 B 108 B	20ms 18ms	Image image/gif	2a00:1450:4001:829::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/pagead/1p-user-list/991686727/?value=1.00&label=wbPrCOmzzgkQx-Dv2AM&guid=ON&script=0&is_vtc=1&random=2304880169&ipr=y Requested by Host: www.news.com.au URL: https://www.news.com.au/subscribe/news/1/?offerset=nw_default&utm_medium=EDM&int_source=EDM&int_campaign=Project_Zero_Apr21&int_content=EDM&sourceCode=NWWEB_EDM0104202114365 Protocol H2 Server 2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.news.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Sun, 06 Feb 2022 02:48:04 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-security-policy script-src 'none'; object-src 'none' content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers pragma no-cache date Sun, 06 Feb 2022 02:48:03 GMT x-content-type-options nosniff server cafe p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" content-type image/gif location https://www.google.de/pagead/1p-user-list/991686727/?value=1.00&label=wbPrCOmzzgkQx-Dv2AM&guid=ON&script=0&is_vtc=1&random=2304880169&ipr=y cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-security-policy script-src 'none'; object-src 'none' timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	js Show response www.googletagmanager.com/gtag/	97 KB 39 KB	56ms 16ms	Script application/javascript	2a00:1450:4001:82f::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=AW-970140527 Requested by Host: tags.tiqcdn.com URL: https://tags.tiqcdn.com/utag/newsltd/news.sops/prod/utag.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 965de47c91699c3f4b9429a65962118709943cdc64480784bb36d3ec9d3dfeee Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.news.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sun, 06 Feb 2022 02:48:03 GMT content-encoding br vary Accept-Encoding cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 39486 x-xss-protection 0 last-modified Sun, 06 Feb 2022 00:00:00 GMT server Google Tag Manager strict-transport-security max-age=31536000; includeSubDomains content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Sun, 06 Feb 2022 02:48:03 GMT
GET H2	200	utag.v.js Show response tags.tiqcdn.com/utag/tiqapp/	2 B 202 B	14ms 14ms	Script application/x-javascript	104.75.88.194 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=newsltd/news.sops/202109070119&cb=1644115683816 Requested by Host: tags.tiqcdn.com URL: https://tags.tiqcdn.com/utag/newsltd/news.sops/prod/utag.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 104.75.88.194 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-75-88-194.deploy.static.akamaitechnologies.com Software AkamaiNetStorage / Resource Hash a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.news.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sun, 06 Feb 2022 02:48:03 GMT last-modified Thu, 14 Apr 2016 16:57:51 GMT server AkamaiNetStorage etag "7bc0ee636b3b83484fc3b9348863bd22:1460653071" content-type application/x-javascript cache-control max-age=600 accept-ranges bytes content-length 2 expires Sun, 06 Feb 2022 02:58:03 GMT
GET H/1.1	200 OK	setuid ib.adnxs.com/ Frame 4334 Redirect Chain https://sync-tm.everesttech.net/upi/pid/UH6TUt9n?redir=https%3A%2F%2Fib.adnxs.com%2Fsetuid%3Fentity%3D158%26code%3D%24%7BTM_USER_ID%7D https://ib.adnxs.com/setuid?entity=158&code=Yf824gAAAF0HsgP7	43 B 1012 B	15ms 15ms	Image image/gif	37.252.173.27 ASN-APPNEX
General Check archive.org Show headers Download Go to Show image Full URL https://ib.adnxs.com/setuid?entity=158&code=Yf824gAAAF0HsgP7 Requested by Host: www.news.com.au URL: https://www.news.com.au/subscribe/news/1/?offerset=nw_default&utm_medium=EDM&int_source=EDM&int_campaign=Project_Zero_Apr21&int_content=EDM&sourceCode=NWWEB_EDM0104202114365 Protocol HTTP/1.1 Server 37.252.173.27 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US), Reverse DNS 539.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net Software nginx/1.17.9 / Resource Hash 4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef Security Headers Name Value X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://newscorpau.demdex.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Pragma no-cache Date Sun, 06 Feb 2022 02:48:03 GMT X-Proxy-Origin 193.27.14.40; 193.27.14.40; 539.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com AN-X-Request-Uuid 562058ab-51fa-49f7-ac32-76977a3640fb Server nginx/1.17.9 P3P policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" Cache-Control no-store, no-cache, private Connection keep-alive Content-Type image/gif Content-Length 43 X-XSS-Protection 0 Expires Sat, 15 Nov 2008 16:00:00 GMT Redirect headers pragma no-cache date Sun, 06 Feb 2022 02:48:03 GMT via 1.1 varnish server Varnish x-timer S1644115684.823874,VS0,VE0 x-served-by cache-hhn4050-HHN x-cache HIT location https://ib.adnxs.com/setuid?entity=158&code=Yf824gAAAF0HsgP7 cache-control no-cache accept-ranges bytes content-length 0 retry-after 0 x-cache-hits 0
GET H2	200	nlsSDK600.bundle.min.js Show response cdn-gl.imrworldwide.com/novms/js/2/	193 KB 54 KB	18ms 18ms	Script application/javascript	2600:9000:2315:f200:2:42d9:3100:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cdn-gl.imrworldwide.com/novms/js/2/nlsSDK600.bundle.min.js Requested by Host: cdn-gl.imrworldwide.com URL: https://cdn-gl.imrworldwide.com/conf/PA29B4FFF-94A8-4A65-AA29-3329DFE3AEC3.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2315:f200:2:42d9:3100:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 28b11959f68db701b4218a36e9a8e8daf47fbfe4057f086595ebc2b0df44fbea Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.news.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers x-amz-version-id cMRN_04lvqSJdvtl7TZbazXb3VGsS_cB content-encoding gzip etag W/"711241d99f4dbd99c7bef0f79ce85582" last-modified Mon, 29 Nov 2021 14:37:17 GMT server AmazonS3 age 3002 x-amz-server-side-encryption AES256 vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript via 1.1 c1c42e732809880dbf4b6deb496490ae.cloudfront.net (CloudFront) cache-control max-age=86400 date Sun, 06 Feb 2022 01:58:02 GMT x-amz-cf-pop DUS51-P2 x-amz-cf-id Y7PzTCg85T5RVwY2UVM8eW5Vq8EYMsGW57rQjuL_PgViO4NJJPVM1w==
GET H2	200	pub Show response pixel.adsafeprotected.com/services/	251 B 484 B	105ms 41ms	XHR application/json	34.250.155.46 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://pixel.adsafeprotected.com/services/pub?anId=10507&slot=%7Bid:ad-out-of-page,ss:%5B1.1%5D,p:/5129/,t:display%7D&wr=1600.1200&sr=1600.1200&sessionId=7aac1114-296e-c415-1216-757904c47431&url=https%253A%252F%252Fwww.news.com.au%252Fsubscribe%252Fnews%252F1%252F%253Fofferset%253Dnw_default%2526utm_medium%253DEDM%2526int_source%253DEDM%2526int_campaign%253DProject_Zero_Apr21%2526int_content%253DEDM%2526sourceCode%253DNWWEB_EDM0104202114365 Requested by Host: cdn.adsafeprotected.com URL: https://cdn.adsafeprotected.com/iasPET.1.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 34.250.155.46 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-34-250-155-46.eu-west-1.compute.amazonaws.com Software nginx / Resource Hash 75971f7a33da7b2623fb5d31ef439a8344af0df3a0dd3ee2a92107a71d145fab Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.news.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sun, 06 Feb 2022 02:48:03 GMT x-server-name app12.ie.303net.net content-type application/json;charset=UTF-8 access-control-allow-origin https://www.news.com.au access-control-expose-headers X-Server-Name access-control-allow-credentials true timing-allow-origin * server nginx
POST H3	404	cspreport pay.google.com/_/InstantbuyFrontendBuyflowPayframeUi/ Frame 4ECC	2 KB 2 KB	15ms 14ms	Other text/html	2a00:1450:4013:c02::5c GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pay.google.com/_/InstantbuyFrontendBuyflowPayframeUi/cspreport Requested by Host: www.news.com.au URL: https://www.news.com.au/subscribe/news/1/?offerset=nw_default&utm_medium=EDM&int_source=EDM&int_campaign=Project_Zero_Apr21&int_content=EDM&sourceCode=NWWEB_EDM0104202114365 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4013:c02::5c Groningen, Netherlands, ASN15169 (GOOGLE, US), Reverse DNS Software / Resource Hash d6ff339ddb4525268c21fa26ded66b0703f177e742281dc9bcd558288f8e1101 Request headers Referer https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2Fjs.stripe.com&mid= Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Content-Type application/csp-report Response headers date Sun, 06 Feb 2022 02:48:03 GMT referrer-policy no-referrer alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 1608 content-type text/html; charset=UTF-8
GET H2	200	m=_b,_tp Show response www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.Fif0AWy9eCw.es5.O/am=DAAE/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/esmo=1/rs=AM... Frame 4ECC	148 KB 53 KB	39ms 16ms	Script text/javascript	2a00:1450:4001:827::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.Fif0AWy9eCw.es5.O/am=DAAE/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/esmo=1/rs=AMitfrikhH758XwWgXxEXaM71kgGOvsvbw/m=_b,_tp Requested by Host: pay.google.com URL: https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2Fjs.stripe.com&mid= Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash e5bd310c2727f70cdd03eb69847a8487d36f21ce498622b668ff3dc93d5d092d Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pay.google.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Fri, 04 Feb 2022 17:15:42 GMT content-encoding gzip x-content-type-options nosniff age 120741 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/payments-consumer-boq-js-css-signers cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 53105 x-xss-protection 0 last-modified Thu, 03 Feb 2022 23:36:45 GMT server sffe vary Accept-Encoding, Origin report-to {"group":"boq-infra/payments-consumer-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/payments-consumer-boq-js-css-signers"}]} content-type text/javascript; charset=UTF-8 cache-control public, immutable, max-age=31536000 accept-ranges bytes cross-origin-opener-policy-report-only same-origin; report-to="boq-infra/payments-consumer-boq-js-css-signers" expires Sat, 04 Feb 2023 17:15:42 GMT
GET H2	200	ls.html Show response cdn-gl.imrworldwide.com/novms/html/ Frame 0256	12 KB 4 KB	11ms 11ms	Document text/html	2600:9000:2315:f200:2:42d9:3100:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cdn-gl.imrworldwide.com/novms/html/ls.html Requested by Host: cdn-gl.imrworldwide.com URL: https://cdn-gl.imrworldwide.com/novms/js/2/nlsSDK600.bundle.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2315:f200:2:42d9:3100:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash c1ca15aa8598ac972f25c8812a1c189cd22f8926ec7b890bc8ea6a70a7779fd1 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://www.news.com.au/ Response headers content-type text/html last-modified Mon, 29 Nov 2021 14:37:17 GMT x-amz-server-side-encryption AES256 x-amz-version-id IljONPHQ882rCgbxybbkGTEVB8TZxE7m server AmazonS3 content-encoding gzip date Sun, 06 Feb 2022 02:29:48 GMT cache-control max-age=86400 etag W/"7fa83dfc7b78314b137e2eb13834daa7" vary Accept-Encoding x-cache Hit from cloudfront via 1.1 c1c42e732809880dbf4b6deb496490ae.cloudfront.net (CloudFront) x-amz-cf-pop DUS51-P2 x-amz-cf-id 8S2LxqL_j2LWkREOxfQRHFaIo9wNbWk3mNUWq--CLvTKmnRW-PFazw== age 1096
GET H2	200	authorize Show response login.newscorpaustralia.com/ Frame 65D6	2 KB 3 KB	1219ms 1219ms	Document text/html	104.111.230.77 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://login.newscorpaustralia.com/authorize?client_id=4kpLW1s8YHsjoFv70uRwHdOjIg3sE85A&response_type=token%20id_token&scope=openid%20profile&audience=newscorpaustralia&redirect_uri=https%3A%2F%2Fsubscriptions.news.com.au%2Fremote%2Fidentity%2Fauth%2Flatest%2Flogin%2Fcallback.html&state=lhzw1YxHCyhGEflJ.r.bl1uY_D3_qNhw&nonce=IudwOQuzksRxcR_BTVtH58vs_syiU3sf&response_mode=web_message&prompt=none&auth0Client=eyJuYW1lIjoiYXV0aDAuanMiLCJ2ZXJzaW9uIjoiOS4xOC4xIn0%3D Requested by Host: www.news.com.au URL: https://www.news.com.au/remote/identity/rampart/latest/rampart.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.111.230.77 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-111-230-77.deploy.static.akamaitechnologies.com Software cloudflare / Resource Hash 7e8f5216e15564d89bf08f8f4893d52afa66f174ebbcd97e74dae484389c3a61 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://subscriptions.news.com.au/ Response headers content-type text/html;charset=UTF-8 cf-ray 6d910eb08e9f6949-FRA strict-transport-security max-age=31536000 cf-cache-status DYNAMIC expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" ot-baggage-auth0-request-id 6d910eb08e9f6949 ot-tracer-sampled true ot-tracer-spanid 78f0a40527fbcbe8 ot-tracer-traceid 2fab35d7547c1db7 x-auth0-requestid 49c49e5b9a462bb42c6f x-content-type-options nosniff x-ratelimit-limit 1000 x-ratelimit-remaining 999 x-ratelimit-reset 1644115685 server cloudflare content-encoding gzip x-akamai-transformed 9 537 0 pmb=mTOE,3 expires Sun, 06 Feb 2022 02:48:05 GMT cache-control max-age=0, no-cache, no-store pragma no-cache date Sun, 06 Feb 2022 02:48:05 GMT content-length 805 vary Accept-Encoding
GET H2	200	s29147738362278 metrics.news.com.au/b/ss/newscorpau-newscomauweb,newscorpau-global/1/JS-2.22.0/	43 B 421 B	113ms 18ms	Image image/gif	15.188.95.229 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://metrics.news.com.au/b/ss/newscorpau-newscomauweb,newscorpau-global/1/JS-2.22.0/s29147738362278?AQB=1&ndh=1&pf=1&t=6%2F1%2F2022%202%3A48%3A3%200%200&cid.&newsnkidcookie.&id=cc873177cdc9191e34a3597510bfa0eb&as=1&.newsnkidcookie&.cid&vid=cc873177cdc9191e34a3597510bfa0eb&mid=51283567641469298263194384379692585793&aamlh=6&ce=UTF-8&ns=newscorpau&cdp=3&pageName=newscomau%7Csops%7Cshopfront%7Cacq%2Bshopfront&g=https%3A%2F%2Fwww.news.com.au%2Fsubscribe%2Fnews%2F1%2F%3Fofferset%3Dnw_default%26utm_medium%3DEDM%26int_source%3DEDM%26int_campaign%3DProject_Zero_Apr21%26int_content%3DEDM%26sourceCode%3DNWWEB_EDM0104202114365&cc=AUD&ch=D%3Dv4&v0=EDM%7B%7B%7B&events=event1%2Cevent8%2Cevent63%3D46%2Cevent3%2Cevent19&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c1=D%3Dv1&v1=news%20corp%20au&h1=news%20corp%20au%7Cnewscomau%7Cnewscomau%20web%7Csops%7Csubscription%7Ccustomer%20details&c2=D%3Dv2&v2=newscomau&c3=D%3Dv3&v3=newscomau%20web&c4=D%3Dv4&v4=sops&c5=D%3Dv5&v5=subscription&c6=D%3Dv6&v6=customer%20details&c9=D%3Dv9&v9=acq%2Bshopfront&c10=D%3Dg&v10=D%3DpageName&c11=D%3Dv11&v11=D%3Dvid&c13=D%3Dv13&v13=NWWEB_EDM0104202114365&c14=D%3Dv14&v14=anonymous&c21=D%3Dv21&v21=nw-shopfront-spc&c22=D%3Dv22&v22=1%3A48%20PM%7CSunday&c24=D%3Dv24&v24=New&c30=First%20Visit&v30=%7Bedm%7Bproject_zero_apr21%7Bedm&v32=EDM%7B%7B%7B&v33=%7Bedm%7Bproject_zero_apr21%7Bedm&v34=D%3Dg&c45=landscape&c46=D%3Dv46&v46=not%20logged%20in&v52=1600x1200%7Cwindows%7C10&c60=D%3Dv60&v60=46&c65=D%3Dv65&v65=false&c75=D%3Dv80&v76=chrome%20pdf%20plugin%3Bchrome%20pdf%20viewer%3Bnative%20client&v77=D%3Dmid&v78=de%7Che%7Cfrankfurt%7C50.12%7C8.68%7Cgmt%2B1%7Cunknown&v79=de&v80=cc873177cdc9191e34a3597510bfa0eb-00000000000000000000000000000000-1644115683706-138846&v93=nwweb_edm0104202114365&v111=0&v161=6.5&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=5FE61C8B533204850A490D4D%40AdobeOrg&AQE=1 Requested by Host: www.news.com.au URL: https://www.news.com.au/subscribe/news/1/?offerset=nw_default&utm_medium=EDM&int_source=EDM&int_campaign=Project_Zero_Apr21&int_content=EDM&sourceCode=NWWEB_EDM0104202114365 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 15.188.95.229 Paris, France, ASN16509 (AMAZON-02, US), Reverse DNS ec2-15-188-95-229.eu-west-3.compute.amazonaws.com Software jag / Resource Hash a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.news.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sun, 06 Feb 2022 02:48:04 GMT x-content-type-options nosniff x-c main-1585.I7afc85.M0-540 p3p CP="This is not a P3P policy" vary * content-length 43 x-xss-protection 1; mode=block pragma no-cache last-modified Mon, 07 Feb 2022 02:48:04 GMT server jag xserver anedge-cdfbd77b-9797h etag 3530711548846309376-4619802149034169956 strict-transport-security max-age=31536000; includeSubDomains content-type image/gif;charset=utf-8 access-control-allow-origin * cache-control no-cache, no-store, max-age=0, no-transform, private expires Sat, 05 Feb 2022 02:48:04 GMT
