www.heraldsun.com.au Open in urlscan Pro
23.74.8.108 Public Scan

Software

nginx / WordPress VIP <https://wpvip.com>

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
X-Content-Security-Policy	block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;

Request headers

:method: GET
:authority: www.heraldsun.com.au
:scheme: https
:path: /subscribe/news/1/?sourceCode=HSWEB_WRE170_a&dest=https%3A%2F%2Fwww.heraldsun.com.au%2Fleader%2Finner-east%2Fstonnington-council-shut-down-by-international-cyber-attack%2Fnews-story%2F7128450b1bc9d092fbffa1d800e388bc&memtype=anonymous&mode=premium&nk=95a130548d5a3363bce0e49cf0a4525b-1630368255
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: n_regis=123456789; AWSALB=c8asAisH4WJ0/B4Zv8khrLsvT7YKJFpwFHBRzYXj1RPQUGToQd7Zok322MGCUJnLlfgBdM+fM6jRzWmVgHB5J9Tz9mRw2whRwvLdnC0DS4lHX9Ofx5umdWorLhoQ; AWSALBCORS=c8asAisH4WJ0/B4Zv8khrLsvT7YKJFpwFHBRzYXj1RPQUGToQd7Zok322MGCUJnLlfgBdM+fM6jRzWmVgHB5J9Tz9mRw2whRwvLdnC0DS4lHX9Ofx5umdWorLhoQ; anonymous_token={%22entitlements%22:anon}
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

server: nginx
content-type: text/html; charset=UTF-8
x-powered-by: WordPress VIP <https://wpvip.com>
content-security-policy: block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
x-content-security-policy: block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
x-webkit-csp: block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
is-https: true
vary: User-Agent Accept-Encoding
x-opw: 4
x-rq: ewr2 0 2 9980
host-header: a9130478a60e5f9135f765b23f26593b
content-encoding: gzip
cache-control: max-age=1200
expires: Tue, 31 Aug 2021 00:24:16 GMT
date: Tue, 31 Aug 2021 00:04:16 GMT
content-length: 8487

Redirect headers

server: AkamaiGHost
content-length: 154
content-type: text/html
location: https://www.heraldsun.com.au/subscribe/news/1/?sourceCode=HSWEB_WRE170_a&dest=https%3A%2F%2Fwww.heraldsun.com.au%2Fleader%2Finner-east%2Fstonnington-council-shut-down-by-international-cyber-attack%2Fnews-story%2F7128450b1bc9d092fbffa1d800e388bc&memtype=anonymous&mode=premium&nk=95a130548d5a3363bce0e49cf0a4525b-1630368255
set-cookie: nk=95a130548d5a3363bce0e49cf0a4525b; expires=Fri, 30 Aug 2024 00:04:15 GMT; path=/; domain=news.com.au; SameSite=None; Secure;
mime-version: 1.0
p3p: CP="News Ltd does not have a P3P policy. You can view our Privacy Policy at http://www.newscorpaustraliaprivacy.com"
vary: Accept-Encoding
etag: "05563c72b22b39afb384f19701c03047:1600838589.100191"
expires: Tue, 31 Aug 2021 00:04:15 GMT
cache-control: max-age=0, no-cache
pragma: no-cache
date: Tue, 31 Aug 2021 00:04:15 GMT

GET
H2 200 /
dsf.newscorpaustralia.com/heraldsun/_static/ 601 KB
87 KB 139ms
29ms Stylesheet
text/css 2a04:fa87:fffd::c000:4298
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://dsf.newscorpaustralia.com/heraldsun/_static/??-eJyVkM1SwzAMhF8Ix20OBA4Mz6I6IlGRf8ZyBvz2qKZlmsIw6VH2fivt2o9kKDheRhTrROxIUuyBo3s3TIcMuVoplbHzFDoVPNhr4ijW40iAjB5DWQ2JoWI2jBO4ug3Xv+v5b+jnShd9ikF18t+JN6HUvsS8CQjL5ybdHZbrYsusMe8ivletEBdDOXWXeJkoKFUDeHJG5pjMW9ZfCyJYLqWpcfPUGYhr0a6nDGm2TfvLtt24dm1C42bi8Rz6FvKLuZxzxJJAE+x33a4tPz+cmFf/sn/sn5+Gvh+GLzYN8zg=
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/subscribe/news/1/?sourceCode=HSWEB_WRE170_a&dest=https%3A%2F%2Fwww.heraldsun.com.au%2Fleader%2Finner-east%2Fstonnington-council-shut-down-by-international-cyber-attack%2Fnews-story%2F7128450b1bc9d092fbffa1d800e388bc&memtype=anonymous&mode=premium&nk=95a130548d5a3363bce0e49cf0a4525b-1630368255
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffd::c000:4298 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 31 Aug 2021 00:04:17 GMT
content-encoding: gzip
x-rq: vie2 0 2 9980
last-modified: Wed, 25 Aug 2021 06:17:57 GMT
server: nginx
age: 804
vary: Accept-Encoding
x-cache: hit
content-type: text/css;charset=utf-8
cache-control: max-age=300, must-revalidate
accept-ranges: bytes
content-length: 88869

GET
H2 200 utag.sync.js
tags.tiqcdn.com/utag/newsltd/hwt.sops/prod/ 731 B
937 B 507ms
196ms Script
application/x-javascript 184.51.8.191
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/newsltd/hwt.sops/prod/utag.sync.js?ver=5.7.2
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/subscribe/news/1/?sourceCode=HSWEB_WRE170_a&dest=https%3A%2F%2Fwww.heraldsun.com.au%2Fleader%2Finner-east%2Fstonnington-council-shut-down-by-international-cyber-attack%2Fnews-story%2F7128450b1bc9d092fbffa1d800e388bc&memtype=anonymous&mode=premium&nk=95a130548d5a3363bce0e49cf0a4525b-1630368255
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.51.8.191 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-51-8-191.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash

Request headers

Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 31 Aug 2021 00:04:17 GMT
last-modified: Tue, 15 Jun 2021 00:57:31 GMT
server: AkamaiNetStorage
etag: "5f2dc8b8f9f88c73341215233f91d2ce:1623718651.672099"
content-type: application/x-javascript
cache-control: max-age=300
accept-ranges: bytes
content-length: 731
expires: Tue, 31 Aug 2021 00:09:17 GMT

GET
H2 200 rampart.js
www.heraldsun.com.au/remote/identity/rampart/latest/ 270 KB
83 KB 454ms
453ms Script
application/x-javascript 23.74.8.108
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.heraldsun.com.au/remote/identity/rampart/latest/rampart.js?ver=5.7.2

Requested by

Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/subscribe/news/1/?sourceCode=HSWEB_WRE170_a&dest=https%3A%2F%2Fwww.heraldsun.com.au%2Fleader%2Finner-east%2Fstonnington-council-shut-down-by-international-cyber-attack%2Fnews-story%2F7128450b1bc9d092fbffa1d800e388bc&memtype=anonymous&mode=premium&nk=95a130548d5a3363bce0e49cf0a4525b-1630368255

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.74.8.108 Munich, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-89-9-110.deploy.static.akamaitechnologies.com

Software

AkamaiNetStorage /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
X-Content-Security-Policy	block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;

Request headers

:path: /remote/identity/rampart/latest/rampart.js?ver=5.7.2
pragma: no-cache
cookie: n_regis=123456789; AWSALB=c8asAisH4WJ0/B4Zv8khrLsvT7YKJFpwFHBRzYXj1RPQUGToQd7Zok322MGCUJnLlfgBdM+fM6jRzWmVgHB5J9Tz9mRw2whRwvLdnC0DS4lHX9Ofx5umdWorLhoQ; AWSALBCORS=c8asAisH4WJ0/B4Zv8khrLsvT7YKJFpwFHBRzYXj1RPQUGToQd7Zok322MGCUJnLlfgBdM+fM6jRzWmVgHB5J9Tz9mRw2whRwvLdnC0DS4lHX9Ofx5umdWorLhoQ; anonymous_token={%22entitlements%22:anon}
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.heraldsun.com.au
referer: https://www.heraldsun.com.au/subscribe/news/1/?sourceCode=HSWEB_WRE170_a&dest=https%3A%2F%2Fwww.heraldsun.com.au%2Fleader%2Finner-east%2Fstonnington-council-shut-down-by-international-cyber-attack%2Fnews-story%2F7128450b1bc9d092fbffa1d800e388bc&memtype=anonymous&mode=premium&nk=95a130548d5a3363bce0e49cf0a4525b-1630368255
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.heraldsun.com.au/subscribe/news/1/?sourceCode=HSWEB_WRE170_a&dest=https%3A%2F%2Fwww.heraldsun.com.au%2Fleader%2Finner-east%2Fstonnington-council-shut-down-by-international-cyber-attack%2Fnews-story%2F7128450b1bc9d092fbffa1d800e388bc&memtype=anonymous&mode=premium&nk=95a130548d5a3363bce0e49cf0a4525b-1630368255
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy: block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
content-encoding: gzip
x-content-security-policy: block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
server: AkamaiNetStorage
etag: "24f41f77cd06741714294095fec17d16:1627964227.178684"
vary: User-Agent Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=1614
date: Tue, 31 Aug 2021 00:04:17 GMT
is-https: true
x-opw: 4
x-webkit-csp: block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
expires: Tue, 31 Aug 2021 00:31:11 GMT

GET
H2 200 /
dsf.newscorpaustralia.com/heraldsun/_static/ 98 KB
34 KB 122ms
12ms Script
application/javascript 2a04:fa87:fffd::c000:4298
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://dsf.newscorpaustralia.com/heraldsun/_static/??-eJzTLy/QzcxLzilNSS3WzwKiwtLUokoopZebmaeXVayjj0+Rbm5melFiSSpUsX2uraGZkaWhiamZgXEWAK9wIh0=
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/subscribe/news/1/?sourceCode=HSWEB_WRE170_a&dest=https%3A%2F%2Fwww.heraldsun.com.au%2Fleader%2Finner-east%2Fstonnington-council-shut-down-by-international-cyber-attack%2Fnews-story%2F7128450b1bc9d092fbffa1d800e388bc&memtype=anonymous&mode=premium&nk=95a130548d5a3363bce0e49cf0a4525b-1630368255
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffd::c000:4298 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 31 Aug 2021 00:04:17 GMT
content-encoding: gzip
x-rq: vie2 0 2 9980
last-modified: Mon, 16 Aug 2021 20:26:43 GMT
server: nginx
age: 804
vary: Accept-Encoding
x-cache: hit
content-type: application/javascript
cache-control: max-age=300, must-revalidate
accept-ranges: bytes
content-length: 34537

GET
H2 200 loader.js
subscriptions.heraldsun.com.au/loader/ 251 KB
77 KB 577ms
156ms Script
text/javascript 104.89.9.110
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://subscriptions.heraldsun.com.au/loader/loader.js
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/subscribe/news/1/?sourceCode=HSWEB_WRE170_a&dest=https%3A%2F%2Fwww.heraldsun.com.au%2Fleader%2Finner-east%2Fstonnington-council-shut-down-by-international-cyber-attack%2Fnews-story%2F7128450b1bc9d092fbffa1d800e388bc&memtype=anonymous&mode=premium&nk=95a130548d5a3363bce0e49cf0a4525b-1630368255
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.89.9.110 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-89-9-110.deploy.static.akamaitechnologies.com
Software: /
Resource Hash

Request headers

Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 31 Aug 2021 00:04:17 GMT
content-encoding: gzip
last-modified: Thu, 05 Aug 2021 07:34:11 GMT
x-amz-cf-pop: FRA56-C1
etag: "7b4ad5b5e9a90cb71935ef7181b123b0"
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=496959
accept-ranges: bytes
x-amz-cf-id: cZvRHb32YjWMvjtAmfETIh9riJsomi3r1Y9XsY3G1c8T_5Xe1s-y3A==

GET
H2 200 /
dsf.newscorpaustralia.com/heraldsun/_static/ 51 KB
15 KB 141ms
33ms Script
application/javascript 2a04:fa87:fffd::c000:4298
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://dsf.newscorpaustralia.com/heraldsun/_static/??/wp-content/plugins/dynamic-shop-front/assets/dist/js/dsf-front.build.js,/wp-content/themes/dynamic-shopfront/js/navigation.js?m=1629872278j
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/subscribe/news/1/?sourceCode=HSWEB_WRE170_a&dest=https%3A%2F%2Fwww.heraldsun.com.au%2Fleader%2Finner-east%2Fstonnington-council-shut-down-by-international-cyber-attack%2Fnews-story%2F7128450b1bc9d092fbffa1d800e388bc&memtype=anonymous&mode=premium&nk=95a130548d5a3363bce0e49cf0a4525b-1630368255
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffd::c000:4298 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 31 Aug 2021 00:04:17 GMT
content-encoding: gzip
x-rq: vie2 0 2 9980
last-modified: Wed, 25 Aug 2021 06:17:58 GMT
server: nginx
age: 804
vary: Accept-Encoding
x-cache: hit
content-type: application/javascript
cache-control: max-age=300, must-revalidate
accept-ranges: bytes
content-length: 14884

GET
H2 200 e-202135.js
stats.wp.com/ 9 KB
3 KB 406ms
138ms Script
application/javascript 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.wp.com/e-202135.js
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/subscribe/news/1/?sourceCode=HSWEB_WRE170_a&dest=https%3A%2F%2Fwww.heraldsun.com.au%2Fleader%2Finner-east%2Fstonnington-council-shut-down-by-international-cyber-attack%2Fnews-story%2F7128450b1bc9d092fbffa1d800e388bc&memtype=anonymous&mode=premium&nk=95a130548d5a3363bce0e49cf0a4525b-1630368255
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-nc: HIT ams
date: Tue, 31 Aug 2021 00:04:17 GMT
content-encoding: gzip
server: nginx
etag: W/"5c6340e3-350a"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
expires: Sun, 21 Aug 2022 22:14:17 GMT

GET
H2 200 icon-faq-plus.png
dsf.newscorpaustralia.com/wp-content/plugins/dynamic-shop-front/assets/common/images/ 466 B
608 B 13ms
12ms Image
image/png 2a04:fa87:fffd::c000:4298
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsf.newscorpaustralia.com/wp-content/plugins/dynamic-shop-front/assets/common/images/icon-faq-plus.png
Requested by: Host: dsf.newscorpaustralia.com
URL: https://dsf.newscorpaustralia.com/heraldsun/_static/??-eJyVkM1SwzAMhF8Ix20OBA4Mz6I6IlGRf8ZyBvz2qKZlmsIw6VH2fivt2o9kKDheRhTrROxIUuyBo3s3TIcMuVoplbHzFDoVPNhr4ijW40iAjB5DWQ2JoWI2jBO4ug3Xv+v5b+jnShd9ikF18t+JN6HUvsS8CQjL5ybdHZbrYsusMe8ivletEBdDOXWXeJkoKFUDeHJG5pjMW9ZfCyJYLqWpcfPUGYhr0a6nDGm2TfvLtt24dm1C42bi8Rz6FvKLuZxzxJJAE+x33a4tPz+cmFf/sn/sn5+Gvh+GLzYN8zg=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffd::c000:4298 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://dsf.newscorpaustralia.com/heraldsun/_static/??-eJyVkM1SwzAMhF8Ix20OBA4Mz6I6IlGRf8ZyBvz2qKZlmsIw6VH2fivt2o9kKDheRhTrROxIUuyBo3s3TIcMuVoplbHzFDoVPNhr4ijW40iAjB5DWQ2JoWI2jBO4ug3Xv+v5b+jnShd9ikF18t+JN6HUvsS8CQjL5ybdHZbrYsusMe8ivletEBdDOXWXeJkoKFUDeHJG5pjMW9ZfCyJYLqWpcfPUGYhr0a6nDGm2TfvLtt24dm1C42bi8Rz6FvKLuZxzxJJAE+x33a4tPz+cmFf/sn/sn5+Gvh+GLzYN8zg=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 31 Aug 2021 00:04:17 GMT
x-rq: vie2 177 253 80
last-modified: Mon, 14 Jun 2021 12:09:20 GMT
server: nginx
age: 6608179
etag: "60c746f0-1d2"
x-cache: hit
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 466
expires: Wed, 31 Aug 2022 00:04:17 GMT

GET
H2 200 SourceSansPro-Regular.woff2
dsf.newscorpaustralia.com/wp-content/plugins/dynamic-shop-front/assets/common/fonts/ 83 KB
83 KB 220ms
193ms Font
font/woff2 2a04:fa87:fffd::c000:4298
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://dsf.newscorpaustralia.com/wp-content/plugins/dynamic-shop-front/assets/common/fonts/SourceSansPro-Regular.woff2
Requested by: Host: dsf.newscorpaustralia.com
URL: https://dsf.newscorpaustralia.com/heraldsun/_static/??-eJyVkM1SwzAMhF8Ix20OBA4Mz6I6IlGRf8ZyBvz2qKZlmsIw6VH2fivt2o9kKDheRhTrROxIUuyBo3s3TIcMuVoplbHzFDoVPNhr4ijW40iAjB5DWQ2JoWI2jBO4ug3Xv+v5b+jnShd9ikF18t+JN6HUvsS8CQjL5ybdHZbrYsusMe8ivletEBdDOXWXeJkoKFUDeHJG5pjMW9ZfCyJYLqWpcfPUGYhr0a6nDGm2TfvLtt24dm1C42bi8Rz6FvKLuZxzxJJAE+x33a4tPz+cmFf/sn/sn5+Gvh+GLzYN8zg=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffd::c000:4298 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Origin: https://www.heraldsun.com.au
Referer: https://dsf.newscorpaustralia.com/heraldsun/_static/??-eJyVkM1SwzAMhF8Ix20OBA4Mz6I6IlGRf8ZyBvz2qKZlmsIw6VH2fivt2o9kKDheRhTrROxIUuyBo3s3TIcMuVoplbHzFDoVPNhr4ijW40iAjB5DWQ2JoWI2jBO4ug3Xv+v5b+jnShd9ikF18t+JN6HUvsS8CQjL5ybdHZbrYsusMe8ivletEBdDOXWXeJkoKFUDeHJG5pjMW9ZfCyJYLqWpcfPUGYhr0a6nDGm2TfvLtt24dm1C42bi8Rz6FvKLuZxzxJJAE+x33a4tPz+cmFf/sn/sn5+Gvh+GLzYN8zg=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 31 Aug 2021 00:04:17 GMT
x-rq: vie2 0 2 9980
last-modified: Mon, 23 Aug 2021 00:46:17 GMT
server: nginx
age: 0
etag: "6122efd9-14aec"
vary: X-Mobile-Class, Accept-Encoding
x-cache: miss
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-methods: GET, HEAD
accept-ranges: bytes
content-length: 84716
expires: Wed, 31 Aug 2022 00:04:17 GMT

GET
H2 200 SourceSansPro-SemiBold.woff2
dsf.newscorpaustralia.com/wp-content/plugins/dynamic-shop-front/assets/common/fonts/ 82 KB
82 KB 234ms
208ms Font
font/woff2 2a04:fa87:fffd::c000:4298
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://dsf.newscorpaustralia.com/wp-content/plugins/dynamic-shop-front/assets/common/fonts/SourceSansPro-SemiBold.woff2
Requested by: Host: dsf.newscorpaustralia.com
URL: https://dsf.newscorpaustralia.com/heraldsun/_static/??-eJyVkM1SwzAMhF8Ix20OBA4Mz6I6IlGRf8ZyBvz2qKZlmsIw6VH2fivt2o9kKDheRhTrROxIUuyBo3s3TIcMuVoplbHzFDoVPNhr4ijW40iAjB5DWQ2JoWI2jBO4ug3Xv+v5b+jnShd9ikF18t+JN6HUvsS8CQjL5ybdHZbrYsusMe8ivletEBdDOXWXeJkoKFUDeHJG5pjMW9ZfCyJYLqWpcfPUGYhr0a6nDGm2TfvLtt24dm1C42bi8Rz6FvKLuZxzxJJAE+x33a4tPz+cmFf/sn/sn5+Gvh+GLzYN8zg=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffd::c000:4298 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Origin: https://www.heraldsun.com.au
Referer: https://dsf.newscorpaustralia.com/heraldsun/_static/??-eJyVkM1SwzAMhF8Ix20OBA4Mz6I6IlGRf8ZyBvz2qKZlmsIw6VH2fivt2o9kKDheRhTrROxIUuyBo3s3TIcMuVoplbHzFDoVPNhr4ijW40iAjB5DWQ2JoWI2jBO4ug3Xv+v5b+jnShd9ikF18t+JN6HUvsS8CQjL5ybdHZbrYsusMe8ivletEBdDOXWXeJkoKFUDeHJG5pjMW9ZfCyJYLqWpcfPUGYhr0a6nDGm2TfvLtt24dm1C42bi8Rz6FvKLuZxzxJJAE+x33a4tPz+cmFf/sn/sn5+Gvh+GLzYN8zg=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 31 Aug 2021 00:04:17 GMT
x-rq: vie2 0 2 9980
last-modified: Mon, 23 Aug 2021 00:46:17 GMT
server: nginx
age: 0
etag: "6122efd9-14808"
vary: X-Mobile-Class, Accept-Encoding
x-cache: miss
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-methods: GET, HEAD
accept-ranges: bytes
content-length: 83976
expires: Wed, 31 Aug 2022 00:04:17 GMT