GET H2	200	sd us-u.openx.net/w/1.0/ Frame 4334 Redirect Chain https://sync-tm.everesttech.net/upi/pid/ny75r2x0?redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537148856%26val%3D%24%7BTM_USER_ID%7D https://us-u.openx.net/w/1.0/sd?id=537148856&val=Yf824gAAAF0HsgP7	43 B 274 B	69ms 18ms	Image image/gif	35.244.159.8 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://us-u.openx.net/w/1.0/sd?id=537148856&val=Yf824gAAAF0HsgP7 Requested by Host: www.news.com.au URL: https://www.news.com.au/subscribe/news/1/?offerset=nw_default&utm_medium=EDM&int_source=EDM&int_campaign=Project_Zero_Apr21&int_content=EDM&sourceCode=NWWEB_EDM0104202114365 Protocol H2 Server 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS 8.159.244.35.bc.googleusercontent.com Software OXGW/17.1.0 / Resource Hash 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49 Request headers Accept-Language de-DE,de;q=0.9 Referer https://newscorpau.demdex.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Sun, 06 Feb 2022 02:48:04 GMT via 1.1 google server OXGW/17.1.0 vary Accept p3p CP="CUR ADM OUR NOR STA NID" cache-control private, max-age=0, no-cache content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 43 expires Mon, 26 Jul 1997 05:00:00 GMT Redirect headers pragma no-cache date Sun, 06 Feb 2022 02:48:03 GMT via 1.1 varnish server Varnish x-timer S1644115684.939854,VS0,VE0 x-served-by cache-hhn4050-HHN x-cache HIT location https://us-u.openx.net/w/1.0/sd?id=537148856&val=Yf824gAAAF0HsgP7 cache-control no-cache accept-ranges bytes content-length 0 retry-after 0 x-cache-hits 0
GET H2	200	conversion_async.js Show response www.googleadservices.com/pagead/	39 KB 15 KB	61ms 29ms	Script text/javascript	142.250.185.66 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googleadservices.com/pagead/conversion_async.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=AW-970140527 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.185.66 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s48-in-f2.1e100.net Software cafe / Resource Hash c702f93c91758dab0525c376a408e8327f30bad81a8d30f26588c770585418f6 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.news.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sun, 06 Feb 2022 02:48:03 GMT content-encoding gzip x-content-type-options nosniff p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 14850 x-xss-protection 0 server cafe etag 8228622888473677312 vary Accept-Encoding content-type text/javascript; charset=UTF-8 cache-control private, max-age=3600 timing-allow-origin * expires Sun, 06 Feb 2022 02:48:03 GMT
GET H3	200	m=byfTOb,lsjVmc,LEikZe Show response www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.Fif0AWy9eCw.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.OC0... Frame 4ECC	36 KB 13 KB	37ms 22ms	Script text/javascript	2a00:1450:4001:827::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.Fif0AWy9eCw.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.OC04aKDFbl4.L.B1.O/am=DAAE/d=1/exm=_b,_tp/excm=_b,_tp,payframeview/esmo=1/ed=1/wt=2/rs=AMitfrie8wpFmPXazKapG6TIEt6qCdjp4w/ee=cEt90b:ws9Tlc;rXjWyb:VWuaCc;uY49fb:COQbmf;Oj465e:KG2eXe;yEQyxe:p8L0ob;yxTchf:KUM7Z;qddgKe:xQtZb;wR5FRb:siKnQd;iFQyKf:vfuNJf;dIoSBb:SpsfSb;nAFL3:NTMZac;oGtAuc:sOXFj;eBAeSb:zbML3c;NPKaK:PVlQOd;LBgRLc:XVMNvd;NSEoX:lazG7b;io8t5d:yDVVkb;j7137d:KG2eXe;ul9GGd:JrBFQb;sP4Vbe:VwDzFe;kMFpHd:blwjVc;SNUn3:ZwDk9d/m=byfTOb,lsjVmc,LEikZe Requested by Host: www.gstatic.com URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.Fif0AWy9eCw.es5.O/am=DAAE/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/esmo=1/rs=AMitfrikhH758XwWgXxEXaM71kgGOvsvbw/m=_b,_tp Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 91c222b8627ca601959c32b82f535b159667200e9317434c9b91abc4cee71d4f Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pay.google.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Fri, 04 Feb 2022 17:15:43 GMT content-encoding gzip x-content-type-options nosniff age 120740 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/payments-consumer-boq-js-css-signers cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 13467 x-xss-protection 0 last-modified Thu, 03 Feb 2022 17:26:53 GMT server sffe vary Accept-Encoding, Origin report-to {"group":"boq-infra/payments-consumer-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/payments-consumer-boq-js-css-signers"}]} content-type text/javascript; charset=UTF-8 cache-control public, immutable, max-age=31536000 accept-ranges bytes cross-origin-opener-policy-report-only same-origin; report-to="boq-infra/payments-consumer-boq-js-css-signers" expires Sat, 04 Feb 2023 17:15:43 GMT
GET H3	200	m=IZT63,ws9Tlc,p8L0ob,vfuNJf,PrPYRd,Ru0Pgb,hc6Ubd,ZyYHPb,Das5Le Show response www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.Fif0AWy9eCw.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.OC0... Frame 4ECC	74 KB 27 KB	36ms 24ms	Script text/javascript	2a00:1450:4001:827::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.Fif0AWy9eCw.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.OC04aKDFbl4.L.B1.O/am=DAAE/d=1/exm=LEikZe,_b,_tp,byfTOb,lsjVmc/excm=_b,_tp,payframeview/esmo=1/ed=1/wt=2/rs=AMitfrie8wpFmPXazKapG6TIEt6qCdjp4w/ee=cEt90b:ws9Tlc;rXjWyb:VWuaCc;uY49fb:COQbmf;Oj465e:KG2eXe;yEQyxe:p8L0ob;yxTchf:KUM7Z;qddgKe:xQtZb;wR5FRb:siKnQd;iFQyKf:vfuNJf;dIoSBb:SpsfSb;nAFL3:NTMZac;oGtAuc:sOXFj;eBAeSb:zbML3c;NPKaK:PVlQOd;LBgRLc:XVMNvd;NSEoX:lazG7b;io8t5d:yDVVkb;j7137d:KG2eXe;ul9GGd:JrBFQb;sP4Vbe:VwDzFe;kMFpHd:blwjVc;SNUn3:ZwDk9d/m=IZT63,ws9Tlc,p8L0ob,vfuNJf,PrPYRd,Ru0Pgb,hc6Ubd,ZyYHPb,Das5Le Requested by Host: www.gstatic.com URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.Fif0AWy9eCw.es5.O/am=DAAE/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/esmo=1/rs=AMitfrikhH758XwWgXxEXaM71kgGOvsvbw/m=_b,_tp Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 805578331fde34a1c5860344a4b48be7bdfe8fc4c9bb82678b60cb7407a4f6a4 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pay.google.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Fri, 04 Feb 2022 17:15:43 GMT content-encoding gzip x-content-type-options nosniff age 120740 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/payments-consumer-boq-js-css-signers cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 27587 x-xss-protection 0 last-modified Thu, 03 Feb 2022 17:26:53 GMT server sffe vary Accept-Encoding, Origin report-to {"group":"boq-infra/payments-consumer-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/payments-consumer-boq-js-css-signers"}]} content-type text/javascript; charset=UTF-8 cache-control public, immutable, max-age=31536000 accept-ranges bytes cross-origin-opener-policy-report-only same-origin; report-to="boq-infra/payments-consumer-boq-js-css-signers" expires Sat, 04 Feb 2023 17:15:43 GMT
GET H2	200	integrator.js Show response adservice.google.de/adsid/	107 B 792 B	54ms 15ms	Script application/javascript	2a00:1450:4001:803::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://adservice.google.de/adsid/integrator.js?domain=www.news.com.au Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022020101.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.news.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers timing-allow-origin * date Sun, 06 Feb 2022 02:48:04 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info." cache-control private, no-cache, no-store cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type application/javascript; charset=UTF-8 alt-svc h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43" content-length 100 x-xss-protection 0
GET H2	200	integrator.js Show response adservice.google.com/adsid/	107 B 549 B	52ms 14ms	Script application/javascript	2a00:1450:4001:809::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://adservice.google.com/adsid/integrator.js?domain=www.news.com.au Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022020101.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.news.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers timing-allow-origin * date Sun, 06 Feb 2022 02:48:04 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info." cache-control private, no-cache, no-store cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type application/javascript; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 100 x-xss-protection 0
GET H3	200	ads Show response securepubads.g.doubleclick.net/gampad/	416 B 254 B	44ms 44ms	XHR text/plain	142.250.185.226 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3874997587255390&correlator=1688801210147452&output=ldjh&impl=fifs&hxva=1&scor=3267111792321559&vrg=2022020101&ptt=17&npa=1&sc=1&sfv=1-0-38&ecs=20220206&iu_parts=5129&enc_prev_ius=%2F0%2F&prev_iu_szs=1x1&ists=1&prev_scp=pos%3D1%26id%3D349e0d80-86f7-11ec-a20b-0a1e87f1382c&eri=1&cust_params=us%3Db%26s%3D0%26co%3D1%26kw%3D%26nk%3Dcc873177cdc9191e34a3597510bfa0eb%26sec1%3Dsops%26sec2%3Dsubscription%26sec3%3Dcustomerdetails%26ksgmnt%3D%26siteview%3D1%26pagetype%3Dacq%252Cshopfront%26adl%3Dfalse%26abtest%3Da%26pvid%3Dcc873177cdc9191e34a3597510bfa0eb-00000000000000000000000000000000-1644115683706-138846%26fr%3Dfalse%26adt%3DveryLow%26alc%3DveryLow%26dlm%3DveryLow%26drg%3DveryLow%26hat%3DveryLow%26off%3DveryLow%26vio%3Dlow%26ias-kw%3DIAS_UNSCORED_PG&cookie_enabled=1&bc=31&abxe=1&dt=1644115683989&lmt=1644115683&dlt=1644115681506&idt=2344&frm=20&biw=1600&bih=1200&oid=2&adxs=0&adys=2506&adks=14334197&ucis=1&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&dmc=8&url=https%3A%2F%2Fwww.news.com.au%2Fsubscribe%2Fnews%2F1%2F%3Fofferset%3Dnw_default%26utm_medium%3DEDM%26int_source%3DEDM%26int_campaign%3DProject_Zero_Apr21%26int_content%3DEDM%26sourceCode%3DNWWEB_EDM0104202114365&vis=1&scr_x=0&scr_y=0&psz=1600x2505&msz=1600x0&ga_vid=644094815.1644115684&ga_sid=1644115684&ga_hid=1607710788&ga_fc=false&fws=4&ohw=1600&btvi=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&nvt=1 Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022020101.js Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.185.226 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s53-in-f2.1e100.net Software cafe / Resource Hash ac1cecd8de472068e64c4e364aed69e783915902768ec2601eefcd042046dd18 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.news.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sun, 06 Feb 2022 02:48:04 GMT content-encoding br x-content-type-options nosniff google-mediationgroup-id -2 p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 225 x-xss-protection 0 google-lineitem-id -2 pragma no-cache server cafe google-mediationtag-id -2 google-creative-id -2 content-type text/plain; charset=UTF-8 access-control-allow-origin https://www.news.com.au cache-control no-cache, must-revalidate access-control-allow-credentials true timing-allow-origin * expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	container.html Show response 8e66379e0d65cc3cfc58e395da9c0730.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 3E3C	6 KB 4 KB	119ms 42ms	Document text/html	2a00:1450:4001:808::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://8e66379e0d65cc3cfc58e395da9c0730.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022020101.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://www.news.com.au/ Response headers accept-ranges bytes vary Accept-Encoding content-encoding gzip content-type text/html cross-origin-resource-policy cross-origin cross-origin-opener-policy-report-only same-origin; report-to="ads-gpt-scs" report-to {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]} timing-allow-origin * content-length 3108 date Sun, 06 Feb 2022 02:48:04 GMT expires Mon, 06 Feb 2023 02:48:04 GMT cache-control public, immutable, max-age=31536000 last-modified Tue, 02 Mar 2021 20:17:03 GMT x-content-type-options nosniff server sffe x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H2	200	gn secure-sdk.imrworldwide.com/cgi-bin/ Frame 0256	44 B 563 B	208ms 35ms	Image image/gif	52.16.69.104 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://secure-sdk.imrworldwide.com/cgi-bin/gn?prd=session&c9=devid,&c13=asid,PA29B4FFF-94A8-4A65-AA29-3329DFE3AEC3&sessionId=qxh9t7vlzy9w1aah5u56nn3sez3ug1644115683&c16=sdkv,bj.6.0.0&uoo=&fp_id=&fp_cr_tm=&fp_acc_tm=&fp_emm_tm=&ve_id=&c30=bldv,6.0.0.615&uid2=&uid2_token=&hem_sha256=&hem_sha1=&hem_md5=&hem_unknown=&sdd=retry,~~retryreason,~~devmodel,~~devtypid,~~sysname,~~sysversion,~~manuf,&retry=0 Requested by Host: www.news.com.au URL: https://www.news.com.au/subscribe/news/1/?offerset=nw_default&utm_medium=EDM&int_source=EDM&int_campaign=Project_Zero_Apr21&int_content=EDM&sourceCode=NWWEB_EDM0104202114365 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.16.69.104 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-16-69-104.eu-west-1.compute.amazonaws.com Software nginx / Resource Hash 5ecb58845a9ac30e4eb4b18eb0e7431ba1fb195ce035309735efaee67421c7a3 Request headers Accept-Language de-DE,de;q=0.9 Referer https://cdn-gl.imrworldwide.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Sun, 06 Feb 2022 02:48:04 GMT server nginx access-control-allow-methods POST, OPTIONS p3p P3P policyref="http://secure-sdk.imrworldwide.com/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM" access-control-allow-origin * cache-control no-cache cross-origin-resource-policy cross-origin content-type image/gif content-length 44 expires Thu, 01 Dec 1994 16:00:00 GMT
GET H2	200	/ qxh9t7vlzy9w1aah5u56nn3sez3ug1644115683.nuid.imrworldwide.com/ Frame 0256	35 B 351 B	124ms 14ms	Image image/gif	2600:9000:21a1:9a00:1d:667e:2a40:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://qxh9t7vlzy9w1aah5u56nn3sez3ug1644115683.nuid.imrworldwide.com/ Requested by Host: www.news.com.au URL: https://www.news.com.au/subscribe/news/1/?offerset=nw_default&utm_medium=EDM&int_source=EDM&int_campaign=Project_Zero_Apr21&int_content=EDM&sourceCode=NWWEB_EDM0104202114365 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:21a1:9a00:1d:667e:2a40:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992 Request headers Accept-Language de-DE,de;q=0.9 Referer https://cdn-gl.imrworldwide.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sat, 05 Feb 2022 04:40:11 GMT via 1.1 7236eb0fcce40bc9b7fe2dbf5499b1de.cloudfront.net (CloudFront) last-modified Tue, 11 Sep 2018 17:05:20 GMT server AmazonS3 age 79836 etag "c2196de8ba412c60c22ab491af7b1409" x-cache Hit from cloudfront content-type image/gif x-amz-cf-pop MUC51-C1 accept-ranges bytes content-length 35 x-amz-cf-id jGScHOiHqMSn-xxYLT2XbGyZbK7vsw0TV_ubBuDnr4p0z6SnTxFBQw==
GET H3	200	/ Show response googleads.g.doubleclick.net/pagead/viewthroughconversion/970140527/	3 KB 1 KB	80ms 65ms	Script text/javascript	2a00:1450:4001:813::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/pagead/viewthroughconversion/970140527/?random=1644115684011&cv=9&fst=1644115684011&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa220&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.news.com.au%2Fsubscribe%2Fnews%2F1%2F%3Fofferset%3Dnw_default%26utm_medium%3DEDM%26int_source%3DEDM%26int_campaign%3DProject_Zero_Apr21%26int_content%3DEDM%26sourceCode%3DNWWEB_EDM0104202114365&tiba=News.com.au%20%7C%20Premium%20membership%20with%20less%20ads&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4 Requested by Host: www.googleadservices.com URL: https://www.googleadservices.com/pagead/conversion_async.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash a34c1b386955f954db38403f1a223807647387a5d3d319bc3dc4bae0666876c1 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.news.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Sun, 06 Feb 2022 02:48:04 GMT content-encoding gzip x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type text/javascript; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 1150 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	/ Show response googleads.g.doubleclick.net/pagead/viewthroughconversion/970140527/	3 KB 1 KB	58ms 44ms	Script text/javascript	2a00:1450:4001:813::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/pagead/viewthroughconversion/970140527/?random=1644115684014&cv=9&fst=1644115684014&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa220&sendb=1&ig=1&data=event%3Dpage_view&frm=0&url=https%3A%2F%2Fwww.news.com.au%2Fsubscribe%2Fnews%2F1%2F%3Fofferset%3Dnw_default%26utm_medium%3DEDM%26int_source%3DEDM%26int_campaign%3DProject_Zero_Apr21%26int_content%3DEDM%26sourceCode%3DNWWEB_EDM0104202114365&tiba=News.com.au%20%7C%20Premium%20membership%20with%20less%20ads&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4 Requested by Host: www.googleadservices.com URL: https://www.googleadservices.com/pagead/conversion_async.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash b2f83c6a709a5dc1e21942528f5b8e14383b195a76a1879a64be7296ee6ea750 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.news.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Sun, 06 Feb 2022 02:48:04 GMT content-encoding gzip x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type text/javascript; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 1147 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	analytics.js Show response www.google-analytics.com/ Frame 4ECC	49 KB 20 KB	44ms 21ms	Script text/javascript	2a00:1450:4001:808::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/analytics.js Requested by Host: www.gstatic.com URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.Fif0AWy9eCw.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.OC04aKDFbl4.L.B1.O/am=DAAE/d=1/exm=LEikZe,_b,_tp,byfTOb,lsjVmc/excm=_b,_tp,payframeview/esmo=1/ed=1/wt=2/rs=AMitfrie8wpFmPXazKapG6TIEt6qCdjp4w/ee=cEt90b:ws9Tlc;rXjWyb:VWuaCc;uY49fb:COQbmf;Oj465e:KG2eXe;yEQyxe:p8L0ob;yxTchf:KUM7Z;qddgKe:xQtZb;wR5FRb:siKnQd;iFQyKf:vfuNJf;dIoSBb:SpsfSb;nAFL3:NTMZac;oGtAuc:sOXFj;eBAeSb:zbML3c;NPKaK:PVlQOd;LBgRLc:XVMNvd;NSEoX:lazG7b;io8t5d:yDVVkb;j7137d:KG2eXe;ul9GGd:JrBFQb;sP4Vbe:VwDzFe;kMFpHd:blwjVc;SNUn3:ZwDk9d/m=IZT63,ws9Tlc,p8L0ob,vfuNJf,PrPYRd,Ru0Pgb,hc6Ubd,ZyYHPb,Das5Le Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210 Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://pay.google.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers strict-transport-security max-age=10886400; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff last-modified Tue, 02 Nov 2021 17:39:06 GMT server Golfe2 age 2592 date Sun, 06 Feb 2022 02:04:52 GMT vary Accept-Encoding content-type text/javascript cache-control public, max-age=7200 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 20006 expires Sun, 06 Feb 2022 04:04:52 GMT
GET H3	200	pay Show response pay.google.com/gp/p/ui/ Frame 4ECC	1 MB 342 KB	73ms 73ms	XHR text/html	2a00:1450:4013:c02::5c GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pay.google.com/gp/p/ui/pay Requested by Host: www.gstatic.com URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.Fif0AWy9eCw.es5.O/am=DAAE/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/esmo=1/rs=AMitfrikhH758XwWgXxEXaM71kgGOvsvbw/m=_b,_tp Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4013:c02::5c Groningen, Netherlands, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 54c51f934310071a4c0e58ccc7898392087920f4c38d2be9c7c897ccebc913b6 Security Headers Name Value Content-Security-Policy script-src 'report-sample' 'nonce-M7JVaweta03C1NwPg5skAw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport;worker-src 'self', script-src 'nonce-M7JVaweta03C1NwPg5skAw' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com https://pay.google.com https://pay.sandbox.google.com;report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport, require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pay.google.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers strict-transport-security max-age=31536000 content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy same-site alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" x-xss-protection 0 x-ua-compatible IE=edge server ESF cross-origin-opener-policy unsafe-none; report-to="InstantbuyFrontendBuyflowPayUi" date Sun, 06 Feb 2022 02:48:04 GMT x-frame-options DENY report-to {"group":"InstantbuyFrontendBuyflowPayUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/InstantbuyFrontendBuyflowPayUi/external"}]} content-type text/html; charset=utf-8 vary Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site cache-control private, max-age=3600 content-security-policy script-src 'report-sample' 'nonce-M7JVaweta03C1NwPg5skAw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport;worker-src 'self', script-src 'nonce-M7JVaweta03C1NwPg5skAw' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com https://pay.google.com https://pay.sandbox.google.com;report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport, require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport expires Sun, 06 Feb 2022 02:48:04 GMT
GET H2	200	Pug image2.pubmatic.com/AdServer/ Frame 4334 Redirect Chain https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER... https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=Yf824gAAAF0HsgP7	1 B 538 B	501ms 156ms	Image text/html	204.237.133.120 GTT-BACKBONE GTT
General Check archive.org Show headers Download Go to Show image Full URL https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=Yf824gAAAF0HsgP7 Requested by Host: www.news.com.au URL: https://www.news.com.au/subscribe/news/1/?offerset=nw_default&utm_medium=EDM&int_source=EDM&int_campaign=Project_Zero_Apr21&int_content=EDM&sourceCode=NWWEB_EDM0104202114365 Protocol H2 Server 204.237.133.120 Philadelphia, United States, ASN3257 (GTT-BACKBONE GTT, US), Reverse DNS Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language de-DE,de;q=0.9 Referer https://newscorpau.demdex.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sun, 06 Feb 2022 02:48:04 GMT cache-control no-store, no-cache, private x-lat 10:0:483 server nginx content-type text/html; charset=utf-8 content-length 1 p3p CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC" Redirect headers pragma no-cache date Sun, 06 Feb 2022 02:48:04 GMT via 1.1 varnish server Varnish x-timer S1644115684.040430,VS0,VE0 x-served-by cache-hhn4050-HHN x-cache HIT location https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=Yf824gAAAF0HsgP7 cache-control no-cache accept-ranges bytes content-length 0 retry-after 0 x-cache-hits 0
POST H3	200	log Show response play.google.com/ Frame 4ECC	131 B 155 B	33ms 18ms	XHR text/plain	2a00:1450:4001:82a::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://play.google.com/log?format=json&hasfast=true&authuser=0 Requested by Host: www.gstatic.com URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.Fif0AWy9eCw.es5.O/am=DAAE/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/esmo=1/rs=AMitfrikhH758XwWgXxEXaM71kgGOvsvbw/m=_b,_tp Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Playlog / Resource Hash 502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358 Security Headers Name Value X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pay.google.com/ X-Goog-AuthUser 0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Content-Type application/x-www-form-urlencoded;charset=UTF-8 Response headers date Sun, 06 Feb 2022 02:48:04 GMT content-encoding gzip server Playlog access-control-allow-headers X-Playlog-Web x-frame-options SAMEORIGIN p3p CP="This is not a P3P policy! See g.co/p3phelp for more info." access-control-allow-origin https://pay.google.com cache-control private access-control-allow-credentials true cross-origin-resource-policy cross-origin content-type text/plain; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 131 x-xss-protection 0 expires Sun, 06 Feb 2022 02:48:04 GMT
OPTIONS H2	200	log play.google.com/ Frame	0 0	38ms 15ms	Preflight text/plain	2a00:1450:4001:82a::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://play.google.com/log?format=json&hasfast=true&authuser=0 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Playlog / Resource Hash Security Headers Name Value X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Accept */* Access-Control-Request-Method POST Access-Control-Request-Headers x-goog-authuser Origin https://pay.google.com User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Sec-Fetch-Mode cors Response headers access-control-allow-origin https://pay.google.com access-control-allow-methods GET, POST, OPTIONS access-control-max-age 86400 access-control-allow-credentials true access-control-allow-headers X-Playlog-Web,authorization,origin,x-goog-authuser content-type text/plain; charset=UTF-8 date Sun, 06 Feb 2022 02:48:04 GMT server Playlog content-length 0 x-xss-protection 0 x-frame-options SAMEORIGIN p3p CP="This is not a P3P policy! See g.co/p3phelp for more info." alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" expires Sun, 06 Feb 2022 02:48:04 GMT cache-control private
POST H3	200	log Show response play.google.com/ Frame 4ECC	131 B 155 B	32ms 18ms	XHR text/plain	2a00:1450:4001:82a::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://play.google.com/log?format=json&hasfast=true&authuser=0 Requested by Host: www.gstatic.com URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.Fif0AWy9eCw.es5.O/am=DAAE/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/esmo=1/rs=AMitfrikhH758XwWgXxEXaM71kgGOvsvbw/m=_b,_tp Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Playlog / Resource Hash 502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358 Security Headers Name Value X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pay.google.com/ X-Goog-AuthUser 0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Content-Type application/x-www-form-urlencoded;charset=UTF-8 Response headers date Sun, 06 Feb 2022 02:48:04 GMT content-encoding gzip server Playlog access-control-allow-headers X-Playlog-Web x-frame-options SAMEORIGIN p3p CP="This is not a P3P policy! See g.co/p3phelp for more info." access-control-allow-origin https://pay.google.com cache-control private access-control-allow-credentials true cross-origin-resource-policy cross-origin content-type text/plain; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 131 x-xss-protection 0 expires Sun, 06 Feb 2022 02:48:04 GMT
OPTIONS H2	200	log play.google.com/ Frame	0 0	30ms 14ms	Preflight text/plain	2a00:1450:4001:82a::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://play.google.com/log?format=json&hasfast=true&authuser=0 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Playlog / Resource Hash Security Headers Name Value X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Accept */* Access-Control-Request-Method POST Access-Control-Request-Headers x-goog-authuser Origin https://pay.google.com User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Sec-Fetch-Mode cors Response headers access-control-allow-origin https://pay.google.com access-control-allow-methods GET, POST, OPTIONS access-control-max-age 86400 access-control-allow-credentials true access-control-allow-headers X-Playlog-Web,authorization,origin,x-goog-authuser content-type text/plain; charset=UTF-8 date Sun, 06 Feb 2022 02:48:04 GMT server Playlog content-length 0 x-xss-protection 0 x-frame-options SAMEORIGIN p3p CP="This is not a P3P policy! See g.co/p3phelp for more info." alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" expires Sun, 06 Feb 2022 02:48:04 GMT cache-control private
POST H3	200	log Show response play.google.com/ Frame 4ECC	131 B 155 B	31ms 17ms	XHR text/plain	2a00:1450:4001:82a::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://play.google.com/log?format=json&hasfast=true&authuser=0 Requested by Host: www.gstatic.com URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.Fif0AWy9eCw.es5.O/am=DAAE/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/esmo=1/rs=AMitfrikhH758XwWgXxEXaM71kgGOvsvbw/m=_b,_tp Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Playlog / Resource Hash 502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358 Security Headers Name Value X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pay.google.com/ X-Goog-AuthUser 0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Content-Type application/x-www-form-urlencoded;charset=UTF-8 Response headers date Sun, 06 Feb 2022 02:48:04 GMT content-encoding gzip server Playlog access-control-allow-headers X-Playlog-Web x-frame-options SAMEORIGIN p3p CP="This is not a P3P policy! See g.co/p3phelp for more info." access-control-allow-origin https://pay.google.com cache-control private access-control-allow-credentials true cross-origin-resource-policy cross-origin content-type text/plain; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 131 x-xss-protection 0 expires Sun, 06 Feb 2022 02:48:04 GMT
OPTIONS H2	200	log play.google.com/ Frame	0 0	27ms 15ms	Preflight text/plain	2a00:1450:4001:82a::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://play.google.com/log?format=json&hasfast=true&authuser=0 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Playlog / Resource Hash Security Headers Name Value X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Accept */* Access-Control-Request-Method POST Access-Control-Request-Headers x-goog-authuser Origin https://pay.google.com User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Sec-Fetch-Mode cors Response headers access-control-allow-origin https://pay.google.com access-control-allow-methods GET, POST, OPTIONS access-control-max-age 86400 access-control-allow-credentials true access-control-allow-headers X-Playlog-Web,authorization,origin,x-goog-authuser content-type text/plain; charset=UTF-8 date Sun, 06 Feb 2022 02:48:04 GMT server Playlog content-length 0 x-xss-protection 0 x-frame-options SAMEORIGIN p3p CP="This is not a P3P policy! See g.co/p3phelp for more info." alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" expires Sun, 06 Feb 2022 02:48:04 GMT cache-control private
POST H3	200	log Show response play.google.com/ Frame 4ECC	131 B 155 B	32ms 18ms	XHR text/plain	2a00:1450:4001:82a::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://play.google.com/log?format=json&hasfast=true&authuser=0 Requested by Host: www.gstatic.com URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.Fif0AWy9eCw.es5.O/am=DAAE/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/esmo=1/rs=AMitfrikhH758XwWgXxEXaM71kgGOvsvbw/m=_b,_tp Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Playlog / Resource Hash 502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358 Security Headers Name Value X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pay.google.com/ X-Goog-AuthUser 0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Content-Type application/x-www-form-urlencoded;charset=UTF-8 Response headers date Sun, 06 Feb 2022 02:48:04 GMT content-encoding gzip server Playlog access-control-allow-headers X-Playlog-Web x-frame-options SAMEORIGIN p3p CP="This is not a P3P policy! See g.co/p3phelp for more info." access-control-allow-origin https://pay.google.com cache-control private access-control-allow-credentials true cross-origin-resource-policy cross-origin content-type text/plain; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 131 x-xss-protection 0 expires Sun, 06 Feb 2022 02:48:04 GMT