GET
H2 200 charter_bold-webfont.woff
dsf.newscorpaustralia.com/wp-content/plugins/dynamic-shop-front/assets/common/fonts/ 28 KB
28 KB 234ms
208ms Font
font/woff 2a04:fa87:fffd::c000:4298
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://dsf.newscorpaustralia.com/wp-content/plugins/dynamic-shop-front/assets/common/fonts/charter_bold-webfont.woff
Requested by: Host: dsf.newscorpaustralia.com
URL: https://dsf.newscorpaustralia.com/heraldsun/_static/??-eJyVkM1SwzAMhF8Ix20OBA4Mz6I6IlGRf8ZyBvz2qKZlmsIw6VH2fivt2o9kKDheRhTrROxIUuyBo3s3TIcMuVoplbHzFDoVPNhr4ijW40iAjB5DWQ2JoWI2jBO4ug3Xv+v5b+jnShd9ikF18t+JN6HUvsS8CQjL5ybdHZbrYsusMe8ivletEBdDOXWXeJkoKFUDeHJG5pjMW9ZfCyJYLqWpcfPUGYhr0a6nDGm2TfvLtt24dm1C42bi8Rz6FvKLuZxzxJJAE+x33a4tPz+cmFf/sn/sn5+Gvh+GLzYN8zg=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffd::c000:4298 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Origin: https://www.heraldsun.com.au
Referer: https://dsf.newscorpaustralia.com/heraldsun/_static/??-eJyVkM1SwzAMhF8Ix20OBA4Mz6I6IlGRf8ZyBvz2qKZlmsIw6VH2fivt2o9kKDheRhTrROxIUuyBo3s3TIcMuVoplbHzFDoVPNhr4ijW40iAjB5DWQ2JoWI2jBO4ug3Xv+v5b+jnShd9ikF18t+JN6HUvsS8CQjL5ybdHZbrYsusMe8ivletEBdDOXWXeJkoKFUDeHJG5pjMW9ZfCyJYLqWpcfPUGYhr0a6nDGm2TfvLtt24dm1C42bi8Rz6FvKLuZxzxJJAE+x33a4tPz+cmFf/sn/sn5+Gvh+GLzYN8zg=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 31 Aug 2021 00:04:17 GMT
x-rq: vie2 0 2 9980
last-modified: Mon, 23 Aug 2021 00:46:17 GMT
server: nginx
age: 0
etag: "6122efd9-6f0c"
vary: X-Mobile-Class, Accept-Encoding
x-cache: miss
content-type: font/woff
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-methods: GET, HEAD
accept-ranges: bytes
content-length: 28428
expires: Wed, 31 Aug 2022 00:04:17 GMT

GET
H2 200 charter_italic-webfont.woff
dsf.newscorpaustralia.com/wp-content/plugins/dynamic-shop-front/assets/common/fonts/ 29 KB
29 KB 234ms
208ms Font
font/woff 2a04:fa87:fffd::c000:4298
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://dsf.newscorpaustralia.com/wp-content/plugins/dynamic-shop-front/assets/common/fonts/charter_italic-webfont.woff
Requested by: Host: dsf.newscorpaustralia.com
URL: https://dsf.newscorpaustralia.com/heraldsun/_static/??-eJyVkM1SwzAMhF8Ix20OBA4Mz6I6IlGRf8ZyBvz2qKZlmsIw6VH2fivt2o9kKDheRhTrROxIUuyBo3s3TIcMuVoplbHzFDoVPNhr4ijW40iAjB5DWQ2JoWI2jBO4ug3Xv+v5b+jnShd9ikF18t+JN6HUvsS8CQjL5ybdHZbrYsusMe8ivletEBdDOXWXeJkoKFUDeHJG5pjMW9ZfCyJYLqWpcfPUGYhr0a6nDGm2TfvLtt24dm1C42bi8Rz6FvKLuZxzxJJAE+x33a4tPz+cmFf/sn/sn5+Gvh+GLzYN8zg=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffd::c000:4298 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Origin: https://www.heraldsun.com.au
Referer: https://dsf.newscorpaustralia.com/heraldsun/_static/??-eJyVkM1SwzAMhF8Ix20OBA4Mz6I6IlGRf8ZyBvz2qKZlmsIw6VH2fivt2o9kKDheRhTrROxIUuyBo3s3TIcMuVoplbHzFDoVPNhr4ijW40iAjB5DWQ2JoWI2jBO4ug3Xv+v5b+jnShd9ikF18t+JN6HUvsS8CQjL5ybdHZbrYsusMe8ivletEBdDOXWXeJkoKFUDeHJG5pjMW9ZfCyJYLqWpcfPUGYhr0a6nDGm2TfvLtt24dm1C42bi8Rz6FvKLuZxzxJJAE+x33a4tPz+cmFf/sn/sn5+Gvh+GLzYN8zg=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 31 Aug 2021 00:04:17 GMT
x-rq: vie2 0 2 9980
last-modified: Mon, 23 Aug 2021 00:46:17 GMT
server: nginx
age: 0
etag: "6122efd9-72d4"
vary: X-Mobile-Class, Accept-Encoding
x-cache: miss
content-type: font/woff
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-methods: GET, HEAD
accept-ranges: bytes
content-length: 29396
expires: Wed, 31 Aug 2022 00:04:17 GMT

GET
H2 200 SourceSansPro-Italic.woff2
dsf.newscorpaustralia.com/wp-content/plugins/dynamic-shop-front/assets/common/fonts/ 35 KB
35 KB 216ms
190ms Font
font/woff2 2a04:fa87:fffd::c000:4298
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://dsf.newscorpaustralia.com/wp-content/plugins/dynamic-shop-front/assets/common/fonts/SourceSansPro-Italic.woff2
Requested by: Host: dsf.newscorpaustralia.com
URL: https://dsf.newscorpaustralia.com/heraldsun/_static/??-eJyVkM1SwzAMhF8Ix20OBA4Mz6I6IlGRf8ZyBvz2qKZlmsIw6VH2fivt2o9kKDheRhTrROxIUuyBo3s3TIcMuVoplbHzFDoVPNhr4ijW40iAjB5DWQ2JoWI2jBO4ug3Xv+v5b+jnShd9ikF18t+JN6HUvsS8CQjL5ybdHZbrYsusMe8ivletEBdDOXWXeJkoKFUDeHJG5pjMW9ZfCyJYLqWpcfPUGYhr0a6nDGm2TfvLtt24dm1C42bi8Rz6FvKLuZxzxJJAE+x33a4tPz+cmFf/sn/sn5+Gvh+GLzYN8zg=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffd::c000:4298 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Origin: https://www.heraldsun.com.au
Referer: https://dsf.newscorpaustralia.com/heraldsun/_static/??-eJyVkM1SwzAMhF8Ix20OBA4Mz6I6IlGRf8ZyBvz2qKZlmsIw6VH2fivt2o9kKDheRhTrROxIUuyBo3s3TIcMuVoplbHzFDoVPNhr4ijW40iAjB5DWQ2JoWI2jBO4ug3Xv+v5b+jnShd9ikF18t+JN6HUvsS8CQjL5ybdHZbrYsusMe8ivletEBdDOXWXeJkoKFUDeHJG5pjMW9ZfCyJYLqWpcfPUGYhr0a6nDGm2TfvLtt24dm1C42bi8Rz6FvKLuZxzxJJAE+x33a4tPz+cmFf/sn/sn5+Gvh+GLzYN8zg=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 31 Aug 2021 00:04:17 GMT
x-rq: vie2 0 2 9980
last-modified: Mon, 23 Aug 2021 00:46:17 GMT
server: nginx
age: 0
etag: "6122efd9-8aa8"
vary: X-Mobile-Class, Accept-Encoding
x-cache: miss
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-methods: GET, HEAD
accept-ranges: bytes
content-length: 35496
expires: Wed, 31 Aug 2022 00:04:17 GMT

GET
H2 200 charter_regular-webfont.woff
dsf.newscorpaustralia.com/wp-content/plugins/dynamic-shop-front/assets/common/fonts/ 27 KB
27 KB 234ms
208ms Font
font/woff 2a04:fa87:fffd::c000:4298
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://dsf.newscorpaustralia.com/wp-content/plugins/dynamic-shop-front/assets/common/fonts/charter_regular-webfont.woff
Requested by: Host: dsf.newscorpaustralia.com
URL: https://dsf.newscorpaustralia.com/heraldsun/_static/??-eJyVkM1SwzAMhF8Ix20OBA4Mz6I6IlGRf8ZyBvz2qKZlmsIw6VH2fivt2o9kKDheRhTrROxIUuyBo3s3TIcMuVoplbHzFDoVPNhr4ijW40iAjB5DWQ2JoWI2jBO4ug3Xv+v5b+jnShd9ikF18t+JN6HUvsS8CQjL5ybdHZbrYsusMe8ivletEBdDOXWXeJkoKFUDeHJG5pjMW9ZfCyJYLqWpcfPUGYhr0a6nDGm2TfvLtt24dm1C42bi8Rz6FvKLuZxzxJJAE+x33a4tPz+cmFf/sn/sn5+Gvh+GLzYN8zg=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffd::c000:4298 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Origin: https://www.heraldsun.com.au
Referer: https://dsf.newscorpaustralia.com/heraldsun/_static/??-eJyVkM1SwzAMhF8Ix20OBA4Mz6I6IlGRf8ZyBvz2qKZlmsIw6VH2fivt2o9kKDheRhTrROxIUuyBo3s3TIcMuVoplbHzFDoVPNhr4ijW40iAjB5DWQ2JoWI2jBO4ug3Xv+v5b+jnShd9ikF18t+JN6HUvsS8CQjL5ybdHZbrYsusMe8ivletEBdDOXWXeJkoKFUDeHJG5pjMW9ZfCyJYLqWpcfPUGYhr0a6nDGm2TfvLtt24dm1C42bi8Rz6FvKLuZxzxJJAE+x33a4tPz+cmFf/sn/sn5+Gvh+GLzYN8zg=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 31 Aug 2021 00:04:17 GMT
x-rq: vie2 0 2 9980
last-modified: Mon, 23 Aug 2021 00:46:17 GMT
server: nginx
age: 0
etag: "6122efd9-6d00"
vary: X-Mobile-Class, Accept-Encoding
x-cache: miss
content-type: font/woff
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-methods: GET, HEAD
accept-ranges: bytes
content-length: 27904
expires: Wed, 31 Aug 2022 00:04:17 GMT

GET
H2 200 we-are-for-you.svg
dsf.newscorpaustralia.com/wp-content/plugins/dynamic-shop-front/assets/common/images/ 4 KB
2 KB 192ms
188ms Image
image/svg+xml 2a04:fa87:fffd::c000:4298
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsf.newscorpaustralia.com/wp-content/plugins/dynamic-shop-front/assets/common/images/we-are-for-you.svg
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/subscribe/news/1/?sourceCode=HSWEB_WRE170_a&dest=https%3A%2F%2Fwww.heraldsun.com.au%2Fleader%2Finner-east%2Fstonnington-council-shut-down-by-international-cyber-attack%2Fnews-story%2F7128450b1bc9d092fbffa1d800e388bc&memtype=anonymous&mode=premium&nk=95a130548d5a3363bce0e49cf0a4525b-1630368255
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffd::c000:4298 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 31 Aug 2021 00:04:17 GMT
content-encoding: gzip
x-rq: vie2 0 2 9980
last-modified: Mon, 23 Aug 2021 00:46:17 GMT
server: nginx
age: 0
etag: "6122efd9-1177"
vary: X-Mobile-Class, Accept-Encoding
x-cache: miss
content-type: image/svg+xml
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 1934
expires: Wed, 31 Aug 2022 00:04:17 GMT

GET
H2 200 logo.svg
dsf.newscorpaustralia.com/heraldsun/wp-content/plugins/dynamic-shop-front/assets/mastheads/identity/images/heraldsun/ 3 KB
1 KB 194ms
190ms Image
image/svg+xml 2a04:fa87:fffd::c000:4298
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsf.newscorpaustralia.com/heraldsun/wp-content/plugins/dynamic-shop-front/assets/mastheads/identity/images/heraldsun/logo.svg
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/subscribe/news/1/?sourceCode=HSWEB_WRE170_a&dest=https%3A%2F%2Fwww.heraldsun.com.au%2Fleader%2Finner-east%2Fstonnington-council-shut-down-by-international-cyber-attack%2Fnews-story%2F7128450b1bc9d092fbffa1d800e388bc&memtype=anonymous&mode=premium&nk=95a130548d5a3363bce0e49cf0a4525b-1630368255
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffd::c000:4298 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 31 Aug 2021 00:04:17 GMT
content-encoding: gzip
x-rq: vie2 0 2 9980
last-modified: Wed, 25 Aug 2021 06:17:58 GMT
server: nginx
age: 0
etag: "6125e096-d3b"
vary: X-Mobile-Class, Accept-Encoding
x-cache: miss
content-type: image/svg+xml
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 1434
expires: Wed, 31 Aug 2022 00:04:17 GMT

GET
H2 200 avatar.svg
dsf.newscorpaustralia.com/wp-content/plugins/dynamic-shop-front/assets/common/images/ 264 B
321 B 193ms
189ms Image
image/svg+xml 2a04:fa87:fffd::c000:4298
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsf.newscorpaustralia.com/wp-content/plugins/dynamic-shop-front/assets/common/images/avatar.svg
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/subscribe/news/1/?sourceCode=HSWEB_WRE170_a&dest=https%3A%2F%2Fwww.heraldsun.com.au%2Fleader%2Finner-east%2Fstonnington-council-shut-down-by-international-cyber-attack%2Fnews-story%2F7128450b1bc9d092fbffa1d800e388bc&memtype=anonymous&mode=premium&nk=95a130548d5a3363bce0e49cf0a4525b-1630368255
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffd::c000:4298 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 31 Aug 2021 00:04:17 GMT
x-rq: vie2 0 2 9980
last-modified: Mon, 23 Aug 2021 00:46:17 GMT
server: nginx
age: 0
etag: "6122efd9-108"
vary: X-Mobile-Class, Accept-Encoding
x-cache: miss
content-type: image/svg+xml
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 264
expires: Wed, 31 Aug 2022 00:04:17 GMT

GET
H2 200 1911f26f04ec39c72ca27a9d77b35fba
cdn.newsapi.com.au/image/v1/ 96 KB
96 KB 248ms
215ms Image
image/webp 23.74.8.108
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.newsapi.com.au/image/v1/1911f26f04ec39c72ca27a9d77b35fba
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/subscribe/news/1/?sourceCode=HSWEB_WRE170_a&dest=https%3A%2F%2Fwww.heraldsun.com.au%2Fleader%2Finner-east%2Fstonnington-council-shut-down-by-international-cyber-attack%2Fnews-story%2F7128450b1bc9d092fbffa1d800e388bc&memtype=anonymous&mode=premium&nk=95a130548d5a3363bce0e49cf0a4525b-1630368255
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.74.8.108 Munich, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-74-8-108.deploy.static.akamaitechnologies.com
Software: Akamai Image Manager /
Resource Hash

Request headers

Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 31 Aug 2021 00:04:17 GMT
last-modified: Mon, 30 Aug 2021 01:38:39 GMT
server: Akamai Image Manager
etag: e1ffd216a6633fb445aa38d952930d0d-1911f26f04ec39c72ca27a9d77b35fba-0
access-control-allow-methods: POST, GET, DELETE, PUT, PATCH, OPTIONS
content-type: image/webp
x-hobit: 2B
cache-control: private, no-transform, max-age=604800
access-control-allow-headers: x-newsapi-api-key
content-length: 98050
expires: Tue, 07 Sep 2021 00:04:17 GMT

GET
H2 200 Masthead-Digital.png
dsf.newscorpaustralia.com/heraldsun/wp-content/uploads/sites/67/2021/05/ 1 KB
1 KB 15ms
12ms Image
image/webp 2a04:fa87:fffd::c000:4298
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsf.newscorpaustralia.com/heraldsun/wp-content/uploads/sites/67/2021/05/Masthead-Digital.png?w=251
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/subscribe/news/1/?sourceCode=HSWEB_WRE170_a&dest=https%3A%2F%2Fwww.heraldsun.com.au%2Fleader%2Finner-east%2Fstonnington-council-shut-down-by-international-cyber-attack%2Fnews-story%2F7128450b1bc9d092fbffa1d800e388bc&memtype=anonymous&mode=premium&nk=95a130548d5a3363bce0e49cf0a4525b-1630368255
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffd::c000:4298 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 31 Aug 2021 00:04:17 GMT
x-rq: vie2 109 88 443
last-modified: Thu, 08 Jul 2021 01:14:35 GMT
server: nginx
etag: "1c29e2711eb8c298"
vary: Accept
x-cache: HIT
content-type: image/webp
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 1348
expires: Fri, 08 Jul 2022 01:14:35 GMT

GET
H2 200 icon-premium.png
dsf.newscorpaustralia.com/central/wp-content/uploads/sites/8/2021/05/ 544 B
653 B 16ms
13ms Image
image/webp 2a04:fa87:fffd::c000:4298
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsf.newscorpaustralia.com/central/wp-content/uploads/sites/8/2021/05/icon-premium.png?w=22
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/subscribe/news/1/?sourceCode=HSWEB_WRE170_a&dest=https%3A%2F%2Fwww.heraldsun.com.au%2Fleader%2Finner-east%2Fstonnington-council-shut-down-by-international-cyber-attack%2Fnews-story%2F7128450b1bc9d092fbffa1d800e388bc&memtype=anonymous&mode=premium&nk=95a130548d5a3363bce0e49cf0a4525b-1630368255
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffd::c000:4298 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 31 Aug 2021 00:04:17 GMT
x-rq: vie2 109 84 443
last-modified: Tue, 15 Jun 2021 12:27:57 GMT
server: nginx
etag: "5422573e6d8206df"
vary: Accept
x-cache: HIT
content-type: image/webp
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 544
expires: Wed, 15 Jun 2022 12:27:57 GMT

GET
H2 200 Masthead-Digital.png
dsf.newscorpaustralia.com/heraldsun/wp-content/uploads/sites/67/2021/05/ 2 KB
2 KB 16ms
13ms Image
image/png 2a04:fa87:fffd::c000:4298
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsf.newscorpaustralia.com/heraldsun/wp-content/uploads/sites/67/2021/05/Masthead-Digital.png
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/subscribe/news/1/?sourceCode=HSWEB_WRE170_a&dest=https%3A%2F%2Fwww.heraldsun.com.au%2Fleader%2Finner-east%2Fstonnington-council-shut-down-by-international-cyber-attack%2Fnews-story%2F7128450b1bc9d092fbffa1d800e388bc&memtype=anonymous&mode=premium&nk=95a130548d5a3363bce0e49cf0a4525b-1630368255
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffd::c000:4298 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 31 Aug 2021 00:04:17 GMT
x-rq: vie2 109 88 443
last-modified: Thu, 27 May 2021 01:03:07 GMT
server: nginx
etag: "bcb87106b77e4a8a"
x-cache: HIT
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 2109
expires: Fri, 08 Jul 2022 01:14:35 GMT

GET
H2 200 Masthead-Weekend-Bundle.png
dsf.newscorpaustralia.com/heraldsun/wp-content/uploads/sites/67/2021/05/ 5 KB
6 KB 15ms
13ms Image
image/png 2a04:fa87:fffd::c000:4298
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsf.newscorpaustralia.com/heraldsun/wp-content/uploads/sites/67/2021/05/Masthead-Weekend-Bundle.png
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/subscribe/news/1/?sourceCode=HSWEB_WRE170_a&dest=https%3A%2F%2Fwww.heraldsun.com.au%2Fleader%2Finner-east%2Fstonnington-council-shut-down-by-international-cyber-attack%2Fnews-story%2F7128450b1bc9d092fbffa1d800e388bc&memtype=anonymous&mode=premium&nk=95a130548d5a3363bce0e49cf0a4525b-1630368255
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffd::c000:4298 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 31 Aug 2021 00:04:17 GMT
x-rq: vie2 109 144 443
last-modified: Thu, 27 May 2021 01:03:36 GMT
server: nginx
etag: "3234bdda05ebf899"
x-cache: HIT
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 5615
expires: Fri, 08 Jul 2022 01:14:35 GMT

GET
H2 200 icon-phone.png
dsf.newscorpaustralia.com/wp-content/plugins/dynamic-shop-front/assets/common/images/ 337 B
400 B 15ms
14ms Image
image/png 2a04:fa87:fffd::c000:4298
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsf.newscorpaustralia.com/wp-content/plugins/dynamic-shop-front/assets/common/images/icon-phone.png
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/subscribe/news/1/?sourceCode=HSWEB_WRE170_a&dest=https%3A%2F%2Fwww.heraldsun.com.au%2Fleader%2Finner-east%2Fstonnington-council-shut-down-by-international-cyber-attack%2Fnews-story%2F7128450b1bc9d092fbffa1d800e388bc&memtype=anonymous&mode=premium&nk=95a130548d5a3363bce0e49cf0a4525b-1630368255
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffd::c000:4298 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 31 Aug 2021 00:04:17 GMT
x-rq: vie2 177 253 80
last-modified: Mon, 14 Jun 2021 12:09:20 GMT
server: nginx
age: 6607895
etag: "60c746f0-151"
x-cache: hit
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 337
expires: Wed, 31 Aug 2022 00:04:17 GMT

GET SourceSansPro.css
prod.subscriptions.news.com.au/media/fonts/SourceSansPro/ 0
0

GET Charter.css
prod.subscriptions.news.com.au/media/fonts/Charter/ 0
0

GET
H2 200 adobe_visitor.js
tags.news.com.au/prod/visitor/ 60 KB
20 KB 157ms
156ms Script
application/x-javascript 2.21.141.166
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.news.com.au/prod/visitor/adobe_visitor.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/newsltd/hwt.sops/prod/utag.sync.js?ver=5.7.2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.21.141.166 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-141-166.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash

Request headers

Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 31 Aug 2021 00:04:18 GMT
content-encoding: gzip
server: AkamaiNetStorage
etag: "762b36524699d0c801c527b6e71f35e4:1593471758.804374"
vary: Accept-Encoding
p3p: CP="News Ltd does not have a P3P policy. You can view our Privacy Policy at http://www.newscorpaustraliaprivacy.com"
cache-control: max-age=69202
content-type: application/x-javascript
content-length: 19871

GET
H2 200 g.gif
pixel.wp.com/ 50 B
115 B 139ms
138ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=ext&j=1%3A10.0&blog=187954703&post=5&tz=10&srv=dsf.newscorpaustralia.com&host=www.heraldsun.com.au&ref=&fcp=6050&rand=0.8617220004437018
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/subscribe/news/1/?sourceCode=HSWEB_WRE170_a&dest=https%3A%2F%2Fwww.heraldsun.com.au%2Fleader%2Finner-east%2Fstonnington-council-shut-down-by-international-cyber-attack%2Fnews-story%2F7128450b1bc9d092fbffa1d800e388bc&memtype=anonymous&mode=premium&nk=95a130548d5a3363bce0e49cf0a4525b-1630368255
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 31 Aug 2021 00:04:18 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H2 200 authorize
login.newscorpaustralia.com/ Frame 0DFE 2 KB
3 KB 545ms
500ms Document
text/html 104.89.9.110
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://login.newscorpaustralia.com/authorize?client_id=AnudjFSZnp48OLKBaaB382z4LHeAfIS5&response_type=token%20id_token&scope=openid%20profile&audience=newscorpaustralia&redirect_uri=https%3A%2F%2Fwww.heraldsun.com.au%2Fremote%2Fidentity%2Fauth%2Flatest%2Flogin%2Fcallback.html&state=jCJSIEk.yp8NUYQcHrbNGa_9Eu9BD_~b&nonce=MQC_rOB4Y-e0cuju9OfYnjv3fAJUmhyD&response_mode=web_message&prompt=none&auth0Client=eyJuYW1lIjoiYXV0aDAuanMiLCJ2ZXJzaW9uIjoiOS4xNi4yIn0%3D

Requested by

Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/remote/identity/rampart/latest/rampart.js?ver=5.7.2

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.89.9.110 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

:method: GET
:authority: login.newscorpaustralia.com
:scheme: https
:path: /authorize?client_id=AnudjFSZnp48OLKBaaB382z4LHeAfIS5&response_type=token%20id_token&scope=openid%20profile&audience=newscorpaustralia&redirect_uri=https%3A%2F%2Fwww.heraldsun.com.au%2Fremote%2Fidentity%2Fauth%2Flatest%2Flogin%2Fcallback.html&state=jCJSIEk.yp8NUYQcHrbNGa_9Eu9BD_~b&nonce=MQC_rOB4Y-e0cuju9OfYnjv3fAJUmhyD&response_mode=web_message&prompt=none&auth0Client=eyJuYW1lIjoiYXV0aDAuanMiLCJ2ZXJzaW9uIjoiOS4xNi4yIn0%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.heraldsun.com.au/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.heraldsun.com.au/

Response headers

content-type: text/html;charset=UTF-8
cf-ray: 6872002f9df64a9d-FRA
strict-transport-security: max-age=31536000
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
ot-baggage-auth0-request-id: 6872002f9df64a9d
ot-tracer-sampled: true
ot-tracer-spanid: 0a88520a51fe190c
ot-tracer-traceid: 2d66af9122b8191e
x-auth0-requestid: e6aa92e9d502bf91ec82
x-content-type-options: nosniff
x-ratelimit-limit: 1000
x-ratelimit-remaining: 999
x-ratelimit-reset: 1630368259
server: cloudflare
content-encoding: gzip
x-akamai-transformed: 9 582 0 pmb=mTOE,3
expires: Tue, 31 Aug 2021 00:04:18 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Tue, 31 Aug 2021 00:04:18 GMT
content-length: 811
vary: Accept-Encoding
set-cookie: did=s%3Av0%3Afc9d5ac0-09ee-11ec-94e0-2db0112a5ec9.CDm5De3ciwPmYD2JTSpawZW4kdBiAyQa5m0zGnBzLao; Max-Age=31557600; Path=/; Expires=Wed, 31 Aug 2022 06:04:18 GMT; HttpOnly; Secure; SameSite=None did_compat=s%3Av0%3Afc9d5ac0-09ee-11ec-94e0-2db0112a5ec9.CDm5De3ciwPmYD2JTSpawZW4kdBiAyQa5m0zGnBzLao; Max-Age=31557600; Path=/; Expires=Wed, 31 Aug 2022 06:04:18 GMT; HttpOnly; Secure bm_mi=40981DE7EB24ADC8EC95A5FF1CC92A67~G4D0l0PxdLBy/ubakt9MaAEh/hEUx/KruRcSgZqIvzMPjaiUQaqFOXbEMAxJypI5bGANcZ+BVSFlI23T4jH3NaeKje3fIST99kMrOECyA8so2MuJ98hJIKVOptmIAMNA3Mx+RU99XBZaUPRiNgramRndeu+9nxydnL/hLaXGPzn/4EsZNFbrteQSFK0IHPpfQfQA0sSWApkX4YfOI2CxR9JEDh4tAH0CVOGZvCgCqpJOoxC++drzJd1rG+XPWhv/; Domain=.newscorpaustralia.com; Path=/; Max-Age=0; HttpOnly _abck=3EBADB21BA942E6EABCD2844D5C1193F~-1~YAAQ3+F7XI0Tq3p7AQAAFVuFmQY3t2zqGra5JJ1bQGIu1g586m7GrV7/VwRWIQfJmllQFhhqxfuxdFwZlUsIjK+PR0o05y0pbIWfvjAyVQIv8Fd4RCqq82R7r0wviGTXoyoLHVYqABmmjmj4z4n0gyK1S1GU/WfAkJ0WeIoOaMj4o/tM3UKYvkxMNKVF7548Jra+AJY3voSX3GNzSZ6Bl+mLsP9zkfokIBlwOVACqSQyEtFYMJkAevHSOT5JSDPRuQXc/KHD/fcb5vLxjou7vDndQue9g3k3SNIXDzwzNQgsCvT8H4xRgJOt8GHa8vYdMNrRe/JC0Zxe8QRx81KLdkxfJQ8YoAvTOD5w4MgW1A4OYkerjU7SHsuSMVHcSWr0kOt8m2bKaw==~-1~-1~-1; Domain=.newscorpaustralia.com; Path=/; Expires=Wed, 31 Aug 2022 00:04:18 GMT; Max-Age=31536000; Secure ak_bmsc=48C9235383F0630C22976537188D900F~000000000000000000000000000000~YAAQ3+F7XI4Tq3p7AQAAFVuFmQySjvxSNTlfFiVYi+/O/TD5kTrk7VOcdK27IfpYVA6mF4jTP9oi9dlTTUMjr4+NKwUxqKNj1+DOEEnRfq1mTpFvfJ3hjLD4YPRDF3TcSBAxW33wQwckSCGLPfS8K4esyK4SJAniI/dFwym+p0LlKr7UbRiCLF0BHLqBMgNk0AyM//TuYRd4o2p8vEwWdMjj8pPy+9LmDpPf1f8Ukwvrjb4vmmDpve8JkytqDmAaoEy2bJdc1u4zDtOCuTtzjf2uuqXCrKZbxskdT5RDc0zZr3bvPDwy8cSPoJL2X7ZjFcRCtKcbp2r0pN9dTGybq3I7LAhmIFCULfLm3pkTC3AB0Y+bZGPU0ZUVQofbMsJVSkxjS2xZUlKP7oyOfRY/rM8sBw==; Domain=.newscorpaustralia.com; Path=/; Expires=Tue, 31 Aug 2021 02:04:18 GMT; Max-Age=7200; HttpOnly bm_sz=413C32B733343BAD414BC1B167506722~YAAQ3+F7XI8Tq3p7AQAAFVuFmQwMLI/R/8d4AQiEt3bhJeVHO3J9W0ly6TXOCoxUsUzgjSp6g+t+/+O5MiXPMVjrpKRPc4NLY7l3KJHNGKePNLXHNGiwz1q/acIMtWSHLC1gIARQ6YceamhFt4o6l6wiXDOjspJmJFfQdB5TeCnJyIdStdK2nFWC0Ad5BnURPB+AIP5sx+Yj83WUu5Wa1QK0m+F7zOUb+6s8yAoPhl6zIq197tTxh6AQ7LM1+9e1wi6vTDRIluk44UiFBQhBmLmt4JClE3smcO4Vqj1468chsaJtZToOvenp44duGg==~3491384~3749944; Domain=.newscorpaustralia.com; Path=/; Expires=Tue, 31 Aug 2021 04:04:18 GMT; Max-Age=14400

GET
H2 200 rampart.js
www.heraldsun.com.au/remote/identity/rampart/latest/ 270 KB
83 KB 231ms
231ms Script
application/x-javascript 23.74.8.108
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.heraldsun.com.au/remote/identity/rampart/latest/rampart.js

Requested by

Host: subscriptions.heraldsun.com.au
URL: https://subscriptions.heraldsun.com.au/loader/loader.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.74.8.108 Munich, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

Software

AkamaiNetStorage /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
X-Content-Security-Policy	block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;

Request headers

:path: /remote/identity/rampart/latest/rampart.js
pragma: no-cache
cookie: n_regis=123456789; AWSALB=c8asAisH4WJ0/B4Zv8khrLsvT7YKJFpwFHBRzYXj1RPQUGToQd7Zok322MGCUJnLlfgBdM+fM6jRzWmVgHB5J9Tz9mRw2whRwvLdnC0DS4lHX9Ofx5umdWorLhoQ; AWSALBCORS=c8asAisH4WJ0/B4Zv8khrLsvT7YKJFpwFHBRzYXj1RPQUGToQd7Zok322MGCUJnLlfgBdM+fM6jRzWmVgHB5J9Tz9mRw2whRwvLdnC0DS4lHX9Ofx5umdWorLhoQ; anonymous_token={%22entitlements%22:anon}; com.auth0.auth.jCJSIEk.yp8NUYQcHrbNGa_9Eu9BD_~b={%22nonce%22:%22MQC_rOB4Y-e0cuju9OfYnjv3fAJUmhyD%22%2C%22state%22:%22jCJSIEk.yp8NUYQcHrbNGa_9Eu9BD_~b%22}
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.heraldsun.com.au
referer: https://www.heraldsun.com.au/subscribe/news/1/?sourceCode=HSWEB_WRE170_a&dest=https%3A%2F%2Fwww.heraldsun.com.au%2Fleader%2Finner-east%2Fstonnington-council-shut-down-by-international-cyber-attack%2Fnews-story%2F7128450b1bc9d092fbffa1d800e388bc&memtype=anonymous&mode=premium&nk=95a130548d5a3363bce0e49cf0a4525b-1630368255
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.heraldsun.com.au/subscribe/news/1/?sourceCode=HSWEB_WRE170_a&dest=https%3A%2F%2Fwww.heraldsun.com.au%2Fleader%2Finner-east%2Fstonnington-council-shut-down-by-international-cyber-attack%2Fnews-story%2F7128450b1bc9d092fbffa1d800e388bc&memtype=anonymous&mode=premium&nk=95a130548d5a3363bce0e49cf0a4525b-1630368255
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy: block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
content-encoding: gzip
x-content-security-policy: block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
server: AkamaiNetStorage
etag: "24f41f77cd06741714294095fec17d16:1627964227.178684"
vary: User-Agent Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=615
date: Tue, 31 Aug 2021 00:04:18 GMT
is-https: true
x-opw: 4
x-webkit-csp: block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
expires: Tue, 31 Aug 2021 00:14:33 GMT

GET
H/1.1 200
OK id
dpm.demdex.net/ 5 KB
2 KB 619ms
159ms XHR
application/json 52.48.145.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id?d_visid_ver=4.5.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=5FE61C8B533204850A490D4D%40AdobeOrg&d_nsid=0&ts=1630368258527

Requested by

Host: tags.news.com.au
URL: https://tags.news.com.au/prod/visitor/adobe_visitor.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.48.145.41 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

a104-89-9-110.deploy.static.akamaitechnologies.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

DCS: dcs-prod-irl1-1-v015-02b821f1c.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-TID: JdSg4u6hQuw=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://www.heraldsun.com.au
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 1544
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 authorize
login.newscorpaustralia.com/ Frame 1F05 2 KB
3 KB 514ms
514ms Document
text/html 104.89.9.110
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://login.newscorpaustralia.com/authorize?client_id=AnudjFSZnp48OLKBaaB382z4LHeAfIS5&response_type=token%20id_token&scope=openid%20profile&audience=newscorpaustralia&redirect_uri=https%3A%2F%2Fwww.heraldsun.com.au%2Fremote%2Fidentity%2Fauth%2Flatest%2Flogin%2Fcallback.html&state=vMeK0~5H5pMvYlQAY07SSfb~Ombn82a4&nonce=ytI2~.bGPb2HaxZXLmfgZmhOLsm6aAEP&response_mode=web_message&prompt=none&auth0Client=eyJuYW1lIjoiYXV0aDAuanMiLCJ2ZXJzaW9uIjoiOS4xNi4yIn0%3D

Requested by

Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/remote/identity/rampart/latest/rampart.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.89.9.110 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

:method: GET
:authority: login.newscorpaustralia.com
:scheme: https
:path: /authorize?client_id=AnudjFSZnp48OLKBaaB382z4LHeAfIS5&response_type=token%20id_token&scope=openid%20profile&audience=newscorpaustralia&redirect_uri=https%3A%2F%2Fwww.heraldsun.com.au%2Fremote%2Fidentity%2Fauth%2Flatest%2Flogin%2Fcallback.html&state=vMeK0~5H5pMvYlQAY07SSfb~Ombn82a4&nonce=ytI2~.bGPb2HaxZXLmfgZmhOLsm6aAEP&response_mode=web_message&prompt=none&auth0Client=eyJuYW1lIjoiYXV0aDAuanMiLCJ2ZXJzaW9uIjoiOS4xNi4yIn0%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.heraldsun.com.au/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.heraldsun.com.au/

Response headers

content-type: text/html;charset=UTF-8
cf-ray: 687200312f091f11-FRA
strict-transport-security: max-age=31536000
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
ot-baggage-auth0-request-id: 687200312f091f11
ot-tracer-sampled: true
ot-tracer-spanid: 668cc95f0d7477b2
ot-tracer-traceid: 7b6fa9114d30fe31
x-auth0-requestid: 0ecf7353c164e6aa7425
x-content-type-options: nosniff
x-ratelimit-limit: 1000
x-ratelimit-remaining: 999
x-ratelimit-reset: 1630368259
server: cloudflare
content-encoding: gzip
x-akamai-transformed: 9 582 0 pmb=mTOE,3
expires: Tue, 31 Aug 2021 00:04:19 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Tue, 31 Aug 2021 00:04:19 GMT
content-length: 812
vary: Accept-Encoding
set-cookie: did=s%3Av0%3Afcc5f160-09ee-11ec-a0f1-2157cd7ed340.QOVWqZ%2FTKXYx1UhmKMnCn9wB%2BzteSBsPtzkwocwrhtk; Max-Age=31557600; Path=/; Expires=Wed, 31 Aug 2022 06:04:18 GMT; HttpOnly; Secure; SameSite=None did_compat=s%3Av0%3Afcc5f160-09ee-11ec-a0f1-2157cd7ed340.QOVWqZ%2FTKXYx1UhmKMnCn9wB%2BzteSBsPtzkwocwrhtk; Max-Age=31557600; Path=/; Expires=Wed, 31 Aug 2022 06:04:18 GMT; HttpOnly; Secure bm_mi=ECE8895F35C57075E6B8C84E185864A3~G4D0l0PxdLBy/ubakt9MaEpoTmTHN7WLvOiiLXVBPrOvM3fYjM2xao0QS3xaVv8jdz86+vCITSi7ixezqONjTp6HA+h9mo2KVK3OiMfhWZnoRuS7+HRrtIzAqNj3+HLzBnZ1XFMJKgeCCZutTbiJ9j2a9i7J7SBtKrrvLOb1+1UtHt/ZycHs/kAoYUijRxND/0eF5+HFQwDlcCGQsinJL0+DyXeRfE+nEZgZCWFn0/l6D3lrxyiN/y4cCBZMFRxv; Domain=.newscorpaustralia.com; Path=/; Max-Age=0; HttpOnly _abck=DBC309BAE002D1D056F0E083A490D709~-1~YAAQ3+F7XJMTq3p7AQAAHlyFmQaAwLYmNiPLgvIeU2t7QSFJ1fGbrCuD0s3GYuwT35rgjeNJrfA7PLDfCkTjAfhq+xn3yqJEn78PvXHPRg7cDNMCd0eGHTNjqdzSjOqgFDC7aZyPKfcuSzZYLznIQNWBPu14zvlqj4wcTxUU81SG1XBP3FOv7ltic9HkpIZ5YLko4F2TdWP1VWrXHSrycoK/taM0BKk00H5soNUm7juaa3erGqlC8rFZxnn2V+pmykaAa3vHwb3F0Q3HKfNPt4w9xew4kVDYpLw8U8TNYngTZYmeMWXMz1nYmSZ+95vuKFiEYRVz4ezTKI6FPknkGn82ziaKoWPV3/MRHOEnIlt8TFwpkcs+d2Js8OFFNDukGlANAzI4HQ==~-1~-1~-1; Domain=.newscorpaustralia.com; Path=/; Expires=Wed, 31 Aug 2022 00:04:19 GMT; Max-Age=31536000; Secure ak_bmsc=D4840D7F642DB6E9ECB24BDFDDDD6E37~000000000000000000000000000000~YAAQ3+F7XJQTq3p7AQAAHlyFmQxE0rD3DytgcOb1imzxUA0/k0Bkx7NX2ezGuXy7OKenk5TwNcJePC2Qhpk4S01VIUsiVZbfhHcZb6Boyk2IiXck2XLerTwU4EkoTKwhBznrlukwCuBG/9ao/nX2Q3EWsX+BbLj3wIYN+etx6g3KQyqrj3FvgsRJGLIWNLIanM8t9+dh3kDJfPxgSOMwnpmWXACDVBCP/GRLnASWaQNdWok6s10Ulc261bmk/emHMnzPSYrZ7CkEqWkput7cSqEYaWprNIn/S4hVNXrKkyGrLT4Oadm9JTxs662/IGHdyT6aaKFxFkO6QnUj2mACZ7s7SmtxlNSIEDSa/FmwHPIxkYgYxTjWss5mn1AinOYEBU1GA1vOavDRKO95QGrHI7X8CQ==; Domain=.newscorpaustralia.com; Path=/; Expires=Tue, 31 Aug 2021 02:04:18 GMT; Max-Age=7199; HttpOnly bm_sz=78A867F949162589668CA8DE5C61C59D~YAAQ3+F7XJUTq3p7AQAAHlyFmQz9GiVdQ1TKtMCy+uSRJrsyFVFkwJ8JQDBN6A8vqUO2nPSgQaNP+M+kP5wgtDBIisGQ2SN/qRL/q/d0nOeZ9M35JrwIY8nsMPQaRdmXzPSslo/iXK1rLmpa65+TCzq1X7Dv/43LdZiF2v+rEOyd6WjScxxyc9JVqMon0Rx16pfh2G259ZNwMsw+m6bwa0Q+cXz2tmcp8wFgLrt/eE6c5BOGt99FW/WAcVke+q/HRRg0ArlJ6mNHcUi9uGqtD3KjcfyUvEsbY4HqqbB5elJUAgWB+Np1thYYZEYfYw==~3491384~3749944; Domain=.newscorpaustralia.com; Path=/; Expires=Tue, 31 Aug 2021 04:04:18 GMT; Max-Age=14399

GET 3503dfd3
login.newscorpaustralia.com/akam/11/ Frame 0DFE 0
0

GET DdEg
login.newscorpaustralia.com/j8G5BPNrW1gk/6rYYezVgsp/GI/EY7DJVmJbE1i/CAoOAg/DisSXiZ/ Frame 0DFE 0
0

GET 3503dfd3
login.newscorpaustralia.com/akam/11/ Frame 1F05 0
0

GET DdEg
login.newscorpaustralia.com/j8G5BPNrW1gk/6rYYezVgsp/GI/EY7DJVmJbE1i/CAoOAg/DisSXiZ/ Frame 1F05 0
0

GET
H/1.1 200
OK dest5.html
newscorpau.demdex.net/ Frame 5D97 7 KB
3 KB 673ms
160ms Document
text/html 18.203.33.226
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://newscorpau.demdex.net/dest5.html?d_nsid=0

Requested by

Host: tags.news.com.au
URL: https://tags.news.com.au/prod/visitor/adobe_visitor.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.203.33.226 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-203-33-226.eu-west-1.compute.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Host: newscorpau.demdex.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.heraldsun.com.au/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: demdex=78102615276608734584096010757147980367
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.heraldsun.com.au/

Response headers

Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: text/html;charset=UTF-8
date: Tue, 31 Aug 2021 00:04:19 GMT
DCS: dcs-prod-irl1-1-v015-0c5294fd3.edge-irl1.demdex.com UNKNOWN
Expires: Thu, 01 Jan 1970 00:00:00 UTC
last-modified: Thu, 26 Aug 2021 10:18:53 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
vary: accept-encoding
X-TID: RgC7/gWBRGA=
Content-Length: 2791
Connection: keep-alive

GET
H2 200 id
newscorpau.sc.omtrdc.net/ 2 B
321 B 516ms
163ms XHR
application/x-javascript 13.36.218.177
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://newscorpau.sc.omtrdc.net/id?d_visid_ver=4.5.1&d_fieldgroup=A&mcorgid=5FE61C8B533204850A490D4D%40AdobeOrg&mid=78123580403463679764098127572948788053&ts=1630368259154