OPTIONS H2	200	log play.google.com/ Frame	0 0	23ms 15ms	Preflight text/plain	2a00:1450:4001:82a::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://play.google.com/log?format=json&hasfast=true&authuser=0 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Playlog / Resource Hash Security Headers Name Value X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Accept */* Access-Control-Request-Method POST Access-Control-Request-Headers x-goog-authuser Origin https://pay.google.com User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Sec-Fetch-Mode cors Response headers access-control-allow-origin https://pay.google.com access-control-allow-methods GET, POST, OPTIONS access-control-max-age 86400 access-control-allow-credentials true access-control-allow-headers X-Playlog-Web,authorization,origin,x-goog-authuser content-type text/plain; charset=UTF-8 date Sun, 06 Feb 2022 02:48:04 GMT server Playlog content-length 0 x-xss-protection 0 x-frame-options SAMEORIGIN p3p CP="This is not a P3P policy! See g.co/p3phelp for more info." alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" expires Sun, 06 Feb 2022 02:48:04 GMT cache-control private
POST H3	200	log Show response play.google.com/ Frame 4ECC	131 B 155 B	33ms 19ms	XHR text/plain	2a00:1450:4001:82a::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://play.google.com/log?format=json&hasfast=true&authuser=0 Requested by Host: www.gstatic.com URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.Fif0AWy9eCw.es5.O/am=DAAE/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/esmo=1/rs=AMitfrikhH758XwWgXxEXaM71kgGOvsvbw/m=_b,_tp Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Playlog / Resource Hash 502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358 Security Headers Name Value X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pay.google.com/ X-Goog-AuthUser 0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Content-Type application/x-www-form-urlencoded;charset=UTF-8 Response headers date Sun, 06 Feb 2022 02:48:04 GMT content-encoding gzip server Playlog access-control-allow-headers X-Playlog-Web x-frame-options SAMEORIGIN p3p CP="This is not a P3P policy! See g.co/p3phelp for more info." access-control-allow-origin https://pay.google.com cache-control private access-control-allow-credentials true cross-origin-resource-policy cross-origin content-type text/plain; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 131 x-xss-protection 0 expires Sun, 06 Feb 2022 02:48:04 GMT
OPTIONS H2	200	log play.google.com/ Frame	0 0	19ms 16ms	Preflight text/plain	2a00:1450:4001:82a::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://play.google.com/log?format=json&hasfast=true&authuser=0 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Playlog / Resource Hash Security Headers Name Value X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Accept */* Access-Control-Request-Method POST Access-Control-Request-Headers x-goog-authuser Origin https://pay.google.com User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Sec-Fetch-Mode cors Response headers access-control-allow-origin https://pay.google.com access-control-allow-methods GET, POST, OPTIONS access-control-max-age 86400 access-control-allow-credentials true access-control-allow-headers X-Playlog-Web,authorization,origin,x-goog-authuser content-type text/plain; charset=UTF-8 date Sun, 06 Feb 2022 02:48:04 GMT server Playlog content-length 0 x-xss-protection 0 x-frame-options SAMEORIGIN p3p CP="This is not a P3P policy! See g.co/p3phelp for more info." alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" expires Sun, 06 Feb 2022 02:48:04 GMT cache-control private
GET H3	200	/ www.google.com/pagead/1p-user-list/970140527/	42 B 64 B	78ms 56ms	Image image/gif	2a00:1450:4001:80f::2004 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.com/pagead/1p-user-list/970140527/?random=1644115684014&cv=9&fst=1644112800000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa220&sendb=1&data=event%3Dpage_view&frm=0&url=https%3A%2F%2Fwww.news.com.au%2Fsubscribe%2Fnews%2F1%2F%3Fofferset%3Dnw_default%26utm_medium%3DEDM%26int_source%3DEDM%26int_campaign%3DProject_Zero_Apr21%26int_content%3DEDM%26sourceCode%3DNWWEB_EDM0104202114365&tiba=News.com.au%20%7C%20Premium%20membership%20with%20less%20ads&async=1&fmt=3&is_vtc=1&random=640285841&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y Requested by Host: www.news.com.au URL: https://www.news.com.au/subscribe/news/1/?offerset=nw_default&utm_medium=EDM&int_source=EDM&int_campaign=Project_Zero_Apr21&int_content=EDM&sourceCode=NWWEB_EDM0104202114365 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.news.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Sun, 06 Feb 2022 02:48:04 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-security-policy script-src 'none'; object-src 'none' content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	/ www.google.de/pagead/1p-user-list/970140527/	42 B 64 B	41ms 19ms	Image image/gif	2a00:1450:4001:829::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/pagead/1p-user-list/970140527/?random=1644115684014&cv=9&fst=1644112800000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa220&sendb=1&data=event%3Dpage_view&frm=0&url=https%3A%2F%2Fwww.news.com.au%2Fsubscribe%2Fnews%2F1%2F%3Fofferset%3Dnw_default%26utm_medium%3DEDM%26int_source%3DEDM%26int_campaign%3DProject_Zero_Apr21%26int_content%3DEDM%26sourceCode%3DNWWEB_EDM0104202114365&tiba=News.com.au%20%7C%20Premium%20membership%20with%20less%20ads&async=1&fmt=3&is_vtc=1&random=640285841&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y Requested by Host: www.news.com.au URL: https://www.news.com.au/subscribe/news/1/?offerset=nw_default&utm_medium=EDM&int_source=EDM&int_campaign=Project_Zero_Apr21&int_content=EDM&sourceCode=NWWEB_EDM0104202114365 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.news.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Sun, 06 Feb 2022 02:48:04 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-security-policy script-src 'none'; object-src 'none' content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	m=Wt6vjf,hhhU8,FCpbqb,WhJNk Show response www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.Fif0AWy9eCw.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.OC0... Frame 4ECC	17 KB 7 KB	8ms 8ms	Script text/javascript	2a00:1450:4001:827::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.Fif0AWy9eCw.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.OC04aKDFbl4.L.B1.O/am=DAAE/d=1/exm=Das5Le,IZT63,LEikZe,PrPYRd,Ru0Pgb,ZyYHPb,_b,_tp,byfTOb,hc6Ubd,lsjVmc,p8L0ob,vfuNJf,ws9Tlc/excm=_b,_tp,payframeview/esmo=1/ed=1/wt=2/rs=AMitfrie8wpFmPXazKapG6TIEt6qCdjp4w/ee=cEt90b:ws9Tlc;rXjWyb:VWuaCc;uY49fb:COQbmf;Oj465e:KG2eXe;yEQyxe:p8L0ob;yxTchf:KUM7Z;qddgKe:xQtZb;wR5FRb:siKnQd;iFQyKf:vfuNJf;dIoSBb:SpsfSb;nAFL3:NTMZac;oGtAuc:sOXFj;eBAeSb:zbML3c;NPKaK:PVlQOd;LBgRLc:XVMNvd;NSEoX:lazG7b;io8t5d:yDVVkb;j7137d:KG2eXe;ul9GGd:JrBFQb;sP4Vbe:VwDzFe;kMFpHd:blwjVc;SNUn3:ZwDk9d/m=Wt6vjf,hhhU8,FCpbqb,WhJNk Requested by Host: www.gstatic.com URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.Fif0AWy9eCw.es5.O/am=DAAE/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/esmo=1/rs=AMitfrikhH758XwWgXxEXaM71kgGOvsvbw/m=_b,_tp Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 0593c77323b203aeb079c628c7d8bf2e5b9f6faabbd3796f9a677ef5e411e4cd Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pay.google.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Fri, 04 Feb 2022 17:15:47 GMT content-encoding gzip x-content-type-options nosniff age 120737 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/payments-consumer-boq-js-css-signers cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 7192 x-xss-protection 0 last-modified Thu, 03 Feb 2022 17:26:53 GMT server sffe vary Accept-Encoding, Origin report-to {"group":"boq-infra/payments-consumer-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/payments-consumer-boq-js-css-signers"}]} content-type text/javascript; charset=UTF-8 cache-control public, immutable, max-age=31536000 accept-ranges bytes cross-origin-opener-policy-report-only same-origin; report-to="boq-infra/payments-consumer-boq-js-css-signers" expires Sat, 04 Feb 2023 17:15:47 GMT
GET H3	200	m=lwddkf,EFQ78c Show response www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.Fif0AWy9eCw.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.OC0... Frame 4ECC	8 KB 3 KB	8ms 7ms	Script text/javascript	2a00:1450:4001:827::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.Fif0AWy9eCw.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.OC04aKDFbl4.L.B1.O/am=DAAE/d=1/exm=Das5Le,FCpbqb,IZT63,LEikZe,PrPYRd,Ru0Pgb,WhJNk,Wt6vjf,ZyYHPb,_b,_tp,byfTOb,hc6Ubd,hhhU8,lsjVmc,p8L0ob,vfuNJf,ws9Tlc/excm=_b,_tp,payframeview/esmo=1/ed=1/wt=2/rs=AMitfrie8wpFmPXazKapG6TIEt6qCdjp4w/ee=cEt90b:ws9Tlc;rXjWyb:VWuaCc;uY49fb:COQbmf;Oj465e:KG2eXe;yEQyxe:p8L0ob;yxTchf:KUM7Z;qddgKe:xQtZb;wR5FRb:siKnQd;iFQyKf:vfuNJf;dIoSBb:SpsfSb;nAFL3:NTMZac;oGtAuc:sOXFj;eBAeSb:zbML3c;NPKaK:PVlQOd;LBgRLc:XVMNvd;NSEoX:lazG7b;io8t5d:yDVVkb;j7137d:KG2eXe;ul9GGd:JrBFQb;sP4Vbe:VwDzFe;kMFpHd:blwjVc;SNUn3:ZwDk9d/m=lwddkf,EFQ78c Requested by Host: www.gstatic.com URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.Fif0AWy9eCw.es5.O/am=DAAE/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/esmo=1/rs=AMitfrikhH758XwWgXxEXaM71kgGOvsvbw/m=_b,_tp Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 3ba031f93713352cde8a7028a5fc1d58cb280b84ea00b55ab302b5013163658d Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pay.google.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Fri, 04 Feb 2022 17:15:47 GMT content-encoding gzip x-content-type-options nosniff age 120737 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/payments-consumer-boq-js-css-signers cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 3328 x-xss-protection 0 last-modified Thu, 03 Feb 2022 17:26:53 GMT server sffe vary Accept-Encoding, Origin report-to {"group":"boq-infra/payments-consumer-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/payments-consumer-boq-js-css-signers"}]} content-type text/javascript; charset=UTF-8 cache-control public, immutable, max-age=31536000 accept-ranges bytes cross-origin-opener-policy-report-only same-origin; report-to="boq-infra/payments-consumer-boq-js-css-signers" expires Sat, 04 Feb 2023 17:15:47 GMT
POST H3	200	log Show response play.google.com/ Frame 4ECC	131 B 155 B	28ms 19ms	XHR text/plain	2a00:1450:4001:82a::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://play.google.com/log?format=json&hasfast=true&authuser=0 Requested by Host: www.gstatic.com URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.Fif0AWy9eCw.es5.O/am=DAAE/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/esmo=1/rs=AMitfrikhH758XwWgXxEXaM71kgGOvsvbw/m=_b,_tp Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Playlog / Resource Hash 502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358 Security Headers Name Value X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pay.google.com/ X-Goog-AuthUser 0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Content-Type application/x-www-form-urlencoded;charset=UTF-8 Response headers date Sun, 06 Feb 2022 02:48:04 GMT content-encoding gzip server Playlog access-control-allow-headers X-Playlog-Web x-frame-options SAMEORIGIN p3p CP="This is not a P3P policy! See g.co/p3phelp for more info." access-control-allow-origin https://pay.google.com cache-control private access-control-allow-credentials true cross-origin-resource-policy cross-origin content-type text/plain; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 131 x-xss-protection 0 expires Sun, 06 Feb 2022 02:48:04 GMT
OPTIONS H2	200	log play.google.com/ Frame	0 0	14ms 14ms	Preflight text/plain	2a00:1450:4001:82a::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://play.google.com/log?format=json&hasfast=true&authuser=0 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Playlog / Resource Hash Security Headers Name Value X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Accept */* Access-Control-Request-Method POST Access-Control-Request-Headers x-goog-authuser Origin https://pay.google.com User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Sec-Fetch-Mode cors Response headers access-control-allow-origin https://pay.google.com access-control-allow-methods GET, POST, OPTIONS access-control-max-age 86400 access-control-allow-credentials true access-control-allow-headers X-Playlog-Web,authorization,origin,x-goog-authuser content-type text/plain; charset=UTF-8 date Sun, 06 Feb 2022 02:48:04 GMT server Playlog content-length 0 x-xss-protection 0 x-frame-options SAMEORIGIN p3p CP="This is not a P3P policy! See g.co/p3phelp for more info." alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" expires Sun, 06 Feb 2022 02:48:04 GMT cache-control private
POST H2	200	0 Show response r.stripe.com/ Frame EC67	0 127 B	362ms 362ms	XHR text/plain	54.187.159.182 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://r.stripe.com/0 Requested by Host: js.stripe.com URL: https://js.stripe.com/v3/fingerprinted/js/shared-b6a8cdbf23b932ea2f703add0b40291a.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ip-54-187-159-182.stripe.com Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept application/json Referer https://js.stripe.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Content-Type application/x-www-form-urlencoded Response headers access-control-allow-origin https://js.stripe.com date Sun, 06 Feb 2022 02:48:04 GMT access-control-allow-credentials true server nginx content-length 0 content-type text/plain
POST H2	200	0 Show response r.stripe.com/ Frame EC67	0 127 B	206ms 206ms	XHR text/plain	54.187.159.182 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://r.stripe.com/0 Requested by Host: js.stripe.com URL: https://js.stripe.com/v3/fingerprinted/js/shared-b6a8cdbf23b932ea2f703add0b40291a.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ip-54-187-159-182.stripe.com Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept application/json Referer https://js.stripe.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Content-Type application/x-www-form-urlencoded Response headers access-control-allow-origin https://js.stripe.com date Sun, 06 Feb 2022 02:48:04 GMT access-control-allow-credentials true server nginx content-length 0 content-type text/plain