Requested by

Host: tags.news.com.au
URL: https://tags.news.com.au/prod/visitor/adobe_visitor.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.36.218.177 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-36-218-177.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Tue, 31 Aug 2021 00:04:19 GMT
x-content-type-options: nosniff
server: jag
xserver: anedge-f47784dbf-58klj
vary: Origin
x-c: main-1506.I6462f6.M0-512
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://www.heraldsun.com.au
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
content-type: application/x-javascript;charset=utf-8
content-length: 2
x-xss-protection: 1; mode=block

GET
H/1.1

200
OK

ibs:dpid=411&dpuuid=YS1yAwAAAFrcyQQE
dpm.demdex.net/
Redirect Chain

https://cm.everesttech.net/cm/dd?d_uuid=78102615276608734584096010757147980367
https://dpm.demdex.net/ibs:dpid=411&dpuuid=YS1yAwAAAFrcyQQE

42 B
945 B

162ms
161ms

Image
image/gif

52.48.145.41
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=411&dpuuid=YS1yAwAAAFrcyQQE

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.48.145.41 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v015-0e48b9666.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: dQ+4P4CaRig=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=YS1yAwAAAFrcyQQE
Date: Tue, 31 Aug 2021 00:04:19 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

GET
H2 200 utag.js
tags.tiqcdn.com/utag/newsltd/hwt.sops/prod/ 54 KB
15 KB 177ms
177ms Script
application/x-javascript 184.51.8.191
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/newsltd/hwt.sops/prod/utag.js
Requested by: Host: subscriptions.heraldsun.com.au
URL: https://subscriptions.heraldsun.com.au/loader/loader.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.51.8.191 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-51-8-191.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash

Request headers

Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 31 Aug 2021 00:04:19 GMT
content-encoding: gzip
last-modified: Tue, 15 Jun 2021 00:57:30 GMT
server: AkamaiNetStorage
etag: "651803048efeee279775ea99d8a1e010:1623718650.554271"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=300
accept-ranges: bytes
content-length: 14650
expires: Tue, 31 Aug 2021 00:09:19 GMT

GET
H2 200 index.html
subscriptions.heraldsun.com.au/caas/ Frame A03A 4 KB
2 KB 209ms
205ms Document
text/html 104.89.9.110
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://subscriptions.heraldsun.com.au/caas/index.html?pageType=spc
Requested by: Host: subscriptions.heraldsun.com.au
URL: https://subscriptions.heraldsun.com.au/loader/loader.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.89.9.110 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-89-9-110.deploy.static.akamaitechnologies.com
Software: /
Resource Hash

Request headers

:method: GET
:authority: subscriptions.heraldsun.com.au
:scheme: https
:path: /caas/index.html?pageType=spc
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.heraldsun.com.au/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: n_regis=123456789; anonymous_token={%22entitlements%22:anon}; AMCVS_5FE61C8B533204850A490D4D%40AdobeOrg=1; AMCV_5FE61C8B533204850A490D4D%40AdobeOrg=77933605%7CMCIDTS%7C18871%7CMCMID%7C78123580403463679764098127572948788053%7CMCAAMLH-1630973059%7C6%7CMCAAMB-1630973059%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1630375459s%7CNONE%7CvVersion%7C4.5.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.heraldsun.com.au/

Response headers

content-type: text/html
last-modified: Thu, 05 Aug 2021 07:33:55 GMT
accept-ranges: bytes
etag: "98071940c849582a370bca873646c69d"
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: 2R_XdE8LKRt53enERcf6pBI3uUV2qiUCu3AjqThtn0cbUy_oK0CbzA==
vary: Accept-Encoding
content-encoding: gzip
expires: Tue, 31 Aug 2021 00:04:19 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Tue, 31 Aug 2021 00:04:19 GMT
content-length: 1795

GET
H2 200 /
js.stripe.com/v3/ 236 KB
64 KB 710ms
224ms Script
application/javascript 13.224.93.36
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/

Requested by

Host: subscriptions.heraldsun.com.au
URL: https://subscriptions.heraldsun.com.au/loader/loader.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.93.36 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'self'; img-src 'self' https://q.stripe.com blob:; font-src data: https:; media-src 'none'; object-src 'self';
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 30 Aug 2021 23:59:35 GMT
content-encoding: gzip
vary: Accept-Encoding
age: 285
via: 1.1 b103085320b440f2b61bad94c412ff70.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-request-id: S7ZG44JGMQHYJNEC
x-amz-id-2: 4+B+j1akoscA6nHBzzPzfPJ9+SJbhfJPU1STyWCnmUlpRYHSfwK/bpz6yMa55FhYTYcI9yVdiso=
last-modified: Mon, 30 Aug 2021 21:48:00 GMT
server: AmazonS3
etag: W/"051ed28627d79005fa7061ee2e51c44a"
strict-transport-security: max-age=31556926; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=300
content-security-policy: default-src 'self'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'self'; img-src 'self' https://q.stripe.com blob:; font-src data: https:; media-src 'none'; object-src 'self';
x-amz-cf-pop: ZRH50-C1
timing-allow-origin: *
x-amz-cf-id: czHcyYDsOmhMeXSeFCx1Ak4dQ4UJHskIgi6hDXzqemfqMysNhTewqQ==

GET
H2 200 main.cabc1819.chunk.css
subscriptions.heraldsun.com.au/caas/static/css/ Frame A03A 169 KB
40 KB 210ms
209ms Stylesheet
text/css 104.89.9.110
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://subscriptions.heraldsun.com.au/caas/static/css/main.cabc1819.chunk.css
Requested by: Host: subscriptions.heraldsun.com.au
URL: https://subscriptions.heraldsun.com.au/caas/index.html?pageType=spc
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.89.9.110 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-89-9-110.deploy.static.akamaitechnologies.com
Software: /
Resource Hash

Request headers

Referer: https://subscriptions.heraldsun.com.au/caas/index.html?pageType=spc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 31 Aug 2021 00:04:19 GMT
content-encoding: gzip
last-modified: Thu, 05 Aug 2021 07:33:55 GMT
x-amz-cf-pop: FRA56-C1
etag: "60e6b38bcaacaf054cb9957b56cc7335"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=497726
accept-ranges: bytes
x-amz-cf-id: KFJ9II-8-8uE0nro6I3bp84BfnEfMTh-Ket3-N3ymtNkSxtPVcgXhg==

GET
H2 200 2.bcaf4117.chunk.js
subscriptions.heraldsun.com.au/caas/static/js/ Frame A03A 289 KB
89 KB 252ms
251ms Script
text/javascript 104.89.9.110
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://subscriptions.heraldsun.com.au/caas/static/js/2.bcaf4117.chunk.js
Requested by: Host: subscriptions.heraldsun.com.au
URL: https://subscriptions.heraldsun.com.au/caas/index.html?pageType=spc
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.89.9.110 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-89-9-110.deploy.static.akamaitechnologies.com
Software: /
Resource Hash

Request headers

Referer: https://subscriptions.heraldsun.com.au/caas/index.html?pageType=spc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 31 Aug 2021 00:04:19 GMT
content-encoding: gzip
last-modified: Thu, 05 Aug 2021 07:33:55 GMT
x-amz-cf-pop: FRA50-C1
etag: "510aa5cc367e670d638d321bdfd8196e"
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=498408
accept-ranges: bytes
x-amz-cf-id: 0stRUrqI4bC1yjncFdh-oHDSL2bwSl4YZKAXnHGpWr_j_hNbpOguzQ==

GET
H2 200 main.31fbe402.chunk.js
subscriptions.heraldsun.com.au/caas/static/js/ Frame A03A 127 KB
35 KB 172ms
171ms Script
text/javascript 104.89.9.110
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://subscriptions.heraldsun.com.au/caas/static/js/main.31fbe402.chunk.js
Requested by: Host: subscriptions.heraldsun.com.au
URL: https://subscriptions.heraldsun.com.au/caas/index.html?pageType=spc
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.89.9.110 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-89-9-110.deploy.static.akamaitechnologies.com
Software: /
Resource Hash

Request headers

Referer: https://subscriptions.heraldsun.com.au/caas/index.html?pageType=spc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 31 Aug 2021 00:04:19 GMT
content-encoding: gzip
last-modified: Thu, 05 Aug 2021 07:33:55 GMT
x-amz-cf-pop: FRA50-C1
etag: "9afaa2168a41cac7179ced9e196f798f"
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=497031
accept-ranges: bytes
content-length: 35795
x-amz-cf-id: F3Pmi-tZIiChq8THG082Waf2BoHxq7CXl56x1vJQb9budpUP-Xi1Xg==

GET
H2 200 utrack.js
tags.news.com.au/prod/utrack/ 2 KB
1 KB 162ms
162ms Script
application/x-javascript 2.21.141.166
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.news.com.au/prod/utrack/utrack.js?cb=16303682593890.9217253233214755
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/newsltd/hwt.sops/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.21.141.166 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-141-166.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash

Request headers

Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 31 Aug 2021 00:04:19 GMT
content-encoding: gzip
server: Apache
etag: "ab4f3fe7c5c43b61d4377ef72d3952fa:1558613430"
vary: Accept-Encoding
p3p: CP="News Ltd does not have a P3P policy. You can view our Privacy Policy at http://www.newscorpaustraliaprivacy.com"
cache-control: max-age=0, no-cache, no-store
content-type: application/x-javascript
content-length: 832
expires: Tue, 31 Aug 2021 00:04:19 GMT

GET
H2 200 mitas.js
tags.news.com.au/prod/mitas/ 666 B
905 B 161ms
160ms Script
application/x-javascript 2.21.141.166
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.news.com.au/prod/mitas/mitas.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/newsltd/hwt.sops/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.21.141.166 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-141-166.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash

Request headers

Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 31 Aug 2021 00:04:19 GMT
cache-control: max-age=58747
server: AkamaiNetStorage
content-type: application/x-javascript
etag: "83a2bbd4d3829f1d4278f4ff0988804c:1490850995"
content-length: 666
p3p: CP="News Ltd does not have a P3P policy. You can view our Privacy Policy at http://www.newscorpaustraliaprivacy.com"

GET
H2 200 gdpr_user_check.esi
tags.news.com.au/prod/data-esi/top/ 61 B
359 B 1173ms
853ms XHR
text/plain 2.21.141.166
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.news.com.au/prod/data-esi/top/gdpr_user_check.esi
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/newsltd/hwt.sops/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.21.141.166 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-141-166.deploy.static.akamaitechnologies.com
Software: AkamaiGHost /
Resource Hash

Request headers

Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 31 Aug 2021 00:04:20 GMT
server: AkamaiGHost
p3p: CP="News Ltd does not have a P3P policy. You can view our Privacy Policy at http://www.newscorpaustraliaprivacy.com"
etag: "f1d1adc077c1f1f826a151ee3db530bc:1600839199.327003"
content-type: text/plain
access-control-allow-origin: *
cache-control: max-age=0, no-cache
content-length: 61
mime-version: 1.0
expires: Tue, 31 Aug 2021 00:04:20 GMT

GET
H2 200 SourceSansPro.css
subscriptions.news.com.au/media/fonts/SourceSansPro/ Frame A03A 2 KB
2 KB 545ms
154ms Stylesheet
text/css 13.224.193.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://subscriptions.news.com.au/media/fonts/SourceSansPro/SourceSansPro.css
Requested by: Host: subscriptions.heraldsun.com.au
URL: https://subscriptions.heraldsun.com.au/caas/static/css/main.cabc1819.chunk.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.193.47 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-193-47.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash

Request headers

Referer: https://subscriptions.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-amz-version-id: BU9pslV_1tk2oM9KNiljnrkOp3wYAVog
via: 1.1 dde0b4b1e223fa23670e93078a04c116.cloudfront.net (CloudFront)
last-modified: Wed, 23 Sep 2020 08:43:42 GMT
server: AmazonS3
age: 68358
etag: "2a13a755f725cea2c202bc30af451d10"
x-cache: Hit from cloudfront
content-type: text/css
date: Mon, 30 Aug 2021 05:05:02 GMT
x-amz-cf-pop: FRA2-C1
accept-ranges: bytes
content-length: 2173
x-amz-cf-id: Xvg1sKT8NmbjPcdng-cOlqDVGnIoA37Tw-82aLAcnqiVPuPBhBFOgw==

GET
H2 200 Charter.css
subscriptions.news.com.au/media/fonts/Charter/ Frame A03A 2 KB
2 KB 546ms
156ms Stylesheet
text/css 13.224.193.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://subscriptions.news.com.au/media/fonts/Charter/Charter.css
Requested by: Host: subscriptions.heraldsun.com.au
URL: https://subscriptions.heraldsun.com.au/caas/static/css/main.cabc1819.chunk.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.193.47 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-193-47.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash

Request headers

Referer: https://subscriptions.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-amz-version-id: 78tZPx9F6ldnoT3vI7OxzT3AZa.JXQqe
via: 1.1 dde0b4b1e223fa23670e93078a04c116.cloudfront.net (CloudFront)
last-modified: Wed, 23 Sep 2020 08:43:10 GMT
server: AmazonS3
age: 20592
etag: "9d796e9621f8bd2ea24552819973cb20"
x-cache: Hit from cloudfront
content-type: text/css
date: Mon, 30 Aug 2021 18:21:09 GMT
x-amz-cf-pop: FRA2-C1
accept-ranges: bytes
content-length: 1635
x-amz-cf-id: irbWWU3F9-I2ph_iQQmcZbnnO5eY91xl1Eyplpc_NgZHAqPW1heOJA==

GET
H/1.1

200
OK

ibs:dpid=358&dpuuid=2953816452712674548
dpm.demdex.net/ Frame 5D97
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D358%26dpuuid%3D%24UID
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fdpm.demdex.net%252Fibs%253Adpid%253D358%2526dpuuid%253D%2524UID
https://dpm.demdex.net/ibs:dpid=358&dpuuid=2953816452712674548

42 B
945 B

251ms
161ms

Image
image/gif

52.48.145.41
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=358&dpuuid=2953816452712674548

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.48.145.41 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://newscorpau.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v015-052ec9957.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: YK/OyxfmThk=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Pragma: no-cache
Date: Tue, 31 Aug 2021 00:04:20 GMT
X-Proxy-Origin: 159.48.55.4; 159.48.55.4; 719.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: f4425e88-5e0d-44b6-af60-92dc664e38cb
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://dpm.demdex.net/ibs:dpid=358&dpuuid=2953816452712674548
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

ibs:dpid=470&dpuuid=4289510830956718116
dpm.demdex.net/ Frame 5D97
Redirect Chain

https://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMjM2NTYzMjkvdC8y/url/https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D470%26dpuuid%3D%24!%7BTURN_UUID%7D
https://dpm.demdex.net/ibs:dpid=470&dpuuid=4289510830956718116

42 B
945 B

167ms
166ms

Image
image/gif

52.48.145.41
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=470&dpuuid=4289510830956718116

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.48.145.41 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://newscorpau.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v015-064a7714a.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: lGlRKcJXSkE=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

location: https://dpm.demdex.net/ibs:dpid=470&dpuuid=4289510830956718116
pragma: no-cache
date: Tue, 31 Aug 2021 00:04:19 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

GET
H/1.1 204
No Content token
token.rubiconproject.com/ Frame 5D97 0
214 B 649ms
156ms Image
text/plain 69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://token.rubiconproject.com/token?pid=6404&puid=78102615276608734584096010757147980367&gdpr=0&gdpr_consent=
Requested by: Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/subscribe/news/1/?sourceCode=HSWEB_WRE170_a&dest=https%3A%2F%2Fwww.heraldsun.com.au%2Fleader%2Finner-east%2Fstonnington-council-shut-down-by-international-cyber-attack%2Fnews-story%2F7128450b1bc9d092fbffa1d800e388bc&memtype=anonymous&mode=premium
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://newscorpau.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
X-RPHost: 4b510f0cc5fcbc9800016ef543086418
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

ibs:dpid=771&dpuuid=CAESEJlZFNyVkd9SA4KdV-xl5P8&google_cver=1
dpm.demdex.net/ Frame 5D97
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm&gdpr=0&gdpr_consent=&google_hm=NzgxMDI2MTUyNzY2MDg3MzQ1ODQwOTYwMTA3NTcxNDc5ODAzNjc=
https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEJlZFNyVkd9SA4KdV-xl5P8&google_cver=1?gdpr=0&gdpr_consent=

42 B
945 B

220ms
156ms

Image
image/gif

52.48.145.41
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEJlZFNyVkd9SA4KdV-xl5P8&google_cver=1?gdpr=0&gdpr_consent=

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.48.145.41 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://newscorpau.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v015-0eb1b75d1.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: L9imfnsTTmQ=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

pragma: no-cache
date: Tue, 31 Aug 2021 00:04:20 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEJlZFNyVkd9SA4KdV-xl5P8&google_cver=1?gdpr=0&gdpr_consent=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 314
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 env.json
subscriptions.heraldsun.com.au/caas/config/ Frame A03A 1 KB
1 KB 155ms
155ms XHR
application/json 104.89.9.110
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://subscriptions.heraldsun.com.au/caas/config/env.json
Requested by: Host: subscriptions.heraldsun.com.au
URL: https://subscriptions.heraldsun.com.au/caas/static/js/2.bcaf4117.chunk.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.89.9.110 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-89-9-110.deploy.static.akamaitechnologies.com
Software: /
Resource Hash

Request headers

Accept: application/json, text/plain, */*
Referer: https://subscriptions.heraldsun.com.au/caas/index.html?pageType=spc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 31 Aug 2021 00:04:20 GMT
content-encoding: gzip
last-modified: Thu, 05 Aug 2021 07:33:56 GMT
x-amz-cf-pop: FRA50-C1
etag: "6951f4b98b1d9249d316487258b64dc7"
vary: Accept-Encoding
content-type: application/json
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 759
x-amz-cf-id: qOXnqXXOZTGVmOFo738zq21UIET3W60YtzFTl341FjCvK1LYfDx_ZQ==
expires: Tue, 31 Aug 2021 00:04:20 GMT

GET
H2 200 m-outer-5564a2ae650989ada0dc7f7250ae34e9.html
js.stripe.com/v3/ Frame C018 215 B
954 B 174ms
174ms Document
text/html 13.224.93.36
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/m-outer-5564a2ae650989ada0dc7f7250ae34e9.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.93.36 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src https://m.stripe.network; img-src https://q.stripe.com; font-src 'none'; media-src 'none'; object-src 'none';
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

:method: GET
:authority: js.stripe.com
:scheme: https
:path: /v3/m-outer-5564a2ae650989ada0dc7f7250ae34e9.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.heraldsun.com.au/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.heraldsun.com.au/

Response headers

content-type: text/html; charset=utf-8
content-length: 215
x-amz-id-2: 81rXAvpmmTm7S0Ll+YglK3B4aIroGEVB7eQ+HwMtSoNPxDlcigs0aWpJzBzzL6vfNciSw7xFry4=
x-amz-request-id: TCK67PAPFZHREZ3W
last-modified: Tue, 29 Jun 2021 17:25:38 GMT
accept-ranges: bytes
server: AmazonS3
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
access-control-allow-origin: *
content-security-policy: default-src 'self'; connect-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src https://m.stripe.network; img-src https://q.stripe.com; font-src 'none'; media-src 'none'; object-src 'none';
date: Tue, 31 Aug 2021 00:02:50 GMT
cache-control: public, max-age=300
etag: "5564a2ae650989ada0dc7f7250ae34e9"
x-cache: Hit from cloudfront
via: 1.1 b103085320b440f2b61bad94c412ff70.cloudfront.net (CloudFront)
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: MNpmlK-ljGQ5vSdCGTdgqdvdZHaq_XqnqZwlDKAL4ZdvGBXLaMdoJA==
age: 98

GET
H/1.1

200
OK

ibs:dpid=903&dpuuid=eb1bef23-0152-4921-8f62-3a55c5be3c8f
dpm.demdex.net/ Frame 5D97
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=aam&gdpr=0&gdpr_consent=&ttd_tpi=1
https://match.adsrvr.org/track/cmb/generic?ttd_pid=aam&gdpr=0&gdpr_consent=&ttd_tpi=1
https://dpm.demdex.net/ibs:dpid=903&dpuuid=eb1bef23-0152-4921-8f62-3a55c5be3c8f

42 B
945 B

162ms
162ms

Image
image/gif

52.48.145.41
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=903&dpuuid=eb1bef23-0152-4921-8f62-3a55c5be3c8f

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.48.145.41 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://newscorpau.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v015-00a940304.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: 1BjGLTFCTws=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

pragma: no-cache
date: Tue, 31 Aug 2021 00:04:20 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://dpm.demdex.net/ibs:dpid=903&dpuuid=eb1bef23-0152-4921-8f62-3a55c5be3c8f
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 189

GET
H/1.1

200
OK

ibs:dpid=19566&dpuuid=%s
dpm.demdex.net/ Frame 5D97
Redirect Chain

https://image5.pubmatic.com/AdServer/usersync/usersync.html?predirect=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid=19566%26dpuuid=PM_UID&userIdMacro=PM_UID
https://dpm.demdex.net/ibs:dpid=19566&dpuuid=%s

42 B
963 B

161ms
160ms

Image
image/gif

52.48.145.41
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=19566&dpuuid=%s

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.48.145.41 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://newscorpau.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v015-0fcec44a9.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-Error: 104,303
X-TID: uwlrK333Q4M=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

pragma: no-cache
date: Tue, 31 Aug 2021 00:04:21 GMT
server: nginx
etag: "60b842b3-cde"
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
location: https://dpm.demdex.net/ibs:dpid=19566&dpuuid=%s
cache-control: max-age=0, no-cache, no-store
content-type: text/html
content-length: 154
expires: Tue, 31 Aug 2021 00:04:21 GMT

GET
H2 200 rampart.js
www.heraldsun.com.au/remote/identity/rampart/latest/ Frame A03A 270 KB
83 KB 185ms
185ms Script
application/x-javascript 23.74.8.108
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.heraldsun.com.au/remote/identity/rampart/latest/rampart.js