GET H3	200	/ www.google.com/pagead/1p-user-list/970140527/	42 B 64 B	64ms 55ms	Image image/gif	2a00:1450:4001:80f::2004 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.com/pagead/1p-user-list/970140527/?random=1644115684011&cv=9&fst=1644112800000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa220&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.news.com.au%2Fsubscribe%2Fnews%2F1%2F%3Fofferset%3Dnw_default%26utm_medium%3DEDM%26int_source%3DEDM%26int_campaign%3DProject_Zero_Apr21%26int_content%3DEDM%26sourceCode%3DNWWEB_EDM0104202114365&tiba=News.com.au%20%7C%20Premium%20membership%20with%20less%20ads&async=1&fmt=3&is_vtc=1&random=1260441048&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y Requested by Host: www.news.com.au URL: https://www.news.com.au/subscribe/news/1/?offerset=nw_default&utm_medium=EDM&int_source=EDM&int_campaign=Project_Zero_Apr21&int_content=EDM&sourceCode=NWWEB_EDM0104202114365 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.news.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Sun, 06 Feb 2022 02:48:04 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-security-policy script-src 'none'; object-src 'none' content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	/ www.google.de/pagead/1p-user-list/970140527/	42 B 64 B	27ms 18ms	Image image/gif	2a00:1450:4001:829::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/pagead/1p-user-list/970140527/?random=1644115684011&cv=9&fst=1644112800000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa220&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.news.com.au%2Fsubscribe%2Fnews%2F1%2F%3Fofferset%3Dnw_default%26utm_medium%3DEDM%26int_source%3DEDM%26int_campaign%3DProject_Zero_Apr21%26int_content%3DEDM%26sourceCode%3DNWWEB_EDM0104202114365&tiba=News.com.au%20%7C%20Premium%20membership%20with%20less%20ads&async=1&fmt=3&is_vtc=1&random=1260441048&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y Requested by Host: www.news.com.au URL: https://www.news.com.au/subscribe/news/1/?offerset=nw_default&utm_medium=EDM&int_source=EDM&int_campaign=Project_Zero_Apr21&int_content=EDM&sourceCode=NWWEB_EDM0104202114365 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.news.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Sun, 06 Feb 2022 02:48:04 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-security-policy script-src 'none'; object-src 'none' content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H2	200	0 Show response r.stripe.com/ Frame EC67	0 127 B	196ms 196ms	XHR text/plain	54.187.159.182 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://r.stripe.com/0 Requested by Host: js.stripe.com URL: https://js.stripe.com/v3/fingerprinted/js/shared-b6a8cdbf23b932ea2f703add0b40291a.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ip-54-187-159-182.stripe.com Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept application/json Referer https://js.stripe.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Content-Type application/x-www-form-urlencoded Response headers access-control-allow-origin https://js.stripe.com date Sun, 06 Feb 2022 02:48:04 GMT access-control-allow-credentials true server nginx content-length 0 content-type text/plain
POST H2	200	0 Show response r.stripe.com/ Frame EC67	0 127 B	351ms 351ms	XHR text/plain	54.187.159.182 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://r.stripe.com/0 Requested by Host: js.stripe.com URL: https://js.stripe.com/v3/fingerprinted/js/shared-b6a8cdbf23b932ea2f703add0b40291a.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ip-54-187-159-182.stripe.com Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept application/json Referer https://js.stripe.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Content-Type application/x-www-form-urlencoded Response headers access-control-allow-origin https://js.stripe.com date Sun, 06 Feb 2022 02:48:04 GMT access-control-allow-credentials true server nginx content-length 0 content-type text/plain
POST H2	200	0 Show response r.stripe.com/ Frame EC67	0 127 B	348ms 348ms	XHR text/plain	54.187.159.182 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://r.stripe.com/0 Requested by Host: js.stripe.com URL: https://js.stripe.com/v3/fingerprinted/js/shared-b6a8cdbf23b932ea2f703add0b40291a.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ip-54-187-159-182.stripe.com Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept application/json Referer https://js.stripe.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Content-Type application/x-www-form-urlencoded Response headers access-control-allow-origin https://js.stripe.com date Sun, 06 Feb 2022 02:48:04 GMT access-control-allow-credentials true server nginx content-length 0 content-type text/plain
GET H3	200	/ www.google.de/pagead/1p-user-list/991686727/ Redirect Chain https://googleads.g.doubleclick.net/pagead/viewthroughconversion/991686727/?value=1.00&label=jl_KCPGyzgkQx-Dv2AM&guid=ON&script=0 https://www.google.com/pagead/1p-user-list/991686727/?value=1.00&label=jl_KCPGyzgkQx-Dv2AM&guid=ON&script=0&is_vtc=1&random=1345946728 https://www.google.de/pagead/1p-user-list/991686727/?value=1.00&label=jl_KCPGyzgkQx-Dv2AM&guid=ON&script=0&is_vtc=1&random=1345946728&ipr=y	42 B 64 B	45ms 45ms	Image image/gif	2a00:1450:4001:829::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/pagead/1p-user-list/991686727/?value=1.00&label=jl_KCPGyzgkQx-Dv2AM&guid=ON&script=0&is_vtc=1&random=1345946728&ipr=y Requested by Host: www.news.com.au URL: https://www.news.com.au/subscribe/news/1/?offerset=nw_default&utm_medium=EDM&int_source=EDM&int_campaign=Project_Zero_Apr21&int_content=EDM&sourceCode=NWWEB_EDM0104202114365 Protocol H3 Server 2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.news.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Sun, 06 Feb 2022 02:48:04 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-security-policy script-src 'none'; object-src 'none' content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers pragma no-cache date Sun, 06 Feb 2022 02:48:04 GMT x-content-type-options nosniff server cafe p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" content-type image/gif location https://www.google.de/pagead/1p-user-list/991686727/?value=1.00&label=jl_KCPGyzgkQx-Dv2AM&guid=ON&script=0&is_vtc=1&random=1345946728&ipr=y cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-security-policy script-src 'none'; object-src 'none' timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	/ www.google.de/pagead/1p-user-list/991686727/ Redirect Chain https://googleads.g.doubleclick.net/pagead/viewthroughconversion/991686727/?value=1.00&label=wbPrCOmzzgkQx-Dv2AM&guid=ON&script=0 https://www.google.com/pagead/1p-user-list/991686727/?value=1.00&label=wbPrCOmzzgkQx-Dv2AM&guid=ON&script=0&is_vtc=1&random=3832686810 https://www.google.de/pagead/1p-user-list/991686727/?value=1.00&label=wbPrCOmzzgkQx-Dv2AM&guid=ON&script=0&is_vtc=1&random=3832686810&ipr=y	42 B 64 B	21ms 21ms	Image image/gif	2a00:1450:4001:829::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/pagead/1p-user-list/991686727/?value=1.00&label=wbPrCOmzzgkQx-Dv2AM&guid=ON&script=0&is_vtc=1&random=3832686810&ipr=y Requested by Host: www.news.com.au URL: https://www.news.com.au/subscribe/news/1/?offerset=nw_default&utm_medium=EDM&int_source=EDM&int_campaign=Project_Zero_Apr21&int_content=EDM&sourceCode=NWWEB_EDM0104202114365 Protocol H3 Server 2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.news.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Sun, 06 Feb 2022 02:48:04 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-security-policy script-src 'none'; object-src 'none' content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers pragma no-cache date Sun, 06 Feb 2022 02:48:04 GMT x-content-type-options nosniff server cafe p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" content-type image/gif location https://www.google.de/pagead/1p-user-list/991686727/?value=1.00&label=wbPrCOmzzgkQx-Dv2AM&guid=ON&script=0&is_vtc=1&random=3832686810&ipr=y cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-security-policy script-src 'none'; object-src 'none' timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	s29598511152485 metrics.news.com.au/b/ss/newscorpau-newscomauweb,newscorpau-global/1/JS-2.22.0/	43 B 140 B	17ms 17ms	Image image/gif	15.188.95.229 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://metrics.news.com.au/b/ss/newscorpau-newscomauweb,newscorpau-global/1/JS-2.22.0/s29598511152485?AQB=1&ndh=1&pf=1&t=6%2F1%2F2022%202%3A48%3A4%200%200&cid.&newsnkidcookie.&id=cc873177cdc9191e34a3597510bfa0eb&as=1&.newsnkidcookie&.cid&vid=cc873177cdc9191e34a3597510bfa0eb&mid=51283567641469298263194384379692585793&aamlh=6&ce=UTF-8&ns=newscorpau&cdp=3&pageName=newscomau%7Csops%7Cshopfront%7Cacq%2Bshopfront&g=https%3A%2F%2Fwww.news.com.au%2Fsubscribe%2Fnews%2F1%2F%3Fofferset%3Dnw_default%26utm_medium%3DEDM%26int_source%3DEDM%26int_campaign%3DProject_Zero_Apr21%26int_content%3DEDM%26sourceCode%3DNWWEB_EDM0104202114365&cc=AUD&events=event8&v1=news%20corp%20au&v2=newscomau&v3=newscomau%20web&v4=sops&v5=subscription&v6=customer%20details&v9=acq%2Bshopfront&v10=D%3DpageName&v11=D%3Dvid&v14=anonymous&v22=1%3A48%20PM%7CSunday&v24=New&v34=D%3Dg&v77=D%3Dmid&v125=gp&pe=lnk_o&pev2=event&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=5FE61C8B533204850A490D4D%40AdobeOrg&lrt=115&AQE=1 Requested by Host: www.news.com.au URL: https://www.news.com.au/subscribe/news/1/?offerset=nw_default&utm_medium=EDM&int_source=EDM&int_campaign=Project_Zero_Apr21&int_content=EDM&sourceCode=NWWEB_EDM0104202114365 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 15.188.95.229 Paris, France, ASN16509 (AMAZON-02, US), Reverse DNS ec2-15-188-95-229.eu-west-3.compute.amazonaws.com Software jag / Resource Hash a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.news.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sun, 06 Feb 2022 02:48:04 GMT x-content-type-options nosniff x-c main-1585.I7afc85.M0-540 p3p CP="This is not a P3P policy" vary * content-length 43 x-xss-protection 1; mode=block pragma no-cache last-modified Mon, 07 Feb 2022 02:48:04 GMT server jag xserver anedge-cdfbd77b-gthg2 etag 3530711547269152768-4619359255768567353 strict-transport-security max-age=31536000; includeSubDomains content-type image/gif;charset=utf-8 access-control-allow-origin * cache-control no-cache, no-store, max-age=0, no-transform, private expires Sat, 05 Feb 2022 02:48:04 GMT
POST H3	200	log Show response play.google.com/ Frame 4ECC	131 B 155 B	17ms 17ms	XHR text/plain	2a00:1450:4001:82a::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://play.google.com/log?format=json&hasfast=true Requested by Host: www.gstatic.com URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.Fif0AWy9eCw.es5.O/am=DAAE/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/esmo=1/rs=AMitfrikhH758XwWgXxEXaM71kgGOvsvbw/m=_b,_tp Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Playlog / Resource Hash 502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358 Security Headers Name Value X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Referer https://pay.google.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Content-Type application/x-www-form-urlencoded;charset=UTF-8 Response headers date Sun, 06 Feb 2022 02:48:04 GMT content-encoding gzip server Playlog access-control-allow-headers X-Playlog-Web x-frame-options SAMEORIGIN p3p CP="This is not a P3P policy! See g.co/p3phelp for more info." access-control-allow-origin https://pay.google.com cache-control private access-control-allow-credentials true cross-origin-resource-policy cross-origin content-type text/plain; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 131 x-xss-protection 0 expires Sun, 06 Feb 2022 02:48:04 GMT
GET H/1.1	200	partner sync.search.spotxchange.com/ Frame 4334 Redirect Chain https://sync-tm.everesttech.net/upi/pid/h0r58thg?redir=https%3A%2F%2Fsync.search.spotxchange.com%2Fpartner%3Fadv_id%3D6409%26uid%3D%24%7BUSER_ID%7D%26img%3D1 https://sync.search.spotxchange.com/partner?adv_id=6409&uid=Yf824gAAAF0HsgP7&img=1 https://sync.search.spotxchange.com/partner?adv_id=6409&uid=Yf824gAAAF0HsgP7&img=1&__user_check__=1&sync_id=34e3596b-86f7-11ec-9c0f-1342c0320506	43 B 548 B	18ms 18ms	Image image/gif	185.94.180.125 SPOTX-AMS
General Check archive.org Show headers Download Go to Show image Full URL https://sync.search.spotxchange.com/partner?adv_id=6409&uid=Yf824gAAAF0HsgP7&img=1&__user_check__=1&sync_id=34e3596b-86f7-11ec-9c0f-1342c0320506 Requested by Host: www.news.com.au URL: https://www.news.com.au/subscribe/news/1/?offerset=nw_default&utm_medium=EDM&int_source=EDM&int_campaign=Project_Zero_Apr21&int_content=EDM&sourceCode=NWWEB_EDM0104202114365 Protocol HTTP/1.1 Server 185.94.180.125 Amsterdam, Netherlands, ASN35220 (SPOTX-AMS, US), Reverse DNS Software nginx / Resource Hash e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e Request headers Accept-Language de-DE,de;q=0.9 Referer https://newscorpau.demdex.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Date Sun, 06 Feb 2022 02:48:04 GMT Server nginx Access-Control-Allow-Methods GET, POST, OPTIONS Content-Type image/gif Access-Control-Allow-Origin * Cache-Control no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0 Access-Control-Allow-Credentials false X-fe 68 Connection keep-alive Content-Length 43 Redirect headers Date Sun, 06 Feb 2022 02:48:04 GMT Server nginx Location /partner?adv_id=6409&uid=Yf824gAAAF0HsgP7&img=1&__user_check__=1&sync_id=34e3596b-86f7-11ec-9c0f-1342c0320506 Access-Control-Allow-Methods GET, POST, OPTIONS Content-Type text/plain Access-Control-Allow-Origin * Cache-Control no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0 Access-Control-Allow-Credentials false X-fe 90 Connection keep-alive Content-Length 0
GET H2	200	b.php www.facebook.com/fr/ Frame 4334 Redirect Chain https://sync-tm.everesttech.net/upi/pid/r7ifn0SL?redir=https%3A%2F%2Fwww.facebook.com%2Ffr%2Fb.php%3Fp%3D1531105787105294%26e%3D%24%7BTM_USER_ID%7D%26t%3D2592000%26o%3D0 https://www.facebook.com/fr/b.php?p=1531105787105294&e=Yf824gAAAF0HsgP7&t=2592000&o=0	43 B 2 KB	164ms 45ms	Image image/gif	2a03:2880:f11c:8183:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/fr/b.php?p=1531105787105294&e=Yf824gAAAF0HsgP7&t=2592000&o=0 Requested by Host: www.news.com.au URL: https://www.news.com.au/subscribe/news/1/?offerset=nw_default&utm_medium=EDM&int_source=EDM&int_campaign=Project_Zero_Apr21&int_content=EDM&sourceCode=NWWEB_EDM0104202114365 Protocol H2 Server 2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87 Security Headers Name Value Strict-Transport-Security max-age=15552000; preload X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://newscorpau.demdex.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sat, 05 Feb 2022 18:48:04 PST content-encoding br x-content-type-options nosniff document-policy force-load-at-top content-security-policy-report-only default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0; alt-svc h3=":443"; ma=3600, h3-29=":443"; ma=3600 x-fb-rlafr 0 pragma public x-fb-debug IHTJSRKnKblNl6s3d0Cb9sFMCd+rshaz4g4QZ9DnI0hZKIHTmTC0oMVFAm+i2gAt98yL21gFTel+WBdu6VEX5Q== cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" cross-origin-opener-policy same-origin-allow-popups strict-transport-security max-age=15552000; preload report-to {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"} content-type image/gif vary Accept-Encoding cache-control public, max-age=0 priority u=3,i expires Sat, 05 Feb 2022 18:48:04 PST Redirect headers pragma no-cache date Sun, 06 Feb 2022 02:48:04 GMT via 1.1 varnish server Varnish x-timer S1644115684.261024,VS0,VE0 x-served-by cache-hhn4050-HHN x-cache HIT location https://www.facebook.com/fr/b.php?p=1531105787105294&e=Yf824gAAAF0HsgP7&t=2592000&o=0 cache-control no-cache accept-ranges bytes content-length 0 retry-after 0 x-cache-hits 0
GET H2	200	cm trc.taboola.com/sg/adobe/1/ Frame 4334	43 B 231 B	79ms 43ms	Image image/gif	2a04:4e42:600::300 FASTLY
General Check archive.org Show headers Download Go to Show image Full URL https://trc.taboola.com/sg/adobe/1/cm?gdpr=0&gdpr_consent= Requested by Host: www.news.com.au URL: https://www.news.com.au/subscribe/news/1/?offerset=nw_default&utm_medium=EDM&int_source=EDM&int_campaign=Project_Zero_Apr21&int_content=EDM&sourceCode=NWWEB_EDM0104202114365 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42:600::300 , United States, ASN54113 (FASTLY, US), Reverse DNS Software nginx / Resource Hash 0d9762a1a60deef8aa093c473ad27c38eed77184d6940e7df06d89d77cbd3e94 Request headers Accept-Language de-DE,de;q=0.9 Referer https://newscorpau.demdex.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers x-vcl-time-ms 27 pragma no-cache date Sun, 06 Feb 2022 02:48:04 GMT via 1.1 varnish server nginx x-timer S1644115684.402345,VS0,VE27 x-served-by cache-mxp6977-MXP x-cache MISS cache-control no-cache, no-store accept-ranges bytes x-cache-hits 0
GET H/1.1	200 OK	ibs:dpid=461447&dpuuid=RX-1f1c872e-871f-4761-995b-0a5d416b1ed0-003 dpm.demdex.net/ Frame 4334 Redirect Chain https://sync.1rx.io/usersync/adobe/0?dspret=1&redir=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D461447%26dpuuid%3D%5BRX_UUID%5D https://sync.1rx.io/usersync/adobe/0?zcc=1&redir=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D461447%26dpuuid%3D%5BRX_UUID%5D&cb=1644115684506 https://sync.targeting.unrulymedia.com/csync/RX-1f1c872e-871f-4761-995b-0a5d416b1ed0-003?redir=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D461447%26dpuuid%3DRX-1f1c872e-871f-4761-995b-0a5d416b1ed0-003 https://dpm.demdex.net/ibs:dpid=461447&dpuuid=RX-1f1c872e-871f-4761-995b-0a5d416b1ed0-003	42 B 943 B	32ms 31ms	Image image/gif	52.31.238.195 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://dpm.demdex.net/ibs:dpid=461447&dpuuid=RX-1f1c872e-871f-4761-995b-0a5d416b1ed0-003 Requested by Host: www.news.com.au URL: https://www.news.com.au/subscribe/news/1/?offerset=nw_default&utm_medium=EDM&int_source=EDM&int_campaign=Project_Zero_Apr21&int_content=EDM&sourceCode=NWWEB_EDM0104202114365 Protocol HTTP/1.1 Server 52.31.238.195 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-31-238-195.eu-west-1.compute.amazonaws.com Software / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://newscorpau.demdex.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers DCS dcs-prod-irl1-2-v027-0b8f90721.edge-irl1.demdex.com UNKNOWN Pragma no-cache Strict-Transport-Security max-age=31536000; includeSubDomains content-encoding gzip X-Content-Type-Options nosniff X-TID GcsnfkQJRC8= P3P policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT" Cache-Control no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private Connection keep-alive Content-Type image/gif Content-Length 59 Expires Thu, 01 Jan 1970 00:00:00 UTC Redirect headers location https://dpm.demdex.net/ibs:dpid=461447&dpuuid=RX-1f1c872e-871f-4761-995b-0a5d416b1ed0-003 date Sun, 06 Feb 2022 02:48:04 GMT server Tengine p3p CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why" etag RX1f1c872e871f4761995b0a5d416b1ed0003 content-type text/html
GET		ab1de4d login.newscorpaustralia.com/akam/11/ Frame 65D6	0 0
GET		dFxoQRo login.newscorpaustralia.com/Vz6N43/lU/f1/z1e4/0BoaQTOfCrqBE/aQNOwzbc/TXZPMGgAJwM/eygy/ Frame 65D6	0 0
GET H2	200	435.js Show response subscriptions.news.com.au/caas/1.8.6/ Frame E1CF	27 KB 9 KB	17ms 16ms	Script text/javascript	18.66.97.29 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://subscriptions.news.com.au/caas/1.8.6/435.js Requested by Host: subscriptions.news.com.au URL: https://subscriptions.news.com.au/caas/1.8.6/runtime~main.js?9eed0ed2ccb8a40de0a9 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.97.29 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-97-29.fra56.r.cloudfront.net Software AmazonS3 / Resource Hash 176a4d7346001286ad894be3cc341bd466f932e48f947c14deddd5ce422ac519 Request headers Accept-Language de-DE,de;q=0.9 Referer https://subscriptions.news.com.au/caas/index.html?pageType=spc User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sat, 05 Feb 2022 09:08:17 GMT content-encoding gzip last-modified Mon, 20 Dec 2021 04:01:30 GMT server AmazonS3 age 63589 etag W/"d06060475925fd26eebf19d729f1fcd0" vary Accept-Encoding x-cache Hit from cloudfront content-type text/javascript via 1.1 93b8205e2f07a7099af2e6fd126d9658.cloudfront.net (CloudFront) x-amz-cf-pop FRA56-P2 x-amz-cf-id DmTDiLzT5MJ63FBFpAQeQHXaIRBfpKSTsxQfdrbD13MdhddbECxXsg==
GET H2	200	33.js Show response subscriptions.news.com.au/caas/1.8.6/ Frame E1CF	8 KB 3 KB	19ms 17ms	Script text/javascript	18.66.97.29 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://subscriptions.news.com.au/caas/1.8.6/33.js Requested by Host: subscriptions.news.com.au URL: https://subscriptions.news.com.au/caas/1.8.6/runtime~main.js?9eed0ed2ccb8a40de0a9 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.97.29 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-97-29.fra56.r.cloudfront.net Software AmazonS3 / Resource Hash cf3b2803b89ea7487c5d3d0104c7ff4edb35d12fd865fb98f83b1502d01437fa Request headers Accept-Language de-DE,de;q=0.9 Referer https://subscriptions.news.com.au/caas/index.html?pageType=spc User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sat, 05 Feb 2022 09:08:17 GMT content-encoding gzip last-modified Mon, 20 Dec 2021 04:01:30 GMT server AmazonS3 age 63589 etag W/"a5936e74bd56ad438f5f65c3b91c82d0" vary Accept-Encoding x-cache Hit from cloudfront content-type text/javascript via 1.1 93b8205e2f07a7099af2e6fd126d9658.cloudfront.net (CloudFront) x-amz-cf-pop FRA56-P2 x-amz-cf-id XjAYi8y15YLSpBn6nThQ77NTSkEKNCmsaQXQSGJJLrZ3V8lJjNuWTg==
GET H2	200	725.async.js Show response subscriptions.news.com.au/caas/1.8.6/ Frame E1CF	17 KB 6 KB	17ms 16ms	Script text/javascript	18.66.97.29 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://subscriptions.news.com.au/caas/1.8.6/725.async.js Requested by Host: subscriptions.news.com.au URL: https://subscriptions.news.com.au/caas/1.8.6/runtime~main.js?9eed0ed2ccb8a40de0a9 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.97.29 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-97-29.fra56.r.cloudfront.net Software AmazonS3 / Resource Hash a3155980f17aa9810c11e073b810370bf031cfa09d2323f003c80ad1877035bc Request headers Accept-Language de-DE,de;q=0.9 Referer https://subscriptions.news.com.au/caas/index.html?pageType=spc User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sat, 05 Feb 2022 03:03:17 GMT content-encoding gzip last-modified Mon, 20 Dec 2021 04:01:30 GMT server AmazonS3 age 85489 etag W/"dd99792a8fea691437611f7e73021c0a" vary Accept-Encoding x-cache Hit from cloudfront content-type text/javascript via 1.1 93b8205e2f07a7099af2e6fd126d9658.cloudfront.net (CloudFront) x-amz-cf-pop FRA56-P2 x-amz-cf-id Gm9HYVhwD5XOSZkWubgEgf4Ww6ao3yJiXuOpkUeaQ4uGU_47RZUOyw==
GET H2	200	357.async.js Show response subscriptions.news.com.au/caas/1.8.6/ Frame E1CF	25 KB 9 KB	17ms 17ms	Script text/javascript	18.66.97.29 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://subscriptions.news.com.au/caas/1.8.6/357.async.js Requested by Host: subscriptions.news.com.au URL: https://subscriptions.news.com.au/caas/1.8.6/runtime~main.js?9eed0ed2ccb8a40de0a9 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.97.29 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-97-29.fra56.r.cloudfront.net Software AmazonS3 / Resource Hash dfad6d1cecf7337dcd922f1fab22a655d9e28aedddebb6d8ef5c07c8c277009b Request headers Accept-Language de-DE,de;q=0.9 Referer https://subscriptions.news.com.au/caas/index.html?pageType=spc User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sat, 05 Feb 2022 13:58:09 GMT content-encoding gzip last-modified Mon, 20 Dec 2021 04:01:30 GMT server AmazonS3 age 46196 etag W/"6849ace129baf5312aeedd2b943cf3b7" vary Accept-Encoding x-cache Hit from cloudfront content-type text/javascript via 1.1 93b8205e2f07a7099af2e6fd126d9658.cloudfront.net (CloudFront) x-amz-cf-pop FRA56-P2 x-amz-cf-id 0Wc9oO5m2NNqLiznaRd6IxhUxBmxe0jy6a20rM9xAxUwuXfdlMn6gA==
GET H2	200	628.js Show response subscriptions.news.com.au/caas/1.8.6/ Frame E1CF	11 KB 4 KB	17ms 16ms	Script text/javascript	18.66.97.29 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://subscriptions.news.com.au/caas/1.8.6/628.js Requested by Host: subscriptions.news.com.au URL: https://subscriptions.news.com.au/caas/1.8.6/runtime~main.js?9eed0ed2ccb8a40de0a9 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.97.29 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-97-29.fra56.r.cloudfront.net Software AmazonS3 / Resource Hash bb078b9b0f89b013f7403d2a6fdec108b6db8acb979e3183d9137cd1278c5f96 Request headers Accept-Language de-DE,de;q=0.9 Referer https://subscriptions.news.com.au/caas/index.html?pageType=spc User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sat, 05 Feb 2022 03:03:17 GMT content-encoding gzip last-modified Mon, 20 Dec 2021 04:01:30 GMT server AmazonS3 age 85489 etag W/"96695a7496944f9fc05e9490afd5db61" vary Accept-Encoding x-cache Hit from cloudfront content-type text/javascript via 1.1 93b8205e2f07a7099af2e6fd126d9658.cloudfront.net (CloudFront) x-amz-cf-pop FRA56-P2 x-amz-cf-id hgOa79BL3_3DXohYvmMVZeu7pPvsRgko_TJjczK4E3aaZJHX9q8iyQ==
GET H2	200	722.async.js Show response subscriptions.news.com.au/caas/1.8.6/ Frame E1CF	120 KB 46 KB	19ms 18ms	Script text/javascript	18.66.97.29 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://subscriptions.news.com.au/caas/1.8.6/722.async.js Requested by Host: subscriptions.news.com.au URL: https://subscriptions.news.com.au/caas/1.8.6/runtime~main.js?9eed0ed2ccb8a40de0a9 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.97.29 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-97-29.fra56.r.cloudfront.net Software AmazonS3 / Resource Hash f44ce91be276fd91990958fc11c2866246ea8a7f8b5ff7d8721826181abaf61d Request headers Accept-Language de-DE,de;q=0.9 Referer https://subscriptions.news.com.au/caas/index.html?pageType=spc User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sat, 05 Feb 2022 09:08:17 GMT content-encoding gzip last-modified Mon, 20 Dec 2021 04:01:30 GMT server AmazonS3 age 63589 etag W/"76e36bf04898b3df9ba2f47f8849c378" vary Accept-Encoding x-cache Hit from cloudfront content-type text/javascript via 1.1 93b8205e2f07a7099af2e6fd126d9658.cloudfront.net (CloudFront) x-amz-cf-pop FRA56-P2 x-amz-cf-id ONxKdDBhpMBOW0phwOOeVMUCFgQABM_pAo55h_VkNIUQ8je0_0k9Cw==
GET H2	200	SourceSansPro.css subscriptions.news.com.au/media/fonts/SourceSansPro/ Frame E1CF	2 KB 2 KB	9ms 8ms	Stylesheet text/css	18.66.97.29 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://subscriptions.news.com.au/media/fonts/SourceSansPro/SourceSansPro.css Requested by Host: client URL: about:client Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.97.29 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-97-29.fra56.r.cloudfront.net Software AmazonS3 / Resource Hash 388d1df3fdfee665c3bc7d059e42500524e8f180febba13620847ec8b836fd33 Request headers Accept-Language de-DE,de;q=0.9 Referer https://subscriptions.news.com.au/caas/index.html?pageType=spc User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers x-amz-version-id BU9pslV_1tk2oM9KNiljnrkOp3wYAVog via 1.1 93b8205e2f07a7099af2e6fd126d9658.cloudfront.net (CloudFront) last-modified Wed, 23 Sep 2020 08:43:42 GMT server AmazonS3 age 82237 etag "2a13a755f725cea2c202bc30af451d10" x-cache Hit from cloudfront content-type text/css date Sat, 05 Feb 2022 03:57:29 GMT x-amz-cf-pop FRA56-P2 accept-ranges bytes content-length 2173 x-amz-cf-id AnoEJ0wQZJpuJ5vn5bAY3-YMx3oQdcGJjwqzTDG_KCUvNCyPnaNwAA==
GET H2	200	Charter.css subscriptions.news.com.au/media/fonts/Charter/ Frame E1CF	2 KB 2 KB	9ms 8ms	Stylesheet text/css	18.66.97.29 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://subscriptions.news.com.au/media/fonts/Charter/Charter.css Requested by Host: client URL: about:client Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.97.29 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-97-29.fra56.r.cloudfront.net Software AmazonS3 / Resource Hash ccda4fea5d95b6e07fadfff761f20fd106531b7f780fe470aa565f4c365301d7 Request headers Accept-Language de-DE,de;q=0.9 Referer https://subscriptions.news.com.au/caas/index.html?pageType=spc User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers x-amz-version-id 78tZPx9F6ldnoT3vI7OxzT3AZa.JXQqe via 1.1 93b8205e2f07a7099af2e6fd126d9658.cloudfront.net (CloudFront) last-modified Wed, 23 Sep 2020 08:43:10 GMT server AmazonS3 age 86324 etag "9d796e9621f8bd2ea24552819973cb20" x-cache Hit from cloudfront content-type text/css date Sun, 06 Feb 2022 01:55:17 GMT x-amz-cf-pop FRA56-P2 accept-ranges bytes content-length 1635 x-amz-cf-id AyQNA-_9xZfbgbNtPREyCOAEP9kCleLLYXG-cKon7yIdS34qN2nR0w==
GET H2	200	imgNewsNetwork.png subscriptions.news.com.au/caas/1.8.6/assets/ Frame E1CF	81 KB 81 KB	20ms 18ms	Image image/png	18.66.97.29 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://subscriptions.news.com.au/caas/1.8.6/assets/imgNewsNetwork.png Requested by Host: www.news.com.au URL: https://www.news.com.au/subscribe/news/1/?offerset=nw_default&utm_medium=EDM&int_source=EDM&int_campaign=Project_Zero_Apr21&int_content=EDM&sourceCode=NWWEB_EDM0104202114365 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.97.29 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-97-29.fra56.r.cloudfront.net Software AmazonS3 / Resource Hash 4406e1e08bf9c851b1835b1e64637ab59d0e8eb1575208e133bf2646504282c7 Request headers Accept-Language de-DE,de;q=0.9 Referer https://subscriptions.news.com.au/caas/index.html?pageType=spc User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sat, 05 Feb 2022 16:04:54 GMT via 1.1 93b8205e2f07a7099af2e6fd126d9658.cloudfront.net (CloudFront) last-modified Mon, 20 Dec 2021 04:01:30 GMT server AmazonS3 age 38591 etag "4902bece95fa902e735badb18a2a0426" x-cache Hit from cloudfront content-type image/png x-amz-cf-pop FRA56-P2 accept-ranges bytes content-length 82912 x-amz-cf-id gSQkAJ_TjZf6Ct4xmgVL1QrWYGEpi2WF_vsbpeDLHvkSCE3pu9WDiA==
GET H3	200	api.js Show response www.google.com/recaptcha/ Frame E1CF	884 B 605 B	21ms 20ms	Script text/javascript	2a00:1450:4001:80f::2004 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google.com/recaptcha/api.js?render=6LcRJpMUAAAAAO8Xa3AIJqR0hnCyDnJcZwTFp6pJ Requested by Host: subscriptions.news.com.au URL: https://subscriptions.news.com.au/caas/1.8.6/722.async.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software GSE / Resource Hash 65300ffabcb1947b82dd806412585b698f8884e01433719a4a9bb4f95eebee6f Security Headers Name Value Content-Security-Policy frame-ancestors 'self' X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Accept-Language de-DE,de;q=0.9 Referer https://subscriptions.news.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sun, 06 Feb 2022 02:48:05 GMT content-encoding gzip x-content-type-options nosniff server GSE x-frame-options SAMEORIGIN content-type text/javascript; charset=UTF-8 cache-control private, max-age=300 cross-origin-resource-policy cross-origin content-security-policy frame-ancestors 'self' alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 584 x-xss-protection 1; mode=block expires Sun, 06 Feb 2022 02:48:05 GMT
GET		NW_SDO_BNG21AM01 commerceapi.news.com.au/offersapi/offers/ Frame E1CF	0 0
OPTIONS H2	200	NW_SDO_BNG21AM01 commerceapi.news.com.au/offersapi/offers/ Frame	0 0	1333ms 1155ms	Preflight application/json	2.18.233.28 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://commerceapi.news.com.au/offersapi/offers/NW_SDO_BNG21AM01 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2.18.233.28 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a2-18-233-28.deploy.static.akamaitechnologies.com Software / Resource Hash Request headers Accept */* Access-Control-Request-Method GET Access-Control-Request-Headers x-api-key Origin https://subscriptions.news.com.au User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Sec-Fetch-Mode cors Response headers content-type application/json content-length 1 x-amzn-requestid c2b690af-a7a1-43b4-8a33-a978059c4c38 access-control-allow-origin https://subscriptions.news.com.au access-control-allow-headers Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Amz-User-Agent x-amz-apigw-id NGWEBEAtSwMFWGw= access-control-allow-methods OPTIONS,GET x-amz-cf-pop FRA50-C1 x-amz-cf-id lGJO-qIFmQAB3MaNIcSBwBt48fQNyzMFfdyU5Hd8tdzPu9mjVxRJiQ== date Sun, 06 Feb 2022 02:48:06 GMT
GET DATA	200 OK	truncated / Frame E1CF	520 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 698b75b34c376b73b97acf42f0ec14f3554b420e658c4fe98d87721e4b5f7d8a Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated / Frame E1CF	466 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 48e995c834f9cbb64904650cbb722ab0c92effb6c59cf493aa055fcc1fc0417a Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Content-Type image/png