Requested by

Host: subscriptions.heraldsun.com.au
URL: https://subscriptions.heraldsun.com.au/caas/static/js/main.31fbe402.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.74.8.108 Munich, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

Software

AkamaiNetStorage /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
X-Content-Security-Policy	block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;

Request headers

:path: /remote/identity/rampart/latest/rampart.js
pragma: no-cache
cookie: n_regis=123456789; AWSALB=c8asAisH4WJ0/B4Zv8khrLsvT7YKJFpwFHBRzYXj1RPQUGToQd7Zok322MGCUJnLlfgBdM+fM6jRzWmVgHB5J9Tz9mRw2whRwvLdnC0DS4lHX9Ofx5umdWorLhoQ; AWSALBCORS=c8asAisH4WJ0/B4Zv8khrLsvT7YKJFpwFHBRzYXj1RPQUGToQd7Zok322MGCUJnLlfgBdM+fM6jRzWmVgHB5J9Tz9mRw2whRwvLdnC0DS4lHX9Ofx5umdWorLhoQ; anonymous_token={%22entitlements%22:anon}; AMCVS_5FE61C8B533204850A490D4D%40AdobeOrg=1; AMCV_5FE61C8B533204850A490D4D%40AdobeOrg=77933605%7CMCIDTS%7C18871%7CMCMID%7C78123580403463679764098127572948788053%7CMCAAMLH-1630973059%7C6%7CMCAAMB-1630973059%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1630375459s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-18878%7CvVersion%7C4.5.1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.heraldsun.com.au
referer: https://subscriptions.heraldsun.com.au/
:scheme: https
sec-fetch-site: same-site
:method: GET
Referer: https://subscriptions.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy: block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
content-encoding: gzip
x-content-security-policy: block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
server: AkamaiNetStorage
etag: "24f41f77cd06741714294095fec17d16:1627964227.178684"
vary: User-Agent Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=613
date: Tue, 31 Aug 2021 00:04:20 GMT
is-https: true
x-opw: 4
x-webkit-csp: block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:;
expires: Tue, 31 Aug 2021 00:14:33 GMT

GET
H2 200 m-outer-60c368c1e1eddba7bd149e4b4f5408df.js
js.stripe.com/v3/fingerprinted/js/ Frame C018 1 KB
1 KB 175ms
175ms Script
application/javascript 13.224.93.36
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/m-outer-60c368c1e1eddba7bd149e4b4f5408df.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/m-outer-5564a2ae650989ada0dc7f7250ae34e9.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.93.36 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'self'; img-src 'self' https://q.stripe.com blob:; font-src data: https:; media-src 'none'; object-src 'self';
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Referer: https://js.stripe.com/v3/m-outer-5564a2ae650989ada0dc7f7250ae34e9.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: gzip
etag: W/"78581b5abad6c4e7b59c0f8ee45a8134"
age: 278
via: 1.1 b103085320b440f2b61bad94c412ff70.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-request-id: KXKGTC2RM3YZQ3X1
x-amz-id-2: NdWE2v71elVwNAep4Yf4owNE+zpnJutW5HVEdegDTYxs2cH26OlSwuHsqj2bGVy+TMKIatwRxpQ=
last-modified: Tue, 29 Jun 2021 17:25:39 GMT
server: AmazonS3
date: Mon, 30 Aug 2021 23:59:43 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=300
content-security-policy: default-src 'self'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'self'; img-src 'self' https://q.stripe.com blob:; font-src data: https:; media-src 'none'; object-src 'self';
x-amz-cf-pop: ZRH50-C1
timing-allow-origin: *
x-amz-cf-id: sRnZRVgbzqottomJ8GE_n3GyaWfc3OOf9kr-81MjW_GgCDUVH8s_wg==

GET
H/1.1

200
OK

ibs:dpid=23728&dpuuid=YS1yBD3y0JwrUYIQBCieugAA%261155
dpm.demdex.net/ Frame 5D97
Redirect Chain

https://ssum.casalemedia.com/usermatchredir?s=183607&cb=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D23728%26dpuuid%3D__UID__
https://ssum.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D23728%26dpuuid%3D__UID__&s=183607&C=1
https://dpm.demdex.net/ibs:dpid=23728&dpuuid=YS1yBD3y0JwrUYIQBCieugAA%261155

42 B
945 B

159ms
158ms

Image
image/gif

52.48.145.41
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=23728&dpuuid=YS1yBD3y0JwrUYIQBCieugAA%261155

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.48.145.41 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://newscorpau.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v015-0bc04f9b6.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: WwK2R1DuRG4=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Pragma: no-cache
Date: Tue, 31 Aug 2021 00:04:21 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dpm.demdex.net/ibs:dpid=23728&dpuuid=YS1yBD3y0JwrUYIQBCieugAA%261155
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 264
Expires: Tue, 31 Aug 2021 00:04:21 GMT

GET
H/1.1

200
OK

ibs:dpid=30432&dpuuid=CI-9e23468e38f24d958656c1c25cc47420
dpm.demdex.net/ Frame 5D97
Redirect Chain

https://dt.scanscout.com/ssframework/uid?UIAA=78102615276608734584096010757147980367&url=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D30432%26dpuuid%3D%5BUSER_ID%5D
https://dpm.demdex.net/ibs:dpid=30432&dpuuid=CI-9e23468e38f24d958656c1c25cc47420

42 B
945 B

223ms
222ms

Image
image/gif

52.48.145.41
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=30432&dpuuid=CI-9e23468e38f24d958656c1c25cc47420

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.48.145.41 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://newscorpau.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v015-0c67acd41.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: c+AeSJtITb0=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location: https://dpm.demdex.net/ibs:dpid=30432&dpuuid=CI-9e23468e38f24d958656c1c25cc47420
Date: Tue, 31 Aug 2021 00:04:21 GMT
useSecure: true
Server: nginx/1.10.3
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H2 200 inner.html
m.stripe.network/ Frame B15D 932 B
1 KB 440ms
146ms Document
text/html 151.101.12.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://m.stripe.network/inner.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/m-outer-60c368c1e1eddba7bd149e4b4f5408df.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.12.176 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src 'self' https://m.stripe.com; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; frame-src 'self' https://js.stripe.com; img-src 'self' https://m.stripe.com; font-src data: https:; media-src 'none'; object-src 'self';
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

:method: GET
:authority: m.stripe.network
:scheme: https
:path: /inner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://js.stripe.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://js.stripe.com/

Response headers

server: nginx
content-type: text/html; charset=utf-8
last-modified: Thu, 12 Aug 2021 00:00:27 GMT
etag: W/"6114649b-3a4"
strict-transport-security: max-age=31556926; includeSubDomains; preload
cache-control: public, max-age=300
timing-allow-origin: *
content-security-policy: default-src 'self'; connect-src 'self' https://m.stripe.com; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; frame-src 'self' https://js.stripe.com; img-src 'self' https://m.stripe.com; font-src data: https:; media-src 'none'; object-src 'self';
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Tue, 31 Aug 2021 00:04:20 GMT
age: 182
x-served-by: cache-sea4449-SEA, cache-fra19162-FRA
x-cache: HIT, HIT
x-cache-hits: 2, 75
x-timer: S1630368261.966027,VS0,VE0
vary: Accept-Encoding
content-length: 537

GET
H2 200 metrics.js
tags.news.com.au/prod/metrics/ 178 KB
62 KB 297ms
296ms Script
application/x-javascript 2.21.141.166
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.news.com.au/prod/metrics/metrics.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/newsltd/hwt.sops/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.21.141.166 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-141-166.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash

Request headers

Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 31 Aug 2021 00:04:20 GMT
content-encoding: gzip
server: AkamaiNetStorage
etag: "76a23b2a3209863ef0ce238663ec6ab1:1629693622.14708"
vary: Accept-Encoding
p3p: CP="News Ltd does not have a P3P policy. You can view our Privacy Policy at http://www.newscorpaustraliaprivacy.com"
cache-control: max-age=34020
content-type: application/x-javascript

GET
H2 200 tad.js
tags.news.com.au/prod/tad/ 84 KB
27 KB 200ms
199ms Script
application/x-javascript 2.21.141.166
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.news.com.au/prod/tad/tad.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/newsltd/hwt.sops/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.21.141.166 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-141-166.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash

Request headers

Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 31 Aug 2021 00:04:20 GMT
content-encoding: gzip
server: AkamaiNetStorage
etag: "ab99eb603c01285ed2e67c90872459d2:1628566297.76946"
vary: Accept-Encoding
p3p: CP="News Ltd does not have a P3P policy. You can view our Privacy Policy at http://www.newscorpaustraliaprivacy.com"
cache-control: max-age=73312
content-type: application/x-javascript
content-length: 27380

GET
H2 200 gpt.js
securepubads.g.doubleclick.net/tag/js/ 71 KB
25 KB 462ms
162ms Script
text/javascript 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/newsltd/hwt.sops/prod/utag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 31 Aug 2021 00:04:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "974 / 267 of 1000 / last-modified: 1630361685"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25235
x-xss-protection: 0
expires: Tue, 31 Aug 2021 00:04:20 GMT

GET
H2 200 nielsen.js
tags.news.com.au/prod/nielsen/ 25 KB
10 KB 164ms
162ms Script
application/x-javascript 2.21.141.166
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.news.com.au/prod/nielsen/nielsen.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/newsltd/hwt.sops/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.21.141.166 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-141-166.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash

Request headers

Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 31 Aug 2021 00:04:20 GMT
content-encoding: gzip
server: AkamaiNetStorage
etag: "8c7c1cb76a5850ad7830a8bb356626e8:1630300724.712654"
vary: Accept-Encoding
p3p: CP="News Ltd does not have a P3P policy. You can view our Privacy Policy at http://www.newscorpaustraliaprivacy.com"
cache-control: max-age=18862
content-type: application/x-javascript
content-length: 9943

GET
H/1.1 200
OK ncg.js
au.tags.newscgp.com/prod/ncg/ 155 KB
48 KB 534ms
192ms Script
text/javascript 13.224.93.94
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://au.tags.newscgp.com/prod/ncg/ncg.js?v=2.14.0
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/newsltd/hwt.sops/prod/utag.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.93.94 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-93-94.zrh50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash

Request headers

Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Mon, 30 Aug 2021 23:55:39 GMT
Content-Encoding: gzip
Connection: keep-alive
Last-Modified: Thu, 15 Jul 2021 04:26:19 GMT
Server: AmazonS3
Age: 524
ETag: W/"fbf90326cc306ad31726483a025fc411"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Content-Type: text/javascript
Via: 1.1 110750d14d1d900cd5c76d0ac872f5dd.cloudfront.net (CloudFront)
Cache-Control: max-age=3600
Transfer-Encoding: chunked
X-Amz-Cf-Pop: ZRH50-C1
X-Amz-Cf-Id: r1Py9ebDFWQUO2_NS2qs0rv5kvPNje8CpCGqKGJUHkH7fkt7yGdoeA==

GET
H2

200

v60.js
cdn-gl.imrworldwide.com/
Redirect Chain

https://secure-gl.imrworldwide.com/v60.js
https://cdn-gl.imrworldwide.com/v60.js

21 KB
7 KB

22ms
13ms

Script
application/javascript

2600:9000:2190:5a00:2:42d9:3100:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-gl.imrworldwide.com/v60.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2190:5a00:2:42d9:3100:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash

Request headers

Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-amz-version-id: .KrDWJ6YcsmnfI6j8sx8eWw9CjCealBE
content-encoding: gzip
etag: W/"cc7339d315e5ab16597dd66d153a0e7e"
last-modified: Mon, 12 Oct 2020 13:35:53 GMT
server: AmazonS3
age: 8434
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 ebbd7f31e48ea8cf77f6021cdd92bf62.cloudfront.net (CloudFront)
cache-control: max-age=86400
date: Mon, 30 Aug 2021 21:43:47 GMT
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: siH-6YSiY0UNRV-bFuQcOIxEjU7RYNuGUTN5J59vgVqjD22spPb2hA==

Redirect headers

date: Tue, 31 Aug 2021 00:04:20 GMT
via: 1.1 45de888accabe1a1cb5a389e8c9c1e07.cloudfront.net (CloudFront)
server: awselb/2.0
x-amz-cf-pop: FRA50-C1
x-cache: Miss from cloudfront
content-type: text/html
location: https://cdn-gl.imrworldwide.com:443/v60.js
content-length: 134
x-amz-cf-id: xAmMj_lXCn1sfmPYMZCMN13NSRpq4Va1keZxf3fg8eqF94C1WfaftA==

GET
H2 200 utag.5.js
tags.tiqcdn.com/utag/newsltd/hwt.sops/prod/ 2 KB
1 KB 161ms
160ms Script
application/x-javascript 184.51.8.191
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/newsltd/hwt.sops/prod/utag.5.js?utv=ut4.46.202101180416
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/newsltd/hwt.sops/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.51.8.191 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-51-8-191.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash

Request headers

Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 31 Aug 2021 00:04:20 GMT
content-encoding: gzip
last-modified: Mon, 18 Jan 2021 04:16:52 GMT
server: AkamaiNetStorage
etag: "0436c02969f65dfb9a3d688f878ce27b:1610943412.657267"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 920
expires: Wed, 15 Sep 2021 00:04:20 GMT

GET
H2 200 utag.673.js
tags.tiqcdn.com/utag/newsltd/hwt.sops/prod/ 2 KB
1 KB 163ms
162ms Script
application/x-javascript 184.51.8.191
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/newsltd/hwt.sops/prod/utag.673.js?utv=ut4.46.201911200450
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/newsltd/hwt.sops/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.51.8.191 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-51-8-191.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash

Request headers

Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 31 Aug 2021 00:04:20 GMT
content-encoding: gzip
last-modified: Wed, 20 Nov 2019 04:50:26 GMT
server: AkamaiNetStorage
etag: "6de2c8775994bd52649030333c12458f:1574225426.28333"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 904
expires: Wed, 15 Sep 2021 00:04:20 GMT

GET
H2 200 utag.680.js
tags.tiqcdn.com/utag/newsltd/hwt.sops/prod/ 3 KB
2 KB 167ms
166ms Script
application/x-javascript 184.51.8.191
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/newsltd/hwt.sops/prod/utag.680.js?utv=ut4.46.201911242359
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/newsltd/hwt.sops/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.51.8.191 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-51-8-191.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash

Request headers

Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 31 Aug 2021 00:04:20 GMT
content-encoding: gzip
last-modified: Sun, 24 Nov 2019 23:59:09 GMT
server: AkamaiNetStorage
etag: "a22f6448a2a7ef060ce3eb982528ca10:1574639949.213301"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 1333
expires: Wed, 15 Sep 2021 00:04:20 GMT

GET
H2 200 messages
dsf.newscorpaustralia.com/dailytelegraph/wp-json/dsf-api/ Frame A03A 6 KB
2 KB 255ms
254ms XHR
application/json 2a04:fa87:fffd::c000:4298
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://dsf.newscorpaustralia.com/dailytelegraph/wp-json/dsf-api/messages

Requested by

Host: subscriptions.heraldsun.com.au
URL: https://subscriptions.heraldsun.com.au/caas/static/js/2.bcaf4117.chunk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:fa87:fffd::c000:4298 , Ireland, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer: https://subscriptions.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 31 Aug 2021 00:04:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
x-cache: miss
link: <https://dsf.newscorpaustralia.com/dailytelegraph/wp-json/>; rel="https://api.w.org/"
x-rq: vie2 0 2 9980
allow: GET
server: nginx
vary: Accept-Encoding, Origin
access-control-allow-methods: OPTIONS, GET, POST, PUT, PATCH, DELETE
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://subscriptions.heraldsun.com.au
access-control-expose-headers: X-WP-Total, X-WP-TotalPages, Link
cache-control: max-age=60
access-control-allow-credentials: true
accept-ranges: bytes
x-robots-tag: noindex
access-control-allow-headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type

GET
H/1.1

200
OK

ibs:dpid=30064&dpuuid=2Ue5ARJHbbzKQ7AexC_UoSy8yG77BtKSsiME-wX5QibI
dpm.demdex.net/ Frame 5D97
Redirect Chain

https://ps.eyeota.net/match?bid=6j5b2cv&uid=78102615276608734584096010757147980367&r=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D30064%26dpuuid%3D%7BUUID_6j5b2cv%7D
https://ps.eyeota.net/match/bounce/?bid=6j5b2cv&uid=78102615276608734584096010757147980367&r=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D30064%26dpuuid%3D%7BUUID_6j5b2cv%7D
https://dpm.demdex.net/ibs:dpid=30064&dpuuid=2Ue5ARJHbbzKQ7AexC_UoSy8yG77BtKSsiME-wX5QibI

42 B
945 B

150ms
150ms

Image
image/gif

52.48.145.41
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=30064&dpuuid=2Ue5ARJHbbzKQ7AexC_UoSy8yG77BtKSsiME-wX5QibI

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.48.145.41 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

a104-89-9-110.deploy.static.akamaitechnologies.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://newscorpau.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v015-0d2feb3d1.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: fiwgTG40Ros=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location: https://dpm.demdex.net/ibs:dpid=30064&dpuuid=2Ue5ARJHbbzKQ7AexC_UoSy8yG77BtKSsiME-wX5QibI
Date: Tue, 31 Aug 2021 00:04:21 GMT
Content-Length: 0
P3P: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"

GET
H2 200 chartbeat.js
static.chartbeat.com/js/ 36 KB
14 KB 63ms
13ms Script
application/x-javascript 2600:9000:2190:2a00:18:1fcd:34f:cdc1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.chartbeat.com/js/chartbeat.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/newsltd/hwt.sops/prod/utag.5.js?utv=ut4.46.202101180416
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2190:2a00:18:1fcd:34f:cdc1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 30 Aug 2021 22:18:23 GMT
content-encoding: gzip
last-modified: Fri, 09 Jul 2021 00:11:37 GMT
server: nginx
age: 6357
etag: W/"60e79439-8e96"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/x-javascript
via: 1.1 f0f5607a03d2ae4c43b553dc2cef0c9e.cloudfront.net (CloudFront)
cache-control: max-age=7200
cross-origin-resource-policy: cross-origin
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: orkznH6Y6_g3qTsXWmdPgDTnrnIJubtxYdNYxgi9eiogBDV8z-ZwLw==
expires: Tue, 31 Aug 2021 00:18:23 GMT

GET
H2 200 ebOneTag.js
secure-ds.serving-sys.com/SemiCachedScripts/ 59 KB
19 KB 473ms
168ms Script
application/javascript 95.100.159.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://secure-ds.serving-sys.com/SemiCachedScripts/ebOneTag.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/newsltd/hwt.sops/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 95.100.159.210 Munich, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a95-100-159-210.deploy.static.akamaitechnologies.com
Software: / ARR/2.5
Resource Hash

Request headers

Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 31 Aug 2021 00:04:21 GMT
content-encoding: gzip
last-modified: Mon, 23 Aug 2021 09:12:37 GMT
server
x-powered-by: ARR/2.5
etag: "4cfe3d4ff97d71:0"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=862
accept-ranges: bytes
content-length: 18866

GET
H2

204

usermatch.gif
beacon.krxd.net/ Frame 5D97
Redirect Chain

https://usermatch.krxd.net/um/v2?partner=adobe&id=78102615276608734584096010757147980367
https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=adobe&id=78102615276608734584096010757147980367

0
338 B

453ms
159ms

Image
text/plain

34.250.89.160
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=adobe&id=78102615276608734584096010757147980367
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.250.89.160 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-250-89-160.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://newscorpau.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 31 Aug 2021 00:04:21 GMT
cache-control: private, no-cache, no-store
x-request-time: D=35 t=1630368261
x-served-by: beacon-n015-dub-prod.krxd.net
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location: https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=adobe&id=78102615276608734584096010757147980367
date: Tue, 31 Aug 2021 00:04:21 GMT
x-cache-hits: 0
x-age: 0
content-length: 0
x-cache: MISS
x-served-by: usermatch-a015-ash-prod.krxd.net

GET
H2 200 scevent.min.js
sc-static.net/ 15 KB
6 KB 499ms
186ms Script
application/javascript 13.224.93.97
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sc-static.net/scevent.min.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/newsltd/hwt.sops/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.93.97 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-93-97.zrh50.r.cloudfront.net
Software: CloudFront /
Resource Hash

Request headers

Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 31 Aug 2021 00:04:21 GMT
content-encoding: gzip
server: CloudFront
x-amz-cf-pop: ZRH50-C1
x-cache: LambdaGeneratedResponse from cloudfront
content-type: application/javascript;charset=utf-8
access-control-allow-origin: *
cache-control: private, s-maxage=0, max-age=600
access-control-allow-headers: Content-Type
content-length: 5873
via: 1.1 c202f63846a430afd2d556266be8b50c.cloudfront.net (CloudFront)
x-amz-cf-id: vkMvuvV9YHkKR2ccJAfOnBUjdva1_FiU472p8GsdjC96jTSbwVL_ug==

GET
H2 200 utag.v.js
tags.tiqcdn.com/utag/tiqapp/ 2 B
202 B 155ms
155ms Script
application/x-javascript 184.51.8.191
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=newsltd/hwt.sops/202106150057&cb=1630368260746
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/newsltd/hwt.sops/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.51.8.191 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-51-8-191.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash

Request headers

Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 31 Aug 2021 00:04:20 GMT
last-modified: Thu, 14 Apr 2016 16:57:51 GMT
server: AkamaiNetStorage
etag: "7bc0ee636b3b83484fc3b9348863bd22:1460653071"
content-type: application/x-javascript
cache-control: max-age=600
accept-ranges: bytes
content-length: 2
expires: Tue, 31 Aug 2021 00:14:20 GMT