GET H2	200	Eva-Bold.woff2 subscriptions.news.com.au/media/fonts/Eva/ Frame E1CF	19 KB 19 KB	20ms 20ms	Font binary/octet-stream	18.66.97.29 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://subscriptions.news.com.au/media/fonts/Eva/Eva-Bold.woff2 Requested by Host: subscriptions.news.com.au URL: https://subscriptions.news.com.au/media/fonts/Eva/Eva.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.97.29 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-97-29.fra56.r.cloudfront.net Software AmazonS3 / Resource Hash 5877830ab315f6730602512594573f4c9e023d8bab3d47b2d307f73f0ec9718d Request headers Referer https://subscriptions.news.com.au/media/fonts/Eva/Eva.css Origin https://subscriptions.news.com.au Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sat, 05 Feb 2022 15:47:32 GMT via 1.1 93b8205e2f07a7099af2e6fd126d9658.cloudfront.net (CloudFront) age 39634 x-cache Hit from cloudfront content-length 19448 last-modified Thu, 22 Apr 2021 02:14:17 GMT server AmazonS3 etag "98e685d0f5cea308949285281359bd23" access-control-max-age 3000 access-control-allow-methods GET x-amz-version-id 7h4eyef82DK_rbpnd_uVa5gr5bBm93ll access-control-allow-origin * x-amz-cf-pop FRA56-P2 accept-ranges bytes content-type binary/octet-stream x-amz-cf-id zVx7c5CLdbtnOLlK-YZ1-yE3-uaUUvyBp0qqF1qRS-m3T0LzNtawYQ==
GET H3	200	recaptcha__de.js Show response www.gstatic.com/recaptcha/releases/1p3YWy80wlZ7Q8QFR1gjazwU/ Frame E1CF	356 KB 140 KB	24ms 7ms	Script text/javascript	2a00:1450:4001:827::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.gstatic.com/recaptcha/releases/1p3YWy80wlZ7Q8QFR1gjazwU/recaptcha__de.js Requested by Host: www.google.com URL: https://www.google.com/recaptcha/api.js?render=6LcRJpMUAAAAAO8Xa3AIJqR0hnCyDnJcZwTFp6pJ Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash ebc6ea0f875078e989460766ea6ae585b43650cb2408daf4183e72a4101881f0 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://subscriptions.news.com.au/ Origin https://subscriptions.news.com.au Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sun, 06 Feb 2022 00:51:08 GMT content-encoding gzip x-content-type-options nosniff age 7017 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 143107 x-xss-protection 0 last-modified Mon, 31 Jan 2022 05:04:01 GMT server sffe cross-origin-opener-policy same-origin-allow-popups; report-to="recaptcha" vary Accept-Encoding report-to {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} content-type text/javascript access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes expires Mon, 06 Feb 2023 00:51:08 GMT
GET H3	200	anchor Show response www.google.com/recaptcha/api2/ Frame F905	40 KB 20 KB	24ms 23ms	Document text/html	2a00:1450:4001:80f::2004 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcRJpMUAAAAAO8Xa3AIJqR0hnCyDnJcZwTFp6pJ&co=aHR0cHM6Ly9zdWJzY3JpcHRpb25zLm5ld3MuY29tLmF1OjQ0Mw..&hl=de&v=1p3YWy80wlZ7Q8QFR1gjazwU&size=invisible&cb=3bztbns3qcwf Requested by Host: www.gstatic.com URL: https://www.gstatic.com/recaptcha/releases/1p3YWy80wlZ7Q8QFR1gjazwU/recaptcha__de.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software GSE / Resource Hash 12bd8e7130dbe895f6d8a6a18860112f6137dc73686286374267452026bbf5f1 Security Headers Name Value Content-Security-Policy script-src 'report-sample' 'nonce-hgVSr3Hbo6IdwXD/FReNKA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://subscriptions.news.com.au/ Response headers cross-origin-resource-policy cross-origin cross-origin-embedder-policy require-corp report-to {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} content-type text/html; charset=utf-8 cache-control no-cache, no-store, max-age=0, must-revalidate pragma no-cache expires Mon, 01 Jan 1990 00:00:00 GMT date Sun, 06 Feb 2022 02:48:05 GMT content-security-policy script-src 'report-sample' 'nonce-hgVSr3Hbo6IdwXD/FReNKA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1 content-encoding gzip x-content-type-options nosniff x-xss-protection 1; mode=block content-length 20758 server GSE alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H3	200	styles__ltr.css www.gstatic.com/recaptcha/releases/1p3YWy80wlZ7Q8QFR1gjazwU/ Frame F905	51 KB 24 KB	8ms 7ms	Stylesheet text/css	2a00:1450:4001:827::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.gstatic.com/recaptcha/releases/1p3YWy80wlZ7Q8QFR1gjazwU/styles__ltr.css Requested by Host: www.google.com URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcRJpMUAAAAAO8Xa3AIJqR0hnCyDnJcZwTFp6pJ&co=aHR0cHM6Ly9zdWJzY3JpcHRpb25zLm5ld3MuY29tLmF1OjQ0Mw..&hl=de&v=1p3YWy80wlZ7Q8QFR1gjazwU&size=invisible&cb=3bztbns3qcwf Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash f6d032132eed5aa1a417456f07864c51fe631858b190224cf7d1a50116d15f48 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.google.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sun, 06 Feb 2022 02:36:43 GMT content-encoding gzip x-content-type-options nosniff age 682 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 24237 x-xss-protection 0 last-modified Mon, 31 Jan 2022 05:04:01 GMT server sffe cross-origin-opener-policy same-origin-allow-popups; report-to="recaptcha" vary Accept-Encoding report-to {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} content-type text/css cache-control public, max-age=31536000 accept-ranges bytes expires Mon, 06 Feb 2023 02:36:43 GMT
GET H3	200	recaptcha__de.js Show response www.gstatic.com/recaptcha/releases/1p3YWy80wlZ7Q8QFR1gjazwU/ Frame F905	356 KB 140 KB	10ms 10ms	Script text/javascript	2a00:1450:4001:827::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.gstatic.com/recaptcha/releases/1p3YWy80wlZ7Q8QFR1gjazwU/recaptcha__de.js Requested by Host: www.google.com URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcRJpMUAAAAAO8Xa3AIJqR0hnCyDnJcZwTFp6pJ&co=aHR0cHM6Ly9zdWJzY3JpcHRpb25zLm5ld3MuY29tLmF1OjQ0Mw..&hl=de&v=1p3YWy80wlZ7Q8QFR1gjazwU&size=invisible&cb=3bztbns3qcwf Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash ebc6ea0f875078e989460766ea6ae585b43650cb2408daf4183e72a4101881f0 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.google.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sun, 06 Feb 2022 00:51:08 GMT content-encoding gzip x-content-type-options nosniff age 7017 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 143107 x-xss-protection 0 last-modified Mon, 31 Jan 2022 05:04:01 GMT server sffe cross-origin-opener-policy same-origin-allow-popups; report-to="recaptcha" vary Accept-Encoding report-to {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} content-type text/javascript access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes expires Mon, 06 Feb 2023 00:51:08 GMT
GET H3	200	logo_48.png www.gstatic.com/recaptcha/api2/ Frame F905	2 KB 2 KB	8ms 7ms	Image image/png	2a00:1450:4001:827::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.gstatic.com/recaptcha/api2/logo_48.png Requested by Host: www.gstatic.com URL: https://www.gstatic.com/recaptcha/releases/1p3YWy80wlZ7Q8QFR1gjazwU/styles__ltr.css Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.gstatic.com/recaptcha/releases/1p3YWy80wlZ7Q8QFR1gjazwU/styles__ltr.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Wed, 02 Feb 2022 03:05:30 GMT x-content-type-options nosniff age 344555 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 2228 x-xss-protection 0 last-modified Tue, 03 Mar 2020 20:15:00 GMT server sffe report-to {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} content-type image/png cache-control public, max-age=604800 accept-ranges bytes cross-origin-opener-policy-report-only same-origin-allow-popups; report-to="recaptcha" expires Wed, 09 Feb 2022 03:05:30 GMT
GET H2	200	KFOmCnqEu92Fr1Mu4mxK.woff2 fonts.gstatic.com/s/roboto/v18/ Frame F905	15 KB 16 KB	30ms 7ms	Font font/woff2	2a00:1450:4001:810::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 Requested by Host: www.google.com URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcRJpMUAAAAAO8Xa3AIJqR0hnCyDnJcZwTFp6pJ&co=aHR0cHM6Ly9zdWJzY3JpcHRpb25zLm5ld3MuY29tLmF1OjQ0Mw..&hl=de&v=1p3YWy80wlZ7Q8QFR1gjazwU&size=invisible&cb=3bztbns3qcwf Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://www.google.com/ Origin https://www.google.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 01 Feb 2022 11:18:05 GMT x-content-type-options nosniff age 401400 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 15344 x-xss-protection 0 last-modified Mon, 16 Oct 2017 17:32:55 GMT server sffe report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="apps-themes" expires Wed, 01 Feb 2023 11:18:05 GMT
GET H2	200	KFOlCnqEu92Fr1MmEU9fBBc4.woff2 fonts.gstatic.com/s/roboto/v18/ Frame F905	15 KB 15 KB	31ms 9ms	Font font/woff2	2a00:1450:4001:810::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 Requested by Host: www.google.com URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcRJpMUAAAAAO8Xa3AIJqR0hnCyDnJcZwTFp6pJ&co=aHR0cHM6Ly9zdWJzY3JpcHRpb25zLm5ld3MuY29tLmF1OjQ0Mw..&hl=de&v=1p3YWy80wlZ7Q8QFR1gjazwU&size=invisible&cb=3bztbns3qcwf Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://www.google.com/ Origin https://www.google.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 01 Feb 2022 18:59:48 GMT x-content-type-options nosniff age 373697 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 15552 x-xss-protection 0 last-modified Mon, 16 Oct 2017 17:33:02 GMT server sffe report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="apps-themes" expires Wed, 01 Feb 2023 18:59:48 GMT
GET H3	200	webworker.js www.google.com/recaptcha/api2/ Frame F905	102 B 134 B	16ms 15ms	Other text/javascript	2a00:1450:4001:80f::2004 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google.com/recaptcha/api2/webworker.js?hl=de&v=1p3YWy80wlZ7Q8QFR1gjazwU Requested by Host: www.google.com URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcRJpMUAAAAAO8Xa3AIJqR0hnCyDnJcZwTFp6pJ&co=aHR0cHM6Ly9zdWJzY3JpcHRpb25zLm5ld3MuY29tLmF1OjQ0Mw..&hl=de&v=1p3YWy80wlZ7Q8QFR1gjazwU&size=invisible&cb=3bztbns3qcwf Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software GSE / Resource Hash a008730522299bbac4765f675e7c08282ce7e440c55fcf93c59edc8d12be3851 Security Headers Name Value Content-Security-Policy frame-ancestors 'self' X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcRJpMUAAAAAO8Xa3AIJqR0hnCyDnJcZwTFp6pJ&co=aHR0cHM6Ly9zdWJzY3JpcHRpb25zLm5ld3MuY29tLmF1OjQ0Mw..&hl=de&v=1p3YWy80wlZ7Q8QFR1gjazwU&size=invisible&cb=3bztbns3qcwf User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sun, 06 Feb 2022 02:48:05 GMT content-encoding gzip x-content-type-options nosniff server GSE cross-origin-embedder-policy require-corp x-frame-options SAMEORIGIN report-to {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} content-type text/javascript; charset=UTF-8 cache-control private, max-age=300 content-security-policy frame-ancestors 'self' alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 112 x-xss-protection 1; mode=block expires Sun, 06 Feb 2022 02:48:05 GMT
GET H2	200	m-outer-08a1fefa46cfc8cc94fc477ddcdb0555.html Show response js.stripe.com/v3/ Frame 982B	240 B 962 B	20ms 20ms	Document text/html	18.64.79.36 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.stripe.com/v3/m-outer-08a1fefa46cfc8cc94fc477ddcdb0555.html Requested by Host: js.stripe.com URL: https://js.stripe.com/v3/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.64.79.36 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-64-79-36.txl50.r.cloudfront.net Software Cloudfront / Resource Hash f1870f734a253734a07b0542733fbed3b28ae811a83967deed504d31274407f4 Security Headers Name Value Content-Security-Policy default-src 'self'; connect-src 'self' https://r.stripe.com; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src https://m.stripe.network; img-src https://q.stripe.com; font-src 'none'; media-src 'none'; object-src 'none'; report-uri https://q.stripe.com/csp-report Strict-Transport-Security max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://www.news.com.au/ Response headers content-type text/html; charset=utf-8 content-length 240 last-modified Thu, 27 Jan 2022 19:43:21 GMT accept-ranges bytes server Cloudfront access-control-allow-origin * x-content-type-options nosniff strict-transport-security max-age=31556926; includeSubDomains; preload content-security-policy default-src 'self'; connect-src 'self' https://r.stripe.com; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src https://m.stripe.network; img-src https://q.stripe.com; font-src 'none'; media-src 'none'; object-src 'none'; report-uri https://q.stripe.com/csp-report timing-allow-origin * date Sun, 06 Feb 2022 02:34:44 GMT cache-control max-age=31536000 etag "08a1fefa46cfc8cc94fc477ddcdb0555" vary Accept-Encoding x-cache Hit from cloudfront via 1.1 e525bea03a9d3936e48892de5d4c1354.cloudfront.net (CloudFront) x-amz-cf-pop TXL50-P2 x-amz-cf-id yPZUjDWD9XJ6oxzUpiibco3rxe87GhGS5G9IuF2fbfsFa6UVTsFBKw== age 801
GET H2	200	sodar Show response pagead2.googlesyndication.com/getconfig/	13 KB 10 KB	42ms 18ms	XHR application/json	2a00:1450:4001:813::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022020101&st=env Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022020101.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 0661c6a0f294c30fbfbacf8b8f4eb6ca9777c65b932f080bc857dfd9ad67d592 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.news.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers timing-allow-origin * date Sun, 06 Feb 2022 02:48:05 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" access-control-allow-origin * cache-control private cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type application/json; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 9936 x-xss-protection 0
POST H2	200	0 Show response r.stripe.com/ Frame EC67	0 127 B	161ms 160ms	XHR text/plain	54.187.159.182 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://r.stripe.com/0 Requested by Host: js.stripe.com URL: https://js.stripe.com/v3/fingerprinted/js/shared-b6a8cdbf23b932ea2f703add0b40291a.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ip-54-187-159-182.stripe.com Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept application/json Referer https://js.stripe.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Content-Type application/x-www-form-urlencoded Response headers access-control-allow-origin https://js.stripe.com date Sun, 06 Feb 2022 02:48:05 GMT access-control-allow-credentials true server nginx content-length 0 content-type text/plain
POST H2	200	csp-report q.stripe.com/ Frame 982B	0 356 B	157ms 157ms	Other text/plain	54.186.23.98 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://q.stripe.com/csp-report Requested by Host: www.news.com.au URL: https://www.news.com.au/subscribe/news/1/?offerset=nw_default&utm_medium=EDM&int_source=EDM&int_campaign=Project_Zero_Apr21&int_content=EDM&sourceCode=NWWEB_EDM0104202114365 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.186.23.98 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ip-54-186-23-98.stripe.com Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://js.stripe.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Content-Type application/csp-report Response headers date Sun, 06 Feb 2022 02:48:05 GMT server nginx access-control-max-age 3600 access-control-allow-methods GET, POST, OPTIONS access-control-allow-origin https://js.stripe.com access-control-expose-headers Server, Range, Content-Type x-envoy-upstream-service-time 0 access-control-allow-headers Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token content-length 0
GET H2	200	m-outer-ebb7106827d6c64e55a93b6fe1303341.js Show response js.stripe.com/v3/fingerprinted/js/ Frame 982B	1 KB 1 KB	19ms 19ms	Script application/javascript	18.64.79.36 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.stripe.com/v3/fingerprinted/js/m-outer-ebb7106827d6c64e55a93b6fe1303341.js Requested by Host: js.stripe.com URL: https://js.stripe.com/v3/m-outer-08a1fefa46cfc8cc94fc477ddcdb0555.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.64.79.36 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-64-79-36.txl50.r.cloudfront.net Software Cloudfront / Resource Hash 6b5402ff8932ed835d39a31b75c6bc737a80f6ddcd6269a1fa53556485ca3ad8 Security Headers Name Value Strict-Transport-Security max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://js.stripe.com/v3/m-outer-08a1fefa46cfc8cc94fc477ddcdb0555.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers strict-transport-security max-age=31556926; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff age 47 x-cache Hit from cloudfront date Sun, 06 Feb 2022 02:47:22 GMT via 1.1 e525bea03a9d3936e48892de5d4c1354.cloudfront.net (CloudFront) last-modified Thu, 27 Jan 2022 19:43:06 GMT server Cloudfront etag W/"5213886b88cd72e6d0aebc89868e5d13" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=60 x-amz-cf-pop TXL50-P2 timing-allow-origin * x-amz-cf-id Y-uIUEh5qQB6pgainyCZQUGhi2c2eSt6NDH_4E0NaParNcsbUEO2ZQ==