GET
H2 200 PE61ECF8B-8E10-4919-930F-697F3D3DBB98.js
cdn-gl.imrworldwide.com/conf/ 33 KB
7 KB 42ms
14ms Script
application/javascript 2600:9000:2190:5a00:2:42d9:3100:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-gl.imrworldwide.com/conf/PE61ECF8B-8E10-4919-930F-697F3D3DBB98.js
Requested by: Host: tags.news.com.au
URL: https://tags.news.com.au/prod/nielsen/nielsen.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2190:5a00:2:42d9:3100:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash

Request headers

Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-amz-version-id: vAw__ccLwOZxvouZPR2ZDgqfD1zH7uuI
content-encoding: gzip
etag: W/"f38efcf23a65d34cb055d628ef27abf0"
last-modified: Mon, 30 Aug 2021 09:18:27 GMT
server: AmazonS3
age: 4455
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 ebbd7f31e48ea8cf77f6021cdd92bf62.cloudfront.net (CloudFront)
cache-control: max-age=86400,s-maxage=86400
date: Mon, 30 Aug 2021 23:39:49 GMT
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: pXj_4lFrTTLdot57bKybZCpDF9B6ZFXxCNg04NIOMDgKCfc4TnYDuw==

GET
H2 200 m
secure-gl.imrworldwide.com/cgi-bin/ 44 B
523 B 129ms
129ms Image
image/gif 2600:9000:2156:be00:1e:a43d:b640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-gl.imrworldwide.com/cgi-bin/m?rnd=1630368260803&ci=newscorp&js=1&cg=0&ts=utag.js&vn=6.0.104&cc=1&cd=24&ck=y&je=n&lg=en-US&si=https%3A%2F%2Fwww.heraldsun.com.au%2Fsubscribe%2Fnews%2F1%2F%3FsourceCode%3DHSWEB_WRE170_a%26dest%3Dhttps%253A%252F%252Fwww.heraldsun.com.au%252Fleader%252Finner-east%252Fstonnington-council-shut-down-by-international-cyber-attack%252Fnews-story%252F7128450b1bc9d092fbffa1d800e388bc%26memtype%3Danonymous%26mode%3Dpremium&sr=1600x1200&tz=2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:be00:1e:a43d:b640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 31 Aug 2021 00:04:20 GMT
via: 1.1 45de888accabe1a1cb5a389e8c9c1e07.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: FRA50-C1
access-control-allow-methods: POST, OPTIONS
p3p: P3P policyref="http://secure-gl.imrworldwide.com/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
access-control-allow-origin: *
cache-control: no-cache
cross-origin-resource-policy: cross-origin
x-cache: Miss from cloudfront
content-type: image/gif
content-length: 44
x-amz-cf-id: qoDCLuCcOyM50aVYVQntYHMKqIUMxiPNitMt2lMQneSBc3WA7OPZtg==
expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H2 200 nlsSDK600.bundle.min.js
cdn-gl.imrworldwide.com/novms/js/2/ 192 KB
54 KB 13ms
13ms Script
application/javascript 2600:9000:2190:5a00:2:42d9:3100:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-gl.imrworldwide.com/novms/js/2/nlsSDK600.bundle.min.js
Requested by: Host: cdn-gl.imrworldwide.com
URL: https://cdn-gl.imrworldwide.com/conf/PE61ECF8B-8E10-4919-930F-697F3D3DBB98.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2190:5a00:2:42d9:3100:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash

Request headers

Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-amz-version-id: WYmiUb1.Cg6z3yQT9O20r1WlJJUllnwa
content-encoding: gzip
etag: W/"bd1ffd9a8dc416cfddcde665f3111e22"
last-modified: Tue, 17 Aug 2021 13:40:58 GMT
server: AmazonS3
age: 2943
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 ebbd7f31e48ea8cf77f6021cdd92bf62.cloudfront.net (CloudFront)
cache-control: max-age=86400
date: Mon, 30 Aug 2021 23:15:18 GMT
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: ZPCtX7LUoEsBZtj__bObbmHPl0KthNB_LmMh4Cm2sAeE1zGOiFgOCA==

GET
H2 200 ping
ping.chartbeat.net/ 43 B
201 B 666ms
214ms Image
image/gif 54.208.44.81
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ping.chartbeat.net/ping?h=heraldsun.com.au&p=%2Fsubscribe%2Fnews%2F1%2F%3FsourceCode%3DHSWEB_WRE170_a%26dest%3Dhttps%3A%252F%252Fwww.heraldsun.com.au%252Fleader%252Finner-east%252Fstonnington-council-shut-down-by-international-cyber-attack%252Fnews-story%252F7128450b1bc9d092fbffa1d800e388bc%26memtype%3Danonymous%26mode%3Dpremium&u=DGRaPXDyLnk8DmyIGL&d=heraldsun.com.au&g=34257&g0=No%20Section&g1=No%20Author&n=1&f=00001&c=0&x=0&m=0&y=3102&o=1600&w=1200&j=45&R=1&W=0&I=0&E=0&e=0&r=&b=8922&t=CUCwQXB48GDOQXozk2qrgIBpdb3p&V=128&i=Heraldsun.com.au%20%7C%20Subscribe%20to%20the%20Herald%20Sun%20for%20exclusive%20stories&tz=-120&sn=1&sv=BjDr3LBCoAa4Bb8u4Au22BRDSsn3G&sd=1&im=0e030412&_
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.208.44.81 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-208-44-81.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 31 Aug 2021 00:04:21 GMT
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
content-length: 43
expires: 0

GET
H2 200 ls.html
cdn-gl.imrworldwide.com/novms/html/ Frame 2D9E 12 KB
4 KB 12ms
12ms Document
text/html 2600:9000:2190:5a00:2:42d9:3100:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-gl.imrworldwide.com/novms/html/ls.html
Requested by: Host: cdn-gl.imrworldwide.com
URL: https://cdn-gl.imrworldwide.com/novms/js/2/nlsSDK600.bundle.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2190:5a00:2:42d9:3100:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash

Request headers

:method: GET
:authority: cdn-gl.imrworldwide.com
:scheme: https
:path: /novms/html/ls.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.heraldsun.com.au/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.heraldsun.com.au/

Response headers

content-type: text/html
last-modified: Tue, 17 Aug 2021 13:40:58 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: zpOrZdUsdtFSUglONNnszp78Z80REEcP
server: AmazonS3
content-encoding: gzip
date: Mon, 30 Aug 2021 23:19:21 GMT
cache-control: max-age=86400
etag: W/"7fa83dfc7b78314b137e2eb13834daa7"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 ebbd7f31e48ea8cf77f6021cdd92bf62.cloudfront.net (CloudFront)
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: 6OlmxMjnwBgzumUbCf0OCZUxkhZ_mDbtL6HO-wiCROVLIikLrv91Mw==
age: 2699

GET
H2 200 authorize
login.newscorpaustralia.com/ Frame ECE4 2 KB
3 KB 496ms
495ms Document
text/html 104.89.9.110
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://login.newscorpaustralia.com/authorize?client_id=AnudjFSZnp48OLKBaaB382z4LHeAfIS5&response_type=token%20id_token&scope=openid%20profile&audience=newscorpaustralia&redirect_uri=https%3A%2F%2Fsubscriptions.heraldsun.com.au%2Fremote%2Fidentity%2Fauth%2Flatest%2Flogin%2Fcallback.html&state=tj3ITC9Tp1HOnlzX3jDKi5hUCV6s2F-V&nonce=9onReYD3iz-9zZ.JiGMX7b_bOvg1CiaE&response_mode=web_message&prompt=none&auth0Client=eyJuYW1lIjoiYXV0aDAuanMiLCJ2ZXJzaW9uIjoiOS4xNi4yIn0%3D

Requested by

Host: www.heraldsun.com.au
URL: https://www.heraldsun.com.au/remote/identity/rampart/latest/rampart.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.89.9.110 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

:method: GET
:authority: login.newscorpaustralia.com
:scheme: https
:path: /authorize?client_id=AnudjFSZnp48OLKBaaB382z4LHeAfIS5&response_type=token%20id_token&scope=openid%20profile&audience=newscorpaustralia&redirect_uri=https%3A%2F%2Fsubscriptions.heraldsun.com.au%2Fremote%2Fidentity%2Fauth%2Flatest%2Flogin%2Fcallback.html&state=tj3ITC9Tp1HOnlzX3jDKi5hUCV6s2F-V&nonce=9onReYD3iz-9zZ.JiGMX7b_bOvg1CiaE&response_mode=web_message&prompt=none&auth0Client=eyJuYW1lIjoiYXV0aDAuanMiLCJ2ZXJzaW9uIjoiOS4xNi4yIn0%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://subscriptions.heraldsun.com.au/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: did=s%3Av0%3Afcc5f160-09ee-11ec-a0f1-2157cd7ed340.QOVWqZ%2FTKXYx1UhmKMnCn9wB%2BzteSBsPtzkwocwrhtk
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://subscriptions.heraldsun.com.au/

Response headers

content-type: text/html;charset=UTF-8
cf-ray: 6872003f3c854a9d-FRA
strict-transport-security: max-age=31536000
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
ot-baggage-auth0-request-id: 6872003f3c854a9d
ot-tracer-sampled: true
ot-tracer-spanid: 6dbad2df65a9cf17
ot-tracer-traceid: 665fd9d17be9bbde
x-auth0-requestid: f8e33637ac7bc2f05206
x-content-type-options: nosniff
x-ratelimit-limit: 1000
x-ratelimit-remaining: 998
x-ratelimit-reset: 1630368262
server: cloudflare
content-encoding: gzip
x-akamai-transformed: 9 588 0 pmb=mTOE,3
expires: Tue, 31 Aug 2021 00:04:21 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Tue, 31 Aug 2021 00:04:21 GMT
content-length: 812
vary: Accept-Encoding
set-cookie: did=s%3Av0%3Afcc5f160-09ee-11ec-a0f1-2157cd7ed340.QOVWqZ%2FTKXYx1UhmKMnCn9wB%2BzteSBsPtzkwocwrhtk; Max-Age=31557600; Path=/; Expires=Wed, 31 Aug 2022 06:04:21 GMT; HttpOnly; Secure; SameSite=None did_compat=s%3Av0%3Afcc5f160-09ee-11ec-a0f1-2157cd7ed340.QOVWqZ%2FTKXYx1UhmKMnCn9wB%2BzteSBsPtzkwocwrhtk; Max-Age=31557600; Path=/; Expires=Wed, 31 Aug 2022 06:04:21 GMT; HttpOnly; Secure bm_mi=BA352F2CF56F1527F09A3005ECF2D557~G4D0l0PxdLBy/ubakt9MaIckEFrajOcJur99qDV53nrL+NmZQkmVQuykPbyIoCFFYoMI4mX4WpNNDfe8kY6nbZkzbShyDOMImfbpEfCEE5Auxake4MreOgKa3u/qfI5zNBFxWF6LkC0ySx+neKBAgnGSmeWA6FIGk76UMi0ABW9S7pRJN4tV+406GBMeHxPt4dbhkZ4Ha4ATCcZ7BpNZ5lKFMKAy8c4vyD5vJQE5inRLkCXD7Njpzr7Pd5VHhhzK; Domain=.newscorpaustralia.com; Path=/; Max-Age=0; HttpOnly _abck=5FEB0B7322FAA49DA8EDE911962FBA79~-1~YAAQ3+F7XKQTq3p7AQAA3WSFmQYqOu5xH4AqftxWWnrbQihTl6wOd1HLfuatFOBf6DUwYTijxia1p6eHYVvwo8HqO6zNPXUuwAMRg8PUiqzu3K5L2UMOchKu83abSP9C1QeJ2sd36uFVHZJNpCBKyQP9qxvFoJUa6Fi1nP2IpWdeB9Mgw194sud1Ki9yMHsUYqdENIGQYxU5gx1kLwX3aqrR633xr+iJxXP9g7lNHbl5thxNX6TdSNuhmwbsS0wahJHNVyqzpPpSrV5UeasyT7XRuE7nJ0CR2P6UI3Dml+wvIBhwPE3FbmEYgdFD6V+BjEcmd6LNTCGDv3KFHcOGCz+rXspQHAl28nuZn3lQywovuhQx9tWMOBc2lrC6ZC01Nf5w5iT8xw==~-1~-1~-1; Domain=.newscorpaustralia.com; Path=/; Expires=Wed, 31 Aug 2022 00:04:21 GMT; Max-Age=31536000; Secure ak_bmsc=16AD0E3DEB1FAC0EEB100EC4A9F3B74D~000000000000000000000000000000~YAAQ3+F7XKUTq3p7AQAA3WSFmQxuFLdO4WSM00rIYQfJwADrSTgJI65vzmvJBLFw5wpXMKWbFkDdogsnyvTARo0ZIPMYfXF4O4CzmraQ8uNFHpNOYfvAZZhK0G1zSj9yaPw0uFcYLrh5FsLJTEjBXk+0HfbnLzwIO1c0o1CzpV+QHuG/oHQF+iuta/Y6HlKIMeNOwt9CoDjYs2UhnENS85RGTLG8d+l8JWizTOWTfYWaDzS8j0zn9IERjy1YfT4WDRaBDYTTqPcqSnOlc6P8bE4AKXC6JFJaV/DZ5x4TqcwxzKIrYeIWZsfVYlwzmgb+/Orst4yCHyAR4gOJYIwqjdR7IYUTxgHSfLyZB2CISGPzuRTNoWM/vuoP+gqasJHVmn1aFxQiRbYma4CnvRk6U/RflQ==; Domain=.newscorpaustralia.com; Path=/; Expires=Tue, 31 Aug 2021 02:04:20 GMT; Max-Age=7199; HttpOnly bm_sz=F8556DFB6FAA31EE7C634AA7DE69D4E5~YAAQ3+F7XKYTq3p7AQAA3WSFmQwwJzj6QiW342PQDJ7KH90h9ePzIlfvRNT37VzEICkFS5V5JmTBxj9oKrs1R23ZLpZt/oS83LloyriZJXU7EiRU1TsZG9Ex5fltDHJO3AViJJ/RnnyuOuFwyjMB6AqtuHS2WTUHLQmdQV/j6EX7SbWKD8rxcxCickvX68AbwH0TcuH3hyHx7DyNZH6ES+uHmEAetkYwyTYEeWnOzYSGwGkZzVTCyzHSxsCN2nHnAsgahOWFeTT0yR3sy4DyKf4Q0O2NacygvXDZlchJzX4aL9cTfwmR+jHAe0exUA==~4469299~3162681; Domain=.newscorpaustralia.com; Path=/; Expires=Tue, 31 Aug 2021 04:04:20 GMT; Max-Age=14399

GET
H/1.1

200
OK

ibs:dpid=134096&dpuuid=hUziBx9999e%2FtuNC
dpm.demdex.net/ Frame 5D97
Redirect Chain

https://tags.bluekai.com/site/43981?id=78102615276608734584096010757147980367&redir=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D134096%26dpuuid%3D%24_BK_UUID
https://dpm.demdex.net/ibs:dpid=134096&dpuuid=hUziBx9999e%2FtuNC

42 B
945 B

150ms
150ms

Image
image/gif

52.48.145.41
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=134096&dpuuid=hUziBx9999e%2FtuNC

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.48.145.41 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://newscorpau.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v015-0acd81925.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: aDAd1jKCRq0=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location: https://dpm.demdex.net/ibs:dpid=134096&dpuuid=hUziBx9999e%2FtuNC
Date: Tue, 31 Aug 2021 00:04:21 GMT
Connection: keep-alive
Content-Length: 0
BK-Server: a972
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"

GET
H2 200 gn
secure-sdk.imrworldwide.com/cgi-bin/ Frame 2D9E 44 B
563 B 485ms
150ms Image
image/gif 52.213.86.174
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-sdk.imrworldwide.com/cgi-bin/gn?prd=session&c9=devid,&c13=asid,PE61ECF8B-8E10-4919-930F-697F3D3DBB98&sessionId=bx0elnylfd7n81yx6wlt6yiqvrpaa1630368260&c16=sdkv,bj.6.0.0&uoo=&fp_id=&fp_cr_tm=&fp_acc_tm=&fp_emm_tm=&ve_id=&c30=bldv,6.0.0.602&uid2=&uid2_token=&hem_sha256=&hem_sha1=&hem_md5=&hem_unknown=&sdd=retry,~~retryreason,~~devmodel,~~devtypid,~~sysname,~~sysversion,~~manuf,&retry=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.213.86.174 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-213-86-174.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Referer: https://cdn-gl.imrworldwide.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 31 Aug 2021 00:04:21 GMT
server: nginx
access-control-allow-methods: POST, OPTIONS
p3p: P3P policyref="http://secure-sdk.imrworldwide.com/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
access-control-allow-origin: *
cache-control: no-cache
cross-origin-resource-policy: cross-origin
content-type: image/gif
content-length: 44
expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H2 200 /
bx0elnylfd7n81yx6wlt6yiqvrpaa1630368260.nuid.imrworldwide.com/ Frame 2D9E 35 B
351 B 75ms
12ms Image
image/gif 2600:9000:2190:d400:1d:667e:2a40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bx0elnylfd7n81yx6wlt6yiqvrpaa1630368260.nuid.imrworldwide.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2190:d400:1d:667e:2a40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash

Request headers

Referer: https://cdn-gl.imrworldwide.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 30 Aug 2021 02:22:35 GMT
via: 1.1 a2037d86ccb1a548f20827ebd95a65f3.cloudfront.net (CloudFront)
last-modified: Tue, 11 Sep 2018 17:05:20 GMT
server: AmazonS3
age: 78106
etag: "c2196de8ba412c60c22ab491af7b1409"
x-cache: Hit from cloudfront
content-type: image/gif
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
content-length: 35
x-amz-cf-id: 5LbJWwvh6jq-I5ryBgsQZCysgNhdaYbPQjL_S9pw-yqEgHlhEKE8kg==

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 5D97
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_push%26google_sc%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_push&google_sc&google_hm=WVMxeUF3QUFBRnJjeVFRRQ==

170 B
188 B

153ms
152ms

Image
image/png

172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_push&google_sc&google_hm=WVMxeUF3QUFBRnJjeVFRRQ==

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://newscorpau.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 31 Aug 2021 00:04:21 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 31 Aug 2021 00:04:21 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1630368261.390181,VS0,VE0
x-served-by: cache-fra19132-FRA
x-cache: HIT
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_push&google_sc&google_hm=WVMxeUF3QUFBRnJjeVFRRQ==
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H2 200 out-4.5.40.js
m.stripe.network/ Frame B15D 85 KB
18 KB 154ms
154ms Script
application/x-javascript 151.101.12.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://m.stripe.network/out-4.5.40.js

Requested by

Host: m.stripe.network
URL: https://m.stripe.network/inner.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.12.176 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src 'self' https://m.stripe.com; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; frame-src 'self' https://js.stripe.com; img-src 'self' https://m.stripe.com; font-src data: https:; media-src 'none'; object-src 'self';
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Referer: https://m.stripe.network/inner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: gzip
etag: W/"6114649b-154bc"
age: 169
x-cache: HIT, HIT
content-length: 18452
x-served-by: cache-sea4483-SEA, cache-fra19162-FRA
last-modified: Thu, 12 Aug 2021 00:00:27 GMT
server: nginx
x-timer: S1630368261.122967,VS0,VE0
date: Tue, 31 Aug 2021 00:04:21 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=300
content-security-policy: default-src 'self'; connect-src 'self' https://m.stripe.com; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; frame-src 'self' https://js.stripe.com; img-src 'self' https://m.stripe.com; font-src data: https:; media-src 'none'; object-src 'self';
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 2, 66

GET
H/1.1 200
OK id
dpm.demdex.net/ 5 KB
2 KB 165ms
164ms XHR
application/json 52.48.145.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id?d_visid_ver=4.5.1&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=5FE61C8B533204850A490D4D%40AdobeOrg&d_nsid=0&d_mid=78123580403463679764098127572948788053&d_blob=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&ts=1630368261044

Requested by

Host: tags.news.com.au
URL: https://tags.news.com.au/prod/visitor/adobe_visitor.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.48.145.41 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

DCS: dcs-prod-irl1-1-v015-0c5294fd3.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-TID: vJLl2idfQMI=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://www.heraldsun.com.au
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 1544
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H3-29

200

/
www.google.de/pagead/1p-user-list/999005967/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/999005967/?value=1.00&label=fBbQCIHUqQgQj76u3AM&guid=ON&script=0
https://www.google.com/pagead/1p-user-list/999005967/?value=1.00&label=fBbQCIHUqQgQj76u3AM&guid=ON&script=0&is_vtc=1&random=20982584
https://www.google.de/pagead/1p-user-list/999005967/?value=1.00&label=fBbQCIHUqQgQj76u3AM&guid=ON&script=0&is_vtc=1&random=20982584&ipr=y

42 B
64 B

103ms
103ms

Image
image/gif

2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/999005967/?value=1.00&label=fBbQCIHUqQgQj76u3AM&guid=ON&script=0&is_vtc=1&random=20982584&ipr=y

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 31 Aug 2021 00:04:21 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 31 Aug 2021 00:04:21 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/gif
location: https://www.google.de/pagead/1p-user-list/999005967/?value=1.00&label=fBbQCIHUqQgQj76u3AM&guid=ON&script=0&is_vtc=1&random=20982584&ipr=y
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

/
www.google.de/pagead/1p-user-list/999005967/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/999005967/?value=1.00&label=NB48CPnUqQgQj76u3AM&guid=ON&script=0
https://www.google.com/pagead/1p-user-list/999005967/?value=1.00&label=NB48CPnUqQgQj76u3AM&guid=ON&script=0&is_vtc=1&random=4040834978
https://www.google.de/pagead/1p-user-list/999005967/?value=1.00&label=NB48CPnUqQgQj76u3AM&guid=ON&script=0&is_vtc=1&random=4040834978&ipr=y

42 B
64 B

102ms
102ms

Image
image/gif

2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/999005967/?value=1.00&label=NB48CPnUqQgQj76u3AM&guid=ON&script=0&is_vtc=1&random=4040834978&ipr=y

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 31 Aug 2021 00:04:21 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 31 Aug 2021 00:04:21 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/gif
location: https://www.google.de/pagead/1p-user-list/999005967/?value=1.00&label=NB48CPnUqQgQj76u3AM&guid=ON&script=0&is_vtc=1&random=4040834978&ipr=y
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/ Frame 5D97
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D7941%26nid%3D2243%26put%3D%24%7BUSER_ID%7D%26expires%3D90
https://pixel.rubiconproject.com/tap.php?v=7941&nid=2243&put=YS1yAwAAAFrcyQQE&expires=90

0
239 B

607ms
159ms

Image
image/gif

69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=7941&nid=2243&put=YS1yAwAAAFrcyQQE&expires=90
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://newscorpau.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 4b510f0cc5fcbc9800016ef543086418
Content-Type: image/gif

Redirect headers

pragma: no-cache
date: Tue, 31 Aug 2021 00:04:21 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1630368261.390290,VS0,VE0
x-served-by: cache-fra19132-FRA
x-cache: HIT
location: https://pixel.rubiconproject.com/tap.php?v=7941&nid=2243&put=YS1yAwAAAFrcyQQE&expires=90
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 5D97
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=YS1yAwAAAFrcyQQE

43 B
883 B

485ms
183ms

Image
image/gif

184.51.9.98
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=YS1yAwAAAFrcyQQE
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.51.9.98 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-51-9-98.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash

Request headers

Referer: https://newscorpau.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 31 Aug 2021 00:04:21 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Tue, 31 Aug 2021 00:04:21 GMT

Redirect headers

pragma: no-cache
date: Tue, 31 Aug 2021 00:04:21 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1630368261.390283,VS0,VE0
x-served-by: cache-fra19132-FRA
x-cache: HIT
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=YS1yAwAAAFrcyQQE
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H3-29 200 pubads_impl_2021082301.js
securepubads.g.doubleclick.net/gpt/ 331 KB
116 KB 297ms
148ms Script
text/javascript 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021082301.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 31 Aug 2021 00:04:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 23 Aug 2021 08:38:25 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 118555
x-xss-protection: 0
expires: Tue, 31 Aug 2021 00:04:21 GMT

GET
H3-29 200 ppub_config
securepubads.g.doubleclick.net/pagead/ 118 B
123 B 292ms
143ms XHR
application/json 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.heraldsun.com.au

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ec2-15-188-95-229.eu-west-3.compute.amazonaws.com

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 31 Aug 2021 00:04:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 98
x-xss-protection: 0
expires: Tue, 31 Aug 2021 00:04:21 GMT

GET
H2 200 s0648497797253
metrics.heraldsun.com.au/b/ss/newscorpau-hsweb,newscorpau-global/1/JS-2.22.0/ 43 B
422 B 529ms
151ms Image
image/gif 15.188.95.229
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://metrics.heraldsun.com.au/b/ss/newscorpau-hsweb,newscorpau-global/1/JS-2.22.0/s0648497797253?AQB=1&ndh=1&pf=1&t=31%2F7%2F2021%202%3A4%3A21%202%20-120&mid=78123580403463679764098127572948788053&aamlh=6&ce=UTF-8&ns=newscorpau&cdp=3&g=https%3A%2F%2Fwww.heraldsun.com.au%2Fsubscribe%2Fnews%2F1%2F%3FsourceCode%3DHSWEB_WRE170_a%26dest%3Dhttps%253A%252F%252Fwww.heraldsun.com.au%252Fleader%252Finner-east%252Fstonnington-council-shut-down-by-international-cyber-attack%252Fnews-story%252F7128450b1bc9d092fbffa1d800e388bc%26memtype%3Dan&cc=AUD&ch=D%3Dv4&events=event3%2Cevent19&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c1=D%3Dv1&v1=news%20corp%20au&h1=news%20corp%20au%7Cherald%20sun%7Cherald%20sun%20web%7Csops%7Csubscription%7Ccustomer%20details&c2=D%3Dv2&v2=herald%20sun&c3=D%3Dv3&v3=herald%20sun%20web&c4=D%3Dv4&v4=sops&c5=D%3Dv5&v5=subscription&c6=D%3Dv6&v6=customer%20details&c9=D%3Dv9&v9=breach%2Bshopfront&c10=D%3Dg&v10=D%3DpageName&c11=D%3Dv11&v11=D%3Dvid&c13=D%3Dv13&v13=HSWEB_WRE170_a&c14=D%3Dv14&v14=anonymous&c21=D%3Dv21&v21=hs-casual-premium-breach-spc&c22=D%3Dv22&v22=10%3A04%20AM%7CTuesday&c24=D%3Dv24&v24=New&c30=First%20Visit&v34=D%3Dg&v37=https%3A%2F%2Fwww.heraldsun.com.au%2Fleader%2Finner-east%2Fstonnington-council-shut-down-by-international-cyber-attack%2Fnews-story%2F7128450b1bc9d092fbffa1d800e388bc&c46=D%3Dv46&v46=not%20logged%20in&v52=1600x1200%7Cwindows%7C10&c60=TypeError%3A%20Cannot%20set%20property%20%27eVar161%27%20of%20undefined&v77=D%3Dmid&v111=0&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&-g=onymous%26mode%3Dpremium&mcorgid=5FE61C8B533204850A490D4D%40AdobeOrg&AQE=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.188.95.229 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

jag /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 31 Aug 2021 00:04:21 GMT
x-content-type-options: nosniff
x-c: main-1506.I6462f6.M0-512
p3p: CP="This is not a P3P policy"
vary: *
content-length: 43
x-xss-protection: 1; mode=block
pragma: no-cache
last-modified: Wed, 01 Sep 2021 00:04:21 GMT
server: jag
xserver: anedge-f47784dbf-dwj8j
etag: 3501189180967944192-4619798186852738737
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif;charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, no-store, max-age=0, no-transform, private
expires: Mon, 30 Aug 2021 00:04:21 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 5D97
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/UH6TUt9n?redir=https%3A%2F%2Fib.adnxs.com%2Fsetuid%3Fentity%3D158%26code%3D%24%7BTM_USER_ID%7D
https://ib.adnxs.com/setuid?entity=158&code=YS1yAwAAAFrcyQQE

43 B
1010 B

131ms
130ms

Image
image/gif

185.33.221.89
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=158&code=YS1yAwAAAFrcyQQE

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.89 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

719.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://newscorpau.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 31 Aug 2021 00:04:21 GMT
X-Proxy-Origin: 159.48.55.4; 159.48.55.4; 719.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 673e6c41-200e-4f0d-be7b-a0bf12f2a94d
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 31 Aug 2021 00:04:21 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1630368261.409194,VS0,VE0
x-served-by: cache-fra19132-FRA
x-cache: HIT
location: https://ib.adnxs.com/setuid?entity=158&code=YS1yAwAAAFrcyQQE
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

POST
H2 200 6
m.stripe.com/ Frame B15D 156 B
516 B 932ms
321ms XHR
text/plain 34.215.19.236
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://m.stripe.com/6

Requested by

Host: m.stripe.network
URL: https://m.stripe.network/out-4.5.40.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.215.19.236 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-215-19-236.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://m.stripe.network/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Tue, 31 Aug 2021 00:04:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: nginx
vary: Accept-Encoding
content-type: text/plain;charset=utf-8
access-control-allow-origin: https://m.stripe.network
access-control-allow-credentials: true
strict-transport-security: max-age=31556926; includeSubDomains; preload
access-control-allow-headers: Content-Type

GET
H2 200 gdpr_user_check.esi
tags.news.com.au/prod/data-esi/top/ 61 B
359 B 859ms
859ms XHR
text/plain 2.21.141.166
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.news.com.au/prod/data-esi/top/gdpr_user_check.esi?
Requested by: Host: au.tags.newscgp.com
URL: https://au.tags.newscgp.com/prod/ncg/ncg.js?v=2.14.0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.21.141.166 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-141-166.deploy.static.akamaitechnologies.com
Software: AkamaiGHost /
Resource Hash

Request headers

Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 31 Aug 2021 00:04:22 GMT
server: AkamaiGHost
p3p: CP="News Ltd does not have a P3P policy. You can view our Privacy Policy at http://www.newscorpaustraliaprivacy.com"
etag: "f1d1adc077c1f1f826a151ee3db530bc:1600839199.327003"
content-type: text/plain
access-control-allow-origin: *
cache-control: max-age=0, no-cache
content-length: 61
mime-version: 1.0
expires: Tue, 31 Aug 2021 00:04:22 GMT

GET
H2 200 i
tr.snapchat.com/cm/ Frame 5386 0
262 B 409ms
146ms Document
text/html 35.186.226.184
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tr.snapchat.com/cm/i?pid=63f03fde-185c-4ae3-a0c6-3741b8da74a5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.186.226.184 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

184.226.186.35.bc.googleusercontent.com

Software

nginx/1.17.3 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

:method: GET
:authority: tr.snapchat.com
:scheme: https
:path: /cm/i?pid=63f03fde-185c-4ae3-a0c6-3741b8da74a5
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.heraldsun.com.au/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.heraldsun.com.au/

Response headers

server: nginx/1.17.3
date: Tue, 31 Aug 2021 00:04:21 GMT
content-type: text/html
content-length: 0
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 6630
secure-ds.serving-sys.com/adServingData/PROD/TMClient/0/ 16 KB
2 KB 697ms
415ms XHR
application/octet-stream 95.100.159.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://secure-ds.serving-sys.com/adServingData/PROD/TMClient/0/6630
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/SemiCachedScripts/ebOneTag.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 95.100.159.210 Munich, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a95-100-159-210.deploy.static.akamaitechnologies.com
Software: ATS/7.1.0 /
Resource Hash

Request headers

Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-amz-version-id: ghbTBT_qkOpub4vySFYoD7iUmIHqNetc
content-encoding: gzip
last-modified: Tue, 10 Aug 2021 13:02:04 GMT
server: ATS/7.1.0
x-amz-request-id: 3RYQ31KAJRZT8XFX
etag: "f77e1abd22edba51f83f5f42b727679b"
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=584
date: Tue, 31 Aug 2021 00:04:22 GMT
x-amz-replication-status: COMPLETED
accept-ranges: bytes
content-length: 1179
x-amz-id-2: DMRW9akd49m7CI/Nnvi4knRdx8NFEJ9zhMG+eCQTBzRq9xFDfHJfUuDAWVEl9f1ofTk+khMi6SM=

POST
H2 200 p
tr.snapchat.com/ Frame 3C52 0
205 B 405ms
150ms Document
text/html 35.186.226.184
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tr.snapchat.com/p

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.186.226.184 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

184.226.186.35.bc.googleusercontent.com

Software

nginx/1.17.3 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

:method: POST
:authority: tr.snapchat.com
:scheme: https
:path: /p
content-length: 517
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
origin: https://www.heraldsun.com.au
content-type: application/x-www-form-urlencoded
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.heraldsun.com.au/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
Origin: https://www.heraldsun.com.au
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.heraldsun.com.au/

Response headers

server: nginx/1.17.3
date: Tue, 31 Aug 2021 00:04:21 GMT
content-type: text/html
content-length: 0
access-control-allow-origin: *
cache-control: no-cache, no-transform
set-cookie: sc_at=v2|H4sIAAAAAAAAAAXBgQ0AIQgDwIlIKGi/jmMUp2D4v4MYqTsNPNcGKmy/coPX0getcaobTE8qiPYfMgQ2ZDIAAAA=;SameSite=None;Version=1;Comment=;Domain=.snapchat.com;Path=/;Max-Age=33696000;Secure
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 p
tr.snapchat.com/ Frame 6E5C 0
189 B 408ms
154ms Document
text/html 35.186.226.184
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tr.snapchat.com/p

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.186.226.184 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

184.226.186.35.bc.googleusercontent.com

Software

nginx/1.17.3 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

:method: POST
:authority: tr.snapchat.com
:scheme: https
:path: /p
content-length: 522
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
origin: https://www.heraldsun.com.au
content-type: application/x-www-form-urlencoded
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.heraldsun.com.au/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
Origin: https://www.heraldsun.com.au
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.heraldsun.com.au/

Response headers

server: nginx/1.17.3
date: Tue, 31 Aug 2021 00:04:21 GMT
content-type: text/html
content-length: 0
access-control-allow-origin: *
cache-control: no-cache, no-transform
set-cookie: sc_at=v2|H4sIAAAAAAAAAAXBgQkAMQgDwIkEqyXGcQzPT+HwvUOR0+0WdcfuUNYdMiVQVPz6avcgPcHAWX+lytRcMgAAAA==;SameSite=None;Version=1;Comment=;Domain=.snapchat.com;Path=/;Max-Age=33696000;Secure
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET 3503dfd3
login.newscorpaustralia.com/akam/11/ Frame ECE4 0
0

GET DdEg
login.newscorpaustralia.com/j8G5BPNrW1gk/6rYYezVgsp/GI/EY7DJVmJbE1i/CAoOAg/DisSXiZ/ Frame ECE4 0
0

GET
H2 200 imgNewsNetwork.a10c7c36.png
subscriptions.heraldsun.com.au/caas/static/media/ Frame A03A 54 KB
54 KB 143ms
142ms Image
image/png 104.89.9.110
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://subscriptions.heraldsun.com.au/caas/static/media/imgNewsNetwork.a10c7c36.png
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.89.9.110 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-89-9-110.deploy.static.akamaitechnologies.com
Software: /
Resource Hash

Request headers

Referer: https://subscriptions.heraldsun.com.au/caas/index.html?pageType=spc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 31 Aug 2021 00:04:21 GMT
last-modified: Thu, 08 Jul 2021 00:49:59 GMT
x-amz-cf-pop: FRA2-C2
etag: "68989fc396bd73e5b0f358c1e65c7601"
content-type: image/png
cache-control: max-age=264348
accept-ranges: bytes
content-length: 55061
x-amz-cf-id: eu25qMpMmU0cH6XynvbvwcVR65DH5khWOIeNdUrDlkilnlakH5MtEA==

GET
DATA 200
OK truncated
/ Frame A03A 520 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame A03A 466 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 Charter_Bold.woff2
subscriptions.news.com.au/media/fonts/Charter/ Frame A03A 11 KB
11 KB 427ms
151ms Font
binary/octet-stream 13.224.193.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://subscriptions.news.com.au/media/fonts/Charter/Charter_Bold.woff2
Requested by: Host: subscriptions.news.com.au
URL: https://subscriptions.news.com.au/media/fonts/Charter/Charter.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.193.47 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-193-47.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash

Request headers

Origin: https://subscriptions.heraldsun.com.au
Referer: https://subscriptions.news.com.au/media/fonts/Charter/Charter.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 30 Aug 2021 05:23:17 GMT
via: 1.1 b6d1611761652d7a383651f2bf480596.cloudfront.net (CloudFront)
age: 67265
x-cache: Hit from cloudfront
content-length: 11024
last-modified: Wed, 23 Sep 2020 08:43:11 GMT
server: AmazonS3
etag: "d7b524ce6a47a156d5f7767297b358f7"
access-control-max-age: 3000
access-control-allow-methods: GET
x-amz-version-id: 1b6Z9wm5mjr_.l.HoLoCCXx3v3T_1CSx
access-control-allow-origin: *
x-amz-cf-pop: FRA2-C1
accept-ranges: bytes
content-type: binary/octet-stream
x-amz-cf-id: fuGV2Ym14jLqZW90OeJixbVN9NQSHvsoWK4qyJ9DKrGoW_6Uh4_DCg==

GET
H2 200 SourceSansPro-Regular.woff2
subscriptions.news.com.au/media/fonts/SourceSansPro/ Frame A03A 83 KB
83 KB 441ms
165ms Font
binary/octet-stream 13.224.193.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://subscriptions.news.com.au/media/fonts/SourceSansPro/SourceSansPro-Regular.woff2
Requested by: Host: subscriptions.news.com.au
URL: https://subscriptions.news.com.au/media/fonts/SourceSansPro/SourceSansPro.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.193.47 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-193-47.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash

Request headers

Origin: https://subscriptions.heraldsun.com.au
Referer: https://subscriptions.news.com.au/media/fonts/SourceSansPro/SourceSansPro.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-amz-version-id: HGUZ0F9RdAEWfB40COdzBzaJoUnKDPkQ
via: 1.1 b6d1611761652d7a383651f2bf480596.cloudfront.net (CloudFront)
etag: "84900d939c3d3911d3a7d936cae4f3a6"
age: 81403
x-cache: Hit from cloudfront
content-length: 84808
last-modified: Wed, 23 Sep 2020 08:43:40 GMT
server: AmazonS3
date: Mon, 30 Aug 2021 01:27:38 GMT
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: binary/octet-stream
access-control-allow-origin: *
x-amz-cf-pop: FRA2-C1
accept-ranges: bytes
x-amz-cf-id: i6gJbJkfAJJsQpISTQANOC4OarzGusTbwygKpfxcvEV4Pdvp0AKxXw==

GET
H3-29 200 api.js
www.google.com/recaptcha/ Frame A03A 884 B
606 B 103ms
103ms Script
text/javascript 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?render=6LcRJpMUAAAAAO8Xa3AIJqR0hnCyDnJcZwTFp6pJ

Requested by

Host: subscriptions.heraldsun.com.au
URL: https://subscriptions.heraldsun.com.au/caas/static/js/main.31fbe402.chunk.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://subscriptions.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 31 Aug 2021 00:04:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 585
x-xss-protection: 1; mode=block
expires: Tue, 31 Aug 2021 00:04:21 GMT

GET HS_SDO_P1016AW04
commerceapi.news.com.au/offersapi/offers/ Frame A03A 0
0

OPTIONS HS_SDO_P1016AW04
commerceapi.news.com.au/offersapi/offers/ Frame 0
0

GET
H3-29

200

sd
us-u.openx.net/w/1.0/ Frame 5D97
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/ny75r2x0?redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537148856%26val%3D%24%7BTM_USER_ID%7D
https://us-u.openx.net/w/1.0/sd?id=537148856&val=YS1yAwAAAFrcyQQE
https://us-u.openx.net/w/1.0/sd?cc=1&id=537148856&val=YS1yAwAAAFrcyQQE

43 B
61 B

291ms
141ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?cc=1&id=537148856&val=YS1yAwAAAFrcyQQE
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.214.0 /
Resource Hash

Request headers

Referer: https://newscorpau.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 31 Aug 2021 00:04:22 GMT
via: 1.1 google
server: OXGW/16.214.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

location: https://us-u.openx.net/w/1.0/sd?cc=1&id=537148856&val=YS1yAwAAAFrcyQQE
date: Tue, 31 Aug 2021 00:04:21 GMT
via: 1.1 google
server: OXGW/16.214.0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
p3p: CP="CUR ADM OUR NOR STA NID"

GET
H2 200 controller-34313cd5118bc72c2cff93c44739ce81.html
js.stripe.com/v3/ Frame 9E5B 299 B
1 KB 158ms
158ms Document
text/html 13.224.93.36
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/controller-34313cd5118bc72c2cff93c44739ce81.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.93.36 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'self'; img-src 'self' https://q.stripe.com blob:; font-src data: https:; media-src 'none'; object-src 'self';
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

:method: GET
:authority: js.stripe.com
:scheme: https
:path: /v3/controller-34313cd5118bc72c2cff93c44739ce81.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.heraldsun.com.au/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.heraldsun.com.au/

Response headers

content-type: text/html; charset=utf-8
content-length: 299
x-amz-id-2: Ap4ZCycvRa5U0fCh0OJCMSK2VFAgnwsIEVVVngt+xvrJexuYbScEps2x7NICsOQtCJzPZgKzjR0=
x-amz-request-id: BZ3SV2M1MW5Q3E6A
last-modified: Mon, 30 Aug 2021 21:24:23 GMT
accept-ranges: bytes
server: AmazonS3
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
access-control-allow-origin: *
content-security-policy: default-src 'self'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'self'; img-src 'self' https://q.stripe.com blob:; font-src data: https:; media-src 'none'; object-src 'self';
date: Tue, 31 Aug 2021 00:01:53 GMT
cache-control: public, max-age=300
etag: "34313cd5118bc72c2cff93c44739ce81"
x-cache: Hit from cloudfront
via: 1.1 b103085320b440f2b61bad94c412ff70.cloudfront.net (CloudFront)
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: 4vG2xCyVBtr76RrJrTkUgA3E4t4B7MimjJuyI8oSh4LRkBXzsNXGMw==
age: 152

GET
H2 200 payment-request-inner-google-pay-fc52561cdd0f1332ace59a4510531703.html
js.stripe.com/v3/ Frame EA0D 384 B
1 KB 160ms
160ms Document
text/html 13.224.93.36
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/payment-request-inner-google-pay-fc52561cdd0f1332ace59a4510531703.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.93.36 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' https://google.com/pay https://pay.google.com; script-src 'self' https://pay.google.com; style-src 'self' 'unsafe-inline'; frame-src https://pay.google.com; img-src https://q.stripe.com https://www.gstatic.com;
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

:method: GET
:authority: js.stripe.com
:scheme: https
:path: /v3/payment-request-inner-google-pay-fc52561cdd0f1332ace59a4510531703.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.heraldsun.com.au/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.heraldsun.com.au/