GET H2	200	sodar2.js Show response tpc.googlesyndication.com/sodar/	17 KB 7 KB	61ms 39ms	Script text/javascript	2a00:1450:4001:827::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/sodar/sodar2.js Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022020101.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.news.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sun, 06 Feb 2022 02:48:05 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 6386 x-xss-protection 0 server sffe cross-origin-opener-policy same-origin; report-to="adspam-signals-scs" etag "1637097310169751" vary Accept-Encoding report-to {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]} content-type text/javascript cache-control private, max-age=3000 accept-ranges bytes expires Sun, 06 Feb 2022 02:48:05 GMT
GET H2	200	inner.html Show response m.stripe.network/ Frame 147A	932 B 2 KB	37ms 8ms	Document text/html	2600:9000:2057:a000:19:7d10:bd80:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://m.stripe.network/inner.html Requested by Host: js.stripe.com URL: https://js.stripe.com/v3/fingerprinted/js/m-outer-ebb7106827d6c64e55a93b6fe1303341.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2057:a000:19:7d10:bd80:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software Cloudfront / Resource Hash ed34a59f182c66e2b25c602f3c9b0f21435a8f475d5dbc9e6830ff4c7929f5cd Security Headers Name Value Content-Security-Policy connect-src 'self' https://m.stripe.com; default-src 'self'; font-src data: https:; frame-src 'self' https://js.stripe.com; img-src 'self' https://m.stripe.com; media-src 'none'; object-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; report-uri https://q.stripe.com/csp-report Strict-Transport-Security max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://js.stripe.com/ Response headers content-type text/html; charset=utf-8 content-length 932 last-modified Thu, 13 Jan 2022 18:40:12 GMT accept-ranges bytes server Cloudfront strict-transport-security max-age=31556926; includeSubDomains; preload timing-allow-origin * x-content-type-options nosniff content-security-policy-report-only base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-Qj6AdMOUjZkBBUTjGW/OORBoqx2Pohcq8Bg/ZvZzgYw=' 'report-sample'; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report content-security-policy connect-src 'self' https://m.stripe.com; default-src 'self'; font-src data: https:; frame-src 'self' https://js.stripe.com; img-src 'self' https://m.stripe.com; media-src 'none'; object-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; report-uri https://q.stripe.com/csp-report date Sun, 06 Feb 2022 02:44:33 GMT cache-control max-age=300, public etag "f6254e6dd0cb06228801a1c8baf0939f" vary Accept-Encoding x-cache Hit from cloudfront via 1.1 25c6baf0a31a5ef699c1e219b25ce7b8.cloudfront.net (CloudFront) x-amz-cf-pop FRA6-C1 x-amz-cf-id kue1L1ARbaa98vOgX6F8JyK1FAbB7GCrZp_1eUvb5CRxwUmIEzqJqQ== age 215
POST H2	200	csp-report q.stripe.com/ Frame 147A	0 130 B	158ms 158ms	Other text/plain	54.186.23.98 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://q.stripe.com/csp-report Requested by Host: www.news.com.au URL: https://www.news.com.au/subscribe/news/1/?offerset=nw_default&utm_medium=EDM&int_source=EDM&int_campaign=Project_Zero_Apr21&int_content=EDM&sourceCode=NWWEB_EDM0104202114365 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.186.23.98 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ip-54-186-23-98.stripe.com Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31556926; includeSubDomains; preload Request headers Referer https://m.stripe.network/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Content-Type application/csp-report Response headers date Sun, 06 Feb 2022 02:48:05 GMT x-envoy-upstream-service-time 1 server nginx content-length 0 strict-transport-security max-age=31556926; includeSubDomains; preload
POST H2	200	csp-report q.stripe.com/ Frame 147A	0 130 B	159ms 159ms	Other text/plain	54.186.23.98 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://q.stripe.com/csp-report Requested by Host: www.news.com.au URL: https://www.news.com.au/subscribe/news/1/?offerset=nw_default&utm_medium=EDM&int_source=EDM&int_campaign=Project_Zero_Apr21&int_content=EDM&sourceCode=NWWEB_EDM0104202114365 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.186.23.98 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ip-54-186-23-98.stripe.com Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31556926; includeSubDomains; preload Request headers Referer https://m.stripe.network/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Content-Type application/csp-report Response headers date Sun, 06 Feb 2022 02:48:05 GMT x-envoy-upstream-service-time 2 server nginx content-length 0 strict-transport-security max-age=31556926; includeSubDomains; preload
GET H2	200	out-4.5.41.js Show response m.stripe.network/ Frame 147A	85 KB 14 KB	9ms 9ms	Script text/javascript	2600:9000:2057:a000:19:7d10:bd80:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://m.stripe.network/out-4.5.41.js Requested by Host: m.stripe.network URL: https://m.stripe.network/inner.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2057:a000:19:7d10:bd80:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software Cloudfront / Resource Hash a2f6b81396ab1150effea054efbf1623212ea0419976389ce8f10e909d39e4c7 Security Headers Name Value Strict-Transport-Security max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://m.stripe.network/inner.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers strict-transport-security max-age=31556926; includeSubDomains; preload content-encoding br x-content-type-options nosniff age 257 x-cache Hit from cloudfront date Sun, 06 Feb 2022 02:44:46 GMT last-modified Thu, 13 Jan 2022 18:40:13 GMT server Cloudfront etag W/"2db385faf28cf5f9393cf01a0a1edfa2" vary Accept-Encoding content-type text/javascript; charset=utf-8 via 1.1 25c6baf0a31a5ef699c1e219b25ce7b8.cloudfront.net (CloudFront) cache-control max-age=300, public x-amz-cf-pop FRA6-C1 timing-allow-origin * x-amz-cf-id a-QLXrpBRWu9aGKVMk7ZSxrg97hqc4FF9F-gue4hmse2MPpYtxxhdA==
GET H3	200	runner.html Show response tpc.googlesyndication.com/sodar/sodar2/225/ Frame B730	13 KB 5 KB	25ms 7ms	Document text/html	2a00:1450:4001:827::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/sodar2.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://www.news.com.au/ Response headers accept-ranges bytes vary Accept-Encoding content-encoding gzip cross-origin-resource-policy cross-origin cross-origin-opener-policy same-origin; report-to="adspam-signals-scs" report-to {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]} content-length 5046 x-content-type-options nosniff server sffe x-xss-protection 0 date Sun, 06 Feb 2022 00:05:20 GMT expires Mon, 06 Feb 2023 00:05:20 GMT cache-control public, max-age=31536000 last-modified Mon, 21 Jun 2021 20:47:05 GMT content-type text/html age 9765 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H3	200	aframe Show response www.google.com/recaptcha/api2/ Frame 6A55	783 B 535 B	17ms 17ms	Document text/html	2a00:1450:4001:80f::2004 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google.com/recaptcha/api2/aframe Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/sodar2.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software GSE / Resource Hash 613d417041e4990a5d58618efa34059a748f4a82236c1132c65f3a6a82f76475 Security Headers Name Value Content-Security-Policy script-src 'report-sample' 'nonce-zPSfFSjQ4qQStrrBP7nG+w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://www.news.com.au/ Response headers cross-origin-resource-policy cross-origin cross-origin-embedder-policy require-corp report-to {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} expires Sun, 06 Feb 2022 02:48:05 GMT date Sun, 06 Feb 2022 02:48:05 GMT cache-control private, max-age=300 content-type text/html; charset=utf-8 content-security-policy script-src 'report-sample' 'nonce-zPSfFSjQ4qQStrrBP7nG+w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1 content-encoding gzip x-content-type-options nosniff x-xss-protection 1; mode=block content-length 513 server GSE alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
POST H2	200	6 Show response m.stripe.com/ Frame 147A	156 B 522 B	528ms 160ms	XHR application/json	44.228.63.192
General Check archive.org Show headers Download Go to Full URL https://m.stripe.com/6 Requested by Host: m.stripe.network URL: https://m.stripe.network/out-4.5.41.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 44.228.63.192 -, , ASN (), Reverse DNS Software nginx / Resource Hash 63f81b9701cf14158166c2b0458467164021ba06ed5842e0ce7791ca5a61c07e Security Headers Name Value Strict-Transport-Security max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://m.stripe.network/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers date Sun, 06 Feb 2022 02:48:06 GMT x-content-type-options nosniff server nginx strict-transport-security max-age=31556926; includeSubDomains; preload content-type application/json;charset=utf-8 access-control-allow-origin https://m.stripe.network access-control-allow-credentials true access-control-allow-headers Content-Type content-length 156
GET H3	204	sodar pagead2.googlesyndication.com/pagead/ Frame 6A55	0 0	32ms 32ms	Image text/html	2a00:1450:4001:813::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022020101&jk=3874997587255390&rc=null Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.google.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers
GET H3	200	K3QqjkDtpTyrF38W5JrZ5ol4_5B02gVdFCmanKaTR4c.js Show response pagead2.googlesyndication.com/bg/ Frame B730	35 KB 13 KB	6ms 6ms	Script text/javascript	2a00:1450:4001:813::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/bg/K3QqjkDtpTyrF38W5JrZ5ol4_5B02gVdFCmanKaTR4c.js Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 2b742a8e40eda53cab177f16e49ad9e68978ff9074da055d14299a9ca6934787 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://tpc.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sat, 05 Feb 2022 10:16:29 GMT content-encoding br x-content-type-options nosniff age 59496 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 13776 x-xss-protection 0 last-modified Thu, 27 Jan 2022 13:28:00 GMT server sffe cross-origin-opener-policy same-origin; report-to="botguard-scs" vary Accept-Encoding report-to {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]} content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes expires Sun, 05 Feb 2023 10:16:29 GMT
GET H3	204	generate_204 tpc.googlesyndication.com/ Frame B730	0 9 B	7ms 7ms	Image text/plain	2a00:1450:4001:827::2001 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://tpc.googlesyndication.com/generate_204?UHS06Q Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language de-DE,de;q=0.9 Referer https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sun, 06 Feb 2022 02:48:05 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0
GET H2	200	gn secure-sdk.imrworldwide.com/cgi-bin/	44 B 369 B	41ms 41ms	Image image/gif	52.16.69.104 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://secure-sdk.imrworldwide.com/cgi-bin/gn?prd=dcr&ci=au-102695&ch=au-102695_b07_subscribe_S&asn=subscribe&fp_id=&fp_cr_tm=&fp_acc_tm=&fp_emm_tm=&ve_id=&sessionId=qxh9t7vlzy9w1aah5u56nn3sez3ug1644115683&prv=1&c6=vc,b07&ca=NA&c13=asid,PA29B4FFF-94A8-4A65-AA29-3329DFE3AEC3&c32=segA,NA&c33=segB,NA&c34=segC,DSK-OTT-WinPhn-OtherBrowser&c15=apn,&sup=1&segment2=&segment1=&forward=0&plugv=&playerv=&ad=0&cr=V&c9=devid,&enc=true&c1=nuid,xc60xtxa7i49lrasqpt8jawy4s0hs1644115683&at=view&rt=text&c16=sdkv,bj.6.0.0&c27=cln,0&crs=&lat=&lon=&c29=plid,16441156838864422&c30=bldv,6.0.0.615&st=dcr&c7=osgrp,&c8=devgrp,&c10=plt,&c40=adbid,&c14=osver,NA&c26=dmap,1&dd=&hrd=&wkd=&c35=adrsid,&c36=cref1,&c37=cref2,&c11=agg,1&c12=apv,&c51=adl,0&c52=noad,0&pc=NA&c53=fef,n&c54=oad,&c55=cref3,&c57=adldf,2&ai=1644115683721&c3=st,c&c64=starttm,1644115685&adid=1644115683721&c58=isLive,false&c59=sesid,&c61=createtm,1644115684&c63=pipMode,&uoo=&c68=bndlid,&nodeTM=&logTM=&c73=phtype,&c74=dvcnm,&c76=adbsnid,&c44=progen,&davty=0&si=https%3A%2F%2Fwww.news.com.au%2Fsubscribe%2Fnews%2F1%2F%3Fofferset%3Dnw_default%26utm_medium%3DEDM%26int_source%3DEDM%26int_campaign%3DProject_Zero_Apr21%26int_content%3DEDM%26sourceCode%3DNWWEB_EDM0104202114365&c66=mediaurl,&sdd=retry,~~retryreason,~~devmodel,~~devtypid,~~sysname,~~sysversion,~~manuf,&c62=sendTime,1644115684&rnd=439551 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.16.69.104 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-16-69-104.eu-west-1.compute.amazonaws.com Software nginx / Resource Hash 5ecb58845a9ac30e4eb4b18eb0e7431ba1fb195ce035309735efaee67421c7a3 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.news.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Sun, 06 Feb 2022 02:48:05 GMT server nginx access-control-allow-methods POST, OPTIONS p3p P3P policyref="http://secure-sdk.imrworldwide.com/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM" access-control-allow-origin * cache-control no-cache cross-origin-resource-policy cross-origin content-type image/gif content-length 44 expires Thu, 01 Dec 1994 16:00:00 GMT
GET H3	204	gen_204 pagead2.googlesyndication.com/pagead/	0 20 B	42ms 41ms	Image image/gif	2a00:1450:4001:813::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022020101&jk=3874997587255390&bg=!4-Cl4KTNAAYZkRhwGZE7ACkAdvg8WnTnEcX5as7ShSl_4lwy9zmbKxRQzlralUijA2QmGlCQeDRURgIAAABMUgAAAANoAQeZAq5jmjKRxDu11PFl0pj0FL5HDb0fIYcOK3S4BaXIXOKbZGvjciT1v7d8_6w-mpRDD9_ZYURMNcdPGpOiMkFqAOQI9Gf0DfuhwLU28TtP1ovwXMsJ3tgewnYv_UIBU8i9Wjrix6QLt5RP2tsLs9mNrpZ9f568f6E0CmJeHsMp17MdBkNqfzUYaw0NL9OvFeFYOjbSHBi58TeELCsK_GhMPpb4gl-O_04xvudbeQIkhGqHunhvdkyn7iDP91iU7sALuURCUJVYGO6Y4bCcUJhPbArf_AkdxkUcjJWqZY43qfMaBTiOLCayeFEjToZ9z8jWtrtrnb-Ig0Uq-_FuD5OhAQwwsnwCSnJUvNIJiH4v6y60zVe7SDei84YUs1k6TQm73qMAB8zPwKJHFo2ECo35frEm0WIJVkfhvF0luqf3LS9PxkysCUjk2Ch08J0S4v7WSFaIO5TsoXzn9yFkhT6fkQTaptK8Yi3v6A93cp14lshJGPlj_lkzJjX7USqBExraAIYFvzTu3tdrEhVWh3KXl5P9xnlJ7e24NJsPze2l1Eqi94V2J0nPxQoiq6U3S7lVOSAs3QFM2rONLPAf4EEJs9YiXUfdByb-kqaOV0q0MKaotc4IvgLOCu2nbJbx7nBsIvT6EzGKnM9fXWYnru6rP1KAkZ-w0lRdxZMgzBYj-K8FDwLeggg9QLeRuN3nhtZkyizLtubsp1JKHZUnYJuuuYlNKtI2l1kMeZxASkYJG6rItVx-pJrzRPTRSxu7qAagCRxTzUtbFNjT5NI3KTFU0s1dT4I6l4S273JmZB87VNpUK-3gVK689UzfjcwNwHyY9GeRSG9_PPV8k3BKaMtx_qtwZaGCDnTIs61OeyqcmzyYpRucpFFFRJl3cteORPwr35TR3OMu7AtJeUMHcuk2Yw Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.news.com.au/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Sun, 06 Feb 2022 02:48:06 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

login.newscorpaustralia.com

URL

https://login.newscorpaustralia.com/akam/11/ab1de4d

Domain

login.newscorpaustralia.com

URL

https://login.newscorpaustralia.com/Vz6N43/lU/f1/z1e4/0BoaQTOfCrqBE/aQNOwzbc/TXZPMGgAJwM/eygy/dFxoQRo

Domain

login.newscorpaustralia.com

URL

https://login.newscorpaustralia.com/akam/11/ab1de4d

Domain

login.newscorpaustralia.com

URL

https://login.newscorpaustralia.com/Vz6N43/lU/f1/z1e4/0BoaQTOfCrqBE/aQNOwzbc/TXZPMGgAJwM/eygy/dFxoQRo

Domain

commerceapi.news.com.au

URL

https://commerceapi.news.com.au/offersapi/offers/NW_SDO_BNG21AM01