Response headers

content-type: text/html; charset=utf-8
content-length: 384
x-amz-id-2: oVYHdo98N43vaa7meOmNizBq8ykKM+Vunf6zqjD1+r1uFlslrdbf/FcKnwq/bN860mVLsZVCcWM=
x-amz-request-id: 5JMKBDSP1M21SVPP
last-modified: Mon, 30 Aug 2021 21:24:23 GMT
accept-ranges: bytes
server: AmazonS3
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
access-control-allow-origin: *
content-security-policy: default-src 'none'; connect-src 'self' https://google.com/pay https://pay.google.com; script-src 'self' https://pay.google.com; style-src 'self' 'unsafe-inline'; frame-src https://pay.google.com; img-src https://q.stripe.com https://www.gstatic.com;
date: Tue, 31 Aug 2021 00:03:22 GMT
cache-control: public, max-age=300
etag: "fc52561cdd0f1332ace59a4510531703"
x-cache: Hit from cloudfront
via: 1.1 b103085320b440f2b61bad94c412ff70.cloudfront.net (CloudFront)
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: DdWR2t2PgP_VXjBgvA8EMKKIU8UY9yVvMnYuLtp-yIcnSY55LK0UWg==
age: 60

GET
H2 200 payment-request-inner-browser-7ef762845bc59b860f11b4d2736843c7.html
js.stripe.com/v3/ Frame 65B9 320 B
1 KB 161ms
161ms Document
text/html 13.224.93.36
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/payment-request-inner-browser-7ef762845bc59b860f11b4d2736843c7.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.93.36 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://google.com/pay https://pay.google.com; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'self'; img-src 'self' https://q.stripe.com https://www.gstatic.com; font-src data: https:; media-src 'none'; object-src 'self';
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

:method: GET
:authority: js.stripe.com
:scheme: https
:path: /v3/payment-request-inner-browser-7ef762845bc59b860f11b4d2736843c7.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.heraldsun.com.au/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.heraldsun.com.au/

Response headers

content-type: text/html; charset=utf-8
content-length: 320
x-amz-id-2: ZhOYsQi7RZzHrA2WmgGsrfAiRBTaIrfpCNlhurOziObzvU4yi1/rLmbrjW7qI8e7S8tqXp87t6I=
x-amz-request-id: 34APZK2FQJZWHY1R
last-modified: Mon, 30 Aug 2021 21:24:23 GMT
accept-ranges: bytes
server: AmazonS3
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
access-control-allow-origin: *
content-security-policy: default-src 'self'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://google.com/pay https://pay.google.com; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'self'; img-src 'self' https://q.stripe.com https://www.gstatic.com; font-src data: https:; media-src 'none'; object-src 'self';
date: Tue, 31 Aug 2021 00:03:12 GMT
cache-control: public, max-age=300
etag: "7ef762845bc59b860f11b4d2736843c7"
x-cache: Hit from cloudfront
via: 1.1 b103085320b440f2b61bad94c412ff70.cloudfront.net (CloudFront)
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: 4wCeaPtiz6cm73b4Pqafqcp2khOoQc5ML25zlvmwAwkFdh3YgFSJhw==
age: 70

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame 5D97
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER...
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YS1yAwAAAFrcyQQE

1 B
546 B

461ms
144ms

Image
text/html

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YS1yAwAAAFrcyQQE
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://newscorpau.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 31 Aug 2021 00:04:20 GMT
cache-control: no-store, no-cache, private
x-lat: amspug019:0:433
server: nginx
content-type: text/html; charset=utf-8
content-length: 1
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Tue, 31 Aug 2021 00:04:21 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1630368262.620810,VS0,VE0
x-served-by: cache-fra19132-FRA
x-cache: HIT
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YS1yAwAAAFrcyQQE
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H2 200 recaptcha__en.js
www.gstatic.com/recaptcha/releases/Q_rrUPkK1sXoHi4wbuDTgcQR/ Frame A03A 340 KB
133 KB 353ms
117ms Script
text/javascript 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/Q_rrUPkK1sXoHi4wbuDTgcQR/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?render=6LcRJpMUAAAAAO8Xa3AIJqR0hnCyDnJcZwTFp6pJ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://subscriptions.heraldsun.com.au
Referer: https://subscriptions.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 30 Aug 2021 12:58:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 39926
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 135330
x-xss-protection: 0
last-modified: Mon, 23 Aug 2021 04:03:35 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 30 Aug 2022 12:58:55 GMT

GET
H2 200 shared-6c1c3afc809ddced296d63c92b3c98d9.js
js.stripe.com/v3/fingerprinted/js/ Frame 9E5B 177 KB
49 KB 187ms
187ms Script
application/javascript 13.224.93.36
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/shared-6c1c3afc809ddced296d63c92b3c98d9.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/controller-34313cd5118bc72c2cff93c44739ce81.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.93.36 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'self'; img-src 'self' https://q.stripe.com blob:; font-src data: https:; media-src 'none'; object-src 'self';
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Referer: https://js.stripe.com/v3/controller-34313cd5118bc72c2cff93c44739ce81.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 31 Aug 2021 00:02:40 GMT
content-encoding: gzip
vary: Accept-Encoding
age: 101
via: 1.1 b103085320b440f2b61bad94c412ff70.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-request-id: 4ND0QBHWP4RF8PZQ
x-amz-id-2: Q9y2PpOQG65l1LSDqA59cXd3+VYcvnSH+AKKxvwtpcJ9dftidyyuK6CCHE0dIlCwc7z67Z1l+sc=
last-modified: Mon, 30 Aug 2021 21:24:29 GMT
server: AmazonS3
etag: W/"0f3f3b0615c5f64bf470f52dc6ec0a1c"
strict-transport-security: max-age=31556926; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=300
content-security-policy: default-src 'self'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'self'; img-src 'self' https://q.stripe.com blob:; font-src data: https:; media-src 'none'; object-src 'self';
x-amz-cf-pop: ZRH50-C1
timing-allow-origin: *
x-amz-cf-id: PkGuMS7DbBk5OKNRG4MzDjGhjebr1UBiNez1CpmX0UW0JBl4OUi-7w==

GET
H2 200 controller-41099f711c2c39d77cb3b0786ea4e3d8.js
js.stripe.com/v3/fingerprinted/js/ Frame 9E5B 190 KB
49 KB 329ms
329ms Script
application/javascript 13.224.93.36
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/controller-41099f711c2c39d77cb3b0786ea4e3d8.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/controller-34313cd5118bc72c2cff93c44739ce81.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.93.36 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'self'; img-src 'self' https://q.stripe.com blob:; font-src data: https:; media-src 'none'; object-src 'self';
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Referer: https://js.stripe.com/v3/controller-34313cd5118bc72c2cff93c44739ce81.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: gzip
etag: W/"ddc461cb6b712a1d57ccb59c1921b56a"
age: 105
via: 1.1 b103085320b440f2b61bad94c412ff70.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-request-id: 3Q4PKHGR9D15V1T0
x-amz-id-2: ATXN5k+pNrnAwFSYVa/1yiewMZEKDujVwjV7WyCNgN/dABQgU0GLJSnsB5MZuyQZeqGm4rIOq8Y=
last-modified: Mon, 30 Aug 2021 21:24:28 GMT
server: AmazonS3
date: Tue, 31 Aug 2021 00:02:36 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=300
content-security-policy: default-src 'self'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'self'; img-src 'self' https://q.stripe.com blob:; font-src data: https:; media-src 'none'; object-src 'self';
x-amz-cf-pop: ZRH50-C1
timing-allow-origin: *
x-amz-cf-id: Mt0yBhcXcbDl_wRHFHOfe_imHXeDYo3U3UdsO91HKjJOMhZZa2CzBw==

GET
H2 200 pay.js
pay.google.com/gp/p/js/ Frame EA0D 95 KB
31 KB 408ms
146ms Script
application/javascript 2a00:1450:400c:c06::5c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pay.google.com/gp/p/js/pay.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/payment-request-inner-google-pay-fc52561cdd0f1332ace59a4510531703.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c06::5c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendHttp/cspreport, script-src 'report-sample' 'nonce-NDdLGuFCv+UoL6v9lNglfA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendHttp/cspreport;worker-src 'self', script-src 'nonce-NDdLGuFCv+UoL6v9lNglfA' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendHttp/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://js.stripe.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 31 Aug 2021 00:04:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
cross-origin-opener-policy: same-origin
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private, max-age=600
cross-origin-resource-policy: cross-origin
content-security-policy: require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendHttp/cspreport, script-src 'report-sample' 'nonce-NDdLGuFCv+UoL6v9lNglfA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendHttp/cspreport;worker-src 'self', script-src 'nonce-NDdLGuFCv+UoL6v9lNglfA' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendHttp/cspreport
strict-transport-security: max-age=31536000
content-type: application/javascript; charset=utf-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
expires: Tue, 31 Aug 2021 00:04:21 GMT

GET
H2 200 shared-6c1c3afc809ddced296d63c92b3c98d9.js
js.stripe.com/v3/fingerprinted/js/ Frame EA0D 177 KB
49 KB 407ms
407ms Script
application/javascript 13.224.93.36
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/shared-6c1c3afc809ddced296d63c92b3c98d9.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/payment-request-inner-google-pay-fc52561cdd0f1332ace59a4510531703.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.93.36 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'self'; img-src 'self' https://q.stripe.com blob:; font-src data: https:; media-src 'none'; object-src 'self';
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Referer: https://js.stripe.com/v3/payment-request-inner-google-pay-fc52561cdd0f1332ace59a4510531703.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 31 Aug 2021 00:02:40 GMT
content-encoding: gzip
vary: Accept-Encoding
age: 101
via: 1.1 b103085320b440f2b61bad94c412ff70.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-request-id: 4ND0QBHWP4RF8PZQ
x-amz-id-2: Q9y2PpOQG65l1LSDqA59cXd3+VYcvnSH+AKKxvwtpcJ9dftidyyuK6CCHE0dIlCwc7z67Z1l+sc=
last-modified: Mon, 30 Aug 2021 21:24:29 GMT
server: AmazonS3
etag: W/"0f3f3b0615c5f64bf470f52dc6ec0a1c"
strict-transport-security: max-age=31556926; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=300
content-security-policy: default-src 'self'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'self'; img-src 'self' https://q.stripe.com blob:; font-src data: https:; media-src 'none'; object-src 'self';
x-amz-cf-pop: ZRH50-C1
timing-allow-origin: *
x-amz-cf-id: O3TPsAlferwNX25owndSUVgN_QplYplI-2MVGrvA36WX8rjwQk0fMQ==

GET
H2 200 payment-request-inner-google-pay-69f11078e7c2b0c4b629e977a461915d.js
js.stripe.com/v3/fingerprinted/js/ Frame EA0D 13 KB
5 KB 385ms
384ms Script
application/javascript 13.224.93.36
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/payment-request-inner-google-pay-69f11078e7c2b0c4b629e977a461915d.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/payment-request-inner-google-pay-fc52561cdd0f1332ace59a4510531703.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.93.36 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'self'; img-src 'self' https://q.stripe.com blob:; font-src data: https:; media-src 'none'; object-src 'self';
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Referer: https://js.stripe.com/v3/payment-request-inner-google-pay-fc52561cdd0f1332ace59a4510531703.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: gzip
etag: W/"e8ea2769e5e2e90caa06a18ff50963db"
age: 290
via: 1.1 b103085320b440f2b61bad94c412ff70.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-request-id: KM1DVPNTRCARKADC
x-amz-id-2: Y+7Xue4gv/qIQzv/wERTQMput/AB9N+oGrLjGvIKcQGuWW3Xew++4dqtVBdYnuxo0uUkXUf1EfU=
last-modified: Tue, 24 Aug 2021 20:23:13 GMT
server: AmazonS3
date: Mon, 30 Aug 2021 23:59:32 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=300
content-security-policy: default-src 'self'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'self'; img-src 'self' https://q.stripe.com blob:; font-src data: https:; media-src 'none'; object-src 'self';
x-amz-cf-pop: ZRH50-C1
timing-allow-origin: *
x-amz-cf-id: jsYFQqFFIqT9Fa3GuH3kNJkvTxk5MdRcv-arz8WXnc9PJCyN_It_2g==

GET
H2 200 shared-6c1c3afc809ddced296d63c92b3c98d9.js
js.stripe.com/v3/fingerprinted/js/ Frame 65B9 177 KB
49 KB 250ms
250ms Script
application/javascript 13.224.93.36
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/shared-6c1c3afc809ddced296d63c92b3c98d9.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/payment-request-inner-browser-7ef762845bc59b860f11b4d2736843c7.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.93.36 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'self'; img-src 'self' https://q.stripe.com blob:; font-src data: https:; media-src 'none'; object-src 'self';
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Referer: https://js.stripe.com/v3/payment-request-inner-browser-7ef762845bc59b860f11b4d2736843c7.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: gzip
etag: W/"0f3f3b0615c5f64bf470f52dc6ec0a1c"
age: 101
via: 1.1 b103085320b440f2b61bad94c412ff70.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-request-id: 004G0KXEDX8AHSV4
x-amz-id-2: tU2lX+QOKkmXiE9qVw0Z3vsxa69kXiatugtHs7bbqj7VQnV2SQAnajhdU6x6qAqIVgptjVKowrM=
last-modified: Mon, 30 Aug 2021 21:24:29 GMT
server: AmazonS3
date: Tue, 31 Aug 2021 00:02:46 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=300
content-security-policy: default-src 'self'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'self'; img-src 'self' https://q.stripe.com blob:; font-src data: https:; media-src 'none'; object-src 'self';
x-amz-cf-pop: ZRH50-C1
timing-allow-origin: *
x-amz-cf-id: EAgl6fd_YtUP572BoT6D-zMICFnFRHOVg15LxAQ1BTi4-OlXBkfbYw==

GET
H2 200 payment-request-inner-browser-b5213399e34e1f6ed7339fb74025958b.js
js.stripe.com/v3/fingerprinted/js/ Frame 65B9 11 KB
5 KB 378ms
377ms Script
application/javascript 13.224.93.36
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/payment-request-inner-browser-b5213399e34e1f6ed7339fb74025958b.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/payment-request-inner-browser-7ef762845bc59b860f11b4d2736843c7.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.93.36 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'self'; img-src 'self' https://q.stripe.com blob:; font-src data: https:; media-src 'none'; object-src 'self';
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Referer: https://js.stripe.com/v3/payment-request-inner-browser-7ef762845bc59b860f11b4d2736843c7.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: gzip
etag: W/"d066561c6859a379e9bc8349216e8d79"
age: 221
via: 1.1 b103085320b440f2b61bad94c412ff70.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-request-id: 0XWQZ933R9FVW7DX
x-amz-id-2: 3t2tgJ6MZtEyX+B2JWtWmgRpuL8jC2LBVlnGTER4tVLHi0xydAXx1TBTR+k2iIrfTCgf9AdoX2Y=
last-modified: Tue, 24 Aug 2021 20:23:12 GMT
server: AmazonS3
date: Tue, 31 Aug 2021 00:00:41 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=300
content-security-policy: default-src 'self'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'self'; img-src 'self' https://q.stripe.com blob:; font-src data: https:; media-src 'none'; object-src 'self';
x-amz-cf-pop: ZRH50-C1
timing-allow-origin: *
x-amz-cf-id: 4Pej7NNdyUBwynGxXPuWMr4LwzZJA28AdCjvKKwdKJtcBxiHkkEc8Q==

GET
H/1.1

200

partner
sync.search.spotxchange.com/ Frame 5D97
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/h0r58thg?redir=https%3A%2F%2Fsync.search.spotxchange.com%2Fpartner%3Fadv_id%3D6409%26uid%3D%24%7BUSER_ID%7D%26img%3D1
https://sync.search.spotxchange.com/partner?adv_id=6409&uid=YS1yAwAAAFrcyQQE&img=1
https://sync.search.spotxchange.com/partner?adv_id=6409&uid=YS1yAwAAAFrcyQQE&img=1&__user_check__=1&sync_id=fec4b5a4-09ee-11ec-a8ec-1984e64b0506

43 B
548 B

134ms
133ms

Image
image/gif

185.94.180.125
SPOTX-AMS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.search.spotxchange.com/partner?adv_id=6409&uid=YS1yAwAAAFrcyQQE&img=1&__user_check__=1&sync_id=fec4b5a4-09ee-11ec-a8ec-1984e64b0506
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.94.180.125 Amsterdam, Netherlands, ASN35220 (SPOTX-AMS, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://newscorpau.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Tue, 31 Aug 2021 00:04:22 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 29
Connection: keep-alive
Content-Length: 43

Redirect headers

Date: Tue, 31 Aug 2021 00:04:22 GMT
Server: nginx
Location: /partner?adv_id=6409&uid=YS1yAwAAAFrcyQQE&img=1&__user_check__=1&sync_id=fec4b5a4-09ee-11ec-a8ec-1984e64b0506
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 114
Connection: keep-alive
Content-Length: 0

GET
H2

200

b.php
www.facebook.com/fr/ Frame 5D97
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/r7ifn0SL?redir=https%3A%2F%2Fwww.facebook.com%2Ffr%2Fb.php%3Fp%3D1531105787105294%26e%3D%24%7BTM_USER_ID%7D%26t%3D2592000%26o%3D0
https://www.facebook.com/fr/b.php?p=1531105787105294&e=YS1yAwAAAFrcyQQE&t=2592000&o=0

43 B
252 B

134ms
134ms

Image
image/gif

2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/fr/b.php?p=1531105787105294&e=YS1yAwAAAFrcyQQE&t=2592000&o=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://newscorpau.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 30 Aug 2021 17:04:21 PDT
content-encoding: br
x-content-type-options: nosniff
content-security-policy-report-only: default-src 'self' data: blob: https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src static.xx.fbcdn.net 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net data:;connect-src wss://gateway.facebook.com wss://edge-chat.facebook.com *.facebook.com *.fbcdn.net wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/;font-src data: *.facebook.com *.fbcdn.net;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;frame-src *.facebook.com *.fbsbx.com;worker-src blob:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
x-fb-rlafr: 0
pragma: public
x-fb-debug: ZuQBA0qcCzECAJ2nNGqhDkBL3Juji9chxNsfJSmJmKwDi6ZRiRI8bReqMViWIXHfBVU+8TRLKAV/o3fw0YHvvA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
strict-transport-security: max-age=15552000; preload
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}],"group":"coep_report"}
content-type: image/gif
vary: Accept-Encoding
cache-control: public, max-age=0
expires: Mon, 30 Aug 2021 17:04:21 PDT

Redirect headers

pragma: no-cache
date: Tue, 31 Aug 2021 00:04:21 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1630368262.833088,VS0,VE0
x-served-by: cache-fra19132-FRA
x-cache: HIT
location: https://www.facebook.com/fr/b.php?p=1531105787105294&e=YS1yAwAAAFrcyQQE&t=2592000&o=0
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H2 200 show_companion_ad.js
pagead2.googlesyndication.com/pagead/ 14 KB
6 KB 266ms
82ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/show_companion_ad.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021082301.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 30 Aug 2021 23:28:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2182
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6044
x-xss-protection: 0
server: cafe
etag: 3925241684353305145
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Tue, 31 Aug 2021 00:28:00 GMT

GET
H2 200 cm
trc.taboola.com/sg/adobe/1/ Frame 5D97 43 B
238 B 113ms
41ms Image
image/gif 2a04:4e42:3::300
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/sg/adobe/1/cm?gdpr=0&gdpr_consent=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:3::300 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://newscorpau.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-vcl-time-ms: 9
pragma: no-cache
date: Tue, 31 Aug 2021 00:04:21 GMT
via: 1.1 varnish
server: nginx
x-timer: S1630368262.913349,VS0,VE9
x-served-by: cache-fra19131-FRA
x-cache: MISS
cache-control: no-cache, no-store
accept-ranges: bytes
x-cache-hits: 0

GET
H2 200 integrator.js
adservice.google.nl/adsid/ 107 B
853 B 332ms
105ms Script
application/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.nl/adsid/integrator.js?domain=www.heraldsun.com.au

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021082301.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 31 Aug 2021 00:04:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js
adservice.google.com/adsid/ 107 B
570 B 303ms
102ms Script
application/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.heraldsun.com.au

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021082301.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.heraldsun.com.au/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 31 Aug 2021 00:04:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads
securepubads.g.doubleclick.net/gampad/ 339 B
169 B 182ms
181ms XHR
text/plain 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=708818911590849&correlator=2949315626821214&output=ldjh&impl=fifs&hxva=1&scor=3521290298505054&eid=31062367%2C31062297&vrg=2021082301&ptt=17&co=1&npa=1&sc=1&sfv=1-0-38&ecs=20210831&iu_parts=5129&enc_prev_ius=%2F0%2F&prev_iu_szs=1x1&ists=1&prev_scp=pos%3D1&eri=1&cust_params=us%3Db%26s%3D0%26co%3D1%26kw%3D%26sec1%3Dsops%26sec2%3Dsubscription%26sec3%3Dcustomerdetails%26ksgmnt%3D%26siteview%3D1%26pagetype%3Dbreach%252Cshopfront%26adl%3Dfalse%26pvid%3D00000000000000000000000000000000-00000000000000000000000000000000-1630368259553-200038&bc=31&abxe=1&lmt=1630368261&dt=1630368261928&dlt=1630368257067&idt=4734&frm=20&biw=1600&bih=1200&oid=3&adxs=0&adys=3102&adks=14334197&ucis=1&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=120&u_java=false&flash=0&url=https%3A%2F%2Fwww.heraldsun.com.au%2Fsubscribe%2Fnews%2F1%2F%3FsourceCode%3DHSWEB_WRE170_a%26dest%3Dhttps%253A%252F%252Fwww.heraldsun.com.au%252Fleader%252Finner-east%252Fstonnington-council-shut-down-by-international-cyber-attack%252Fnews-story%252F7128450b1bc9d092fbffa1d800e388bc%26memtype%3Danonymous%26mode%3Dpremium&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1600x3101&msz=0x0&ga_vid=265689838.1630368262&ga_sid=1630368262&ga_hid=1761331027&ga_fc=false&fws=132&ohw=1600&btvi=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021082301.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS